OpenVPN is an open-source solution for creating virtual private networks and organizing encrypted point-to-point and client-server connections. OpenVPN provides solutions for a range of tasks, including connection between remote users, access to both home and office networks, secure WiFi connections, and secure connection to remote offices.
OpenVPN can even be scaled up to arrange a remote access system for an entire enterprise, with load balancing, failover and fine-grained access-controls. OpenVPN combines safety with the ease of use.
Key features of OpenVPN:
- Works behind the majority of proxy servers, including HTTP, SOCKS, NAT and network filters.
- Network operations over TCP or UDP transports.
- Ability to organize network-level TUN tunnels and TAP bridges.
- Efficient traffic compression.
- Uses various encryption protocols (MD5-HMAC, RSA) and 2048-bit keys.
- Several authentication modes.
Changes in recent version
- Connections setup is now much faster.
- ChaCha20-Poly1305 cipher in the OpenVPN data channel (Requires OpenSSL 1.1.0 or newer).
- Improved TLS 1.3 support when using OpenSSL 1.1.1 or newer.
- Client-specific tls-crypt keys (–tls-crypt-v2).
- Improved Data channel cipher negotiation.
- Removal of BF-CBC support in default configuration (see below for possible incompatibilities).
- HMAC based auth-token support for seamless reconnects to standalone servers or a group of servers.
- Asynchronous (deferred) authentication support for auth-pam plugin.
- Asynchronous (deferred) support for client-connect scripts and plugins.
- Support IPv4 configs with /31 netmasks now.
- 802.1q VLAN support on TAP servers.
- IPv6-only tunnels.
- New option –block-ipv6 to reject all IPv6 packets (ICMPv6).
- Netlink integration (OpenVPN no longer needs to execute ifconfig/route or ip commands).
- Wintun driver support, a faster alternative to tap-windows6.
- Setting tun/tap interface MTU.
- Setting DHCP search domain.
- Allow unicode search string in –cryptoapicert option.
- EasyRSA3, a modern take on OpenVPN CA management.
- MSI installer.