OpenVPN facts for kids
![]() |
|
Original author(s) | James Yonan |
---|---|
Developer(s) | OpenVPN project / OpenVPN Inc. |
Initial release | 13 May 2001 |
Stable release | 2.6.8 (17 November 2023 ) |
Written in | C |
Platform | |
Type | VPN |
License | GNU GPLv2 |
OpenVPN is a special computer program that helps create a safe and private connection over the internet. Think of it like building a secret tunnel for your internet traffic. This tunnel keeps your online activities private and secure.
It can connect two points, like your computer to a server, or even connect entire networks together. OpenVPN works by having both a "client" (your device) and a "server" (the other end of the tunnel) application.
OpenVPN lets different devices prove who they are using secret codes, special digital certificates, or a username and password. When many devices connect to one server, the server can give each device its own special certificate. This is like giving each person a unique ID card to enter a secure area.
It uses strong encryption, which is like scrambling your data so no one else can read it. It also uses a special security method called TLS. OpenVPN can even get through internet roadblocks like NATs and firewalls.
James Yonan created OpenVPN. It is free software, meaning people can use, change, and share it. It was released under the GNU General Public License version 2 (GPLv2).
Contents
How OpenVPN Works
Keeping Your Data Secret
OpenVPN uses a powerful tool called the OpenSSL library. This library helps to encrypt, or scramble, all the data you send and receive. This means your information stays private and safe from prying eyes. OpenVPN can use all the different ways to encrypt data that OpenSSL offers.
It can also add an extra layer of security called HMAC. This is like putting a special stamp on your data to prove it hasn't been changed. Some computers can even use special hardware to make this encryption work faster.
Proving Who You Are
OpenVPN has several ways to check if the devices connecting are truly who they say they are.
- Pre-shared keys: This is the simplest method. Both sides of the connection share a secret code beforehand.
- Certificates: This is the strongest method. It uses digital certificates, like digital ID cards, to prove identity.
- Username and password: You can also use a username and password, sometimes along with certificates.
Connecting Over Networks
OpenVPN can send your data using two common internet methods: UDP or TCP. It can send many secure tunnels through just one of these connections.
Since 2013, OpenVPN also fully supports IPv6. This is the newest way for devices to get addresses on the internet.
It can work through most proxy servers, which are like middleman computers. It's also good at getting past NAT devices and firewalls. The server can even send special settings to the client devices. These settings can include internet addresses and how to send data.
OpenVPN can create two types of virtual connections:
- TUN: This creates a network layer tunnel, like a direct pipe for internet traffic.
- TAP: This creates an Ethernet layer tunnel, which can carry more types of network traffic.
OpenVPN can also make your data smaller using a method called LZO compression. This helps it travel faster. The official port number for OpenVPN is 1194. This is like its special address on the internet. Newer versions of the program use this number by default.
OpenVPN uses common network methods like TCP and UDP. This makes it a good choice when other VPN types might be blocked. For example, some internet providers used to block certain VPNs. They wanted users to pay more for a "business" internet service. OpenVPN could often get around these blocks.
However, using TCP for OpenVPN can sometimes slow down if the internet connection isn't very good. This is known as the "TCP meltdown problem."
Built-in Security Features
OpenVPN has many security features built right in.
- It uses strong encryption, up to 256-bit, through the OpenSSL library. This is like having a very complex lock on your data.
- It runs in a safe part of your computer's system, not deep inside where it could cause problems.
- It can lower its own permissions after it starts. This means it has less power to do harm if something goes wrong.
- It can prevent sensitive information from being saved to your computer's hard drive.
- It can also run in a "chroot jail," which is like a small, secure box that limits what the program can do.
OpenVPN uses its own special security rules based on SSL and TLS. It does not use other common VPN rules like IPsec or PPTP. It can also work with smart cards, which are like secure physical keys.
Adding More Features
You can add extra features to OpenVPN using special add-ons called "plug-ins" or scripts. These can help with things like:
- Better logging of what happens.
- More advanced ways to check usernames and passwords.
- Automatically updating firewalls.
- Connecting to other systems like RADIUS for user management.
These plug-ins are often written in the C programming language. There are also plug-ins that let OpenVPN connect to user databases like LDAP or SQL.
Where OpenVPN Can Be Used
OpenVPN works on many different computer systems, including:
It's also available for many mobile devices:
- Maemo
- Windows Mobile (older versions)
- iOS (iPhones, iPads)
- Android
OpenVPN is not a "web-based" VPN. You install it as a separate program and set it up by editing text files. It doesn't work with VPN clients that use IPsec over L2TP or PPTP protocols. The main OpenVPN package includes one program for both client and server, an optional settings file, and key files for security.
Router Software
OpenVPN can be built into the software that runs on your internet router. This means your router can act as an OpenVPN client or server. If your router runs OpenVPN in client mode, then any device connected to your home network can use the VPN without needing to install OpenVPN itself.
Here are some popular router software packages that include OpenVPN:
Firmware package | Cost | Developer |
---|---|---|
DD-WRT | Free | NewMedia-NET GmbH |
Gargoyle | Free | Eric Bishop |
OpenWrt | Free | Community driven development |
OPNsense | Free | Deciso BV |
pfSense | Free | Rubicon Communications, LLC (Netgate) |
Tomato | Free | Keith Moyer |
Some router manufacturers also include OpenVPN in their own router software.
Other Software That Uses OpenVPN
OpenVPN is also part of other software programs:
- SoftEther VPN: This is another open-source VPN server that lets OpenVPN clients connect to it.
- Vyos: This is an open-source operating system for network routers that includes OpenVPN.
Different Versions of OpenVPN
OpenVPN comes in two main versions:
- OpenVPN Community Edition: This is the free and open-source version. Anyone can use it and even look at its code.
- OpenVPN Access Server (OpenVPN-AS): This version is based on the Community Edition but has extra features that you pay for. These features include easier management through a web interface and tools to help set up the VPN quickly. It can also create special installer files for client devices, making it easier for them to connect.
See also
In Spanish: OpenVPN para niños
- OpenConnect
- OpenSSH
- Secure Socket Tunneling Protocol (SSTP)
- stunnel
- Tunnelblick
- WireGuard