Announcement

Collapse
No announcement yet.

OpenVPN Kernel Driver Patches Updated For Improving VPN Performance

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • OpenVPN Kernel Driver Patches Updated For Improving VPN Performance

    Phoronix: OpenVPN Kernel Driver Patches Updated For Improving VPN Performance

    For those making use of OpenVPN for your virtual private network (VPN) needs, years in the making has been an "OVPN" Linux kernel driver to enhance the performance by offloading more of the work to kernel-space...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    But why would anyone use that instead of the superior Wireguard that is already mainlined ?

    Comment


    • #3
      Originally posted by pokeballs View Post
      But why would anyone use that instead of the superior Wireguard that is already mainlined ?
      Because the other side of the VPN uses OpenVPN?

      Comment


      • #4
        Originally posted by pokeballs View Post
        But why would anyone use that instead of the superior Wireguard that is already mainlined ?
        If you need TCP.

        Wireguard is trivial to block in firewalls but you can happily run an OpenVPN server on TCP/443. Running UDP over the top of TCP is terrible and the Wireguard developer himself has said as much but some people need this.

        I think there are solutions to tunnel Wireguard over TCP though, no idea how that performs relative to OpenVPN.

        Comment


        • #5
          Originally posted by pokeballs View Post
          But why would anyone use that instead of the superior Wireguard that is already mainlined ?
          That depends on the definition of "superior". Superior in speed? Certainly, but not in features.
          Wireguard on its own doesn't provide more advanced functions present in OpenVPN like usage of external authentication sources (user/pass from PAM/LDAP/RADIUS), native support for 2FA, ability to work over TCP, and flexibility in encryption configuration (wg only uses ChaCha20-Poly1305). Some can be added with external tools of course, but ovpn is a complete package with commercial support available.

          Comment


          • #6
            Originally posted by pokeballs View Post
            But why would anyone use that instead of the superior Wireguard that is already mainlined ?
            ClaudeAI:

            OpenVPN and WireGuard are both popular VPN protocols, each with their own strengths. Here's a comparison focusing on OpenVPN's advantages:
            • Maturity and track record: OpenVPN has been around since 2001, giving it a longer history of use and security auditing. This extended period in the field has allowed for thorough testing and refinement.
            • Flexibility: OpenVPN is highly configurable, allowing for a wide range of setups to suit different needs. It supports various encryption algorithms and can run on both TCP and UDP.
            • Cross-platform compatibility: OpenVPN has broader support across different operating systems and devices, including older systems that may not support WireGuard.
            • Better at bypassing firewalls: Due to its ability to run on TCP port 443 (the standard HTTPS port), OpenVPN can more easily bypass restrictive firewalls in heavily censored networks.
            • More authentication options: OpenVPN supports a wider range of authentication methods, including certificates, pre-shared keys, and username/password combinations.
            • Better suited for high-latency or unstable networks: OpenVPN's TCP mode can provide more reliable connections in challenging network conditions.
            • More extensive documentation and community support: Given its longer history, OpenVPN has more comprehensive documentation and a larger community for troubleshooting and support.
            However, it's worth noting that WireGuard has its own advantages, particularly in terms of speed and simplicity.

            Comment


            • #7
              Originally posted by pokeballs View Post
              But why would anyone use that instead of the superior Wireguard that is already mainlined ?
              There was a time I didn't get it, but after switching to Wireguard I am now confused why there isn't some concrete benchmark analysis out there that reflect my experience. The connection is so much more solid and on linux laptops coming back from sleep - it is seamlessly fast and consistent!

              Comment


              • #8
                Originally posted by pokeballs View Post
                But why would anyone use that instead of the superior Wireguard that is already mainlined ?
                Because openvpn has been around for ages and is everywhere.

                Comment


                • #9
                  OpenVPN with the kernel module should be as fast as Wireguard, using the same crypto algo. And likely even better using AES-GCM (which is usually faster than the ChaCha20-Poly1305 used by Wireguard).
                  Last edited by oibaf; 02 October 2024, 08:24 AM.

                  Comment


                  • #10
                    Originally posted by pokeballs View Post
                    But why would anyone use that instead of the superior Wireguard that is already mainlined ?
                    Because WireGuard's management capabilities are nonexistent compared to OpenVPN.

                    Comment

                    Working...
                    X