In case you've been searching for the best VPN that's aligned with your needs - you've probably heard about OpenVPN. There are many security experts recommending OpenVPN as the safest way to secure and encrypt your private data. However, mostly caused by its name, there are many misconceptions about OpenVPN and its role within VPN services. This is why we wanted to produce a beginners-friendly guide to this VPN protocol and to explain everything you need to know. So, what is OpenVPN? Is it safe for use? How to use OpenVPN to protect your identity and privacy online? We'll answer all of those questions, and then some more.
Before we jump into the specifics, you should that OpenVPN is a protocol used by numerous VPN services. This is why it's wise to check our articles on what is VPN, as well as how VPNs work. And if you'd like to know more about other popular VPN protocols, make sure to click on the provided link. And now, let's focus on OpenVPN only.
What Does 'OpenVPN' Mean?
First of all, OpenVPN is a software application. It’s a program that runs on two ends of an Internet tunnel. On the one end, you have an OpenVPN client and on the other, an OpenVPN server. More precisely, OpenVPN is open-source software, which means it is free to be used and modified by the community as they see fit. There is a central OpenVPN project that is maintained and managed by the team who created the software originally, but nothing stops anyone else from making their own spinoff.
OpenVPN can work over a whole bunch of common network protocols, which means it is virtually impossible to block. Also, OpenVPN comes in two main forms. There’s a paid version known as OpenVPN Access Server. This one comes with special features, many of which are proprietary. For normal users, this isn’t really a relevant edition of the software, but it’s of interest to companies that want to set up their own corporate VPN servers.
For you, the package of interest is the Community Edition. This is the free and open version of the software most people are referring to when they say 'OpenVPN'. Now that you know what OpenVPN is, let’s cover a little of its history, which started almost two decades ago.
The History of OpenVPN
There’s surprisingly little detail on OpenVPN if you try and Google for its background, but a feature on Linux Security paints an interesting picture. It’s an interview with the creator of OpenVPN, James Yonan.
Around the turn of the millennium, Yonan was traveling the world, moving through parts of it that were subject to some seriously bad Internet security. If you’re in central Asia and accessing the Web from locations in Russia, well, let’s just say it’s no accident they have the best hackers. With this said, you can understand that this situation was a problem for Yonan. At the time there was no way for him to set up a secure VPN connection from his side without someone back at work to handle the other end. Unlike most of us, he didn’t just accept the status quo but decided to do something about it.
So, he set out to create a true VPN solution that puts the user in control. One not dependent on the graces of large corporations, but which provided a good blend of both security and usability. That’s what we know today as OpenVPN.
How Does OpenVPN Work?
OpenVPN uses the OpenSSL security library. It can, therefore, take advantage of just about all the toys that live in that library. This includes a healthy number of strong encryption standards. In fact, the highest level of encryption possible with OpenVPN is 256-bit at present. This is so strong there’s no realistic case for breaking in. In addition, OpenVPN can use UDP (User Datagram Protocol) or TCP (Transmission Control Protocol) to transmit data - with UDP being the more favorable one.
OpenVPN uses its own recipe for security, based on SSL and TLS technologies. It has nothing at all to do with IPsec, L2TP or anything else of that ilk. Also, thanks to third-party and first-party clients, it’s hard to think of any popular platform that doesn’t have a way to make use of OpenVPN. We are talking Linux, QNX, Windows, macOS, iOS, Android, iOS and even Windows Phone. So, it’s very flexible. Add to this the fact that you can use scripts and plugins to customize OpenVPN and it’s no surprise power-users swear by it.
Going even deeper down the rabbit hole, we can tell you that this is one of the few solutions that operate well on the second layer of network topology. It can operate as a Layer 2 or 3 VPN. At layer 2, it can transmit low-level network data through the tunnel. On top of this, OpenVPN only needs one port to work. It can use the same Port 443 that SSL uses in general, which basically makes this protocol immune to VPN blocking.
Another great feature is that both endpoints of the tunnel can have dynamic IP addresses, which means you don’t have to pay for a static IP in order to set up a VPN tunnel with OpenVPN.
How Safe is OpenVPN?
It's believed that OpenVPN is one of the safest VPN protocols that you can use today. This is also the reason why top-rated VPNs rely on OpenVPN to secure and encrypt your Web connection data. In combination with 256-bit encryption, it's practically impossible for anyone to decrypt your files.
An important aspect of OpenVPN is its open-source nature. This means that independent developers and cyber-security researches are free to test this VPN protocol and then to implement all kinds of improvements. Once a new threat arises, open-source software is the first kind of software to receive the patch. And if this isn't enough for you, then know that OpenVPN went through a rigorous security audit in 2017, with minor bugs being fixed soon after.
How Fast is OpenVPN?
We'll be honest with you - and say that OpenVPN doesn't provide the best possible Web connection speeds. Since it uses high-end encryption and advanced methods of encapsulating your data, there's some overhead expense. However, it's generally believed that OpenVPN brings decent speeds, so the price that you pay for keeping your data secure isn't that high, after all.
What Are The Advantages of OpenVPN?
The advantages of using OpenVPN easily outweigh any problematic points this VPN protocol might offer. So, let's go over the most prominent benefits of using OpenVPN.
- OpenVPN is Incredibly Secure: As noted earlier, this is a highly recommended VPN protocol in case you want to safeguard your private data. Thanks to its 256-bit encryption and high-end ciphers, there's no way that someone can take advantage of your privacy. Even if someone gets to your data (like via a man-in-the-middle attack), the possibility of altering the stolen data packet is minimal.
- OpenVPN Runs on All Popular Platforms: No matter if you decide to use a VPN service or if you decide to use OpenVPN's GUI, you can install and use it across all popular (and less popular) operating systems. This applies to desktop and mobile platforms, as well as anything in between.
- OpenVPN Can Bypass Any Firewall: It's very difficult to block OpenVPN connections as this protocol can use any port on either UDP or TCP. Also, many VPN services can scramble your Web data and make it appear as typical HTTPS connection data, which makes it easy to bypass any firewall.
- OpenVPN Offer More Control Over Your Connection: Unlike other VPN protocols, this protocol allows you to use two ways of transmitting your data - UDP or TCP. This means that you can find a nice balance between the needed level of security and Web connection speed performance.
- OpenVPN is Compatible With Perfect Forward Secrecy: This is an incredibly secure encryption method that makes your device immune to numerous types of online dangers. Since there aren't any known vulnerabilities, this is perhaps the best way to secure your network from hacking.
What Are The Disadvantages of OpenVPN?
Of course, OpenVPN isn't the perfect VPN protocol - and there are some disadvantages that you need to keep in mind. So, here are the cons of using OpenVPN.
- OpenVPN Requires Complex Manual Configuration: In general, cyber-security enthusiasts are those who are primarily interested in this VPN protocol. If you decide to set it up on your own, you'll be soon facing hundreds of pages of complicated instructions. Of course, if you go for a third-party VPN service, this configuration is done in the background - without any input from the user.
- OpenVPN Needs an Additional Software Client: OpenVPN isn't part of any operating system. So, to use this VPN protocol, you need to install additional software on your device. This disadvantage is somewhat mitigated by the presence of VPN services that come with beautifully designed UIs, great for complete beginners.
- OpenVPN Might Lead to Drops in Connection Speeds: Thanks to its incredibly strong encryption, OpenVPN might sometimes lead to drops related to the speed of your Web connection.
What's The Best VPN Service for OpenVPN?
Below (right after this segment), you'll find our detailed guides on how to set-up OpenVPN manually. However, the easiest way to use this service is by using a VPN that natively supports OpenVPN. And for this purpose, we strongly recommend ExpressVPN. Here's how easy it is to activate and use this protocol using this VPN service.
- First, you need to sign-up for ExpressVPN. This will allow you to access your online dashboard by logging to your account on this VPN's website. Once you log-in, make sure to download ExpressVPN on your device.
- Once downloaded, proceed to install the application. As you can see in our ExpressVPN review, this process is incredibly simple and you don't need any technical knowledge to finish it successfully. Once installed, launch ExpressVPN and log-in.
- Click on the 'hamburger' button in the top-left side of ExpressVPN's interface, and then click on 'Options'. This will open a new window, where you need to select the 'Protocol' tab, at the top.
- Finally, select either 'UDP - OpenVPN' or 'TCP - OpenVPN', and that's pretty much it. Return to ExpressVPN's home screen and connect to any of the available servers. From this moment on, your Web data will be encrypted and encapsulated, making you invisible on the Web.
How to Install & Use OpenVPN?
If you’ve signed up with a VPN service that supports OpenVPN, then getting the OpenVPN software is usually as simple as downloading the official client of that VPN and making sure the OpenVPN protocol is selected. On the other hand, if your provider has no native client application for OpenVPN, you’ll have to find one in the appropriate place.
With this said, there are two main ways to configure OpenVPN from your side of the connection. The first involves a long process of OpenVPN configuration which involves telling the client software the technical details of the connection. You also need to configure the encryption in detail and then have to create and manage all the authentication stuff as well. You’re still not done either since you still need to configure the network later settings and a bunch of other loose strings before you can get up and running.
Needless to say, most users don’t put up with this sort of thing, so most reputable VPN providers will give you a set of files that thankfully already contain all the correct settings for that specific VPN provider’s network. How you make use of those files will differ on a per-platform basis, but to give you an idea here’s how it works on these common platforms.
How to Configure OpenVPN on Windows?
As we said earlier, on Windows you’re probably better off just using the official client. To make it work with your VPN, you need to download the pre-made configuration files.
Usually, there are two files that your VPN service will make available for download. One is the .ovpn file, which contains all the configuration options, pre-populated for your convenience. The second file is a security certificate. These can come in different forms, but most of the time it will have a .crt file extension. All you need to do for the OpenVPN setup is to copy these two files in the Program FilesOpenVPNConfig folder. Then, when you right-click on the OpenVPN client icon in the system tray, the connection should show up under the 'Connect' menu.
How to Configure OpenVPN on a Router?
If you’re lucky enough to have a router with an OpenVPN client installed on it, the process isn’t that much different from the Windows setup. The way we get the files where they need to be is the only difference here.
You need to log into your router, usually by typing its local IP address into your browser’s address bar. Once logged into the router’s user interface, you need to find the OpenVPN section. On DD-WRT firmware, this is under the services-VPN tab. Then you’re going to open up the ovpn file and copy the relevant sections into the VPN setup form on the router.
How to Configure OpenVPN on a Smartphone?
Setting up OpenVPN on a smartphone running Android is actually one of the easiest options out of the bunch. Just install the app, such as OpenVPN Connect for Android, and then copy the ovpn file to your phone’s local storage. From within the app, you’ll have the option to browse the device and load the file.
On iOS devices, it’s pretty much the same process. Install the OpenVPN Connect for iOS app and then go to something like Dropbox. Store your config file there. Now select the 'Open in' option for that file and choose the app as the destination. It should then import the configuration.
Dear readers, this is where we conclude our guide to OpenVPN. So, we'd like to ask you to share this article online if you found it to be helpful. Also, don't miss out on a chance to follow us on Facebook and Twitter. Thanks!