AX86U - Wireguard vs OpenVPN - Speed and phone battery related?

[zakazak]

I am currently running a OpenVPN server on my AX86U with 500/100 mbit/s FTTH fibre.

I use the OpenVPN client on my Pixel 8 Pro and today started to wonder if I could optimize the battery usage on my phone e.g. by using AES-128 instead of AES-256 or doing any other changed to the OpenVPN server.
By researching I also read about how battery efficient wireguard should be.
My main usage is to keep my data safe in open WiFis.

So now I am wondering if anyone can comment here on which is better to use in terms of battery efficiency but also performance?
Also is it the current status that enabling wireguard server will automatically disable hardware acceleration on the router?

Thanks!

 

[DocUmibozu]

Wireguard Is the best option for your use case (for the most use cases in reality).
Hw acceleration is preserved.
Openvpn should be used only in specific use cases (tcp connection, obfuscation, tap).

 

[Tech9]

Openvpn should be used only in specific use cases

Really?

 

[DocUmibozu]

Really?

Well, i didn't think that until a few months ago...
Now, after having used and deployed wireguard on lot of devices I can say it's far superior for a simple, fast, lean soho VPN.

 

[Tech9]

"I think" is different than "should be used only". I obviously think differently and use OpenVPN exclusively.

 

[zakazak]

@DocUmibozu @Tech9 so HW acceleration stays ON when using wireguard. Good to know!
But why do you think that wireguard should be used instead of OpenVPN?

• Wireguard might be simpler (not an argument for me since I am fine with the "difficulty" of OpenVPN)
• Wireguard uses ChaCha but that does not have HW acceleration on most devices?
• OpenVPN uses AES which has HW acceleration on laptops, mobile devices and the router
• Wireguard might be fast but OpenVPN maxes out my 100mbit/s upload anyway
• Wireguard is supposed to handle connection changes better but this is partly because of UDP which OpenVPN can use as well
• I am exclusively using the VPN when on public WiFis, so no connection changes anyway

To me the most important argument seems to be really only the battery drain which is hard to measure.
But I am thinking that hw acceleration should always be a big advantage when it comes to battery drain?
And Wireguard (ChaCha) has limited HW acceleration support compared to OpenVPN (AES).

I have changed my OpenVPN Server settings to this options to try maximizing battery life:

• TUN
• UDP
• HMAC Auth: SHA 256
• Data cipher: AES-128-GCM

Any more suggestions are welcome!

 

[DocUmibozu]

• Wireguard might be simpler (not an argument for me since I am fine with the "difficulty" of OpenVPN)
• Wireguard uses ChaCha but that does not have HW acceleration on most devices?
• OpenVPN uses AES which has HW acceleration on laptops, mobile devices and the router
• Wireguard might be fast but OpenVPN maxes out my 100mbit/s upload anyway
• Wireguard is supposed to handle connection changes better but this is partly because of UDP which OpenVPN can use as well
• I am exclusively using the VPN when on public WiFis, so no connection changes anyway

Wireguard works in kernel space, openvpn in user space. And this is a first important difference regarding speed.

Chacha is faster (way faster, like more than double the speed) on non hw-accelerated devices and it's security is comparable to AES256 (so you can't compare AES128 with Chacha).
See here for the details regardin speed: https://gist.github.com/raycoll/62a660602b9ec9fb67b6443f16732080

Wireguard has multi core support, Openvpn is single core.

Wireguard is a stateless protocol, so is better at handling frequent connection/disconnection

Obviously if you plan to connect your hw-accelerated router to your hw-accelerated laptop via a stable wifi connection you can use whatever vpn you like, even PPPoSSH probably.
But if you plan to operate multiple devices of different generation/capabilities wireguard is faster and easier.

Regarding battery life it depends on the device capabilities, but for crypto hw accelerated android devices (as is the Pixel 8 as far as I know) the battery drain with openvpn and wireguard is similar: negligible.

 

[zakazak]

Wireguard works in kernel space, openvpn in user space. And this is a first important difference regarding speed.

Chacha is faster (way faster, like more than double the speed) on non hw-accelerated devices and it's security is comparable to AES256 (so you can't compare AES128 with Chacha).
See here for the details regardin speed: https://gist.github.com/raycoll/62a660602b9ec9fb67b6443f16732080

Wireguard has multi core support, Openvpn is single core.

Wireguard is a stateless protocol, so is better at handling frequent connection/disconnection

Obviously if you plan to connect your hw-accelerated router to your hw-accelerated laptop via a stable wifi connection you can use whatever vpn you like, even PPPoSSH probably.
But if you plan to operate multiple devices of different generation/capabilities wireguard is faster and easier.

Regarding battery life it depends on the device capabilities, but for crypto hw accelerated android devices (as is the Pixel 8 as far as I know) the battery drain with openvpn and wireguard is similar: negligible.

From the link you posted:

With HW Acceleration

aes-256-gcm         160627.58k   489296.12k   826414.93k   997675.35k  1058919.77k  1064042.50k
chacha20-poly1305   113844.03k   327796.01k   691147.18k   831848.45k   875301.55k   879613.27k

Winner: AES (even at 256 instead of 128)

Without HW Acceleration

aes-256-gcm         53886.49k     66838.37k   174509.91k   191420.42k   195846.14k   195985.41k
chacha20-poly1305   117693.71k   330963.33k   692224.17k   833655.13k   875522.73k   880017.41k

Winner: ChaCha (with a big leap)

So it boils down to wether the devices support AES HW acceleration or not.
But these days pretty much everything has AES HW support?

Additionally I wonder which kind of protocol / cipher the official Google One VPN uses.
I am not sure if Pixel 8 and routers have ChaCha HW acceleration anyway?

 

[Tech9]

I am exclusively using the VPN when on public WiFis

Most public Wi-Fi is 2.4GHz and the theoretical speed difference between VPN types simply doesn't matter.

 

[zakazak]

Most public Wi-Fi is 2.4GHz and the theoretical speed difference between VPN types simply doesn't matter.

Yes, as I said, my mean concern is battery life.

 

[Tech9]

I don't think you'll see any battery life differences between OpenVPN/WireGuard and AES128/256. Your screen brightness will affect your battery life much more and it will be different in every test you perform. Don't waste your time. If you have battery life issues when travelling - get a power bank.

 

[zakazak]

I don't think you'll see any battery life differences between OpenVPN/WireGuard and AES128/256. Your screen brightness will affect your battery life much more and it will be different in every test you perform. Don't waste your time. If you have battery life issues when travelling - get a power bank.

It is not an issue per se but more of a "how much more can I optimize it" since all of the devices that will use the VPN are on battery (smartphone, laptop).

Thanks for you input!