VPNs are becoming increasingly popular these days. This is good news because people are becoming aware of Internet dangers. This is why VPNs are utilized to protect personal information that can be misused by third-parties. However, the problem is that VPNs come with all kinds of technical terms – where one of the most common ones is OpenVPN.
If you take a look at our overview of the very best VPNs, you’ll see that many of them say they’re OpenVPN-based. So, what exactly is OpenVPN and why should you care about this protocol? Keep on reading to find out.
What is OpenVPN & What This Term Stands For?
OK, enough beating around the bush. What is OpenVPN exactly? First of all, OpenVPN is a software application. It’s a program that runs on two ends of an Internet tunnel. On the one end, you have an OpenVPN client and on the other, an OpenVPN server.
OpenVPN is open-source software, which means it is free to be used and modified by the community as they see fit. There is a central OpenVPN project that is maintained and managed by the team who created the software originally, but nothing stops anyone else from making their own spinoff.
OpenVPN can work over a whole bunch of common network protocols, which means it is virtually impossible to block. That makes it a very attractive alternative to IPsec. Also, OpenVPN comes in two main forms. There’s a paid version known as OpenVPN Access Server. This comes with special features, many of which are proprietary. For normal users, this isn’t really a relevant edition of the software, but it’s of interest to companies that want to set up their own corporate VPN servers.
For you, the package of interest is the Community Edition. This is the free and open version of the software most people are referring to when they say ‘OpenVPN’. Now that you know what OpenVPN is, let’s cover a little of its history, which started almost two decades ago.
The History of OpenVPN
There’s surprisingly little detail on OpenVPN if you try and Google for its background, but a feature on Linux Security paints an interesting picture. It’s an interview with the creator of OpenVPN, James Yonan.
Yonan started the OpenVPN project back in 2002. Before that, he was involved with some pretty important projects. Not least of which was his role in developing the C programming language.
Around the turn of the millennium, Yonan was traveling the world, moving through parts of it that were subject to some seriously bad Internet security. If you’re in central Asia and accessing the Web from locations in Russia, well, let’s just say it’s no accident they have the best hackers.
This was a problem for Yonan. At the time there was no way for him to set up a secure VPN connection from his side without someone back at work to handle the other end. Unlike most of us, he didn’t just accept the status quo but decided to do something about it.
So, he set out to create a true VPN solution that puts the user in control. One not dependent on the graces of large corporations, but which provided a good blend of both security and usability. That’s what we know today as OpenVPN.
What’s Under The Hood of OpenVPN?
To understand what makes OpenVPN such a revolutionary VPN protocol, it helps to know what’s going on under the hood.
OpenVPN uses the OpenSSL security library. It can, therefore, take advantage of just about all the toys that live in that library. This includes a healthy number of strong encryption standards. In fact, the highest level of encryption possible with OpenVPN is 256-bit at present. This is so strong there’s no realistic case for breaking in.
OpenVPN uses its own recipe for security, based on SSL and TLS technologies. It has nothing at all to do with IPsec, L2TP or anything else of that ilk.
There is no native support for this VPN protocol anywhere, but thanks to third-party and first-party clients, it’s hard to think of any popular platform that doesn’t have a way to make use of OpenVPN. We are talking Linux, QNX, Windows (XP and up), MacOS, iOS, Android and even Windows Phone. So, it’s very flexible. Add to this the fact that you can use scripts and plugins to customize OpenVPN and it’s no surprise power-users swear by it.
Digging Deeper Into OpenVPN
Going even deeper down the rabbit hole, we can tell you that this is one of the few solutions that operate well on the second layer of network topology. It can operate as a Layer 2 or 3 VPN. At layer 2, it can transmit low-level network data through the tunnel. On top of this, OpenVPN only needs one port to work. It can use the same Port 443 that SSL uses in general, which basically makes this protocol immune to VPN blocking.
Another great feature is that both endpoints of the tunnel can have dynamic IP addresses, which means you don’t have to pay for a static IP in order to set up a VPN tunnel with OpenVPN.
How to Install & Use OpenVPN?
If you’ve signed up with a VPN service that supports OpenVPN, then getting the OpenVPN software is usually as simple as downloading the official client of that VPN and making sure the OpenVPN protocol is selected.
On the other hand, if your provider has no native client application for OpenVPN, you’ll have to find one in the appropriate place. For Windows or Linux the obvious place to start is the official OpenVPN client. On a smart device, your relevant app store will have a number of client applications.
If you have the right sort of router, then there may also be a version of the OpenVPN client on the router itself. In which case you need to log into it and configure it there. Even if you don’t have OpenVPN on your router right now, under some circumstances you can add it with third-party firmware update such as DD-WRT.
There are two main ways to configure OpenVPN from your side of the connection. The first involves a long process of OpenVPN configuration which involved telling the client software the technical details of the connection. You also need to configure the encryption in detail and then have to create and manage all the authentication stuff as well. You’re still not done either since you still need to configure the network later settings and a bunch of other loose strings before you can get up and running.
Needless to say, most users don’t put up with this sort of thing, so most reputable VPN providers will give you a set of files that thankfully already contain all the correct settings for that specific VPN provider’s network. How you make use of those files will differ on a per-platform basis, but to give you an idea here’s how it works on these common platforms.
Configure OpenVPN on Windows
As we said earlier, on Windows you’re probably better off just using the official client. To make it work with your VPN, you need to download the pre-made configuration files.
Usually, there are two files that your VPN service will make available for download. One is the .ovpn file, which contains all the configuration options, pre-populated for your convenience. The second file is the security certificate. These can come in different forms, but most of the time it will have a .crt file extension.
All you need to do for the OpenVPN setup is to copy these two files in the Program Files\OpenVPN\Config folder. Then, when you right-click on the OpenVPN client icon in the system tray, the connection should show up under the ‘Connect’ menu.
Configure OpenVPN on a Router
If you’re lucky enough to have a router with an OpenVPN client installed on it, the process isn’t that much different from the Windows setup. The way we get the files where they need to be is the only difference here.
You need to log into your router, usually by typing its local IP address into your browser’s address bar. Once logged into the router’s user interface, you need to find the OpenVPN section. On DD-WRT, this is under the services-VPN tab. Then you’re going to open up the ovpn file and copy the relevant sections into the VPN setup form on the router.
ExpressVPN have a good OpenVPN Router Configuration article that outlines the process in more detail than we have space for here.
Configure OpenVPN on a Smartphone
Setting up OpenVPN on a smartphone running Android is actually one of the easiest options out of the bunch. Just install the app, such as OpenVPN Connect for Android, and then copy the ovpn file to your phone’s local storage. From within the app, you’ll have the option to browse the device and load the file.
On iOS devices, it’s pretty much the same process. Install the OpenVPN Connect for iOS app and then go to something like Dropbox. Store your config file there. Now select the ‘Open in’ option for that file and choose the app as the destination. It should then import the configuration.
Are There Any Downsides to OpenVPN?
No technology is ever perfect, and OpenVPN is no different. There are some elements of the protocol that still need improvement. Many of its strengths also come with compromises on the flip side.
It Needs Help from Strangers
One major weakness of OpenVPN is the fact that it relies exclusively on third-party client software to work. On the one hand, this means it can function as a truly platform-agnostic VPN solution. At the same time, it introduces a new failure point or intrusion vector.
In general, this is OK if the client software comes from your VPN provider and you already have good reason to trust them. When a VPN provider hasn’t created a client for a platform yet, that generic third-party client might get your fingers burnt.
You Have to Be A Bit Nerdy
While big VPN companies have gone to great lengths when it comes to their client software and making OpenVPN connections work out of the box, it can still be a little technical under certain conditions.
As soon as you have to manually configure an aspect of Open VPN, it may take you beyond the technical comfort zone of the average user. We wouldn’t say that it’s outright difficult to set up OpenVPN clients where you must use a generic client, just a little grinding sometimes.
Not As Friendly For Mobile Device Users
When Yonan first created OpenVPN, the word of connected devices looked much different than it does today. The only device that you were going to run a VPN on while away was a laptop. Smartphones and tablets weren’t a thing yet. Heck, the Internet of Things wasn’t even a thing yet. So, getting OpenVPN to play nice with these next-generation mobile computers has been an uphill struggle.
This is not a problem for protocols such as IKEv2, which was created from the ground up for the mobile world. OpenVPN was never designed for the mobile use case or peculiar operating system. That being said, better support for mobile operating systems is a key focus area, since mobile devices are quickly becoming the default way people use the web.
OpenVPN has changed the Internet privacy game forever. Never has so much power resided with so many people. It’s an amazing community achievement, spearheaded by a visionary person who just wanted to solve a simple personal problem. When choosing your own VPN, make sure to have a look at TechNadu’s VPN Guide, where we highlight the most important factors including protocol choices.