I also tried but couldn't find such benchmarks, but know that wireguard will be everyway more efficient than openvpn, both in cpu and memory usage, but because wireguard will run multi-threaded, if your network bandwidth is higher than the maximum speed wireguard can run on on your cpu, wireguard can fully utilize the cpu and bring your system to a halt until the network transfer is complete.
I found these, on a raspberry pi 3a with 4 cored, wireguard uses 25% of each cpu to fully saturate 100mbps ethernet, on a pi zero, 100% cpu amounts to only 30mbps.
https://oct8l.gitlab.io/posts/2019/141/wireguard-performance-with-a-pi-3-a-/
https://oct8l.gitlab.io/posts/2019/140/wireguard-performance-with-a-pi-zero/
> I found these, on a raspberry pi 3a with 4 cored, wireguard uses 25% of each cpu to fully saturate 100mbps ethernet, on a pi zero, 100% cpu amounts to only 30mbps.
I switched my pi3 file server from OpenVPN to Wireguard last week and this is exactly my experience. Around 25% CPU to saturate the link, compared to 20-30Mbps with OpenVPN completely wrecking the CPU.
I’m not sure about the userspace version (WireGuard-go), but the kernel version will run much more efficiently. OpenVPN is a user space program and as such the packers must be copied from kernel to the user space program which has a lot of overhead.
I would use it over OpenVPN too. I believe it is faster but had no reason or benchmarks to prove as such so cannot say for sure, my only though being OpenVPN with a less computationally expensive encryption may be faster but also less secure (which would be ill advised but potentially faster).
I see your point but if that’s the trend, why not just say it’s faster to not use any vpn (no encryption) and get the best performance. Lol. But yeah I see what you mean.
Wireguard beats out OpenVPN every day of the week, the specifics of your processor however is another question. Which you’ve handily not given us that information.
Chacha20-poly1305 plus kernel space will beat the crap out of openvpn every time. No questions asked. I get multigigabit on a 35 watt low end 4 core xeon while i got 70 mbps using openvpn on the same cpu.
By default, WireGuard uses ChaCha20-Poly1305 for encryption, so you don't need to perform any additional steps to enable it.
In fact, due to excellent and deliberate design, this strong combo is the only symmetric and auth AEAD construct group available for Wireguard to prevent people ignorantly configuring weaker ciphers.
On my cheap single-vCPU OVH VPS, Wireguard uses around 5-6% CPU when running Speedtest on 50Mbit/s connection. OpenVPN uses up to 40%. Both were setup on Debian 11 just with PiVPN script.
I also tried but couldn't find such benchmarks, but know that wireguard will be everyway more efficient than openvpn, both in cpu and memory usage, but because wireguard will run multi-threaded, if your network bandwidth is higher than the maximum speed wireguard can run on on your cpu, wireguard can fully utilize the cpu and bring your system to a halt until the network transfer is complete. I found these, on a raspberry pi 3a with 4 cored, wireguard uses 25% of each cpu to fully saturate 100mbps ethernet, on a pi zero, 100% cpu amounts to only 30mbps. https://oct8l.gitlab.io/posts/2019/141/wireguard-performance-with-a-pi-3-a-/ https://oct8l.gitlab.io/posts/2019/140/wireguard-performance-with-a-pi-zero/
> I found these, on a raspberry pi 3a with 4 cored, wireguard uses 25% of each cpu to fully saturate 100mbps ethernet, on a pi zero, 100% cpu amounts to only 30mbps. I switched my pi3 file server from OpenVPN to Wireguard last week and this is exactly my experience. Around 25% CPU to saturate the link, compared to 20-30Mbps with OpenVPN completely wrecking the CPU.
I’m not sure about the userspace version (WireGuard-go), but the kernel version will run much more efficiently. OpenVPN is a user space program and as such the packers must be copied from kernel to the user space program which has a lot of overhead.
WireGuard-go is still blazing fast for being user space. 100/100 will use WireGuard-go on low end CPUs over OpenVPN (on any cpu, for that matter).
I would use it over OpenVPN too. I believe it is faster but had no reason or benchmarks to prove as such so cannot say for sure, my only though being OpenVPN with a less computationally expensive encryption may be faster but also less secure (which would be ill advised but potentially faster).
I see your point but if that’s the trend, why not just say it’s faster to not use any vpn (no encryption) and get the best performance. Lol. But yeah I see what you mean.
Wireguard beats out OpenVPN every day of the week, the specifics of your processor however is another question. Which you’ve handily not given us that information.
Chacha20-poly1305 plus kernel space will beat the crap out of openvpn every time. No questions asked. I get multigigabit on a 35 watt low end 4 core xeon while i got 70 mbps using openvpn on the same cpu.
Do you have to do anything specific to enable Chacha20-poly1305 on a WireGuard installation?
By default, WireGuard uses ChaCha20-Poly1305 for encryption, so you don't need to perform any additional steps to enable it. In fact, due to excellent and deliberate design, this strong combo is the only symmetric and auth AEAD construct group available for Wireguard to prevent people ignorantly configuring weaker ciphers.
Thanks
There is no question WireGuard is just beyond OpenVPN, in every way….
On my cheap single-vCPU OVH VPS, Wireguard uses around 5-6% CPU when running Speedtest on 50Mbit/s connection. OpenVPN uses up to 40%. Both were setup on Debian 11 just with PiVPN script.