VPNs and VPN protocols go together like chefs and recipes: The latter provides a blueprint for how the former builds digital tunnels. Selecting the right protocol is important since this determines how fast and user-friendly the resulting VPN connection will be.
WireGuard vs. OpenVPN
OpenVPN was long considered the gold standard among VPN protocols owing to its time-tested consistency, reliability, and stability. However, recently, a new kid has shown up in town, WireGuard, which offers most of what OpenVPN does, while also promising better performance.
In order to compare the two and help you choose the best protocol for your needs, we took a closer look at both OpenVPN and WireGuard.
When using a VPN service, you can find the selection of protocols it offers in the Settings area of the dashboard or interface. Be forewarned that not every VPN supports all available VPN protocols, and some even develop their own proprietary ones off existing protocols. Below, we'll let you know which services offer their users access to the OpenVPN and WireGuard protocols.
Regardless of the VPN service you're using, one of its supported protocols will be selected by default.
VPN protocols play a crucial role in encrypting your VPN connection since they determine which encryption algorithm is used. In this area, OpenVPN and WireGuard take somewhat different approaches.
OpenVPN uses OpenSSL Library algorithms, such as Camellia, DES and Triple DES, Blowfish, and AES. This makes it more flexible albeit at the cost of speed, which WireGuard and other competitors utilize to full effect.
This loss of speed can be traced back to the variable algorithms OpenVPN's code uses, which, in turn, is more complicated than that of WireGuard. One advantage of this is enhanced reliability. Through its usage of encryption techniques that have worked for decades, users won't have to fear any nasty surprises.
When it comes to encryption, the two protocols follow entirely different approaches.
WireGuard, in terms of encryption, sacrifices flexibility, relying instead on encryption techniques and ciphers like Poly1305 and ChaCha20. This gives the protocol a major speed boost, however, it also means that it's less flexible than OpenVPN.
Although the software utilizes newer systems, don't confuse this with reduced security. Quite to the contrary: The encryption techniques in use, especially ChaCha20, have been developed step-by-step to meet changing and new conditions, making them just as secure, if not more so, than their predecessors.
Security and Privacy
VPN services shouldn't just protect you from dangers online, but also, safely handle any data that might be generated when you're surfing. The protocol in use should adhere to the 'no-log' philosophy, which basically states that such personally identifiable information is either not collected at all, or if it is, is stored only briefly by the provider.
Here, OpenVPN demonstrates a clear advantage over WireGuard, since the former follows a strict 'no-log' policy without exception.
Should you instead opt for WireGuard, you'll have to make do without a 'no-log' policy, at least to a certain extent. IP addresses are stored until the server is restarted, however, this is only the case when you use one of WireGuard's default protocols. Since several VPN providers have based their own protocols on WireGuard, and taken steps to minimize or avoid this risk, these do not suffer from the same issue. Similarly, by using NAT or multi-hop features, you can reduce your exposure even on one of WireGuard's default protocols.
For a long time, WireGuard only offered a Linux client, however, that changed in the recent past, and now both WireGuard and OpenVPN have their own Windows apps. These can be used to create VPN tunnels, and to import or export data.
Using a WireGuard client is fairly easy, at least when the user has administrator privileges. Should this not be the case, you'll need to make changes in your system's registry. During our assessment, the client worked smoothly, consuming between 0.1% and 3.3% of CPU, with an average consumption of 1.1%.
WireGuard's Windows client.
OpenVPN, on the other hand, has long offered an official Windows client, OpenVPN Connect, which is also very easy to use. Thanks to its no-frills dashboard, it's easy to import connection information and add profiles, either via URL or by uploading a file.
Of course, OpenVPN Connect doesn't offer the same possibilities as WireGuard's client does, but, you also won't have to worry about whether or not you have administrator privileges. The CPU usage ranged from 1%-11%, amounting to 6% on average.
OpenVPN Connect's client.
Both protocols are supported by a number of reputable VPN programs and third-party clients, however, OpenVPN has an edge. OpenVPN and WireGuard come integrated with NordVPN, Surfshark, and hide.me, as well as a host of other VPN providers. As such, there's no need to rely on the protocol developer's clients.
When it comes to speed, there's a clear winner: WireGuard. The new protocol easily beat OpenVPN in all of the assessments we put it through. WireGuard reached a maximum download speed of 277.9 Mbps, while OpenVPN often didn't exceed 30.64 Mbps. OpenVPN's ping was often twice as higher as that of WireGuard. When it came to uploads, things were a bit closer, with OpenVPN never exceeding 20.13 Mbps and WireGuard reaching 18.5 Mbps.
Should speed and low ping be essential to you, for example, if you're into online gaming, WireGuard is definitely the better option. All the same, our OpenVPN connections were fluid and we weren't subjected to any significant delays or interruptions.
In this area, OpenVPN has a clear advantage over WireGuard, since it is supported by almost twice as many VPN providers. With time, this is likely to change, however, OpenVPN was the nearly undisputed gold standard among protocols for quite a long time. WireGuard is doing its utmost to challenge this, and as such, should be rolled out by more and more providers as time goes on.
WireGuard or OpenVPN – Which To Recommend?
And now, the million-dollar question: Which protocol is better? As always, the answer depends on your priorities and needs. WireGuard is more streamlined and faster, however, the lack of a 'no-log' policy and its client's need for administrator privileges make it a bit lop-sided. Beyond that, WireGuard is still in an "experimental phase", and incomplete, even in the words of its developers.
OpenVPN is slower than WireGuard, however, continues to impress owing to its time-tested reliability.
Taken together, WireGuard seems to be ideal for usage at home owing to its performance and speed, but, not for the workplace on account of its administrator privileges issue. Even though WireGuard is full of potential, we would still use OpenVPN as a basic VPN solution.
It's difficult to name a clear "winner" in this protocol battle, largely because the shortcomings of one are the strengths of another (and vice versa). Similarly, since both were developed around different concepts and philosophies, comparing them is a bit like choosing between apples and oranges.
For that reason, we recommend approaching the pair not as rivals, but rather, as services that complement and enhance one another: With its well-established security and flexibility, OpenVPN remains the best basic solution, however, for speed, WireGuard has an advantage. In case you'd like to use both, NordVPN, Surfshark, and hide.me have integrated WireGuard and OpenVPN into their VPN clients.