Best VPNs for OpenVPN

Most providers now consider OpenVPN the best and most secure protocol for all of your VPN connections. Although it is not natively supported on any devices, third party software for it has allowed it to be ported to many different platforms. It is not always as easy to install and configure as some of the other protocols like PPTP and L2TP/IPsec.  This is because you must not only install the client, but also configuration files which can sometimes cause issues.  Despite this, its excellent security features, modularity, reliability, and speed have gained it widespread acceptance in the VPN industry.  So much so that it is now the default protocol for many of them.  With so many providers now supporting it, how do you find the best?  Do not worry, we have done the hard work for you.  Below you will find our list of the 5 best VPNs for OpenVPN.

Rank	Provider	Price	Rating	Software	Link
1		$4.87 60% Off	9.9 Read Review
2		$6.25 38% Off	9.8 Read Review
3		$8.32 35% Off	9.7 Read Review
4		$6.25 25% Off	9.6 Read Review
5		$3.33 52% Off	9.5 Read Review

What is a Personal VPN service?

Since you are looking at VPNs for OpenVPN, most of you probably know what a personal VPN is and how a it can help you in your daily Internet life.  For those of you who do not, it helps to know that VPNs have been used in the business world for many years.  They have been used to allow businesses to leverage the World Wide Web to expand internationally without investing in specialized hardware for private infrastructure.  They also let remote workers access private business networks across the Internet without having to worry about their security and privacy.  VPNs work by establishing a secure, encrypted connection between devices that allows them to send traffic across the open Internet as if they were connected directly to each other.

Personal VPN services work similarly by letting you leverage the Internet as your own private network.  They create secure encrypted tunnels between you and your VPN provider allowing you to keep all of your Internet traffic private from your ISP, the government, or other unwanted interlopers.  In addition to securing your traffic, personal VPNs also mask your true IP address and assign you one from the VPNs remote server location.  This along with IP sharing used by most providers helps keep you more anonymous while surfing the Internet.

OpenVPN’s Story

OpenVPN was written by James Yonan and released in 2001 as open source.  It is a type of protocol; a series of instructions which is used to create a secure tunneled VPN connection between Internet enabled devices allowing them to communicate securely and confidentially.  There are many different types of protocols available for VPN connections, including PPTP, L2TP/IPsec, SSTP, and IKEv2, all of which can be used to establish secure VPN networks.  All have their purposes and use slightly different methods to create their VPN networks.

Given that their are so many different protocols, what separates OpenVPN from the pack and makes it the overwhelming protocol of choice for many VPN providers.  What makes it the darling of the commercial VPN industry?  Quite simply, it does the best job of securing all of your Internet traffic and guarding your confidentiality.  It does this by using industry tested security algorithms to create and secure your VPN tunnel.  It then encrypts all Internet traffic bi-directionally between your device and the VPN server.  Equally important it authenticates the user, VPN server, and all data transferred them.

What is Authentication?

Authentication is one necessary component of VPN protocols.  It is the process of determining whether someone or something is, in fact, who or what it has declared itself to be.  Authentication in the VPN context involves signing every packet with a secure hash, allowing the recipient to verify its source.  This sounds simple but it can be easy to implement wrong.  OpenVPN, through its modular nature, makes it easier to implement this correctly.   It uses the SSL3/TSL1 security protocol to establish the original secure link between your device and the VPN service.  This security suite supports a variety of authentication algorithms from static pre-shared keys to full RSA Public Key Infrastructure (PKI), for both the server and the client. 

OpenVPN uses SSL3/TSL1 along with the full OpenSSL library for keyed-hash message authentication code (HMAC) construction using a shared symmetric key.  Both OpenVPN and IPsec use HMAC construction to authenticate packets.  Together these ensure not only authentication at the end-point connections (your device and the VPN server you connected to), but also the authentication of your data once it has been transferred.   This protects you from, so-called, man-in-the-middle attacks from an active attacker with the ability to insert himself into your communication channel and add, change, or delete data packets. 

Other types of attacks that your data could be exposed to include replay attacks (involves resending recorded packets) and plaintexts attacks (modifying data packets without being able to read them).  OpenVPN uses a unique ID or timestamp for each data packet and an HMAC tsl-auth pretest option to prevent an attacker from inserting packets into the main SSL/TSL code.  Both OpenVPN and IPsec use a Sliding Window Algorithm to guard against plaintext attacks.  In short, OpenVPN authentication protects you from any currently known viable active attacks. 

Why OpenVPN May Be the Most Secure VPN Protocol

With the Snowden revelations, came the realization organizations like the US National Security Agency (NSA) and GK Government Communications Headquarters (GCHQ) are spying on us and secretly recording our every communication.  Not only this but they are actively trying to break our most secure encryption standards used for Internet communications.  They seemed particularly interested in the protocol encryptions used by private VPN services and have been hard at work looking for vulnerabilities in IPsec, SSL Certificates, HTTPS, and others.  Prominent security specialists have accused them of trying to influence the National Institute of Internet Engineering Task Force (ITEF) as it adopted some of our basic Internet security protocols like IPsec.  It seems that their influence may have reached every VPN protocol, except one, OpenVPN.

OpenVPN has eluded their influence because it is open source. This means its source code is available for everyone to see and scrutinize its security.  This makes it hard for anyone, including the government to influence or weaken its security without the security and cryptographic world taking notice.  As we previously stated, OpenVPN has a simplified modular design which makes it easier to analyze its working security.  The same can not be said for other VPN protocols, like IPsec which has been described as too complex to be secure.

OpenVPN Encryption Algorithms

Encryption is the second necessary component of VPN protocols.  OpenVPN is no different, the encryption algorithms or ciphers a VPN uses affects the security of your data in transit, as well as, the security of the entire VPN network.  OpenVPN gives VPN providers access to some of the best encryption algorithms in the cryptographic world including AES, Blowfish, Camellia, 3DES, and others.  The main ciphers used by most personal VPN providers are AES and Blowfish.

Blowfish was introduced by Bruce Schneier in 1993 and uses a 64-bit symmetric block cipher with key lengths which can vary from 32-bit to 448-bit .  It is still considered secure by most people although it has been shown to have an exploit if weak encryption keys are used.  Because of this keys must be selected carefully by Blowfish users.  Despite this, it is used in many encryption libraries and software.  Also, Blowfish is not recommended for files over 4GB.  Bruce Schneier, Blowfish’s creator, was quoted in 2007 as saying “At this point, though, I’m amazed it’s still being used.  If people ask, I recommend Twofish instead.”  Twofish was one of the five finalists in the AES encryption contest to find the predecessor for DES.  OpenVPN does not yet include support for Twofish.

Advanced Encryption Standard (AES), also called Rijndael replaced DES as the US National Institute of Standards and Technology (NIST) standard encryption algorithm in 2001.  It was selected from among 15 other candidates which included RC6, Twofish, and Serpent.  It is a 128-bit symmetric block cipher which three different key lengths: 128-bit, 192-bit, and 256-bits.  This means it can handle larger files than Blowfish.  In May of 2002 AES was made the federal standard for encrypting sensitive and secret information.  If implemented correctly, their are no known credible attacks that will allow uninvited third parties to read data encrypted with it.

VPN providers can use either of these ciphers and independently select the encryption keys used they use for their OpenVPN implementations.  By using both strong keys and strong ciphers, as well as, other OpenVPN security features, they can provide near NSA-proof encryption to their subscribers.

Modular Design of OpenVPN

OpenVPN is open source code which takes a modular design approach.  Specifically the code uses the OpenSSL library and the SSL3/TSL1 security protocol suite.  OpenVPN Leverages SSL/TLS to encrypt the link between your computer and the VPN server it is connected to for initial authentication and symmetric key exchange.  OpenVPN applies its modular approach to how it handles cryptography as well, with most crypto functions being offloaded to the OpenSSL library.  Additionally, OpenVPN’s user-space design which does not require core kernel access allows straight forward porting to other platforms that include a TUN/TAP virtual network driver.

What is more, due to the modular nature of the OpenVPN source code, it can be easily tailored by any VPN provider.  They can choose their encryption ciphers, algorithms to generate keys, bit sizes for keys and hash algorithms, and set the number of rounds to calculate by task.  This makes it easier for VPN providers to add new features like kill switches, DNS leak protection,  and NAT firewalls to protect their subscribers.

All this modularity in code, along with the OpenSSL library and SSL3/TSL1 security protocol suite makes OpenVPN highly configurable.  This means that although the default Internet protocol for OpenVPN is UDP, it can be set to run on any port.  This includes TCP port 443, the standard port for HTTPS traffic over SSL.  This makes it difficult to tell your VPN traffic from normal business traffic sent over HTTPS.  This allows VPN providers to configure their services to overcome obstacles from your local school firewall to the Great Firewall of China.  It also lets them use NAT firewalls to protect their subscribers from unwanted malware or website requests while connected to their service.

Installing OpenVPN On Your Device

This has allowed the best VPN services to build clients to simplify both OpenVPNs installation and configuration.  It has also let them design easy to use graphical user interfaces (GUIs) for their subscribers.  This allows you to not only connect and disconnect from the service but also take advantage of other features that it may offer such as kill switches, stealth operation, DNS leak protection, and NAT firewall support.   Usually only few mouse clicks, taps, or swipes are all it takes to access these features.

Not all VPN providers have clients for OpenVPN for all platforms that they support.  Some choose to use an open-source OpenVPN client.  The best have step-by-step installation guides to help you set up the client on your device, but some technical knowledge is helpful in case issues arise during this process.  A responsive technical support team will also help for any problems that you might have while installing or configuring the OpenVPN client to work with their service.  The OpenVPN clients commonly used as platform standards include:

• Windows – OpenVPN
• Mac OS X – TunnelBlick
• iOS – OpenVPN Connect
• Android – OpenVPN for Android
• Linux/Ubuntu – OpenVPN

Other OpenVPN options are also available for these and other platforms.

Other Criteria For Choosing a VPN for OpenVPN

When choosing a VPN for OpenVPN, there are a few other things that you need consider besides how well they implement OpenVPN.

• First is do you trust the VPN provider with your personal information?
  • How much of your personal information do they collect and do they clearly define how it is used in their privacy policy?  If your goal is greater anonymity then no or very limited personal information is better
  • What kind of reputation do they have in the VPN industry and do they have good support.
  • Where are they incorporated at?
• Second is do they have a worldwide presence?
  • Multiple servers in regions that you want to access so you can always get the best performance while using the best OpenVPN encryption settings.
• Third, what is their logging policy regarding VPN usage?
  • A no-log policy of VPN usage is best.
• Fourth, can the VPN service do everything you need it to do?
  • How fast is the VPN service from your location?
  • Do you need to bypass local or government firewalls?
  • How do they handle P2P file sharing traffic?
• Fifth, how reliable is the network?
  • You want to choose a VPN which is stable and has multiple servers in the locations you use.  This will allow you to avoid slowdowns due to overcrowding.
  • Does the service have respond to your questions in a timely manner?
  • Do they offer a kill switch to protect your privacy if the VPN drops?
  • Do they support DNS leak protection keep your public IP address hidden?
  • Do they support port forwarding for NAT firewall scaling?
• Sixth, is the bandwidth.
  • The best VPNs offer unlimited data download.
• Seventh, does it support desktops, phones, tablets or other devices?
  • What platforms does it support for OpenVPN? Windows? Mac OS? Linux? iOS? Android?
  • How many simultaneous connections does it allow? Two is good, more is even better.
• Eighth, is it secure and private to protect your traffic from prying eyes?
  • What kind of protocols does the VPN use?  Multiple protocols increases the service utility.
    • A VPN service that supports all three protocols: OpenVPN, L2TP/IPsec and PPTP is best.
      • OpenVPN (UDP/TCP) (Best mix of security and speed)
        • It is highly configurable, fast, and the most secure.
        • Port forwarding helps increase its utility by allowing it to scale firewalls.
      • L2TP/IPsec – Layer 2 Tunnel Protocol / Internet Protocol Security is the encryption protocol for traffic.
        • It provides good security.
        • It has slower performance than that of OpenVPN due to double encapsulation of data.
        • It has built-in support on most devices which makes it easy to implement.
        • Has greater utility if port forwarding is used since by default it uses UDP port 500 which can be easily blocked.
        • Although not proven, it is suspected of been deliberately weakened during its design phase.
      • PPTP – Point to Point Tunneling Protocol
        • Some of the devices that you use will only support this protocol.
        • It is considered the least secure and probably better suited for devices that can not use other protocols or where speed, not security is the main concern.
        • It is built into most devices and very easy to setup.
  • Encryption is usually AES,  Blowfish, or 3DES based.
    • It should use at least 128-bit keys which is not as secure but provides faster speed for less security conscious purposes like streaming media.
    • 256-bit is better for security if you are using an untrusted network at a hotel or your local restaurant’s free Wi-Fi network.
  • Other protocols include proprietary stealth ones to scale the Great Firewall of China, SSTP which is very secure but primarily for Windows, and IKEv2 which provides excellent security and automatic reconnection for mobile devices.
• Ninth, how easy is the VPN to actually use?
  • Does the service have mobile apps and software clients to make it easier to install and configure OpenVPN on your device.
  • Does it have well written guides to install their service on devices that do not have client software?
  • Do the have a GUI to make it easy to connect, disconnect, or access other service features from your device?
• Tenth, how much does the VPN service cost and how can you pay for it?
  • As always, you should spend what your budget can afford.
  • Does it support anonymous ways to pay for the service like Bitcoin?

All of the VPNs that that made our list have some of the best (most secure) OpenVPN implementations in the industry. They also have other features that make their services easier to use and help to maintain your Internet privacy.

Final Thoughts

A personal VPN service can help to secure your data and protect your privacy while surfing the Internet.  A properly implemented VPN can protect all of your Internet transactions from all prying eyes, even those of government agencies like the NSA, GCHQ, and others.  VPN providers have many different VPN protocols choices for their VPN networks.  These include OpenVPN, L2TP/IPsec, SSTP, IKEv2, PPTP, and other proprietary ones.

OpenVPN is the most secure of these protocols if implemented properly.  It is an open source code which uses the OpenSSL library and the SSL3/TSL1 security suite.  It has a modular design with SSL3/TSL1 used to built the initial secure link, encryption is offloaded to the OpenSSL library, with IP tunneling provided through the TUN/TAP virtual network driver.  This makes it easier to implement and update with the latest security and authentication algorithms by dynamically linking the latest OpenSSL library into it.  OpenSSL also allows utilization of special-purpose hardware accelerators to optimize encryption, decryption, and authentication performance.  It also makes it easy to port to any OS platform that supports TUN/TAP drivers.

Although not naturally supported by any OS platform, third-party software has been written which allows it to be run on almost all major platforms including, Windows, Mac OS X, iOS, Android, Linux, and others that support TUN/TAP drivers.   Its modular design allows it to be easily configurable by VPN providers.  Many have taken advantage of this and designed their own custom OpenVPN client software with easy to use GUIs to make their service easier for their subscribers to install and use.  It has also allowed them to add extra features like kill switches, DNS leak protection,  and NAT firewalls to protect their subscribers.

OpenVPN’s  modularity, excellent security features, reliability, and speed have helped it to become the most widely used VPN connection protocol in the commercial VPN industry.  Many VPN services now use it as their default protocol.  All of the VPNs that we recommend for OpenVPN use it as their default for most of their primary platforms.  They have some of the most secure OpenVPN implementations available with some of the best performance.  All also have money-back guarantees.  Select the one which best suits your needs and take it for a test drive.

Rank	Provider	Price	Rating	Software	Link
1		$4.87 60% Off	9.9 Read Review
2		$6.25 38% Off	9.8 Read Review
3		$8.32 35% Off	9.7 Read Review
4		$6.25 25% Off	9.6 Read Review
5		$3.33 52% Off	9.5 Read Review