Features
Speed & Performance
Ease of Use
Mobile App
Customer Support
Pricing
Inside This Article...
OpenVPN Pros:
- Runs on almost all platforms
- Better security
- Cost advantages
- Supports Perfect Forward Secrecy
OpenVPN Cons:
- Complex manual configuration
- Requires additional software client
OpenVPN is not a typical VPN provider. Instead, it creates the tunnel between the VPN software and the VPN server.
It is an open-source software application that has been designed to create highly secure VPN connections. As it is open-source, this means that it is free to use. So, let’s take a look at whether it is worth your time.
Overview
OpenVPN was developed in 2002 by James Yonan. It is a VPN tunneling encryption protocol that facilitates a secure transmission of your important data using strong encryption.
It is essential to understand how OpenVPN does this. There are two protocols that can be used by the provider; UDP and TCP.
TCP stands for Transmission Control Protocol, which is the more common of the two. It is used to make sure that all of the transmitted data is correctly received.
As the protocol is computer orientated, it will perform text to verify the data transmission. Every time that pieces of data are transmitted via TCP, the centre will await confirmation from the receiver before the next ones are sent.
The second protocol that is available is called UDP, which stands for User Datagram Protocol. This is a fire and forget protocol that is a lot quicker; however, I must warn you that the fastest speed comes at the cost of reliability because there are not any confirmation checks carried out. A lot of the VPN providers on the market today decide to use UDP when setting up OpenVPN. If UDP fails, OpenVPN switches to TCP automatically so that a secure connection can be re-established.
Does OpenVPN sound right for you?
Join and get access to exclusive content, tips and more!
Speeds
OpenVPN is not the fastest protocol available today. However, it is far from slow, and I certainly do not have any complaints regarding the speed.
As mentioned earlier, if you decide to go down the UDP route, you will gain more speed.
Security
Security is the name of the game when it comes to OpenVPN. It has a reputation for being one of the most robust, powerful, and effective encryption protocols on the market today.
There are a number of reasons why this is the case. These include the fact that it can adapt to both TCP and UDP to bypass the toughest DPI and firewalls.
If that was not enough, it also uses IPv6 support, OpenSSL encryption, authentication certificates, and pre-shared keys.
Compared to the other protocols out there for VPN providers today, such as PPTP and L2TP/IPsec, OpenVPN is certainly the strongest choice in terms of security and privacy.
Does OpenVPN sound right for you?
Join and get access to exclusive content, tips and more!
Ease of use
OpenVPN is not the easiest to use. This is why it is advisable to choose a VPN provider that uses OpenVPN, rather than trying to use this protocol as part of your own VPN.
The platform is fully customisable, and it can be tunnelled over additional protocols, for example, SSL and SSH, to make an added layer of security. This means you could use it to create your own VPN if you wanted to.
Nevertheless, if you don’t have a solid IT background, you will probably find it a bit difficult to navigate through the manual configuration process.
Using OpenVPN Connect, which is an open-source GUI client, can make it significantly easier to install and manage.
As OpenVPN is open source, this gives OpenVPN the benefit of a worldwide community of users who share ideas, provide support, and source code to further advance the development of the software.
Does OpenVPN sound right for you?
Join and get access to exclusive content, tips and more!
Is OpenVPN safe to use?
It is safe for you to use OpenVPN, yet OpenVPN encrypted traffic could possibly be identified by using DPI, otherwise known as Deep Packet Inspection.
DPI can be performed at ISP level on behalf of the government.
As a consequence, in parts of the world whereby VPN use is blocked using firewalls at ISP-level, it is vital that your VPN is able to disguise OpenVPN traffic as standard HTTPS. This is typically done through routing OpenVPN traffic over port 443 so that it is disguised as a standard HTTPS.
Obfuscation can also be achieved through other methods, for example, XOT, Obfsproxy, or Stunnel. These have different methods of bypassing ISP firewalls and VPN use. All of these methods are deemed more robust when compared with OpenVPN over port 443.
Therefore, for you to be completely secure in a location whereby it is illegal to use OpenVPN, for instance, Iran, Russia, China, or Egypt, it is essential that the VPN you choose has one of the obfuscation methods that have been mentioned.
This is something you should check into before you subscribe. Moreover, keep in mind that OpenVPN over port 443 could be detected with even moderate DPI, and a more stringent type of cloaking is required.
Does OpenVPN sound right for you?
Join and get access to exclusive content, tips and more!
Unblock streaming services
With OpenVPN, you are going to be able to anonymously get access to a countless amount of online services and websites that are geo-restricted, for example, Gmail, Twitter, Facebook, YouTube, and Netflix.
This is regardless of where you are located. VPNs using OpenVPN have even managed to bypass the Great Firewall of China. This includes top-rated VPN providers like NordVPN and ExpressVPN.
Does OpenVPN sound right for you?
Join and get access to exclusive content, tips and more!
Compatibility
You can use OpenVPN on a wide range of platforms. This includes the likes of Android, iPhone, Windows, and Mac.
Services that use OpenVPN
There are a number of different services that work with OpenVPN. This includes the likes of Proton VPN, PureVPN, IPVanish, and NordVPN. You have also got VPNArea, PrivateVPN, and ExpressVPN too.
You can read my reviews on all of these VPNs so that you can compare them and determine the best one for you based on other features.
Components
As I have already alluded to, OpenVPN is the most secure type of encryption out there, yet certain vital factors are relied on. Unless VPNs get each one of these critical components of the protocol correctly, the security of the entire encryption protocol will crash down. So, let’s take a look at these components:
- The Cipher – There is only one place to begin, and this is with the cipher. This is an algorithm that is used by a VPN for data encryption purposes. Encryption is only ever going to be as strong and effective as the cipher used by the VPN protocol. Blowfish and AES are the most common ciphers that are used by VPN suppliers today. Blowfish has been around since approximately 1993. It is not deemed watertight in regards to security, as it has been cracked on a number of different occasions. Weaker keys are used when compared with AES, yet the main drawback is the 64-bit block size, which is the reason bigger files are difficult to encrypt. The more contemporary form of encryption today is definitely Advanced Encryption Standard (AES). For it to be secure, a minimum of 128-bit is needed.
- Encryption channels – Next, I am going to tell you a little bit more about the encryption channels available with this platform. There are two channels used here: the control channel and the data channel. The components for each are as follows:
- Control channel: cipher + hash authentication + TLS handshake encryption + whether perfect forward secrecy is utilised (and the way it is used).
- Data channel: cipher + hash authentication
- Handshake encryption – The purpose of this is for securing the TLS key exchange. RSE is typically used, but ECDH or DHE can be utilised instead and they also provide PFS.
- Hash authentication – This utilises a cryptographic hash so data can be verified that has not been tampered with. HMAC SHA is usually used in OpenVPN to do this. However, the GCM can supply the hash auth instead if an AES-GCM cipher is utilised.
- Perfect Forward secrecy – PFS is a system whereby a unique private encryption key is created for every session. This means that there is a unique set of keys for every Transport Layer Security (TLS) session. That is why they are called “ephemeral keys” – because they are only used the one time and then they will disappear.
As a consequence, OpenVPN encryption is only going to be as strong as the weakest point. This is why specific requirements need to be met.
The minimum settings that I would recommend are as follows:
- Control channel – An AES-128-CBC cipher with HMAC SHA1 hash authentication, with ECDH-385 handshake encryption or RSA-2048. Any ECDH or DHE key exchange can be used to provide perfect forward secrecy.
- Data channel – An AES-128-CBC cipher with HMAC SHA1 hash authentication. An extra form of authentication is not needed if an AES-128-CBC cipher is utilised.
Customer support
As OpenVPN is not a traditional VPN provider, it does not provide common support channels, for instance, live chat. There is a ticketing system, yet this is only for members.
However, I am pleased to say that there is a huge worldwide community whereby developers and users source code for the program, troubleshoot solutions, and share their ideas and opinions.
There is also a comprehensive FAQ section, as well as a number of set-up guides and a forum, which will work together so you can understand the ins and the outs of the software. You can also troubleshoot technical issues as well.
Pricing
It is not going to cost you anything to use OpenVPN. As I have mentioned plenty of times in this review already, it is not actually a VPN. Instead, it is a free protocol that VPN providers can use.
As a consequence, you can either use it manually to set-up your own VPN or you can select it as an option for a VPN service that you have already subscribed to.
There is a paid subscription option. This is known as the OpenVPN Access Server (OpenVPN-AS). This provides extra configuration tools and installation tools.
Summary
All in all, OpenVPN is not your standard VPN provider. If you are looking for a VPN provider, I have reviewed them all, including ExpressVPN, NordVPN, TunnelBear, and much more.
OpenVPN, on the other hand, is a highly secure protocol that cannot be beaten in the industry. Plus, it is free to use.
In terms of encryption protocols, you’re not going to find better than OpenVPN, and this is why so many VPN providers choose this system. It can get around some of the most stubborn firewalls and ISPS to access sites that have geo-restricted content.
As it is open-source, it is improved on most of the time, and it is compatible with most platforms. I would recommend looking for a VPN that uses OpenVPN, for sure!
Does OpenVPN sound right for you?
Join and get access to exclusive content, tips and more!