Skip to main content

What is OpenVPN?

The OpenVPN Project logo
(Image credit: OpenVPN)

Interested in protecting your online privacy? Then you're probably already using a VPN (opens in new tab) to securely encrypt your web traffic and keep it safe from hackers (and, if you're not, find out why you might need one with our 'what is a VPN?' guide).

The key element of every VPN connection is its VPN protocol - a set of rules which defines everything from how the app securely connects to its server, to the methods it can use to transfer data, and how to close the session when you're finished.

Most VPNs support several protocols - WireGuard, IKEv2, L2TP, SSTP, more - but OpenVPN is far and away the most popular. In this article we'll look at why that is, what OpenVPN gives you, some of the reasons it's better than the competition, and where, maybe, OpenVPN goes next.

How OpenVPN began

In 2001, developer James Yonan was travelling through Central Asia when he needed to remotely connect to his business network. Forced to make unencrypted connections via servers in countries with very shady security practices, Yonan realized how vulnerable his data could be. His answer was to create an open-source project, OpenVPN, to encrypt data and protect it from snoopers.

Francis Dinha was born and raised in Iraq, during the reign of Saddam Hussein. Growing up in a world where expressing anti-government views could result in punishment, jail time, even execution, Dinha learned some harsh lessons about the true value of personal privacy. 

After fleeing Iraq and later arriving in the US, Dinha heard about Yonan's creation and realized the possibilities. The two men talked, and came up with a business plan. In 2001, they founded OpenVPN, and in 2002, the OpenVPN protocol (opens in new tab) saw its first public release.

VPN illustration

(Image credit: Getty Images)

OpenVPN encryption

OpenVPN provides a means of connecting computers together in a Virtual Private Network. That is, even if the computers are remote from each other, in another office, another country, the other side of the world, it can safely connect the systems together via a secure encrypted tunnel.

OpenVPN can create its tunnel using either TCP (Transmission Control Protocol) for maximum reliability, or UDP (User Datagram Protocol) for raw speed, a flexibility that beats some competing protocols, even today.

Communications are managed by SSL/TLS (Secure Sockets Layer/ Transport Layer Security), the same technology used to protect HTTPS websites. That's an advantage if you need OpenVPN to bypass a firewall or some other VPN block, as once it's set up, it's tricky to tell that you're using a VPN. Your online activity just looks like regular web traffic.

OpenVPN benefits from many SSL/TLS features, for example allowing it to confirm you're connecting to a legitimate server, create and share new encryption keys to protect your data for this session, and verify your data hasn't been altered.

Properly implementing modern web encryption is a huge task, and fortunately OpenVPN doesn't try, instead handing off most encryption tasks to the very comprehensive OpenSSL library. That's good news, as OpenSSL is a capable product widely used by many web servers to manage their HTTPS connections. But OpenVPN also uses it to support just about every encryption algorithm, hash function or public-key cryptography technology around: AES, Chacha20, Poly1305, Triple DES, SM4, MD5, SHA-2, SHA-3, BLAKE2, Whirlpool, RSA, Diffie-Hellman, Elliptic curve and more.

OpenVPN infographic showing connections

(Image credit: OpenVPN)

Flexible design

One of the major advantages of OpenVPN is its flexible and configurable design, which gives VPN providers (and, sometimes, users) a huge amount of control over how the service works.

Providers can easily switch OpenVPN encryption algorithms, for instance, maybe optimizing the VPN for security or speed. OpenVPN supports changing network settings, for instance asking your device to use another DNS server. And it supports all the network standards you need. Need IPv6, as well as IPv4 support? OpenVPN can be set up to cope, no problem, and it'll get you connected in most situations.

OpenVPN connections are set up by configuration files which accept many different commands, giving you all kinds of ways to deal with tricky situations.

To take one example: suppose you can't connect, maybe because the server is down. OpenVPN supports setting a custom timeout before it gives up the attempt, so you could maybe wait a long time for servers you know are slow, a few seconds for others. It can set the number of times to retry, and a number of seconds to wait between retries. It can change low-level network settings, maybe helping you get connected on busy networks or over poor-quality connections. It's even possible to specify, say, ten possible servers you could use, each with their own preferred connection settings, and OpenVPN will try them all until it finds something that works.

(These features won't be available from a VPN app unless it's written to support them, so don't be surprised if you see nothing like that from your own provider. But they are supported by OpenVPN.)

Even if the built-in OpenVPN features aren't enough, that's not the end of the story. The protocol can be extended with plugins, scripts and more, giving all kinds of other customization possibilities.

Open source

Another strength OpenVPN is that it's an open-source project. Anyone can download the source code (opens in new tab), check it for problems, add new features or use it to create their own products.

That's helped expand OpenVPN to run on just about every platform, from VPNs for Windows to Mac, Android VPNs to iOS, and almost every flavor of Linux.

Other related open-source projects have grown up around the protocol. Other open-source projects have grown up around the protocol. AirVPN's Eddie is a powerful OpenVPN app with more features than most of the competition, but it's free, open-source and you're permitted to download and use it with any OpenVPN-compatible service. 

All this activity has produced a large community of developers who work on the project, look for bugs and security vulnerabilities, share and come up with new ideas. There's no guarantee OpenVPN won't have problems, anyway, but with more people inspecting the code, it's likely any issues will be caught early.

The transparency of an open-source project is great for trust, too. Premium providers like ExpressVPN are embracing this spirit - it has made the code for its Lightway protocol open-source. Most VPNs protocols aren't open source, and when a provider tells you how great their offering is, you just have to take their word for it (or not, maybe).

With OpenVPN, there's no way anyone could get away with making unrealistic claims or promises, because there are thousands of experts out there who know the truth.

Padlock in front of world map to represent cybersecurity

(Image credit: / Askobol)

OpenVPN's future

OpenVPN has been king of the VPN protocols for a long, long time, but some think its reign might be coming to an end.

New protocols such as WireGuard, NordVPN's NordLynx and the previously mentioned ExpressVPN's Lightway have simpler, more stripped-back designs. They throw out most of OpenVPN's functionality to concentrate only on the core VPN essentials. And although that makes them relatively short on features, there are big compensations, including faster connection times, and (sometimes) a doubling of your download speeds.

The newer protocols have some disadvantages, though. They have fewer features, they're not as widely supported, or available on as many platforms. WireGuard doesn't have as many privacy features as you get with OpenVPN, and as it doesn't support TCP, it may not be as reliable in some situations.

This could mean OpenVPN is no longer the first-choice protocol for most VPN users. If WireGuard works for you, and doubles your speeds, then that's what you should be using.

OpenVPN is still useful as a fallback choice, though, a more reliable and versatile protocol that works even in the tricky situations where others fail. It may not top the protocol charts any more, but OpenVPN's flexibility and feature set mean it'll still be one of the most important VPN technologies around.

Read more on VPN:

Mike Williams
Mike Williams

Mike is a lead security reviewer at Future, where he stress-tests VPNs, antivirus and more to find out which services are sure to keep you safe, and which are best avoided. Mike began his career as a lead software developer in the engineering world, where his creations were used by big-name companies from Rolls Royce to British Nuclear Fuels and British Aerospace. The early PC viruses caught Mike's attention, and he developed an interest in analyzing malware, and learning the low-level technical details of how Windows and network security work under the hood.