OpenVPN Connect Review

OpenVPN Connect is a generic OpenVPN app for iOS, Android, Windows, and macOS that can be used with any VPN service which supports the OpenVPN protocol.

This review forms part of a series of articles which examine the main generic OpenVPN apps on each major platform – the others being OpenVPN GUI for Windows, Tunnelblick for macOS, and OpenVPN for Android.

OpenVPN Connect is notable for being the only OpenVPN option available to iPhone and iPad users. Unlike the other apps reviewed in this series, OpenVPN Connect is not open source. It is, however, the official app from OpenVPN Inc., the team who develop the open source OpenVPN protocol.

Price

The OpenVPN Connect app is free, although the mobile versions do include a link to the paid-for Private Tunnel VPN service operated by OpenVPN Inc.

Of course, OpenVPN Connect is just an app, so to use it you will need to sign-up for a VPN service which usually costs a few dollars per month.

OpenVPN Connect features

  • Full DNS leak protection (both IPv4 and IPv6)
  • Full IPv6 routing
  • Seamless tunnel (mobile only)
  • Proxy support
  • Direct compatibility with OpenVPN Access server

As with all generic OpenVPN clients, simple edits to the OpenVPN configuration (.ovpn) file allow for a high level of customization (if supported by your provider). Most such edits are supported, although there is a small list of ones which are not is available.

We cannot find any confirmation, but consider it fair to assume that OpenVPN Connect always uses the most up-to-date version of the OpenVPN protocol.

Access Server

OpenVPN Connect makes it very easy to connect to a VPN server setup using the OpenVPN Access Server software. This functionality is not the focus of this review but is covered in our guide on How to create your own VPN server.

Seamless tunnel (mobile apps only)

According to the documentation, this feature does a “best-effort to keep the tunnel active during pause, resume, and reconnect states.” It “can reduce the incidence of packet leakage by keeping the tunnel continuously engaged until it is manually disconnected.”

It, therefore, functions in many ways as a killswitch but does not appear to be as robust as a true kill switch. 

It is worth noting that the newer version of Android (Nougat 7+) includes a real kill switch that works with any VPN app (including OpenVPN Connect). 

Privacy and security

OpenVPN Inc. is a US-based company and OpenVPN Connect is a closed source app. 

We have argued before that open source matters less than usual when it comes to custom VPN apps because the VPN provider can see everything you do online anyway. But OpenVPN Connect is a generic app that could, in theory, be used to spy on your internet activity no matter which VPN provider it is configured to use.

The fact that it is developed by the same team which develops the OpenVPN protocol, the most trusted VPN protocol there is, speaks highly in its favor. There is no getting away, however, from the fact that everything we know about the NSA suggests compromising a privacy tool such as OpenVPN Connect could be high on its to-do list.

For non- iOS users we strongly recommend using open source alternatives instead. 

OpenVPN on iOS

Apple’s strict iOS developer guidelines (and licensing restrictions) basically prohibit the use of OpenVPN in iOS. It is for this reason that no custom iOS VPN app we know of uses the OpenVPN protocol. 

Or to put it another way, the only way to use OpenVPN on an iOS device is with OpenVPN Connect. How this app has sidestepped the restrictions which prevent over VPN apps from using OpenVPN we have no idea, but that is the case.

DNS leaks

We detected no IPv4 DNS leaks in on any platform. Our internet connection does not support IPv6 at the present time, so we have not been able to test IPv6 performance. 

OpenVPN Connect supports full Pv6 routing, though, so we would be surprised if it leaked IPv6 addresses in any way. It should be noted that the app includes an option to route VPN connections over IPv4 only. In the very unlikely event you did experience an IPv6 leak or an IPv6 DNS leak, selecting this option this would almost certainly fix the problem. 

WebRTC RTC leaks

In iOS, the fact that Safari, Chrome, and Firefox, do not support WebRTC makes the issue of whether OpenVPN Connect for iOS prevents WebRTC leaks rather moot. 

We did not detect any WebRTC leaks on other platforms, although no app-based protection will ever be as robust as a browser-based solution. 

Ease of Use

You can download the mobile apps direct from the App Store or Play Store, and the Windows and macOS apps from the official OpenVPN website. The apps work with any valid OpenVPN configuration files, or directly with an OpenVPN Access server you have the IP address and login details for. 

If using a VPN service, your provider will supply the needed .ovpn files. 

iOS

Thanks to iOS being iOS, opening a standard OpenVPN profile (.ovpn file) in OpenVPN Connect can be a little more involved than it is on other platforms.

Import profile

Although not immediately obvious, Safari will offer to open downloaded .ovpn files in OpenVPN Connect (once installed). Which makes life easier. 

.ovpn files in openvpn

The app provides some quite pretty connection stats once connected. 

connection stats

OpenVPN Connect plugs-in to iOS’ built-in VPN functionality. Once set up, the default profile can be enabled through the iOS Settings panel “VPN” icon shows in the notification bar which when a VPN connection is active.

Notification bar showing VPN is connected

Other than seamless tunnel, most of the setting options are rather technical, such as the minimum TLS version (up to TLS 1.2) and whether OpenVPN UDP or TCP are used. 

These parameters should already be defined by your VPN provider in its .ovpn configuration files, and are therefore solely for roll-you-own Access Server users.  

Android

The Android app is almost identical to its iOS sibling, except that thanks to Android’s more conventional file system it is easier to import .ovpn configuration files (e.g. from the Download folder or by USB transfer). 

Desktop

Superficial Operating System-based differences aside, the Windows and macOS clients appear to be identical. Unsurprisingly, they closely resemble OpenVPN GUI.

VPN on Mac and Windows desktops

They are simple apps with no features to speak of, but they work just fine.

Final thoughts

If we were Edward Snowden then we would not use a closed source app developed by a US company to protect our privacy. As this is not the case, the convenience and security advantages of being able to use OpenVPN on an iOS device outweigh these concerns. As such, OpenVPN Connect is a good app which does its job well. Which is not surprising since it was developed by OpenVPN Inc. itself!

We would prefer to see a more robust killswitch than seamless tunnel, though. There are no doubt good technical reasons for why there isn’t one, but still. The bottom line for iOS users wanting OpenVPN functionality is that OpenVPN Connect is still the best option.

We can think of no reason, however, why non-Access Server desktop or Android users should choose it over superior open source alternatives. 

Written by: Douglas Crawford

Has worked for almost six years as senior staff writer and resident tech and VPN industry expert at ProPrivacy.com. Widely quoted on issues relating cybersecurity and digital privacy in the UK national press (The Independent & Daily Mail Online) and international technology publications such as Ars Technica.

0 Comments

There are no comments yet.

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.