OpenVPN is a full-featured SSL VPN solution which can accomodate a wide range of configurations, including VPN client remote access, site-to-site VPN, WiFi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls.
OpenVPN is a SSL VPN solution and does not support IPSec, LPTP and PPTP. OpenVPN is incompatible with IKE and although it uses SSL/TLS for security, it does not use the browser and hence needs OpenVPN installed on the server and the client.
OpenVPN implements OSI layer 2 or 3 secure network extension using the industry standard SSL/TLS protocol, supports flexible client authentication methods based on certificates, smart cards, and/or 2-factor authentication, and allows user or group-specific access control policies using firewall rules applied to the VPN virtual interface. OpenVPN is not a web application proxy and does not operate through a web browser.
OpenVPN Platforms
OpenVPN runs on Linux, Windows 2000, Windows XP and higher, OpenBSD, FreeBSD, NetBSD, Mac OS X, and Solaris. An OpenVPN PocketPC port is under development.
OpenVPN can easily be built from source for Linux and BSD variants. Building OpenVPN for Windows is more complex, therefore a pre-built installer is available for Windows on the OpenVPN download site.
OpenVPN can be built with
- both the OpenSSL Crypto and SSL libraries (version 0.9.6 or higher required), offering certificate-based authentication, public key encryption, and TLS-based dynamic key exchange,
- only the OpenSSL Crypto library, offering static-key based conventional encryption and authentication
- standalone, with support for unencrypted UDP tunnels.
Primary features of OpenVPN are
- Tunnel any IP subnetwork or virtual ethernet adapter over a single UDP or TCP port
- Configure a scalable, load-balanced VPN server farm using one or more machines which can handle thousands of dynamic connections from incoming VPN clients
- Use all of the encryption, authentication, and certification features of the OpenSSL library to protect your private network traffic as it transits the internet
- Use any cipher, key size, or HMAC digest (for datagram integrity checking) supported by the OpenSSL library
- Choose between static-key based conventional encryption or certificate-based public key encryption
- Use static, pre-shared keys or TLS-based dynamic key exchange
- Use real-time adaptive link compression and traffic-shaping to manage link bandwidth utilization
- Tunnel networks whose public endpoints are dynamic such as DHCP or dial-in clients
- Tunnel networks through connection-oriented stateful firewalls without having to use explicit firewall rules
- Tunnel networks over NAT
- Create secure ethernet bridges using virtual tap devices
- Control OpenVPN using a GUI on Windows or Mac OS X.
OpenVPN is an Open Source project and is licensed under the GPL. Commercial licenses are also available for firms who would like to redistribute OpenVPN with their own proprietary applications. Contact info@openvpn.net for more information.
For more information, examples, HowTos, articles and downloads visit OpenVPN here
1 Comment