• Installing OpenVPN on Windows
• Installing OpenVPN on OSX
• Configuring OpenVPN on *nix

OpenVPN benefits over PPTP

• Strong certificate based encryption (blowfish), far stronger than PPTP.
• Encrypted password hash cannot be retrieved from datastream and password is not a key to the encryption
• Does not have the disconnect problems that PPTP does
• Not as affected by conjested routes
• Does not need any router changes
• Not easily blocked and likely available where PPTP is not
• Much better for privacy use than PPTP

OpenVPN Drawbacks

• Not as many devices or clients supported
• Can be difficult for some.

Contacting Support

When contacting support with an OpenVPN connection issue, please include your openvpn log file. We need it to troubleshoot the issue.

OpenVPN Notes and Ports

OpenVPN listens on the following ports:

• tcp 443 - https
• tcp 993 - imaps
• tcp 1503 - data conferencing
• tcp 1731 - video conferencing
• tcp 5190 - icq, aim
• tcp 28900 - gamespy (multiple games)
• udp 20 - ftp data
• udp 123 - ntp
• udp 1194 - default openvpn port

Choosing a port

The default port in the above configs is TCP port 443, this was choosen because of it's ability to pass through nearly any firewall, but it is slower than a UDP port will be.

UDP Ports:

If circumventing a firewall block is not neccessary, or the firewall is open on one or more of these UDP ports, we recommend using UDP over TCP. There will be a substantial difference in performance all around, especially for SIP/VoIP. TCP ports should only be used if trying to stay under the radar of your local admin/ISP and/or getting out past a restrictive firewall that blocks the UDP ports.

TCP Ports:

The main reason we offer on these tcp ports is that there is a very good possibility that one of these ports is open through any firewall you end up behind.

There is an additional reason we offer these. If you don't want your VPN traffic to stand out either to an admin casually seeing it as they are troubleshooting something, or, more importantly, to network monitoring scripts and utilities that show admins pretty graphs of what their network is doing, choose your port accordingly. These network utilities will record and graph this traffic according to the port it is passing over. In addition, because the traffic is encrypted and the port is known to carry encrypted traffic, they can't identify it by anything but port. But there are things to consider if you want to blend in.

For example, an admin may get curious enough over a connection to a single https website (port 443) that lasts all day and/or sends enough traffic to be noticed on his graph to check into it, whereas seeing an all day connection with periodic bursts of traffic to imaps (port 993) is expected behavior and should blend right in (as long as imaps is allowed and used by more than just you). AIM? Encrypted moderate traffic over 5190 is expected. Video or data conferencing? Same thing, but heavier. If you want to look like you are just playing games, choose the gaming port.

Which port will it best blend in on? Is that port one that would be expected to be used? How many others will be using it for it's legit purpose? These are all additional considerations for you if your goal is not to stick out to your local admin and his pretty network traffic graphs, threshold alarms, and other automated monitoring tools.

To change ports and protocol, open the vpn1.ovpn config file and change the line for port and proto. Windows users can right click the OpenVPN GUI and select Edit Config. OSX users can click on the Tunnelblick icon, choose Details..., then Edit Configuration.