Wireguard vs OpenVPN

hkdbhkdb
4 min read

THIS POST WAS ORIGINALLY POSTED ON FEBRUARY 13TH, 2020 ON MEDIUM

Most of you that I have daily conversations with know, I have lately been paying even closer attention to remote access solutions as I am working on a project in this particular space on top of having built solutions for clients regularly to provide a way for remote workers to access internal resources since the 1990's. I have also sort of fell into a digital nomad lifestyle as of about a year ago which makes understanding these solutions quite important to me personally. Sure, VPNs are often used for protecting privacy and escaping censorship too but that’s not my primary interests. What’s more important to me is being able to securely access resources across multiple firewalls in hybrid cloud environments and companies with multiple corporate/datacenter locations.

With that said, WireGuard has popped up time and time again in the recent year or so and it’s an opensource cross-platform solution that promises its users “an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography”. Perhaps what’s a more laymen description is that WireGuard is supposed to be much easier to install/configure/maintain and can do much faster data transfers. Since that sounded like a super enticing pitch to me, once I had a chance, I threw up a container I built on the same Docker host which I am also running OpenVPN on so I can verify this pitch myself. :)

INSTALLATION:

Sure enough, it was quite easy to figure out. I say easy as in, if you are well-versed with Linux servers and have done this for a while, it’s mad easy but at the current state of its development, all the command line stuff might scare away the power users that prefer the GUI. However, even so, it’s still way simpler to just follow their short step-by-step installation guide than to deal with the craziness of OpenVPN. I am not going to go through the setup steps here but if you are interested, you can checkout their installation guide.

USAGE:

After proper configurations, user land tools are pleasantly simple to use. I am primarily on Ubuntu 19.10 and did not have enough time to get the NetworkManager Plugin to work so I stuck with the CLI tools which turned out to be so easy that I personally don’t think you need a GUI for it.

Connect to WireGuard Server

Disconnect from WireGuard Server

PERFORMANCE:

On to the main topic! So how does it really compare to something that’s “time and tried” like OpenVPN? Let’s get to it!

I am currently in Taipei on an approximately 90mbps/60mbps fiber and the docker host is in a datacenter somewhere in San Francisco, California. What I wanted to try was to upload a file of at least 100mb via SCP to the docker host and see if there’s a difference in data transfer speeds between WireGuard and OpenVPN. Here are the results:

# OpenVPN:
ScreenCast.mp4                        100%  134MB   2.8MB/s   00:48# WireGuard:
ScreenCast.mp4                        100%  134MB   3.5MB/s   00:37

Well, look at that! It is faster as advertised.

But what about web browsing? Let’s try a couple of sites together!

https://www.dragon-ventures.com

OpenVPN

WireGuard

https://www.whatsmyip.org

OpenVPN

WireGuard

Well, that’s kind of disappointing. Looks like WireGuard looses in this category.

CONCLUSION:

So unless there’s something wrong with the way I am testing, it looks like WireGuard is much easier to setup, much faster in data transfer, but for some reason, website load times are a bit slower than OpenVPN. Furthermore, as of today, there’s no officially supported Windows client which is sort of a deal breaker for most. Of course, in all fairness, WireGuard is fairly new and undergoing significant development towards a stable release before it’s ready for prime time so I would keep a close eye on it as it progresses along into becoming a more mature solution that can truly contend and potentially become a mainstream solution. I am also curious how well it will do when it’s finally ready to go through authoritative audits.

MY PROJECT:

If you found this post interesting, I am pretty sure you will be interested in what I am working on. So make sure you follow me to be kept up-to-date on what I hope to announce soon! Meanwhile, here’s a sneak peak of the test results using my engineering prototype under the same controlled environment shown along side the above results:

# Prototype:
ScreenCast.mp4                        100%  134MB   4.6MB/s   00:29# OpenVPN:
ScreenCast.mp4                        100%  134MB   2.8MB/s   00:48# WireGuard:
ScreenCast.mp4                        100%  134MB   3.5MB/s   00:37

https://www.dragon-ventures.com

Prototype

OpenVPN

WireGuard

0
Subscribe to my newsletter

Read articles from hkdb directly inside your inbox. Subscribe to the newsletter, and don't miss out.

vpnwireguardOpenVPNperformancecomparisonremote access#cybersecuritySecurity

Written by

hkdb
hkdb