Hacker News new | past | comments | ask | show | jobs | submit login

Why do you prefer Wireguard over Openvpn?



There's also a formal proof of Wireguard's security (not that it means much in practice, but I find it extremely interesting): https://prosecco.gforge.inria.fr/personal/bblanche/publicati...


Others pointed this out already, but I'd like to second the simplicity. It's much, much easier to set up wireguard, especially compared to the mess that is openvpn. I had to use algo to set up openvpn originally, and God help you if you're not on ubuntu.

Secondly, wireguard is faster. If you're dealing with lots of users, CPU could be limited; in such environments, wireguard has allowed me up to fifty percent more throughput than with openvpn. It's also newer and probably not as optimized, so may get better. Finally, the new tap/tun driver on windows is orders of magnitude better than the openvpn one.


Old thread, but I also really appreciate the simplicity. Configuring wireguard takes a little knowledge of routing (either iptables or firewalld, etc) but is vastly simpler to understand compared to OpenVPN. When things aren't working, there's a lot fewer thing to check.

Oh and it's blazing fast. I often times get better connection speeds when connected to the wireguard VPN than not, presumably because the TCP overhead all happens in the cloud rather than locally where latencies are much higher and bandwidth is more limited.

The roaming of Wireguard also makes it completely seamless. I'll often forget I'm even connected for days at a time.


I spent over two days setting up OpenVPN the first time I used it and less than an hour the first time I set up Wireguard. Wg seems a bit more reliable too, sometimes my OpenVPN sessions would time out and require manual intervention, but since switching to wireguard it always seems to "just work".


Wireguard is an extremely simple protocol, basically as simple as it is possible for an encrypted VPN protocol to be.

OpenVPN uses TLS (in TCP mode) and a custom protocol based off of TLS in UDP mode, its design is vastly over complicated by the use of x.509 certificates, and in general is just kind of ugly and kludgy (and slow).


It's "simple" in a way that is very difficult to achieve, and in many ways more modern than OpenVPN. The better word might be "clean".


Wireguard codebase is tiny at it has been reviewed by a lot of skilled eyeballs.


> it has been reviewed by a lot of skilled eyeballs.

Any details on this?

It's probably better than the mess of other code bases, but wireguard is in active development, so even if secure and bug-free a few months ago, it would not necessarily imply secure now.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: