OpenVPN2 vs OpenVPN3: What's the Difference, and How Does OpenVPN Inc. Fit In?

If you've spent any time in VPN documentation, you've probably seen "OpenVPN2" and "OpenVPN3" used interchangeably — or confused entirely with OpenVPN Inc., the company. Although at their core, they are all part of the OpenVPN ecosystem, they’re not the same, and the distinction is an important one. This article breaks down what each implementation actually is, how they differ architecturally, and where OpenVPN Inc. fits into the picture.

What is the OpenVPN protocol?

The OpenVPN protocol is an open-source VPN tunneling standard maintained and owned by the open-source community with stewardship from OpenVPN Inc. The open-source version of OpenVPN isn't a product or a company. "OpenVPN2" and "OpenVPN3" refer to two distinct software implementations of that same protocol, not sequential version numbers of a single application.

According to the OpenVPN Protocol Specification and Reference Implementation on GitHub, OpenVPN 2.x has been maintained since 2002 under GPL-2.0. The OpenVPN 3 C++ library rewrite is wire-compatible with OpenVPN 2.x. That compatibility point means that both implementations speak the same protocol language.

Good to Know: The OpenVPN ecosystem has distinct layers: The OpenVPN 2.x implementation defines the protocol by its implementation rather than having a documented standard that is implemented by both 2.x and 3.x, and OpenVPN Inc., the commercial company that stewards the protocol and builds enterprise products on top of it. For a broader look at how VPN protocols define data encryption and transmission, our protocol overview covers OpenVPN alongside WireGuard, IKEv2/IPSec, and others.

What is OpenVPN2 (OpenVPN 2.x)?

OpenVPN 2.x is the original, battle-tested open-source daemon implementation of the OpenVPN protocol. OpenVPN 2.x typically requires root or sudo access. It is the codebase most people mean when they say "OpenVPN," and it forms the foundation of the OpenVPN Community Edition open-source project.

OpenVPN2 is actively maintained, not a legacy artifact. For example, the OpenVPN 2.6 release introduced significant protocol advancements, including Data Channel Offload (DCO) for Linux, FreeBSD, and Windows, OpenSSL 3.0 support, and AEAD-only cipher defaults.

What Is OpenVPN3 (OpenVPN 3 Core Library)?

OpenVPN3 is a complete rewrite of the OpenVPN protocol implementation as a modern C++ class library. It is not an upgrade to OpenVPN2; it is a parallel codebase built for a different purpose.

Three architectural differences separate OpenVPN3 from OpenVPN2:

• Client-only: OpenVPN3 has no server mode, except where used in CloudConnexa (not open source) .
• Designed for rootless operation, with privilege separation handled by platform-specific components.
• OpenVPN 3 is distributed under GNU Affero General Public License version 3 or Mozilla Public License Version 2.0.

OpenVPN3 is the engine powering OpenVPN Connect on Windows, macOS, iOS, and Android, as well as the OpenVPN 3 Linux client (openvpn3-linux).

How Do OpenVPN2 and OpenVPN3 Actually Differ?

OpenVPN2 and OpenVPN3 implement the same underlying protocol but serve different architectural roles. The table below captures the core differences:

OpenVPN3 was built to be a clean, embeddable, security-hardened client library. It was not designed to replace OpenVPN2; it was created to address the incompatibility between GPL2 and the app store.

Both codebases remain actively maintained for their respective purposes.

Is OpenVPN a Company or a Protocol? Understanding OpenVPN Inc.

OpenVPN is simultaneously an open-source protocol, two open-source software implementations, and a commercial company. OpenVPN Inc. was founded by James Yonan and Francis Dinha, growing from the original open-source project into a cybersecurity company now serving 20,000+ organizations. See OpenVPN Inc.'s history since 2001 for the full timeline.

The protocol is open-source and not proprietary to a single vendor, though OpenVPN Inc. plays a key stewardship role in its development. The OpenVPN protocol is open-source and freely available. OpenVPN Inc. stewards the protocol's development and builds commercial products on top of it.

You can learn more about the community editions in the Community Wiki.

How Does OpenVPN Inc. Build on the OpenVPN Protocol?

OpenVPN Inc.'s commercial products are built directly on the open-source protocol foundations established by OpenVPN2 and OpenVPN3. Access Server runs on the OpenVPN 2.x daemon with an enterprise management layer on top. OpenVPN Connect is powered by the OpenVPN3 C++ library. CloudConnexa delivers the same protocol as a managed cloud service.

The commercial layer adds enterprise-grade capabilities that the open-source implementations do not include by default: a web-based admin UI, user authentication integrations, certificate management, and Data Channel Offload (DCO) optimized for kernel-level throughput improvements in multi-threaded operation.

OpenVPN Inc. has achieved SOC 2 Type 2 certification, as defined under the AICPA Trust Services Criteria, demonstrating that the commercial layer meets rigorous security and availability controls. Additionally, OpenVPN is trusted by 20,000+ organizations and Access Server is rated #1 Business VPN on G2 based on 400+ customer reviews. OpenVPN Inc's platforms, including OpenVPN Connect, are developed within SOC 2 Type 2-certified environments. OpenVPN Inc.'s products inherit 20+ years of protocol hardening and community testing built into the open-source foundation.

Ready to put that protocol strength to work for your team? Access Server and CloudConnexa are both built on the same open-source protocol foundation — with enterprise access controls, dashboards, and support included. Get started today with 2 free connections on Access Server.

Which OpenVPN Implementation Is Right for You?

The right OpenVPN implementation depends on your role:

• End users connecting to a VPN server on Linux, Windows, macOS, iOS, or Android should use the OpenVPN3-powered OpenVPN Connect client. It operates rootless and handles profile management cleanly across platforms.
• IT teams and businesses that need managed VPN infrastructure should evaluate Access Server (self-hosted) or CloudConnexa (cloud-delivered). Both extend the open-source protocol with enterprise access controls and dedicated support.

For a structured comparison, see which OpenVPN product fits your use case and the OpenVPN Community Edition vs. Access Server comparison page.