A locked padlock with OpenVPN’s label attached to it.

If you are googling around for VPN (Virtual Private Network) apps, you will likely come across the term “OpenVPN.” And if you’re a Surfshark user (hi!), you may have noticed it under the “Protocol” tab. But what is OpenVPN? The answer is a bit complicated, so I dedicated this whole article to explaining it. 

Table of contents

    Identity protection with Surfshark Alert
    Get real-time email, credit card, & ID breach alerts
    Get Surfshark One
    With a 30-day money-back guarantee

    What is OpenVPN?

    The journey of data from a device, through a VPN client and tunnel, via a VPN server, to the internet, and back.

    OpenVPN is a secure VPN protocol — a method for setting up a virtual private network connection. It can also mean OpenVPN software, an application that helps you set up a VPN server/network by yourself.

    Created in 2001, the OpenVPN protocol is now used by almost every VPN provider. This is largely thanks to its open-source nature, which lets users check the code themselves. Transparency has led to a lot of testing, proving that the protocol is reliable and secure.

    For a regular home user, the important part is that OpenVPN is one of the VPN protocols you’re most likely to encounter. As mentioned before, OpenVPN is among Surfshark’s VPN protocols for users to choose from.

    How does OpenVPN work as a VPN protocol?

    The OpenVPN protocol combines rules for encrypting data, procedures for creating a secure connection, and things like different transport modes. Some of those already existed and others were developed specifically for OpenVPN.  

    The encryption OpenVPN provides

    Example of text encrypted and then decrypted with the same key, showing before and after.

    As a security and privacy tool, a VPN is nothing without encryption. For that, OpenVPN uses the OpenSSL library.

    What’s that? It’s an open-source cryptography library that provides the protocol with ways to encrypt and decrypt data. Encryption turns the data you send and receive into unreadable junk. This makes it useless to anyone who might spy on the communication between the VPN app and the server. OpenSSL is considered to be very reliable, and it’s used all over the internet.

    OpenVPN utilizes 256-bit encryption ciphers provided by OpenSSL, such as AES-256-GCM, that Surfshark runs. Bluntly speaking, the more bits in a cipher, the more secure it is. For example, 256-bit AES transforms your data 14 times before transmitting it over the internet. This makes it quite infeasible to crack with modern computers. 

    What are the security and speeds of OpenVPN?

    An unlocked OpenVPN padlock plus a shield with TLS written on it equals a locked Open VPN padlock.

    The OpenVPN project spiced up the security level even further. It uses a custom security protocol – yes, protocols can have protocols in them – instead of employing an existing one like IPSec. As it’s based on TLS and SSL (Transport Layer Security and its deprecated predecessor, Secure Sockets Layer), it works according to widely accepted standards.

    Generally speaking, OpenVPN is not the fastest protocol around. This has a lot to do with implementing OpenVPN on the server side. It’s clunky, with many added features, sporting a code no shorter than 70,000 lines.

    Also, it’s more difficult to scale than its competitors, WireGuard and IKEv2/IPSec. This often leads OpenVPN to performance issues because it constantly gets adjusted with infrastructure updates.

    The two modes OpenVPN offers

    A scheme: left shows the TCP protocol managing client-server communication; right shows how the UDP protocol manages it.

    On the more user-oriented and less head-ache-inducing side, OpenVPN operates in two modes: OpenVPN UDP (User Datagram Protocol) and OpenVPN TCP (Transmission Control Protocol). Those are two of the bedrock protocols (yes) of the internet. In fact, you can choose which mode to use with Surfshark! 

    Why? Because TCP sends and receives data packages all while keeping the computer equivalent of direct eye contact with the recipient. On the other hand, UDP is faster as it sort of just labels the packages and chucks them at the recipient. 

    OpenVPN: pros and cons

    You’ve looked through a lot of explanations. Now, let me put it simply. What will you get, and what will you sacrifice if you use OpenVPN?

    OpenVPN’s pros
    OpenVPN’s cons
    Better security
    Slower speed
    Strong encryption
    Manual setup
    Reliable connection
    May require 3rd party applications

    If the pros outweigh the cons for you, let’s see how you can use it!

    What can OpenVPN be used for?

    As a protocol:

    When implemented as a protocol, OpenVPN is great at protecting your entire device. It offers good speed and strong security and can be used with industry-leading encryption. It’s also one of the most commonly used protocols for router setups. 

    As software:

    Some systems may be too old to run good VPN apps, but they can run OpenVPN software. Therefore, OpenVPN is a good alternative when you want to protect an older device.

    On top of that, OpenVPN software is a great way to bypass network restrictions where VPN providers are blocked. Be it your work network that blocks VPN service downloads or country-wide firewalls like the Great Firewall of China that blocks access to VPN pages altogether. 

    Can I set up OpenVPN on my device? Yes!

    Let’s say you want to connect to a VPN server using the OpenVPN client. If you’re using Surfshark, we have guides for that!

    With Surfshark, you can also always download our app instead and use OpenVPN that way. But in case you want to take the scenic route of configuring OpenVPN yourself, here are the guides:

    OpenVPN vs. other VPN protocols

    People always want to know what’s best. But it is difficult to compare VPN protocols. Why? Aside from flaws in code, a VPN protocol’s speed and security depend on its implementation.

    Because of this, I recommend you try each of the protocols on Surfshark yourself before making any conclusions.

    However, this is (on average) how VPN protocols stack up against each other:

    None unless paired with IPSec

    OpenVPN vs. PPTP

    Point-to-Point Tunneling Protocol, developed by Microsoft and others in 1999, is basically everywhere. It is also widely regarded as insecure, obsolete, and compromised by the NSA. Aside from the fact that it uses 128-bit encryption in the 256-bit era (imagine the key to your home having a single incision instead of five), there are at least five major ways to overcome PPTP encryption, making it very easy for hackers to read your data. 

    The verdict: OpenVPN is more secure than PPTP in basically every way. Sure, PPTP is faster, but it comes at the cost of weaker encryption. 

    OpenVPN vs. L2TP

    L2TP — Layer 2 Tunneling Protocol — was developed around the same time as PPTP. As a tunneling protocol, it doesn’t encrypt data by itself, so it’s usually paired with IPSec. This sort of modularity allows it to utilize AES encryption.

    Like PPTP, it’s basically everywhere. However, there are rumors that it is compromised by the NSA. 

    The verdict: OpenVPN is safer by default and does not have issues with firewalls like L2TP often does.

    OpenVPN vs. IKEv2

    Sometimes called IKEv2/IPSec due to the usual pairing of the two, Internet Key Exchange v2 was developed by Cisco and Microsoft, but it also has many open-source versions.

    IKEv2 is a good choice for mobile users as it handles network drops (like walking out of Wi-Fi range and hopping onto mobile data) and is a bit faster than OpenVPN. Yes, this applies to Surfshark users as well.

    The verdict: IKEv2 works better for most users than OpenVPN.

    OpenVPN vs. SSTP

    SSTP can be seen as Microsoft creating a fitting replacement for PPTP. And it works! SSTP is integrated with all Windows systems going back to Windows Vista and offers a comparable level of service as OpenVPN.

    So why use OpenVPN? Because it’s open-source. This means that tech experts around the world can pop the hood up at any time and inspect the code. SSTP isn’t open-source, so you’d have to trust Microsoft to use it.

    The verdict: OpenVPN is more trustworthy and, therefore, better suited for people worried about their privacy. 

    OpenVPN vs. WireGuard

    WireGuard® is one of the newest kids on the block and has been in development since 2016. One of its great advantages is its size. Wireguard clocks in at about 4,000 lines of code compared to 70,000 for OpenVPN or 400,000 for IPSec. Fewer lines mean the code is easier to inspect, and there are fewer places for bugs to pop up.

    The verdict: WireGuard* is fast and secure — you should probably use it instead of OpenVPN. That’s why Surfshark VPN updates automatically and switches the protocol to WireGuard (you can switch back manually, of course).

    *WireGuard is a registered trademark of Jason A. Donenfeld.

    OpenVPN vs. Shadowsocks 

    Shadowsocks is a free, open-source encryption protocol project. It’s based on the SOCKS5 proxy — that is, the 5th version of the SOCKS protocol for routing your traffic via a proxy. While proxies give you one of the VPNs’ benefits — getting a new IP — they’re not encrypted.

    Shadowsocks was designed to provide that encryption because it was made for one goal: to circumvent the Great Chinese Firewall and allow Chinese users to reach the wider internet safely. However, it’s not the most well-crafted protocol, and it’s not easy to implement. 

    The verdict: Users not connecting from China are better off with OpenVPN. Users in China can still benefit from our NoBorders feature, which the app enables automatically.

    Can I use OpenVPN for free?

    Technically speaking, yes, you can use OpenVPN for free. You can, say, use the Community Edition to create your own OpenVPN server on your home computer and then use the GUI app to connect to that server from your phone.

    That way, you will have a safe communication channel to your home, but not much else. You won’t be hiding your IP, bypassing censorship, or unlocking streaming libraries.

    If you want these benefits, you need to subscribe to a VPN provider like Surfshark. At that point, you also get access to an app that lets you switch servers without downloading anything and contains features like No Borders and Kill Switch.

    Is OpenVPN safe to use?

    Yes, previous inspections and audits have revealed some flaws in OpenVPN’s security, but OpenVPN developers immediately patched them. Moreover, the project maintains a log of discovered issues outlining their solutions. 

    In summary, do I need OpenVPN?

    Are you using a VPN to increase your privacy and security while surfing the web and get better access to entertainment? And is your device supported by a VPN client like Surfshark? If so, you don’t need to engage with OpenVPN yourself, aside from setting it as your preferred protocol on the app.

    If you’re a business setting up a VPN server or a really dedicated hobbyist who wants to set up a VPN at home, then you may want to use OpenVPN software. You may also use OpenVPN to access VPNs like Surfshark on platforms that the client app itself doesn’t support.

    Additionally, OpenVPN is useful when installing a VPN on a router to secure all connected devices simultaneously.

    So unless you find yourself in one of these specific situations, getting an all-included app like Surfshark is the way to go.

    Try OpenVPN today
    Surfshark offers both of its variants


    Can I use OpenVPN with Surfshark?

    Yes, you can use the OpenVPN protocol with Surfshark. Once you have Surfshark’s app, follow these steps to turn on the protocol:

    1. Open the app and go into Settings.
    2. Click on VPN settings and pick the Protocol option.
    3. In the drop-down menu, there are OpenVPN (UDP) and OpenVPN (TCP) – choose the one you prefer more:
      1. TCP is slower but more reliable when transferring data;
      2. UDP is faster, but the data transfer is not guaranteed.

    Is OpenVPN safe to use?

    Yes, OpenVPN is safe. It uses the OpenSSL library, which opens up a communication tunnel between you and the server you’re visiting, AND uses high-level encryption based on a combo of symmetric and asymmetric key algorithms. It makes it safe by establishing a direct way for data to travel.

    What is the difference between VPN and OpenVPN?

    Modern VPNs use Wireguard, which is the faster protocol, whereas OpenVPN doesn’t. Both offer a similar level of security, but OpenVPN’s encryption can be set to a lower level — from 256-bit to 128-bit.

    What is better than OpenVPN?

    WireGuard is a better — faster and more efficient — protocol that is quickly gaining prominence in the VPN field. Surfshark now uses WireGuard by default, and it’s possible to choose OpenVPN as an option. 

    Should I enable OpenVPN on my router?

    You should enable OpenVPN on your router if you have a specific use case in mind. 

    How does OpenVPN work as VPN software?

    OpenVPN is also the name of a tool for creating and maintaining virtual private networks. You are most likely to run into the OpenVPN GUI (Graphical User Interface) app, which allows you to connect to a VPN server from your VPN provider… and that’s about it. It is really barebones and lacks a lot of quality-of-life improvements that you’d find in a dedicated VPN client like Surfshark.