Proton VPN のホームページ
ProtonVPN

A VPN protocol is the set of instructions that your VPN app uses to set up, secure, and govern your connection to a VPN server. OpenVPN is a VPN protocol that has no known weaknesses and is effective at bypassing certain online censorship methods. OpenVPN also has the advantage of being supported on a huge range of platforms and devices. 

Closed-source implementations of OpenVPN exist, but there is also a free and open-source Community Edition.

In this article, we take an in-depth look at how OpenVPN works, how it keeps the Proton VPN community secure, and how it compares to other VPN protocols. This article will be most helpful if you already understand how a VPN works.

Learn more about how a VPN works

Initially released in 2001, OpenVPN is beginning to show its age in terms of speed, performance, and efficiency. However, it’s still widely regarded as being secure, a perception strengthened by documents released by NSA whistleblower Edward Snowden in 2013.

Get Proton VPN

These strongly indicated that, as long as you don’t use pre-shared keys(new window), OpenVPN was the only commonly used VPN protocol at the time that the NSA couldn’t crack. WireGuard®, a more recent and secure VPN protocol, hadn’t been developed yet in 2013. Although WireGuard is faster, more lightweight, and more efficient, it cannot match OpenVPN’s battle-tested track record.

OpenVPN pros:

  • Open source
  • Battle-tested security
  • Can run over UDP or TCP
  • Widely supported

OpenVPN cons:

  • Performance can’t currently match that of WireGuard (although work is being done to improve on this)
  • Relatively large and complex code base

Proton VPN supports OpenVPN on all our apps:

  • Windows 
  • macOS
  • Android
  • Android TV (via Smart Protocol)
  • iOS and iPadOS
  • Linux app and CLI
  • Chrome OS

How does OpenVPN keep me secure?

OpenVPN uses several cryptographic technologies to keep your data safe and has no known vulnerabilities. The technologies used by most modern implementations of OpenVPN (including Proton VPN’s) are:

AES

Advanced Encryption Standard (AES) is a symmetric-key cipher used to encrypt and decrypt the data transmitted over your VPN connection. 

It’s certified by the National Institute of Standards and Technology(new window) (NIST) and used by the United States government to secure classified data. AES has a maximum key size of 256 bits (AES-256), with the US government deeming AES-256 sufficient to secure “top secret” information(new window)

When used as part of the OpenVPN encryption suite, AES can be used in AES-CBC (Cipher Block Chaining) or AES-GCM (Galois/Counter Mode) modes. For the purposes of learning how Proton VPN works, you just need to know about AES-GCM

Although equally secure, the more modern AES-GCM is an authenticated encryption with associated data(new window) (AEAD) cipher that can authenticate data in addition to securing it. HMAC SHA (see below) is still required to authenticate the TLS connection, but AES-GCM is more efficient (and therefore faster) at authenticating data than SHA. 

Learn more about AES encryption

RSA

OpenVPN relies on AES to secure your data, but to send it over the VPN connection, OpenVPN applies public-key cryptography(new window). This cryptographic system uses an asymmetric key exchange, where your data is encrypted using your intended recipient’s openly shared public key. This data can then only be decrypted by your recipient’s secret private key, .

Asymmetric-key encryption is effective at sending data secretly across the internet, but it’s  slow compared to symmetric encryption systems such as AES. That’s why it’s primarily used in VPNs to authenticate connections between the VPN client and the VPN server. OpenVPN uses the RSA cryptosystem(new window) for this. 

RSA key lengths can be almost any size, but a 4096-bits key is sufficiently secure without incurring a high computational overhead that is wasteful and slows your connection down. 

DHE

A Diffie–Hellman key exchange(new window) (DHE) can be used to secure the TLS key exchange similarly to RSA, except with the bonus that it also provides forward secrecy(new window). Forward secrecy ensures that new keys are used for each session so that even if one session is somehow compromised, no other sessions are affected. Forward secrecy ensures attackers can’t decrypt historic VPN sessions with a single compromised key.

However, because DHE reuses a limited set of prime numbers, it can be vulnerable to logjam attacks(new window). This problem is far less of a concern if sufficiently large key sizes are used, but using it to secure TLS key exchanges remains controversial.

Because of this, Proton VPN utilizes DHE support in the OpenVPN encryption suite to provide forward secrecy but not to secure the key exchange itself.

HMAC SHA

OpenVPN uses HMAC SHA to validate the TLS certificates used in the TLS key exchange. This protects against man-in-the-middle attacks. 

The SHA family(new window) of cryptographic hash functions(new window) is used to authenticate data. When these complex mathematical functions are performed on a set of data, it creates a unique fingerprint. If just one bit of that data changes, the SHA fingerprint also changes. 

SHA-1 (a 160-bit hash function) is known to be vulnerable to collision attacks(new window), but SHA-2 is still considered secure. Even more importantly, OpenVPN only uses SHA to calculate hash message authentication code(new window) (HMAC) values anyway. These are much harder to attack than the SHA algorithm on its own, to the point where even SHA-1 is still considered secure enough for HMAC(new window)

Open VPN channels

OpenVPN uses two separate channels to securely transfer data between your device and the VPN server.

An overview of how OpenVPN works

The data channel

Before sending your data through the VPN tunnel, OpenVPN encrypts it with a symmetric-key cipher. 

Proton VPN uses up to AES-256 in GCM mode to verify the data.

The control channel

Once the data is encrypted, it can be sent through the VPN tunnel. The control channel establishes a TLS connection between the VPN client and VPN server. This is secured using a symmetric-key cipher but with an asymmetric key exchange.

Proton VPN uses up to AES-256-GCM for its symmetric cipher, with RSA-4096 and HMAC SHA-384 hash authentication to verify the TLS certificates. The encryption suite we use also includes a Diffie-Hellman key agreement (DHE) to provide forward secrecy.

Can OpenVPN defeat VPN censorship?

One of the big advantages of OpenVPN is that it can run over both the UDP and TCP transmission protocols, which are the two main protocols that handle how data is sent across the internet. UDP is faster, while TCP is more reliable, but the main advantage of this flexibility is that TCP is useful for defeating censorship by governments and other organizations.

Learn more about the difference between UDP and TCP

TCP port 443 is used by HTTPS(new window), the encryption standard that secures the web. This makes it difficult to block OpenVPN when it’s run over TCP port 443 without blocking all HTTPS traffic, making OpenVPN useful for bypassing low-level VPN blocks. 

However, more advanced forms of deep packet inspection can easily spot the difference between HTTPS and VPN packets.

Learn more about deep packet inspection

Has OpenVPN been audited?

Following a crowdfunding campaign, OpenVPN 2.4 was independently audited(new window) by OSTIF and QuarksLab in 2016. The results were very positive, and the only critical/high vulnerability discovered concerned susceptibility to a denial of service and did not impact the security of users. This issue was also quickly fixed. 

However, 2016 is quite some time ago now, and OpenVPN 2.6.1 is the latest release at the time of writing.

OpenVPN vs. WireGuard

The newer WireGuard protocol is secure, fast, and efficient, which is why Proton VPN now uses it as our default VPN protocol. OpenVPN’s ability to run over TCP remains an advantage over vanilla WireGuard, but Proton VPN has now developed an implementation of WireGuard that also runs over TCP. 

Learn more about WireGuard

WireGuard also forms the basis of our Stealth obfuscation protocol, which is much more effective at evading censorship blocks than running OpenVPN over TCP. 

Learn more about Stealth

The fact that OpenVPN’s security remains more battle-tested than WireGuard’s may still appeal to some, but there are few reasons to choose it over WireGuard unless your current device doesn’t support WireGuard. 

Final thoughts

For many years, OpenVPN was effectively the default VPN protocol, and because of this, it remains very well supported on routers and other internet-capable devices. It is still highly secure but offers few advantages over the more state-of-the-art WireGuard (especially Proton VPN’s custom implementations of the newer protocol). 

Related articles

A lock with the colors of the Dutch flag
en
We ran a survey in the Netherlands and found that 51% of Dutch adults are worried about their online privacy. See the rest of the results.
s AliExpress reliable?
en
  • Privacy basics
Chinese shopping platform AliExpress is undoubtedly cheap. But is it also safe and reliable, or you are likely to get scammed?
How to fix a 502 error
en
In this article, we explain what a 502 bad gateway error is and explore possible ways to fix it as a visitor to a website.
Watch Thanksgiving Day football with Proton VPN
en
Here's how you can live stream this year's Thanksgiving football games using Proton VPN, whether you're watching from home or abroad.
Where to watch Macy's Thanksgiving day parade
en
Here's how and where to watch Macy's Thanksgiving Day Parade live from anywhere in the world with Proton VPN.
What we've been up to, and what's next
en
Here are the main things Proton VPN delivered this spring and summer and the exciting changes that lie ahead on our product roadmap this winter.