I am going to host a VPN server on my raspberry pi 4. Originally I decided to go with wireguard as everyone recommended, but I saw in some post wireguard client in iOS is not a good one in terms of performance. So I’m thinking of using natively supported protocols in iOS, which are IKEv2/IPsec/L2TP.
My question to iOS users who have experience in using VPN is that, what is your recommendation in terms of performance? Wireguard, or IKEv2/IPsec/L2TP?
Large iOS deployment here. We use OpenVPN almost entirely including for on-demand auto VPN profiles.
I can’t wrap my head around wireguard.
I like deploying and using IPsec a lot! But strongswan struggles with more than one user auth instance.
What performance issues are you seeing - battery drain or throughput?
I’m not aware of any egregious problems with WG on iOS myself and WG isn’t very chatty, only sending data as necessary so the only overheard is the encryption itself which should be negligible(ish) on modern hardware. There is no keepalive in the protocol so no connections to be kept open and maintained.
As for throughput, WG is pretty performant. Most common issue would likely be with having too large an MTU defined for your cellular link. You can tune that (down) to see if it helps with speeds, and just tune up until you see adverse effects.
I can’t advise on any other the other protocols as I’ve not used them for years but I guess maybe one of them might be better for you. You’d have to benchmark given your hardware (both sides) and telco I guess but maybe others have some numbers they can give you.
/r/Wireguard might have some more info for you, but it’ll be through rose-tinted glasses obv. Presumably there’s some techy ios subs out there too somewhere where people might have run comparisons. GL.
So you have the option between Wireguard, OpenVPN and native IKE/IPSec.
Regarding speed I would choose Wireguard. It’s plain the fastest. Regarding reliability and somewhat oldschool vibes I would use OpenVPN. However, both require a 3rd party VPN client to be installed. Wg-easy is a pretty cool project for a dockerized Wireguard server + web mgmt interface. Also firezone looks cool.
Finally we have IKE/IPSec. Supported natively by many platforms such as Windows and most mobile operating systems without dedicated client software. Can be even dockerized.
PS: Regarding security and control, OpenVPN and IKE/IPSec are superior. Wireguard ‘only’ has the public/private key and no additional passphrase to lock the keyfile. So if you loose the wg-profile, it’s game over. OpenVPN can have an additional passphrase besides the ovpn key profile and IKE/IPSec supports certificate + username/password.
So you did prefer OpenVPN to Wireguard. I heard that OpenVPN is somewhat heavier than Wireguard, so I wonder what made you choose OpenVPN over Wireguard.
Since I’m going to be the only user of the server, I may consider using IPsec with strongswan, too.
Thanks!
I previously used Wireguard for ProtonVPN, not home server. And I thought I’m okay with it like your situation, but as I said I saw some post about complaining Wireguard on iOS. So I wondered if native options are more smooth and flawless compared to Wireguard or not.
Thanks for the answer!
I use wireguard. I use it only for my iphone 14. It works great. I initially setup OpenVPN but had nothing but issues and actually terrible speeds. Wireguard is the way to go IMO. I will say, in my OWN experience, wireguard seems a bit more laggy when using it with my laptop, so I don’t use it with my laptop unless I need to access my network for some reason away from home that my phone cannot do. This could just be because my pi3 can’t handle 2 connections at once for wireguard, idunno. Never tried OpenVPN on my laptop.
This isn’t by any means advice, just some personal experience.
The YouTube crowd loves WG. I love OpenVPN because it works on everything.
You’ve still not verbalised what the complaints you’ve heard of actually are so it’s hard to help tbh. If we knew what you think is wrong with WireGuard then maybe someone could say which others tech addresses those issues.
I can say that WireGuard integrates into iOS just fine once installed and configured. In fact, with options like on-demand connections based on your WiFi network etc its actually better than it is on android.
As I said before, I had no specific issues with Wireguard. Someone said that Wireguard in iOS is not smooth as it is in other platforms, and because I have not experienced those iOS native protocols before, I couldn’t know how Wireguard does well compared to those. So I just wanted to know your opinions.
It seems people using iOS does well with Wireguard, so I think that’s okay.