What OpenVPN is

Lately I've been quite active on OpenVPN Technologies Incorporated's IRC helpdesk channel and have been working with these guys on documentation for OpenVPN, and I've seen plenty of people come in and ask what OpenVPN is and what it does. There is not an easy answer because the core technology in OpenVPN is used by many software products and companies, so there are a lot of different branches of development and many use cases.

Generally speaking though, OpenVPN is an open-source project that enables secure encrypted communication between computers over a (public) network such as the internet. VPN stands for Virtual Private Network. This allows you to create a 'tunnel' through the internet from point A to point B through which network traffic can travel safely. As soon as information enters the tunnel at point A, it is encrypted in a secure way. While it is travelling through this tunnel the information is garbled and unreadable to anyone trying to listen in on what goes through. This is important since many VPN tunnels go through the internet, a public network. When it comes out at endpoint B, the information is decrypted and perfectly readable again. Encryption is one aspect of what OpenVPN does. The other aspect is that OpenVPN allows you to connect networks that are in different geographical locations. For example, you could have a company in California with a couple of computers and a server with important documents on it that the employees work on. Let's say your company expands and you open up a branch in The Netherlands and you place a couple of computers there as well. If you want to access those important documents on the server in California from a computer in The Netherlands, a VPN connection from The Netherlands branch office to the head office in California can make this possible in a secure and easy way. Basically, OpenVPN can connect the network of computers in The Netherlands to the network of computers in California so you can exchange information. This can work both directions, or just in one direction, depending on what you need. Other configurations are also possible.


Example of a use-case: securely access files at the office from home

As I've just mentioned one of the more common use-cases is to create an encrypted tunnel from one computer to another, over the internet. Why is this useful? Well, imagine that you want to work from home and access files at the office. With OpenVPN you can have a server with OpenVPN server software at the office waiting for you to connect with your OpenVPN client software. If provided with the agreed upon security codes, an encrypted tunnel is created between your home computer and the office server. You can now access files that are on that server. If you set up a few more settings on the server, it can even pass traffic on to the rest of the office network so your computer at home can access other devices on your office network, like file servers, computers and printers. In a way, your home computer becomes part of the network at the office. All the traffic that travels through the tunnel over the internet between home and the office is encrypted so even if somehow someone intercepts the traffic, it's unreadable to them.

The best solution for this that I've found isĀ OpenVPN Access Server. This is free-for-use with up to 2 concurrent connections. If more concurrent connections are required, very reasonably priced (cheap!) licenses can be purchased and added to the server.


Another example: connecting two networks to eachother

If for example you're an IT guy and you need to find a way to securely connect two networks together - like for example an office network in California, USA and an office network in Amsterdam, The Netherlands - then an excellent way to do this is to setup a VPN server in one location, and a VPN client at the other location. The client initiates the connection to the server and so a secure VPN tunnel is created over the internet. Once connected, both sides can be configured to pass traffic on to their respective networks and so form a link between the 2 networks. If a user in California wants to access a file or a device in the Amsterdam network, the 2 computers running OpenVPN software will communicate this request between the two networks, and the user gets access. This process works in both directions.

The best solution for this that I've found is OpenVPN Access Server. This is free-for-use with up to 2 concurrent connections. If more concurrent connections are required, very reasonably priced (cheap!) licenses can be purchased and added to the server.


One more example: anonymizing your internet traffic

There are VPN services on the internet that run VPN servers for you to use. They usually require you to pay a small amount of money for this service. Why is this useful? In a normal situation, without a VPN connection, every website you visit on the internet can see your IP address. An IP address is kind of like a telephone number that uniquely identifies your internet connection. Although this is extremely oversimplified, this explanation will do for now. So whenever you 'call' a website like 'google.com', it can see your number. If you don't want to announce your IP address to every website you visit, you can use a VPN service. The idea is that you connect to one of those VPN servers, and all your internet traffic travels through an encrypted tunnel to that VPN server. Now when you visit a website, it sees the IP address of the VPN server and not your IP address. Now websites that do targeted advertising campaigns based on where you've been will have one less method of tracking you. For people that live in an area where access to certain websites is restricted this also bypasses those restrictions. And there are VPN servers with IP addresses based in certain countries so you can access material restricted to that specific geographical location.

The best service provider for this that I've found is PrivateTunnel.com. It comes with a free test-trial so you can see if the solution works for you, and if you like it, you can buy bandwidth packages so you can continue to use it. This service is run by the company behind OpenVPN Access Server and uses Access Server software.