OpenVPN vs. WireGuard in China

OpenVPN runs on TCP or UDP protocols and has a code length of over 100,000 lines, making it challenging to implement. While OpenVPN runs on TCP and UDP, WireGuard only runs on UDP protocol.

WireGuard is much faster than OpenVPN, as several speed tests have shown. As wireguard.com says, A combination of extremely high-speed cryptographic primitives and the fact that WireGuard lives inside the Linux kernel means that secure networking can be very high-speed.

While the OpenSSL library allows OpenVPN to run many different ciphers, OpenVPN remains more vulnerable to attacks because it has a larger surface. On the other hand, WireGuard has a smaller attack surface, but if flaws or bugs were found, it would require an overall update. You can’t easily configure WireGuard to use a different protocol or cipher.

Both WireGuard and OpenVPN are very reliable. However, TCP protocols, supported by OpenVPN, are better for bypassing internet restrictions. They’re less likely to be blocked by countries with strict internet censorship, like China and Russia. That’s because a lot of other traffic passes through the same port, and blocking it would mean halting activities like online banking and shopping. So while WireGuard is faster and more efficient, OpenVPN is better if you want to access content in countries with severe restrictions.

OpenVPN historically hasn’t been great with switching between networks, while WireGuard doesn’t seem to have issues on this front. Compared to WireGuard, OpenVPN is compatible with a wider range of platforms, with most commercial VPN services natively supporting it. However, WireGuard is catching up fast: it has already been implemented into many leading VPNs, despite only being released in 2019.