OpenVPN vs WireGuard: Which one should you use?
Each of them have different advantages and use cases.
Two Protocols
Many VPNs offer the same protocols and give the user the option to choose from which protocol to use. The two most popular choices are OpenVPN and Wireguard. Each of them have different advantages and use cases. And if you really want to learn how to become a ghost, subscribe for free to our new content by email, by Session messenger, RSS feed, or Nostr.
OpenVPN
2001
OpenVPN has been around much longer than Wireguard. With an initial release in 2001 and over 5 million downloads worldwide, OpenVPN has been heavily penetration-tested and stood it’s ground.
Wide Support
The OpenVPN protocol is not only supported by nearly all major commercial VPN providers, but it also provides an open source framework for a random user to turn a cloud into their own private VPN more easily than other protocols.
Long History
The main advantage of OpenVPN is its long history of being secure and reliable, as well as being the most anonymous VPN. The disadvantage is that it’s slower than Wireguard.
Wireguard
Newer
Wireguard is a relatively new competitor to OpenVPN, having initially had experimental versions released in 2018. With funding from some of the top VPN providers, as well as (ironically) the US government via the Open Technology Fund, Wireguard is able to provide much faster internet traffic speeds compared to OpenVPN because of its multi thread approach.
Wireguard has less code
Wireguard has just 4,000 lines of code, which is significantly less than OpenVPN (with over 70,000). So some consider Wireguard more secure because it can be audited more easily. Also because Wireguard has less code, it has a lower attack surface for penetration.
Potential
The Wireguard protocol does, however, have some requirements that, if not properly implemented by the VPN provider, could lead to it being less anonymous, and therefore less private.
Responsibility
Since these requirements/flaws place a larger responsibility on the VPN provider to correctly implement solutions to it, some criticize Wireguard for forcing VPN users to put even greater trust in the VPN provider.
Minor Risk: temporarily “logs” IP addresses
Wireguard requires the user’s IP address to be stored in the server’s memory while being used. Some consider this a form of IP address logging. Now each VPN provider handles this differently.
Mullvad & OVPN
Some VPN providers like Mullvad and OVPN erase the map between IP addresses and encryption keys as soon as there has been no communication between the end user and the VPN server for 3 minutes. This is solving the problem by constantly “deleting the logs”.
Double NAT
Another approach is to assign users a fake 2nd internal IP address just to use Wireguard. This is the approach that NordVPN takes with its “double NAT” policy. NAT is the process of turning a public IP address private. So NordVPN claims they are doing this twice to avoid the Wireguard log issue.
Debate
There is heated debate over if Wireguard is anonymous and private enough. But everyone agrees, Wireguard requires more discretion on the part of the VPN provider to carefully deal with this data issue.
OpenVPN Beats Censorship
OpenVPN is better than Wireguard for situations in which either the website or the ISP block VPNs. To understand why OpenVPN can bypass these VPN restrictions more easily, let’s first learn how regular websites do encryption without a VPN.
Even without a VPN, a regular website is encrypted with HTTPS to prevent anyone in-between you and the website’s server from stealing data like passwords or credit card numbers. So WITHOUT a VPN, the ISP (internet service provider) can see which website you go to, but can NOT see what you actually do on that website.
Ports
Ports are like lanes on a highway for traffic. Different things take on different ports to avoid a conflict. (Think of the metaphor of a traffic jam.) Normal websites use Port 443 to send traffic and the TCP protocol.
443 TCP
Because OpenVPN can use the same port as regular websites (443 on TCP), it can sometimes trick a firewall or even a website into thinking this is just normal website traffic, where as Wireguard is clearly seen by firewalls as a VPN by only allowing UDP packets. But as we discussed earlier, UDP (and therefore Wireguard) is faster.
Conclusion & Summary
OpenVPN is more anonymous and private, but this comes at the price of slower speeds. Wireguard is newer and much faster, but requires more trust in the VPN providers in dealing with the temporary IP logging issue.
Faster
Because Wireguard is so much faster, it might be more appropriate to use in situations where anonymity is less important, such as for live video.
WebRTC Leaks
However, you should be aware that some live video platforms like Google Meet have vulnerabilities to leak your real IP address even when using a VPN. These are known as WebRTC leaks and Wireguard puts you more at risk for it as we will discuss in our future article.
Tor?
OpenVPN is better for evading bans on VPNs and is also required for use if you first routed traffic through Tor:
You -> Tor -> OpenVPN -> Website
This is because Tor uses TCP packets, and Wireguard only does UDP.
Here at Simplified Privacy, we can help give custom tailored advice based on your needs. If you are feeling overwhelmed with the technical knowledge of trying to be private or having issues with a VPN or Tor being banned, reach out to us and chat anonymously.
If you really want to learn and take your privacy to the next level, subscribe to our new content via: Nostr, Bastyon, Session, RSS, Ethereum Push
Related Posts
How this VPN works
Simplified Privacy's New Original VPN.
[SP]
Nov 15, 2024
Big News
VPN Announcement of Alpha Test
[SP]
Nov 13, 2024
VPN Announcement
We're doing an original VPN
[SP]
Nov 13, 2024
Decloaking VPN traffic: New critical vulnerability
This allows the ISP or local router to see the VPN traffic by abusing your router
[SP]
May 7, 2024