Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: WireGuard vs. OpenVPN, a 2.5x Difference (vpnintel.com)
19 points by vpnintel 6 days ago | hide | past | favorite | 7 comments

Half off-topic but I find NordVPN's marketing extremely distasteful and in the same vein as snake oil (same as many VPN providers).

This video[1] that describes some of the issues with VPN marketing in general is so widespread that it has created old-school SEO sites[2] to game it where they hide the actual search term with white font on white background.

1: https://www.youtube.com/watch?v=WVDQEoe6ZWY

2: https://www.theprolist.org/tom-scott-vpn/

VPN marketers can be quite aggressive. This was part of our motivation to create this site. We wanted there to be a source of verifiable data that we could use to make unbiased recommendations or that readers could use to draw their own conclusions.

Measurements of fully baked services are interesting to someone looking to buy VPN services.. But the correlation with how these implementations perform in general could be very loose. Maybe these services have a specific bottleneck that cripples OpenVPN or can offload crypto for wireguard, or are using very different combinations of algorithms, or are sending less popular protocols to specific and therefore idle pools..

While I would suspect wireguard performance is quite a bit better than a similar OpenVPN configuration, I would want to see analysis of specific setups and what resources they actually use on both sides.

True, it's probably not fair to extrapolate these results to every VPN installation, but I'd argue that retail VPN providers are among the most widely deployed WireGuard and OpenVPN installations (are there bigger ones I'm not thinking of?), and that they are probably pretty optimized for the advantage it'd give to be faster and/or operate at lower cost than their competitors.

> they are probably pretty optimized for the advantage it'd give to be faster and/or operate at lower cost than their competitors.

I can't agree with that in this context. People have little idea what they are doing and what they should choose and follow various guides of various ages, pushing people who select an older implementation to select newer algorithms than the past defaults risks negative publicity. Selling rather slow service pretty cheap is how you get the volume in virtually any service market, most users making a choice preventing them from using the network bandwidth they were sold is also a bonus for many companies with inadequate peering.

If the VPN was selecting for performance, why wouldn't they select the null algorithm? In wireguard you seem to have no choices, but in normal IPsec you could make all sorts of different choices that have different tradeoffs, but in general: the weaker and more open to attack, the faster and cheaper your offering can be and the more likely one blog entry by the wrong person kills your company.

OpenVPN is very slow. IPSec, ZeroTier, and WireGuard are all quite a bit faster.

Not sure why... probably just not very optimized.

love zerotier. highly recommended

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact