What is OpenVPN?

What is OpenVPN
OpenVPN is a freely available open-source software that can be used to set up encrypted virtual private networks (VPNs). The software supports many different operating systems and can couple individual clients as well as entire networks.

What is OpenVPN?

The OpenVPN software is licensed under GNU GPL and is freely available. It can be used to implement encrypted private networks between individual clients or entire networks. To establish a connection, the OpenVPN software must be available and suitably configured on both sides.

The OpenVPN software can be installed on computers, servers or network devices like routers and supports operating systems like Windows, Linux, macOS, Solaris, OpenBSD, Android, and many more. The software transmits the user data via TCP or UDP packets. The VPN software can also be used across NAT boundaries (NAT – Network Address Translation). The data exchanged in the VPN is encrypted via SSL/TLS. The OpenSSL library is used for encryption.

Functionality and use of OpenVPN

A frequently used application scenario is the secure connection of a field worker or a home office computer via the Internet with the company network. In this case the client establishes the connection to the central server of the company. This can be reached under a fixed IP address or domain on the Internet and waits for incoming connections. Dynamic DNS services are often used for dynamic, constantly changing IP addresses.

READ:  What is SAE (Simultaneous Authentication of Equals)?

The server authenticates the client via a previously defined password or certificate. If the data is correct, an encrypted connection can be established in which the transmitted data can no longer be read by external parties. The encryption and decryption of the data are performed by the client or the server at the endpoints of the communication connection. In addition to individual clients, entire networks can also be connected via OpenVPN.

Advantages of OpenVPN

The free software offers numerous advantages. It supports a variety of different operating systems and has high stability. To realize large VPNs, OpenVPN can easily be scaled for thousands of clients. Thanks to the use of OpenSSL as well as SSL/TLS and PKI (Public Key Infrastructure) for session authentication, the VPNs are considered very secure. Installing the software is relatively easy and it also works with dynamically assigned IP addresses or behind NAT routers.

The different types of authentication

OpenVPN supports different types of authentication. Both preshared keys and digital certificates can be used. The preshared key is a static key or password, which has to be distributed to all involved communication partners beforehand. Appropriate measures must be taken to prevent the key from being lost. Certificate-based authentication uses private and public key pairs or digital certificates according to the X.509 standard.

READ:  What is a Red Team in IT Security?

The key pairs can be signed by a Certification Authority (CA). Servers and clients each have their own certificates and public/private key pairs. After successful mutual verification of the certificates/keys, a session key is created. This is used to encrypt the transmitted data and is automatically replaced by OpenVPN at certain intervals.

The network modes Bridging and Routing

Two different operating modes are possible with OpenVPN. These are routing and bridging. While only IP packets are transported in the routing mode, the bridging mode transmits Ethernet frames of layer 2 and enables the use of alternative protocols like IPX.