OpenVPN is a fast, secure open-source SSL virtual private network encryption protocol.
Sounds like gibberish? You’re in luck!
In this 6 minute article we de-jargonize and explain everything you need to know about OpenVPN.
What is it, who uses it (who doesn’t) and why.
We also give you a glimpse at some up and coming rival VPN protocols, set to dethrone OpenVPN!
Whether you’re trying to compare OpenVPN with IPsec or PPTP or just want to setup your VPN service with the best protocol to unblock geo-restricted content, we have your back.
The quick install & app setup + compatibility with Windows, Mac, iOS, Android and even Linux means that you too can easily take advantage of OpenVPN.
Are you sick of unreliable, slow free VPNs? Tired of seemingly half the world looking over your shoulder?
What is OpenVPN
If VPNs are a network of hidden tunnels, then OpenVPN is the tunnel itself! It creates the tunnel between the VPN software and VPN server.
First developed by James Yonan back in 2002, OpenVPN is a VPN tunneling encryption protocol. It facilitates a secure transmission of your valuable data via a 256-bit OpenSSL encryption.
That’s military grade encryption!
OpenVPN uses one of two protocols to do so: TCP and UDP.
TCP (Transmission Control Protocol)
TCP is one of the internet’s most commonly used protocols. It is used to guarantee all the data transmitted is received properly. As a computer orientated protocol, TCP performs checks to verify the transmission of data. Each time bits of data is transmitted via TCP, the sender awaits confirmation from the receiver before sending the next ones.
UDP (User Datagram Protocol)
UDP, a “fire and forget” protocol is much faster, at the cost of reliability (no confirmation checks performed). Most VPN providers chose to setup OpenVPN via UDP by default. If UDP fails, OpenVPN automatically switches to TCP in order to reestablish a secure connection.
OpenVPN then uses the SSL/TLS handshake protocol for key exchange. Keys are what, figuratively, lock your data away from 3rd parties and spying eyes. Only the devices with the two keys are able to unlock the 256-bit encrypted data. This protocol can’t read or modify your data, it’s only there to lock it and exchange the keys between your device and VPN server.
In other words, here’s what OpenVPN can provide:
- tunnel any IP subnetwork or virtual ethernet adapter over a single UDP or TCP port
- use all of the encryption, authentication, and certification features of the OpenSSL library to protect your private network traffic as it transits the internet
- use any cipher, key size, or HMAC digest (for datagram integrity checking) supported by the OpenSSL library
- use static, pre-shared keys or TLS-based dynamic key exchange
Putting it all together, OpenVPN is the software that transmits your data over either UDP or TCP, while encrypting it via 256-bit encryption OpenSSL library code & using an SSL/TSL key exchange.
It’s important to remember that OpenVPN is not a standalone VPN provider, it’s only a protocol. You still need access to whatever device or server you’re trying to connect to. Most of us don’t have servers in 100 countries, hence we pay a VPN provider the right to use theirs.
Why do VPNs use OpenVPN?
More than 90% of VPN providers default to OpenVPN. With half a dozen other protocols available, that’s a strong sign.
So what makes OpenVPN this popular?
The quick answer:
- Very secure; Has never been hacked
- Very stable; Connection drops are few and far between
- Fast; Though not the fastest, speed decrease is only slightly noticeable
- Compatible; Strong desktop support, works on all mobile OS
Here are a few VPN services you may have heard of, that use OpenVPN as their default encryption protocol:
But not all providers do. Some prefer to use their own, proprietary encryption protocols.
We strongly recommend against VPN services that use their own proprietary closed-source encryption protocol and do not let you switch to using OpenVPN.
Proprietary is the last word you want to read in the context of privacy and online security. Anything proprietary is secret. Anything secret, lacks oversight.
If a VPN provider doesn’t offer you access to switch off from their proprietary protocol, it’s means they are doing something they don’t want you to know about.
All the VPNs below, coincidentally, have scored very low in our overall best VPN rankings. We do not recommend any of them.
- Hoxx VPN
- Browsec VPN
How to Setup and Use OpenVPN
You have three options if you have chosen to go with the most popular VPN protocol.
Connect to OpenVPN Automatically
This is the easiest and our recommended method to use OpenVPN.
You can download the app your VPN provider has created for your device (Windows, iOS, Linux etc.) and let their software do all the necessary configurations.
If you have chosen one of our top picks, your VPN connection will be established via OpenVPN by default.
With NordVPN, our favorite service provider, connecting via OpenVPN is as quick as installing their app and clicking on the country you want to connect through.
Connect to OpenVPN Manually
We highly recommend you to use your VPN provider’s software to connect automatically. Establishing a manual connection is much slower and offers no benefits.
With a manual setup, you’re simply going through the same steps, by hands. The downside is that you’ll have to repeat them all each time you want to change servers or reconnect.
If you need to connect manually, we recommend you to follow the setup tutorial by your VPN provider.
Check out NordVPNs Window 10 OpenVPN manual connection tutorial. As you’ll quickly see, the process is much more complicated than letting their software handle it for you.
Connect to OpenVPN Manually (without a VPN provider)
The third and last option is establishing a manual connection between two devices or servers you own. You’ll need to follow these steps if you have opted against paying for a VPN provider.
Please bear in mind you’ll need to have experience in networking and know what you’re doing. This is only aimed at professionals.
If you just want to watch Netflix in peace, unblock some media websites or up your privacy; this is not for you.
If you’d like a detailed breakdown of the major VPN protocols in use today, please head to our comprehensive article on the most used VPN protocols.
Here’s a quick overview of them and how they compare:
|High security (might be weakened by NSA)
|Speedy, due to low encryption
|Medium, due to double encapsulation
|Not yet stable
|Strong desktop support, but mobile could be improved. Requires third-party software.
|Strong Windows desktop support.
|Multiple device and platform support.
|Multiple desktop and mobile OS support. No native operating system support.
|Linux, being built for other platforms and operating systems.
|Windows-platform, but works on other Linux distributions.
|Limited platform support beyond Windows and Blackberry
|Most recommended choice. Fast and secure.
|Native on Windows. Weak security. Useful for geo-restricted content.
|Versatile and secure. A decent alternative to OpenVPN.
|Up and coming. Flexible, fast, and secure. A great alternative to OpenVPN.
|Has promise to be fast and efficient. Still in development.
|Faster and more secure alternative to PPTP and L2TP.
|Secure, stable, and mobile-oriented.
Viable alternatives to OpenVPN are SoftEther, WireGuard and L2TP/IPsec.
1) SoftEther VPN Protocol
Developed by Daiyuu Nobori’s for his master’s thesis research, SoftEther is a free, open-source VPN protocol and VPN software. The protocol is very secure and the VPN software allows the usage of all major VPN protocols (SoftEther, OpenVPN, L2TP/IpSec etc).
It’s compatible with many operating systems, but more importantly, SoftEther offers a great amount of security and, according to its developer, achieves speeds 13 times higher than OpenVPN.
After eight years of development, SoftEther was released in 2014. It’s fairly new and green. Further, its implementation isn’t as quick and simple as OpenVPN. Due to this, wide adoption has been stalled and most VPN providers do not yet support SoftEther.
We anticipate more and more providers to start adopting SoftEther in the near future.
2) WireGuard VPN Protocol
Wireguard is an innovative state of the art free, open source software and VPN protocol.
Among the three alternatives, Wireguard is by and large the most impressive, likely to unseat OpenVPN in the coming years.
Officially released in 2018, WireGuard has received praise and has been gaining a great amount of attention in the VPN community.
In terms of security it rivals OpenVPN and Softether. When it comes to speed, it outperforms both.
Wireguard aims to be the simplest yet most efficient VPN protocol.
The only downside is that it’s still in heavy development, likely to remain so for now.
Unfortunately, this means that no VPN provider will risk adoption at this stage. We can’t wait to see what the future holds for WireGuard!
3) L2TP/IPsec VPN Protocol
L2TP (Layer 2 Tunneling Protocol) is a VPN protocol that lacks a strong enough encryption for standalone use. For this reason, it’s paired with IPsec.
IPsec (Internet Protocol Security) is a flexible and secure end-to-end protocol.
In conjunctions, these two protocols establish secure connections. The downside is that L2TP sometimes has issues with firewalls as it uses a port that firewalls can easily block.
Further, some reports suggest that the NSA has been able to weaken this protocol suite. For this reason, its recommended use is for purposes of anonymous internet browsing.
You wouldn’t use L2TP/IPsec to transfer vitally important company financial data for example.
Is OpenVPN the best VPN protocol?
Jack of all trades, master of one; security.
SoftEther is going to be much faster. Wireguard even faster than that, but also simpler, leaner and more useful.
At the end of the day, no other VPN protocol has been in constant use for 18 years, scrutinized by developers all over the world deflecting thousands of infiltration attempt by hackers and government agencies alike.
Is OpenVPN on the way out? Let’s revisit in five years. For now, OpenVPN is here to stay.
We are confident recommending this protocol to all VPN users. The second that changes, we will let you know.