OpenVPN is a VPN package written by James Yonan. It provides the ability to create point-to-point encrypted tunnels between hosts. It allows peers to authenticate to each other using a preshared private key, certificates, or username/password. It makes extensive use of the OpenSSL encryption library, and uses the SSLv3/TLSv1 protocol. It is available on Linux, xBSD, Mac OSX, and Windows 2000/XP. It offers a wealth of security and control features. It is not a "web-based" VPN, and is not compatible with IPsec or any other VPN package. The entire package consists of one binary for both client and server connections, an optional configuration file, and one or more key files depending on the authentication method used.



OpenVPN uses the OpenSSL library to provide encryption of both the data and control channels. It lets OpenSSL do all the encryption and authentication work. This allows OpenVPN to use all the ciphers available in the OpenSSL package. It can also use the HMAC packet authentication feature to add an additional layer of security to the connection (referred to as an "HMAC Firewall" by the creator). It can also use hardware acceleration to get better encryption performance.


OpenVPN has several ways to authenticate peers to one another. OpenVPN offers preshared secret key, certificate-based, and username/password-based authentication. Preshared secret key is the easiest, with certificate based being the most robust and feature-rich. The username/password is a new feature (version 2.0) that can be used with or without a client certificate (the server still needs a certificate). The source tarball includes a sample perl script to verify the username/password with PAM and a C auth-pam plugin.


OpenVPN multiplexes all communications over a single IP port. It can run over UDP (preferred, and default) or TCP. It has the ability to work through most proxy servers (including HTTP) and is good at working through NAT. The server configuration has the ability to "push" certain network configuration options to the clients. These include IP addresses, routing commands, and a few connection options. OpenVPN offers two types of interfaces for networking via the Universal Tun/Tap driver. It can create either a level 3 based IP tunnel, or a level 2 based Ethernet "tap" that can carry any type of Ethernet traffic. OpenVPN can optionally use the LZO compression library to compress the data stream. IANA assigned port 1194 as the official port number for OpenVPN. Newer versions of the program now default to that port. A feature in the 2.0 version allows for one process to manage several simultaneous tunnels, as opposed to the original "one tunnel per process" restriction on the 1.x series.


OpenVPN offers several internal security features. It has the ability to drop root privileges, use mlockall to prevent swapping sensitive data to disk, and enter a chroot jail after initialization.

External links


  • Art and Cultures
    • Art (
    • Architecture (
    • Cultures (
    • Music (
    • Musical Instruments (
  • Biographies (
  • Clipart (
  • Geography (
    • Countries of the World (
    • Maps (
    • Flags (
    • Continents (
  • History (
    • Ancient Civilizations (
    • Industrial Revolution (
    • Middle Ages (
    • Prehistory (
    • Renaissance (
    • Timelines (
    • United States (
    • Wars (
    • World History (
  • Human Body (
  • Mathematics (
  • Reference (
  • Science (
    • Animals (
    • Aviation (
    • Dinosaurs (
    • Earth (
    • Inventions (
    • Physical Science (
    • Plants (
    • Scientists (
  • Social Studies (
    • Anthropology (
    • Economics (
    • Government (
    • Religion (
    • Holidays (
  • Space and Astronomy
    • Solar System (
    • Planets (
  • Sports (
  • Timelines (
  • Weather (
  • US States (


  • Home Page (
  • Contact Us (

  • Clip Art (
Personal tools