OpenVPN Business VPN | TechRadar

Features

For businesses looking for a cloud-delivered service that will help them connect private networks, devices, and servers, there is the CloudConnexa offer on OpenVPN. CloudConnexa offers a cloud-based VPN service tailored to make secure networking simpler for businesses. It enables secure access to applications, private networks, remote workforces, and IoT devices without the need for complicated hardware or the management of server software, circumventing the issue of complex configuration.

Standout features include ZTNA for enhanced security, a full-mesh network that allows seamless connectivity between all users and resources, and Cyber Shield, which protects against malicious content by blocking potential threats before they reach your network. 

The other feature of OpenVPN is its Access Server, a self-hosted secure access solution. This will of course provide more control over the network and the underlying resources, but will require more technical knowledge. Access Server can be installed:

• As a software package on Linux servers Ubuntu LTS, Redhat, Debian, Amazon Linux
• As cloud image on AWS, Digital Ocean, Azure, GCP, Oracle
• As a virtual appliance on VMware ESX or Microsoft HyperV

Once set up, you can offer the connection through various VPN clients to devices from all operating systems, desktop, or mobile. The user authentication process is highly versatile, offering a built-in system with web-based management or integration with external authentication methods such as PAM, LDAP, RADIUS, or SAML. For advanced authentication needs, you can even implement custom programming with Python.

You can create access control rules to specify user or group access to specific IP addresses and subnets, and even determine which devices can make direct VPN client connections. For routing options, Access Server provides full-tunnel and split-tunnel redirection, giving you the flexibility to route all internet traffic through the VPN or only specific traffic, based on your security and bandwidth requirements. 

All of the above only scratches the surface of the complex and granular configurations you can make using OpenVPN.

Pricing & Plans

If you’re unsure what OpenVPN is all about, or if you simply want to take it for a test run, there is a Free plan that you can use to set up three connections. However, if you’re looking to make a self-hosted solution, then the number of connections is two for the free plan. The next plan is called Growth, costing $14 a month per connection; you can get a discount if you opt for annual billing and then the price per connection is $11. The last plan Enterprise, for over 500 connections will require you to reach out to get a quote.   

It is important to note that there are different features if you opt for the self-hosted solution vs CloudConnexa. With the self-hosted option, you’ll have comprehensive support for both IPv4 and IPv6 connectivity, advanced security settings like FIPS compliance, and multiple authentication options including SAML, LDAP, and RADIUS. This option provides you with detailed access logs, robust routing features like application-based domain routing, and the ability to handle overlapping IPs, making it highly suitable for businesses needing maximum customization and control.

CloudConnexa, on the other hand, still gets core features like IPv4 support, basic routing capabilities, and standard authentication methods. However, some advanced features, such as full IPv6 support, DNS logs, and certain location control policies, are still in development. CloudConnexa is ideal if you want a simpler, managed solution that still covers essential networking and security needs but doesn’t require the infrastructure management responsibilities of a self-hosted setup.

Performance

OpenVPN prides itself on its strong security features, however, it falters when it comes to speed. Some of it lies in the complex server-side configuration options available, and other reasons are due to the protocol itself being a bit slower compared to the competition. WireGuard for example is on average over 20% faster, while still utilizing complex cryptography for security purposes.   

In conclusion, if speed is the most important factor, then OpenVPN may not be the best choice, however, we would recommend trying out the free version to test out the features and speed before deciding whether it is for you. We’re not trying to say that it’s the slowest protocol or that it’s unusable, just that it’s slower compared to other solutions on the market.

Privacy & Security

Security is one of OpenVPN’s greatest strengths. Kicking things off with powerful AES-256 and Blowfish encryption. Additionally, it offers fully automated VPN certificate provisioning and management. For businesses that want to have full control over their public key infrastructure (PKI), they can do so using external PKI systems. VPN tunnels are secured with TSL authentication, credentials, certificates, and an optional MAC address lock.

Multi-factor authentication is supported in various forms, with TOTP MFA built-in, along with the other external authentication methods mentioned earlier. However, if you have services like Duo Security or LastPass, you can add them using post-authentication plugins. Furthermore, there is support for Perfect Forward Secrecy (PFS), which means that even if an encryption key is compromised, it won’t decrypt past communications.

Alternatives

A potential alternative for more tech-savvy users is Radmin VPN, which similar to OpenVPN is not a typical VPN service. Namely, Radmin is first of all completely free and is a great option for creating a virtual LAN, through which resources can be shared. It has no advanced features to speak of but can complement nicely other services that incorporate a firewall-as-a-service model, antivirus, anti-phishing, and malware solutions. It uses the same encryption protocol as OpenVPN but in terms of security is not as complex nor advanced. Whether Radmin VPN is a good alternative will depend on whether you need a virtual LAN component or a full-scale ZTNA solution. 

For a full ZTNA solution that doesn’t require too much technical knowledge and represents a one-stop shop for your needs, you can turn to NordLayer. NordLayer offers a firewall, internet shield, and much more while not compromising on speed. In terms of pricing, it competes well with OpenVPN, and depending on the size of your company, might represent a better buy overall.

Final Verdict

For newcomers to the topic, it may be difficult to fully understand what OpenVPN is all about. While it is a communication protocol, it’s also a VPN in its full sense. With the option to host it yourself, a lot of technical know-how will be needed, which is true for most complex ZTNA implementations. On the other hand, it offers a cloud-hosted variant which is easier to implement and offers most of the options that you have in a self-hosted environment. Sure, some advanced features are still in development, but thanks to the open-source concept, we’re sure updates will come fast. 

Overall, whether OpenVPN is the right choice for you, will depend mostly on your unique needs, and the availability of technical employees who can take on the task of implementing it properly. Of course, there is the pricing element, and performance that need to be taken into consideration. All in all, OpenVPN is a solid choice for companies looking to implement a ZTNA approach and protect their remote workforce and company assets.