First of all, what is this OpenVPN that you might have seen its software before, and not installing it?
OpenVPN is an open-source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS (Note: SSL makes a website secure by encrypting vital information) for key exchange. It is capable of traversing network address translators (NATs) and firewalls. It was written by James Yonan and is published under the GNU General Public License (GPL). It may be important to note that GNU General Public License is a widely used free software license, which guarantees end users the freedom to run, study, share and modify the software.
OpenVPN allows peers (Interconnected nodes) to authenticate each other using a pre-shared secret key, certificates, or username/password. When used in a multiclient-server configuration, it allows the server to release an authentication certificate for every client, using signature and Certificate authority. It uses the OpenSSL encryption library extensively, as well as the SSLv3/TLSv1 protocol, and contains many security and control features. We can esily determine a site is secure when the URL starts with “https” and not just “http”.
OpenVPN has been ported and embedded to several systems. For example, DD-WRT has the OpenVPN server function. SoftEther VPN, a multi-protocol VPN server, has an implementation of OpenVPN protocol.
Private Tunnel VPN is a commercial spin-off of OpenVPN Technologies, a VPN service provider based in the US that, unusually, charges according to data transferred rather than per month.
Features of OpenVPN
OpenVPN uses the OpenSSL library to provide encryption of both the data and control channels. It lets OpenSSL do all the encryption and authentication work, allowing OpenVPN to use all the ciphers available in the OpenSSL package. It can also use the HMAC packet authentication feature to add an additional layer of security to the connection (referred to as an “HMAC Firewall” by the creator). It can also use hardware acceleration to get better encryption performance. Support for mbed TLS is available starting from version 2.3.
OpenVPN has several ways to authenticate peers with each other. OpenVPN offers pre-shared keys, certificate-based, and username/password-based authentication. Preshared secret key is the easiest; with certificate based being the most robust and feature-rich In version 2.0 username/password authentications can be enabled, either with or without certificates. However to make use of username/password authentications, OpenVPN depends on third-party modules.
SecurityOpenVPN can run over User Datagram Protocol (UDP) or Transmission Control Protocol (TCP) transports, multiplexing created SSL tunnels on a single TCP/UDP port (RFC 3948 for UDP). From 2.3.x series on, OpenVPN fully supports IPv6 as protocol of the virtual network inside a tunnel and the OpenVPN applications can also establish connections via IPv6. It has the ability to work through most proxy servers (including HTTP) and is good at working through Network Address Translation (NAT) and getting out through firewalls. The server configuration has the ability to “push” certain network configuration options to the clients. These include IP addresses, routing commands, and a few connection options.
OpenVPN offers several internal security features. It has up to 256-bit Encryption through OpenSSL library although some service providers may offer lower rates effectively making the connection faster. It runs In userspace, instead of requiring IP stack (and therefore kernel) operation. OpenVPN has the ability to drop root priveledges, use mlockall to prevent swapping sensitive data to disk, enter a chroot jail after initialization and apply a SELinux context after initialization.
OpenVPN runs a custom security protocol based on SSL and TLS rather than support IKE, IPsec, L2TP or PPTP. OpenVPN offers support of smart cards via PKC#11 based cryptographic tokens.
OpenVPN can be extended with third-party plug-ins or scripts which can be called at defined entry points. The purpose of this is often to extend OpenVPN with more advanced logging, enhanced authentication with username and passwords, dynamic firewall updates, RADIUS integration and so on. The plug-ins are dynamically loadable modules, usually written in C, while the scripts interface can execute any scripts or binaries available to OpenVPN. In the OpenVPN source code there are some examples of such plug-ins, including a PAM authentication plug-in. Several third party plug-ins also exist to authenticate against LDAP or SQL databases such as SQLite and MySQL.
It is available on Solaris, Linus OpenBSD, FreeBSD, NetBSD QNX, Mac OS X, and Windows XP and Later. OpenVPN is available for mobile phone operating systems (OS) including Maemo, Windows Mobile 6.5 and below, IOS 3GS+ devices, jailbroken IOS 3.1.2+ devices, Android 4.0+ devices, and Android devices that have had the Cyanogenmod aftermarket firmware flashed or have the correct kernel module installed. It is not compatible with some mobile phone OSes, including Palm OS.