I would like to here the communities thoughts on the pros and cons of using either for HomeLab remote access to web based admin panels and RDP. The idea is a layer of security via the secure VPN and authentication once in the network.
Wireguard is more performant, but OpenVPN has a wider install base, especially among embedded devices. I don’t think there’s a significant security difference between the two.
I’m using Wireguard to keep my phone connected to the apps at home at all times.
I just like it because it’s a seamless switch when the phone goes to 4g from wifi.
Also interested in this topic.
I prefer Wireguard as well. Much faster, easier to configure on the cli, some nice web-uis are available.
The only thing I’ll add to this discussion is that OpenVPN is company with multiple employees working on it, an actual headquarters/office building you can look up. Which means they are listed in the U.S. at a state and federal level. Meanwhile, Wireguard is maintained and developed by one person (as far as I can see) and I see no business location for it. I personally would go with the company that has a paper trail as business in the U.S. to trust my security protocol use than the latter that seems to be ran by one person. Just something to keep in mind.
Wireguard is faster, easier to set up
Openvpn has a better client, is slow af, config CAN get complicated for no reason whatsoever
id suggest twingate I’m a beginner and to labs and servers in general and found a network chuck video about it took maybe 5 mins to setup
In terms of security, WireGuard specifically touts that it has a very small codebase - something like 4,000 lines of code - meaning it’s a lot easier to audit and discover security vulnerabilities compared to the long history in OpenVPN. In practise, both applications do have equivalent security.
I’d argue there is. Wireguard has not had any published security vulnerabilities. Conversely, OpenVPN has had a few security advisories and in fact. I have had to migrate my cert a while ago cause OpenVPN deprecated the one I made when I first set it up.
The code base for Wireguard (<6k lines) is also far less than OpenVPN (>70k), which, again, means far less potential for security vulnerability bugs. OpenVPN is over 11 times bigger in size.
I use OpenVPN and have been looking for a solution to this issue for a while. I would like my phone to automatically connect to my VPN when I leave my wifi and turn it off when home.
How did you achieve it? Is there a setting on Wireguard? Does it have an app?
You do realize many packages you use day to day are coded by complete strangers from home and not under a corporate umbrella?
Also, just because your iPhone or Android is under some big name doesn’t mean they don’t use software packages from these developers to make your devices work.
We are talking about selfhosted vpn servers inside of your homelab for external access.
Thanks for participating in /r/homelab. Unfortunately, your post or comment has been removed due to the following:
No Referral Links/Advertising/Company Advertising
We do not allow links/posts that include any sort of referral link or promotion of your own products or services.
Linking to specific posts on your blog or a tutorial on your YouTube channel are allowed providing the content is home lab related, suitable flair is applied and the “Low Effort” rule is followed.
If you think you have an exception please ask the mods first. We also do not allow advertising of your products, if you would like to post something like this please check with the mod team first.
Please read the full ruleset on the wiki before posting/commenting.
If you have an issue with this please message the mod team, thanks.
Having CVEs vs no CVEs is not really a good measure, in my opinion, especially between something rather new and something older. Because there are very likely issues in both of them, that just havent been found and CVEs are just published Vulnerabilities.
However, I would also prefer wireguard and it definitely has drawn a lot of improvements based on Openvpn and others.
Wireguard has not had any published security vulnerabilities
That’s probably due more to its relatively young age than any intrinsic property of the project. As you know, meaningful vulnerabilities show up not only in the source project but often in downstream ports/adaptations. And it looks as if those are starting to pop up for Wireguard.
OpenVPN has had a few security advisories
All software has bugs. The difference is whether they’re patched or not. I don’t know of any major unpatched OpenVPN vulnerability.
The only real downside of wire guard is the network management: you assign a stable network address to clients at configuration time so there is no possibility of dynamic host configuration (DNS, routes, etc at connect time)
Yep. OpenVPN is a heavy install and no where near as fast. OpenVPN has also had many CVEs.
You’re misunderstanding. The above commenter is saying they leave wireguard on all the time and they appreciate that when they switch physical networks, the wireguard network is uninterrupted.
You can do this with macrodroid on Android