OpenVPN Technical Specifications

OpenVPN is an SSL-based VPN (virtual private network) that supports both site-to-site and client-to-site VPN. When you create new clients or sites, OpenVPN creates a custom executable for each client that contains the client, configuration, and authentication information. Users simply need to install the custom executable on their computers. OpenVPN supports the following operating systems:

• Windows 2000/XP and higher
• Linux
• OpenBSD
• FreeBSD
• NetBSD
• Mac OS X
• Solaris

Under The Hood
Unlike most other VPN protocols, SSL runs on the application level (user space), enabling a highly secure and reliable connection without the implementation complexities that are inherent in VPN protocols that use the network level.

The key to this user-space implementation is a tun/tap virtual network adapter. A tun adapter is a simulated point-to-point link, like a T-1, while a tap adapter simulates ethernet.

In a nutshell, SSL encapsulates IP in UDP. IP packets sent from a tun or tap virtual network adapter are encrypted and encapsulated onto a UDP connection, and sent to a remote host over the Internet. The remote host decrypts, authenticates, and de-encapsulates the IP packets using a tun/tap virtual adapter.

A user-space VPN model links a local tun/tap virtual adapter with a remote tun/tap virtual adapter, just as other VPN protocols use hardware adapters. When the connection is forwarded over SSH, a secure port forwarding tool, the VPN connection is very secure.

What It Does

Provides SSL-based virtual private networking

How It Does It

Based on OpenVPN, with Untangle custom interface and pre-built client distribution feature

Controls

• Setup Wizard for site-to-site and client-to-site VPNs
• Selectable server port and DNS override settings
• You can specify what hosts/networks are exported through the VPN
• Includes a client distribution utility for secure distribution of keys via email with URL link