Top10VPN is editorially independent. We may earn commissions if you buy a VPN via our links.

WireGuard vs OpenVPN

JP Jones is our CTO. He has over 25 years of software engineering and networking experience, and oversees all technical aspects of our VPN testing process.

Our Verdict

The more recent WireGuard protocol outperforms OpenVPN in speed by a significant margin and is more efficient, using 15% less data. It also handles network transitions more smoothly and maintains robust security. However, OpenVPN has a proven track record, is more privacy-friendly, and is supported by more VPNs. OpenVPN is still the best choice for the most privacy-conscious users.

an OpenVPN cyclist racing against a WireGuard cyclist

Virtual private networks (VPN) use VPN protocols to create and secure your internet connection. Two of the best and most commonly-used protocols are OpenVPN and WireGuard.

OpenVPN was released in 2001 and is traditionally seen as the industry’s gold standard. But the new WireGuard VPN protocol has burst onto the scene since its release in 2019, and is now threatening to take that crown away from OpenVPN.

In this in-depth guide we compare OpenVPN and WireGuard to see which VPN protocol you should use.

Our extensive lab tests reveal which of the protocols is best in seven key areas, including security, speed, privacy, ease of use, and more.

We’ll also reveal how these protocols came into being, giving you background information on who’s behind them, and explain the differences in how they work.

Summary Table: WireGuard vs OpenVPN

Here’s a quick summary of how OpenVPN and WireGuard compare in each key category:

Category Winner
Speed WireGuard

WireGuard is twice as fast as OpenVPN, if implemented correctly.

Security & Encryption Tie

Neither protocol has any known security vulnerabilities.

Bypassing Censorship OpenVPN

OpenVPN is better at bypassing censors (e.g. the Great Firewall of China) because it can use TCP port 443.

Mobility WireGuard

WireGuard offers a more reliable connection for mobile users than OpenVPN because it handles network changes better.

Data Usage WireGuard

OpenVPN adds a data overhead of up to 20%, whereas WireGuard uses just 4% more data (compared with not using a VPN).

Privacy & Logging OpenVPN

VPN services need to include mitigations to ensure user privacy when using WireGuard.

VPN & Device Compatibility OpenVPN

OpenVPN is currently supported by many more VPNs, across many more devices, than WireGuard.

The best VPNs using OpenVPN and WireGuard are:

OpenVPN: The fastest VPN using OpenVPN is Proton VPN, thanks to Proton VPN’s accelerator technology.

WireGuard: The fastest VPN that uses WireGuard is

Read on for an introduction to the two protocols, or use the jump links below to skip to the section most important to you.

Why Trust Us?

We’re fully independent and have been reviewing VPNs since 2016. Our advice is based on our own testing results and is unaffected by financial incentives. Learn who we are and how we test VPNs.

VPNs Tested65
Total Hours of Testing30,000+
Combined Years of Experience50+

WireGuard vs OpenVPN: Speed Comparison

WireGuard was designed with speed in mind. OpenVPN was not. As such, WireGuard is considerably faster than OpenVPN.

The WireGuard protocol is optimized to use multiple processor cores at the same time, and it uses faster encryption methods.

WireGuard’s own measures suggest their protocol is at least 3 times faster than OpenVPN – with a throughput of 1011Mbps, compared to OpenVPN’s 258Mbps.

WireGuard's own speed test results graph

The WireGuard team admits, however, that these results are “old and crusty and not super well conducted.”

Therefore, we ran the tests ourselves to see which protocol is faster.

WireGuard Is Faster Than OpenVPN

NordVPN is an excellent VPN service that was one of the first to support both WireGuard and OpenVPN. It’s therefore ideal for running a speed test comparison.

We connected to NordVPN servers around the world using either the OpenVPN (UDP) protocol or the NordLynx (WireGuard) protocol, and recorded our connection speeds.

Below is a detailed breakdown of our speed test results comparing OpenVPN and WireGuard across different server locations:

Server Location OpenVPN (UDP) WireGuard (NordLynx)
US 142Mbps 254Mbps (79% faster)
UK 135Mbps 286Mbps (112% faster)
Germany 131Mbps 277Mbps (111% faster)
Japan 139Mbps 269Mbps (94% faster)
Australia 118Mbps 207Mbps (75% faster)

Alternatively, here’s a visual representation of our OpenVPN versus WireGuard speed findings:

Bar chart comparing WireGuard and OpenVPN's download speeds across a range of server locations

Our results found WireGuard was consistently over 75% quicker than OpenVPN, no matter where in the world we were connecting to.

On shorter-distance connections, the difference was even more pronounced, with WireGuard running at over double the speed of OpenVPN.

These results match what NordVPN themselves saw when comparing NordLynx and OpenVPN. They conducted 8,200 automated tests daily for a month and concluded NordLynx was up to 2 times faster than OpenVPN.


Normally, we conduct all speed tests on a metred 100Mbps connection but for the purpose of this comparison we used a 350Mbps connection. This may be higher than the connection speeds you have on your home network. Consequently, WireGuard’s superiority is probably more pronounced here than it would be in everyday usage, because it is better at using all the available bandwidth.

It’s certainly the faster protocol, but the differences between WireGuard and OpenVPN may be more marginal on your device than in the data above.

Time to Connect

WireGuard also establishes a connection much quicker than OpenVPN. This is important because if the connection is lost or the VPN tunnel breaks for some reason, you want your VPN to reconnect fast.

An Ars Technica study found that an OpenVPN connection can take as long as 8 seconds to initiate, whereas WireGuard connections take around 100 milliseconds.


WireGuard is a much faster protocol than OpenVPN, when correctly integrated into the VPN service. It was designed for that purpose, and it does it well. If you’re doing anything speed-sensitive, such as gaming or streaming, use WireGuard.

Winner: WireGuard

WireGuard vs OpenVPN: Encryption & Security

OpenVPN WireGuard
Encryption Ciphers & Authentication Protocols Commonly Used:

AES, Blowfish, Camellia

Also Supported:

ChaCha20, Poly1305
(plus many more)

ChaCha20, Poly1035
Perfect Forward Secrecy Supported Supported
Known Vulnerabilities None None

OpenVPN lets you use a wide range of encryption ciphers and authentication algorithms, while WireGuard just has a fixed set for each release.

This means that, if a security vulnerability is found in an algorithm, OpenVPN can be quickly configured to use something else. Whereas WireGuard would require a software update across all devices. That’s a pain, but it ensures there are no devices ever using insecure code.

There are currently no known security vulnerabilities in both WireGuard and OpenVPN.

Choice vs Security

One of the key differences between OpenVPN and WireGuard is the trade-off between choice and security.

OpenVPN uses the OpenSSL library for encryption, which was first released in 1998 and has been thoroughly tested over a long period of time. The library supports a wide range of encryption ciphers, including AES, Blowfish, and ChaCha20.

WireGuard, on the other hand, doesn’t offer a choice of encryption. Instead, it forces you to use ChaCha20 for encryption and Poly1305 for authentication.

As a result, WireGuard requires much less code than OpenVPN: roughly 4,000 lines of code compared to 70,000 (at least).

This smaller footprint makes it much easier for security researchers to audit and verify WireGuard’s code than OpenVPN’s. It also makes WireGuard’s possible attack surface much smaller than OpenVPN’s.

Furthermore, less code considerably reduces the possibility of bugs occurring in Wireguard.


OpenVPN offers greater freedom when it comes to encryption and security, but WireGuard is easier to audit and has a smaller attack surface. Both protocols are very secure, but less tech-savvy users may prefer to trust the experts at WireGuard, rather than take matters into their own hands.

Are New Encryption Algorithms Safe?

Generally, security researchers prefer encryption technology that has been around for a while. This is because newer algorithms may sometimes feature vulnerabilities that just haven’t been identified yet. It’s therefore often safer to go with a more tried-and-tested option.

In this case, OpenVPN is by far the most tried-and-tested option. It was released 18 years before WireGuard, and the AES cipher it uses is almost a decade older than the ChaCha20 and Poly1035 algorithms that WireGuard uses.

In practice, however, WireGuard’s relative immaturity doesn’t appear to be a huge security risk. There are three main reasons for this:

  1. WireGuard’s minimal codebase means it can be audited very quickly. This mitigates a lot of the concerns about the protocol’s lack of rigorous testing, because experts can audit it much faster than OpenVPN’s code.
  2. ChaCha20 is very secure. The ‘20’ in ‘ChaCha20’ means there are 20 rounds of encryption to protect the data. In 2008, ChaCha7 (with seven rounds) was broken, but ChaCha8 remains unbroken to this day. So you can be confident that ChaCha20 offers a high level of security.
  3. Endorsements from Linux and Google. Linus Torvalds, original creator of Linux, said: “Can I just once again state my love for [WireGuard]… Maybe the code isn’t perfect, but I’ve skimmed it, and compared to the horrors that are OpenVPN and IPSec, it’s a work of art.” WireGuard has since been included in the Linux kernel, which represents strong support for its security credentials. Google has also switched to using ChaCha20 and Poly1305 for encrypting traffic on its Android devices.


WireGuard and OpenVPN are both very secure VPN protocols. Which is better for encryption and security mostly comes down to personal preference.

If you’re wary of newer technologies or like to have more control over your security settings, then OpenVPN is the better option for you. If you like the idea of an efficient, streamlined codebase, then go for WireGuard.

Winner: No clear winner. It’s a tie.

WireGuard vs OpenVPN: Bypassing Censorship

OpenVPN and WireGuard are both very reliable VPN protocols that deliver a stable internet connection under most circumstances.

However, only OpenVPN gives you the option to use the TCP communication protocol. This is helpful for bypassing strict internet blocks, because TCP connections are able to use port 443, which is the same port regular HTTPS traffic uses.

It’s highly unlikely censorship systems in countries like China, Russia, and Turkey would block port 443, because it would halt essential activities like online banking and shopping.

In short, OpenVPN TCP is more effective at bypassing censorship than WireGuard, because WireGuard can only be used with UDP.

Here’s a quick summary of how UDP and TCP compare:

User Datagram Protocol (UDP) Transmission Control Protocol (TCP)
WireGuard Support
OpenVPN Support
Reliability Features
Speed Faster Slower

We usually recommend using UDP whenever possible because it’s faster, more efficient, and equally stable when used within a VPN tunnel. However, for bypassing firewalls and circumventing censorship, a TCP protocol is preferable.

This is reflected in the option that VPN services default to when you try to connect in China.

We found that, in almost every case, when a VPN provider offers both WireGuard and OpenVPN, the service will default to using the OpenVPN protocol when you try to connect from within China.

We also tested a few VPN services that we know work well in China to see whether OpenVPN or WireGuard was better at bypassing the Great Firewall of China:

  • Astrill VPN was able to beat the censorship using both OpenVPN and WireGuard
  • Private Internet Access (PIA) was only able to connect when using OpenVPN, and failed using WireGuard.


OpenVPN is the better choice for bypassing censorship. It enables you to use port 443 which is very difficult for censorship systems to block. Use OpenVPN (TCP) if you’re trying to access the free, global internet from within countries like China and the UAE.

Winner: OpenVPN

WireGuard vs OpenVPN: Mobility

ExpressVPN's new app on mobile devices

Devices today frequently move between mobile and WiFi networks. A good VPN protocol needs to be able to make that switch efficiently and effectively.

WireGuard is far better than OpenVPN for mobility. It handles network changes seamlessly, whereas OpenVPN has historically struggled when users regularly switch between networks. Many VPN services have actually opted to use a different protocol, IKEv2, for mobile devices.

IKEv2 is a reasonably good VPN protocol, but it is closed source and some people have concerns that it may have been compromised by the NSA. Instead, then, WireGuard presents a new, open-source solution to the problem of which VPN protocol to use on mobile.

If you’re using a VPN while on the move, we strongly recommend using WireGuard rather than OpenVPN.


Unlike OpenVPN, WireGuard copes impressively with regular network changes. It’s also faster and more privacy-friendly than IKEv2, which is many VPN service’s current default protocol for mobile users.

Winner: WireGuard

WireGuard vs OpenVPN: Data Usage

Using a VPN always increases the total amount of data you consume. That’s because the tunneling process requires you to send additional information over the internet, which leads to an increase in data usage.

The data overhead can affect the speed of your VPN. If you are on a pay-as-you-go cell phone contract, you might also spend more money and/or reach your planned data limit sooner.

The VPN protocol you use affects how big the data overhead is. Our research found that WireGuard consumes far less data than OpenVPN. Here’s a summary of the findings:

bar chart showing the data consumption of OpenVPN TCP (+19.96%), OpenVPN UDP (+17.23%), and WireGuard (+4.53%)

To test each protocol’s data usage, we used the Linux WireGuard and OpenVPN applications and calculated how much additional data they were adding to our connection, compared to not using a VPN. For each test, we copied a 209MB test file between two virtual servers. We conducted each test three times, and worked out the average data increase.

The Results: WireGuard uses much less data than OpenVPN. While OpenVPN UDP has a large data overhead of 17.23%, WireGuard adds just 4.53% to your data consumption. When using OpenVPN TCP, this overhead is even greater, at 19.96%.

WireGuard actually has the smallest data overhead of any VPN protocol we’ve tested, including IKEv2 and PPTP. By contrast, OpenVPN has the largest.

You can see the full results from this investigation, and learn more about VPN data usage, in our guide to mobile data and VPNs.


WireGuard consumes much less data than OpenVPN. Use WireGuard if your internet access has a data cap, or you’re charged based on the amount of bandwidth you consume.

Winner: WireGuard

WireGuard vs OpenVPN: Privacy & Logging Policy

Protocol Logging Mitigations
OpenVPN None Not required
WireGuard IP address stored on server until it reboots Available with most commercial VPN providers

An essential feature of a safe VPN service is that it doesn’t store any personally-identifiable information about you. This also applies to the VPN protocol being used.

While OpenVPN works without needing to log an IP address, WireGuard requires permitted IP addresses to be stored on the server until the server reboots.

This is concerning from a privacy standpoint, because if the server is compromised, the IP address could be used to link you to your activity and thereby remove the main benefit of using a VPN.

Be aware, then, that if you’re using the standard implementation of WireGuard, it’s likely your IP address is being logged for at least the duration of your session.

Thankfully, most commercial VPN services that support WireGuard have implemented workarounds to minimize these privacy risks. Some examples include:

  • NordVPN: NordVPN has combined WireGuard with its proprietary Double Network Address Translation (NAT) technology to create NordLynx. Instead of storing your static IP address until the server reboots, NordLynx assigns a unique dynamic IP address to each VPN tunnel, such that each session has a different IP address that only lasts as long as the session.
  • Mullvad: To maximise privacy when using WireGuard, Mullvad deletes your IP address from its servers after 10 minutes of inactivity. As an extra step, Mullvad also suggests you use its Multihop feature to route your traffic through two or more servers when using WireGuard.
  • IVPN: IVPN deletes your IP address after three minutes of inactivity. It also randomly generates a new IP address every 24 hours, to avoid issues around using a static IP address.

These mitigations will be enough for most users. However, if you are in a strict censorship country or a country where officials may try to prosecute VPN users, it’s probably not a risk worth taking.

We’d also recommend checking with your VPN provider which mitigations they have in place for WireGuard users, if you’re concerned about your privacy.


Unlike OpenVPN, the WireGuard protocol requires your IP address to be stored on the VPN server for an extended period of time. VPN services can and will mitigate against this, but it’s not ideal from a privacy perspective. No such mitigations are required for OpenVPN.

Winner: OpenVPN

WireGuard vs OpenVPN: VPN & Device Compatibility

OpenVPN is natively supported by almost every commercial VPN service, whereas WireGuard is much less widely available.

WireGuard is catching up fast, though. Despite only being released in 2019, the protocol has already been implemented into many leading VPNs – often across both desktop and mobile apps.

Here’s an overview of which protocols are supported on 15 of the most popular VPNs:

VPN Protocol ExpressVPN NordVPN CyberGhost IPVanish Surfshark PrivateVPN PIA Windscribe Proton VPN Astrill VPNArea Hotspot Shield Mullvad TunnelBear PureVPN

Traditionally, most VPNs use OpenVPN as their default protocol, particularly on desktop.

However, we’re now seeing an increasing number of providers switch their allegiance to WireGuard.

For example, CyberGhost now uses WireGuard by default on Android and iOS, and NordVPN uses its NordLynx version of WireGuard as the default in most of its apps.

NOTE: To use a VPN on your router, you’ll likely still have to use OpenVPN. Only Mullvad, from the list above, works with WireGuard at the router-level.

Ease of Use

To manually configure the protocol yourself, WireGuard is much easier than OpenVPN. Again, this is due to WireGuard’s streamlined code and lack of choice when it comes to encryption configurations, which makes it very simple to install.

WireGuard’s light codebase is also a strength for using a VPN on small computing devices and embedded devices. OVPN, for example, includes a WireGuard-compatible command-line application for Raspberry Pi single-board computers.

That said, OpenVPN is easier to use for most VPN users simply because it is natively supported by more VPN services. Just download your chosen VPN and, in almost every instance, the OpenVPN protocol will be set up and ready to use.


OpenVPN has been around for almost two decades and is natively supported within almost every VPN app. WireGuard is currently being integrated into more and more VPNs, but your chosen VPN provider is still more likely to support OpenVPN. This is especially the case if you’re using a VPN on your router.

Winner: OpenVPN

What Are OpenVPN and WireGuard?

OpenVPN and WireGuard are two types of VPN protocol. A VPN protocol is technology used to create a secure tunnel between your device and a VPN server.

In other words, a VPN protocol is a key element to how a VPN works.

You can use both OpenVPN and WireGuard independently to create your own VPN connection. However, they’re more commonly used as part of personal VPN services.

Here’s an overview of each protocol’s main features:

Feature OpenVPN WireGuard
Date Released May 2001 September 2019
Encryption AES, Blowfish, Camellia ChaCha20, Poly1305
Code Length Over 70,000 lines ~4,000 lines
Open Source Yes Yes
Security Strong Strong
Privacy Strong Needs mitigations
Speed Moderate Fast


The original OpenVPN software was created in 2001 by James Yonan.

Yonan made OpenVPN to ensure his connection was private while travelling through Central Asia and using Asian and Russian internet connections.

Today, Yonan is the CTO of OpenVPN Inc. The company provides business-to-business services as well as running OpenVPN.

The company’s CEO and founder is Francis Dinha, who grew up in Iraq and shares Yonan’s concerns about staying private from state surveillance.

The OpenVPN software has now been downloaded more than 60 million times, and almost every VPN today employs the protocol.

OpenVPN is available under an open-source license, which means anyone can view its underlying code.

For over a decade, OpenVPN has been considered the pinnacle of VPN security. However, with the release of WireGuard, there is a new contender for that top spot.


WireGuard Logo

WireGuard was created by Jason A. Donenfeld from Edge Security, and had its first stable release in September 2019.

WireGuard is designed to improve upon existing VPN protocols by being simpler, faster, and easier to use.

Unlike OpenVPN, WireGuard is “cryptographically opinionated,” to use Donenfeld’s words. That means he’s selected one solution for each aspect of the VPN’s security.

As a result, WireGuard includes less choice than OpenVPN, but it’s also far less complex.

Like OpenVPN, WireGuard is also open source.

Despite only being released in September 2019, WireGuard has already been incorporated into a number of VPN services. NordVPN, for example, built its proprietary NordLynx protocol on top of it.


WireGuard has already made a big impression on the VPN industry – with many leading VPNs now supporting it, and its recent inclusion in the Linux kernel.

OpenVPN is older, more trusted, and certainly more privacy-friendly, but WireGuard is astonishingly fast and appears to be very secure, too.

Therefore, the answer to whether you should use OpenVPN or WireGuard for your VPN connection depends on what you’re doing.

You should use WireGuard if:

  • You want the fastest speeds.
  • You are using a mobile device and you’re concerned about data consumption.
  • You’re regularly switching between WiFi and cellular networks.
  • You are manually configuring your VPN or building your own VPN software.

You should use OpenVPN if:

  • You are in a country where VPNs are banned and you may face prosecution if caught using one.
  • You want the utmost degree of privacy and don’t like the extra logging requirement of WireGuard, even if your VPN provider has a mitigation in place.
  • You are more cautious of new technologies, and want to give WireGuard more time to mature and be tested.
  • You’re using a VPN service that doesn’t yet support WireGuard.