With the introduction of ExpressVPN’s Lightway connection protocol, NordVPN’s NordLynx and other custom VPN protocols, there are a lot of people who are wondering exactly how OpenVPN vs WireGuard vs these others compare. I’ve been testing each protocol for the past year, and here’s what I’ve learned.
Key Takeaways
- Both Lightway and NordLynx are custom versions of Wireguard that offer faster speeds and more stable connections compared to older protocols like OpenVPN.
- The main difference is that Lightway was developed privately by ExpressVPN and NordLynx by NordVPN, while WireGuard is open source.
- Both protocols use modern encryption methods and have efficient, lightweight code bases. This allows for faster speeds and better performance.
- For most users, the choice between WireGuard, Lightway or NordLynx won’t result in noticeable differences. The main decision is to choose the closest VPN server for the best speeds.
So what is the difference between OpenVPN and Wireguard?
The best way to explain this is to compare them side by side. Here is what OpenVPN looks like
| OpenVPN | WireGuard | Lightway |
|---|---|---|
| est. 2001 | est. 2016 | est. 2020 |
| Open Source | Open source | Open Source* |
| Widely available | Widely available | exclusive |
| Bloated code | Efficient code base | Efficient code base |
| Battery drain | Battery saver | Barrery saver |
| Relatively unstable | Stable | Stable |
*Note: When first released, the code base for ExpressVPN’s Lightway custom security protocol was closed-sourced, but as promised ExpressVPN has now published the code as open source on GitHub. Anybody can check the security of the Lightway code and many security experts have done so.
Practically speaking, what does all this mean as you’re using one of these VPN connection protocols to access the internet?
For the average user, you won’t feel much of a difference at all.
But a difference does exist, and there are good reasons why you might want to choose Lightway vs Wireguard or even stick with the standard OpenVPN protocol.
Note: Some of the links in this article are affiliate links, which means that at no extra cost to you, I may be compensated if you choose to use one of the services listed.
VPN Protocols Overview
A VPN protocol is a set of rules and processes that dictate how data is transmitted and secured between a VPN client and a VPN server. These protocols are the backbone of any VPN service, determining the level of security, speed, and reliability you can expect. Different VPN protocols offer varying levels of these attributes, making it essential to choose one that aligns with your specific needs.
In this article, we will compare two popular VPN protocols (OpenVPN and WireGuard) as well as two forks of Wireguard (Lightway & NordLynx).
OpenVPN has been a staple in the VPN industry for years, known for its robust security and flexibility. WireGuard, on the other hand, is a newer entrant that promises faster speeds and a more streamlined codebase. Both have their unique advantages and are supported by many VPN providers, making them reliable choices for securing your internet connection.
Benefits of WireGuard and Lightway / NordLynx
Let’s get one thing straight: Lightway/NordLynx and Wireguard have more in common than they do differences.
This is one reason why ExpressVPN and NordVPN have had to work hard to market their custom protocols as a completely separate (and, in their opinion, better) protocol.
Most people, including me, are getting confused by the two.
One reason for this is that other commercial virtual private networks have integrated WireGuard into their software and simply renamed it. An example of this is how NordVPN now offers NordLynx, which is their version of the WireGuard protocol.
Another reason is that both WireGuard and Lightway boast the same benefits, which include:
- Modern Encryption Architectures: Although Lightway uses wolfSSL and the WireGuard interface uses ChaCha20 (among others), both VPN protocols use modern encryption algorithms that increase the level of privacy and leave no room for security vulnerabilities. OpenVPN TCP is still secure, but it’s getting dated.
- Lightweight Code Base: Compared to older VPN protocols, both Lightway and Wireguard feature significantly cleaner code. I’ve already covered this in my overview of Wireguard, but these protocols offer a 90% reduction in lines of code over other VPN protocols, such as OpenVPN. Additionally, the low-level component of WireGuard operates within the Linux kernel. This translates into faster loading, easier server configuration, rapid deployment, and, most importantly…
- Faster Speeds: The simpler code and better design allow for more efficient speeds. I’ve seen this personally when using WireGuard, especially in the near-instantaneous connection to the server and seamless transitions between different IP addresses. WireGuard is often considered the fastest VPN protocol, providing up to 3.2 times faster speeds compared to OpenVPN in various tests.
- Stable Connection: One of the most welcome benefits of these new protocols is the stability of the connection. They can jump between networks (i.e. from your home WiFi to the cellular network) without the same difficulty that OpenVPN and other protocols have historically had.
That’s a bit of what makes them the same, and before we move into the differences, take a few minutes to watch this video explanation.
WireGuard vs Lightway | Primary Differences
During my tests, I noticed very little difference in how WireGuard and Lightway performed. They’re both an improvement over the older protocols, but the similarities are easier to see.
Differences do exist, though.
Differences in Symmetric Encryption Libraries
As I mentioned above, Lightway uses the wolfSSL encryption library while WireGuard uses the Noise protocol framework with the ChaCha20 cipher. Both of these are modern, high-quality encryption frameworks that emphasize speed, efficiency, and portability.
But as far as the average person is concerned, it feels the same. As long as ExpressVPN’s Lightway stands up to independent, third-party audits (which it has), I don’t believe that one encryption library should be considered better than another.
Differences in the Development Process
The biggest and most important difference between Lightway and Wireguard is how it was developed.
WireGuard was developed on an open-source platform over the past few years, similar to OpenVPN, and has been subject to public scrutiny. Because it is open source, it can be updated, improved, and implemented across many different VPN software. WireGuard uses Curve25519 for a streamlined and secure key exchange process, which simplifies authentication and enhances security.
Lightway, by contrast, has been developed as a proprietary tunneling protocol for ExpressVPN. It has been coded in private and tested in beta. The code has now been released as open-source on Github, but it took them a couple of years before they made good on this promise to release the code.
I’m not here to say that one method is better than the other – there has been a lot of good software that has been developed privately and plenty of crappy software that has open source code.
This does mean that Lightway will only be available through ExpressVPN and NordLynx through NordVPN.
In other words, you’ll need to have a subscription to ExpressVPN to take advantage of Lightway, and likewise NordVPN for NordLynx.
On the other side, there are a growing number of other VPN providers that offer WireGuard as an option.
Speed and Performance
When it comes to speed and performance, WireGuard generally takes the lead over OpenVPN. Thanks to its smaller codebase and streamlined design, WireGuard can establish connections quickly and efficiently. This results in faster connection times and improved overall performance.
In contrast, OpenVPN’s larger codebase and more complex architecture can sometimes lead to slower connection times.
However, it’s important to note that the speed difference between these two protocols may not be significant for all users. Factors such as local network conditions and available bandwidth can also affect VPN speed.
For most consumer VPN users, both WireGuard and OpenVPN will provide satisfactory performance, but WireGuard’s edge in speed can be a deciding factor for those who prioritize quick and efficient connections.
Auditability and Transparency
Auditability is a crucial aspect of any VPN protocol, as it determines how easily security experts can review and assess the protocol for vulnerabilities. WireGuard’s smaller codebase, consisting of around 4,000 lines of code, makes it easier to audit and potentially reduces its attack surface. This simplicity allows for more straightforward and thorough security assessments.
In contrast, OpenVPN’s larger codebase, with hundreds of thousands of lines of code, makes auditing more challenging. However, OpenVPN’s open-source nature and community-driven security audits have been instrumental in identifying and patching vulnerabilities over the years. This ongoing scrutiny has helped maintain OpenVPN’s reputation as a secure and reliable VPN protocol.
Compatibility and User-Friendliness
OpenVPN is widely supported by most VPN providers and runs on all major platforms, including Windows, macOS, Linux, and mobile platforms. This extensive compatibility makes it a versatile choice for users with diverse device ecosystems. Additionally, OpenVPN’s flexibility allows for various configurations, catering to both novice and advanced users.
WireGuard, while also supported by many VPN providers, does not yet match OpenVPN’s widespread compatibility. However, its ease of setup and configuration make it a user-friendly option for those who value simplicity. VPN clients like Surfshark provide a seamless transition between VPN protocols, making it easy for users to switch between OpenVPN and WireGuard without hassle.
Which is Better? Lightway, NordLynx or WireGuard?
Which is better…Lightway, NordLynx or Wireguard?
Or should you stick with OpenVPN?
The truth is that they feel the same, but we won’t know the answer to that question until ExpressVPN opens up the source code for scrutiny.
Anybody who tells you differently at this point is either working for ExpressVPN or they’re blowing smoke.
The good news for you, as a VPN user, is whether you go with ExpressVPN, you choose a WireGuard VPN provider like NordVPN or even if you stick with your current OpenVPN service, security and speed are being improved.
And that’s a very good thing.
Conclusion
In conclusion, both OpenVPN and WireGuard are reliable VPN protocols with their strengths and weaknesses. OpenVPN is a proven and reliable protocol compatible with a wide range of devices and operating systems, while WireGuard is a newer protocol designed for speed, efficiency, and increased security. When choosing between the two, consider your specific needs and priorities. If you value speed and simplicity, WireGuard may be the better choice. If you prioritize security and compatibility, OpenVPN may be the better option. Ultimately, the choice between OpenVPN and WireGuard depends on your individual requirements and preferences.
Be sure to subscribe to the All Things Secured YouTube channel!
Wireguard on Android doesn’t have a battery saver feature like OpenVPN …. I hope you can try both applications on your favorite smartphone … Reviews all over the internet are full of falsehoods ….. the truth is yours who dares to try …
Saving battery life is not a “feature” as much as it’s a characteristic of the protocol. It’s much lighter and the connection much more efficient, so by nature it uses less energy than OpenVPN. I’m not sure how that’s a falsehood or dependent upon which phone you use?
Wireguard isn’t as secure as they would like you to believe. Wireguard REQUIRES logging in order to function. Your IP address is part of that log. just something to consider if you choose Wireguard.
I believe that you’re referring to privacy, not security here. And it requires logging on the server side. So if you set up your own server, that’s not a problem, and for those services that have integrated Wireguard, that’s up to them how they deal with that logging.