OpenVPN Protocol (OpenVPN)

With OpenVPN, you can tunnel any IP subnetwork or virtual ethernet adapter over a single UDP or TCP port. It uses all of the encryption, authentication, and certification features of the OpenSSL library to protect your private network traffic as it transits the internet.

OpenVPN has two authentication modes:

For TLS authentication OpenVPN uses a custom security protocol which is described here on this WIKI page. This protocol provides the SSL/TLS connection with a reliable transport layer (as it is designed to operate over). It's second job is to multiplex the SSL/TLS session used for authentication and key exchange with the actual encrypted tunnel data stream.

SSL/TLS -> Reliability Layer -> \
           --tls-auth HMAC       \
                                   > Multiplexer ----> UDP
                                  /                    Transport
IP        Encrypt and HMAC       /
Tunnel -> using OpenSSL EVP --> /
Packets   interface.


I couldn't find any historical information about this protocol.

Protocol dependencies

Example traffic



The OpenVPN dissector is fully functional and included with Wireshark as of version 1.10.0.

Preference Settings


Example capture file

Display Filter

A complete list of OpenVPN display filter fields can be found in the display filter reference

Show only the OpenVPN based traffic:


Capture Filter

You cannot directly filter OpenVPN protocols while capturing. However, if you know the UDP or TCP port used (see above), you can filter on that one.

Capture only the openvpn traffic over the default port (1194):

 udp port 1194 


 tcp port 1194 

External links


Imported from on 2020-08-11 23:17:42 UTC