OpenVPN is a full-featured SSL VPN solution which can accomodate a wide range of configurations, including remote access, site-to-site VPNs, WiFi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls (articles) (examples) (security overview) (non-english languages).

OpenVPN implements OSI layer 2 or 3 secure network extension using the industry standard SSL/TLS protocol, supports flexible client authentication methods based on certificates, smart cards, and/or 2-factor authentication, and allows user or group-specific access control policies using firewall rules applied to the VPN virtual interface. OpenVPN is not a web application proxy and does not operate through a web browser.

For a good conceptual introduction to OpenVPN, see the program notes for James Yonan's talk at Linux Fest Northwest 2004 -- Understanding the User-Space VPN: History, Conceptual Foundations, and Practical Usage. See also OpenVPN and the SSL VPN Revolution by Charlie Hosner.

OpenVPN runs on Mac OS X, Linux, Windows 2000/XP and higher, OpenBSD, FreeBSD, NetBSD, and Solaris.

How to install and run: Unarchive, open a Terminal window, go to the OpenVPN's folder and run the following commands from the command line (afterwards run the program using its name):

./configure
make
make install
sudo /usr/local/sbin/openvpn

Here are some key features of "OpenVPN":

· tunnel any IP subnetwork or virtual ethernet adapter over a single UDP or TCP port,
· configure a scalable, load-balanced VPN server farm using one or more machines which can handle thousands of dynamic connections from incoming VPN clients,
· use all of the encryption, authentication, and certification features of the OpenSSL library to protect your private network traffic as it transits the internet,
· use any cipher, key size, or HMAC digest (for datagram integrity checking) supported by the OpenSSL library,
· choose between static-key based conventional encryption or certificate-based public key encryption,
· use static, pre-shared keys or TLS-based dynamic key exchange,
· use real-time adaptive link compression and traffic-shaping to manage link bandwidth utilization,
· tunnel networks whose public endpoints are dynamic such as DHCP or dial-in clients,
· tunnel networks through connection-oriented stateful firewalls without having to use explicit firewall rules,
· tunnel networks over NAT,
· create secure ethernet bridges using virtual tap devices, and
· control OpenVPN using a GUI on Windows or Mac OS X.

What's New in This Release: [ read full changelog ]

· Fixed some breakage in openvpn.spec (which is required to build an RPM distribution) where it was referencing a non-existent subdirectory in the tarball, causing it to fail (patch from David Sommerseth).