What is OpenVPN?
OpenVPN — one of the most common implementations of VPN technology, which is mainly used to organize access to internal corporate networks. Compared to other protocols such as SSTP, Wireguard, SoftEther, it is more convenient, efficient, reliable and stable. It is distributed with open source code, which inspires even greater trust among users. Also, not all VPN protocols support cross-platform, and OpenVPN works on a large number of platforms: Windows, macOS, iOS, Android, Linux, on routers, FreeBSD, OpenBSD, NetBSD, and even Solaris, in ;including on mobile. To the newest VPN implementations, it can lose in speed, and only when using TCP-port. But this problem is solved because OpenVPN also works with a faster UDP connection.
Note. TCP (Transmission Control Protocol) UDP (User Datagram Protocol) — transport layer protocols that are responsible for the transfer of data on the Internet.
OpenVPN is secured using encryption and authentication via the OpenSSL library, 256-bit encryption keys, high-level ciphers. In 2017 the VPN Private Internet Access provider company conducted an Open VPN security audit, as a result of which the protocol developers fixed the bugs and vulnerabilities found. So after 2017, Open VPN became even more secure.
How OpenVPN works
OpenVPN is used to create a secure connection between VPN client and VPN server.
VPN can have a wide range of uses. One of the most typical examples — using VPN for corporate work, in order to ensure the security of connection to the corporate network of remotely working employees or to unite entire buildings and offices geographically distributed into a single network. A VPN also protects the average user using a public Wi-Fi network. After all, such networks are often not safe and using them is risky. Another of options — bypassing locks of various resources. For example, to access familiar sites for us, for example, VKontakte, in Ukraine or in China, you need to use a VPN.
OpenVPN — the most convenient implementation of VPN, which allows you to solve the same tasks, plus it has additional features.
For example, it allows you to improve the authorization and authentication of the user by using third-party plugins and scripts.
Also, OpenVPN can be used to easily connect two hosts or networks with a secure point-to-point tunnel— point". In this format, OpenVPN can work with static keys (pre-shared key), without certificates. In addition, these keys are generated by OpenVPN itself.
Identification is by key; host addresses are not taken into account in any way. With this feature, OpenVPN is convenient for site-to-site connections to hosts without a static address and hosts behind NAT.
How OpenVPN works — General specifications
- In general, OpenVPN uses 256-bit OpenSSL encryption. For a higher level of connection security, OpenVPN can use AES, Camellia, 3DES, CAST-128, or Blowfish ciphers.
- Although OpenVPN does not support L2TP, IPSec, or PPTP, it uses its own protocol based on TLS and SSL.
- OpenVPN allows you to improve the authorization and authentication procedure by using third-party plugins and scripts.
- Clients can connect to servers outside of the OpenVPN server because it supports setting a private subnet.
- To protect users from buffer overflows in TLS/SSL implementations, DoS attacks, port scanning, and port flooding, OpenVPN uses tls-auth to verify the HMAC signature. The structure of OpenVPN allows you to reset privileges if necessary, as well as use the “jail” chroot for CRL.
- OpenVPN runs in user space, not kernel.
OpenVPN security. Is it safe to use?
Definitely. In fact, OpenVPN is one of the most secure VPN protocols available today. Most VPN service providers and security experts really recommend OpenVPN if you want to enjoy privacy without being tracked or exposed to hackers.
The protocol passed two security audits in 2017 — the first showed only minor issues that did not endanger user data. During the second audit, only two errors were found (which were soon corrected).
The OpenVPN.net platform also offers a detailed list of what users can do to further secure their connection once OpenVPN is set up on the device. And since it's an open source protocol, it's much more reliable, since you can test the code yourself (if you have the necessary experience). This way you can make sure that everything is in order with the protocol.
OpenVPN speed. How fast does it work?
In fact, the speed — far from a strong point of OpenVPN, but if you have high-speed Internet, then the speed will be acceptable. As a rule, the Internet speed drops due to the strong level of encryption in OpenVPN. Other factors may also play a role.
You can get faster speeds if you use OpenVPN over UDP instead of TCP.
Advantages and disadvantages of OpenVPN
- OpenVPN — a very secure protocol that uses 256-bit encryption keys and high-level ciphers.
- The OpenVPN protocol can easily bypass any firewall in its path.
- Because OpenVPN works with both TCP and UDP, it offers a lot more control over connections.
- However, OpenVPN is supported by most platforms. For example, Windows, macOS, iOS, Android, Linux, on routers, FreeBSD, OpenBSD, NetBSD and even Solaris.
- OpenVPN has support for “Perfectly Forward Secrecy”.
- Manually configuring the OpenVPN protocol can be quite tricky on some platforms.
- Sometimes, due to strong encryption, you can feel a significant decrease in Internet speed.
- OpenVPN requires the use of third-party applications.