What is OpenVPN ?
OpenVPN is an open-source commercial
software that implements virtual private network (VPN) techniques to create
secure point-to-point or site-to-site connections in routed or bridged
configurations and remote access facilities. It uses a custom security protocol
that utilizes SSL/TLS for key exchange. It is capable of traversing network
address translators (NATs) and firewalls. It was written by James Yonan and is
published under the GNU General Public License (GPL).
OpenVPN allows peers to authenticate each other using pre-shared secret keys, certificates or username/password. When used in a multiclient-server configuration, it allows the server to release an authentication certificate for every client, using signatures and certificate authority. It uses the OpenSSL encryption library extensively, as well as the TLS protocol, and contains many security and control features.
OpenVPN uses the OpenSSL library to provide encryption of both the data and control channels. It lets OpenSSL do all the encryption and authentication work, allowing OpenVPN to use all the ciphers available in the OpenSSL package. It can also use the HMAC packet authentication feature to add an additional layer of security to the connection (referred to as an "HMAC Firewall" by the creator). It can also use hardware acceleration to get better encryption performance. Support for mbed TLS is available starting from version 2.3.