Just when people thought that VPNs were at its peak, certain things started to change in the marketplace. OpenVPN and IKEv2 protocols got a new rival called WireGuard. While many providers used it for several years, it started going mainstream just recently. Nowadays, providers like NordVPN gladly jump on that bandwagon, introducing new protocols based on the almighty WireGuard. Is it going to dethrone OpenVPN? How these two compare? Let’s find out in our in-depth analysis.
What is WireGuard?
Before we compare WireGuard to OpenVPN, we need to talk more about it since it’s a relatively new term in the VPN world. Many people are skeptical about this protocol, and in our opinion, they might be right. At this moment, the protocol is still in what we can call the “Beta” phase, where it isn’t as polished as OpenVPN.
WireGuard launched in 2018 and the idea behind it is to provide much faster speeds and better security, all while remaining lightweight. When compared to other protocols, this one has much fewer lines of codes, for example, making it easier to maintain and upgrade when needed.
Needless to say, providers like Mullvad and NordVPN quickly adopted this protocol. While Mullvad uses WireGuard, NordVPN is now offering NordLynx, an upgraded version of the protocol. We’ll talk more about that later.
For now, let’s briefly compare WireGuard to OpenVPN and see how well it stacks against it.
WireGuard vs OpenVPN – Which One is the Best?
If you’re wondering which protocol to choose, we strongly recommend reading this comparison carefully.
One thing where WireGuard is definitely better than any other VPN protocol is the speed. Upon its release, it promised up to 5 times higher speeds than conventional tunneling protocols, which is quite an improvement – theoretically. However, we tested this protocol using Mullvad and NordVPN, and results were true, at least when it comes to connection speed.
For instance, when connecting with OpenVPN, it’ll take 2 to 6 seconds to make a connection. With WireGuard, that time is one second. If your hardware is beefy enough, you can reduce that time to the tenth of the second!
So, when it comes to speeds, WireGuard takes the lead.
Before we delve deeper into security comparison, we need to explain one term called crypto-agility. Crypto-agility is the ability of the system to alter between different algorithms and encryption methods without significantly changing the system’s structure. This ability is important for security, as it can easily change to a different protocol if the previous one is vulnerable.
OpenVPN, in its core, is crypto-agile, while WireGuard isn’t. However, that doesn’t mean that OpenVPN is a clear winner. Crypto-agile protocols are more complex, making it harder to switch to the new crypto solution. On the other side, WireGuard has only one crypto solution, making it less complex.
In return, there are fewer vulnerabilities, and the chances of someone breaking in are slim to none. Furthermore, the developers made this protocol so that it’s easier to upgrade if the issues arise. This eliminates the main downside of the security systems that aren’t crypto-agile.
If the problem occurs, the whole crypto solution is replaced by the new one. The older version is shut down and deleted, making jumping to the newer version a piece of cake.
Needless to say, updating OpenVPN is a devil’s business. It’s very complex and requires a skillful team of programmers to successfully patch the vulnerabilities. So, in terms of security, WireGuard is a clear winner.
Is the new solution really the best protocol out there? Well, we don’t know that until we go through the privacy comparison. WireGuard isn’t known for being as private as OpenVPN from the get-go. The clear winner in this regard is OpenVPN, but only if we talk about out-of-the-box WireGuard. If not, well… we need to start another discussion.
Here are the two issues that plague this protocol, and that a few providers managed to iron out:
Indefinitely Storing IP Addresses on the VPN Server
The developers of WireGuard protocol obviously didn’t have in mind privacy, as much as they had speeds and security. For us, privacy is the most important factor of a Virtual Private Network, so it’s an integral part that MUST be there. WireGuard’s main problem is that it stores your IP address to the VPN server.
These IP addresses are located on the server until it reboots, which contradicts the whole no-log trend of certain VPNs. Now, you’ll ask how NordVPN implemented it, yet it claims to be a zero-log provider. The solution is simple – Double NAT System.
NordVPN’s NordLynx is perhaps the most perfect incantation of WireGuard. It’s based on that protocol, with all the loopholes and errors being ironed out. When the users connect to the server, the protocol assigns local IP addresses to all of them. Original WireGuard solution gives the same IP to all of the users, for comparison.
This is how the first interface of the solution works. But, NordVPN implemented a second interface with this dynamic NAT system that kicks in once the VPN connection is established. This system assigns a new IP for each tunnel, allowing the packets of data to travel freely across the network, without “colliding” and mixing up.
As a result, you get a secure VPN connection with no identifiable data on the server. And as long as your session is active, the local IP address is on the server. Logically, as soon as you disconnect, your local IP address disappears, leaving no trace of your presence.
Not Assigning Dynamic IP Addresses
The original WireGuard protocol doesn’t assign dynamic IP addresses, which is another privacy-related issue. It keeps a static IP for each device, which could leak externally if the user experiences a WebRTC leak. Moreover, the apps that you install on your device can detect your internal IP, and if unwanted software gets to the device, exposing it is unavoidable.
Are there solutions to this problem? Fortunately, yes!
Mullvad gives you the ability to generate a key, which you can later regenerate, and rotate your IP address each time you do so. In return, the aforementioned issue is patched completely. To make sure that you’ve fixed this issue all the way, we recommend disabling or blocking WebRTC on all of your browsers.
You can do that on Chrome, but it’s a bit complicated. Firefox, on the other hand, lets you disable it with a single click of a mouse. Conversely, you can use a private browser such as Tor or Brave Browser to minimize the chances for WebRTC leaks.
Is WireGuard Better than OpenVPN Or…?
Okay, enough science. Is WireGuard truly better than OpenVPN or it’s not there yet? Well, that’s a hard question to answer.
Let’s put it like this. If we’re talking about the original WireGuard protocols with all the aforementioned issues, then it’s not better than OpenVPN. However, with the recent implementations and solutions, especially the NordVPN’s one, we can say that WireGuard is indeed a better solution for the most part.
The reason we said for the most part is that it’s still inferior in terms of bypassing geo-restrictions. OpenVPN still reigns supreme in that regard. But, from a technical standpoint, the newer protocol is better.
With just 4,000 lines of code, it’s much easier to maintain and change when compared to 70,000 – 600,000 lines that OpenVPN has.
Which VPNs Use WireGuard?
Right now, more and more providers move started introducing WireGuard-based protocols. ExpressVPN, the best VPN provider on the market, is probably going to do that soon, but it remained vague, so we can’t talk anything about it. These VPNs will let you use it immediately, though:
NordVPN is one of the best options for utilizing WireGuard. It offers the aforementioned NordLynx solution that drastically increases speeds and gives you impenetrable security. The solution is nearly flawless, keeping things on the no-log side of the spectrum, letting you browse the internet anonymously all the time.
The provider offers 5,700+ servers in 59 countries around the world, which is one of the largest server networks out there. Our tests showed that NordVPN is great for streaming and torrenting, and even offers dedicated servers for that.
You’ll like that it works in China as well, where NordLynx can give you another level of security and privacy in that country. If you use the button below, you can get a serious discount on NordVPN and enjoy this protocol immediately!
Mullvad is a Swedish provider known for providing complete anonymity to the users. You don’t provide your email or anything. Instead, you make a payment, get a code, and use it as your sign-in tool. The provider offers a bit slower speeds when using OpenVPN, but on the brighter side, it doesn’t store logs and lets you browse even the Darkweb anonymously.
We must mention that it’s also one of the first providers to implement WireGuard. Luckily, it isn’t a bare-bones protocol anymore, so you can expect all the issues to be patched up. Of course, the solution isn’t better than the NordVPN’s one, but it’s serviceable for privacy, security, and fast speeds.
3. Private Internet Access
PIA is yet another popular VPN from the United States. Being in the 5 Eyes region, it isn’t exactly the most trustworthy. There’s a silver lining, though, as the provider managed to keep its no-log image from the day it emerged on the market. Private Internet Access offers 3,000+ servers worldwide and supports the new WireGuard protocol as of recently.
In terms of performance, it’s not going to win any medals, but at least, it’s very affordable and has amazing device support. Giving you up to 10 simultaneous connections, you can now enjoy the new protocol on any device of your choice simultaneously!