is it okay to replace your VPN provider's openvpn installer w/ openvpn.net's version?

For example, a VPN company will have you install their own modified version of OpenVPN, but what about replacing it with the original installer from Openvpn.net?

Any privacy or security implications from doing this?
Are you less anonymous? Is your vpn encrypted traffic more prone to leaking?

Thanks in advance.

 

It depends. With the current version of XeroBank, you don't lose anything by using stock OpenVPN, and you may gain by using a newer version. However, with such services that use essentially stock OpenVPN, you probably want to secure VPN connections using instructions that XeroBank provides.

For some other services, there may be capabilities in the client that you wouldn't get with stock OpenVPN. For example, the Mullvad client includes an option to block traffic if the VPN connection fails. Using stock OpenVPN, as noted above, you'd need to handle that yourself. And FWIW, I don't like the method that Mullvad uses, but that's another conversation.

OTOH, some services use clients that do potentially annoying things. For example, there's one (which, I forget) that "hides" the TAP adapter in Windows -- in that it doesn't show up in Network Connections. Even worse, after uninstalling the software, TAP adapters created by other VPN services are also hidden. I'm sure that there's a way to fix that, but I never bothered to find it.

 

Hierophant, so basically OpenVPN.net stock should include all the basics & critical components of OpenVPN in terms of VPN and encrypted traffic. Anything that a VPN provider might add would then appear to be "extra features," which can maybe improve privacy.

I am not sure if our methods are any different but I secure my VPN connection using a route delete command:

route delete 0.0.0.0 192.168.1.1

After my OpenVPN connection is disconnected, my applications will not leak my real ip address. (Without this command, my real ip address will leak).

For example, let's say OpenVPN is connected and my VPN ip address is "22.222.22.222" If my vpn connection is disconnected, firefox will leak my real ip address "166.167.166.167". With a route delete command, firefox will not leak my real ip address and simply not connect any longer. (As far as I understand)

Is using route delete command not good enough? Am I missing something?
Is your method any better/more secure?

 

There are various ways of securing openvpn. The problem is not openvpn itself, but the way windows does networking altogether. In a linux system, it is relatively trivial to make openvpn all-or-nothing. In windows, it is less so: no proper network stack or routing tables, adapters can fight for metric 1 (like hamachi), leaks are possible. and it gets worse with leaky protocols added on top.

There are some new methods we are working on that should work much better, and when we release Safehouse, it will also act as a free and leakproof vpn client that you can use with any OpenVPN connection on any provider.

 

There should not be a problem doing this as long as you have the VPN digital certificates, few VPN providers support Linux and Linux users end up doing exactly what you suggested, they take the digital certificates and use it with plain vanilla Openvpn.

None that I can think of.

IMO, it is the same security or even higher, but not less, you will just be losing any extra features your VPN proprietary client has, i.e. VPN updates, bandwidth/speed details, etc.

 

You don't have to install any program from any particular VPN, you just need to ask them to provide you with the configuration files so you can use them with OpenVPN.

OpenVPN is the standard and the problems are mainly outside of OpenVPN with IP and DNS leaks...

hierophant the OPs question was general in nature as it relates to any VPN, yet you specifically reply starting out talking about Xerobanks...

Please stay on topic as this doesn't relate to an particular company...


CHEERS

 

Wilders is the unofficial Xerobank forum now?

 

Nope. (But I do understand why you posted this question...)

For those who wonder;

link