• Skip to main content
  • Skip to header right navigation
  • Skip to site footer
RestorePrivacy

RestorePrivacy

Resources to stay safe and secure online

  • Tools
    • Secure Browser
    • VPN
    • Ad Blocker
    • Secure Email
    • Private Search Engine
    • Password Manager
    • Secure Messaging App
    • Tor
    • Identity Theft Protection
    • Unblock Websites
    • Privacy Tools
  • Email
    • Secure Email
    • ProtonMail Review
    • Tutanota Review
    • Mailfence Review
    • Mailbox.org Review
    • Hushmail Review
    • Posteo Review
    • Fastmail Review
    • Runbox Review
    • CTemplar Review
    • Temporary Disposable Email
    • Encrypted Email
    • Alternatives to Gmail
  • VPN
    • What is VPN
    • VPN Reviews
      • NordVPN Review
      • Surfshark Review
      • VyprVPN Review
      • Perfect Privacy Review
      • ExpressVPN Review
      • CyberGhost Review
      • AVG VPN Review
      • IPVanish Review
      • Hotspot Shield VPN Review
      • ProtonVPN Review
      • Atlas VPN Review
      • Private Internet Access Review
      • Avast VPN Review
      • TorGuard Review
      • PrivadoVPN Review
    • VPN Comparison
      • NordVPN vs ExpressVPN
      • NordVPN vs PIA
      • IPVanish vs ExpressVPN
      • CyberGhost vs NordVPN
      • Surfshark vs NordVPN
      • IPVanish vs NordVPN
      • ExpressVPN vs PIA
      • VyprVPN vs NordVPN
      • CyberGhost vs ExpressVPN
      • NordVPN vs HideMyAss
      • ExpressVPN vs ProtonVPN
      • ProtonVPN vs NordVPN
      • ExpressVPN vs Surfshark
      • Surfshark vs CyberGhost
      • Surfshark vs IPVanish
    • Best VPNs
      • Best VPN for Torrenting
      • Best VPN for Netflix
      • Best Free VPN
      • Best VPN for Fire TV Stick
      • Best VPN for Amazon Prime
      • Best VPN for Android
      • Best VPN for Gaming
      • Best VPN for PC
      • Best VPN for Disney Plus
      • Best VPN for Hulu
      • Best VPN for Mac
      • Best VPN for Streaming
      • Best VPN for Windows
      • Best VPN for iPhone
    • VPN Coupons
      • ExpressVPN Coupon
      • NordVPN Coupon
      • VPN Black Friday
    • VPN Guides
      • Free Trial VPN
      • Cheap VPNs
      • Static IP VPN
      • Chrome VPN
      • No Logs VPN
      • VPN for Binance
      • WireGuard VPN
      • VPN for Linux
      • VPN for Firefox
      • VPN for BBC iPlayer
    • By Country
      • Best VPN Canada
      • Best VPN USA
      • Best VPN UK
      • Best VPN Australia
      • VPN for Russia
    • VPN Router
  • Password
    • Best Password Managers
    • KeePass Review
    • NordPass Review
    • 1Password Review
    • Dashlane Review
    • LastPass Review
    • Bitwarden Review
  • Storage
    • Best Cloud Storage
    • pCloud Review
    • Nextcloud Review
    • IDrive Review
    • SpiderOak Review
    • Sync.com Review
    • MEGA Cloud Review
    • NordLocker Review
    • Tresorit Review
    • Google Drive Alternatives
  • Messenger
    • Secure Messaging Apps
    • Signal Review
    • Telegram Review
    • Wire Review
    • Threema Review
    • Session Review
  • News
  • Info
    • Mission
    • Press
    • Contact
  • Tools
    • Secure Browser
    • VPN
    • Ad Blocker
    • Secure Email
    • Private Search Engine
    • Password Manager
    • Secure Messaging App
    • Tor
    • Identity Theft Protection
    • Unblock Websites
    • Privacy Tools
  • Email
    • Secure Email
    • ProtonMail Review
    • Tutanota Review
    • Mailfence Review
    • Mailbox.org Review
    • Hushmail Review
    • Posteo Review
    • Fastmail Review
    • Runbox Review
    • CTemplar Review
    • Temporary Disposable Email
    • Encrypted Email
    • Alternatives to Gmail
  • VPN
    • What is VPN
    • VPN Reviews
      • NordVPN Review
      • Surfshark Review
      • VyprVPN Review
      • Perfect Privacy Review
      • ExpressVPN Review
      • CyberGhost Review
      • AVG VPN Review
      • IPVanish Review
      • Hotspot Shield VPN Review
      • ProtonVPN Review
      • Atlas VPN Review
      • Private Internet Access Review
      • Avast VPN Review
      • TorGuard Review
      • PrivadoVPN Review
    • VPN Comparison
      • NordVPN vs ExpressVPN
      • NordVPN vs PIA
      • IPVanish vs ExpressVPN
      • CyberGhost vs NordVPN
      • Surfshark vs NordVPN
      • IPVanish vs NordVPN
      • ExpressVPN vs PIA
      • VyprVPN vs NordVPN
      • CyberGhost vs ExpressVPN
      • NordVPN vs HideMyAss
      • ExpressVPN vs ProtonVPN
      • ProtonVPN vs NordVPN
      • ExpressVPN vs Surfshark
      • Surfshark vs CyberGhost
      • Surfshark vs IPVanish
    • Best VPNs
      • Best VPN for Torrenting
      • Best VPN for Netflix
      • Best Free VPN
      • Best VPN for Fire TV Stick
      • Best VPN for Amazon Prime
      • Best VPN for Android
      • Best VPN for Gaming
      • Best VPN for PC
      • Best VPN for Disney Plus
      • Best VPN for Hulu
      • Best VPN for Mac
      • Best VPN for Streaming
      • Best VPN for Windows
      • Best VPN for iPhone
    • VPN Coupons
      • ExpressVPN Coupon
      • NordVPN Coupon
      • VPN Black Friday
    • VPN Guides
      • Free Trial VPN
      • Cheap VPNs
      • Static IP VPN
      • Chrome VPN
      • No Logs VPN
      • VPN for Binance
      • WireGuard VPN
      • VPN for Linux
      • VPN for Firefox
      • VPN for BBC iPlayer
    • By Country
      • Best VPN Canada
      • Best VPN USA
      • Best VPN UK
      • Best VPN Australia
      • VPN for Russia
    • VPN Router
  • Password
    • Best Password Managers
    • KeePass Review
    • NordPass Review
    • 1Password Review
    • Dashlane Review
    • LastPass Review
    • Bitwarden Review
  • Storage
    • Best Cloud Storage
    • pCloud Review
    • Nextcloud Review
    • IDrive Review
    • SpiderOak Review
    • Sync.com Review
    • MEGA Cloud Review
    • NordLocker Review
    • Tresorit Review
    • Google Drive Alternatives
  • Messenger
    • Secure Messaging Apps
    • Signal Review
    • Telegram Review
    • Wire Review
    • Threema Review
    • Session Review
  • News
  • Info
    • Mission
    • Press
    • Contact

WireGuard vs OpenVPN in 2022: 7 Big Differences

April 21, 2022 By Heinrich Long — 39 Comments
WireGuard vs OpenVPN

WireGuard is taking the VPN world by storm. It promises big improvements over existing VPN protocols and so far in 2022, we’ve seen more VPN services moving to WireGuard. But can it deliver better speeds, security, and reliability in real-world testing? This OpenVPN vs WireGuard comparison will answer all of your questions.

Over the past few years, the gold standard of VPN (Virtual Private Network) protocols has been OpenVPN. It is an open source protocol with good performance and is considered to be very secure and reliable, having passed numerous independent audits.

But you’re here looking for answers and probably wondering if WireGuard is better than OpenVPN. Perhaps you are considering switching from your current VPN service to one that supports the WireGuard VPN protocol.

We aim to answer all your questions and more in this WireGuard vs OpenVPN comparison. Here’s what we’ll cover in this in-depth guide:

  1. Background – What is the history behind OpenVPN and WireGuard?
  2. Speeds – We ran back-to-back tests across four different server locations in the US – and there was a big winner.
  3. Encryption – Examining the cryptographic algorithms used by WireGuard and OpenVPN.
  4. Security – Which protocol offers more security?
  5. Auditability – Which protocol is easier to audit?
  6. WireGuard makes it into the Linux and Windows kernels
  7. Privacy – Does OpenVPN or WireGuard do better in terms of privacy?
  8. Conclusion – Test out WireGuard yourself

Without further delay, let’s get into the comparisons and test results!

1. Background: OpenVPN vs WireGuard

Before we dive into the technicals, let’s quickly examine the background of each VPN protocol.

OpenVPN

OpenVPN is both a VPN protocol and the code needed to implement that protocol. It consists of open source software developed by James Yonan, and published under the GNU General Public License (GPL). Initially released in 2001, it has become the most widely-used VPN protocol thanks to its flexibility, reliability, and ability to cross Network Address Translators (NATs) and firewalls.

WireGuard

WireGuard is a new approach to a VPN protocol that is meant to be, well, better than current options like IPSec and OpenVPN. Perhaps the best way to explain is to simply quote you from the first paragraph from the WireGuard home page:

WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable.

The simpler, leaner part of this is crucial. Whereas the code for OpenVPN runs into hundreds of thousands of lines, the code for WireGuard is currently around 4,000 lines. This, combined with the use of state-of-the-art cryptography, generates results that have many people very excited.

2. OpenVPN vs WireGuard Speeds

Many people are switching to the WireGuard protocol for the performance advantages — namely faster speeds.

We have been testing WireGuard over the past year and can confirm that performance is (usually) excellent. It not only offers faster speeds, WireGuard is also faster to establish a connection and is also more reliable on mobile devices.

Minimizing variables: The goal of these speed tests was to see how WireGuard performs in comparison to OpenVPN using a real-world test case and minimizing variables. Because speeds can vary drastically between services, we decided to run back-to-back speed tests with a leading VPN that supports both OpenVPN and WireGuard. For this, we chose NordVPN.

We ran all speed tests on a 500 Mbps wired ethernet connection using the same test machine (MacBook Pro). With the NordVPN client, we were able to quickly switch between OpenVPN and WireGuard for back-to-back speed tests, thereby minimizing variables.

This table summarizes the speed test results, conducted across four different locations in the United States. The table is in the order of latency, from the closest location (Seattle) to the furthest (New York).

CityOpenVPN SpeedWireGuard Speed
Seattle222 Mbps445 Mbps
Los Angeles226 Mbps304 Mbps
Chicago155 Mbps275 Mbps
New York222 Mbps280 Mbps

The fastest speed achieved was with a NordVPN server in Seattle using the WireGuard protocol (NordLynx). Here is a screenshot of this WireGuard speed test result:

OpenVPN vs WireGuard speed tests
This was the fastest speed achieved on our 500 Mbps test connection, and the fastest VPN speed test result we’ve ever had. This officially makes NordVPN the fastest VPN we’ve tested.

So what does all this mean?

WireGuard is consistently faster than OpenVPN in our tests

Key takeaways from testing WireGuard vs OpenVPN speeds:

  • On average, WireGuard was about 58% faster than OpenVPN across all the locations we tested.
  • WireGuard’s performance advantage over OpenVPN is greater with nearby (low latency) servers in comparison to long-distance (high latency) server locations.
  • To get the fastest VPN speeds, use WireGuard on the closest server to your physical location.

We intend to conduct more tests comparing WireGuard and OpenVPN speeds with more locations and will be updating our test results accordingly. Also note that WireGuard is capable of achieving speeds even beyond 500 Mbps in ideal circumstances.

Additional tests: WireGuard speeds with other VPN providers

Not all VPNs that support WireGuard provide speeds comparable to those above. For example, in the NordVPN vs CyberGhost comparison, both VPNs were tested using the WireGuard VPN protocol, but CyberGhost was significantly slower. Similarly, Private Internet Access also had below-average speeds, even when using the WireGuard VPN protocol.

This suggests that WireGuard has potential for extremely fast speeds, but as we would expect, there are large differences between VPN services with performance.

Final verdict on speeds

In speed tests run by our team and others, WireGuard normally delivers much faster speeds than OpenVPN — but this can vary by VPN provider.

3. Encryption: OpenVPN vs WireGuard

Now we’ll examine the encryption differences between OpenVPN and WireGuard.

OpenVPN Cryptographic Algorithms

OpenVPN uses the OpenSSL library to provide encryption. OpenSSL supports a number of different cryptographic algorithms, including:

  • AES, Blowfish, Camellia, ChaCha20, Poly1305, DES, Triple DES, GOST 28147-89, SM4 and more for encryption and authentication
  • MD5, MD4, SHA-1, SHA-2, MDC-2, BLAKE2, and more for hashing
  • RSA, DSA, X25519, Ed25519, SM2 and more for key derivation and agreement
  • UDP or TCP as the Transport Layer protocol
  • Perfect Forward Secrecy to protect user data

This range of algorithms makes OpenVPN agile. That is, the code can negotiate the use of different algorithms depending on circumstances. This makes OpenVPN very flexible, but greatly increases the complexity of the code. OpenVPN’s complexity can slow down execution, which is one of the main reasons people are looking to WireGuard as a possible replacement.

WireGuard Cryptographic Algorithms

The WireGuard philosophy differs greatly from that of OpenVPN when it comes to cryptographic algorithms. Whereas OpenVPN is flexible with the algorithms it uses, each WireGuard version uses one fixed set of algorithms.

The current version of WireGuard (v1.0), uses the following:

  • ChaCha20 for symmetric encryption
  • Poly1305 for authentication using RFC7539’s AEAD construction
  • Curve25519 for Elliptic-curve Diffie–Hellman (ECDH) anonymous key agreement
  • BLAKE2s for hashing (RFC7693)
  • SipHash24 for hashtable keys
  • HKDF for key derivation (RFC5869)
  • UDP as the Transport Layer protocol
  • Perfect Forward Secrecy (PFS) to protect user data

WireGuard also differs from OpenVPN in that OpenVPN uses certificates for identification and encryption. WireGuard uses public key encryption for those tasks. Secure key generation and management is handled in the background, and there is an option to pre-share a key for an additional layer of security.

Verdict on cryptographic agility

Depending on your perspective, this can go either way. OpenVPN can run many different ciphers and protocols, but this agility brings with it more complexity, a larger attack surface for hackers to exploit, and possible susceptibility to downgrade attacks.

Each version of WireGuard runs one set of ciphers and protocols. This leads to less complexity (and far less code), a smaller attack surface, and immunity to downgrade attacks. It will, however, force all endpoints to upgrade to a new version of WireGuard if a problem is discovered in any of the ciphers or protocols used in the current version.

4. Security: OpenVPN vs WireGuard

Is OpenVPN secure?

OpenVPN has no known security vulnerabilities. The code has been audited numerous times and has the backing of many security experts.

Is WireGuard secure?

WireGuard is very secure. It uses faster, state-of-the-art secure ciphers and algorithms. Its small codebase makes it easier to audit while offering a smaller attack surface for anyone trying to hack it. But perhaps most importantly WireGuard,

“…intentionally lacks cipher and protocol agility. If holes are found in the underlying primitives, all endpoints will be required to update. As shown by the continuing torrent of SSL/TLS vulnerabilities, cipher agility increases complexity monumentally.”

— Jason A. Donenfeld, Developer of WireGuard

Forcing all endpoints to move to a new version of WireGuard may cause some headaches. However, since the new version will not include the compromised cipher or protocol, it ensures that no one continues to use the insecure code. It also eliminates the possibility of a downgrade attack forcing the endpoint to drop back to using the compromised code.

Verdict on Security

There are no known security flaws for either protocol. If security is your topmost priority, the conservative option is OpenVPN. It has simply been around much longer than WireGuard, gone through more third-party security audits, and has a far longer track record than WireGuard. However, as WireGuard matures, its updated encryption algorithms and minimal codebase make it all the more attractive.

5. Auditability: OpenVPN vs WireGuard

To know if you can trust a VPN protocol, it needs to be auditable. Auditability is one of the key reasons that open source software is preferred by most privacy advocates.

But just because code is open source doesn’t make it easy to audit. OpenVPN is auditable. But with hundreds of thousands of lines of code, actually doing an audit requires a team of experts and a lot of time.

WireGuard is also open source and auditable. But with somewhere around 4,000 lines of code, it is much more amenable to an audit. A single engineer could conceivably do the job in a short while.

“Can I just once again state my love for it [WireGuard] and hope it gets merged soon? Maybe the code isn’t perfect, but I’ve skimmed it, and compared to the horrors that are OpenVPN and IPSec, it’s a work of art.”

— Linus Torvalds, Principal developer of the Linux kernel, August 2018

We have to give the nod to WireGuard when it comes to auditability.

6. WireGuard in the Linux and Windows kernels

WireGuard was also designed with the Linux operating system in mind. More specifically, with being incorporated into the Linux Kernel.

According to WireGuard: Next Generation Kernel Network Tunnel, there were five reasons to include WireGuard in the Linux Kernel:

  1. Short and simple code to make auditing and reviewing the code enjoyable
  2. To be extremely fast
  3. It must avoid resource-intensive allocations in response to incoming packets
  4. It must integrate as natively and smoothly as possible
  5. It must be buildable as an external kernel module that doesn’t require changes to core Linux code

The result is a fast, efficient VPN protocol running on OSI Layer 3, the Network Layer. On this level, WireGuard has more direct access to network routing tables and data packets, which helps with speed and simplifies authentication and attribution of data packets.

WireGuard’s presence in the Linux Kernel is one of the big reasons for its higher performance relative to OpenVPN and other protocols that run in the operating system’s user space, with its additional overhead.

WireGuard has also made it into the Windows kernel, as of August 2021.

7. Privacy comparison: OpenVPN vs WireGuard

Does OpenVPN protect my privacy?

VPN protocols provide security; they don’t necessarily provide privacy. What determines your privacy when using a VPN is actually the policies of the VPN service. In particular, whether on not a VPN service keeps logs is what determines your privacy when using one.

That may sound odd if you have heard that WireGuard has a privacy problem. We’ll go into more detail later, but that problem comes down to an aspect of the design of WireGuard that can maintain a user’s IP address on the VPN server for extended periods of time.

The design of OpenVPN does not require keeping any such user data on the VPN server, so it doesn’t compromise your privacy.

Does WireGuard have a privacy problem?

WireGuard was designed for speed and security. It was not specifically designed for people like us, who look to their VPN service for both security and privacy. However, in order to give users the benefits of WireGuard, VPN services have come up with WireGuard solutions that add strong privacy protections without sacrificing what makes WireGuard special. Here’s the problem:

WireGuard stores user IP addresses on the VPN server

As part of its cryptokey routing algorithm, WireGuard maps the public keys and allowed IP (Internet Protocol) addresses. This simplifies certain aspects of WireGuard, but by default it results in user IP addresses remaining stored on the VPN server until the server is rebooted. Storing your IP address on the server like this could be considered logging your IP address and is incompatible with the concept of a no-logs VPN. This static IP address could also be exposed by a WebRTC leak.

How can WireGuard’s privacy problem be fixed?

VPN services have come up with a few different solutions to WireGuard’s privacy problem.

NordVPN developed a double-NAT system for their WireGuard implementation, which they call NordLynx. The system,

…creates two local network interfaces for each user. The first interface assigns a local IP address to all users connected to a server. Unlike in the original WireGuard protocol, each user gets the same IP address.

Once a VPN tunnel is established, the second network interface with a dynamic NAT system kicks in. The system assigns a unique IP address for each tunnel. This way, internet packets can travel between the user and their desired destination without getting mixed up.

The double NAT system allows us to establish a secure VPN connection without storing any identifiable data on a server. Dynamic local IP addresses remain assigned only while the session is active. Meanwhile, user authentication is done with the help of a secure external database.

Open VPN vs WireGuard privacy

More info on NordVPN and NordLynx is here.

This solution is now available across all NordVPN clients, which is what we used for all tests in this guide.

Other services such as Mullvad and OVPN have addressed the WireGuard privacy issue by erasing the records that map IP addresses to encryption keys as soon as there has been no communication between the VPN client and server for three minutes. Keeping the data only as long as it is necessary greatly reduces the risk of personal data being revealed.

Additional protection in cases like these is to ensure that you are not experiencing any WebRTC leaks. Here’s a link to our complete guide to fixing WebRTC leaks.

Final Verdict on Privacy

This is one area where OpenVPN has an advantage. The default design of WireGuard requires user IP addresses to remain on the VPN server for extended periods of time. If privacy is a top concern, we recommend that you only use solutions that address this potential privacy issue.

NordVPN’s NordLynx is the solution we are currently using, but Mullvad and OVPN also have practical solutions available as well. We fully expect that as other VPN services roll out their WireGuard solutions, they too will deal with the IP address privacy issue.

Note: See other VPNs that support WireGuard here.

Conclusion: Test WireGuard for yourself

We weren’t always fans of WireGuard.

When it first came out, there were lingering concerns about privacy, IP address logs stored on the server, and the new and experimental nature of the protocol. It simply did not seem like a great solution for people who use VPNs with privacy in mind. But a lot has changed in the past year:

  • Many VPNs have found good solutions to support WireGuard while still ensuring user privacy.
  • WireGuard has officially been released (no longer experimental code) and is gaining traction with more VPN services.
  • WireGuard has now been incorporated into the Linux kernel, a major landmark.
  • Lots of tests have proven the significant performance advantage that WireGuard enjoys over existing VPN protocols.

WireGuard has a lot to offer VPN users, in many different use cases. If you have considered using WireGuard, give it a shot to see the advantages yourself.

While there are a handful of VPNs that support WireGuard, our current top-recommended VPN for WireGuard is NordVPN. It delivers on speed, security, privacy, and many other areas, as discussed in our NordVPN review.

Tip: Test WireGuard for yourself and use the coupon below for the best savings.

NordVPN Coupon


Get 68% Off NordVPN plus FREE anti-malware protection for all your devices:

Get 68% Off NordVPN Here >>

(Coupon is applied automatically.)

You can read about many other VPNs that support WireGuard here.

Feel free to share your experiences in using WireGuard in comparison with OpenVPN below.

This WireGuard vs OpenVPN guide was last updated on April 21, 2022.

About Heinrich Long

Heinrich was born in a small town in the Midwest (USA) before setting sail for offshore destinations. Although he long chafed at the global loss of digital privacy, after Edward Snowden’s revelations in 2013, Heinrich realized it was long past time to join the fight. Heinrich enjoys traveling the world, while also keeping his location secret and digital tracks covered.

Reader Interactions

Comments

  1. Alex J

    August 7, 2021

    VyprVPN also has wireguard support and they are a fairly known VPN provider with strong anti-surveillance views and strict mission statement. Worth a review.

    Reply
    • Sven Taylor

      August 8, 2021

      Yep, the VyprVPN review is here.

      Reply
  2. Mark

    July 20, 2021

    I think it should be pointed out more strongly that Wireguard is UDP only. That’s a HUGE drawback if you need to punch through a firewall (if either the client OR server are behind firewall rules).

    OpenVPN is very much more established than Wireguard which feels more like a hack than something real. Wireguard is essentially just SSH-over-UDP with packet routing. Would you even consider putting SSH directly in the kernel?! Yeah, maybe only the systemd people would.

    Reply
  3. CoolGeek

    July 11, 2021

    Is this an update to a previous article? It has a March 2021 date while some comments are dated June 2020. I have used CyberGhost for several years and found that in actual downloads (as opposed to speed tests), it has come very close to matching the limits of my account with both OpenVPN and WireGuard. I have noticed however that download speeds “ramp up” faster using the WireGuard protocol. I don’t recall exactly when CyberGhost implemented WireGuard but it is still fairly new. One irritating issue I have is that exceptions cannot be set to bypass the VPN for certain websites when WireGuard is used. This capability is available when using OpenVPN. Some sites block attempts to login from locations other than “home” and may trigger a call from the audit department. I don’t know enough about WireGuard at this point to know if exceptions aren’t possible or if CyberGhost simply hasn’t implemented them with WireGuard yet. Any comments in that regard?

    Reply
  4. Ben

    June 2, 2021

    The LockDown app and my EdgeRouter firewall log shows that NordVPN apps is uses trackers that connect to Google Analytics and Bugsnag and other analytics companies reporting NordVPN app usage information, including your IP address to these third party analytics companies.

    Unless you trust Google with your VPN usage information I think this is a problem and a violation to your privacy.

    When I contacted NordVPN about this they state that they collect this user information as mentioned in their privacy policy.

    I am surprised to see today that Restore Privacy is recommending NordVPN instead of other VPN providers that do not include third party trackers in their Apps.

    Reply
    • Sven Taylor

      June 2, 2021

      Did you look in the app settings, Ben? These crash reports can be easily disabled. Crash and bug reporting tools are common in VPN apps, and many other apps, to improve user experience. I’m surprised you have not just disabled this if it bothers you.

      Reply
    • Dave

      August 14, 2021

      You are right they are a very untrustworthy company when it comes to privacy and security they aslo monitor traffic. I am glad I ditched Nordvpn after the scandal where their servers were compromised, it wasnt until someone leaked that information about a year later that they addressed it. I’m using protonvpn and I have no complaints.

      Reply
    • Dave

      August 14, 2021

      Ben, what EdgeRouter are you using by the way?

      Reply
  5. chil

    April 5, 2021

    I am a normal consumer, not a security professional, so take my comments with some salt:

    I tried the NordLynx Wireguard option and while the speed boosts were really great, it seemed to crash my network connection almost every time I used it. I don’t know at what part of the chain this is happening in, and I spent an hour trying to restart NetworkManager and whatnot before I ended up going back to the OpenVPN protocol.

    Thanks for the informative article.

    Reply
  6. Michael

    March 7, 2021

    If Wireguard stores my i.p. address on that server, then it’s not for me.

    Reply
  7. linken

    January 14, 2021

    How could Mullvad and OVPN did this? — “erasing the records that map IP addresses to encryption keys as soon as there has been no communication between the VPN client and server for three minutes”
    Should I modify source code to archive this or execute wg/wg-quick command?

    Reply
  8. Hans

    August 19, 2020

    When announced, it looked promissing, and it still remains: promissing. But:
    1) support for smartcards (opensc) : openvpn wins,
    2) HTTP-encapsulation: openvpn wins,
    3) post-quantum protection: openvpn wins,
    4) audited by militairy: openvpn wins.

    So, I’m open for improvements, but right now I remain with openvpn (hardened version)
    It might not be the fastest, but when human lives are at stake, you have to look at more factors.
    Without the first one, I won’t even have a close look. If WG can support PINPAD-readers (for EstID, myeid, eidas, PIV-i cards, they can even beat openvpn
    Regarding the second, they might even win over openvpn, IF they can do HTTPS encapsulation. as openvpn remains stuck at only HTTP (no http-S) encapsulation.

    If WG makes any progress on those two fields, contact me…

    Reply
  9. John Doe

    August 4, 2020

    How about merging the benefits of the strong secure aspects of OPENVPN code and wire code and developing a simply secure new encryption protocol altogether? Give me your feedback peeps. (Especially you Sven).

    Reply
  10. Raviu

    July 19, 2020

    IVPN should be listed as solving wireguard privacy issue.
    I’ve tested them myself and they are doing good work too.

    Reply
    • Sven Taylor

      July 19, 2020

      Yep, it is listed in the main WireGuard VPN guide.

      Reply
  11. Savagepagan

    July 18, 2020

    Perhaps you can review TorGuard VPN implementation of Wireguard.

    Reply
    • Sven Taylor

      July 19, 2020

      We will be reviewing TorGuard very soon.

      Reply
      • root

        October 26, 2020

        Surfshark too please

        Reply
        • Sven Taylor

          October 26, 2020

          Done.
          Surfshark review
          TorGuard review

  12. Raviu

    July 18, 2020

    Test openvpn with AES-256-GCM instead of the default AES-256-CBC
    I’m pretty sure there would be much speed difference.

    Reply
  13. steven

    July 11, 2020

    can you reivew widevpn ,it also proivde wireguard vpn

    Reply
  14. AT

    July 5, 2020

    I generally do not trust anything with a dragon themed logos. Chinese surveillance by default comes into place with this type of logos. I would like to know more who is behind WireGuard.

    Reply
    • Guest

      July 8, 2020

      Have you read the article or not? You don’t need to trust Wireguard. Just read it’s source code. It’s only 4000 lines of code. And if you can’t read the code yourself, perhaps you can trust other people who read it.

      Reply
    • Waker

      March 21, 2021

      Instead of worrying about your privacy, you should try to hide your stupidity and double standard – apparently you’re very comfortable with the exposed notorious PRISM global surveillance programme and the facial-recognition tech the local and state law enforcement used this January to identify the rioters at the Capitol Hill.

      Reply
  15. Smith

    June 27, 2020

    It would be nice if you add a review for Mullvad VPN

    Reply
    • Sven Taylor

      June 27, 2020

      We’ll get to it soon.

      Reply
  16. abc

    June 17, 2020

    Just a few months ago, any search of Wireguard suggested caution and being safe and that OpenVPN is more secure and that we shouldn’t trust Wireguard.

    What changed!??!?!

    How do you flip so quick? Was it the incorporation in the Kernel? The fact that Mullvad and many others have switched to this standard?

    Also: how do you feel overall about the secureness as compared to OpenVPN if NordLynx or something like that is used?

    How do you feel about the fact that Cloudflare launched a VPN using wireguard? Does this imply its compromised since Cloudflare is probably a NSA honeypot.

    Reply
    • Sven Taylor

      June 17, 2020

      Yes, a lot has changed since I published my first report on WireGuard, about a year ago. And we are happy to update our recommendations based on new information and these positive developments.
      I explain the rational in the main WireGuard article here.
      – Version 1.0 launched
      – Now stable and recommended for regular use by WireGuard devs
      – Incorporated into the Linux Kernel
      – Some VPNs have solved the inherent privacy issues with secure and private WireGuard implementation. (We see this with NordVPN, Mullvad, and IVPN, for example.)

      Reply
      • Iyah

        January 9, 2022

        Any info on ipvanish implementation of wireguard?

        Reply
        • Sven Taylor

          January 10, 2022

          Yep, they have added WireGuard and we’ll be adding them to the list with the next update.

  17. Sjon

    June 17, 2020

    I expect my vpn to be a bit conservative in the way it thoroughly tests wireguard before implementing. If speed would be your main concern, do not use a vpn at all.
    I’ll wait and see what Proton thinks about wireguard.

    Reply
    • J.M.

      June 17, 2020

      @Sjon,

      A little old but here is ProtonVPN’s stance.

      https://protonvpn.com/blog/wireguard-donation/

      I had the same question you did and did some digging. Hope this helps.

      Reply
  18. Bronco

    June 16, 2020

    Comparison with IKEV2 would be good, as well…

    Reply
    • Joe

      June 16, 2020

      Yeah, IKEv2 is the one used by default by Surfshark.

      Also, there are OpenVPN / UDP and OpenVPN / TCP.

      Anyway, Wireguard looks marvelous !

      Reply
  19. Matti

    June 16, 2020

    RE: “Note: WireGuard is capable of achieving speeds even beyond 500 Mbps in ideal circumstances.”

    Don’t really know if my case is categorized as ideal, but I’ve spun up WireGuard tunnels (search github for Algo) on a DigitalOcean droplet (cheapest 1-core $5/mth option) with the datacenter in the country next to mine (literally less than 100km from my house), and I’ve gotten 700mbps+ download speeds regularly on my 1gbps connection. Having said that, I’ve also gotten similar speeds with IKEv2/IPSec tunnel. Never tested with OpenVPN though.

    One question regarding encryption on mobile devices;
    From what I understand (which isn’t much, so I could be completely wrong here), many mobile SOCs like Apple’s A series or Qualcomm’s Snapdragon series come with built encryption acceleration for certain cryptographic algorithms, mainly AES and SHA variants. Would this mean that power consumption would be lower if I employed a VPN that relied on these “SOC accelerated” algorithms? I’m asking because I regularly get better battery life using IKEv2 on my iPhone compared to WireGuard on the same VPS instance. I realize there could be other variables at play here as well (eg; IPSec support is native to many mobile operating systems while WireGuard is not), hence why I’m asking the question.

    Reply
    • Sven Taylor

      June 16, 2020

      > Would this mean that power consumption would be lower if I employed a VPN that relied on these “SOC accelerated” algorithms?
      Not sure on this as I don’t spend much time testing VPNs with mobile devices, perhaps someone else will chime in.

      Reply
    • Joe

      June 16, 2020

      This is an interesting matter that you point out.
      Do protocols impact the battery life on a mobile device ?
      Nice thought

      Reply
    • Just a guy

      June 18, 2020

      Speaking of SOC accelerated algorithms, those surely impact the performance… Speaking of battery life, I’d bet that native implementation is what impacts more…

      Reply
  20. Wired

    June 15, 2020

    Thank you for this article. It is very informative.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

RestorePrivacy Checklist

  1. Secure browser: Modified Firefox or Brave
  2. VPN: NordVPN (68% Off Coupon) or Surfshark
  3. Ad blocker: uBlock Origin or AdGuard
  4. Secure email: Mailfence or Tutanota
  5. Secure Messenger: Signal or Threema
  6. Private search engine: MetaGer or Swisscows
  7. Password manager: NordPass or Bitwarden

Support this Project

RestorePrivacy was created to provide you with honest, useful, and up-to-date information about online privacy and security topics. You can support this project through donations, purchasing items through our links (we may earn a commission at no extra cost to you), and sharing this information with others. See our mission here.

RestorePrivacy is also on Twitter

We’re available for Press and media inquiries here.

COPYRIGHT © 2022 RESTORE PRIVACY, LLC · PRIVACY POLICY · TERMS OF USE · CONTACT · SITEMAP