OpenVPN vs WireGuard vs ZeroTier
-
Hi there,
OpenVPN is older or normal.
WireGuard, I'm wondering if it really some 5 times faster than normal vpn? as it promises, if I need to use it, I may want use it in VeeamPN form.
Zero Tier is new thing for me. How competitive to above two VPNs?
I was looking at OPNSense firewall, which has above three VPNs options through plug in, from there I thought to discuss which one is right for what scenario?
-
@openit said in OpenVPN vs WireGuard vs ZeroTier:
WireGuard, I'm wondering if it really some 5 times faster than normal vpn?
The VPN portion might be 5x faster. But VPN speed isn't generally of major concern. OpenVPN is like 5x slower than IPSec, so for WireGuard to be 5x faster than OpenVPN is great, but nothing groundbreaking.
-
OpenVPN is VPN like you tend to think of it, but quite slow and heavy. IPSec is typically used for this when you want speed. They operate more or less the same, but one is lighter.
WireGuard is lighter than those, and implemented in the Linux kernel. It's supposed to be easier to use, but I've not used it.
ZeroTier uses VPN technology, but approach it as a layer and is intended to be used as a SD-LAN. But SD-LAN and VPN are really interchangeable concepts. Keep an SD-LAN simple and it's a VPN, make a VPN complex and it's an SD-LAN.
-
The biggest question will be... what is your use case?
-
I've yet to play with Wireguard even though the home lab guys love it over on reddit. The issue I have is that OpenVPN AS is so darn easy to setup and use. Wireguard looks much more "unpolished" from the small bit I've researched. As @scottalanmiller says, speed isn't really a big deal. I need ease of installation and maintenance which OpenVPN AS has going for it currently over any speed benefits that Wireguard provides.
I also need Windows Wireguard clients but last I looked those were still in beta testing.
-
5x faster sounds strange unless some weird testing was going on.
Maybe it was this below from wireguards site?
Well, you can't trust anyones benchmark when they don't know the difference between Mega (M) and milli (m). Seriously. -
@Pete-S said in OpenVPN vs WireGuard vs ZeroTier:
Well, you can't trust anyones benchmark when they don't know the difference between Mega (M) and milli (m). Seriously.
Like, for real. That's totally something I would say.
-
I've been using wireguard for a month or two now. We have Linux, Mac, and Windows clients on it. It works fine on all systems, and is easy to do split tunneling if you are looking for that feature.
If you intend on using VPN and wireguard. As in you use wireguard for one connection and VPN for others, you will need to turn off the wire guard interface with a one line command.
Wireguard is nice because it's activated do boot and you don't even have to think about it. Unless of course you need to connect to another VPN and redirect to that VPN's DNS. In that case, you just temporarily change the state of wireguard to down.
I don't care about the speed much because I'm not transferring files, but it definitely is improved over Openvpn.
-
Here's another test. It shows that IPsec is more than 50% faster than WireGuard.
https://www.pcwrt.com/2020/02/performance-comparisons-of-three-vpn-protocols-on-a-budget-router/Thing is that WireGuard uses the ChaCha20 cipher which is very efficient and fast on non-dedicated hardware. IPsec, and sometimes also OpenVPN, can however often use hardware acceleration on AES and is then faster.
It's the devices in each end and their architecture (ARM, x86 etc) and any hardware offloading that will determine what to pick for maximum performance on a VPN. And often it just doesn't matter - for instance when the hardware can handle encryption at WAN speed.
Nice thing about WireGuard is that it has just been included in the 5.6 kernel so soon enough it will be available by default on every linux system.