OpenVPN provides a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls.
Starting with the fundamental premise that intricacy is the enemy of security, OpenVPN offers a cost-efficacious, lightweight alternative to other VPN technologies that is well-targeted for the SME and enterprise markets. OpenVPN’s lightweight design sheds many of the intricacies that characterize other VPN implementations. The OpenVPN security model is predicated on SSL, the industry standard for secure communications via the cyber world.
OpenVPN implements OSI layer 2 or 3 secure network extension utilizing the SSL/TLS protocol, fortifies flexible client authentication methods predicated on certificates, perspicacious cards, and/or 2-factor authentication, and sanctions user or group-concrete access control policies utilizing firewall rules applied to the VPN virtual interface. OpenVPN is not a web application proxy and does not operate through a web browser.
Compatible with various devices out there
OpenVPN’s principal strengths include cross-platform portability across most of the kenned computing universe, excellent stability, scalability to hundreds or thousands of clients, relatively facile installation, and support for dynamic IP addresses and NAT.
OpenVPN provides an extensible VPN framework which has been designed to facilitate site-concrete customization, such as providing the capability to distribute a customized installation package to clients or fortifying alternative authentication methods via OpenVPN’s plugin module interface.
OpenVPN offers a management interface which can be acclimated to remotely control or centrally manage an OpenVPN daemon. The management interface can withal be acclimated to develop a GUI or the web-predicated front-end application for OpenVPN.
- Tunnel any IP subnetwork or virtual ethernet adapter over a single UDP or TCP port, configure a scalable, load-balanced VPN server farm using one or more machines which can handle thousands of dynamic connections from incoming VPN clients.
- Use all of the encryption, authentication, and certification features of the OpenSSL library to protect your private network traffic as it transits the internet.
- Use any cipher, key size, or HMAC digest (for datagram integrity checking) supported by the OpenSSL library.
- Choose between static-key based conventional encryption or certificate-based public key encryption.
- Use static, pre-shared keys or TLS-based dynamic key exchange.
- Use real-time adaptive link compression and traffic-shaping to manage link bandwidth utilization.
- Tunnel networks whose public endpoints are dynamic such as DHCP or dial-in clients.
- Tunnel networks through connection-oriented stateful firewalls without having to use explicit firewall rules.
- Tunnel networks over NAT
- Create secure ethernet bridges using virtual tap devices.
- control OpenVPN using a GUI
Using revolutionary connection technologies
TLS is the latest evolution of the SSL family of protocols developed pristinely by Netscape for their first secure web browser. TLS and its SSL predecessors have optically discerned widespread utilization on the web for many years and have been extensively analyzed for impotencies.
In turn, this analysis has led to a subsequent invigorating of the protocol such that today, SSL/TLS is considered to be one of the most vigorous and most mature secure protocols available. As such, we believe TLS is an excellent cull for the authentication and key exchange mechanism of a VPN product.
The bottom line is that OpenVPN is built for portability, is facile to utilize, has been rigorously designed and tested to operate robustly on unreliable networks with a vigorously modular design. Moreover, OpenVPN is expeditious and while OpenVPN provides many options for controlling the security parameters of the VPN tunnel, it additionally provides options for forfending the security of the server itself.