Skip to main content

About OpenVPN

OpenVPN is a robust and highly flexible open-source software that creates secure, encrypted connections over the internet, establishing a virtual private network (VPN). It’s the technological backbone for securely extending a private network across a public one, like the internet, allowing users to send and receive data as if their devices were directly connected to the private network. At its core, OpenVPN provides the protocol for creating these secure tunnels. However, the OpenVPN ecosystem consists of two key components that work in tandem to deliver a complete VPN solution: OpenVPN Access Server and OpenVPN Connect.

OpenVPN Access Server: The Control Center

OpenVPN Access Server is the heart of the OpenVPN deployment. It’s a comprehensive, self-hosted software solution that simplifies the configuration and management of the OpenVPN server. Think of it as the central administrative hub for your VPN. Key features of the Access Server include:
  • Web-Based Management Interface: It offers an intuitive graphical user interface that allows administrators to easily manage users, groups, and access policies without needing to delve into complex command-line configurations.
  • User and Group Management: Administrators can create and manage user accounts, assign them to specific groups, and enforce different access rules for each group.
  • Authentication Options: It supports various authentication methods, including local user databases, LDAP, and RADIUS, providing flexibility for integration with existing user directories.
  • Client Configuration: Access Server can generate and distribute pre-configured client profiles, making it simple for end-users to connect.
In essence, the Access Server handles the heavy lifting of running and maintaining a secure VPN, making it an ideal solution for businesses and organizations.

OpenVPN Connect: The User’s Gateway

OpenVPN Connect is the official client application that users install on their devices (such as computers, smartphones, or tablets) to establish a secure connection to the OpenVPN Access Server. It’s the user-facing component of the system. The primary functions of OpenVPN Connect are:
  • Simplified Connection: It provides a straightforward interface for users to import their connection profile and connect to the VPN with a single click.
  • Cross-Platform Compatibility: OpenVPN Connect is available for a wide range of operating systems, including Windows, macOS, Linux, Android, and iOS. However, integrating with PKCS #11 hardware tokens is only supported for OpenVPN Connect on Windows and macOS.
  • Seamless Integration: When a user downloads the OpenVPN Connect client from their organization’s Access Server, it often comes pre-configured with the necessary settings, further streamlining the setup process.

Integrating OpenVPN Access Server with Vectera Plus

OpenVPN Access Server, starting from version 3.3. for Mac and Windows, supports the use of external keys stored on PKCS #11-compliant hardware tokens for VPN authentication. The objective of this integration is to protect the most sensitive cryptographic material used by Access Server. By storing the TLS server private key — and optionally the CA signing key — on the Vectera Plus, the risk of compromise due to exposed software-based credentials (such as key files on disk) is eliminated. The private keys never leave the Vectera Plus, ensuring that even if the Access Server host is breached, attackers cannot extract or misuse the protected key material.