OpenVPN is an open-source VPN solution that employs the Secure Sockets Layer (SSL)protocol for security. OpenVPN supports both site-to-site and remote access modes of operation.
Because OpenVPN employs SSL in one mode of operation, and because it makes use of the open-source OpenSSL library, OpenVPN is sometimes referred as an SSL VPN solution. However, it should not be confused with SSL VPN as commonly understood to be a browser-based VPN product. They are quite different, and there is no interoperability between them. The following figure shows, a high level, browser-based SSL VPN works.
On the client side, the remote user points the web browser to a secure (HTTPS) web site. The browser establishes a TCP connection to the server, then an SSL protocol session within this connection, and finally an HTTP session on top of the SSL session. The SSL session provides a secure tunnel for authentication of the HTTP session, similar to logging into the secure web site of a bank.
In most such solutions, after the user has been authenticated, the browser dynamically downloads a fragment of code (for example, an ActiveX component) to be run on the host of the client. Such code can then, for example, create a virtual interface, so that VPN traffic can be routed through the tunnel. The application of the name SSL VPN to this solution refers to the fact that security is provided by the SSL protocol.
In contrast, OpenVPN implements its own communication protocol. This protocol is transported on top of UDP or TCP and provides a secure tunnel for VPN traffic. By default, UDP is used for better performance. In an OpenVPN solution, OpenVPN must be used on both tunnel endpoints. The following figure shows this scenario.
OpenVPN supports both site-to-site and remote access modes of operation. Support for OPENVPN on the Vyatta router is described in Vyatta OpenVPN Reference Guide.