Depending on your familiarity with VPNs, you may already know what they do.
However, not many people know so much about the technology they use, including the different types of tunneling protocols, one of which is OpenVPN.
It is no doubt the most popular among the available VPN protocols, which makes it logical to wonder how does OpenVPN actually work?
This article will help you understand what OpenVPN is and how it works. So, be sure to read till the end to find out everything you need to know about OpenVPN.
In this article:
How does OpenVPN work?
OpenVPN is an open-source VPN encryption protocol often used by VPN providers to secure users’ point-to-point or site-to-site connections.
The OpenVPN protocol is useful in client-server communications as it helps to establish highly secure connections between the VPN client and the VPN server.
It uses 🔒 OpenSSL encryption and transmits online data using either the User Datagram Protocol (UDP) or Transmission Control Protocol (TCP).
Simply put, OpenVPN uses either UDP or TCP to establish the connection between devices and servers.
The 2 protocols achieve similar things but in different ways. Let’s break it down:
→ TCP offers a more secure and stable data transfer owing to its error correction features
→ UDP doesn’t offer stable data transfer and error correction features but it’s faster
However, most VPN providers offer OpenVPN over UDP by default.
OpenVPN allows you to easily set up VPNs and also proxy servers, including HTTPS (HyperText Transfer Protocol) proxies.
It also works through NAT (Network Address Translation Firewalls), which are typically set up on internet routers. This compatibility is essential if you want an error-free connection.
In comparison to other VPN protocols, OpenVPN is open-source, which means that third parties can always check and improve where necessary as just an individual enterprise doesn’t own its code.
🛡️ Security and reliability of OpenVPN
It’s one of the most secure protocols out there.
However, in comparison o WireGuard, OpenVPN uses the OpenSSL library to carry out cryptographic algorithms with AES-256.
WireGuard uses fixed modern algorithms in order to avoid misconfigurations that may lead to a breach in security. These eliminate certain security risks.
Overall, both are really safe VPN protocols.
When it comes to security, OpenVPN does better than older protocols like PPTP because it uses AES 256-bit encryption while PPTP uses 128-bit through MPPE cipher which is easily compromised.
Overall, the major difference between OpenVPN and other VPN Protocols is that OpenVPN is open source.
🗃️ OpenVPN components
Below are the components that make up OpenVPN and help it to secure user connections:
1. OpenVPN server
OpenVPN servers are used to facilitate site-to-site setups to connect different networks together.
They can also be connected together to give VPN clients secure access to resources.
2. OpenVPN client
This refers to the software you need to install in order to set up OpenVPN on your device.
3. OpenVPN configuration files
These contain the predefined settings needed to successfully create client-server connections on your device. It’s what most third-party VPN services offer for those who want to set up OpenVPN on routers.
4. Certificate Authority (CA)
Certificate Authority refers to the master authentication file used to authenticate other certificates and keys when establishing connections between VPN clients and a server.
5. Public Key Infrastructure (PKI)
This refers to a set of public and private keys, including the certificate authority needed to authenticate any client-server connection requests.
📥 How to setup OpenVPN
It’s important to note that before an OpenVPN connection can be set up, you do not need an active VPN subscription.
Below are the steps on how to manually install OpenVPN on your device. With a third-party VPN app that uses the OpenVPN tunneling protocol, the process will be automated.
That said, you need to follow a few steps to set up OpenVPN on your devices. Below are the steps:
Step 1. Installing the OpenVPN software
Before you can set up OpenVPN, you need to install the software on your device.
However, the installation process will differ depending on your device. If you are using a Windows PC, here are the steps to follow:
- Press Windows Key + E > This PC > System Properties to check whether your Windows OS is the 32-bit or 64-bit version.
- Go to OpenVPN.net to find the corresponding installer for your system type and download the appropriate one.
- Run the installer and click Customize on the installation page that pops up.
- Scroll down to OpenSSL Utilities > EasyRSA 3 Certificate Management Scripts.
- Click the drop-down menu next to both options, and select the will be installed on local hard drive option.
- Click Install Now.
- Wait for the installation process to complete.
- Search Command Prompt from your Start menu and run as administrator.
- Type cd “C:\Program Files\OpenVPN\easy-rsa” and press Enter.
- Type EasyRSA-Start.bat to launch EasyRSA to configure your certificates and keys.
- Create a directory for the Public Key Infrastructure (PKI) by typing ./easyrsa init-pki and pressing Enter.
- Type notepad vars.bat and press Enter to create a vars.bat file in Notepad.
- Enter the following parameters in the file and save. This will serve as the default template for generating certificates.
- Go back to command prompt, type the following command and press Enter to run it.
Step 2. Generating client certificates and keys
The above steps are necessary to install the OpenVPN client correctly. The next steps are important to generate client certificates and keys.
Follow the below steps to generate the keys, starting with the Certificate Authority (CA).
- Type ./easyrsa build-ca nopass in the command prompt window and press Enter to generate the CA.
- The next step is to generate your server certificate and key by typing ./easyrsa build-server-full server nopass and pressing Enter to run it.
- Type ./easyrsa build-client-full Client1 nopass to create certificates for each client. (If you intend to use OpenVPN on only one device, simply replace Client1 with CN. If you want to set your own password, delete nopass before you run the command.)
- Type ./easyrsa gen-dh to generate Diffie Hellman parameters to complete the setup process.
Step 3. Configuration of the OpenVPN server
Below are the steps to configure an OpenVPN server using UDP protocol and TLS authentication:
- Find the sample configuration file named server.ovpn in the sample-config folder located in the default OpenVPN installation directory (default: C:\Program Files\OpenVPN\sample-config).
- Copy the file to the config folder located in the OpenVPN directory (default path: C:\Program Files\OpenVPN\config).
- Rename the file after you copy it to the required folder.
- Locate the certificates and keys (ca.crt, server.crt, server.key, dh2048.pem) in the easy-rsa folder and copy them to the config folder.
- Then open the config file with notepad and edit the following lines:
to match their correct file paths as they are in the config folder, for example:
ca “C:\Program Files\OpenVPN\config\ca.crt”
cert “C:\Program Files\OpenVPN\config\server.crt”
key “C:\Program Files\OpenVPN\config\server.key”
dh “C:\Program Files\OpenVPN\config\dh2048.pem”
- Then finally, set up the cipher values, UDP or TCP protocol, keep alive parameters, and other preferential configurations. (Your final config file should look like the image below.)
The default parameters in the sample config file cover most of the required settings. However, you need to change the UDP value to UDP4 to ensure that the VPN only connects using IPv4.
Step 4. Configuration of the OpenVPN client
You only need to install the OpenVPN app on all the other client devices.
They’re available for download on the OpenVPN website, having versions for Windows, macOS, Linux, Android, iOS, and ChromeOS.
- Download the install file for your operating system.
- Follow along with the wizard to complete all installation steps.
- Finally, launch the OpenVPN Connect client app on your device.
Once you have installed the app on the devices, move on to step 5.
Step 5. Import client certificate and keys
Now you just need to import the certificates and keys already generated in the steps above.
To do this, simply follow these steps:
- Copy the ca.crt , client.crt and client.key files from steps 2 and 3 above to the config directory of each client device.
- After all the steps are completed, launch OpenVPN by going to the hidden icons tab in your Desktop Taskbar.
- Right-click on the OpenVPN GUI icon.
- Click Connect and it will connect.
OpenVPN Advantages and Disadvantages
As with every technical product, OpenVPN has its own advantages and disadvantages.
Overall, it’s a great choice if you want online security and stability over your VPN connection.
- The OpenVPN protocol offers excellent unblocking features as it can bypass any firewall it encounters easily.
- It is a highly secure protocol owing to its use of high-end ciphers and 256-bit encryption keys.
- It supports a wide range of devices which includes iOS, MacOS, Android, Windows, FreeBSD, OpenBSD, NetBSD, Linux, and routers.
- Allows for a more controlled connection as it uses both TCP and UDP.
- It supports Perfect Forward Secrecy.
- It requires third-party applications for smooth running
- Difficulty during manual setup on some devices and platforms
- Strong encryption may lead to a constant drop in connection speeds.
OpenVPN is one of the only open-source VPN protocols that has its own open-source application.
It’s one of the safest protocols. If you go for a third-party VPN service, it’s advisable that you go for a provider that offers it in order to enjoy a highly secure online experience without fear of hackers.
We hope this guide answers all questions about how OpenVPN works, how to set it up and when you should use it.