🌙 LATE NIGHT MODE ACTIVATED — THE CLOWN IS WATCHING 🌙
ClownVPN
HomeFeatures → Protocols

Two Protocols.
Both Modern.

ClownVPN ships WireGuard and OpenVPN. Both peer-reviewed, both currently recommended. We deliberately skip everything else.

🤖 Get The Free App

WireGuard

Fast. Modern. Default.

🛡️

OpenVPN

Compatible. Battle-tested. Fallback.

⚡ WIREGUARD • 🛡️ OPENVPN • ⚡ AUTO-SELECT • 🛡️ TCP FALLBACK • ⚡ MODERN ONLY • ⚡ WIREGUARD • 🛡️ OPENVPN • ⚡ AUTO-SELECT • 🛡️ TCP FALLBACK • ⚡ MODERN ONLY • ⚡ WIREGUARD • 🛡️ OPENVPN • ⚡ AUTO-SELECT • 🛡️ TCP FALLBACK • ⚡ MODERN ONLY • ⚡ WIREGUARD • 🛡️ OPENVPN • ⚡ AUTO-SELECT • 🛡️ TCP FALLBACK • ⚡ MODERN ONLY • ⚡ WIREGUARD • 🛡️ OPENVPN • ⚡ AUTO-SELECT • 🛡️ TCP FALLBACK • ⚡ MODERN ONLY • ⚡ WIREGUARD • 🛡️ OPENVPN • ⚡ AUTO-SELECT • 🛡️ TCP FALLBACK • ⚡ MODERN ONLY • ⚡ WIREGUARD • 🛡️ OPENVPN • ⚡ AUTO-SELECT • 🛡️ TCP FALLBACK • ⚡ MODERN ONLY • ⚡ WIREGUARD • 🛡️ OPENVPN • ⚡ AUTO-SELECT • 🛡️ TCP FALLBACK • ⚡ MODERN ONLY • ⚡ WIREGUARD • 🛡️ OPENVPN • ⚡ AUTO-SELECT • 🛡️ TCP FALLBACK • ⚡ MODERN ONLY • ⚡ WIREGUARD • 🛡️ OPENVPN • ⚡ AUTO-SELECT • 🛡️ TCP FALLBACK • ⚡ MODERN ONLY • ⚡ WIREGUARD • 🛡️ OPENVPN • ⚡ AUTO-SELECT • 🛡️ TCP FALLBACK • ⚡ MODERN ONLY • ⚡ WIREGUARD • 🛡️ OPENVPN • ⚡ AUTO-SELECT • 🛡️ TCP FALLBACK • ⚡ MODERN ONLY • ⚡ WIREGUARD • 🛡️ OPENVPN • ⚡ AUTO-SELECT • 🛡️ TCP FALLBACK • ⚡ MODERN ONLY • ⚡ WIREGUARD • 🛡️ OPENVPN • ⚡ AUTO-SELECT • 🛡️ TCP FALLBACK • ⚡ MODERN ONLY • ⚡ WIREGUARD • 🛡️ OPENVPN • ⚡ AUTO-SELECT • 🛡️ TCP FALLBACK • ⚡ MODERN ONLY • ⚡ WIREGUARD • 🛡️ OPENVPN • ⚡ AUTO-SELECT • 🛡️ TCP FALLBACK • ⚡ MODERN ONLY •

🎪 Head-To-Head

Spec ⚡ WireGuard 🛡️ OpenVPN
Released20152001
Lines of code (core)~4,000~70,000+
Speed (typical)Excellent (near line-rate)Good (slightly slower)
Battery use on mobileVery lowModerate
Default cipherChaCha20-Poly1305AES-256-GCM
Default transportUDP onlyUDP or TCP
Handshake time~50ms (1-RTT)~200ms+ (multi-RTT TLS)
Works behind strict firewallsUDP blocking can hurtYes (TCP/443)
Audit statusMultiple academic auditsLong deployment history
ClownVPN roleDefaultFallback

🎪 Why These Two (And Not The Rest)

WireGuard: speed + modernity

Tiny codebase. Modern ciphers (ChaCha20, Curve25519, BLAKE2s). Designed in the 2010s for current network conditions. Best mobile battery profile.

🛡️
OpenVPN: compatibility

Two decades of deployment hardening. Can run over TCP/443 which makes it look like normal HTTPS traffic — gets through restrictive networks where WireGuard's UDP gets dropped.

🎯
Two is enough

Three or four protocols looks comprehensive but means more attack surface, more bugs, more cost to keep current. We'd rather maintain two well than five poorly.

🎪 Protocols We Skip

ProtocolWhy we skip it
PPTPBroken since 2012. Authentication is bruteforceable in hours.
L2TP/IPsecSlow handshake, complex config, IPsec implementation footguns.
IKEv2Fine technically, but adds maintenance burden without meaningful benefit over WireGuard for our use case.
SSTPMicrosoft-proprietary, Windows-centric, not widely peer-reviewed.
SoftEtherMulti-protocol Frankenstein. Powerful but the wrong tool for a consumer app.
ShadowsocksDesigned for censorship circumvention, not general-purpose VPN. Different problem space.

🎪 Auto-Select Logic

Default mode is "Auto". Here's what happens when you tap Connect:

1
Try WireGuard first

Open UDP socket to port 51820. Send handshake. If we get a reply within 1 second, we're connected. Done.

2
If WireGuard fails, fall back to OpenVPN/UDP

Some networks block port 51820 but allow other UDP traffic. Try OpenVPN on UDP/1194.

3
If UDP fails entirely, OpenVPN/TCP-443

Strict corporate / school networks often only allow TCP/443 (HTTPS). OpenVPN over TCP/443 looks like regular HTTPS to a firewall and almost always gets through.

🎪 FAQ

Which protocol should I use?
WireGuard for almost everything. It's faster, more battery-efficient, and uses more modern cryptography. ClownVPN picks WireGuard automatically by default.
When would I switch to OpenVPN?
Some networks (corporate, school, certain hotels) block WireGuard's UDP port 51820 but allow TCP traffic. OpenVPN can run over TCP/443 (looks like normal HTTPS) and gets through. If WireGuard fails to connect, ClownVPN can auto-fall-back to OpenVPN.
Why not L2TP/IPsec or IKEv2?
L2TP/IPsec is slow, complex, and has had several implementation issues. IKEv2 is fine but adds maintenance burden without meaningful benefit over WireGuard. We chose to support only the two best modern options instead of a long list.
Is WireGuard really better than OpenVPN?
Performance: yes, significantly. Code complexity: WireGuard is ~4,000 lines vs OpenVPN's ~70,000+. Less code = smaller attack surface. Both are secure when configured properly.
Can I pin a specific protocol?
Yes. In-app: Settings → Protocol → choose WireGuard, OpenVPN, or Auto. "Auto" picks the fastest working protocol for your current network.

🎪 Related Reading

🔒 Encryption →

The crypto inside each protocol.

🪓 Kill Switch →

What happens when the tunnel drops.

🚫 No Logs →

Neither protocol writes logs on our servers.

🎪 Try Both Protocols

Both shipping in the free Android app. Auto-select on by default.

🤖 Get It On Google Play