A VPN protocol is the set of instructions that your VPN app uses to set up, secure, and govern your connection to a VPN server. OpenVPN is a VPN protocol that has no known weaknesses and is effective at bypassing certain online censorship methods. OpenVPN also has the advantage of being supported on a huge range of platforms and devices.
Closed-source implementations of OpenVPN exist, but there is also a free and open-source Community Edition.
In this article, we take an in-depth look at how OpenVPN works, how it keeps the Proton VPN community secure, and how it compares to other VPN protocols. This article will be most helpful if you already understand how a VPN works.
- How does OpenVPN keep me secure?
- Open VPN channels
- Can OpenVPN defeat VPN censorship?
- Has OpenVPN been audited?
- OpenVPN vs. WireGuard
Initially released in 2001, OpenVPN is beginning to show its age in terms of speed, performance, and efficiency. However, it’s still widely regarded as being secure, a perception strengthened by documents released by NSA whistleblower Edward Snowden in 2013.
These strongly indicated that, as long as you don’t use pre-shared keys, OpenVPN was the only commonly used VPN protocol at the time that the NSA couldn’t crack. WireGuard®, a more recent and secure VPN protocol, hadn’t been developed yet in 2013. Although WireGuard is faster, more lightweight, and more efficient, it cannot match OpenVPN’s battle-tested track record.
- Open source
- Battle-tested security
- Can run over UDP or TCP
- Widely supported
- Performance can’t currently match that of WireGuard (although work is being done to improve on this)
- Relatively large and complex code base
Proton VPN supports OpenVPN on all our apps:
- Android TV (via Smart Protocol)
- iOS and iPadOS
- Linux app and CLI
- Chrome OS
How does OpenVPN keep me secure?
OpenVPN uses several cryptographic technologies to keep your data safe and has no known vulnerabilities. The technologies used by most modern implementations of OpenVPN (including Proton VPN’s) are:
Advanced Encryption Standard (AES) is a symmetric-key cipher used to encrypt and decrypt the data transmitted over your VPN connection.
It’s certified by the National Institute of Standards and Technology (NIST) and used by the United States government to secure classified data. AES has a maximum key size of 256 bits (AES-256), with the US government deeming AES-256 sufficient to secure “top secret” information.
When used as part of the OpenVPN encryption suite, AES can be used in AES-CBC (Cipher Block Chaining) or AES-GCM (Galois/Counter Mode) modes. For the purposes of learning how Proton VPN works, you just need to know about AES-GCM
Although equally secure, the more modern AES-GCM is an authenticated encryption with associated data (AEAD) cipher that can authenticate data in addition to securing it. HMAC SHA (see below) is still required to authenticate the TLS connection, but AES-GCM is more efficient (and therefore faster) at authenticating data than SHA.
OpenVPN relies on AES to secure your data, but to send it over the VPN connection, OpenVPN applies public-key cryptography. This cryptographic system uses an asymmetric key exchange, where your data is encrypted using your intended recipient’s openly shared public key. This data can then only be decrypted by your recipient’s secret private key, .
Asymmetric-key encryption is effective at sending data secretly across the internet, but it’s slow compared to symmetric encryption systems such as AES. That’s why it’s primarily used in VPNs to authenticate connections between the VPN client and the VPN server. OpenVPN uses the RSA cryptosystem for this.
RSA key lengths can be almost any size, but a 4096-bits key is sufficiently secure without incurring a high computational overhead that is wasteful and slows your connection down.
A Diffie–Hellman key exchange (DHE) can be used to secure the TLS key exchange similarly to RSA, except with the bonus that it also provides forward secrecy. Forward secrecy ensures that new keys are used for each session so that even if one session is somehow compromised, no other sessions are affected. Forward secrecy ensures attackers can’t decrypt historic VPN sessions with a single compromised key.
However, because DHE reuses a limited set of prime numbers, it can be vulnerable to logjam attacks. This problem is far less of a concern if sufficiently large key sizes are used, but using it to secure TLS key exchanges remains controversial.
Because of this, Proton VPN utilizes DHE support in the OpenVPN encryption suite to provide forward secrecy but not to secure the key exchange itself.
OpenVPN uses HMAC SHA to validate the TLS certificates used in the TLS key exchange. This protects against man-in-the-middle attacks.
The SHA family of cryptographic hash functions is used to authenticate data. When these complex mathematical functions are performed on a set of data, it creates a unique fingerprint. If just one bit of that data changes, the SHA fingerprint also changes.
SHA-1 (a 160-bit hash function) is known to be vulnerable to collision attacks, but SHA-2 is still considered secure. Even more importantly, OpenVPN only uses SHA to calculate hash message authentication code (HMAC) values anyway. These are much harder to attack than the SHA algorithm on its own, to the point where even SHA-1 is still considered secure enough for HMAC.
Open VPN channels
OpenVPN uses two separate channels to securely transfer data between your device and the VPN server.
The data channel
Before sending your data through the VPN tunnel, OpenVPN encrypts it with a symmetric-key cipher.
Proton VPN uses up to AES-256 in GCM mode to verify the data.
The control channel
Once the data is encrypted, it can be sent through the VPN tunnel. The control channel establishes a TLS connection between the VPN client and VPN server. This is secured using a symmetric-key cipher but with an asymmetric key exchange.
Proton VPN uses up to AES-256-GCM for its symmetric cipher, with RSA-4096 and HMAC SHA-384 hash authentication to verify the TLS certificates. The encryption suite we use also includes a Diffie-Hellman key agreement (DHE) to provide forward secrecy.
Can OpenVPN defeat VPN censorship?
One of the big advantages of OpenVPN is that it can run over both the UDP and TCP transmission protocols, which are the two main protocols that handle how data is sent across the internet. UDP is faster, while TCP is more reliable, but the main advantage of this flexibility is that TCP is useful for defeating censorship by governments and other organizations.
TCP port 443 is used by HTTPS, the encryption standard that secures the web. This makes it difficult to block OpenVPN when it’s run over TCP port 443 without blocking all HTTPS traffic, making OpenVPN useful for bypassing low-level VPN blocks.
However, more advanced forms of deep packet inspection can easily spot the difference between HTTPS and VPN packets.
Has OpenVPN been audited?
Following a crowdfunding campaign, OpenVPN 2.4 was independently audited by OSTIF and QuarksLab in 2016. The results were very positive, and the only critical/high vulnerability discovered concerned susceptibility to a denial of service and did not impact the security of users. This issue was also quickly fixed.
However, 2016 is quite some time ago now, and OpenVPN 2.6.1 is the latest release at the time of writing.
OpenVPN vs. WireGuard
The newer WireGuard protocol is secure, fast, and efficient, which is why Proton VPN now uses it as our default VPN protocol. OpenVPN’s ability to run over TCP remains an advantage over vanilla WireGuard, but Proton VPN has now developed an implementation of WireGuard that also runs over TCP.
WireGuard also forms the basis of our Stealth obfuscation protocol, which is much more effective at evading censorship blocks than running OpenVPN over TCP.
The fact that OpenVPN’s security remains more battle-tested than WireGuard’s may still appeal to some, but there are few reasons to choose it over WireGuard unless your current device doesn’t support WireGuard.
For many years, OpenVPN was effectively the default VPN protocol, and because of this, it remains very well supported on routers and other internet-capable devices. It is still highly secure but offers few advantages over the more state-of-the-art WireGuard (especially Proton VPN’s custom implementations of the newer protocol).