Preparation and Resources

  • 2 virtual machines located on the same data center (Linode) and location (Toronto);
  • 1 vCPU and 1 GB of RAM each;
  • Fresh installation of Ubuntu 20.04 LTS on both;
  • Connected over the Local Network.

Command used to simulate the file transfer with no interference of the usage and speed of the storage:

dd if=/dev/zero bs=4096 count=244141 | ssh root@ip 'cat > /dev/null'

Speed test over LAN

1000001536 bytes (1.0 GB, 954 MiB) copied, 8.91455 s, 112 MB/s
1000001536 bytes (1.0 GB, 954 MiB) copied, 8.79031 s, 114 MB/s
1000001536 bytes (1.0 GB, 954 MiB) copied, 8.38244 s, 119 MB/s
1000001536 bytes (1.0 GB, 954 MiB) copied, 9.31981 s, 107 MB/s
Average: 113 MB/s or 904 Mbps

Speed test over WireGuard

1000001536 bytes (1.0 GB, 954 MiB) copied, 18.8587 s, 53.0 MB/s
1000001536 bytes (1.0 GB, 954 MiB) copied, 17.3815 s, 57.5 MB/s
1000001536 bytes (1.0 GB, 954 MiB) copied, 16.9099 s, 59.1 MB/s
1000001536 bytes (1.0 GB, 954 MiB) copied, 16.9099 s, 59.0 MB/s
Average: 57.15 MB/s or 457.2 Mbps

Speed test over OpenVPN

1000001536 bytes (1.0 GB, 954 MiB) copied, 82.3243 s, 12.1 MB/s
1000001536 bytes (1.0 GB, 954 MiB) copied, 82.1518 s, 12.2 MB/s
1000001536 bytes (1.0 GB, 954 MiB) copied, 81.9139 s, 12.2 MB/s
1000001536 bytes (1.0 GB, 954 MiB) copied, 82.3855 s, 12.1 MB/s
Average: 12.15 MB/s or 97.2 Mbps

Conclusions

  • SSH is already encrypted and each VPN required another layer of encryption and only 1 vCPU and 1 GB of RAM made a bigger impact on OpenVPN comparing to WireGuard;
  • WireGuard is the perfect solution for site-to-site VPN, integrating two different networks and getting the best performance possible but it has no client authentication and does not replace OpenVPN functionalities.

Read Also

Setting Up WireGuard VPN [Link]

OpenVPN Server + Monitoring [Link]

pfSense with OpenVPN Client [Link]

GRE VPN Tunnel on Cisco [Link]