VPN Wired

Your Online Security Advisor

Nord_W

What is OpenVPN: All You Need to Know

OpenVPN

Are you interested in the meaning of OpenVPN? That’s unsurprising, since it’s a well-known term in the Internet security industry, and is frequently mentioned on the Internet nowadays. You would often find it in connection with terms such as “free”, “open-source”, “fast and secure”, and “superb choice for VPN routers and mobile devices”. Those connections are true, and we believe the popularity of OpenVPN will only grow from here. Therefore, you should know more about this VPN protocol, system, and paid product, depending on which iteration you’re interested in. Now, let’s dive into what is OpenVPN.

Definition of OpenVPN

The OpenVPN definition is that it is a free, open-source, community project that provides a VPN (Virtual Private Network) system that permits creating secure connections over public networks (such as the Internet) via an eponymous VPN protocol. The system uses a custom OpenVPN SSL Library to provide protocol and encryption based on SSL/TLS (Secure Sockets Layer/Transport Layer Security). That means users can gain online security and freedom without depending on protocols and systems developed by profit-based companies such as Microsoft or Cisco. The community effort means bugs and exploits are quickly solved and there’s a rapid improvement in functionality and features.

However, more accurately, the name OpenVPN commonly refers to three things:

  1. The aforementioned community-driven open-source projects for a VPN system, named Community Edition (CE), with client and server implementations for computers, mobile devices, and routers
  2. The tunneling/security protocol of that name the VPN system uses (the most common use of the name)
  3. The company behind the project, OpenVPN Inc.

What is OpenVPN Community Edition?

OpenVPN Community Edition refers to the entire open-source VPN project that includes tunneling and encryption technology as well as a client (OpenVPN Connect) for Windows, macOS, Linux, iOS, and Android, and a server configuration. Not all clients support a GUI (Graphical User Interface). For instance, Linux and Raspberry Pi are limited to Terminal use (outside of Network Manager GUI). The OSS (open-source software) project is registered with a GPLv2 (The GNU General Public License version 2). That lets others view the code and improve the technology.

OpenVPN Connect works like other VPN clients. That means you use a GUI or terminal to establish a VPN tunnel to a VPN server, then connect to the Internet. That hides your IP address and location from your ISP (Internet Service Provider), hackers, the government, and websites you visit while encrypting your traffic. The project also provides the files necessary to install and set up a VPN server on your devices. A crucial part of that is downloading the OpenVPN config file to adjust the connection.

How does the OpenVPN tunneling protocol work?

OpenVPN protocol represents a set of rules, procedures, and resources necessary for a VPN to function and works using VPN tunneling. The protocol was released in 2001 by James Yonan. It creates a protected connection between the client and the server and encrypts the data transferred between them via the OpenSSL Library. The OpenVPN SSL Library provides a custom protocol based on Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). This is in contrast to other protocols within protocols, such as L2TP over IPsec or IKEv2/IPsec. It provides the protocol with 256-bit encryption ciphers such as AES-256 (256-bit Advanced Encryption Standard).

Therefore, while unique, the protocol adheres to established standards and its code is open to inspection. Moreover, OpenVPN operates in two staple networking modes of the Internet:

  1. OpenVPN Transmission Control Protocol (TCP) on port 443 by default
  2. OpenVPN UDP (User Datagram Protocol) on port 1194 by default

Also, it provides several ways to authenticate the user on a network: pre-shared keys, usernames and passwords, and certificates.

On which platforms is the protocol available?

OpenVPN protocol is available on Windows XP and later OSes, as well as macOS, QNX, Linux, Solaris, OpenBSD, NetBSD, FreeBSD, Android, iOS, Maemo, and Windows Mobile. Additionally, the open-source nature of the OpenSSL Library and its protocol means OpenVPN can be implemented in:

  1. VPN clients — Providers can integrate it into their software for Smart TVs, computers, mobile devices, and so on. Leading providers such as NordVPN, Surfshark, ExpressVPN, and CyberGhost VPN all support it in their software.
  2. Firmware — Custom router firmware as well as open-source firmware DD-WRT, Gargoyle, Tomato, pfSense, OpenWrt, and OPNsense. We showed how to create a router VPN server via OpenVPN.

Is OpenVPN fast?

OpenVPN is relatively fast, but slower than some competitors such as WireGuard and IKEv2/IPsec. That’s because of its focus on security and the length of the source code. It has 400,000 to 600,000 lines of code when OpenSSL is included. Compare this to only 4000 lines on WireGuard, for example. Additionally, some protocols focus on speed over security, so OpenVPN can’t compete.

Does OpenVPN use encryption?

Yes, OpenVPN uses end-to-end 256-bit VPN encryption to provide a secure connection between a client and a VPN serve to ensure secure remote access to devices in one location. That means the data sent from the client is transformed 14 times using an encryption cipher before it reaches the destination, the VPN server.

How safe is OpenVPN?

OpenVPN is arguably the most secure VPN protocol at the time of writing, although WireGuard is pretty close. Besides encryption, it supports IP and domain routing, and intrusion detection. It also permits tunneling via TCP and UDP, networks with dynamic endpoints, e.g., DHCP (Dynamic Host Configuration Protocol), networks realized over NAT (Network Address Translation), and those protected by firewalls. That means it can shield the vast majority of network devices.

Plus, its custom library is versatile in terms of dynamic key exchange and cipher types. It’s also capable of simultaneously handling multiple clients. Furthermore, their OpenVPN Connect client supports a kill switch by default. Plus, third-party providers’ VPN clients extend its functionality with extra security features. Finally, its code is transparent and the community reports and solves any bugs and exploits.

Is there a paid version of OpenVPN?

Yes, there is a paid version of OpenVPN that is clearly distinguished, consisting of two products:

  • OpenVPN Access Server. Horizontally scalable, user-friendly, clustering-compatible, self-hosted remote access VPN solution for enterprise users
  • OpenVPN Cloud. Scalable cloud-based business site-to-site VPN system that permits users to purchase over 2000 concurrent connections

Both products are based on the open-source Community Edition, meaning they are compatible with their VPN client and any clients that support OpenVPN.

Milan

VPN is one of my passions. I love being secure and helping others avoid any potential threats online. I also contribute to several VPN guide websites online.