OpenVPN is a robust and highly flexible VPN daemon. OpenVPN supports SSL / TLS security, Ethernet bridging, TCP or UDP tunnel transport via proxy or NAT, dynamic IP and DHCP support, scalability to hundreds or thousands of users, and portability to most major OS platforms.
OpenVPN is closely related to the OpenSSL library and derives most of its cryptographic capabilities from it.
OpenVPN supports basic encryption using a pre-shared secret (static key mode) or public key security (SSL / TLS mode) using client and server certificates. OpenVPN also supports unencrypted TCP / UDP tunnels.
OpenVPN is designed to work with the TUN / TAP virtual network interface that exists on most platforms.
Overall, OpenVPN aims to offer many of the key IPSec features, but in a relatively lightweight size.
With OpenVPN, you can:
- Tunnel any IP subnet or virtual Ethernet adapter over a single UDP or TCP port,
- Configure a scalable, load-balanced VPN server farm with one or more machines that can handle thousands of dynamic connections from incoming VPN clients,
- Use all the encryption, authentication and certification features of the OpenSSL library to secure your private network traffic as it travels over the Internet,
- Use any cipher, key size or HMAC digest (for datagram integrity check) supported by the OpenSSL library,
- Choose between regular static key encryption or certificate based public key encryption,
- Use static, pre-shared or TLS based dynamic key exchange,
- Use real-time adaptive channel compression and traffic shaping to control channel bandwidth usage,
- Tunneling networks whose public endpoints are dynamic, such as DHCP or remote clients,
- Tunnel networks through connection-oriented stateful firewalls without the need for explicit firewall rules,
- Tunneling networks through NAT,
- Build secure Ethernet bridges with virtual fanout devices and
- Control OpenVPN using a GUI on Windows or Mac OS X.
How to set up OpenVPN
- Download OpenVPN for your operating system
- Run the download file to install the client on your computer.
- Enter url for OpenVPN server or drag and drop config file (you can try VPNBook)
- Updated library OpenVPN 3 to version 3.6.2.
- Added adaptive portal detection: OpenVPN Connect notifies the user when a device is connected to a network with adaptive portal enabled. This feature is enabled by default and can be controlled from the settings screen in the app.
- Added network loss detection: The VPN connection goes into a “pause” state when the network connection is lost, and automatically resumes the VPN session when the network is up.
- Added command line interface. See Command Line Functionality for OpenVPN Connect.
- Changes in software update functionality:
- Added the ability to change the setting of the frequency of checking for software updates.
- Added update checks the frequency of admin control using the profile directive: 0 – never; 1 – every day; 7 times a week; and 30 monthly. When a profile with this directive is included in the application, the application setting is changed automatically. CONNECTV3_PREFERENCE_UPDATE_FREQUENCY = <0 | 1 | 7 | 30>
- When a new version of the application is available, it becomes visible in the main menu of the application.
- Added release notes to app update notification.
- Added support for PKCS11 hardware tokens. See Support for PKCS11 Physical Tokens for OpenVPN Connect.
- The Reconnect on Restart option has been replaced with startup options. The user can choose several options: launch the application after the OS reboot, connect to the last connected profile, or connect only if the connection was active during the reboot (previously the behavior of the “Reconnect on reboot” option).
- Added external certificates on Windows 7: OpenVPN Connect supports importing and assigning an external PKCS12 identity to a profile for connecting on Windows 7.
- Added section for advanced settings. Settings that might disrupt the connection are hidden in the Additional Settings section of the Settings screen.
- Added colorful tray icons. The OpenVPN Connect taskbar icon with color indication of connection status can be enabled from the settings screen (default behavior in Windows 7 and Windows 8).
- Removed deprecated “force AES-CBC” compatibility option.
- Various bug fixes and UX improvements.
Linux packages are available at: