What is OpenVPN, and how does it work? | NordVPN (2024)

What is OpenVPN?

OpenVPN, or Open Virtual Private Network, is an open-source system that creates a private and secure tunnel between networks. It refers to multiple different but related things:

• The open-source OpenVPN protocol used to create encrypted tunnels between networks and establish a VPN connection.
• The OpenVPN software (VPN client) that uses the OpenVPN protocol.
• The OpenVPN company that supports open-source code and offers its own commercial VPN products.

While the OpenVPN name is attached to both the software and the company, the OpenVPN protocol is used in most modern VPN solutions, including NordVPN. Therefore, this article will focus on OpenVPN as a tunneling protocol.

How does OpenVPN work?

OpenVPN creates a secure tunnel for data traffic to pass between the VPN client and server. This process includes authentication of the VPN client and server, creation of a VPN tunnel, data encapsulation and encryption, and data traffic transmission.

OpenVPN works with different authentication methods and encryption algorithms and can secure both TCP and UDP traffic. All the customization makes it a preferred and secure choice for many VPN setups.

1. Authentication

OpenVPN uses various VPN authentication methods to verify the identity of a VPN client and server. These methods usually include a combination of user credentials, digital certificates, and public key infrastructure.

2. Tunnel setup

Once the identity is verified, OpenVPN creates a VPN tunnel between the VPN client and server. Predominantly, OpenVPN uses Secure Sockets Layer/Transport Layer Security (SSL/TLS) to establish the tunnel, but other protocols can also be used.

3. Encapsulation and encryption

OpenVPN wraps the data packets within additional layers to include routing information, identify the source and destination of the data, and apply security measures such as encryption.

OpenVPN is versatile – you can set it up to use different cryptographic algorithms and key lengths. Encryption ensures that the data traffic passing through the VPN tunnel is hidden from third parties, including your employer, internet service provider (ISP), hackers, and advertising companies or agencies.

4. Data transmission

Encrypted traffic passes through the VPN tunnel to the VPN server, where it is decrypted and routed to its further destination.

Since the traffic passes through an intermediate server, the further destination doesn’t see the source’s IP address – it sees the IP address of the VPN server instead.

What is the difference between a VPN and OpenVPN?

A VPN is a service that protects your internet connection, while OpenVPN is one of the tunneling protocols helping VPN services do that.

Anyone can use the OpenVPN open-source code client to set up their VPN connection. Most VPN providers include the OpenVPN protocol in their software. However, while OpenVPN refers to one tunneling protocol, a VPN provider can offer multiple VPN protocols, such as WireGuard® and IKEv2/IPsec.

Is OpenVPN safe?

Yes, OpenVPN is one of the safest VPN protocols. It uses SSL/TLS to ensure data security and has access to the OpenSSL library for further customization, including additional security features.

The OpenVPN protocol includes perfect forward secrecy, ensuring that even in the case of a data breach, not all data would be compromised. And it’s possible to use OpenVPN with both TCP and UDP protocols, so you can switch to TCP when you prioritize security (and UDP when you need fast speeds).

OpenVPN is also an open-source protocol, so its code is transparent. Anyone in the OpenVPN community can look up bugs and suggest fixes. However, it makes it easier for hackers and security researchers to find and exploit its weaknesses.

It supports various cryptographic algorithms and settings. So, the choice of encryption ciphers and key lengths also impacts OpenVPN security. That’s why proper OpenVPN implementation is crucial, and choosing a VPN service and client is as important as choosing your preferred secure VPN protocol.

What is OpenVPN used for?

The OpenVPN protocol is versatile and has many different applications. The most common OpenVPN uses include:

• Setting up a VPN connection. The primary purpose of OpenVPN is to establish a VPN connection – to create a tunnel between networks for secure data transmission. VPN tunnel is what separates a VPN and proxy, and protocols like OpenVPN are what makes VPN tunnels. So, the OpenVPN protocol can be used anywhere a VPN connection is needed, such as accessing a virtual server or creating a private network.
• Encrypting data over the internet. Apart from creating an encrypted VPN tunnel, OpenVPN uses cryptographic algorithms to encrypt the data that passes through that tunnel. This encryption makes OpenVPN an excellent choice for sending and receiving sensitive data over the internet, securing VoIP and video conferencing, browsing privately, accessing public Wi-Fi securely, and securing communication of IoT devices.
• Enabling and securing remote access. Establishing a VPN tunnel and encrypting data in transit also makes OpenVPN perfect for enabling and securing remote access to internal networks. Companies, universities, and other institutions can use OpenVPN to allow and control access to their networks from remote locations.
• Establishing site-to-site VPN connections. Similarly to remote access, institutions can use OpenVPN to connect entire networks or multiple remote offices securely over the internet. It interconnects corporate offices or data centers and enables them to securely share resources, platforms, and data.

What are the differences between OpenVPN UDP and OpenVPN TCP?

OpenVPN works over both TCP and UDP, and most VPN clients allow you to choose which protocol to use.

The transmission control protocol (TCP) establishes the connection between the sender and receiver, thoroughly authenticating the data packets in transit so they reach their destination intact.

The user datagram protocol (UDP) sends the data packets without establishing the connection between the sender and receiver. It doesn’t guarantee that data packets reach their destination. It makes UDP faster but less reliable than TCP.

Is OpenVPN better than other VPN protocols?

The answer depends on what you need the VPN protocol for.

OpenVPN is better than obsolete VPN protocols, like PPTP. And in terms of security, OpenVPN is better than most VPN protocols. But that’s not the only thing you should consider when choosing a VPN protocol.

IKEv2/IPsec, for example, could be a better choice for mobile devices. And if you care about connection speed, WireGuard® is much faster than other VPN protocols. It has also significantly improved over the last few years, reaching security on par with OpenVPN.

For a more detailed overview, check out our comparison of VPN protocols.

What are the pros and cons of OpenVPN?

OpenVPN is an excellent VPN protocol, but you should still consider its advantages and disadvantages before you choose OpenVPN as your go-to VPN protocol.

Is OpenVPN free?

Yes, the OpenVPN protocol is free in the sense that it’s an open-source solution anyone with enough tech skills can modify and use for their needs. For example, you could use freely available OpenVPN code to create a VPN server from your old computer.

There’s also a free OpenVPN client you can install and configure to establish a connection to your chosen VPN server, be it your own server or VPN servers available to you with your VPN subscription.

Should you choose OpenVPN?

If you use a premium VPN provider, chances are you can choose the VPN protocol you want to use. So, should you choose OpenVPN if you have that option?

Once again, it depends on what you use a VPN for. If it’s mostly for streaming, gaming, or other bandwidth-heavy activities, security may not be your top priority, and no protocol can beat NordLynx for speed. But if you deal with sensitive data and security is crucial, you can opt for OpenVPN. For the same reason, choose OpenVPN TCP over OpenVPN UDP.