If you are googling around for VPN apps, you will likely come across the term “OpenVPN.” And if you’re a Surfshark user (hi!), you may have noticed it under the “Protocol” tab. But what is OpenVPN? The answer is a bit complicated, so I wrote this whole article dedicated to explaining it.
What is OpenVPN?
OpenVPN is both a VPN protocol and a VPN software. VPN “protocol” is a fast way of saying “a collection of procedures, rules, and things that allow a device to do a task.” In this case, the OpenVPN protocol defines a way to set up a VPN connection. OpenVPN as software is an application that helps to set up a VPN server/network by yourself.
Created in 2001, the OpenVPN protocol is now in use by almost every VPN provider. This is largely thanks to its open-source nature, which lets users check the code themselves. Transparency has led to a lot of testing, proving that the protocol is reliable and secure.
For a regular home user, the important part is that OpenVPN is one of the VPN protocols you’re most likely to encounter. As it was mentioned before, Surfshark uses OpenVPN as one of the options when it comes to securing your connection.
OpenVPN as a VPN protocol
The OpenVPN protocol combines rules for encrypting data, procedures for creating a secure connection, and things like different transport modes. Some of those already existed, others were developed specifically for OpenVPN.
As a security and privacy tool, a VPN is nothing without encryption. For that, OpenVPN uses the OpenSSL library.
What’s that? It’s an open-source cryptography library that provides the protocol with ways to encrypt and decrypt data. Encryption turns the data you send and receive into unreadable junk to make it useless to anyone who might spy on the communication between the VPN app and the server. OpenSSL is considered to be very reliable, and it’s used all over the internet.
OpenVPN utilizes 256-bit encryption ciphers provided by OpenSSL, such as AES-256-GCM that Surfshark runs. Bluntly speaking, the more bits in a cipher, the more secure it is. For example, 256-bit AES transforms your data 14 times before transmitting it over the internet. This makes it quite infeasible to crack with modern computers.
Security and speed
And yet, the OpenVPN project spiced up the security level even further. It uses a custom security protocol – yes, protocols can have protocols in them – instead of employing an existing one like IPSec. As it’s based on TLS and SSL (Transport Layer Security and its deprecated predecessor Secure Sockets Layer), it works according to widely accepted standards.
Generally speaking, OpenVPN is not the fastest protocol around. This has a lot to do with implementing OpenVPN on the server side. It’s clunky, with many added features, sporting a code no shorter than 600,000 lines.
Also, it’s more difficult to scale than its competitors WireGuard and IKEv2/IPSec. Often, this leads OpenVPN to have performance issues because it constantly gets adjusted with infrastructure updates.
On the more user-oriented and less head-ache-inducing side, OpenVPN operates in two modes: UDP and TCP. Those are two of the bedrock protocols (yes) of the internet. In fact, you can choose which mode to use with Surfshark!
Why? Because TCP sends and receives data packages all while keeping the computer equivalent of direct eye contact with the recipient. On the other hand, UDP is faster as it sort of just labels the packages and chucks them at the recipient.
So now you know about OpenVPN as a protocol. But what about OpenVPN as software?
OpenVPN protocol’s pros
OpenVPN protocol’s cons
OpenVPN as VPN software
As I mentioned, OpenVPN isn’t just a protocol. It’s also a tool for creating and maintaining virtual private networks. You are most likely to run into the OpenVPN GUI (graphical user interface) app, which allows you to connect to a VPN server… and that’s about it. It is really barebones and lacks a lot of quality-of-life improvements that you’d find in a dedicated VPN client like Surfshark.
Let’s see how you can use it!
Can I set up OpenVPN on my device? Yes!
So let’s say you want to connect to a VPN server by using the OpenVPN client. This guide will explain how to use OpenVPN on a Windows PC. We’re using Surfshark as an example as you need to have configuration files for the VPN you want to connect to.
Quick note: if you’re not into 19-step setup guides, just get yourself a Surfshark VPN subscription and download one of the apps where you’ll find OpenVPN ready to use.
- First off, download the OpenVPN GUI app from here.
- Install it.
- Before the installation, your OS will ask if you want to give the app permission to make changes to your device. That is necessary for setting up VPN connections, so click Yes.
- Accept all of the installation settings as they are.
- Run the OpenVPN GUI app (there should be a shortcut on your desktop)
- Now, back in your browser, subscribe to Surfshark if you haven’t already.
- Log into the website.
- Go to the Manual Setup page.
- Download the files for the server you want to connect to.
- You will get a pop-up asking whether you want the TCP or UDP files. Choose TCP.
- On the same Manual Setup page, switch the tab from Files to Credentials. Leave it open – we’ll need it for later.
- Now, open the Windows system tray and right-click the OpenVPN icon.
- Choose Import file… in the menu.
- Find the server file you downloaded, select it, and click Open.
- Once the server file is imported, you can find it as a new line in the OpenVPN menu.
- Move the cursor over the server name and click Connect in the menu that appears.
- The app will ask you for credentials. Enter the ones from the Credentials tab on the Manual Setup page.
- Click OK.
- If the connection is successful, the system tray icon will be green.
OpenVPN vs. other VPN protocols
People always want to know what’s the best. But it is difficult to compare VPN protocols. Why? Aside from flaws in code, a VPN protocol’s speed and security depend on its implementation.
Because of this, I recommend you try each of the protocols out yourself before making any conclusions.
However, this is (on average) how VPN protocols stack up against each other:
None unless paired with IPSec
OpenVPN vs. PPTP
Point-to-Point Tunneling Protocol, developed by Microsoft and others in 1999, is basically everywhere. It is also widely regarded as insecure, obsolete, and compromised by the NSA. Aside from the fact that it uses 128-bit encryption in the 256-bit era (imagine the key to your home having a single incision instead of 5), there are at least 5 major ways to overcome PPTP encryption, making it very easy for hackers to read your data.
Suffice to say, OpenVPN is more secure than PPTP in basically every way. Sure, PPTP is faster, but it comes at the cost of weaker encryption.
OpenVPN vs. L2TP
Layer 2 Tunneling Protocol was developed around the same time as PPTP. As a tunneling protocol, it doesn’t encrypt data by itself, so it’s usually paired with IPSec. This sort of modularity allows it to utilize AES encryption.
Like PPTP, it’s basically everywhere. However, there are rumors that it is compromised by the NSA. What is undeniable, however, is that L2TP often has issues with firewalls while OpenVPN doesn’t.
OpenVPN vs. IKEv2
Sometimes called IKEv2/IPSec due to the usual pairing of the two, Internet Key Exchange v2 was developed by Cisco and Microsoft, but has many open-source versions as well.
IKEv2 is a good choice for mobile users as it handles network drops (like walking out of range of Wi-Fi and hopping onto mobile data) and is a bit faster than OpenVPN. Yes, this applies to Surfshark users as well.
In general, IKEv2 works better for most users than OpenVPN.
OpenVPN vs. SSTP
SSTP can be seen as Microsoft creating a fitting replacement for PPTP. And it works! SSTP is integrated with all Windows systems going back to Windows Vista, and offers a comparable level of service as OpenVPN.
So why use OpenVPN? Because it’s open-source. This means that tech experts around the world can pop the hood at any time and inspect the code. SSTP isn’t open-source, so you’d have to trust Microsoft to use it.
OpenVPN vs. WireGuard
WireGuard® is one of the newest kids on the block, in development since 2016. One of its great advantages is its size. Wireguard clocks in at about 4,000 lines of code when compared to 600,000 for OpenVPN or 400,000 for IPSec. Fewer lines mean the code is easier to inspect, and there are fewer places for bugs to pop up.
WireGuard* is fast and secure – you should probably use it instead of OpenVPN. That’s why Surfshark VPN updates switch the protocol to WireGuard automatically (you can switch back manually, of course).
*WireGuard is a registered trademark of Jason A. Donenfeld.
OpenVPN vs. Shadowsocks
Shadowsocks is a free, open-source encryption protocol project. It’s based on the SOCKS5 proxy – that is, the 5th version of the SOCKS protocol for routing your traffic via a proxy. While proxies give you one of VPNs’ benefits – getting a new IP – they’re not encrypted.
Shadowsocks was designed to provide that encryption because it was made for one goal: to circumvent the Great Chinese Firewall and allow Chinese users to reach the wider internet safely. Therefore, Surfshark offers it as an option. At the same time, users not connecting from China are better off with the much-faster OpenVPN.
Can I use OpenVPN for free?
Technically speaking, you can use OpenVPN for free. You can, say, use the Community Edition to create a VPN server on your home computer, and then use the GUI app to connect to that server from your phone.
That way, you will have a safe communication channel to your home, but not much else. You won’t be hiding your IP, bypassing censorship, or unlocking streaming libraries.
If you want these benefits, you need to subscribe to a VPN service like Surfshark. At that point, you also get access to an app that lets you switch servers without downloading anything, and contains features like bookmarks and a kill-switch. So why not just get Surfshark VPN?
Is OpenVPN safe?
In a word, yes.
In more words, previous inspections and audits have revealed some flaws in OpenVPN’s security, but OpenVPN developers immediately patched them. Moreover, the project maintains a log of discovered issues where the solutions to them are outlined.
Do I need OpenVPN?
Are you using a VPN to increase your privacy and security while surfing the web and give you better access to entertainment? And is your device supported by a VPN client like Surfshark? If so, then you don’t need to engage with OpenVPN yourself – aside from maybe setting it as your preferred protocol on the app.
If you’re a business setting up a VPN server or a really dedicated hobbyist who wants to set up a VPN at home, then you may want to use OpenVPN software. You may also use OpenVPN to access VPNs like Surfshark on platforms that the client app itself doesn’t support.
Additionally, OpenVPN is useful when installing a VPN on a router to secure all of the connected devices at once.
So unless you find yourself in one of these specific situations, getting an all-included app like Surfshark is the way to go.