OpenVPN is entirely a community-supported OSS project which uses the GPL license. The project has many developers and contributors from OpenVPN Technologies, Inc and from the broader OpenVPN community. In addition, there are numerous projects that extend or are otherwise related to OpenVPN.
Your support can go a long way towards ensuring OpenVPN's continuing development, including staying on top of security issues, maintaining a rigorous testing program, adding new features, improving documentation, and providing technical support. Take a look at this Wiki article for ideas on how to contribute.
The project provides several services for it's users:
- #openvpn IRC channel on irc.freenode.net
- openvpn-users mailinglist on Sourceforge.net
- OpenVPN forums (continuation of ovpnforum.com)
- Trac wiki and bugtracker on openvpn.net
In addition, several services are used by OpenVPN's developers:
- #openvpn-devel IRC channel on irc.freenode.net
- openvpn-devel mailinglist on Sourceforge.net
- Git VCS repositories (clones on Sourceforge.net and GitHub
- Trac wiki and tracker on openvpn.net
- Buildbot continuous integration and packaging server on openvpn.net
If you have questions about the community project, please don't hesitate to contact our community manager (samuli _at_ openvpn -dot- net) directly.
The following pages provides an overview of the OpenVPN Community Open Source Software Project. It describes what OpenVPN is andwhat it can do.
|Community Software Overview -UnderstandingOpenVPN....|
|What is OpenVPN? - With OpenVPN you can......|
|Why OpenVPN? - Strengths of OpenVPN are.....|
|Why OpenVPN uses TLS? - Underlining Protocol used is....|
|Why SSL VPN? - VPN types are....|
|OpenVPN Compatibility .|
|Building OpenVPN .|
|OpenVPN Project - Developing, contributing and getting support...|
|OpenVPN logos and icons - For websites, applications and menus...|
|For more detailed information explore our Documentation and FAQ
What distinguishes OpenVPN from other VPN packages?
- OpenVPN's principal strengths include cross-platform portability across most of the known computing universe, excellent stability, scalability to hundreds or thousands of clients, relatively easy installation, and support for dynamic IP addresses and NAT.
- OpenVPN provides an extensible VPN framework which has been designed to ease site-specific customization, such as providing the capability to distribute a customized installation package to clients, or supporting alternative authentication methods via OpenVPN's plugin module interface (For example the openvpn-auth-pam module allows OpenVPN to authenticate clients using any PAM authentication method -- such methods may be used exclusively or combined with X509 certificate-based authentication).
- OpenVPN offers a management interface which can be used to remotely control or centrally manage an OpenVPN daemon. The management interface can also be used to develop a GUI or web-based front-end application for OpenVPN.
- On Windows, OpenVPN can read certificates and private keys from smart cards which support the Windows Crypto API.
- OpenVPN uses an industrial-strength security model designed to protect against both passive and active attacks. OpenVPN's security model is based on using SSL/TLS for session authentication and the IPSec ESP protocol for secure tunnel transport over UDP. OpenVPN supports the X509 PKI (public key infrastructure) for session authentication, the TLS protocol for key exchange, the OpenSSL cipher-independent EVP interface for encrypting tunnel data, and the HMAC-SHA1 algorithm for authenticating tunnel data.
- OpenVPN is built for portability. At the time of this writing, OpenVPN runs on Linux, Solaris, OpenBSD, FreeBSD, NetBSD, Mac OS X, and Windows (2000/XP and later versions). Because OpenVPN is written as a user-space daemon rather than a kernel module or a complex modification to the IP layer, porting efforts are dramatically simplified.
- OpenVPN is easy to use. In general, a tunnel can be created and configured with a single command (and without any required configuration files). OpenVPN's documentation contain examples illustrative of its ease of use.
- OpenVPN has been rigorously designed and tested to operate robustly on unreliable networks. A major design goal of OpenVPN is that it should be as responsive, in terms of both normal operations and error recovery, as the underlying IP layer that it is tunneling over. That means that if the IP layer goes down for 5 minutes, when it comes back up, tunnel traffic will immediately resume even if the outage interfered with a dynamic key exchange which was scheduled during that time.
- OpenVPN has been built with a strongly modular design. All of the crypto is handled by the OpenSSL library, and all of the IP tunneling functionality is provided through the TUN/TAP virtual network driver. The benefits of this modularity can be seen, for example, in the way that OpenVPN can be dynamically linked with a new version of the OpenSSL library and immediately have access to any new functionality provided in the new release. For example, when OpenVPN is built with the latest version of OpenSSL (0.9.7), it automatically has access to new ciphers such as AES-256 (Advanced Encryption Standard with 256 bit key) and the encryption engine capability of OpenSSL that allows utilization of special-purpose hardware accelerators to optimize encryption, decryption, and authentication performance. In the same way, OpenVPN's user-space design allows straightforward porting to any OS which includes a TUN/TAP virtual network driver.
- OpenVPN is fast. Running Redhat 7.2 on a Pentium II 266mhz machine, using TLS-based session authentication, the Blowfish cipher, SHA1 authentication for the tunnel data, and tunneling an FTP session with large, pre-compressed files, OpenVPN achieved a send/receive transfer rate of 1.455 megabytes per second of CPU time (combined kernel and user time).
- While OpenVPN provides many options for controlling the security parameters of the VPN tunnel, it also provides options for protecting the security of the server itself, such as --chroot for restricting the part of the file system the OpenVPN daemon has access to, --user and --group for downgrading daemon privileges after initialization, and --mlock to ensure that key material and tunnel data is never paged to disk where it might later be recovered.
OpenVPN can easily be built from source for Linux and BSD variants. Building OpenVPN for Windows is more complex, therefore a pre-built installer is available for Windows on the OpenVPN download site. Instructions for building OpenVPN for Windows are available in the OpenVPN Wiki.
OpenVPN can be built:
- with both the OpenSSL Crypto and SSL libraries, offering certificate-based authentication, public key encryption, and TLS-based dynamic key exchange,
- with only the OpenSSL Crypto library, offering static-key based conventional encryption and authentication, or
- standalone, with support for unencrypted UDP tunnels.
OpenVPN can also be linked with the LZO real-time compression library. OpenVPN supports adaptive compression, meaning that it will enable link compression only when the tunnel data stream is found to be compressible.
OpenVPN runs entirely in user space and does not require any special kernel components other than the TUN/TAP virtual network driver available for Windows, Linux, and BSD variants.
Is OpenVPN standards-compliant?
As a user-space VPN daemon, OpenVPN is compatible with SSL/TLS, RSA Certificates and X509 PKI, NAT, DHCP, and TUN/TAP virtual devices. OpenVPN is not compatible with IPSec, IKE, PPTP, or L2TP.
Can OpenVPN tunnel over a TCP connection?
Yes, starting with version 1.5.
Can I use a web browser as an OpenVPN client?
No. While OpenVPN uses the SSL/TLS protocol for security, OpenVPN is not a web application proxy. It is an OSI layer 2 or 3 full-mesh internetwork tunneling solution and requires that OpenVPN be installed on both client and server.
OpenVPN runs on:
OpenVPN runs on Linux, Windows XP/Vista/7 and higher, OpenBSD, FreeBSD, NetBSD, Mac OS X, and Solaris.