VPN Protocols: OpenVPN vs Wireguard - An Eye Opener

SearchLight

Level 13
Thread author
Verified
Top poster
Well-known
Jul 3, 2017
614
I use a VPN, and my provider recently implemented the Wireguard protocol which many say is fast and secure. I jumped on the bandwagon, and started to use it as well on my Desktop. Recently, I came across these articles:

OpenVPN vs IPSec, WireGuard, L2TP, & IKEv2 (VPN Protocols)


After reading it a few times, I came away with the discovery that while Wireguard is the latest and may be the greatest, it may not be the best for security and privacy. It all depends upon how your VPN provider implements the protocol meaning the caveat to using Wireguard is that it registers your actual IP address on the VPN server, and in order to be anonymous, the VPN provider must find a way to obfuscate that piece of information on the server.

Thus, one must trust his or her VPN provider to add that extra layer, and that it works. Initially, when it came to VPNS the buzz words were "no logs", thousands of servers, speed, where the VPN was domiciled in regard to Privacy laws, and Open VPN. Now it is the Wireguard implementation.

With so many variables in using a VPN, especially with logging, and location, imo it is a shame that there is the added layer now of how Wireguard is implemented and trusting your VPN of choice to do it correctly.

After reading the article, for myself I decided to use OpenVPN on my Desktop again. I did come away that for mobile devices, Wireguard may be better suited. The choice is up to you.

All I am saying is be aware, be informed, and use common sense when using your VPN of choice.
 

amirr

Level 25
Verified
Top poster
Well-known
Jan 26, 2020
1,499

"'The misconception that WireGuard inevitably generates logs is probably based on the fact that, by default, it requires a static (and therefore identifiable) connection between the VPN app and the VPN server. To get around this, we hardcoded our apps to begin every WireGuard VPN connection using the same internal IP address (10. 2. 0. 2).'"
 

amirr

Level 25
Verified
Top poster
Well-known
Jan 26, 2020
1,499
For downloading torrents, I have experienced that OpenVPN-TCP is the answer most of the time. While with Wireguard, I don’t get optimal speeds when downloading a torrent.

A commneter said:
“I think it should be pointed out more strongly that Wireguard is UDP only. That’s a HUGE drawback if you need to punch through a firewall (if either the client OR server are behind firewall rules).OpenVPN is very much more established than Wireguard which feels more like a hack than something real. Wireguard is essentially just SSH-over-UDP with packet routing. Would you even consider putting SSH directly in the kernel?! Yeah, maybe only the systemd people would.” WireGuard vs OpenVPN in 2022: 7 Big Differences
 

dinosaur07

Level 11
Verified
Top poster
Well-known
Aug 5, 2012
526
Some VPN providers use their own VPN protocol and last time when I used Wireguard was not very impressed by it. ExpressVPN's Lightway is a great one.
 
  • Like
Reactions: amirr

Malleable

New Member
Mar 2, 2021
2
Speaking strictly of setting up a private vpn application on your own server, in the beginning one of the main selling points (to use, not necessarily to purchase) along with it being a Linux kernel level application with streamlined code, was WireGuard had limited options. Since OpenVpn is quite a bit more difficult to configure regarding encrypted TLS handshakes, ciphers, etc. WireGuard touted the use of limiting its cryptographic algorithm library among other options to greatly reduce the chances of server/client misconfiguration(s) that are a prominent cause of vulnerabilities. At the beginning WireGuard usually was testing somewhere in the area of 50% faster than OpenVpn. It wasn't then, and to this day still doesn't appear to be, approved for use in the NIST cryptography standards so at the least it can't be used for communicating and/or conveying Secret to Top Secret level classified materials. At this time, however, their cryptographic primitives still appear to be top shelf. Here is a small pdf from almost exactly a year ago addressing just a segment of WireGuard's ongoing attempts to develop quantum-resistant cryptography.
https://csrc.nist.gov/CSRC/media/Pr...mages-media/session-5-raynal-pq-wireguard.pdf
 
Last edited: