8 reasons why OpenVPN should replace your VPN client

Sign up for a new VPN and it makes sense to use your provider's clients. They should work right away, with no setup hassles, and you'll get easy access to any bonus features the service offers: encrypted DNS, ad blocking, split tunnelling, whatever they might be.

But what if your VPN doesn't have any bonus features, or its clients are so feeble and underpowered that they can't deliver the power you need?

OpenVPN could be the answer. It's an ultra-configurable open source VPN client which works with just about any VPN provider that supports the OpenVPN protocol.

It gives you new ways to automate, optimize, control and troubleshoot your connections, and you can use it alongside your existing client, or maybe replace it entirely – it's your call.

The package won't be for everyone, but experienced VPN users in particular could have a lot to gain. In this article. we've listed eight good reasons you might want to give OpenVPN a try.

Just remember: even though you aren’t using a given VPN provider’s client, you still want to make sure you’ve picked one of the best VPN services out there. Because you’re using a VPN company’s servers, you are relying on them to respect your privacy and anonymity—and that means they shouldn’t log your activity. 

1. It's smaller and simpler

OpenVPN doesn't have a flashy interface, and it can't display all your locations on a global map, but its simpler approach to VPN management still has a lot of appeal.

You can connect to any location by right-clicking a system tray icon and selecting your server from a list. There's no need to open a separate VPN console and poke around various windows and tabs – OpenVPN gets you connected in a couple of clicks.

A standard Windows desktop notification lets you know when the VPN is active. OpenVPN's system tray icon changes color, allowing you to check system status at a glance. If you need more, hovering your mouse over the icon displays a tooltip with the server name and your new IP address.

What's more, if you can live with OpenVPN's stripped-back approach, you won't waste system resources by having a regular VPN client permanently running in the background. Although average client RAM use is typically low, we've seen some clients peak at 250MB or more, so any savings on the memory front are well worth having.

2. You get full control of the server list

Most VPN clients display locations in fixed lists which you can't alter or reorganize in any way. That soon becomes annoying if, say, you're forever scrolling through 30 servers to find the only three you ever use.

OpenVPN is much more configurable. Instead of a defined list of servers, for example, you're able to add whatever servers you need. If you only ever connect to four locations, then you can add those and ignore everything else.

The list is sorted alphabetically, but if that's an issue, you're able to edit the server name to order it however you like: by city, country, continent, or some more arbitrary scheme, whatever works for you.

3. Settings apply per connection

The average VPN client gives you a list of connections, and some settings which apply to them all. This approach might seem reasonable, at first, but it can cause major issues in some situations.

Suppose you're having problems with a specific long-distance connection. The provider tells you to go into Settings and change protocol from speedy UDP to the slower but more reliable TCP. This might improve results with your target server, but the new TCP setting will also apply to every other location, reducing performance all round.

OpenVPN uses a separate settings file for every single connection. You can set up some servers to use UDP, others TCP, or even offer both options in the server list ('London - UDP', 'London - TCP'). Each connection can use whatever settings it needs to work best.

Once you're happy with a connection setup, you can import the settings file into an OpenVPN installation on another device, or share it with other OpenVPN users. They'll be able to add it to their connection lists, and use it right away.

4. Use fall-back connections

A VPN won't always connect to the server you need, particularly if it's far away or under heavy load. Normally this leaves you with only two options: try the connection again, or manually select something else.

OpenVPN can help with its connection profiles – groups of settings which give the program several ways to connect to a server.

A profile might start by trying the regular UDP connection you'd ideally like to use. But this could then revert to a TCP connection, then something specifying another server, then adding a few other troubleshooting tweaks…

Point OpenVPN at the profile and it will try each one sequentially until it manages a successful connection. You won't need to keep hitting Connect anymore, because the program should be able to deal with most errors all on its own.

5. Access multiple VPNs from one app

Your favorite VPN might not always do everything you need, and sometimes it can make sense to install other services for specific tasks: here's one with a country you require, another that unblocks Netflix, maybe a free VPN as a backup, whatever makes sense.

The problem with this strategy is you'll need to access these services via their own individual clients, and maybe even have them all running permanently in the background.

As long as your installed VPNs all support OpenVPN, there's a good chance you can import the connections you'll use from each individual VPN, then combine and launch them all from a single menu.

Renaming your connections to include the provider will help remind you what's going on: 'ExpressVPN - London', 'IPVanish - New York', 'VyprVPN - Netherlands', whatever they might be.

The end result could save you a lot of time, and free up resources by reducing the need to have other VPN clients installed.

6. Troubleshoot problems with logs

VPN connections don't always run smoothly (you've probably noticed). Some servers seem to be offline most of the time, or maybe you're seeing connections drop. Understanding what's going on can be difficult, especially if your VPN client hides the details away to avoid scaring less technical users.

OpenVPN is much more upfront about its operations. A log window displays what's happening as you're connecting to the server, and you can display the connection log at any time in a couple of clicks.

One benefit of viewing the logs is that you're able to see how a connection has been set up. Take a look at these two lines:

Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

You don't need any OpenVPN expertise to recognize the reference to 256-bit AES encryption, and the logs include many other details on what your VPN is doing.

Better still, if you have problems later, the logs will give you a clear idea of the connection state, and might include errors or status messages giving you some clue about the cause.

7. Run useful scripts

One of OpenVPN's most valuable features is the ability to run custom scripts when your VPN connection state changes.

You could use scripts to manage your applications, perhaps automatically launching a torrent program when you first get connected, and forcibly closing it if the connection drops.

If some of your applications don't work as they should under a VPN - maybe you're not able to send emails – you might be able to use scripts to reconfigure them, or just close the app while the VPN is running and restart it when you disconnect.

Experienced users may be able to use scripts to solve VPN issues. Are you having problems with the DNS cache, for instance? Get OpenVPN to run the following command when you connect or disconnect, and hopefully all will be well:

ipconfig /flushdns

Whatever your issue happens to be, the ability to run scripts will often give you a way to address it, or at least automate some kind of workaround.

8. Advanced connection tweaks

VPN providers often boast about their clients being "easy to use", but that's usually code for "incredibly basic with almost no features".

Networking experts who switch to OpenVPN can get far more detailed and low-level control over their VPN connection.

This starts with the basics – protocols, ports, retry rules – although even here, there's more depth and power than you might expect. (IPv6 support, for instance? No problem).

You get all kinds of options for setting and configuring network routes, and defining exactly which traffic you'd like to be redirected through the VPN.

There's support for setting and adjusting your MTU, TCP send and receive buttons, which could deliver significant performance gains in some situations. If that sounds too much like hard work, no problem: OpenVPN can even run tests to figure out the best MTU value to use.

Other commands can help you detect connection failures, maybe close the VPN if the tunnel isn't being used, or even limit VPN speeds to ensure tunnel traffic doesn't grab all your bandwidth. This isn't always easy to set up, and networking expertise is definitely required, but if that's not an issue, using OpenVPN gives you all kinds of extra possibilities.

Mike Williams
Lead security reviewer

Mike is a lead security reviewer at Future, where he stress-tests VPNs, antivirus and more to find out which services are sure to keep you safe, and which are best avoided. Mike began his career as a lead software developer in the engineering world, where his creations were used by big-name companies from Rolls Royce to British Nuclear Fuels and British Aerospace. The early PC viruses caught Mike's attention, and he developed an interest in analyzing malware, and learning the low-level technical details of how Windows and network security work under the hood.