Oddbean new post about | logout
 
OpenVPN vs WireGuard

__________________

OpenVPN

OpenVPN has been around much longer than Wireguard. With an initial release in 2001 and over 5 million downloads worldwide, OpenVPN has been heavily penetration-tested and stood it’s ground.

The main advantage of OpenVPN is its long history of being secure and reliable, as well as being the most anonymous VPN regarding the logging discussed below. The disadvantage is that it’s slower than Wireguard.

__________________

WireGuard

WireGuard is a relatively new competitor to OpenVPN, having initially had experimental versions released in 2018. With funding from some of the top VPN providers, as well as (ironically) the US government via the Open Technology Fund, Wireguard is able to provide much faster internet traffic speeds compared to OpenVPN because of its multi thread approach.

Wireguard has less code

Wireguard has just 4,000 lines of code, which is significantly less than OpenVPN (with over 70,000). So some consider Wireguard more secure because it can be audited more easily. Also because Wireguard has less code, it has a lower attack surface for penetration.

Wireguard’s issues

The Wireguard protocol does, however, have some requirements that, if not properly implemented by the VPN provider, could lead to it being less anonymous, and therefore less private.

Since these requirements/flaws place a larger responsibility on the VPN provider to correctly implement solutions to it, SOME criticize Wireguard for forcing VPN users to put even greater trust in the VPN provider.

__________________

Wireguard temporarily “logs” IP addresses

WireGuard requires the user’s IP address to be stored in the server’s memory, which unlike OpenVPN may persist even after the connection is closed. Some consider this a form of temporary IP address logging. Now each VPN provider handles this differently.

Some VPN providers like Mullvad and OVPN erase the map between IP addresses and encryption keys as soon as there has been no communication between the end user and the VPN server for 2-3 minutes. This is solving the problem by constantly “deleting the logs”.

Another approach is to assign users a fake 2nd internal IP address just to use WireGuard. This is the approach that NordVPN takes with its “double NAT” policy. NAT is the process of turning a public IP address private. So NordVPN claims they are doing this twice to avoid the WireGuard log issue.

There is heated debate over if WireGuard is anonymous and private enough.  Many enjoy the faster speeds and think the 2-minute logging doesn’t matter much.  But everyone agrees, Wireguard requires more discretion on the part of the VPN provider to carefully deal with this issue.

__________________

WireGuard Blocked?!

Some websites will either malfunction or block the use of WireGuard.  The exact reason for this is debated, since the website can’t see how you connect to the VPN server.  Some argue this is due to some type of compatibility error and the website is not even aware.  Others dispute that and say it’s some type of eCommerce anti-fraud detection based around their knowledge of the particular VPN provider.  We remain neutral on this issue, and bring it up just to inform you that if a webpage won’t load, try switching to OpenVPN with port 443.
 
  ⭐ Starknet Whitelist Registration is now live. 

 ⭐ https://telegra.ph/starknet-10-10 Claim Your free $STRK. 
 Proton switched to wireguard as the default protocol a couple years ago.  
 Is a malicious VPN provider just as capable of logging IPs with OpenVPN as Wireguard if their intent is to do so? Ie both solutions do require this basic trust? 
 Both solutions require basic trust. Both can see IP.  The only difference is wireguard sees it for 2 min after its closed. And to your home ISP its more obvious you're using a VPN