You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
OpenVPN Access Server served the community well for a long time. But it’s time to put it into a “legacy” solutions basket and recognize there are better options to secure your remote access.
12
14
13
15
In this article we’re explaining top 3 reasons why Defguard is a more powerful and robust solution to manage your remote access at scale.
<p>Your remote teams deserve a VPN that doesn't slow them down. Here's the performance gain when you migrate from OpenVPN to WireGuard.</p>
262
+
<HomeSectionid="why-switch"variant="white">
263
+
<h2>Why Companies Switch to Defguard</h2>
264
+
<p>Organizations replace OpenVPN Access Server with Defguard for three key reasons.</p>
265
265
<FeatureCapsules
266
266
features={[
267
267
{
268
-
title: "3x Faster Throughput",
269
-
description: "WireGuard's kernel-level processing delivers near-gigabit speeds. Large file transfers, video calls, and cloud applications run without the latency tax of OpenVPN.",
268
+
title: "Secure Architecture",
269
+
description: "Isolated control plane separated from the Internet for maximum security.",
270
270
},
271
271
{
272
-
title: "Instant Connections (<100ms)",
273
-
description: "WireGuard's stateless handshake connects instantly. No more waiting seconds for OpenVPN to negotiate ciphers and establish tunnels.",
272
+
title: "Multiple VPN Networks Support",
273
+
description: "Multiple IPv4 & IPv6 networks, per-location gateways and MFA policies from one control plane.",
274
274
},
275
275
{
276
-
title: "Seamless Network Roaming",
277
-
description: "Switch from Wi-Fi to cellular without dropping your connection. WireGuard maintains the tunnel transparently—OpenVPN requires reconnection.",
276
+
title: "User and Device Management",
277
+
description: "One-click and QR-code provisioning, real-time config sync, full device visibility for admins.",
278
278
}
279
279
]}
280
280
/>
@@ -290,7 +290,7 @@ const faqEntries = [
290
290
description: "Deploy VPN to thousands of devices without manual configuration. Integrate with Intune, GPO, or your existing MDM. Users launch the app and connect—no setup required. <a href='/blog/defguard-1.6-release-notes/'>Learn more in our 1.6 release notes →</a>",
291
291
},
292
292
{
293
-
title: "Pre-logon VPN for AD",
293
+
title: "Pre-logon VPN for Active Directory and LDAP",
294
294
description: "Enable Windows login against Active Directory before user authentication. Critical for remote workers who need domain resources from day one. <a href='https://docs.defguard.net/features/service-locations' target='_blank' rel='noopener'>See documentation →</a>",
295
295
},
296
296
{
@@ -301,14 +301,6 @@ const faqEntries = [
301
301
/>
302
302
</HomeSection>
303
303
304
-
<HomeSectionid="trusted-by"variant="white">
305
-
<divclass="trusted-by-content">
306
-
<h2>Trusted by Organizations Worldwide</h2>
307
-
<p>Companies have already made the switch from legacy VPNs to Defguard's modern architecture.</p>
308
-
<TrustedByforceScroll={false} />
309
-
</div>
310
-
</HomeSection>
311
-
312
304
<ProductSectionpadding="small">
313
305
<sectionid="comparison-table">
314
306
<h2>OpenVPN Access Server vs. Defguard: Full Feature Comparison</h2>
@@ -325,81 +317,190 @@ const faqEntries = [
325
317
</thead>
326
318
<tbody>
327
319
<tr>
328
-
<td>VPN Protocol</td>
329
-
<td>WireGuard® — Kernel-level, ~4k lines of code</td>
330
-
<td>OpenVPN — Userspace, 100k+ lines of code</td>
320
+
<td>Automated and real time configuration</td>
321
+
<td>✔️</td>
322
+
<td>❌<br />Each configuration change requires manual server restart</td>
<td>✔️<br />Full OpenID SSO with possibility of integration of external apps to login with Defguard</td>
332
+
<td>❌</td>
333
+
</tr>
334
+
<tr>
335
+
<td>MFA with Authenticator codes</td>
336
+
<td>✔️</td>
337
+
<td>✔️</td>
338
+
</tr>
339
+
<tr>
340
+
<td>MFA with Email codes</td>
341
+
<td>✔️</td>
342
+
<td>❌</td>
343
+
</tr>
344
+
<tr>
345
+
<td>MFA with Mobile Biometry</td>
346
+
<td>✔️</td>
347
+
<td>❌</td>
348
+
</tr>
349
+
<tr>
350
+
<td>VPN Access based on Groups</td>
351
+
<td>✔️</td>
352
+
<td>✔️</td>
353
+
</tr>
354
+
<tr>
355
+
<td>Multiple VPN networks</td>
356
+
<td>✔️<br />Supporting IPv4 & IPv6 multiple VPN networks</td>
357
+
<td>❌<br />Only one IPv4 VPN network</td>
358
+
</tr>
359
+
<tr>
360
+
<td>Support for IPv6</td>
361
+
<td>✔️</td>
362
+
<td>❌<br />Only IPv4 VPN network</td>
363
+
</tr>
364
+
<tr>
365
+
<td>Static IP per device</td>
366
+
<td>✔️ (from version 2.0)</td>
367
+
<td>❌<br />Only static IP per user</td>
368
+
</tr>
369
+
<tr>
370
+
<td>Secure Architecture</td>
371
+
<td>✔️<br />Separated components with control plane (business logic and connection management) separated from Internet (only accessible from Intranet/VPN)</td>
372
+
<td>❌<br />All services are bundled the user and admin pages are bundled providing single point of failure and broad attach surface</td>
373
+
</tr>
374
+
<tr>
375
+
<td>Multiple VPN location support</td>
376
+
<td>✔️<br />Single control plane for all VPN locations with multiple gateways for each location</td>
377
+
<td>❌<br />Each location requires dedicated instance of OpenVPN-AS with multiple control planes</td>
378
+
</tr>
379
+
<tr>
380
+
<td>Per VPN location different multi-factor configuration</td>
<td>✔️<br />- User can easily manage their devices, name/identify them and automatically configure them with one-click or QR Codes<br />- Administrators can easily see users and what user devices are connected or offline and their configurations, client version, operating system</td>
387
+
<td>❌<br />- There are no devices in OpenVPN AS - there are profiles, when user configures the same profile on multiple devices they can not be connected at the same time<br />Admins only see users connected with no information about the device, system, version, ...</td>
388
+
</tr>
389
+
<tr>
390
+
<td>Email based configuration sharing</td>
391
+
<td>✔️</td>
392
+
<td>❌</td>
393
+
</tr>
394
+
<tr>
395
+
<td>Secure Enrollment</td>
396
+
<td>✔️<br />- Dedicated and separated secure stateless interface for secure remote user enrollment/client configuration</td>
397
+
<td>❌<br />- User portal with profiles part of the OpenVPN AS solution running on the same machine</td>
398
+
</tr>
399
+
<tr>
400
+
<td>One click Desktop Client configuration</td>
401
+
<td>✔️</td>
402
+
<td>❌<br />User must download and import a profile</td>
403
+
</tr>
404
+
<tr>
405
+
<td>Automated Mobile Client configuration</td>
406
+
<td>✔️<br />With QR Code</td>
407
+
<td>❌<br />- User must download and import a profile<br />- Alternatively enter server URL manually and authenticate to download and import the profile</td>
331
408
</tr>
332
409
<tr>
333
-
<td>Typical Throughput</td>
334
-
<td>Near-gigabit (depends on hardware)</td>
335
-
<td>50-100 Mbps typical</td>
410
+
<td>Real time & secure configuration synchronization for devices</td>
411
+
<td>✔️<br />- Dedicated and separated secure stateless interface for secure remote user enrollment/client configuration</td>
412
+
<td>❌<br />Profiles must be updated / imported manually</td>
336
413
</tr>
337
414
<tr>
338
-
<td>Connection Time</td>
339
-
<td><100ms (instant)</td>
340
-
<td>2-5 seconds</td>
415
+
<td>Network Devices Support</td>
416
+
<td>✔️<br />Automated configuration provisioning and real time updates</td>
417
+
<td>~<br />OpenVPN command line can be manually configured and run</td>
<td><strong>Core</strong> — Server, gateway, and clients</td>
385
-
<td>Partially — Community Edition limitations</td>
460
+
<td>Kubernetes Deployment</td>
461
+
<td>✔️</td>
462
+
<td>❌</td>
386
463
</tr>
387
464
<tr>
388
-
<td>Self-Hosted</td>
389
-
<td><strong>Yes</strong> — Full data sovereignty</td>
390
-
<td>Yes</td>
465
+
<td>Terraform Deployment</td>
466
+
<td>✔️</td>
467
+
<td>❌</td>
391
468
</tr>
392
469
<tr>
393
-
<td>Language</td>
394
-
<td>Rust (memory-safe)</td>
395
-
<td>C (memory vulnerabilities possible)</td>
470
+
<td>Web-hook support</td>
471
+
<td>✔️</td>
472
+
<td>❌</td>
396
473
</tr>
397
474
</tbody>
398
475
</table>
399
476
</div>
400
477
</section>
401
478
</ProductSection>
402
479
480
+
<ProductSectionpadding="small">
481
+
<sectionid="bottom-line">
482
+
<h2>Ready to Leave OpenVPN Behind?</h2>
483
+
<p>
484
+
OpenVPN was revolutionary in its time, but the world has moved on. WireGuard represents the next generation of VPN technology, and Defguard makes it enterprise-ready with the management features, security controls, and deployment options your organization needs.
485
+
</p>
486
+
<p>
487
+
Join the organizations that have already made the switch to faster, more secure, and easier-to-manage VPN infrastructure.
<AstroButtontext="Book a Demo"link={{ href: "/book-a-demo/?utm_source=openvpn-migration", target: "_self" }}className="secondary" />
492
+
</div>
493
+
</section>
494
+
</ProductSection>
495
+
496
+
<HomeSectionid="trusted-by"variant="white">
497
+
<divclass="trusted-by-content">
498
+
<h2>Trusted by Organizations Worldwide</h2>
499
+
<p>Companies have already made the switch from legacy VPNs to Defguard's modern architecture.</p>
500
+
<TrustedByforceScroll={false} />
501
+
</div>
502
+
</HomeSection>
503
+
403
504
<ProductSectionpadding="small">
404
505
<sectionid="migration-path">
405
506
<h2>How to Migrate from OpenVPN to WireGuard</h2>
@@ -440,22 +541,6 @@ const faqEntries = [
440
541
</section>
441
542
</ProductSection>
442
543
443
-
<ProductSectionpadding="small">
444
-
<sectionid="bottom-line">
445
-
<h2>Ready to Leave OpenVPN Behind?</h2>
446
-
<p>
447
-
OpenVPN was revolutionary in its time, but the world has moved on. WireGuard represents the next generation of VPN technology, and Defguard makes it enterprise-ready with the management features, security controls, and deployment options your organization needs.
448
-
</p>
449
-
<p>
450
-
Join the organizations that have already made the switch to faster, more secure, and easier-to-manage VPN infrastructure.
0 commit comments