- Cipher isn’t really that important I think.
- OpenVPN is single threaded and is limited to one core and wireguard is multithreaded so it can use several cores.
- Use UDP rather than TCP to avoid error checking.
- While it is counterintuitive, it is better to disable compression. Much traffic is compressed already, and compression is a security hazard. It also adds framing to the traffic, so you want to disable compression entirely, and not just none (none frames for compression and doesn’t use it; if you have a mismatch between client and server you will connect but no traffic will pass.)
1 Like