There are many benefits when using a VPN, like
- the availability of devices connected via GPRS ("provider firewall")
- the communication costs can be reduced, because Internet connections are usually more reasonable than direct connections ("around the world for local rate")
- the confidentiality of the data is ensured: protection against manipulation, recording, eavesdrop, etc.
- the additional authentication of VPN participants generates new administrative and logistic options
- reduction of latency times when starting a data connection
Moreover, there are particular benefits of OpenVPN:
- The flexibility, simplicity, and robustness of OpenVPN is perfectly suitable for arranging the various different connection scenarios of machines and their remote maintenance.
- In contrast to other VPN implementations, OpenVPN is not based on proprietary protocols and can therefore create connections in constellations, which would overburden other implementations.
As for every coin, there are also two sides when using VPN. One such disadvantage is that it is necessary to deal with an additional technology. Another disadvantage of VPN is, that additional data traffic is generated. This may result unexpected and hard to calculate cost for M2M communication. GPRS, EDGE and UMTS are not charged according to connection time, but transferred data volume (traffic) – in contrast to other services. The overhead of OpenVPN shall be considered and estimated in the following.
Functionality of OpenVPN
OpenVPN generates a virtual network as the client sets-up a data connection to the server and maintains this connection. The actual data packets are sent through this connection (also referred to as tunnel). So, the original data packets must be embedded in the packets, which represent the tunnel. This means that more information is transferred at all – an additional overhead is generated.
Considering the overhead
This overhead is to be quantified differently from case to case. Among other things, it depends of:
- how the VPN is configured, and
- which data is transferred.
OpenVPN can tunnel data on level 2 (bridging) or level 3 (routing): When bridging, the data to be tunnelled is packed into new Ethernet packets, when routing into new IP packets. Therefore, bridging leads to less overhead, because a bit less information has to be transferred for the new Ethernet packets than for the new IP packets when routing.
Thus, bridging seems to be very attractive first, especially because it results the simple enlargement of the network as additional benefit. However, bridging cannot be used in reality from the network planning view, because the administrative effort in the central network for considering the participants of the extended network increases. Therefore, routing is the preferred variant in most cases.
Again, tunnels created with the aid of UDP packets create less overhead then tunnels with TCP packets. A UDP connection is preferred by default. This is not only founded in less overhead, but also by less latency times for a UDP tunnel in contrast to a TCP tunnel. OpenVPN must take care that the packets are unpacked and assembled correctly at the remote terminal again for both tunnel types. An unnecessary redundancy occurs with this for TCP, which is already connection-protected.
- TCP tunnels should only be used, if UDP tunnels cannot be realised due to other reasons, like firewall settings.
Data encryption before transmission
OpenVPN allows to encrypt the data to be tunnelled before transmission, which provides additional protection. This results in additional overhead. This is an example for the overhead resulted by an encrypted UDP tunnel with default setting: