What Is OpenVPN?
OpenVPN is an open-source VPN protocol first released in 2001. For nearly two decades it was the gold standard for VPN security - Widely audited, highly configurable, and supported on virtually every platform. Today it remains a trusted fallback while WireGuard has become the speed-optimised alternative.
OpenVPN Technical Overview
| Property | Detail |
|---|---|
| Transport | UDP (default, faster) or TCP (more reliable, firewall-friendly) |
| Encryption | AES-256-GCM (recommended), ChaCha20-Poly1305 |
| Authentication | TLS 1.3, RSA/ECDSA certificates, optional HMAC firewall (tls-auth/tls-crypt) |
| Key exchange | TLS handshake with Perfect Forward Secrecy (DHE/ECDHE) |
| Codebase size | ~400,000 lines - Large but extensively audited |
| Ports | Commonly 1194 UDP; can run on TCP 443 to bypass firewalls |
| Platform support | Windows, macOS, Linux, iOS, Android, routers (DD-WRT, OpenWRT) |
| License | GPL v2 (open source) |
OpenVPN vs WireGuard - When to Use Each
| Criteria | OpenVPN | WireGuard |
|---|---|---|
| Speed | Moderate (userspace overhead) | Significantly faster (kernel-level) |
| Firewall bypass (TCP 443) | Excellent - Looks like HTTPS traffic | UDP only - Easier to block |
| Security audit history | Decades of independent audits | Newer but clean audit record |
| Mobile battery life | Higher CPU usage | Lower CPU usage |
| Configuration flexibility | Highly configurable (.ovpn config files) | Simpler, less configurable by design |
| Censorship-resistant networks | TCP 443 mode is hardest to block | Obfuscation wrappers needed |
| Legacy device support | Works on very old hardware/OS | Requires kernel 5.6+ or kernel module |
How to Choose Your Protocol
- Use WireGuard as your default - It is faster and simpler.
- Switch to OpenVPN TCP on port 443 if you are on a restricted network (hotel, workplace) that blocks common VPN ports - TCP 443 is nearly impossible to block without also breaking HTTPS.
- Use IKEv2 on mobile if your VPN provider does not offer WireGuard - IKEv2 handles network switches gracefully via MOBIKE.
For a full protocol comparison, see VPN Protocols Explained. For WireGuard-specific details, see What Is WireGuard?. Verify any protocol is working correctly with our VPN Leak Test.