What is OpenVPN?
Created in 2001, OpenVPN protocol is now in use by almost every VPN provider. This is largely thanks to its open-source nature, which lets users check the code themselves. Transparency has led to a lot of testing, proving that the protocol is reliable and secure.
For a regular home user, the important part is that OpenVPN is one of the VPN protocols they’re most likely to encounter. As it was mentioned before, Surfshark uses OpenVPN as one of the options when it comes to securing the user’s connection!
OpenVPN as VPN protocol
OpenVPN protocol combines rules for encrypting data, procedures for creating a secure connection, and things like different transport modes. Some of those are already existing, others were developed specifically for OpenVPN.
As a security and privacy tool, a VPN is nothing without encryption. For that, OpenVPN uses the OpenSSL library.
What’s that? It’s an open-source cryptography library that provides the protocol with the ways to encrypt and decrypt data. The encryption turns the data you send and receive into unreadable junk to make it useless to anyone who might spy on the communication between the VPN app and the server. OpenSSL is considered to be very reliable, and it’s used all over the internet.
OpenVPN utilizes 256-bit encryption ciphers provided by OpenSSL, such as AES-256-GCM that Surfshark runs on. Bluntly speaking, the more bits in cipher, the more secure it is. For example, 256-bit AES transforms your data 14 times before transmitting it over the internet. This makes it quite infeasible to crack with modern computers.
Security and speed
And yet the OpenVPN project spiced up the security level further. It uses a custom security protocol – yes, protocols can have protocols in them – instead of employing an existing one like IPSec. As it’s based on TLS and SSL (Transport Layer Security and its deprecated predecessor Secure Sockets Layer), it works according to widely-accepted standards.
Generally speaking, OpenVPN is not the fastest protocol around. This has a lot to do with security concerns: stronger encryption demands more computer power and bandwidth, which leaves less space for what you want to transmit.
This is why OpenVPN decreases your connection speed – it needs more bandwidth and server resources to ensure a strong level protection.
On the more user-oriented and less head-ache inducing side, OpenVPN operates in two modes: UDP and TCP. Those are two of the bedrock protocols (yes) of the internet. In fact, you can choose which mode to use with Surfshark!
Why? Because TCP provides a more reliable connection as it sends and receives data packages all while keeping the computer equivalent of direct eye contact with the recipient. On the other hand, UDP is faster as it sort of just labels the packages and chucks them at the recipient.
So know you about OpenVPN as a protocol. But what about OpenVPN as a software?
|OpenVPN protocol’s pros||OpenVPN protocol’s cons|
OpenVPN as VPN software
As I mentioned, OpenVPN isn’t just a protocol. It’s also a tool for creating and maintaining virtual private networks. You are most likely to run into OpenVPN GUI (graphical user interface) app, which allows you to connect to a VPN server… and that’s about it. It is really barebones and lacks a lot of quality of life improvements that you’d find in a dedicated VPN client like Surfshark.
Let’s see how you can use it!
Can I Set Up OpenVPN on my device? Yes!
So let’s say you want to connect to a VPN server by using the OpenVPN client. This guide will explain how to use OpenVPN on a Windows PC. We’re using Surfshark as an example as you need to have configuration files for the VPN you want to connect to.
Quick note – if you’re not into 19-step setup guides, just get yourself a Surfshark VPN subscription and download one of the apps where you’ll find OpenVPN ready to use.
- First off, download the OpenVPN GUI app from here.
- Install it.
- Before the installation, your OS will ask if you want to give the app permission to make changes to your device. That is necessary for setting up VPN connections, so click Yes.
- Accept all of the installation settings as they are.
- Run the OpenVPN GUI app (there should be a shortcut on your desktop)
- Now, back in your browser, subscribe to Surfshark if you haven’t already.
- Log into the website.
- Go to the Manual Setup page.
- Download the files for the server you want to connect to.
- You will get a pop-up asking whether you want the TCP or UDP files. Choose TCP.
- On the same Manual Setup page, switch the tab from Files to Credentials. Leave it open – we’ll need it for later.
- Now, open the Windows system tray and right-click the OpenVPN icon.
- Choose Import file… in the menu.
- Find the server file you downloaded, select it, and click Open.
- Once the server file is imported, you can find it as a new line in the OpenVPN menu.
- Move the cursor over the server name and click Connect in the menu that appears.
- The app will ask you for credentials. Enter the ones from the Credentials tab on the Manual Setup page.
- Click OK.
- If the connection is successful, the system tray icon will show green.
OpenVPN vs. Other VPN Protocols
As with most things in the IT world, OpenVPN has several competing VPN protocols. Here’s how they stack up:
|L2TP||Good||Lacking||None unless paired with IPSec|
OpenVPN vs. PPTP
Point-to-Point Tunneling Protocol, developed by Microsoft and others in 1999, is basically everywhere. It is also widely regarded as insecure, obsolete, and compromised by the NSA. Aside from the fact that it uses 128-bit encryption in the 256-bit era (imagine the key to your home having a single incision instead of 5), there are at least 5 major ways to overcome PPTP encryption, making it very easy for hackers to read your data.
Suffice to say, OpenVPN is more secure than PPTP in basically every way. Sure, PPTP is faster, but it comes at the cost of weaker encryption.
OpenVPN vs. L2TP
Layer 2 Tunneling Protocol was developed around the same time as PPTP. As a tunneling protocol, it doesn’t encrypt data by itself, so it’s usually paired with IPSec. This sort of modularity allows it to utilize AES encryption.
Like PPTP, it’s basically everywhere. However, there are rumours that it is compromised by the NSA. What is undeniable, however, is that L2TP often has issues with firewalls while OpenVPN doesn’t.
OpenVPN vs. IKEv2
Sometimes called IKEv2/IPSec due to the usual pairing of the two, Internet Key Exchange v2 was developed by Cisco and Microsoft, but has many open-source versions as well.
IKEv2 is a good choice for mobile users as it handles network drops (like walking out of range of Wi-Fi and hopping onto mobile data) and is a bit faster than OpenVPN. Yes, this applies to Surfshark users as well.
OpenVPN vs. SSTP
SSTP can be seen as Microsoft creating a fitting replacement for PPTP. And it works! SSTP is integrated with all Windows systems going back to Windows Vista, and offers a comparable level of service as OpenVPN.
So why use OpenVPN? Because it’s open-source. This means that tech experts around the world can pop the hood at any time and inspect the code. SSTP isn’t open-source, so you have to trust Microsoft to use it.
OpenVPN vs. WireGuard
WireGuard® is one of the newest kids on the block, in development since 2016. One of its great advantages is its size. Wireguard clocks in at about 4,000 lines of code when compared to 600,000 for OpenVPN or 400,000 for IPSec. Fewer lines mean the code is easier to inspect, and there are fewer places for bugs to pop-up.
WireGuard* is fast and secure – you should probably use it instead of OpenVPN. That’s why Surfshark VPN updates switch the protocol to WireGuard automatically (you can switch back manually, of course).
*WireGuard is a registered trademark of Jason A. Donenfeld.
OpenVPN vs. Shadowsocks
Shadowsocks is a free, open-source encryption protocol project. It’s based on the SOCKS5 proxy – that is, the 5th version of the SOCKS protocol for routing your traffic via a proxy. While proxies give you one of VPN’s benefits – getting a new IP – they’re not encrypted.
Shadowsocks was designed to provide that encryption because it was made for one goal: to circumvent the Great Chinese Firewall and allow Chinese users to reach the wider internet safely. Therefore, Surfshark offers it as an option. At the same time, users not connecting from China are better off with the much-faster OpenVPN.
Can I Use OpenVPN for Free?
Technically speaking, you can use OpenVPN for free. You can, say, use the Community Edition to create a VPN server on your home computer, and then use the GUI app to connect to that server from your phone.
That way, you will have a safe communication channel to your home, but not much else. You won’t be hiding your IP, bypassing censorship, or unlocking streaming libraries.
If you want these benefits, you need to subscribe to a VPN service like Surfshark. At that point, you also get access to an app that lets you switch servers without downloading anything, and contains features like bookmarks and a kill-switch. So why not just get Surfshark VPN?
Is OpenVPN Safe?
In a word, yes. In some more words, previous inspections and audits have revealed some flaws in OpenVPN’s security, but OpenVPN developers immediately patched them. Moreover, the project maintains a log of discovered issues where the solutions to them are outlined.
Do I need OpenVPN?
Are you using a VPN to increase your privacy and security while surfing the web and give you better access to entertainment? And is your device supported by a VPN client like Surfshark? If so, then you don’t need to engage with OpenVPN yourself – aside from maybe setting it as your preferred protocol on the app.
If you’re a business setting up a VPN server or a really dedicated hobbyist who wants to set up a VPN at home, then you may want to use OpenVPN software. You may also use OpenVPN to access VPNs like Surfshark on platforms that the client app itself doesn’t support.
Additionally, OpenVPN is useful when installing a VPN on a router to secure all of the connected devices at once.
So unless you find yourself in one of these specific situations, getting an all-included app like Surfshark is the way to go.