openvpn hero image

The Independent’s journalism is supported by our readers. When you purchase through links on our site, we may earn commission. Why trust us?

OpenVPN explained: Best features, use-cases and a WireGuard comparison

OpenVPN offers a powerful blend of security, compatibility and adaptability, making it an integral part of some of the best VPNs (virtual private networks) services and privacy-centric architectures. This protocol serves as a foundation for numerous applications, including secure remote access, encrypted Internet of Things (IoT) communications and versatile content filtering. 

This article offers a thorough exploration of OpenVPN’s features, benefits and applications. We also examine how OpenVPN compares to the up-and-coming WireGuard protocol. 

We’ll discuss the key strengths and weaknesses of both protocols in detail to help you acquire a comprehensive understanding of these tools. This will allow you to make an informed decision when it comes to choosing a VPN solution that best fits your unique needs. 

Let’s start by defining OpenVPN.

What is OpenVPN?

OpenVPN is an open-source VPN protocol known for its robust security and high configuration level. Its dual nature as both a protocol and software makes it a versatile tool in internet security. 

As a protocol, OpenVPN enforces strict rules and procedures to ensure a secure and private connection over the internet. It’s also a software application that allows users to create and manage VPN servers or networks.

Underlying technology and encryption

OpenVPN utilises OpenSSL – a reputable, open-source software library – to ensure stringent data security during transmission. OpenSSL, which supports Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, provides OpenVPN with a reliable framework for encrypting and decrypting data. OpenVPN implements advanced 256-bit encryption cyphers to ensure that the data, once encrypted, becomes unreadable. This way, the protocol provides a powerful defence against potential data breaches.

Key features of OpenVPN

OpenVPN’s prominent features revolve around its security, performance and transmission modes. While it’s acknowledged for its superior security measures, OpenVPN’s performance can be let down by its server-side complexities. However, this minor downside doesn’t detract from its functionality.

OpenVPN provides two modes of data transmission: User Datagram Protocol (UDP) for faster but less reliable transmission and Transmission Control Protocol (TCP) for slower but more reliable data delivery.

Beyond these, OpenVPN offers additional capabilities such as:

  • Support for Internet Protocol (IP) subnetworks 
  • Virtual ethernet adapters 
  • Adaptive link compression 
  • Traffic shaping 
  • The ability to traverse firewalls securely

It allows users to choose between static-key-based conventional encryption or more secure certificate-based public key encryption, thus adding another layer to its security features.

Cross-platform availability

OpenVPN is available across all platforms, whether it’s a Windows or macOS desktop or laptop, an Android smartphone or an iOS device. This versatility enhances its appeal among users seeking a secure, reliable and flexible VPN solution for their varied needs.

Use cases for OpenVPN

OpenVPN offers a comprehensive approach to address various security challenges and scenarios, including:

  • Enhancing secure remote access: facilitating secure, encrypted access across major operating systems for every device
  • Safeguarding IoT communications: providing secure, encrypted connections for IoT devices, both within and outside of your network
  • Protecting access to software as a service (SaaS): providing an additional layer of security to control access to SaaS applications
  • Facilitating site-to-site networking: securely connecting multiple business networks through encrypted tunnels
  • Enforcing zero trust network access (ZTNA): making it simple to enforce ZTNA as part of your business’s security strategy
  • Cyber threat protection and content filtering: helping to mitigate the risk of online attacks no matter how you connect to the internet
  • Restricting internet access: allowing organisations to control access to internal and external applications

Let’s discuss the three primary use cases of OpenVPN.

Using OpenVPN for secure remote access

Remote and hybrid work arrangements have become the new normal. However, they introduce security challenges when accessing corporate networks and third-party cloud services. Broad support and security for all cloud-based applications are required, alongside scalable, reliable access to private company resources.

OpenVPN’s Access Server (which protects access to data or a resource) addresses these challenges by offering robust features, such as traffic balancing, private traffic tunnelling and flexible access control. The solution supports every device with advanced authentication methods, including Security Assertion Markup Language (SAML), Remote Authentication Dial-in User Service (RADIUS), Lightweight Directory Access Protocol (LDAP) and Active Directory, plus two-factor authentication (2FA).

The implementation of OpenVPN’s Access Server leads to optimised routing and scalability, enhanced internet security levels and integration with various security solutions. The service ensures users can only access the resources they need, reducing network bandwidth load and facilitating safe and secure remote access.

Using OpenVPN for site-to-site connections

Securely connecting distributed network locations without purchasing expensive hardware or complicating setup and management can be difficult. It’s essential to enable secure access across home offices, branch locations and private cloud networks.

OpenVPN allows you to establish secure site-to-site connections while managing users, permissions, subnets and connections effectively. It eliminates single points of failure and provides a reliable connection across distributed networks. It also facilitates easy connection between OpenVPN-compatible routers at remote offices and your corporate network.

With Access Server, users get secure distributed networks and economical, software-defined security. It facilitates both local and global connections, providing reliable and secure access control.

Secure communication with OpenVPN

Every  Internet of Things (IoT) device connected increases data loss and network security vulnerabilities. It’s therefore crucial to:

  • Establish a secure connectivity across the IoT environment
  • Protect against cyberattacks
  • Ensure IoT device interoperability
  • Verify IoT device authenticity

Access Server creates a secure virtual network protecting all IoT device traffic. It facilitates:

  • Encrypted virtual networks
  • Auto-login credentials for unattended devices
  • Secure connection methods for devices running on different operating systems
  • Restricted device access through media access control (MAC) address whitelisting

The implementation of OpenVPN’s Access Server ensures easy setup with compatible routers, solutions for overlapping IP subnets, isolated secure IoT networks and persistent IP addresses.

OpenVPN’s versatility and flexibility make it a useful tool for businesses, individuals and organisations aiming to enhance their cybersecurity. OpenVPN adapts to growth, supports a diverse array of applications and prioritises both network security and user experience. 

OpenVPN Connect and Tunnelblick

OpenVPN Connect and Tunnelblick are widely used client software applications for the OpenVPN protocol. The two solutions are designed to work on a wide variety of devices and operating systems.

Setting up OpenVPN Connect and Tunnelblick

How to set up OpenVPN Connect

To set up and use OpenVPN Connect, start by downloading and installing the software from the official OpenVPN website. Then take the following steps:

  • Agree to the End-User Licence Agreement during the installation process 
  • After installing the software, obtain an .OVPN profile from your chosen VPN provider for server configuration
  • Within OpenVPN, import this .OVPN file and then connect to the VPN 
  • Enter your VPN credentials, which can usually be found on your VPN provider’s dashboard. You might need to verify your account through email before successfully connecting 

Once the connection is established, you can enjoy a secure browsing experience.

How to set up Tunnelblick

To set up and use Tunnelblick, ensure that your system operates with macOS or OS X Lion 10.7.5 or higher and an Intel processor. Follow this step-by-step guide:

  • Download the Tunnelblick software and launch the installation process 
  • Upon first launch, Tunnelblick will request root privileges to modify specific parts of the application for security and to install a system daemon 
  • Next, create a VPN configuration. This can be a Tunnelblick VPN configuration or an OpenVPN configuration file. If you have the latter, convert it to a Tunnelblick VPN configuration by dragging and dropping it onto the Tunnelblick icon 
  • After creating and installing the configuration, select “Set nameserver” in the DNS & WINS settings if you want to use Domain Name System (DNS) and Windows Internet Name Service (WINS) servers at the other end of the tunnel. If not, select “Do not set nameserver” 
  • To connect, click on the Tunnelblick icon in the menu bar and select “Connect” 

Remember to keep your software updated to avoid security risks and optimise functionality.

Features and compatibility

OpenVPN Connect offers powerful encryption, including AES-256 and Blowfish, ensuring top-level data security. OpenVPN Connect also offers robust authentication mechanisms, compatibility with multiple platforms (Windows, Linux, macOS, Android and iOS) and the ability to navigate network address translation (NAT) gateways and firewalls. It also allows for protocol flexibility, giving users the option to switch between UDP for speed and TCP for security.

Tunnelblick, in contrast, is a macOS-specific application that provides a graphical user interface (GUI) for OpenVPN. It’s an easy-to-use tool that includes all necessary binaries and drivers for an OpenVPN connection on a Mac. It comes as a ready-to-use application, meaning that no additional installation is necessary beyond adding your configuration and encryption information. Tunnelblick also offers a “deployed” version: a customised version of the program that includes everything you need to connect to a VPN.

OpenVPN Cloud

OpenVPN Cloud is a cloud-based VPN solution designed to streamline the process of setting up and managing a private network. As part of the OpenVPN family, OpenVPN Cloud takes a service-oriented approach, eliminating the need for businesses to set up and manage their own VPN servers.

The solution integrates several Secure Access Service Edge (SASE) features, including firewall-as-a-service, intrusion detection and prevention systems, DNS-based content filtering and ZTNA. 

Benefits of OpenVPN Cloud

OpenVPN Cloud brings various benefits:

  • Simplicity: the streamlined deployment reduces complexities associated with VPN installation and configuration, thus saving time and resources. OpenVPN also simplifies data networking by handling IP address routing and private address management
  • Scalability: OpenVPN accommodates growth effortlessly as your business expands. It can swiftly scale up to meet the demands of increased traffic or scale down when needs decrease 
  • Centralised management: OpenVPN Cloud allows administrators to control and monitor VPN usage from a unified dashboard. This enhances the efficiency of network management and facilitates timely decision-making based on real-time data
  • Comprehensive application access: it supports all TCP and UDP application protocols, providing web and non-web application access
  • Internet access control: the technology enables internet traffic routing via customer-owned gateways, making it easier to enforce corporate internet policies
  • Built-in security features: the service comes with built-in security functions, offering protection from cyberthreats and eliminating the need for additional security appliances
  • All-in-one solution: it offers a secure, distributed private cloud across global points of presence with the essentials needed for ZTNA, SASE and site-to-site networking
  • Protection against denial-of-service (DoS) attacks: it handles all inbound connections through the OpenVPN cloud, providing added protection against potential DoS attacks

Use cases of OpenVPN Cloud

OpenVPN Cloud offers robust solutions to address diverse security needs, including securing private infrastructure as a service (IaaS) access, enforcing zero trust policies and protecting SaaS applications. It facilitates secure remote access across devices, safeguards IoT communications and supports site-to-site networking, all while providing cyber threat protection. 

This versatile platform empowers organisations to control internal and external application access, delivering heightened security for IoT through encrypted connections to a private network service. 

Here are three primary use cases of OpenVPN Cloud.

Securing SaaS applications

Businesses of all sizes are becoming increasingly reliant on a broad range of cloud-based services. OpenVPN Cloud addresses the challenges of ensuring authorised access to these SaaS applications, enforcing granular access control and optimising bandwidth usage. 

By utilising OpenVPN Cloud, businesses can specifically route SaaS domains through secure tunnels, configure role-based access and authenticate users with multi-factor authentication. The results include enhanced role-based security, easy secure single sign-on and precise access control. 

Enforcing ZTNA

OpenVPN Cloud allows the implementation of identity-driven authentication policies, resource isolation and strong authentication on every connection. This prevents unauthorised lateral movement within the network. 

Securing private IaaS access

Access to IaaS providers’ offerings can expose businesses to potential breaches. OpenVPN Cloud extends the reach of platform as a service (PaaS) services for private access. Thus, it ensures secure connectivity to these services, whether from on-premises data centres, different IaaS environments or directly to end-users. Features such as DNS server utilisation, accurate route determination and granular access controls ensure a minimised attack surface, accurate routing and a robust security posture.

WireGuard vs OpenVPN

WireGuard, as a relatively newer protocol, offers a fresh take on VPN tunnelling. It uses UDP for data transmission, making it fast and efficient for VPNs and regular data traffic. Its simplicity is a testament to its modern design. WireGuard operates in the transport layer of the network stack and relies on TUN drivers for effective traffic routing, encryption and logic execution, such as split tunnelling.

The OpenVPN protocol, however, has been a reliable choice for VPN users. It offers the flexibility of using UDP or TCP for data transmission, which can be important for stable connections. OpenVPN is widely used for its robust security features, despite the availability of newer and lighter options. Its popularity is due to its obfuscated VPN server protocol and widespread router support.

WireGuard vs OpenVPN: Which is better?

Let’s compare the two protocols in terms of performance, security and ease of use, which will help you to decide the more appropriate option.

Speed performance 

To compare the two VPN protocols, our researchers performed an Ookla speed test on both WireGuard and OpenVPN protocols using PureVPN. The following images illustrate OpenVPN vs WireGuard speed performance.

wireguard vs openvpn test
Speed test without a VPN connection determining the baseline against which the speeds of the two VPN protocols are compared (Ookla)

The established baseline was a 375.88Mbps download speed and 230.47Mbps upload speed. Against these, the two VPN protocols are measured.

wireguard openvpn test
Download and upload speeds of WireGuard (Ookla)

With OpenVPN, the two possible protocol variants (UDP and TCP) are tested. Note that the distinguishing feature between TCP and UDP lies in their modes of connection. 

UDP functions as a connectionless protocol, which means it doesn’t require establishing a virtual circuit prior to the data transmission. It simply dispatches the data packets without checking the right sequence and integrity, significantly reducing latency and bandwidth overhead. While less reliable, UDP facilitates faster data transmission, which is seen in the speed test results:

wireguard openvpn test
Download and upload speeds of OpenVPN using UDP (Ookla)

In comparison, TCP operates on a connection-based system, which means that large data sets are broken into packets. Upon receiving, the protocol will check for any lost packets and resend them, ensuring the correct sequence and integrity of the received data. This makes TCP more reliable yet slower in data transfer:

openvpn wireguard test
Download and upload speeds of OpenVPN using TCP (Ookla)

The following table summarises the results:

Baseline (no VPN)WireGuardOpenVPN UDPOpenVPN TCP
Download speed (Mbps)375.88214.14177.2583.62
Upload speed (Mbps)230.4719.5329.622.74

WireGuard retains 57 per cent of the baseline download speed, while OpenVPN is considerably slower – even with the faster UDP option. As per our speed test results, when considering download speed, WireGuard is quicker than OpenVPN when used with UDP and TCP by 21 per cent and 156 per cent, respectively. When we examined the recorded upload speeds, however, the two VPN protocols displayed closer results.

WireGuard surpasses OpenVPN in terms of efficiency, consistently providing unparalleled, top-notch speeds due to its relative simplicity and fewer add-ons compared to OpenVPN. This indicates the advantages resulting from WireGuard’s more condensed codebase.

Security

Our researchers established that when properly configured, OpenVPN offers robust security with no related security vulnerabilities. Its code is endorsed by numerous cybersecurity specialists. It has undergone several audits, and the few minor security issues found were fixed immediately to ensure ultimate VPN security.

Similarly, no security issues associated with WireGuard were identified. It boasts an advanced, rapid cryptographic system, and its lean codebase simplifies and accelerates the audit procedure. Moreover, any instance of weak or compromised cypher or algorithm causes all endpoints to update, hence safeguarding against the usage of the flawed code.

As a result, we can safely conclude that both protocols have no known security shortcomings. 

Ease of use

When considering ease of use, especially with frequent network changes – as in the case of alternating between wifi and mobile data – WireGuard outperforms OpenVPN. WireGuard efficiently handles these transitions, providing a seamless user experience. In contrast, OpenVPN has difficulties with consistent network shifts, leading to potential interruptions.

Therefore, for individuals frequently switching networks, WireGuard’s superior adaptability and user-friendly interface make it the preferred choice over OpenVPN. Moreover, WireGuard offers faster connections and more robust privacy protections than IKEv2/IPSec, which is generally adopted by VPN providers for mobile usage.

Compatibility 

OpenVPN undeniably holds the edge when it comes to compatibility with diverse platforms. It supports a wide array of operating systems, including well-known ones and lesser-known ones, such as QNX, Solaris, Maemo, FreeBSD and ChromeOS.

In comparison, WireGuard primarily caters to major platforms, including iOS, Android, Windows and Linux. Though its supported device list is currently shorter, it’s anticipated to expand over time.

To summarise, OpenVPN stands out with its extensive platform support and outperforms WireGuard in this respect.

WireGuard vs OpenVPN: Strengths and weaknesses

Let’s look at the advantages and drawbacks of the two VPN protocols, which are summarised in the table below:

ProtocolStrengthsWeaknesses
WireGuardFast (speedier data transfer) Streamlined codebase (ease of auditing) Modern encryptionNewer; has undergone fewer security audits Less widespread adoption Fewer operating systems and less router compatibility
OpenVPNHighly configurable encryption Broad compatibility (many operating systems and routers) Proven reliabilitySlower speed Larger codebase (more difficult auditing) Potential for weaker encryption if configured improperly

The benefits of WireGuard have been recognised by cybersecurity experts globally, and the protocol has already been adopted by many top-notch VPN services. However, it is still in its initial stages, and unexpected issues may potentially surface. 

Therefore, it’s currently recommended to utilise both WireGuard and OpenVPN, maximising their individual strengths while mitigating their respective weaknesses. For example, Surfshark VPN and PureVPN have recently incorporated WireGuard into their software for Windows and Android (along with OpenVPN). Other VPN services, such as NordVPN, have developed their proprietary protocols based on WireGuard.

Final takeaways

We’ve highlighted OpenVPN’s exceptional security features, versatile transmission modes and broad compatibility across multiple platforms. As an open-source VPN protocol, it’s a highly secure, reliable and adaptable solution suitable for various use cases. These include: 

  • Secure remote access 
  • Safeguarding communications
  • Site-to-site networking

The OpenVPN Access Server and Cloud service provide extensive features and benefits, including traffic balancing, advanced authentication methods and centralised management.

WireGuard is another, newer VPN protocol option, which brings a fresh approach to VPN tunnelling. With its smaller codebase and fewer add-ons, it ensures efficient and quick data transmission, outperforming OpenVPN in terms of speed. It also handles network changes more smoothly than OpenVPN. 

Although both protocols offer outstanding security features with no identifiable security vulnerabilities, OpenVPN supports an extensive range of platforms. Therefore, while WireGuard’s speed and ease of use offer compelling benefits, OpenVPN remains a robust and reliable choice due to its proven track record and broad compatibility. 

It’s advisable to consider both protocols, capitalising on their individual strengths in line with your specific needs and contexts. With advancements in technology, we can expect the landscape of VPN protocols to continue evolving, offering users even more secure and efficient options for data protection and privacy.

Frequently asked questions

OpenVPN acts as a secure “tunnel” between the VPN client and server, utilising the OpenSSL library for encryption and authentication. It can use UDP or TCP for data transmission, switching to TCP if UDP connections fail.

Yes, OpenVPN is highly secure, provided it’s set up with security in mind. Its open-source nature allows continuous audits and improvements and supports strong, up-to-date cyphers. OpenVPN’s robust encryption ensures top-level online privacy. Despite newer protocols emerging, OpenVPN remains a leading choice for secure VPNs.

Yes, OpenVPN can bypass most firewalls by tunnelling networks and IP subnetworks over a single UDP or TCP port.

Yes, OpenVPN does work on mobile devices. The OpenVPN Connect app is available on the Google Play Store for Android and the Apple App Store for iOS devices. This application allows the use of one active VPN tunnel at a time and can remember multiple servers. However, only one server can be active at a time.

Round up of today’s best VPN deals
NordVPN 2 year £2.49 /Month
£2.49 /Month
Surfshark 24 month £1.69 /Month
£1.69 /Month
ExpressVPN 12 month £6.80 /Month
£6.80 /Month
CyberGhost 2 year £1.92 /Month
£1.92 /Month
Proton 2 year £3.85 /Month
£3.85 /Month
PIA 2 year £1.69 /Month
£1.69 /Month
Atlas 2 year £1.34 /Month
£1.34 /Month
PrivadoVPN 2 year £1.48 /Month
£1.48 /Month
Windscribe 12 month £4.54 /Month
£4.54 /Month
IPVanish 2 year £2.09 /Month
£2.09 /Month

Mariana Krasteva

Writer/VPN tester

Mariana is an experienced technology writer specialising in web and internet technology. She writes about cyber security, including VPNs; web development; and software engineering. She has been writing since 2006 and held a position of English lecturer at Technical University of Varna in Bulgaria until 2022, working in a variety of educational fields.

For the Independent Advisor, Mariana writes about the usefulness of VPNs and how people can protect themselves and their data online, as well as contributing heavily to the testing process. 

Nick Jones

Editor in Chief

Nick Jones is a highly experienced consumer journalist and editor, who has been writing and producing content for print and online media for over 25 years.

He has worked at some of the UK’s leading publishers including Future Publishing, Highbury Entertainment, and Imagine Publishing, with publications as diverse as Homebuilding & Renovating, TechRadar, and Creative Bloq, writing and editing content for audiences whose interests include history, computing, gaming, films, and science. He’s also produced a number of podcasts in the technology, science, gaming, and true crime genres.

Nick has also enjoyed a highly successful career in content marketing, working in a variety of topics such as health, technology, and finance, with market-leading global companies including Cisco, Pfizer, Santander, and Virgin Media.

Now the Editor-in-Chief of the Independent Advisor, Nick is involved in all aspects of the site’s content, where his expertise in finance, technology, and home products informs every article that’s published on-site. He takes a hands-on approach with our VPN content, penning a number of the articles himself, and verifying that everything we publish in this topic is accurate.

Whatever the area of interest he’s worked in, Nick has always been a consumer champion, helping people find the best deals and give them the information they need to make an informed buying decision.