The OpenVPN application was designed to be a full-featured SSL VPN solution which can accomodate a wide range of configurations, including remote access, site-to-site VPNs, WiFi security, and enterprise-scale remote access solutions with load balancing.

OpenVPN implements OSI layer 2 or 3 secure network extension using the industry standard SSL/TLS protocol, supports flexible client authentication methods based on certificates, smart cards, and/or 2-factor authentication, and allows user or group-specific access control policies using firewall rules applied to the VPN virtual interface. OpenVPN is not a web application proxy and does not operate through a web browser.

Key features

# tunnel any IP subnetwork or virtual ethernet adapter over a single UDP or TCP port,
# configure a scalable, load-balanced VPN server farm using one or more machines which can handle thousands of dynamic connections from incoming VPN clients,
# use all of the encryption, authentication, and certification features of the OpenSSL library to protect your private network traffic as it transits the internet,
# use any cipher, key size, or HMAC digest (for datagram integrity checking) supported by the OpenSSL library,
# choose between static-key based conventional encryption or certificate-based public key encryption,
# use static, pre-shared keys or TLS-based dynamic key exchange,
# use real-time adaptive link compression and traffic-shaping to manage link bandwidth utilization,
# tunnel networks whose public endpoints are dynamic such as DHCP or dial-in clients,
# tunnel networks through connection-oriented stateful firewalls without having to use explicit firewall rules,
# tunnel networks over NAT,
# create secure ethernet bridges using virtual tap devices, and
# control OpenVPN using a GUI on Windows or Mac OS X.