Is OpenVPN still fit for purpose?

OpenVPN logo
(Image credit: OpenVPN)

If you’ve ever used one of the best VPN services, you’ll likely have heard the terms OpenVPN, WireGuard, IKEv2, Lightway and more. These are all protocols, which VPNs use to encrypt your traffic, and transfer it one place to another. For a more detailed rundown of the purpose of protocols, check out our how does a VPN work article.

Here, though, we’ll be outlining whether or not the 20-year-old OpenVPN has still got what it takes to fight off competition from newer rivals, in which ways OpenVPN is starting to show its age, and why it ought not be written off quite so soon.

ExpressVPN is the most flexible VPN on the market

ExpressVPN is the most flexible VPN on the market
With wide protocol support including OpenVPN, Lightway and more, ExpressVPN is our top-rated VPN. With great speeds and unrivalled security, it's great for staying private and unblocking content.

Comprehensive privacy by default

At its core, OpenVPN was designed as a secure VPN system out of the box, and that remains the case today. It uses OpenSSL to encrypt data, and its support of both UDP and TCP means there’s a lot flexibility for users. Compare that to WireGuard, and while OpenVPN’s code may be more complex and lengthy, VPN providers aren’t required to patch privacy issues before it can be safely used.

That also means that no matter which VPN provider you use, you'll get access to the same well known, tried and tested OpenVPN features. With WireGuard and its variations, there’s no telling how well-done any changes to the code have been, since implementations like NordVPN’s NordLynx aren’t open-source – but we’ll get to that in a moment.

OpenVPN is slower than rivals

With that comprehensive functionality comes somewhat bloated code, and compared to more modern protocols, OpenVPN quite simply can’t keep up. While even in our last round of testing we saw OpenVPN speed improvements made by some providers like ExpressVPN, if you’re looking for a truly fast VPN, a more modern, streamlined protocol will deliver the best results.

To get the best speeds out of OpenVPN, we recommend using UDP rather than TCP. While TCP is more reliable thanks to the fact that TCP data packets are tracked – and resent if not received – doing away with this error checking makes UDP far superior if you’re just looking to maintain a fast connection for gaming or streaming.

Also, big-name consumer VPNs invest huge amounts of money into their server network, eliminating any potential bottlenecks. That means that if you want to get the best speeds from OpenVPN, signing up to a consumer VPN service will almost certainly net you better results than setting up your own server.

A router sending out a VPN signal

(Image credit: Anton Shaparenko/Shutterstock)

Mobile performance is poor

Along with substandard speeds, OpenVPN also has issues when changing networks. So, for example, if you’re using your mobile VPN at home on your Wi-Fi and then leave the house and start using your mobile data, OpenVPN will likely have to disconnect and reconnect.

This is the reason most of the top Android VPN and iPhone VPN providers have traditionally used IKEv2/IPsec, but next-gen protocols like Lightway and WireGuard have been designed as mobile-first, specifically to avoid the issues OpenVPN poses on unstable or changeable connections.

We spoke to Peter Membrey, chief architect at ExpressVPN and leader of the Lightway project. “OpenVPN has been on ExpressVPN’s platform for a long time – it’s reliable, stable, open-sourced, and well-tested,” says Peter. “It was, however, built during a very different time. When OpenVPN was first built 20 years ago, VPNs were primarily used on the desktop and with far slower internet connections than are available today. This is why we now need newer protocols that are built for the mobile-first and always-on world.”

Open-source is still the key

Several protocols are open-source at their core – with one notable exception being the Catapult Hydra protocol developed by Hotspot Shield – but that doesn’t mean they’re all the same in terms of transparency.

Let’s take WireGuard as an example. The base code is entirely open-source, which is great, but when it comes to application in VPNs, there are some privacy issues.

IVPN was so concerned that WireGuard logged connection IPs indefinitely, for instance, it created a custom solution for its own servers. Other providers have done something similar, but we've never seen any of these patches made open-source.

That means that while both Surfshark and NordVPN support WireGuard, they will use different solutions for this privacy problem. Which is best? We’ve got no way of knowing.

With OpenVPN, it's a much simpler situation. While the code might be old, long and a little clunky, there are no proprietary patches necessary to deliver on the privacy basics – when you use it, there are no secrets to how it’s working, as it’s all available online for you and billions of other people to inspect.

It’s worth reiterating that OpenVPN and WireGuard aren't the only open-source protocols, and we’re pleased to see Lightway become entirely open-source, too.

It’s still more fully-functioning than the competition

When it comes down to core functionality, OpenVPN offers the fullest range of options. Protocols like Lightway and WireGuard have trimmed down the code to deliver lightning-fast speeds, but that comes at the expensive of some functionality.

For example, WireGuard is UDP-only, meaning that while speeds benefit, in situations where every packet needs to make its way to the target – think sending files and emails – it’s not necessarily the ideal choice.

So, for the vast majority of users looking for a Netflix VPN to access blocked content and stay relatively private online, OpenVPN certainly has some competition from the young bucks, but for those who want open-source reliability and every niche feature available, OpenVPN might still be the go-to protocol.

Mo Harber-Lamond
VPN Editor

Mo is VPN Editor at Tom's Guide. Day-to-day he oversees VPN, privacy, and cybersecurity content, and also undertakes independent testing of VPN services to ensure his recommendations are accurate and up to date. When he's not getting stuck into the nitty-gritty settings of a VPN you've never heard of, you'll find him working on his Peugeot 205 GTi or watching Peep Show instead of finally putting up those shelves.