Welcome to your friendly /r/homelab, where techies and sysadmin from everywhere are welcome to share their labs, projects, builds, etc.
Wireguard vs. OpenVPN
Discussion
I understand there are pros and cons to both, but my question is when should I be using Wireguard and when should I be using OpenVPN? I'm thinking in terms of gaming (in and out of my country), accessing content out of my country, some more private secure reasons, and any other reasons yall might think of. I currently use PIA VPN.
Sort by:
Best
Open comment sort options
Best
Top
New
Controversial
Old
Q&A
When should you use Wireguard:
When you want a solution that is small and lightweight.
You want something that operates similar to SSH, using a key exchange.
You are okay managing individual peers.
You want what's new and interesting.
When should you use OpenVPN:
You are tying into mature systems that expect or only support a mature product.
You want to explore managing VPN clients more at scale, such as tying into an authentication server (Active Directory?)
You want to experiment with a mature product that has wide industry acceptance and adoption.
For homelab use I feel like Wireguard is interesting and easier.
Notice I didn't mention security as a reason for either of these... Despite what many people on Reddit say, both are acceptable security solutions. The bigger question is the VPN provider that you choose to use.
Comment deleted by user
Wireguard is newer, more lightweight and also praised by Linus Torvalds (the creator of linux). That's enough for me to make it the primary VPN protocol.
Setting up openvpn on opnsense firewall with 2fa was surprisingly easy.
I know wireguard is faster, but I connect to openvpn just about instantly. Never had an issue with it.
I know wireguard is newer, next gen etc. (Which it is) But people talk like openvpn is dead or total crap, and it isn't.
Try both. Have fun with it.
I still prefer OpenVPN. Things as 2FA, LDAP Integration and pushing routes from the server dont seem to be possible with Wireguard.
They are, they're just not part of wireguard. But there are lots of products that provide those features around wireguard.
Also, pushing routes is possible with basic wireguard too, anything you put into the allowed ips for a client is pushed to the client as a route
Pushing routes from the server is what made me switch back.
Wireguard doesn't need any cert generation and copying certs. Just generate keypair and import text file to client and server. Windows, Linux, MacOS can natively use it. For ChromeOS you need a recent kernel
Apart from issues with MTU I haven't seen many problems. Also you can write a cron job / systemd service timer to check every so and restart it.
Wireguard all the way, i use it for gaming (i get more stable ping when connecting to EU servers, am based in the GCC), it has much lower overhead and much simpler setup, very lightweight and runs on every single device i own.
I found Wireguard a lot easier to setup and use than OpenVPN. It just works out of the box for what I need it to do.