If you are googling around for VPN apps, you will likely come across the term “OpenVPN.” And if you’re a Surfshark user (hi!), you may have noticed it under the “Protocol” tab. But what is OpenVPN? The answer is a bit complicated, so I wrote this whole article dedicated to explaining it.
What is OpenVPN?
OpenVPN can refer to two things:
A secure VPN protocol
VPN “protocol” is a fast way of saying “a collection of procedures, rules, and things that allow a device to do a task.” In this case, the OpenVPN protocol defines a way to set up a VPN connection.
A VPN software
OpenVPN as software is an application that helps to set up a VPN server/network by yourself.
Created in 2001, the OpenVPN protocol is now in use by almost every VPN provider. This is largely thanks to its open-source nature, which lets users check the code themselves. Transparency has led to a lot of testing, proving that the protocol is reliable and secure.
If you’re not a fan of technical mumbo-jumbo, let me give you the barebones explanation of what you need to know:
You can encounter OpenVPN as a:
- Protocol (usually implemented into other apps by VPN providers)
- Software (comes with its own app that allows you to connect to servers from other VPN providers).
For a regular home user, the important part is that OpenVPN is one of the VPN protocols you’re most likely to encounter. As it was mentioned before, Surfshark uses OpenVPN as one of the options when it comes to securing your connection.
How does OpenVPN work as a VPN protocol?
The OpenVPN protocol combines rules for encrypting data, procedures for creating a secure connection, and things like different transport modes. Some of those already existed, others were developed specifically for OpenVPN.
As a security and privacy tool, a VPN is nothing without encryption. For that, OpenVPN uses the OpenSSL library.
What’s that? It’s an open-source cryptography library that provides the protocol with ways to encrypt and decrypt data. Encryption turns the data you send and receive into unreadable junk. This makes it useless to anyone who might spy on the communication between the VPN app and the server. OpenSSL is considered to be very reliable, and it’s used all over the internet.
OpenVPN utilizes 256-bit encryption ciphers provided by OpenSSL, such as AES-256-GCM that Surfshark runs. Bluntly speaking, the more bits in a cipher, the more secure it is. For example, 256-bit AES transforms your data 14 times before transmitting it over the internet. This makes it quite infeasible to crack with modern computers.
Security and speed
And yet, the OpenVPN project spiced up the security level even further. It uses a custom security protocol – yes, protocols can have protocols in them – instead of employing an existing one like IPSec. As it’s based on TLS and SSL (Transport Layer Security and its deprecated predecessor Secure Sockets Layer), it works according to widely accepted standards.
Generally speaking, OpenVPN is not the fastest protocol around. This has a lot to do with implementing OpenVPN on the server side. It’s clunky, with many added features, sporting a code no shorter than 70,000 lines.
Also, it’s more difficult to scale than its competitors WireGuard and IKEv2/IPSec. Often, this leads OpenVPN to have performance issues because it constantly gets adjusted with infrastructure updates.
On the more user-oriented and less head-ache-inducing side, OpenVPN operates in two modes: OpenVPN UDP (User Datagram Protocol) and OpenVPN TCP (Transmission Control Protocol). Those are two of the bedrock protocols (yes) of the internet. In fact, you can choose which mode to use with Surfshark!
Why? Because TCP sends and receives data packages all while keeping the computer equivalent of direct eye contact with the recipient. On the other hand, UDP is faster as it sort of just labels the packages and chucks them at the recipient.
So now you know about the OpenVPN protocol. But what about OpenVPN as software?
How does OpenVPN work as VPN software?
As I mentioned, OpenVPN isn’t just a protocol. It’s also a tool for creating and maintaining virtual private networks. You are most likely to run into the OpenVPN GUI (graphical user interface) app, which allows you to connect to a VPN server from your VPN provider… and that’s about it. It is really barebones and lacks a lot of quality-of-life improvements that you’d find in a dedicated VPN client like Surfshark.
OpenVPN: Pros and cons
You’ve looked through a lot of explanations, now let me put it simply. What will you get, and what will you sacrifice if you use OpenVPN?
May require 3rd party applications
If the pros outweigh the cons for you, let’s see how you can use it!
What can OpenVPN be used for?
As a protocol:
When implemented as a protocol, OpenVPN is great at protecting your entire device. It offers good speed, strong security, and can be used with industry-leading encryption. It’s also one of the most commonly used protocols for router setups.
Some systems may be too old to run good VPN apps, but they’re able to run OpenVPN software. Therefore, OpenVPN is a good alternative for when you want to protect an older device.
On top of that, OpenVPN software is a great way to bypass restrictions on networks where VPN providers are blocked. Be it your work network that blocks VPN service downloads or country-wide firewalls like the Great Firewall of China that blocks access to VPN pages altogether.
Can I set up OpenVPN on my device? Yes!
So let’s say you want to connect to a VPN server by using the OpenVPN client. If you’re using Surfshark, we have guides for that!
With Surfshark, you can also always download our app instead and use OpenVPN that way. But in case you want to go the scenic route of configuring OpenVPN yourself, here are the guides:
OpenVPN vs. other VPN protocols
People always want to know what’s the best. But it is difficult to compare VPN protocols. Why? Aside from flaws in code, a VPN protocol’s speed and security depend on its implementation.
Because of this, I recommend you try each of the protocols out yourself before making any conclusions.
However, this is (on average) how VPN protocols stack up against each other:
None unless paired with IPSec
OpenVPN vs. PPTP
Point-to-Point Tunneling Protocol, developed by Microsoft and others in 1999, is basically everywhere. It is also widely regarded as insecure, obsolete, and compromised by the NSA. Aside from the fact that it uses 128-bit encryption in the 256-bit era (imagine the key to your home having a single incision instead of 5), there are at least 5 major ways to overcome PPTP encryption, making it very easy for hackers to read your data.
The verdict: OpenVPN is more secure than PPTP in basically every way. Sure, PPTP is faster, but it comes at the cost of weaker encryption.
OpenVPN vs. L2TP
Layer 2 Tunneling Protocol was developed around the same time as PPTP. As a tunneling protocol, it doesn’t encrypt data by itself, so it’s usually paired with IPSec. This sort of modularity allows it to utilize AES encryption.
Like PPTP, it’s basically everywhere. However, there are rumors that it is compromised by the NSA.
The verdict: OpenVPN is safer by default and does not have issues with firewalls like L2TP often does.
OpenVPN vs. IKEv2
Sometimes called IKEv2/IPSec due to the usual pairing of the two, Internet Key Exchange v2 was developed by Cisco and Microsoft but has many open-source versions as well.
IKEv2 is a good choice for mobile users as it handles network drops (like walking out of range of Wi-Fi and hopping onto mobile data) and is a bit faster than OpenVPN. Yes, this applies to Surfshark users as well.
The verdict: IKEv2 works better for most users than OpenVPN.
OpenVPN vs. SSTP
SSTP can be seen as Microsoft creating a fitting replacement for PPTP. And it works! SSTP is integrated with all Windows systems going back to Windows Vista, and offers a comparable level of service as OpenVPN.
So why use OpenVPN? Because it’s open-source. This means that tech experts around the world can pop the hood at any time and inspect the code. SSTP isn’t open-source, so you’d have to trust Microsoft to use it.
The verdict: OpenVPN is more trustworthy and therefore better suited for people worried about their privacy.
OpenVPN vs. WireGuard
WireGuard® is one of the newest kids on the block, in development since 2016. One of its great advantages is its size. Wireguard clocks in at about 4,000 lines of code when compared to 600,000 for OpenVPN or 400,000 for IPSec. Fewer lines mean the code is easier to inspect, and there are fewer places for bugs to pop up.
The verdict: WireGuard* is fast and secure – you should probably use it instead of OpenVPN. That’s why Surfshark VPN updates switch the protocol to WireGuard automatically (you can switch back manually, of course).
*WireGuard is a registered trademark of Jason A. Donenfeld.
OpenVPN vs. Shadowsocks
Shadowsocks is a free, open-source encryption protocol project. It’s based on the SOCKS5 proxy – that is, the 5th version of the SOCKS protocol for routing your traffic via a proxy. While proxies give you one of VPNs’ benefits – getting a new IP – they’re not encrypted.
Shadowsocks was designed to provide that encryption because it was made for one goal: to circumvent the Great Chinese Firewall and allow Chinese users to reach the wider internet safely. However, it’s not the most well-crafted protocol, and it’s not easy to implement.
The verdict: Users not connecting from China are better off with OpenVPN. Users in China can still benefit from our No Borders feature, which the app enables automatically.
Can I use OpenVPN for free?
Technically speaking, yes, you can use OpenVPN for free. You can, say, use the Community Edition to create your own OpenVPN server on your home computer and then use the GUI app to connect to that server from your phone.
That way, you will have a safe communication channel to your home, but not much else. You won’t be hiding your IP, bypassing censorship, or unlocking streaming libraries.
If you want these benefits, you need to subscribe to a VPN provider like Surfshark. At that point, you also get access to an app that lets you switch servers without downloading anything and contains features like No Borders and Kill Switch.
Is OpenVPN safe to use?
Yes, previous inspections and audits have revealed some flaws in OpenVPN’s security, but OpenVPN developers immediately patched them. Moreover, the project maintains a log of discovered issues where the solutions to them are outlined.
Do I need OpenVPN?
Are you using a VPN to increase your privacy and security while surfing the web and give you better access to entertainment? And is your device supported by a VPN client like Surfshark? If so, then you don’t need to engage with OpenVPN yourself – aside from maybe setting it as your preferred protocol on the app.
If you’re a business setting up a VPN server or a really dedicated hobbyist who wants to set up a VPN at home, then you may want to use OpenVPN software. You may also use OpenVPN to access VPNs like Surfshark on platforms that the client app itself doesn’t support.
Additionally, OpenVPN is useful when installing a VPN on a router to secure all of the connected devices at once.
So unless you find yourself in one of these specific situations, getting an all-included app like Surfshark is the way to go.