kids encyclopedia robot

OpenVPN facts for kids

Kids Encyclopedia Facts
Quick facts for kids
OpenVPN
OpenVPN logo.svg
Original author(s) James Yonan
Developer(s) OpenVPN project / OpenVPN Inc.
Initial release 13 May 2001; 24 years ago (2001-05-13)
Stable release 2.6.8  (17 November 2023; 19 months ago (2023-11-17))
Written in C
Platform
Type VPN
License GNU GPLv2

OpenVPN is a special computer program that helps create a safe and private connection over the internet. Think of it like building a secret tunnel for your internet traffic. This tunnel keeps your online activities private and secure.

It can connect two points, like your computer to a server, or even connect entire networks together. OpenVPN works by having both a "client" (your device) and a "server" (the other end of the tunnel) application.

OpenVPN lets different devices prove who they are using secret codes, special digital certificates, or a username and password. When many devices connect to one server, the server can give each device its own special certificate. This is like giving each person a unique ID card to enter a secure area.

It uses strong encryption, which is like scrambling your data so no one else can read it. It also uses a special security method called TLS. OpenVPN can even get through internet roadblocks like NATs and firewalls.

James Yonan created OpenVPN. It is free software, meaning people can use, change, and share it. It was released under the GNU General Public License version 2 (GPLv2).

How OpenVPN Works

Keeping Your Data Secret

OpenVPN uses a powerful tool called the OpenSSL library. This library helps to encrypt, or scramble, all the data you send and receive. This means your information stays private and safe from prying eyes. OpenVPN can use all the different ways to encrypt data that OpenSSL offers.

It can also add an extra layer of security called HMAC. This is like putting a special stamp on your data to prove it hasn't been changed. Some computers can even use special hardware to make this encryption work faster.

Proving Who You Are

OpenVPN has several ways to check if the devices connecting are truly who they say they are.

  • Pre-shared keys: This is the simplest method. Both sides of the connection share a secret code beforehand.
  • Certificates: This is the strongest method. It uses digital certificates, like digital ID cards, to prove identity.
  • Username and password: You can also use a username and password, sometimes along with certificates.

Connecting Over Networks

OpenVPN can send your data using two common internet methods: UDP or TCP. It can send many secure tunnels through just one of these connections.

Since 2013, OpenVPN also fully supports IPv6. This is the newest way for devices to get addresses on the internet.

It can work through most proxy servers, which are like middleman computers. It's also good at getting past NAT devices and firewalls. The server can even send special settings to the client devices. These settings can include internet addresses and how to send data.

OpenVPN can create two types of virtual connections:

  • TUN: This creates a network layer tunnel, like a direct pipe for internet traffic.
  • TAP: This creates an Ethernet layer tunnel, which can carry more types of network traffic.

OpenVPN can also make your data smaller using a method called LZO compression. This helps it travel faster. The official port number for OpenVPN is 1194. This is like its special address on the internet. Newer versions of the program use this number by default.

OpenVPN uses common network methods like TCP and UDP. This makes it a good choice when other VPN types might be blocked. For example, some internet providers used to block certain VPNs. They wanted users to pay more for a "business" internet service. OpenVPN could often get around these blocks.

However, using TCP for OpenVPN can sometimes slow down if the internet connection isn't very good. This is known as the "TCP meltdown problem."

Built-in Security Features

OpenVPN has many security features built right in.

  • It uses strong encryption, up to 256-bit, through the OpenSSL library. This is like having a very complex lock on your data.
  • It runs in a safe part of your computer's system, not deep inside where it could cause problems.
  • It can lower its own permissions after it starts. This means it has less power to do harm if something goes wrong.
  • It can prevent sensitive information from being saved to your computer's hard drive.
  • It can also run in a "chroot jail," which is like a small, secure box that limits what the program can do.

OpenVPN uses its own special security rules based on SSL and TLS. It does not use other common VPN rules like IPsec or PPTP. It can also work with smart cards, which are like secure physical keys.

Adding More Features

You can add extra features to OpenVPN using special add-ons called "plug-ins" or scripts. These can help with things like:

  • Better logging of what happens.
  • More advanced ways to check usernames and passwords.
  • Automatically updating firewalls.
  • Connecting to other systems like RADIUS for user management.

These plug-ins are often written in the C programming language. There are also plug-ins that let OpenVPN connect to user databases like LDAP or SQL.

Where OpenVPN Can Be Used

OpenVPN works on many different computer systems, including:

It's also available for many mobile devices:

OpenVPN is not a "web-based" VPN. You install it as a separate program and set it up by editing text files. It doesn't work with VPN clients that use IPsec over L2TP or PPTP protocols. The main OpenVPN package includes one program for both client and server, an optional settings file, and key files for security.

Router Software

OpenVPN can be built into the software that runs on your internet router. This means your router can act as an OpenVPN client or server. If your router runs OpenVPN in client mode, then any device connected to your home network can use the VPN without needing to install OpenVPN itself.

Here are some popular router software packages that include OpenVPN:

Router Software with OpenVPN
Firmware package Cost Developer
DD-WRT Free NewMedia-NET GmbH
Gargoyle Free Eric Bishop
OpenWrt Free Community driven development
OPNsense Free Deciso BV
pfSense Free Rubicon Communications, LLC (Netgate)
Tomato Free Keith Moyer

Some router manufacturers also include OpenVPN in their own router software.

Other Software That Uses OpenVPN

OpenVPN is also part of other software programs:

  • SoftEther VPN: This is another open-source VPN server that lets OpenVPN clients connect to it.
  • Vyos: This is an open-source operating system for network routers that includes OpenVPN.

Different Versions of OpenVPN

OpenVPN comes in two main versions:

  • OpenVPN Community Edition: This is the free and open-source version. Anyone can use it and even look at its code.
  • OpenVPN Access Server (OpenVPN-AS): This version is based on the Community Edition but has extra features that you pay for. These features include easier management through a web interface and tools to help set up the VPN quickly. It can also create special installer files for client devices, making it easier for them to connect.

See also

Kids robot.svg In Spanish: OpenVPN para niños

  • OpenConnect
  • OpenSSH
  • Secure Socket Tunneling Protocol (SSTP)
  • stunnel
  • Tunnelblick
  • WireGuard
kids search engine
OpenVPN Facts for Kids. Kiddle Encyclopedia.