OpenVPN facts for kids
 |
|
| Original author(s) | James Yonan |
|---|---|
| Developer(s) | OpenVPN project / OpenVPN Inc. |
| Initial release | 13 May 2001 |
| Stable release | 2.6.8 (17 November 2023) |
| Written in | C |
| Platform | |
| Type | VPN |
| License | GNU GPLv2 |
OpenVPN is a special computer program that helps create secure connections over the internet. Think of it like building a secret, protected tunnel for your data. It lets you connect your computer safely to another computer or network, even if they are far away. OpenVPN works as both a "client" (your computer connecting) and a "server" (the computer you connect to).
This program lets computers check each other's identity using secret codes, special digital IDs (certificates), or a username and password. If many computers connect to one server, the server can give each client its own special ID.
OpenVPN uses strong encryption tools to keep your data safe. It can also work around network address translators (NATs) and firewalls, which are like digital security guards.
Many systems use OpenVPN. For example, some router software like DD-WRT includes it. SoftEther VPN, another VPN program, also uses the OpenVPN way of connecting.
James Yonan created OpenVPN. It is free software, meaning you can use and change it freely under the GNU General Public License version 2 (GPLv2). You can also get special paid versions.
Contents
How OpenVPN Works
Keeping Your Data Secret
OpenVPN uses a powerful tool called OpenSSL to scramble your data. This makes sure that only you and the computer you are connecting to can understand what is being sent. It uses all the different ways OpenSSL can encrypt information. OpenVPN can also add an extra layer of security to your connection. It can even use special computer parts to make encryption faster.
Checking Who You Are
OpenVPN has different ways to make sure the computers connecting are who they say they are. It can use secret keys that both sides know. It can also use digital certificates, which are like digital passports. Or, you can use a username and password. The certificate method is the strongest and offers the most features.
How It Connects
OpenVPN can send data using two main internet methods: User Datagram Protocol (UDP) or Transmission Control Protocol (TCP). It can send many secure connections through a single internet port.
Since 2013, OpenVPN fully supports IPv6, which is the newest way computers get addresses on the internet. It can also work through most proxy servers and NAT systems. This means it's good at getting past firewalls.
The server can even tell the connecting computers how to set up their network. This includes giving them IP addresses and telling them how to send data. OpenVPN can create two types of virtual connections: a "TUN" connection for internet traffic or a "TAP" connection for any type of network traffic.
OpenVPN can also squeeze your data to make it smaller before sending it. This helps it travel faster. Port 1194 is the official internet port number for OpenVPN. Newer versions of the program use this port by default.
OpenVPN uses common internet methods (TCP and UDP). This makes it a good choice when some internet providers block other types of VPNs. For example, some providers used to block VPNs to make people pay more for "business" internet.
Staying Safe Online
OpenVPN has many built-in security features. It can use very strong encryption, up to 256-bit, which is like having a super-strong lock on your data. It also supports something called Perfect Forward Secrecy (PFS). This means it regularly changes the encryption keys. So, even if someone somehow figures out one key, your past and future data stays safe.
OpenVPN uses its own special security rules based on SSL and TLS. It does not use other common VPN rules like IPsec or PPTP.
You can also use special smart cards with OpenVPN for extra security.
Adding More Features
You can add extra tools or scripts to OpenVPN to make it do more things. These additions can help with logging, better ways to check usernames and passwords, or connecting to other systems. These extra tools are often written in the C programming language.
Where OpenVPN Runs
OpenVPN works on many different computer systems. This includes Solaris, Linux, OpenBSD, FreeBSD, NetBSD, QNX, macOS, and Windows XP and newer.
It also works on many mobile devices. This includes Maemo, older Windows Mobile phones, iOS devices (like iPhones and iPads) from 2009 onwards, and Android phones from 2012 onwards. It does not work on some older mobile systems like Palm OS.
OpenVPN is not a website-based VPN. You install the program on your device and set it up by changing text files. It does not work with VPNs that use IPsec over L2TP or PPTP. The whole program is usually just one main file for both connecting and serving, plus a setup file and some key files.
Router Software That Uses OpenVPN
Many router software packages include OpenVPN. This lets you run OpenVPN directly from your home or office router. If your router runs OpenVPN, any device connected to that router can use the VPN without needing to install OpenVPN itself.
Here are some well-known router software packages that include OpenVPN:
| Firmware package | Cost | Developer |
|---|---|---|
| DD-WRT | Free | NewMedia-NET GmbH |
| Gargoyle | Free | Eric Bishop |
| OpenWrt | Free | Community driven development |
| OPNsense | Free | Deciso BV |
| pfSense | Free | Rubicon Communications, LLC (Netgate) |
| Tomato | Free | Keith Moyer |
Some router companies also build OpenVPN directly into their own router software.
Other Software That Uses OpenVPN
OpenVPN is also part of SoftEther VPN, which is another open-source VPN server. This allows people using OpenVPN to connect to SoftEther VPN servers.
It is also included in Vyos, which is an open-source operating system for network routers.
Different Versions of OpenVPN
OpenVPN comes in two main versions:
- OpenVPN Community Edition: This is the free and open-source version. Anyone can use it and change it.
- OpenVPN Access Server (OpenVPN-AS): This version is based on the Community Edition but has extra features that you pay for. These features include easier management through a web page and tools to set it up quickly. This version can also create special installer files for connecting clients. However, you can still use the free OpenVPN Community Edition client to connect to an Access Server.
How It Connects Your Devices
OpenVPN helps connect individual computers or entire computer networks. For example, it can connect a remote employee to their company's network. It can also link different office branches or connect data centers that are far apart.
In these connections, one side starts the connection (the client), and the other side waits for connections (the server). The server needs a fixed internet address or name so the client can find it.
If there's a firewall or proxy server, you need to set it up to allow OpenVPN traffic. An OpenVPN server usually listens on one specific port and uses either TCP or UDP. Since 2005, OpenVPN uses port 1194, but you can change this in the settings.
So, OpenVPN's main job is to create an encrypted tunnel between your device and another server. This keeps your data safe from being stolen or changed as it travels. It works by checking identities, building the secure tunnel, and then sending your data through it.
Can OpenVPN Be Detected?
Even though OpenVPN encrypts your data, it is possible to detect that an OpenVPN connection is being used. This is because the start of the data packets has a known pattern. While this detection cannot see what's inside the encrypted tunnel, it can be used to block the connection. This is important in places where using VPNs is not allowed, like in some countries or company networks.
See also
In Spanish: OpenVPN para niños
- OpenConnect
- OpenSSH
- Secure Socket Tunneling Protocol (SSTP)
- stunnel
- Tunnelblick
- WireGuard
