WireGuard vs OpenVN

ARS Technica benchmarked them a while ago and saw a 6x performance increase with WireGuard. You don’t need to be a data scientist to see the difference here. I have been using ipSec for a while and in a lot of cases the only way to actually get things done is disconnecting from the VPN altogether.

In addition to raw performance, the other point that gets us excited about WireGuard is it’s integration with Docker. What makes this easy is that, according to their website: “WireGuard sends and receives encrypted packets using the network namespace in which the WireGuard interface was originally created.” In layman’s terms, you create the WireGuard interface in your main network namespace, which has access to the Internet. And then when you can simply move it into a network namespace belonging to a Docker container as that container’s only interface. The idea behind this is that now the only possible way that container is able to access the network is through a secure encrypted WireGuard tunnel.

Exhibit A: Walkthrough from WiresGuard’s documentation

In spite of WireGuard’s superior encryption metrics and faster speeds, there are some drawbacks, the biggest one being that it is a relatively new protocol and not a lot of VPN providers are offering support for it. It is not always the best product that wins but the one that is standardized. Ubuntu’s inclusion of Wireguard in LTS 20.04 may help to make this protocol more standardized.

Leave a Reply

Your email address will not be published. Required fields are marked *