OpenVPN DCO Looks Like It Might Be Ready For Linux 6.14 To Speed-Up VPN Performance

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
  • DavidBrown
    Senior Member
    • Jan 2016
    • 155

    #11
    Originally posted by NeoMorpheus View Post
    So im curious, which advantages has OpenVPN over Wireguard these days that would make someone choose it?
    OpenVPN has vastly more features than Wireguard. Of course that leads to the risk of flaws from the bigger code base, complexity, configuration errors, etc. But it also leads to many more possibilities and use-cases. Some of its advantages are:
    • It supports TCP/IP transport as well as UDP. While UDP is inherently lower overhead, TCP/IP is vastly easier to use over complex NAT routers, other tunnels, and complicated network setups.
    • It can handle IP address allocation, routing, passing control information and network settings to clients.
    • You can have client certificates and/or passwords, and various other forms for authentication.
    • It is widely supported on off-the-shelf routers from a variety of vendors, including many small and reasonably priced types.
    • It is well supported on Windows as well as Linux (and Android, Mac, and lots of other things). (Obviously Linux or BSD are your normal choice for the server end. Clients should use whatever the client wants to use.)
    • For most client users, you only need the appropriate OpenVPN software and a single configuration and certificate file from the server administrator. It is particularly good for non-technical Windows users - the gui is simple and clear, and "connect" and "disconnect" lets them attach to the remote network with all routing, DNS, etc., in place.
    Wireguard is nothing more than a secure, remote virtual Ethernet cable - it is a secure tunnel solution, not a VPN. Sometimes that's all you need, and that's great. But generally you need a lot more than that. With Wireguard, you are on your own for every other aspect of the VPN - writing ifup/ifdown scripts, iptables and route setups, figuring out a way to handle IP address allocation, etc. Or you use one of countless one-person github projects that handle things for you and hope that the project will still exist in a year or two. Perhaps a dominant "official" VPN suite will emerge using Wireguard as the tunnel and covering all the other aspects of setting up and running a VPN, making it a solid alternative. That would be nice. But until then, Wireguard is only a good option for very technical users or for site-to-site setups (configured and controlled by qualified administrators - no mere users in sight).

    Comment

    • bug77
      Senior Member
      • Dec 2009
      • 6475

      #12
      Originally posted by NeoMorpheus View Post
      So im curious, which advantages has OpenVPN over Wireguard these days that would make someone choose it?
      I don't think this is about advantages. OpenVPN is everywhere, an improvement for OpenVPN will improve life for a lot more users than an improvement for Wireguard will.

      Comment

      • intelfx
        Senior Member
        • Jun 2018
        • 1083

        #13
        Originally posted by DavidBrown View Post

        OpenVPN has vastly more features than Wireguard. Of course that leads to the risk of flaws from the bigger code base, complexity, configuration errors, etc. But it also leads to many more possibilities and use-cases. Some of its advantages are:
        • It supports TCP/IP transport as well as UDP. While UDP is inherently lower overhead, TCP/IP is vastly easier to use over complex NAT routers, other tunnels, and complicated network setups.
        • It can handle IP address allocation, routing, passing control information and network settings to clients.
        • You can have client certificates and/or passwords, and various other forms for authentication.
        • It is widely supported on off-the-shelf routers from a variety of vendors, including many small and reasonably priced types.
        • It is well supported on Windows as well as Linux (and Android, Mac, and lots of other things). (Obviously Linux or BSD are your normal choice for the server end. Clients should use whatever the client wants to use.)
        • For most client users, you only need the appropriate OpenVPN software and a single configuration and certificate file from the server administrator. It is particularly good for non-technical Windows users - the gui is simple and clear, and "connect" and "disconnect" lets them attach to the remote network with all routing, DNS, etc., in place.
        Wireguard is nothing more than a secure, remote virtual Ethernet cable - it is a secure tunnel solution, not a VPN. Sometimes that's all you need, and that's great. But generally you need a lot more than that. With Wireguard, you are on your own for every other aspect of the VPN - writing ifup/ifdown scripts, iptables and route setups, figuring out a way to handle IP address allocation, etc. Or you use one of countless one-person github projects that handle things for you and hope that the project will still exist in a year or two. Perhaps a dominant "official" VPN suite will emerge using Wireguard as the tunnel and covering all the other aspects of setting up and running a VPN, making it a solid alternative. That would be nice. But until then, Wireguard is only a good option for very technical users or for site-to-site setups (configured and controlled by qualified administrators - no mere users in sight).
        Yup, exactly this.

        Comment

        Working...
        X