What is OpenVPN? | TechRadar
Interested in protecting your privacy online? So you’re probably already using a VPN to securely encrypt your web traffic and keep it safe from hackers (and, if you’re not, find out why you might need it with our “What is” guide. a VPN? ”).
The key element of every VPN connection is its VPN protocol – a set of rules that defines everything from how the app securely connects to its server, to the methods it can use to transfer data and how. log off when you are done.
Most VPNs support multiple protocols – WireGuard, IKEv2, L2TP, SSTP, etc. – but OpenVPN is by far the most popular. In this article, we’ll look at why, what OpenVPN gives you, some of the reasons it’s better than the competition, and where, maybe, OpenVPN is going next.
- Get the best – check out our best VPN summary
How OpenVPN started
In 2001, developer James Yonan was traveling across Central Asia when he needed to remotely connect to his work network. Forced to make unencrypted connections through servers in countries with very shady security practices, Yonan realized just how vulnerable his data could be. His response was to create an open source project, OpenVPN, to encrypt data and protect it from snoopers.
Francis Dinha was born and raised in Iraq, during the reign of Saddam Hussein. Growing up in a world where expressing anti-government views could result in sanctions, prison terms, and even executions, Dinha learned hard lessons about the true value of privacy.
After fleeing Iraq and later arriving in the United States, Dinha heard about Yonan’s creation and realized the possibilities. The two chatted and came up with a business plan. In 2001 they founded OpenVPN and in 2002 the OpenVPN protocol saw its first public release.
OpenVPN provides a way to connect computers to each other in a virtual private network. That is, even though the computers are distant from each other, in another office, another country, halfway around the world, it can securely connect the systems to each other through an encrypted tunnel. secured.
OpenVPN can tunnel it using either TCP (Transmission Control Protocol) for maximum reliability or UDP (User Datagram Protocol) for raw speed, a flexibility that beats some competing protocols even today.
Communications are handled by Secure Sockets Layer / Transport Layer Security (SSL / TLS), the same technology used to protect HTTPS websites. This is an advantage if you need OpenVPN to bypass a firewall or other VPN block, as once configured it’s hard to tell you’re using a VPN. Your online activity looks like normal web traffic.
OpenVPN benefits from a number of SSL / TLS features, for example allowing it to confirm that you are connecting to a legitimate server, to create and share new encryption keys to protect your data for this session and to verify that your data has failed. not changed.
Implementing modern web encryption properly is a huge task, and luckily OpenVPN does not try, but leaves most of the encryption work to the very extensive OpenSSL library. This is good news, as OpenSSL is a capable product widely used by many web servers to manage their HTTPS connections. But OpenVPN also uses it to support just about any cryptographic algorithm, hash function, or public key cryptography technology: AES, Chacha20, Poly1305, Triple DES, SM4, MD5, SHA-2, SHA-3 , BLAKE2, Whirlpool, RSA, Diffie-Hellman, elliptical curve and more.
One of the main advantages of OpenVPN is its flexible and configurable design, which gives VPN providers (and, sometimes, users) enormous control over how the service works.
Providers can easily change the OpenVPN encryption algorithm, for example, perhaps optimizing the VPN for security or speed. OpenVPN supports changing network settings, such as asking your device to use a different DNS server. And it supports all the network standards you need. Need IPv6, as well as IPv4 support? OpenVPN can be configured to cope with no hassle, and it will allow you to connect in most situations.
OpenVPN connections are set up by configuration files that accept many different commands, giving you all kinds of ways to deal with sticky situations.
To take an example: let’s say you can’t connect, maybe because the server is down. OpenVPN supports setting a custom timeout before giving up the attempt, so you might be able to wait a long time for servers you know to be slow, a few seconds for others. It can set the number of attempts and the number of seconds to wait between attempts. It can change low-level network settings, possibly helping you connect to busy networks or poor connections. It’s even possible to specify, say, ten possible servers that you can use, each with their own preferred connection settings, and OpenVPN will try them all until it finds something that works.
(These features won’t be available from a VPN app unless it’s written to support them, so don’t be surprised if you don’t see anything like it from your own provider. But they do. are supported by OpenVPN.)
While the built-in OpenVPN features aren’t enough, that’s not the end of the story. The protocol can be extended with plugins, scripts and more, providing all kinds of other possibilities for customization.
Another strength of OpenVPN is that it is an open source project. Anyone can download the source code, check for issues, add new features, or use it to create their own products.
This has helped expand OpenVPN to run on just about any platform, VPNs for Windows to Macs, Android VPNs to iOS, and almost all versions of Linux.
Other related open-source projects have developed around the protocol. Other open source projects have developed around the protocol. AirVPN’s Eddie is a powerful OpenVPN app with more features than most of the competition, but it’s free, open source, and you are allowed to download and use it with any OpenVPN compatible service.
All this activity has produced a large community of developers who work on the project, research bugs and security holes, share and come up with new ideas. There’s no guarantee that OpenVPN won’t have any issues, anyway, but with more people inspecting the code, chances are all issues will be caught early.
The transparency of an open source project is also great for trust. Premium providers like ExpressVPN embrace this spirit – they’ve made the code for its Lightway protocol open-source. Most VPN protocols aren’t open source, and when a provider tells you how great their offering is, you just have to take their word for it (or not, maybe).
With OpenVPN, no one can get away with making unrealistic claims or promises because there are thousands of experts who know the truth.
The future of OpenVPN
OpenVPN has been the king of VPN protocols for a long, long time, but some believe its reign may be coming to an end.
Newer protocols like WireGuard, NordLynx from NordVPN, and Lightway from ExpressVPN mentioned earlier have simpler and more streamlined designs. They reject most of the functionality of OpenVPN to focus only on the essentials of the VPN. And while that makes them relatively limited in functionality, there are big compensations, including faster connection times and (sometimes) a doubling of your download speeds.
However, the most recent protocols have certain drawbacks. They have fewer features, they are not as widely supported or available on so many platforms. WireGuard doesn’t have as many privacy features as it does with OpenVPN, and since it doesn’t support TCP, it may not be as reliable in some situations.
This could mean that OpenVPN is no longer the protocol of choice for most VPN users. If WireGuard works for you and doubles your speeds, then this is what you should be using.
However, OpenVPN is still useful as a fallback choice, a more reliable and versatile protocol that works even in tricky situations where others fail. It may not be at the top of the protocol rankings anymore, but OpenVPN’s flexibility and feature set means it will remain one of the most important VPN technologies around.
Learn more about VPN: