Preparation and Resources
- 2 virtual machines located on the same data center (Linode) and location (Toronto);
- 1 vCPU and 1 GB of RAM each;
- Fresh installation of Ubuntu 20.04 LTS on both;
- Connected over the Local Network.
Command used to simulate the file transfer with no interference of the usage and speed of the storage:
dd if=/dev/zero bs=4096 count=244141 | ssh root@ip 'cat > /dev/null'
Speed test over LAN
1000001536 bytes (1.0 GB, 954 MiB) copied, 8.91455 s, 112 MB/s
1000001536 bytes (1.0 GB, 954 MiB) copied, 8.79031 s, 114 MB/s
1000001536 bytes (1.0 GB, 954 MiB) copied, 8.38244 s, 119 MB/s
1000001536 bytes (1.0 GB, 954 MiB) copied, 9.31981 s, 107 MB/s
Average: 113 MB/s or 904 Mbps
Speed test over WireGuard
1000001536 bytes (1.0 GB, 954 MiB) copied, 18.8587 s, 53.0 MB/s
1000001536 bytes (1.0 GB, 954 MiB) copied, 17.3815 s, 57.5 MB/s
1000001536 bytes (1.0 GB, 954 MiB) copied, 16.9099 s, 59.1 MB/s
1000001536 bytes (1.0 GB, 954 MiB) copied, 16.9099 s, 59.0 MB/s
Average: 57.15 MB/s or 457.2 Mbps
Speed test over OpenVPN
1000001536 bytes (1.0 GB, 954 MiB) copied, 82.3243 s, 12.1 MB/s
1000001536 bytes (1.0 GB, 954 MiB) copied, 82.1518 s, 12.2 MB/s
1000001536 bytes (1.0 GB, 954 MiB) copied, 81.9139 s, 12.2 MB/s
1000001536 bytes (1.0 GB, 954 MiB) copied, 82.3855 s, 12.1 MB/s
Average: 12.15 MB/s or 97.2 Mbps
Conclusions
- SSH is already encrypted and each VPN required another layer of encryption and only 1 vCPU and 1 GB of RAM made a bigger impact on OpenVPN comparing to WireGuard;
- WireGuard is the perfect solution for site-to-site VPN, integrating two different networks and getting the best performance possible but it has no client authentication and does not replace OpenVPN functionalities.
Read Also
Setting Up WireGuard VPN [Link]
OpenVPN Server + Monitoring [Link]
pfSense with OpenVPN Client [Link]
GRE VPN Tunnel on Cisco [Link]