10 Jul 2020 1. Performance. WireGuard performs much better than OpenVPN protocol. Factors, WireGuard, OpenVPN. Throughput, 1011 Mbps, 258 Mbps.

Even the attack surface is much smaller: WireGuard is written with less than 7,000 lines of code whereas IPSec contains 400,000 lines (OpenVPN is of similar complexity). The more code used, the greater the chance of a vulnerability being present in those lines. WireGuard is supposed to provide more performance and bandwidth than the widely used IPsec and OpenVPN VPN protocols and software solutions. WireGuard uses the latest high-performance cryptography algorithms, such as the Noise Protocol Framework, Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash24 or HKDF. And WireGuard gets even better performance from the fact that the software is executed as kernel code. Wireguard has been tested to perform up to 4 times better than OpenVPN and IPsec-based VPNs. You add a WireGuard interface, configure it with your private key and your peers' public keys, and then you send packets across it. All issues of key distribution and pushed configurations are out of scope of WireGuard; these are issues much better left for other layers, lest we end up with the bloat of IKE or OpenVPN.


