Quick definition: OpenVPN is an open source protocol for Virtual Private Networks (VPNs). It enables you to create secure, private network connections from point-to-point or site-to-site. It’s compatible with Windows, macOS, Linux, Android, iOS, and other operating systems, making it highly versatile.
With OpenVPN, you can remotely access a private network from anywhere. emnify leverages OpenVPN to help IoT manufacturers remotely access devices and securely transport data from the device.
Here’s what you should know about it.
How does OpenVPN secure connections?
OpenVPN uses a cryptography software library called OpenSSL to secure connections between network entities. OpenSSL includes open source versions of the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols which commonly secure communications. This enables the OpenVPN client and OpenVPN server to authenticate one another with a pre-shared key and a certificate. (If you wish to know more about protocols and IoT check out our Comprehensive Guide to IoT Protocols.)
OpenVPN uses 256-bit encryption to protect your data packets along a tunnel. The sender and receiver (OpenVPN client and server) encrypt and decrypt the messages, and from there the data can be forwarded where they need to go. Let’s assume you have a device such as a smart meter and smart meter gateway that hosts the OpenVPN server. If a remote person wants to access the diagnostics information from the smart meter then he will connect an OpenVPN client with the gateway to access the smart meter.
This process creates a secure tunnel from one device on a network to another gateway device on another network. This also means there always needs to be a gateway that hosts the OpenVPN server or client - so either the smart meter itself, or another device that connects multiple smart meters.
With emnify, OpenVPN works a little differently. We host the VPN server on our network and the devices receive static private IP addresses. To securely transmit data to the client, your device sends it to the application’s private IP address through our VPN server.
For remote access, you simply connect to our VPN gateway and gain access to all of your devices, so you can conveniently log in and troubleshoot devices.
Our OpenVPN also creates application tokens for every connection. You can set expiration dates for these tokens and limit their use to a range of private IP addresses, so only authorized personnel can access your OpenVPN connection.
How does data transport work with OpenVPN?
On the transport layer, OpenVPN can use either Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) to transmit data between the client and server. TCP is the most common transport protocol, and it prioritizes accuracy over speed. TCP numbers data packets and checks to see if the entire transmission arrived and in the correct order. If there are mistakes, it retransmits. This slows down the process but helps prevent errors. For most use cases, this is the better approach for data transport.
UDP essentially does the opposite: it prioritizes speed at the cost of accuracy. UDP doesn’t number data packets or consume extra data to confirm if the packets arrived correctly. User Datagram Protocol is better suited for use cases where latency is more disruptive than inaccurate transmissions (such as video streaming). So if, for example, you were remotely checking the feed from a security camera, UDP is more useful than TCP. But if you were issuing commands and requesting information from a device, TCP makes more sense.
OpenVPN vs. private APN
A private Access Point Name (APN) has been old telecommunication solution to simply identify a gateway that has specific policies for accessing a network and that gives static IP addresses to devices - through which they can be remotely access. The private APN was then used as an concentrated endpoint to help secure connectivity through policies like disallowing public Internet. Private APNs are often used in conjunction with a VPN, but with emnify it is not anymore required for a VPN. All devices with an emnify SIM are managed by the policies on the emnify platform and get static IP addresses by default. The platform also ensures the secure routing within the OpenVPN tunnel. OpenVPN simplifies remote access while keeping connections secure, allowing you to access any of your devices through a single connection.
OpenVPN and the Internet of Things
OpenVPN is an excellent solution for IoT manufacturers to remotely maintain, troubleshoot, and analyze their deployed devices. Wherever you are, and wherever your devices are deployed, OpenVPN ensures that your technicians always have a secure connection—even from home.
You can retrieve log files, issue commands, perform firmware updates, complete field tests, reconfigure your device, and more, all without having to send a technician to your customer’s location.
Get in touch with our IoT experts
Discover how emnify can help you grow your business and talk to one of our IoT consultants today!
Tobias Weber
More than six years of experience as a senior editor in the realm of smart home, connectivity and Internet of Things. And still as curious as on the first day.