OpenVPN Access Server is an SSL VPN based on open source software

Expert Karen Scarfone takes a look at the OpenVPN Access Server SSL VPN for securing network traffic by providing encrypted tunnels to the enterprise.

The OpenVPN Access Server is a commercial SSL VPN product. It provides secure remote access capabilities for enterprises by carrying network traffic through an encrypted tunnel. This protects the traffic from eavesdropping and tampering attacks that could disrupt the confidentiality or integrity of the data being communicated. This is particularly important when traffic is passing over unsecured networks, such as the internet.

The OpenVPN SSL VPN is a software package that is currently available for six flavors of Linux: Red Hat, Fedora, CentOS, Ubuntu, Debian and openSUSE.

OpenVPN Technologies, the company that makes the OpenVPN SSL VPN software, also offers an OpenVPN Access Server Virtual Appliance in two formats: Microsoft Virtual Hard Disk and VMware ESXi.

In addition, there is the OpenVPN Access Server Cloud Machine, which provides the same SSL VPN solution, but in a cloud-based architecture for Amazon and CloudSigma clouds.

Client and authentication support for the OpenVPN Access Server

The OpenVPN Access Server product takes a unique approach to client support. Natively, the vendor provides an OpenVPN Connect client for Windows, Mac OS X and Linux devices.

Because the OpenVPN SSL VPN is based on open source software, anyone is free to make their own client software for use with the OpenVPN SSL VPN, so support for additional platforms is possible. The vendor states that there are OpenVPN clients available for Android and iOS devices.

Both local and remote authentication options are supported by OpenVPN Access Server. It can use a local database for authentication, or it can integrate with existing enterprise authentication solutions, such as RADIUS and Lightweight Directory Access Protocol (LDAP). Also, much like the possibility of customized client software, organizations can create new authentication modules to support other enterprise authentication platforms and services, including single sign-on, by taking advantage of OpenVPN Access Server's open source roots.

Some network access control features are also supported by OpenVPN SSL VPN software, such as verifying the presence of antivirus software.

OpenVPN Access Server software comes with support for two concurrent client connections. Additional concurrent users can be added by purchasing licenses per year per concurrent user, with a minimum purchase of 10 more concurrent users.

Pricing for additional client licenses is as follows:

Client license pricing

The OpenVPN Access Server offers traditional software and virtualization-based and cloud-based products for implementing SSL VPN capabilities. According to the product's website, the OpenVPN SSL VPN is scalable up to hundreds of thousands of concurrent users, so it can fit organizations of any size.

Its native client software supports Windows, Mac OS X and Linux client devices, as well as Android and iOS mobile devices, but organizations can expand this by writing their own client application because the OpenVPN SSL VPN is based on open source software. This open source software also enables the development of custom authentication solutions, while the software natively supports RADIUS, LDAP and other common enterprise authentication deployments.

OpenVPN Access Server is a viable alternative to other commercial solutions because of the scalability and flexibility that it provides for organizations.

Next Steps

Check out the other SSL VPN products covered in this series: Barracuda SSL VPN, Check Point Mobile Access Software Blade, Cisco IOS SSL VPN, Juniper Networks SA Series and Dell SonicWALL Secure Remote Access.

Introduction to SSL VPN products in the enterprise

Learn about the three enterprise benefits of SSL VPN products

Find out about the criteria for selecting the right SSL VPN products

Comparing the top SSL VPN products

This was last published in March 2017

Dig Deeper on Network security