Possibly one of the safest information security technologies ever developed, OpenVPN is a technology developed for creating encrypted virtual private network tunnels. Amongst the various tunneling technologies currently available for use OpenVPN is revered for its various advantages including completely bypassing firewalls, unbreakable virtual tunnel, strongest encryption, plus, simplicity & ease of use. OpenVPN allows users to verify themselves using one of three methods using either a pre-shared secret key, certificates or usernames/passwords and if necessary a combination of three to join the secure OpenVPN network.
In OpenVPN review that follows we will discuss the technology itself, how it encrypts your data, which providers fully supports OpenVPN tech, top OpenVPN apps and latest OpenVPN mods. Be not worried, in case you don’t understand something or is too techy just leave a comment below and I will try to make it as easy as possible for you.
What is OpenVPN Protocol?
OpenVPN is an open source technology developed in 2002 by renowned programmer James Yonan. OpenVPN protocol was developed to strengthen site-to-site and point to point connections majorly for business users who connect to corporate networks from remote locations. OpenVPN was designed with a “custom” data security protocol that uses TLS/SSL cryptography (encryption) to secure online communications and data transfers.
OpenVPN Security Architecture Review
OpenVPN is considered one of the most secure & powerful tunneling protocols for the security it provides for authentication using pre-shared keys, usernames&passwords, and authentication certificates. Depending on the importance of OpenVPN connection, technology can use a mix of three to authenticate users making it really secure. To power its own encryption, developers of OpenVPN programmed the protocol to use the C Language based OpenSSL(a mod of SSL/TLS) encryption library.
OpenVPN Encryption Review
OpenVPN can be used in conjunction with a wide variety of ciphers, cryptographic hash functions, and public-key cryptography standards. These include:
- Ciphers– The method used to encrypt data passing through the OpenVPN tunnel.Famous methods include AES, Blowfish, Camellia, SEED, CAST-128, DES, IDEA, RC2, RC4, RC5, Triple DES, GOST 28147-89.
- Cryptographic hash functions–The method used to store large amounts of databy converting it into alphanumeric code and saving it into tables. Every time data is required again a unique code is assigned to fetch it again.Commonly used hash functions include MD5, MD4, MD2, SHA-1, SHA-2, RIPEMD-160, MDC-2, and GOST R 34.11-94. Below is an example of a simple cryptographic hash function:
3. Public-key cryptography–The method used to authenticate or identify users over the OpenVPN network.Every OpenVPN user is assigned a public key& a private key.While the public key identifies the recipient of data, the private key is used by the recipient to decrypt the data. Most prominent implementations include RSA, DSA, Diffie–Hellman key exchange, Elliptic curve, GOST R 34.10-2001.
Since it uses the OpenSSL library OpenVPN can encrypt data with up to 256 bit encryption keys. This is the standard of online encryption being used by banks, army personnel, intelligence agencies and corporate networks.Lower encryption keys can be used to make connections faster especially provider who are catering home users.
Before moving on lets quickly grasp the concept of private & public encryption keys. Since computers only communicate in binary language,a device using OpenVPN will create anauthentication key comprising of 0’s and 1’s. Hence, a 256bit encryption key implies that the correct combination is made up of formula 2256.
To access data encrypted with 256 bit encryption keys there are ‘1.1579208923731619542357098500869e+77’ mathematical possibilities to crack.
OpenVPN Authentication Review
As mentioned above OpenVPN uses 3 techniques to authenticate users namely pre-shared keys (explain above), authentication certificates,and usernames & passwords.
Pre-shared keys are usually easy, preferred and used by most OpenVPN providers for fast authentication.Also known as asymmetric cryptography, OpenVPN issues two keys including a public key and a private key. While the public key is sent out every time you communicate online with a website, a server or another person, private keys are only known to the recipient & sender.
This file usually accompanies the OpenVPN configuration files that your VPN service provides after subscriptions.
Certificate authentication is known to be the strongest and “feature rich” method according to the OpenVPN project website and its creators. Now this is going to be a bit techy for some but bear with me. Public key authentication certificates(aka. Digital Certificates& Identity Certificates) are electronic documents used together with pre-shared keys to identify the owner(s) of the key.
A sample OpenVPN Certificate issued by my VPN provider
Every authentication certificate contains information related to the key, identity of the owner(the VPN user), and the digital signature of the issuer(the VPN service provider).Every time you access a website with OpenVPN, your VPN service will authenticate the website using its certificate to confirm it is the actual website that you requested and verify its private key to decrypt the data.
Usernames & Passwords
Lastly, usernames & passwords are a common method used to identify users in addition to certificates and pre-shared keys. Using credentials is dependent on your VPN provider’s software since the Connect client uses certificates and pre-shared keys.
OpenVPN Extensibility Review
Don’t be confused by the term “extensibility”, it simply means the ability to modify the framework (apps and technology)to enhance security, authentication, speed, firewalls and other features. If you have used any VPN service with OpenVPN before, the modified OpenVPN GUI that the provider offers is an example of extensibility of OpenVPN technology.
OpenVPN Connect Review
The official OpenVPN Windows, Android, iOS, Linux and Mac app/client is known as OpenVPN Connect.The client is open-source and can be modified by anyone in accordance their own requirements for authentication, firewalls and other more intrinsic features. It may be a bit difficult using for the first time,but once you get the hang of it, OpenVPN Connect possibly the most convenient VPN app yet.
If you look on the snapshot on the right, which is just how simple OpenVPN connect is. This app is a pretty straight forward to install and use, but with minimum features at your disposal. The latest version of OpenVPN 2.4.1 was released on 3rd March 2017 and is available on OpenVPN project website.
Once you have installed the app you will require what are known as OVPN or OpenVPN Configuration files(server addresses), authentication certificates and a private key. Although free ones are available, I would recommend using a premium OpenVPN service. OpenVPN Connect’s simple interface offers basic use that is import OVPN files, setup proxy servers, configure certificates and connect.
Viscosity OpenVPN Review
Viscosity is a modified OpenVPN app from Australian software developer SparkLabs. Released back in 2008, Viscosity offers an easy to use OpenVPN client allowing beginners to easily use the tech. Viscosity is also an excellent choice for IT professionals and “power users” providing them a fast and easy to use OpenVPN client.
Viscosity’s OpenVPN app offers wide cross-platform compatibility over most versions of Microsoft Windows and Mac. Viscosity doesn’t provide access on mobile devices including Android and iOS. Do remember that Viscosity is free for 30 days and then you have to buy the app for $9 (either Windows or Mac) and the multi-platform software is $14 (Windows & Mac). Even with the Viscosity OpenVPN software you will still need a VPN service to get OVPN files to connect securely.
SecurePoint OpenVPN Review
Germany based security solutions provider, SecurePoint, offers its own mod of OpenVPN Connect software. SecurePoint’s OpenVPN client is free to download from the official website, SourceForge and GitHub. SecurePoint OpenVPN is usually made available with all of the company’s UTM products including the VPN service.
A brilliant feature of SecurePoint OpenVPN client is that it can be configured using other VPN providers’ servers in case you don’t wish to buy SecurePoint’s VPN subscription. The software is configured for both English & German languages for ease of access apart from amazing features including:
- A Configuration Assistant that allows easy setup of VPN connections
- Automatic configuration ofSecurePoint VPNGateways
- No requirement to run client with Administrator Rights, any user on a device can use it
- Brilliant UI for managing multiple VPN connections
- Ability to use multiple VPN connections with one account
- Logsfeature to analyze traffic and data transferred
- Allows importing third-party OpenVPN configurations
- HTTP proxy options with authentication (NTLM etc.), plus much more for expert level users.
I really loved the user interface of SecurePoint OpenVPN software. The excellent Setup Wizard allows manually configuring your VPN servers so easy.Importing my existing VPN provider Config files was so easy I could have my mother setup SecurePoint without any help. The client also didn’t ask me to provide authentication certificates and private key, it just loads them every time by itself unlike the Connect software.
The SecurePoint OpenVPN client is easier to setup, use and manage, the best feature being the client can pop out unlike the OpenVPN Connect client that stays in the taskbar. I would highly recommend OpenVPN user’s to try out this really amazing and best of all free of cost OpenVPN mod from SecurePoint.
OpenVPN Router Review
OpenVPN support is not built-into most routers, especially the modem/routers home users’ are provided by their ISPs. To use OpenVPN on a router you will be required to plug-in an additional router to your ISP modem. Usually, OpenVPN support is available over DDWRT and Tomato enabled routers. DDWRT & Tomato are two most famous router user interfaces that allow you to use OpenVPN in addition to other security features.
We have already published a detailed article on the best Tomato routers for 2017, check out our countdown and find out if Tomato is the best solution for your home or office. Renowned router website FlashRouters lists the following as the best 4 DDWRT interface powered routers and we`d also tested it while writing openvpn review:
- NetGear Night Hawk R7000
- Linksys WRT1200AC AC1200
- Asus RT-AC56U AC1200
- ASUS RT-N16
For the purpose of comparison you can also check out my selected list of the best NetGear routers of 2017 that you can use with OpenVPN.
OpenVPN Device Compatibility Review
OpenVPN is a widely used technology that you will find across schools, S&M size offices, corporations, scientific facilities, secure data banks etc. This wide use tech is highly attributed to its cross platform compatibility with a huge range of devices that run:
- Blackberry 10,
Possibly, the best feature from OpenVPN Project was maintaining the opensource license allowing other developers to work on the technology to make it easier to use and configure. The open license also allows device manufacturers to embed OpenVPN compatibility to their devices.
In a Nutshell
Wishing you well and hoping you got a basic idea about the OpenVPN technology and how it operates. If you have questions, ideas for improvement or any other feedback for us we would be delighted to hear from you. Drop us a comment in this openvpn review blog and we will get back to you ASAP.
DO remember to like and share the article using the social buttons, see you again soon with something new.