One of the major advantages for Wireguard over OpenVPN (for me) is that it's quite difficult for random port scans to detect it.
With OpenVPN it's hanging out there responding to everyone that asks nicely that yes, it's OpenVPN.
So anyone with a new exploit for OpenVPN just has to pull up Shodan and now they've got a nice list of targets that likely have access to more private networks.
Wireguard doesn't respond at all unless you've got the right keys.
Also, fwiw - we're approaching 11 years since it was announced, and 5 years since it was accepted into the Linux/BSD kernels.
With OpenVPN it's hanging out there responding to everyone that asks nicely that yes, it's OpenVPN.
So anyone with a new exploit for OpenVPN just has to pull up Shodan and now they've got a nice list of targets that likely have access to more private networks.
Wireguard doesn't respond at all unless you've got the right keys.
Also, fwiw - we're approaching 11 years since it was announced, and 5 years since it was accepted into the Linux/BSD kernels.