OpenVPN and IPsec enable the data transfer of telecontrol protocols via secure communication lines, so-called VPN tunnels. Even if the public network is used for the data transfer, the methods ensure the confidentiality, integrity and authenticity of the data and prevent data access by unauthorized participants. The two key aspects are a secure encryption of the user data using approved cryptographic encryption algorithms and the reliable identification of the communication partner.
IPsec is a standardized add-on of the internet protocol and thus an integral part of the operating system.
OpenVPN, however, is an open source VPN implementation. The OpenVPN application runs independently of the operating system and works between the transport and application layer.
Both approaches have their advantages and disadvantages.
IPsec currently provides maximum safety, but requires an increased configuration effort and offers a low bandwidth for user data. Security experts criticize above all the high complexity and thus the error rate. The penetration rate of well-known producers and the definition by standards are beneficial.
OpenVPN is a relatively new VPN solution which is becoming increasingly accepted because of the high flexibility, simple configuration and the use of established security protocols (e.g. TLS).
IPsec and OpenVPN provide different mechanisms for authentication.
ipConv supports the following authentication mechanisms:
The remote station must offer a VPN connection with IPsec or OpenVPN and needs to support the requested VPN configuration.
When using digital certificates, an X.509 certificate with its related private key as well as the X.509 certificates of the root respectively the intermediate certification authorities of the PKI environment are required for each VPN endpoint. These PKI data should be loaded on to the system before VPN configuration is done.