Possibly one of the safest information security technologies ever developed, OpenVPN is a technology developed for creating encrypted virtual private network tunnels. Amongst the various tunneling technologies currently available for use OpenVPN is revered for its various advantages including completely bypassing firewalls, unbreakable virtual tunnel, strongest encryption, plus, simplicity & ease of use. OpenVPN allows users to verify themselves using one of three methods using either a pre-shared secret key, certificates or usernames/passwords and if necessary a combination of three to join the secure OpenVPN network.
In OpenVPN reviews that follows we will discuss the technology itself, how it encrypts your data, which providers fully supports OpenVPN tech, top OpenVPN apps and latest OpenVPN mods. Be not worried, in case you don’t understand something or is too techy just leave a comment below and I will try to make it as easy as possible for you.
What is OpenVPN Protocol?
OpenVPN is an open source technology developed in 2002 by renowned programmer James Yonan. OpenVPN protocol was developed to strengthen site-to-site and point to point connections majorly for business users who connect to corporate networks from remote locations. OpenVPN was designed with a “custom” data security protocol that uses TLS/SSL cryptography (encryption) to secure online communications and data transfers.
OpenVPN Security Architecture Review
OpenVPN is considered one of the most secure & powerful tunneling protocols for the security it provides for authentication using pre-shared keys, usernames&passwords, and authentication certificates. Depending on the importance of OpenVPN connection, technology can use a mix of three to authenticate users making it really secure. To power its own encryption, developers of OpenVPN programmed the protocol to use the C Language based OpenSSL(a mod of SSL/TLS) encryption library.
OpenVPN Encryption Review
OpenVPN can be used in conjunction with a wide variety of ciphers, cryptographic hash functions, and public-key cryptography standards. These include:
OpenVPN can be customized to use a selection of different ciphering technologies, depending on the need some are so complex that not every VPN provider chooses to implement them.
AES – Advanced Encryption Standard
The successor of the old DES standard, AES (Advanced Encryption Standard) also known as Rijndael, was adopted by the US National Institute of Standards and Technology in 2001. The brainchild of two Belgian programmers, AES allows creating blocks of 128bits compared to DES which could only create blocks of 64bits.
Once data is encrypted with AES, it can use key lengths of 128, 192 & 256 bits, allowing the end user to deploy strict security if the data is sensitive in nature. AES is a symmetric-key algorithm, which simply means that it uses the same key to encrypt & then decrypt the data. This allows faster encryption, transfer and decryption of data, especially for large size data.
Most VPN providers provide AES as the default standard within their services.
Designed by cryptographer & computer security expert Bruce Schneier to replace the old DES implementation, Blowfish is also a symmetric ciphering standard. Less used & known than its AES counterpart, Blowfish remains one of the few encryption standards that remains unbroken. Although the block size for Blowfish is 64bit, it can use key lengths between 32 & 448 bits. Blowfish is also immune to the many issues you will find in other encryption standards.
Impossible to decrypt & conduct cryptanalysis on, Blowfish was the runner-up when AES was chosen as the signature encryption standard by NIST. Blowfish is impossible to crack and is considered more secure that AES itself. The creator left the algorithm unpatented leaving it in the public domain open for anyone to use.
Several VPN providers have begun moving on to Blowfish from the AES algorithm.
Camellia is the creation of the legendary Mitsubishi Electric Corp. & Nippon Corp. of Japan, and is another symmetric key algorithm. Camellia has the processing capabilities and security framework equal to the renowned AES algorithm. Designed to create block sizes of 128bits of data, the algorithm can deploy key lengths of 128, 192 & 256bits.
The great fact about Camellia is its ability to be used with both software (VPN) and hardware (Smart Cards). Millions of computers use Camellia since it is part of the TLS (Transfer Layer Protocol) used by PC all over the world for communications security over the internet.
Developed by the Korea Information Security Agency, SEED is a symmetric key implementation used in South Korea but not prominent around the world. SEED was developed and adopted by KISA when 40bit encryption was deemed obsolete. There is one problem however, SEED cannot be used over all browsers and requires an Active-X add-on to make it work in Internet Explorer. SEED uses 128bit blocks and 128bit keys for encryption/decryption.
Based on the CAST design procedure, CAST-128 or CAST5 is a symmetric key algorithm used with selected versions of GPG (GNU Privacy Guard) & PGP (Pretty Good Privacy used for text, emails etc.). CAST-128 is the authorized cryptography method approved by the Government of Canada implemented by the Communications Security Establishment (Canada’s national cryptography agency).
Designed in 1996, CAST-128 creates 64bit blocks of data while using 40 to 128 bit encryption key size. The patent for CAST is owned by Entrust (Software & Security Co.) which offers CAST-128 licenses for commercial & non-commercial uses.
Data Encryption Standard or DES, was the founding stone of the cryptography industry. It was widely implemented before the development of the revered AES algorithm. Now deemed insecure & obsolete, DES opened the doors for research into cryptography. DES is a symmetric key algorithm encrypting data in 64bit blocks while using 56bit key length.
Today, the Triple DES variant of the algorithm is used US government & military according to the cipher’s Wikipedia page. Once the algorithm was compromised by the EFF in a 22 hour test, it was abandoned in most implementations.
A modified version of the Proposed Encryption Standard, IDEA or International Data Encryption Algorithm was designed to be the successor of DES. Using 64bit blocks and 128bit encryption keys, IDEA was considered insecure by certain researchers. There was however the issue that IDEA was labelled slow and was abandoned after new algorithms were developed by 1999.
The cipher was designed by developer Ron Rivest in 1987 and was named after him. Alternatively named either ‘Ron’s Code’ or ‘Rivest Cipher’, the algorithm was kept secret until its source code was distributed over UseNet by possibly the creator himself. The 64 bit block cipher has the ability to use varying encryption key sizes, and was developed in association with the NSA & Lotus.
Considered highly vulnerable and allows cracking into TLS, RC4 or Arc4 was abandoned ages ago for being one of the most insecure algorithms. Although it was able to use key sizes between 40bits & 2048bits plus known to be very fast and very easy to use, the algorithm is a complete security catastrophe.
By 2015 it was confirmed that RC4 could be infiltrated easily, and the IETF, Mozilla & Microsoft refused to use the cipher in any way. This is primarily because the cipher uses nonrandom or related encryption keys every time.
- Cryptographic hash functions–The method used to store large amounts of databy converting it into alphanumeric code and saving it into tables. Every time data is required again a unique code is assigned to fetch it again.Commonly used hash functions include MD5, MD4, MD2, SHA-1, SHA-2, RIPEMD-160, MDC-2, and GOST R 34.11-94. Below is an example of a simple cryptographic hash function:
3. Public-key cryptography–The method used to authenticate or identify users over the OpenVPN network.Every OpenVPN user is assigned a public key& a private key.While the public key identifies the recipient of data, the private key is used by the recipient to decrypt the data. Most prominent implementations include RSA, DSA, Diffie–Hellman key exchange, Elliptic curve, GOST R 34.10-2001.
Since it uses the OpenSSL library OpenVPN can encrypt data with up to 256 bit encryption keys. This is the standard of online encryption being used by banks, army personnel, intelligence agencies and corporate networks.Lower encryption keys can be used to make connections faster especially provider who are catering home users.
Before moving on lets quickly grasp the concept of private & public encryption keys. Since computers only communicate in binary language,a device using OpenVPN will create anauthentication key comprising of 0’s and 1’s. Hence, a 256bit encryption key implies that the correct combination is made up of formula 2256.
To access data encrypted with 256 bit encryption keys there are ‘1.1579208923731619542357098500869e+77’ mathematical possibilities to crack.
OpenVPN Authentication Review
As mentioned above OpenVPN uses 3 techniques to authenticate users namely pre-shared keys (explain above), authentication certificates,and usernames & passwords.
Pre-shared keys are usually easy, preferred and used by most OpenVPN providers for fast authentication.Also known as asymmetric cryptography, OpenVPN issues two keys including a public key and a private key. While the public key is sent out every time you communicate online with a website, a server or another person, private keys are only known to the recipient & sender.
This file usually accompanies the OpenVPN configuration files that your VPN service provides after subscriptions.
Certificate authentication is known to be the strongest and “feature rich” method according to the OpenVPN project website and its creators. Now this is going to be a bit techy for some but bear with me. Public key authentication certificates(aka. Digital Certificates& Identity Certificates) are electronic documents used together with pre-shared keys to identify the owner(s) of the key.
A sample OpenVPN Certificate issued by my VPN provider
Every authentication certificate contains information related to the key, identity of the owner(the VPN user), and the digital signature of the issuer(the VPN service provider).Every time you access a website with OpenVPN, your VPN service will authenticate the website using its certificate to confirm it is the actual website that you requested and verify its private key to decrypt the data.
Usernames & Passwords
Lastly, usernames & passwords are a common method used to identify users in addition to certificates and pre-shared keys. Using credentials is dependent on your VPN provider’s software since the Connect client uses certificates and pre-shared keys.
OpenVPN Extensibility Review
Don’t be confused by the term “extensibility”, it simply means the ability to modify the framework (apps and technology)to enhance security, authentication, speed, firewalls and other features. If you have used any VPN service with OpenVPN before, the modified OpenVPN GUI that the provider offers is an example of extensibility of OpenVPN technology.
OpenVPN Connect Review
The official OpenVPN Windows, Android, iOS, Linux and Mac app/client is known as OpenVPN Connect.The client is open-source and can be modified by anyone in accordance their own requirements for authentication, firewalls and other more intrinsic features. It may be a bit difficult using for the first time,but once you get the hang of it, OpenVPN Connect possibly the most convenient VPN app yet.
If you look on the snapshot on the right, which is just how simple OpenVPN connect is. This app is a pretty straight forward to install and use, but with minimum features at your disposal. The latest version of OpenVPN 2.4.1 was released on 3rd March 2017 and is available on OpenVPN project website.
Once you have installed the app you will require what are known as OVPN or OpenVPN Configuration files(server addresses), authentication certificates and a private key. Although free ones are available, I would recommend using a premium OpenVPN service. OpenVPN Connect’s simple interface offers basic use that is import OVPN files, setup proxy servers, configure certificates and connect.
Best OpenVPN Services Review
Check out our suggested openvpn providers:
5.0 / 5.0
4.0 / 5.0
| || |
3.5 / 5.0
| || |
3.0 / 5.0
| || |
2.5 / 5.0
| || |
Viscosity OpenVPN Review
Viscosity is a modified OpenVPN app from Australian software developer SparkLabs. Released back in 2008, Viscosity offers an easy to use OpenVPN client allowing beginners to easily use the tech. Viscosity is also an excellent choice for IT professionals and “power users” providing them a fast and easy to use OpenVPN client.
Viscosity’s OpenVPN app offers wide cross-platform compatibility over most versions of Microsoft Windows and Mac. Viscosity doesn’t provide access on mobile devices including Android and iOS. Do remember that Viscosity is free for 30 days and then you have to buy the app for $9 (either Windows or Mac) and the multi-platform software is $14 (Windows & Mac). Even with the Viscosity OpenVPN software you will still need a VPN service to get OVPN files to connect securely.
SecurePoint OpenVPN Review
Germany based security solutions provider, SecurePoint, offers its own mod of OpenVPN Connect software. SecurePoint’s OpenVPN client is free to download from the official website, SourceForge and GitHub. SecurePoint OpenVPN is usually made available with all of the company’s UTM products including the VPN service.
A brilliant feature of SecurePoint OpenVPN client is that it can be configured using other VPN providers’ servers in case you don’t wish to buy SecurePoint’s VPN subscription. The software is configured for both English & German languages for ease of access apart from amazing features including:
- A Configuration Assistant that allows easy setup of VPN connections
- Automatic configuration ofSecurePoint VPNGateways
- No requirement to run client with Administrator Rights, any user on a device can use it
- Brilliant UI for managing multiple VPN connections
- Ability to use multiple VPN connections with one account
- Logsfeature to analyze traffic and data transferred
- Allows importing third-party OpenVPN configurations
- HTTP proxy options with authentication (NTLM etc.), plus much more for expert level users.
I really loved the user interface of SecurePoint OpenVPN software. The excellent Setup Wizard allows manually configuring your VPN servers so easy.Importing my existing VPN provider Config files was so easy I could have my mother setup SecurePoint without any help. The client also didn’t ask me to provide authentication certificates and private key, it just loads them every time by itself unlike the Connect software.
The SecurePoint OpenVPN client is easier to setup, use and manage, the best feature being the client can pop out unlike the OpenVPN Connect client that stays in the taskbar. I would highly recommend OpenVPN user’s to try out this really amazing and best of all free of cost OpenVPN mod from SecurePoint.
OpenVPN Router Review
OpenVPN support is not built-into most routers, especially the modem/routers home users’ are provided by their ISPs. To use OpenVPN on a router you will be required to plug-in an additional router to your ISP modem. Usually, OpenVPN support is available over DDWRT and Tomato enabled routers. DDWRT & Tomato are two most famous router user interfaces that allow you to use OpenVPN in addition to other security features.
We have already published a detailed article on the best Tomato routers for 2017, check out our countdown and find out if Tomato is the best solution for your home or office. Renowned router website FlashRouters lists the following as the best 4 DDWRT interface powered routers and we`d also tested it while writing openvpn review:
- NetGear Night Hawk R7000
- Linksys WRT1200AC AC1200
- Asus RT-AC56U AC1200
- ASUS RT-N16
For the purpose of comparison you can also check out my selected list of the best NetGear routers of 2017 that you can use with OpenVPN.
OpenVPN Device Compatibility Review
OpenVPN is a widely used technology that you will find across schools, S&M size offices, corporations, scientific facilities, secure data banks etc. This wide use tech is highly attributed to its cross platform compatibility with a huge range of devices that run:
- Blackberry 10,
Possibly, the best feature from OpenVPN Project was maintaining the opensource license allowing other developers to work on the technology to make it easier to use and configure. The open license also allows device manufacturers to embed OpenVPN compatibility to their devices.
In a Nutshell
Wishing you well and hoping you got a basic idea about the OpenVPN technology and how it operates. If you have questions, ideas for improvement or any other feedback for us we would be delighted to hear from you. Drop us a comment in this openvpn review blog and we will get back to you ASAP.
DO remember to like and share the article using the social buttons, see you again soon with something new.