Skip to main content

About OpenVPN

OpenVPN is a robust and highly flexible open-source software that creates secure, encrypted connections over the internet, establishing a virtual private network (VPN). It’s the technological backbone for securely extending a private network across a public one, like the internet, allowing users to send and receive data as if their devices were directly connected to the private network. At its core, OpenVPN provides the protocol for creating these secure tunnels. However, the OpenVPN ecosystem consists of two key components that work in tandem to deliver a complete VPN solution: OpenVPN Access Server and OpenVPN Connect.

OpenVPN Access Server: The Control Center

OpenVPN Access Server is the heart of the OpenVPN deployment. It’s a comprehensive, self-hosted software solution that simplifies the configuration and management of the OpenVPN server. Think of it as the central administrative hub for your VPN. Key features of the Access Server include:
  • Web-Based Management Interface: It offers an intuitive graphical user interface that allows administrators to easily manage users, groups, and access policies without needing to delve into complex command-line configurations.
  • User and Group Management: Administrators can create and manage user accounts, assign them to specific groups, and enforce different access rules for each group.
  • Authentication Options: It supports various authentication methods, including local user databases, LDAP, and RADIUS, providing flexibility for integration with existing user directories.
  • Client Configuration: Access Server can generate and distribute pre-configured client profiles, making it simple for end-users to connect.
In essence, the Access Server handles the heavy lifting of running and maintaining a secure VPN, making it an ideal solution for businesses and organizations.

OpenVPN Connect: The User’s Gateway

OpenVPN Connect is the official client application that users install on their devices (such as computers, smartphones, or tablets) to establish a secure connection to the OpenVPN Access Server. It’s the user-facing component of the system. The primary functions of OpenVPN Connect are:
  • Simplified Connection: It provides a straightforward interface for users to import their connection profile and connect to the VPN with a single click.
  • Cross-Platform Compatibility: OpenVPN Connect is available for a wide range of operating systems, including Windows, macOS, Linux, Android, and iOS. However, integrating with PKCS #11 hardware tokens is only supported for OpenVPN Connect on Windows and macOS.
  • Seamless Integration: When a user downloads the OpenVPN Connect client from their organization’s Access Server, it often comes pre-configured with the necessary settings, further streamlining the setup process.

Integrating OpenVPN Connect with CryptoHub

OpenVPN Connect, starting from version 3.3 for Windows and macOS, officially supports the use of external certificates stored on PKCS #11 compliant hardware tokens for VPN connections. The primary objective of this client-side PKCS #11 integration is to introduce an additional layer of security for VPN client connections. By storing the TLS client private key on the CryptoHub, the risk of unauthorized access due to compromised software-based credentials (like stolen passwords or certificate files) is significantly reduced. Even if an attacker obtains a user’s .ovpn profile or other software credentials, they would still need to have configured the FxPKCS11 connection to the CryptoHub and know the correct PIN to authenticate successfully.