A cloud-based solution tailored to meet your Virtual Private Network needs.
OpenVPN Cloud is our next-generation business VPN solution. This new product eliminates server installation — now you simply connect to our VPN-as-a-Service offering. With OpenVPN Cloud, you can run your VPN on our Cloud. Our worldwide operations have been perfected to run at scale. Our multi-tenant cloud service has a high-performing mesh core network that is spread out in multiple countries and offers multiple regional connection locations worldwide.
Subscribing to our service and choosing your account name creates your own VPN within our secure OpenVPN Cloud worldwide network. You administer your VPN by signing in to https://cloud.openvpn.net. Your users can sign in to https://[cloud-id].openvpn.cloud to download the client software and administer their devices. You can secure your and your user’s accounts by turning ON two-factor authentication.
Want to setup a full-mesh site-to-site private worldwide network?
It just takes three steps:
- Add Networks and their IP address ranges using the Administration Portal
- Install the Connector software on Linux, Windows, or macOS host(s) in your Cloud or on-premises data centers and connect them to any one of our worldwide VPN Regions
- Enable routing and add static routes for reachability
Want to add remote access?
Providing remote access to your VPN is as simple as adding your employees as OpenVPN Cloud Users or if your company uses a Security Assertion Markup Language (SAML) 2.0 compatible Identity Provider, just configure OpenVPN Cloud to work with SAML for user authentication. This allows them to use OpenVPN Connect Client on all the popular desktop and smartphone operating systems (Android, iOS, Linux, macOS, and Windows) to access private resources by connecting to any of the OpenVPN Cloud VPN Regions regardless of the geographic location where the private resource is located. You can increase the reliability and network performance of remote access by adding multiple Connectors that connect to different VPN Regions that are closer to your distributed workforce.
How about using the VPN to securely access Remote Desktop, file, and web servers without access to the complete private network?
You can do that by configuring Hosts to represent your servers in the administration portal. Install the connector software on the server and access them by their VPN IP address after connecting to OpenVPN Cloud.
Want to restrict access?
Full-Mesh networking can be turned OFF to implement fine-grained, least-privilege access and network segmentation — not only for user access, but also for access between various Networks and Hosts. Services can be defined for Networks and Hosts that can represent either a subnet, an individual IP address, or even individual services (ports/protocol) on a specific IP address or set of IP addresses. Specific User Groups, Hosts, and Networks can be granted access to one or more of these Services. All service management is carried out from the OpenVPN Cloud web portal.
Looking for more examples of using OpenVPN Cloud?
There are a variety of different ways you can leverage OpenVPN Cloud from securing access to the Internet to IoT applications. Explore the variety.
- A managed hosting service for your private network that is powered by a multi-tenant, mesh-connected core network with worldwide points of presence.
- Your VPN is hosted by OpenVPN Cloud and your private network extends to authorized Sites and Users as they connect using OpenVPN protocol to any OpenVPN Cloud point of presence.
- IP-layer networking allows access to all TCP and UDP based services
- Support for Site-to-Site and Remote Access
- Full-mesh site-to-site connectivity without complex configuration
- Support for peer-to-peer communication
Points of Presence located in more 5 cities worldwide with a presence in 3 countries
- Self-service portal for VPN Administrator and Users
- Assigned subdomain for your organization
- Web-based configuration and management for the Administrator
- Virtual worldwide private secure networking IPv4 and IPv6 space for each Tenant/Customer
- Assign static IP addresses to User devices and Connectors for Networks and Hosts
- Full RFC 1918 IPv4 private address range and IPv6 RFC 4193 Unique local address range available for Customer use
Customer’s internal private DNS servers can be used instead of OpenVPN Cloud DNS services
- Application Servers can directly offer private services, to Users and other VPN sites, by being configured as OpenVPN Cloud Hosts and connecting to OpenVPN Cloud using Connector software
- Virtual Private Clouds, data centers, and other sites can allow access to private services by being configured as OpenVPN Cloud Networks and connecting to OpenVPN Cloud using Connector software
- Services can be defined in the form of individual IP addresses, and/or CIDR subnet ranges, with the associated protocol and service ports. By allowing access to any protocol and port, an entire subnet can be made accessible
- A Network can be configured to provide an Internet Gateway service which allows it to act as an Internet exit point for one or more User groups, Hosts, or other Networks
- Public Internet traffic originating from OpenVPN Cloud-connected Users, Hosts and Networks can be configured to either exit directly via the local ISP or enter OpenVPN Cloud
- Public traffic that has entered OpenVPN Cloud can be blocked, or exit out of one of the Internet Gateways on your private network
- Connector identity is authenticated via the assigned X509 certificate during VPN setup
- Remote access user’s credentials are authenticated against the VPN user directory. The X509 certificate assigned to the user is then used for authentication during the VPN setup.
- Supports Security Assertion Markup Language (SAML) 2.0 identity federation for Single Sign-On (SSO)
- OpenVPN Cloud can authenticate users with your private LDAP directory.
- Full-mesh access between all configured Networks, Hosts and Users is enabled by default
- Full-mesh access can be overridden by configuring Access Groups
- Access Groups define allowed access mapping between configured Services and User Groups, Networks and Hosts
- OpenVPN Cloud’s point of presence servers (referred to as VPN Regions) are 1:1 redundant and deployed in highly-available data centers around the world. Our data centers are selected to have good peering links with Tier 1 network providers.
- OpenVPN Cloud infrastructure is scaled to always keep ahead of our customer demands and use low oversubscription ratios
- Accessing VPN resources is possible by connecting to any one of the worldwide Regions regardless of which Region is acting as the connection to the resource being accessed
- Private DNS load balancing can be used for incoming traffic to Application Servers configured as Hosts because their VPN IP address remains constant
macOS, Windows, and ovpn file download for Linux and routers that support OpenVPN natively
Android, iOS, Linux (by use of .ovpn profile), macOS, and Windows
- VPN connection profiles and certificates can be distributed to Users in an offline manner or automatically downloaded to the Connect Client on User login
- The list of points of presence to which a User can connect can be restricted
- The number of devices that can share a user’s account can be limited
- A user’s access to the Internet can be blocked
Support Ticketing System serviced 24/7
- With no VPN Server infrastructure to deploy, scale, and maintain, you can concentrate on your business and leave the networking to us
- Easily create a private network among all your on-premises and cloud data centers by simply connecting to OpenVPN Cloud from each of them
- Leverage our growing worldwide network footprint to get fast anywhere remote access
- Our fully-meshed, multi-tenant, high-performance core network creates a worldwide VPN
from all your regionally-connected sites
- For remote access, your employees can access work network resources by connecting to any one of our worldwide connection points
- Our fully-meshed, multi-tenant, high-performance core network creates a worldwide VPN
- No specialized hardware is needed
- Login to the portal and download pre-configured software to install a Network Connector and
share internal network resources
- For computers running Linux or routers with built-in support for OpenVPN, just the ovpn file
can be downloaded
- Connector executables are available for macOS, and Windows operating systems
- Easier to set up than IPsec and equally capable.
- No need to fuss with complicated routing as full-mesh operation is part of the default
- Domain names are assigned and used to route to the right host on the right network even if there are multiple networks with overlapping IP address ranges.
- Remote access to corporate resources
- Site-to-site connectivity between offices and/or data centers
- Prevent public traffic from entering your VPN or force public traffic to exit out of one or more of your private networks where your UTM solutions are located
- Specify traffic that travels over the VPN by website domain names—similar to per-app VPN policies. Other traffic routes outside the tunnel.
Manage all aspects of your VPN such as Networks, Hosts, Users and User Groups, Services,
and fine-grained access control with our easy-to-use web portal
- Define role-based or organizational department-based user groups and assign those groups least privilege access to Services
- Micro-segment even your site-to-site networking by providing access only to specific services instead of the complete Network
- Users activate their accounts by following instructions received in an invitation email
- Users can use SSO to log in to the User portal to download clients, generate connection profiles, manage the devices that they have used to connect, and more
Cloud VPN frees your users to choose their favorite device by providing support for Android,
iOS, Linux, macOS, and Windows.
- Leverages OpenVPN, and OpenSSL open source projects
- Code is scrutinized and quick security fixes are ensured due to large community support
- Prevent access to websites containing malicious or undesirable content by using DNS-based content filtering.