If you have a home lab and you want to remotely connect to it, there are countless ways to do that. While OpenVPN and Tailscale are ways to do it, one of the simplest ways to do it is WireGuard. It's efficient, it's free, it's open-source, and it's miles better than most of the competition. If you're weighing up WireGuard versus OpenVPN specifically, here's why you should use WireGuard instead.
4 It has the Linus Torvalds seal of approval
A man notoriously hard to please
Image: Canonical
Linus Torvalds, the creator and lead developer of the Linux kernel, is notoriously a hard man to please. His rants are infamous, and he has no problem calling your code terrible if he thinks it's terrible. That's why when he gave a rare seal of approval to WireGuard, it was a big deal. Here's the rather high praise he gave WireGuard:
Btw, on an unrelated issue: I see that Jason actually made the pull
request to have wireguard included in the kernel.
Can I just once again state my love for it and hope it gets merged
soon? Maybe the code isn't perfect, but I've skimmed it, and compared
to the horrors that are OpenVPN and IPSec, it's a work of art.
If Linus Torvalds thinks your code is good, and compares it to the "horrors" of OpenVPN while calling it a "work of art", you're definitely doing something right. This alone is probably a big enough reason to use it instead of OpenVPN.
Related
Best VPN providers in 2024
VPNs have become extremely common these days, and there are almost too many options for both free and paid VPNs.
Posts
3 WireGuard is much faster
WireGuard is specifically touted as being faster than OpenVPN, and there are a few reasons for that. It has an incredibly simplistic codebase that makes it very lightweight to run, and it's a relatively new program built with modern practices in mind. OpenVPN, first released in 2005, is built for compatibility, whereas WireGuard, first released in 2015, is built on newer standards.
WireGuard also uses a relatively new encryption algorithm called ChaCha20-Poly1305, which gives it an advantage over older protocols used in tools like OpenVPN. While it's not something you may notice all the time, it can have benefits. The only downside is that WireGuard only supports UDP, which might be blocked depending on the network that you're using. There's no way to use TCP, unlike with OpenVPN.
2 Simple setup and configuration
If you set up WireGuard on your home lab, you might be surprised just how easy it is to do. You install it, you create profiles, and that's it. Obviously you'll need to make it so you can access your WireGuard ports when outside of your home network so that you can connect, but the actual WireGuard setup is complete within minutes.
There's no need to mess around with configuration files, there's no need to share any keys manually, everything is simply automatic. The WireGuard profile that you'll get when you set it up has everything that you need, and can be imported on any device instantly. This is definitely one of the easiest NAS projects you can undertake.
1 Security is first and foremost
Close
Partially thanks to its lighter codebase, WireGuard is a very secure VPN app. Its protocol remains unbroken, whereas OpenVPN has suffered from multiple critical vulnerabilities. These include:
CVE-2024-27903 CVE-2023-46850 CVE-2022-0547 CVE-2017-12166
In contrast, WireGuard has never experienced a (published) critical vulnerability. While it's had its own share of vulnerabilities, none of them were considered critical according to the CVSS.
WireGuard's security partially comes from its lighter codebase, as fewer lines of code means fewer chances of vulnerability. Plus, fewer lines of code also make it easier for the open-source community to audit it, so there's a fairly decent chance that security flaws can be picked up by the community and fixed quickly.
Related
How to stop everyone snooping on you with a VPN and pfSense
Get your very own VPN up and running across your entire home network.
Posts 1