From the moment we connect to the Internet we are exposed. From the moment the information leaves our PC until it reaches the destination there are many points where it can be compromised: within the LAN, in the ISP, the DNS, the remote server, etc. The most normal thing is that both the ISP and the DNS are the ones that are made with our data to use them for their own and / or commercial purposes, but they are not the only ones. And although many times we may not care about these weaknesses, there are situations in which we need a security and privacy plus, a plus that we can get thanks to a VPN software like OpenVPN .
What is a VPN
Before we start to explain what OpenVPN is, let’s explain what a VPN connection is. When we connect to the Internet normally, our data travels, without more encryption than the network itself (such as HTTPS) from our computer to the server. This connection collects personal information about us (such as the IP) necessary to obtain a response from the server. A VPN connection is a private network that we create between our PC and a server connected to the Internet, elsewhere. Thus, thanks to a client, all Internet traffic is encrypted on our computer and travels, indecipherable, to the VPN server. And then it is this who is in charge of forwarding the traffic to the destination server (such as the web) using their IP as the sender. The packets go back to the VPN server, who encrypts them and sends them back to our computer.
Some practical uses for VPN connections are:
- Establish secure and controlled connections between a PC and a server in the company.
- Browse the Internet anonymously.
- Bypass censorship or regional blocking of certain servers and websites.
- Connect to our computer, server or NAS safely from anywhere.
- Browse with privacy from public networks (such as bars, libraries or stations).
There are many types of VPN. Many of them are SaaS (service as a service), that is, a business model that, in exchange for a subscription, allows us to connect through their servers. But if we really want to have maximum privacy and security, and we don’t want to pay, we must opt for a totally free option such as OpenVPN.
What is OpenVPN
OpenVPN is a totally free and open source VPN solution . This software consists of a server, which will be the one who offers us the connection, and a client, from which we will connect to the server. This VPN protocol began its adventures in 2001, and today it is one of the few that still maintains its open source client and server.
In order to connect safely through this protocol, it is necessary to have both the client and the server.
The client will be all that equipment or device from which we connect to the Internet. It can be a computer, a tablet, a smartphone … one of the advantages of OpenVPN is that, thanks to being open source, there are clients for almost everyone. All operating systems are compatible with it, although not natively (hence we need the client).
The server will be the one who acts as an intermediary, with whom we create that private tunnel to be able to go to the Internet. We can mount the OpenVPN server on any computer, although the normal thing is to mount it on a router, a NAS, a cloud server or a personal server (such as a raspberry Pi) that is connected 24 × 7 to the Internet to always guarantee the connection .
The main feature, and the point that differentiates it from SaaS VPN connections, is its OpenSource nature . Thanks to this, although the process is more complicated, we can have our own totally private, customizable and secure client-server network. In addition, it is totally different from L2TP, IPSec or PPTP, since it uses its own protocol based on TLS and SSL .
Another advantage of this VPN is its security . By default, it uses a 256-bit OpenSSL encryption , although we can strengthen the security using other additional encryption such as AES, Camellia, 3DES, CAST-128 or Blowfish. It also has tls-auth for the verification of HMAC signatures, which leaves us protected against vulnerabilities of all kinds, from buffer overflow to DoS attacks and port scanning.
The connection and authentication process is also superior to other alternatives thanks to the support for third-party plugins and scripts. In addition, it allows you to configure private subnets, being able to continue establishing secure connections beyond the OpenVPN server itself.
Finally, it indicates that the speed offered by these connections, although not bad, can be improved. This is because, although it depends directly on the bandwidth of the Internet connection where the server is, its strong data encryption can slow down connections. We sacrifice speed for far superior security.
To set up our own OpenVPN server it is recommended, either to use an embedded system prepared to use this protocol (a NAS, a router, etc.), or to use a Linux operating system. In the end, it is what is going to offer us the best performance.
To connect from Windows we will need the corresponding client. This can be found, along with its source code, on its main website . If we use another operating system (such as Android, or iOS, for example), in the application stores we can find different clients (both official and third-party) to be able to connect and establish these secure connections. In the case of Linux, for example, although we can also find its binary packages on the download website, we can install the latest version from the repositories.
In addition to OpenVPN, if we want to create our own secure VPN connection we can find many other alternatives. Some of the most interesting that we find on the net are:
Acronym for Software Ethernet, this is one of the more direct alternatives to OpenVPN. Like this, SoftEther stands out for having its own OpenSource client and server, being an excellent alternative that we can use both personally and professionally without any limitation and without paying licenses. It has practically the same functions as OVPN, although it is less well known and much easier to use, configure and start up.
We can download SoftEther from its website .
Windows has its own VPN client installed by default. The Microsoft operating system will allow us to connect, without other programs, to any server that uses the PPTP, L2TP / IPSec, SSTP or IKEv2 protocols. Also, if we install other VPN clients (like OpenVPN) we can use this native Windows configuration to connect to your server.
You do not have to download anything to be able to use it, since this functionality is included in all versions and editions of Windows.