First released as a tiny open-source project more than 20 years ago, OpenVPN quickly became the industry's favorite VPN protocol, and it's now protected the privacy of countless millions every time they've been online.
But the world is changing. OpenVPN, weighed down by the loads of features it's slowly added over the years, isn't fast enough to take full advantage of today's internet connections. A new stripped-back contender, WireGuard, includes only the necessary bare essentials, but can deliver two, three, or even four times the download speed — as noted in-depth in our latest round of VPN testing.
The top VPN providers have responded, and most now offer full WireGuard support, or alternatively, they've come up with a proprietary WireGuard-like protocol of their own — ExpressVPN's Lightway, NordVPN's NordLynx). Some apps may never use OpenVPN unless you manually choose it in Settings.
Could this soon mark the end of the line for the veteran protocol? Does anyone really need OpenVPN with the speedier WireGuard ready to take its place?
WireGuard versus OpenVPN speeds
WireGuard's big claim to fame is performance, but exactly how does it compare to OpenVPN? We test performance using both protocols in all our top VPN reviews, and the results are apparent.
Our last 20 UK OpenVPN tests showed a peak speed averaging 310Mbps, with the fastest provider, Mullvad, reaching 490Mbps. That's fast!
But our last 20 UK WireGuard tests saw downloads peaking at an average 700Mbps, 225% faster than OpenVPN, with speed leader TorGuard reaching a blistering 950Mbps.
There's no arguing with the data: WireGuard really is just as fast as providers say. But that's not the end of the story. Speed is important, but it's only one of the factors that makes a quality VPN protocol.
Getting (and staying) connected
VPN apps look simple, but there's a lot going on under the hood. Every location, network and hotspot poses its own challenges, and the app might have to try out a number of techniques before it can connect to your chosen location.
OpenVPN can mask itself as normal internet traffic, bypassing filters, firewalls and other VPN-blocking tricks. Although it normally connects using UDP (User Datagram Protocol), OpenVPN can also use TCP (Transmission Control Protocol), a slower but more reliable option which helps your VPN stay connected and improves connection quality.
WireGuard can be tweaked a little to avoid detection, but it doesn't have the same anti-blocking powers as OpenVPN. And even if you can get online in a tricky situation, WireGuard is UDP-only. There's no TCP support, which means you're more likely to run into problems with overloaded networks or hotspots with poor Wi-Fi signals.
Advanced VPN features
Most VPN providers love to display their lengthy lists of high-end technologies, apparently with everything you need to keep you safe online. But, quite often, there's something they're not making clear.
The reality is, the full list of app features won't necessarily work with every protocol. And sometimes, you won't be able to make use of a particular feature at all unless you're using OpenVPN.
NordVPN's website boasts that its Obfuscated Servers feature 'allow users to connect to a VPN even in heavily restrictive environments', for example. Sounds great. But scroll to the bottom of the page, and it explains that you must connect via OpenVPN for Obfuscated Servers to be available.
It's a similar story with some other providers, especially with more advanced features such as split tunneling; you shouldn't assume that these are all available on all platforms, if you're connecting via WireGuard. You may still need to use OpenVPN occasionally to take full advantage of everything an app can do.
Setting up a VPN manually
The simplest way to get started with a VPN is to use the apps. Download, install, log in, and you're ready to go in maybe a minute: easy.
Sometimes, though, you might want to set up the VPN on a device which can't run the apps. Your router, possibly. Perhaps you'd like to use the VPN on Linux, or some other platform your provider doesn't support. Now you'll need to set up your VPN manually.
You can do this with WireGuard in some situations (Mullvad has a handy guide to setting up WireGuard on a router), but it can be difficult, and you may find it's not possible at all with your device or provider.
OpenVPN has been around for 20 years, though, and that means it's both much more likely that your device or platform will support it, and that there will be plenty of detailed instructions on how to set it up.
Who needs OpenVPN?
WireGuard is a great VPN protocol, there's no doubt about that. Open source, leading-edge encryption and optimized for speed, it tramples all everything else on the performance front.
But one of the main reasons WireGuard got to be so lightweight, is by throwing out most of the features OpenVPN has built up over the years. It's ultra-fast on speedy networks, but WireGuard might not be so reliable in other situations, if it connects at all, and the protocol doesn't always support an app's more advanced features.
These concerns won't matter to everyone. If you mostly use a VPN to unblock Netflix on a Smart TV, you may never run into any WireGuard issues at all, and it could well be the only protocol you ever need.
But if you regularly use VPNs when you're out and about, if you'd like to take full advantage of your VPN's features, or if you need to manually set up a VPN on a device, then it's still very handy to have OpenVPN available as a backup protocol. And that's not going to change any time soon.
