WireGuard vs. OpenVPN: Which VPN protocol is better?
When you connect to a VPN, your data travels through a secure encrypted tunnel to a VPN server, where you’re assigned an IP address. A VPN protocol refers to the rules and instructions determining how the encrypted tunnel is formed.
While there are several VPN protocols, we’ll look at two main ones – WireGuard and OpenVPN. Each has its pros and cons, as well as vulnerabilities that we might already know about or discover in the future. Let’s look at each of them in more detail.
What is OpenVPN?
Created in 2001, OpenVPN uses the OpenSSL library, which includes AES, ChaCha20, Blowfish, and other ciphers. The use of the OpenSSL library makes OpenVPN very flexible. OpenVPN runs on TCP or UDP protocols and has a code length of over 100,000 lines, making it challenging to implement. Several agencies have audited the code numerous times, but no security flaws have been detected.
OpenVPN is a good option when security is of utmost importance, like when you’re using a public network.
What is WireGuard?
WireGuard has only been around since 2019. It uses the Noise protocol framework, Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash24, and HKDF for cryptography. One of the key differences between OpenVPN and WireGuard is that the latter only uses 4,000 lines of code, making it easier to deploy and audit.
While OpenVPN runs on TCP and UDP, WireGuard only runs on UDP protocol. Based on several independent audits, no security flaws have been found until now. WireGuard is particularly useful when connection speed is a priority. However, since it has only been around since 2019, it is considered somewhat experimental and possibly has risks and vulnerabilities.
Nonetheless, some providers have successfully implemented versions of WireGuard (see NordLynx by NordVPN). During the implementation process, some raised privacy concerns have been minimized, creating a version of WireGuard that delivers impressive speed without potential security flaws.
WireGuard vs. OpenVPN – a full comparison
Let’s examine the main differences and similarities between WireGuard and OpenVPN.
- Speed: WireGuard is much faster than OpenVPN, as several speed tests have shown. As wireguard.com says, “A combination of extremely high-speed cryptographic primitives and the fact that WireGuard lives inside the Linux kernel means that secure networking can be very high-speed.”
- Encryption and Security: When it comes to encryption, each protocol has its pros and cons. While the OpenSSL library allows OpenVPN to run many different ciphers, OpenVPN remains more vulnerable to attacks because it has a larger surface.
On the other hand, WireGuard has a smaller attack surface, but if flaws or bugs were found, it would require an overall update. You can’t easily configure WireGuard to use a different protocol or cipher.
- Bypassing censorship: Both WireGuard and OpenVPN are very reliable. However, TCP protocols, supported by OpenVPN, are better for bypassing internet restrictions. They’re less likely to be blocked by countries with strict internet censorship, like China and Russia. That’s because a lot of other traffic passes through the same port, and blocking it would mean halting activities like online banking and shopping.
So while WireGuard is faster and more efficient, OpenVPN is better if you want to access content in countries with severe restrictions.
- Compatibility and mobility: OpenVPN historically hasn’t been great with switching between networks, while WireGuard doesn’t seem to have issues on this front.
Compared to WireGuard, OpenVPN is compatible with a wider range of platforms, with most commercial VPN services natively supporting it. However, WireGuard is catching up fast: it has already been implemented into many leading VPNs, despite only being released in 2019.
NordVPN supports both protocols
NordVPN is a leading VPN provider offering fast connection and advanced cybersecurity. It uses NordLynx – its WireGuard-based protocol – to deliver a fast and reliable connection without the tradeoff of privacy risks. NordVPN also offers OpenVPN and IKEv2/IPsec protocols that users can choose based on their needs and preferences.
One NordVPN account can protect up to six devices. You can use NordVPN on Windows, macOS, Android, iOS, Linux, and Android TV. In addition, NordVPN has browser extensions for Chrome, Edge, and Firefox.
With 5,500+ servers in 59 countries, users have many servers to choose from wherever they are. Alternatively, the Quick Connect feature automatically connects you to the best server.
Find out more about NordVPN’s products, services, and protocols by visiting its knowledge base. You’ll find detailed articles on how a VPN works and how to increase the speed of your VPN connection.
NordVPN's customers can get prompt help and advice from customer support, available 24/7 via chat or email.
With NordVPN, users can rest assured that their online activities remain confidential. According to several independent audits, the provider doesn’t keep user activity logs. It’s a constantly evolving service with frequent updates to ensure NordVPN users stay protected.
What is Threat Protection?
NordVPN is more than just a VPN. It offers several advanced cybersecurity features, the most recent being Threat Protection. Threat Protection keeps users safe online by:
- Blocking intrusive and potentially malicious ads and trackers.
- Preventing users from accidentally visiting malicious sites.
- Protecting devices from malware by scanning files during download.
Currently, Threat Protection is available for Windows and Mac users.