If you know only two VPN protocols, they’re probably WireGuard and OpenVPN. Those are the two biggest dogs in the field. Any consumer VPN provider worth knowing uses one of these as their default option. But let us compare them side-by-side and see which one is the choice for you!
Table of contents
What is WireGuard?
WireGuard is the newest big boy/girl virtual private network protocol on the block, having been introduced in 2015. One of its killer features is how light it is. At a mere 4000 lines of code, it’s much lighter than OpenVPN, which clocks in at 70,000-100,000, depending on how you count. This is unsurprising since WireGuard was created from the ground up to be a lighter, more powerful alternative to existing VPN protocols like OpenVPN and IPsec.
When it comes to VPN-type activities, Curve25519 is used to exchange encryption keys, ChaCha20 for symmetric encryption, and Poly1305 for message authentication codes. ChaCha20 is supposedly troublesome for not having that much widespread hardware support, but it practically shakes out to be as fast as AES-based encryption.
WireGuard is also described as a connectionless protocol. Of course, the word “connectionless” doesn’t mean that you don’t need to connect to a server at all. It means that the way WireGuard approaches connections via timed handshakes makes it work smoother than other protocols.
Notably, it only transmits data over UDP (User Datagram Protocol), completely abandoning TCP (Transmission Control Protocol) “due to the classically terrible network performance of tunneling TCP-over-TCP” — that’s a direct quote. UDP sacrifices error correction or duplicate detection, all in favor of going fast.
WireGuard is open-source, so it benefits from leaving the door open to the world’s nerds to pore over the code and check it for vulnerabilities.
What is OpenVPN?
OpenVPN protocol has been trucking along since 2001. Over the years, it has been prodded and modded to accommodate almost anything and to fit almost anywhere. However, this has made the code grow to 70,000-100,000 lines, which makes it slower to run and harder to audit.
OpenVPN uses the OpenSSL library for encryption when making a VN truly P. This means you can use any cipher that OpenSSL contains, giving you many tools to work with. On the other hand, the security protocol is custom-made based on SSL/TLS. OpenVPN also supports various plug-ins, usually made with additional security in mind.
OpenVPN can operate in TCP or UDP modes. For example, Surfshark users can choose which one to use on their VPN client.
As the name would imply, OpenVPN is open-source, meaning that numerous independent nerds have gotten to see its guts and determine whether the system is secure.
WireGuard vs. OpenVPN: which is better?
Now that you know something about these two protocols, how about we compare them? To do that, we set a few categories to get a more granular view of how the capabilities of WireGuard and OpenVPN stack up.
Speed and efficiency:
The WireGuard protocol is considered to be faster and more efficient than OpenVPN. That’s because it was made to be faster. If you want a car analogy, WireGuard is the latest model street car that’s a clean-sheet design optimized for speed. Meanwhile, OpenVPN is a design that has been evolving for years with universality in mind.
That said, for the consumer VPN user, the difference between protocols isn’t that significant. No matter the protocol, if your local network conditions are bad and the bandwidth is low, the VPN connection will be slow. Similarly, the further you are from the VPN server, the more speed loss will occur — that’s an unavoidable fact of how the internet works.
Privacy and security:
When comparing WireGuard and OpenVPN protocols, it is hard to say which one is more secure. WireGuard has the benefit of presenting a smaller attack surface: that is, having far fewer lines of code, it presents fewer places where vulnerabilities could hide.
On the other hand, OpenVPN has been around for 22 years, which means that it has been thoroughly stress-tested, patched, and updated. WireGuard is comparatively new and thus hasn’t been put through the same amount of testing to root out security vulnerabilities.
Plus, if we’re looking purely from a privacy perspective, WireGuard doesn’t offer obfuscation or dynamic IP functionalities. So if you want to hide that you’re using a VPN or change your IP constantly, you need to turn to OpenVPN.
User-friendliness and configuration
WireGuard is easier to set up and configure than OpenVPN because it’s slim and light. You don’t have that many options to choose from, so it’s a lot faster to work with for anyone.
OpenVPN, however, comes with a bazillion options. For example, while WireGuard only supports ChaCha20 for encryption, OpenVPN gives you every option the OpenSSL library can offer. This goes for essentially every subsystem in the protocol. OpenVPN can then be fine-tuned to your wishes and needs. On the other hand, having so many options is bound to be scary to the casual user.
Granted, none of that matters to a consumer VPN user. VPN clients like Surfshark allow for a seamless transition between VPN protocols. And if you need to carry out manual setup for any reason, support will be provided for both OpenVPN and Wireguard versions.
Auditability:
WireGuard is a lot easier to audit than OpenVPN due to having far, far fewer lines of code. You don’t need to be a science-brained genius to grasp that 4000 lines of code are easier to go through than 70,000, the lowest bound for OpenVPN.
And auditability is important. If a VPN protocol wasn’t open-source, then you’d have to trust the developers that it was safe and secure. Anyone can check it when it’s open source (provided they’re knowledgeable). That’s partially why OpenVPN is so trusted — 22 years is plenty of time for auditing.
Choosing between WireGuard and OpenVPN
What you want out of a VPN will determine whether WireGuard or OpenVPN will be better for you:
Requirement | VPN protocol |
|---|---|
Speed | WireGuard |
Auditability | WireGuard |
Stability | WireGuard |
Security | Both |
Privacy | OpenVPN |
Customization | OpenVPN |
Platform support | OpenVPN |
Since the differences are so small, many VPN services allow the users to choose which one they prefer to use.
In conclusion: two great VPN protocols
When it comes to choosing between WireGuard and OpenVPN, they’re both reliable VPN protocols. Which one you’ll use will largely depend on what you want from a VPN. WireGuard is newer and faster, which gives it a lot of charm. On the other hand, OpenVPN is a tool for those who want everything customized based on their character. But if you’re a regular consumer, VPN providers like Surfshark will let you choose which one you prefer!
Get a VPN with good protocols
Surfshark gives you the choice between WireGuard, OpenVPN, and more
Get Surfshark
FAQ
Is OpenVPN better than WireGuard for latency?
WireGuard is generally faster and more efficient than OpenVPN as it’s a newer VPN protocol built for speed.
Can WireGuard replace OpenVPN?
WireGuard can replace OpenVPN for the casual consumer VPN user today. However, whether it will ever become as widely adaptable as OpenVPN is an open question.
What is the most efficient VPN protocol?
WireGuard seems to be the most efficient VPN protocol on the scene right now. It helps a lot that it was made for efficiency and speed.
Can WireGuard be detected?
Yes, WireGuard can be detected. It doesn’t do VPN obfuscation, mostly because of the insistence on UDP transmission mode. Surfshark turned to a customized implementation of OpenVPN in TCP mode for an undetectable VPN.
Is WireGuard the fastest VPN protocol?
Yes, WireGuard is the fastest VPN protocol that doesn’t sacrifice security for speed.
Written by
Martynas Klimas
Knows as much about VPN as it is healthy for someone who isn't a VPN developer.
Rate and share this article
5/5
