The OpenVPN protocol is responsible for handling client-server communications. Basically, it helps establish a secure “tunnel” between the VPN client and the VPN server.
When OpenVPN handles encryption and authentication, it uses the OpenSSL library quite extensively. Also, OpenVPN can use either UDP (User Datagram Protocol) or TCP (Transmission Control Protocol) to transmit data.
If you’re not familiar with TCP and UDP, they are transport layer protocols, and are used to transmit data online. TCP is more stable since it offers error correction features (when a network packet is sent, TCP waits for confirmation before sending it again or sending a new packet). UDP doesn’t perform error correction, making it a little less stable, but much faster.
OpenVPN works best over UDP (according to OpenVPN.net), which is why the OpenVPN Access Server first tries to establish UDP connections. If those connections fail, only then does the server try establishing TCP connections. Most VPN providers also offer OpenVPN over UDP by default.
Due to the way it’s programmed (it’s a custom security protocol), the OpenVPN protocol can easily bypass HTTP and NAT.
Unlike most VPN protocols, OpenVPN is open-source. That means its code isn’t owned by just one entity, and third-parties can always inspect it and continuously improve it.
OpenVPN Explained In-Depth – General Technical Details
- Generally, OpenVPN uses 256-bit OpenSSL encryption. To further strengthen the security of the connection, OpenVPN can use the AES, Camellia, 3DES, CAST-128, or Blowfish ciphers.
- While OpenVPN doesn’t have any support for L2TP, IPSec, and PPTP, it uses its own custom protocol based on TLS and SSL.
- OpenVPN supports the improving of login and authentication processes with the use third-party plugins and scripts.
- Clients can actually connect to servers beyond the OpenVPN server since it offers support for a private subnet configuration.
- To protect users from buffer overflow vulnerabilities in TLS/SSL implementations, DoS attacks, port scanning, and port flooding, OpenVPN relies on tls-auth for HMAC signature verification. OpenVPN is also programmed to drop privileges if necessary, and run in a chroot jail dedicated to CRL.
- OpenVPN runs in user space instead of kernel space.
Is OpenVPN Safe to Use?
Yes. In fact, OpenVPN is one of the safest VPN protocols you can use right now. Most VPN providers and security experts actually recommend sticking to OpenVPN if you want to enjoy a private, surveillance and hacker-free online experience.
The protocol has even undergone two security audits back in 2017 – one audit only found very minor issues that didn’t endanger user data, and the other audit only found two bugs (which were actually fixed very quickly).
Plus, the OpenVPN.net platform also has a large in-depth list of what users can do to further secure their connections after configuring OpenVPN on their devices. And since it’s an open-source protocol, it’s much more trustworthy since you can check out the code yourself (if you’re experienced with that) to make sure everything is in order.
How Fast Is OpenVPN?
Speed isn’t really OpenVPN’s strong suite, but you do tend to get decent connection speeds if you have enough bandwidth. The reason your speeds tend to drop quite often with OpenVPN is mostly due to its strong encryption. Of course, other factors can come into play too.
Generally, you can get faster speeds if you use OpenVPN over UDP instead of TCP.
How to Use OpenVPN
OpenVPN isn’t exactly the most user-friendly protocol out there, and setting up a connection can be a bit daunting.
In this section, we’re going to cover the Windows setup process since it was the most requested. The Android and iOS setup processes follow similar steps as the ones we’ll discuss here. Installing and using OpenVPN on Linux is pretty complex, but here’s the main way to do it (also, some extra information can be found here).
Now, before we move on, we should mention that in order to set up an OpenVPN connection, you’ll need a subscription to a VPN service. While you can set up your own OpenVPN server, it’s extremely difficult, and most tutorials that are available online only cover Linux platforms.
With that out of the way, here are the main things you need to know about using the OpenVPN protocol:
1. First, Get the Configuration Files
In order to connect to your provider’s servers, OpenVPN will require certain configuration files which define how a connection is carried out. As long as you choose a decent VPN provider, you should be able to find all the configuration files you need on their Downloads page.
The configuration files usually come archived, and you’ll need to unzip them. The most important files will be the OVPN ones.
2. Install the OpenVPN Client
Once you have the configuration files, you need to install the OpenVPN client on your device. You can easily find the installers you need on the Downloads page on OpenVPN.net. Just run the installer, accept the default options, choose a different install destination folder if you want, and proceed with the installation process.
When finished, your default text viewer might open a new file to showcase a guide containing technical details. You can read it if you want, but it’s safe to close the file at this point too.
3. Now, Import the VPN Data
To start OpenVPN, you need to launch the OpenVPN GUI application. It will add the service to your System Tray (the small task bar in the lower right corner). Next, copy over all the OVPN files you downloaded to the “Config” subfolder within the OpenVPN installation folder.
Now, if you click on the OpenVPN icon in your System Tray, you should be able to see the names of all the files you just copied. If it’s easier for you, you can rename the files.
4. Establishing the Connection
To connect to a server, just click on the OVPN files in the OpenVPN application. When prompted, type in your login credentials. If everything goes okay, you should see a log screen with some status commands, which will disappear when the connection is established.
You should get a desktop notification letting you know the connection was successful. Also, if you look at the OpenVPN icone, you should see a green screen. When you hover over it, you’ll see a tooltip telling you the name of the server and your new IP address.
At this point, you can try testing the connection to make sure everything is in order.
To disconnect, simply click the OpenVPN icon, choose the server you’re connected to, and click on “Disconnect.”
5. Tweaking Settings (Basic and Advanced)
The OpenVPN application doesn’t have many settings, but you can still play around with some of them.
For example, you can go into “Settings” and make sure that OpenVPN automatically launches when you start up your operating system. You can also get rid of the log screen that pops up when you connect to a server by checking the “Silent Connection” option. And be careful with the “Never” option as it disables desktop notifications.
In case you want to further tweak you connections, you can open the OVPN files themselves (we recommend doing it with WordPad) to see what commands are assigned to them. If you’re knowledgeable enough, you can edit the existing commands or add new ones. Some commands that might be of interest to those of you who are more experienced include:
- The “proto” command – This command is used to switch between UDP or TCP. Just add the protocol name after the command, like so: “proto udp.”
- The “remote” command – That’s the line which tells OpenVPN the name of the server you want to use. It usually includes the port after the VPN server name as well. If you know of alternative ports your provider uses, you can switch between them here.
- The “tun-mtu” command – This stands for Maximum Transmission Unit value. It’s usually set somewhere around 1500, but you can try changing it to increase performance.
Besides that, you can check the “doc” subfolder in your OpenVPN installation folder for more advanced documentation that can show you how to do other things (like setting up scripts for when your VPN disconnects, or blocking DNS leaks). You can also check the Reference Manual that’s available on OpenVPN.net for more information.
OpenVPN Advantages and Disadvantages
Advantages
- OpenVPN is a very secure protocol, being able to use 256-bit encryption keys and high-end ciphers.
- The OpenVPN protocol can easily bypass any firewall it encounters.
- Since OpenVPN can use both TCP and UDP, it offers you more control over your connections.
- OpenVPN runs on a large number of platforms. Some examples include Windows, macOS, iOS, Android, Linux, routers, FreeBSD, OpenBSD, NetBSD, and Solaris.
- OpenVPN has support for Perfect Forward Secrecy.