diff --git a/aries/vpn/README.md b/aries/vpn/README.md
new file mode 100644
index 0000000..7aba2c0
--- /dev/null
+++ b/aries/vpn/README.md
@@ -0,0 +1,12 @@
+# VPN
+For the longest time, I have configured an OpenVPN server so that I can connect to my network remotely (tunnel). However, I am currently replacing this deployment with Wireguard due to its speed, easy of use/deployment, and security.
+
+## OpenVPN
+My OpenVPN deployment uses certificates issues from my internal certificate authority for authentication. In addition, each of my devices (laptop, phone, etc) is issued a different certificate so that I can lock the OpenVPN to allow only 1 connection per certificate. As long as OpenVPN is prompted with a user certificate signed from my CA, it lets the connection through.
+
+You'll note that the firewall needs to route traffic from the VPN network (10.8.0.0/16) to the local network (192.168.0.0./24).
+
+## Wireguard
+Wireguard is quite slim so a lot of the functionality I am expecting (certificate authentication, DHCP, key exchange) is available (this is part of what makes it secure). Instead, I will have to create my own method of distributing and keeping track of keys generated by Wireguard.
+
+Wireguard appears to handle making the routes itself, so I should be able to remove my OpenVPN route rules from my firewall no problem.
\ No newline at end of file