What is OpenVPN? How it Works & When to Use It in 2023

There is a 7-day free trial of SecureLine and after that, there’s a 30-day money back guarantee. Read my full review of Avast VPN here.

What is OpenVPN?

If you’re focused on protecting your online privacy, you’re likely already using a VPN. The best VPNs (and trusted free VPNs) securely encrypt your web traffic and keep it safe from hackers.

The key element of every VPN connection is its VPN protocol – a set of rules that defines everything from how the app securely connects to the VPN server to data transfer methods and how to close the session when you’re finished.

Most VPNs support several protocols – WireGuard, IKEv2, L2TP, SSTP and more – but OpenVPN is far and away the most popular. But what is OpenVPN, is it better than the competition, and what next for the popular protocol?

How OpenVPN started

In 2001, developer James Yonan was traveling through Central Asia when he needed to remotely connect to his business network. Forced to make unencrypted connections via servers in countries with very shady security practices, Yonan realized how vulnerable his data was. His solution was to create an open-source project to encrypt data and protect it from snoopers. The developer originally intended this to be a side project. He had no idea that he’d invented what was to change the face of encrypted communications for years to come.

Francis Dinha was born and raised in Iraq, during the reign of Saddam Hussein. Growing up in a world where expressing anti-government views could result in punishment, jail time, even execution, Dinha learned some harsh lessons about the true value of personal privacy.

After fleeing Iraq, applying for asylum in Sweden, then later arriving in the US, Dinha heard about Yonan’s creation and realized the possibilities. The two men talked, and came up with a business plan. In 2001, they founded OpenVPN, and in 2002, the OpenVPN protocol saw its first public release.

OpenVPN encryption

OpenVPN provides a means of connecting computers together in a Virtual Private Network. That is, even if the computers are remote from each other, in another office, another country, the other side of the world, it can safely connect the systems together via a secure encrypted tunnel.

OpenVPN can create its VPN tunnel using either Transmission Control Protocol (TCP) for maximum reliability, or User Datagram Protocol (UDP) for raw speed, a flexibility that beats some competing protocols, even today.

Communications are managed by Secure Sockets Layer/ Transport Layer Security (SSL/TLS). This is the same technology used to protect data transmitted to and from HTTPS websites. That’s an advantage if you need OpenVPN to bypass a firewall or some other VPN block, as once it’s set up, it’s tricky to tell that you’re using a VPN. Your online activity just looks like regular HTTPS web traffic.

OpenVPN benefits from many SSL/TLS features, such as allowing it to confirm you’re connecting to a legitimate server, create and share new encryption keys to protect your data for this session, and verify your data hasn’t been altered.

Properly implementing modern web encryption is a huge task, and fortunately OpenVPN doesn’t try, instead handing off most encryption tasks to the very comprehensive OpenSSL library.

That’s good news, as OpenSSL is a capable product widely used by many web servers to manage their HTTPS connections. But OpenVPN also uses it to support just about every encryption algorithm, hash function or public-key cryptography technology around. That includes AES, Chacha20, Poly1305, Triple DES, SM4, MD5, SHA-2, SHA-3, BLAKE2, Whirlpool, RSA, Diffie-Hellman, Elliptic curve, and more.

Flexible configurations

One of the major advantages of OpenVPN is its flexible and configurable design, which gives VPN providers (and, sometimes, users) a huge amount of control over how the service works.

Providers can easily switch OpenVPN encryption algorithms, optimizing the VPN for security or speed. OpenVPN supports changing network settings, for instance asking your device to use another DNS server. And it supports all the network standards you need. Need IPv6, as well as IPv4 support? OpenVPN can be set up to handle that and get you connected in most situations.

OpenVPN connections are set up by configuration files that accept many different commands, giving you all kinds of ways to deal with tricky situations.

Let’s say you can’t connect because a server is down. OpenVPN supports setting a custom timeout before it gives up the attempt, so you could wait a long time for servers you know are slow or just a few seconds for others. It can set the number of times to retry, and a number of seconds to wait between retries. It can change low-level network settings, maybe helping you get connected on busy networks or over poor-quality connections. It’s even possible to specify how many servers you could use, each with their own preferred connection settings. OpenVPN will try all these until it finds one that works.

These configuration files are extremely easy to read and edit as they’re nothing more than text files with their own extension (.ovpn). Many VPN providers make it easy for customers to connect via OpenVPN by offering pre-made configuration files on their websites.

However, it’s worth noting that these features won’t typically be available from a mobile VPN app unless it’s written to support them. So; don’t be surprised if you see nothing like that from your own provider, even if they’re supported by OpenVPN.

Even if the built-in OpenVPN features aren’t enough, that’s not the end of the story. The protocol can be extended with plugins, scripts and more, giving all kinds of other customization possibilities.

One popular plugin is ‘auth-pam’. PAM stands for “Pluggable Authentication” module. This allows you to increase OpenVPNs security for instance, by requiring authentication by both a password and a special ‘X.509’ public key certificate.

You can also use plugins to increase an OpenVPN server’s security using two-factor authentication with Duo or LastPass. This flexibility underpins why OpenVPN is such a popular protocol, letting users customize it to meet the specific needs of each VPN platform.

Open-source advantage

The open-source nature of OpenVPN is another big advantage. Anyone can download the source code, check it for problems, add new features, or use it to create their own products.

That’s helped expand OpenVPN to run on just about every platform, from VPNs for Windows to Mac, Android VPNs, and almost every flavor of Linux.

While iOS doesn’t natively support connections to OpenVPN servers, you can use a third-party app like OpenVPN connect to do this. If you have an iPhone, iPad or other iOS device, see our guide How to setup and use OpenVPN Connect.

Other related open-source projects have grown up around the protocol. For instancel. The client software for AirVPN, known as Eddie, is a powerful OpenVPN app with more features than most of the competition, but it’s free, open-source and you’re permitted to download and use it with any OpenVPN-compatible service, not just AirVPN.

All this activity has produced a large community of developers who work on the project, squash bugs and security vulnerabilities, and collaborate on fresh ideas for the protocol. There’s no guarantee OpenVPN won’t have problems, but with more people inspecting the code, it’s likely any issues will be caught early.

The transparency of an open-source project is great for trust, too. Top providers like ExpressVPN are embracing this spirit – the company made the code for its Lightway protocol open-source. Most VPNs protocols, though, aren’t open source, and when a provider tells you how great their offering is, you just have to take their word for it.

With OpenVPN, there’s no way anyone could get away with making unrealistic claims or promises, because there are thousands of experts out there regularly developing and reviewing the source code.

Client software

It’s not just the OpenVPN server software that’s free and open-source. So is the client software that you install on your device to connect to an OpenVPN server. One of the most popular implementations is OpenVPN Connect, which can easily be set up on most platforms. The advantage of using an open-source client instead of your VPN provider’s client software is that it’s much easier to verify any claims.

For instance, if your VPN provider says their proprietary, closed-source client secures connections with the fast and powerful ChaCha20 stream cipher rather than the slightly less secure AES-256-GCM, you simply have to accept the claim. By using open-source software like OpenVPN Connect and the easy-to-read .ovpn configuration files you can check exactly how your connection is authenticated and encrypted for yourself.

Naturally this works both ways: if your VPN client software has a special feature offered by that particular provider, such as Meshnet from NordVPN, then this won’t be included in the software.

That said, like most modern proprietary VPN clients, the OpenVPN Connect client does now include a VPN kill switch. This means if your connection to the VPN server fails or drops out for any reason, all network activity is stopped until your device is linked with the VPN again. This protects your IP address and personal data.

If a particular device isn’t compatible with OpenVPN Connect, consider installing the client on a compatible, secure router. If your router’s running the Linux firewall pfSense or the open-source firmware OpenWRT or DD-WRT, you can configure it to connect to an OpenVPN-compatible server. After you do this, any devices you connect to the router in turn will also be connected to the VPN.

If you want to change your router’s firmware, you’ll need to make sure you have a compatible model. For more information, see our guide Enhance your router with OpenWRT.

OpenVPN disadvantages

Using the OpenSSL library was the right decision when OpenVPN was originally developed, as it’s always wise to use a tried and trusted SSL library rather than try to develop and maintain your own.

Unfortunately, some vulnerabilities have been discovered in OpenSSL in recent years. One of the biggest of these was Heartbleed. When an attacker passed certain data OpenSSL extensions, they could read up to 64kb of the host machine’s memory. This could be repeated by hackers, to read more data placing information like usernames, passwords and connection logs at risk.

The OpenVPN developers responded quickly, releasing a patch for the affected versions of their server software. They noted that OpenVPN combined SSL connections with TLS-auth, which digitally signs data packets to verify their integrity. The software also uses Perfect Forward Security, generating encryption keys for every session. It means even if a bad actor online discovers the keys, they couldn’t use them to decode your data the next time your device connected to an OpenVPN server. The vulnerability only affected servers, not mobile devices, which used a different SSL library called PolarSSL (now known as Mbed TLS).

The OpenVPN website maintains a list of possible security issues including another OpenSSL vulnerability which was discovered in November 2022, though once again this is easy to fix simply by updating the server software.

There are other vulnerabilities within the OpenVPN Access server software but almost all of them rely on the software not being properly configured or updated. Using a reliable VPN should mitigate this issue.

Uncertain future

OpenVPN has been one of the best VPN protocols for a long, long time. But some think its reign might be coming to an end.

New protocols such as WireGuard, NordVPN’s custom Wireguard solution NordLynx, and ExpressVPN’s Lightway have simpler, stripped-back designs. They throw out most of OpenVPN’s functionality to concentrate only on the core VPN essentials. And although that makes them relatively short on features, there are big compensations, including faster connection times, and a potential doubling of your download speeds.

As protocols like Wireguard only support newer encryption schemes, they can be safer to use compared to OpenVPN, which tries to support as many encryption schemes as possible, even older ones such as 3DES. For example, ExpressVPN’s Lightway protocol is based on WolfSSL, not OpenSSL, so it doesn’t share OpenSSL’s specific weaknesses like Heartbleed. It’s also designed to run efficiently, even on devices with low resources, so some users may find it offers faster connections.

Newer protocols have some disadvantages, though. Fewer features means they’re not as widely supported as OpenVPN, nor available on as many platforms. WireGuard doesn’t have as many privacy features as you get with OpenVPN, and as it doesn’t support TCP, it may not be as reliable in some situations sinceTCP takes the time to verify that data has been sent correctly and can resend any missed packets.

OpenVPN overall

The advent of Wireguard, Nordlynx and Lightway could mean OpenVPN is no longer the first-choice protocol for most VPN users. If WireGuard works for you, and doubles your speeds, then by all means use it.

OpenVPN is still useful as a fallback choice – a more reliable and versatile protocol that works even in the tricky situations where others fail. And its flexibility and feature set means it remains one of the most important VPN technologies around.

Whichever protocol you choose, remember that open-source technology offers the best security guarantees, with the code being constantly reviewed by the community. This is why connecting to an OpenVPN server via the FOSS OpenVPN Connect is extremely safe, and you’ll also find open-source clients available for Wireguard. On the other hand, if you choose if you choose Lightway, remember you’re also choosing ExpressVPN, as the protocol isn’t currently supported by other providers.

What is OpenVPN? How it Works & When to Use It in 2023

OpenVPN is an open source connection protocol used to facilitate a secure tunnel between two points in a network. In layman’s terms, this means that it is a trusted technology used by many virtual private networks, or VPNs, to make sure any data sent over the internet is encrypted and private.

As we provide more details answering the question “What is OpenVPN“, we’re going to dive deeper into how it works and when you should use it.

It’s not uncommon to visit a VPN website and see them boasting about the fact that they offer OpenVPN as a feature. It’s usually one of a handful of VPN connection protocols you can use.

But what is OpenVPN exactly?

In short, it is arguably the most secure VPN protocol in use today (although the new Wireguard protocol is starting to challenge this statement).

When you connect to the internet, particularly on a public network, there is a risk involved in transmitting sensitive data across the network. This is why it’s considered a best practice to never log into your bank while on public WiFi.

On the other hand, when you connect to a Virtual Private Network, or “VPN”, using the OpenVPN protocol, your data is secured behind a strong encryption.

If there’s a hacker monitoring your network, they won’t be able to break through the security tunnel. Your ISP (internet service provider) won’t be able to read your data and the government won’t be able to spy on you.

You’re now 100% secure online with zero risk of being hacked, right?

No single tool or encrypted connection to the internet can guarantee your security and privacy, and OpenVPN is no different. However, there are good reasons why it is considered one of the most secure connections, which we’ll cover below.

• How OpenVPN Works: The “Rules”
  • Open Source = Trusted Security
  • Is Open VPN Free?
  • What is UDP and TCP?
  • ExpressVPN
  • Surfshark
  • NordVPN
  • Avast Secureline VPN

  Now that we’ve answered the question “What is OpenVPN”, let’s dive into how it works and when you should use it.

  Note: Some of the links in this article are affiliate links, which means that at no extra cost to you, I may be compensated if you choose to use some of the services listed. I only recommend what I personally use and I hope that the free information provides value to you!

  How OpenVPN Works | The “Rules” of Data Paths

  Before we dive deeper into answering the question “what is OpenVPN” and how it works, let’s take a step back to make sure we’re clear on what a VPN protocol is.

  Simply put, a protocol is a set of rules.

  For example, if you leave your home to go out to eat, there are certain things you will consider: the safety of the path, the right mode of transport, what you need to take with you, etc.

  Similarly, when data travels through a channel, it follows certain rules. And there isn’t just one set of rules to follow.

  Just like you can take different paths to the restaurant, your online traffic can follow different “protocols”.

  Perhaps you’ve heard of these protocols before. They usually go by an acronym such as:

  • PPTP – Point-to-point tunneling protocol
  • L2TP – Layer 2 tunneling protocol
  • IKEv2 – Internet key exchange version 2
  • SSTP – Secure socket tunneling protocol

  What is OpenVPN when compared to each of the protocols listed above? There’s really one big difference:

  It is open source.

  More Trusted Security since it’s not Proprietary?

  OpenVPN was developed in 2001 as an open project, which means that anyone can use and critique its code.

  This has given rise to a community of programmers who regularly test, improve, and update the protocol.

  This is the core strength of any open-source software. Since it’s not proprietary code (i.e. owned by one particular company), security experts across the globe have free access to verify that it maintains security.

  In the same way that Wikipedia benefits from the power of community to verify facts and correct any errors, so OpenVPN benefits from this community of security specialists.

  Is Open VPN Free?

  It is possible to use OpenVPN freely since it is open source, which means you are free to use it if you follow the conditions in the software license agreement.

  But while the code is free, it’s worth pointing out that it requires a lot of manual configuration (i.e. requires some tech-savvy know-how). There is no free app you can download or servers across the globe you’ll have access to.

  A paid version of the software exists, called OpenVPN Access Server for businesses or Private Tunnel VPN for consumers.

  Despite these options, the average user ends up using the protocol through a separate VPN provider who will license the software and charge you their own monthly fees. These providers will offer easy-to-use apps for your devices, and some are even great VPNs for your WiFi router.

  In most cases, you will benefit from the free, non-proprietary nature of the protocol while paying to use it through a productized VPN service like ExpressVPN or NordVPN.

  But what is it good for if it’s not super-safe?

  

  What is OpenVPN UDP and TCP?

  You may have seen that your VPN breaks this out as two protocols: OpenVPN UDP and OpenVPN TCP. So what does this mean and what’s the difference?

  OpenVPN UDP stands for User Datagram Protocol and includes rules that allow for a faster connection. More often than not, this will be your default connection simply because it will give you faster internet speeds.

  OpenVPN TCP stands for Transmission Control Protocol which, as the name suggests, maintains greater control over the transmission of data. This results in slower speeds but is usually a more reliable connection.

  If you’re not sure which to choose, it’s best to go with OpenVPN UDP.

  Privacy & Security | Is OpenVPN Safe to Use?

  It’s a legitimate question to ask here:

  Is OpenVPN safe enough to use?

  For starters, it’s helpful to know that OpenVPN is not owned by a corporation. If it was owned by a for-profit company like, let’s say, Facebook’s failed VPN attempt, you can imagine how little trust would exist.

  The security features of a software depend on its parent company as well.

  OpenVPN uses strong ciphers (keys), which make it a strong protocol. Plus, it’s customizable so you can modify it according to your requirements – which is what many VPN services do.

  Most security experts consider OpenVPN to be safe enough to protect you from government spying. What kind of features could guarantee this kind of security?

  • OpenVPN is Adaptable: A key feature of OpenVPN is that it is very adaptable and one version can differ from another. So it is suitable for a number of purposes. Your VPN provider might use a different version than what’s being used by another provider.
  • OpenVPN is Open Source: When software is non-proprietary, there’s often an entire community that’s working on it. When they find a bug, they fix it and they also keep trying to add new features to it. This is the main reason behind the versatility of OpenVPN.
  • OpenVPN Supports Multiple Encryption Standards: There are a number of ciphers supported by OpenVPN. But as a standard, OpenVPN implements 256-bit encryption, although it’s not mandatory (you might have seen some VPN providers offering OpenVPN with AES-128 bit encryption).

  

  • OpenVPN is Versatile: It works on a number of network configurations. So no matter how your VPN provider might choose to set up their servers and connectivity, OpenVPN will be suitable for them.
  • OpenVPN is Platform Agnostic: There are some protocols that are device-dependent. For example, PPTP doesn’t run on Mac computers. OpenVPN, on the other hand, can run on Windows, Mac, Android, iOS, Linux, and other platforms. So if you have multiple platforms and you want to secure all of them, you don’t have to run different protocols on different devices.

  Finally, it’s worth mentioning that OpenVPN has several third-party plugins and scripts to enhance its functionality.

  

  Best VPNs that Use OpenVPN Protocol

  Are you convinced that OpenVPN is a secure connection protocol worth using? If so, unless you’re insanely tech-savvy, you’ll want to check out a quality VPN service that utilizes the OpenVPN software.

  While an OpenVPN protocol isn’t the only essential VPN feature to consider, it’s definitely an important one.

  Here are the top VPN providers I recommend that use OpenVPN.

  ExpressVPN | Recommended OpenVPN Service

  

  ExpressVPN offers its users a few protocols to choose from: PPTP, L2TP/IPSec, it’s own Lightway protocol, and, of course, OpenVPN.

  The app can automatically choose the right protocol for you but they give you the freedom to explicitly choose the protocol yourself. By default, ExpressVPN recommends this order for VPN protocol selection: OpenVPN, L2TP, and PPTP.

  I’ve gone into greater detail in my full ExpressVPN review, but in short, there are several other benefits of using ExpressVPN.

  • They offer fast speeds;
  • ExpressVPN has more than 160 VPN servers across the globe;
  • Multi-platform compatibility (desktop, mobile, TV, game console apps, etc.);
  • Unlimited bandwidth;
  • 5 simultaneous device connections;

  ExpressVPN uses AES-256 bit encryption, which is pretty much the standard across the board for all virtual private networks.

  ExpressVPN is one of the most popular VPN services on the market today and they offer a good 30-day money back guarantee. Give them a try and if you’re not satisfied, get a full refund within a month.

  Surfshark with OpenVPN

  The newer service Surfshark is a consumer VPN that offers OpenVPN, IKEv2, L2TP/IPSec, SSTP, Wireguard and PPTP as options.

  The service boasts high speeds and reliable connections along with several other features. And since they are relatively new in the VPN market (it’s only been a few years since the company was launched), their prices are lower than other industry leaders.

  Interestingly, Surfshark lets you connect as many devices as you want to one subscription. So you need to pay only once and connect all your devices with the VPN.

  You can also get more information in our complete review of Surfshark here.

  NordVPN with OpenVPN

  NordVPN is another popular consumer VPN service that supports OpenVPN, IPSec/IKEv2, Wireguard (called “NordLynx), SSTP, and others

  The NordVPN app lets you choose the right protocol depending on your needs. While OpenVPN is the most secure, they recognize that it can also slow down the connection…so they give you a choice.

  NordVPN provides several additional features apart from OpenVPN security. It has a VPN kill switch and dedicated IP addresses. The service can work on up to 6 devices on a single license.

  NordVPN also offers Double VPN feature so if you’re a journalist looking for additional protection, you can encrypt your data twice.

  Avast SecureLine VPN

  Avast VPN is another VPN that offers OpenVPN alongside the IPSec/IKEv2 protocols.

  Since Avast is a huge name in the cybersecurity industry, you would expect they don’t keep any logs. Unfortunately, they do.

  This means while the government might not know what you’re doing, the VPN company knows when you logged in and when you logged out. And this information can, if required, be handed over to the government.

  While the pricing is a bit confusing, there are plenty of users who love the Avast VPN service and put a lot of trust in the Avast name.

  There is a 7-day free trial of SecureLine and after that, there’s a 30-day money back guarantee. Read my full review of Avast VPN here.

  Final Thoughts| Why Use OpenVPN

  Until Wireguard gains more traction, OpenVPN will remain the standard secure VPN connection protocol.

  It’s not fool-proof, mind you, but it’s the strongest you’ll find on the market right now.

  But that’s not the only reason for using it. Since the protocol is not owned by a single organization, this means you don’t have to worry about competing for-profit motives.

  It is secure, it bypasses firewalls and it’s extremely versatile.

  If you desire a highly encrypted connection to the internet, it’s worthwhile to consider a consumer VPN service that utilizes the OpenVPN software, services such as ExpressVPN, which I recommend, Surfshark or even NordVPN.