Contact Us

Showing results for 
Search instead for 
Did you mean: 
Community Manager
Community Manager

What are the differences between OpenVPN and IPsec Tunnel?

SAP IoT Connect 365 provides two VPN options to protect the communication between your devices and your application server.


Option 1 - OpenVPN

OpenVPN is an open-source software that utilises the SSL/TLS security protocol. It has strong features and is known for its ease of implementation. It allows customers to authenticate each other using a pre-shared key.


OpenVPN works in a client-server mode, meaning OpenVPN users connect to the OpenVPN server and from there have full access to the internet. SAP IoT Connect 365 recommend using OpenVPN for most use cases, ranging from start-ups through to medium-sized businesses who require a high level of security, but are comfortable with the flexibility of open source software. Users of OpenVPN can have either dynamic or static IP addresses, and the software is increasingly becoming available on most operating systems.


Option 2 - IPSec Tunnel

Internet Protocol Security (IPSec) sets up a tunnel from a remote device to a central business server. It is designed specifically for internet traffic and ensures private, secure communication over the public internet by cryptographic security services.


IPSec is recommended for large, global enterprises, especially when multiple peers and security layers are used. IPSec requires a static IP address, and technical resources to be implemented. The other strong use case for IPsec Tunnel exists when dealing with data of a very sensitive nature such as the transfer of personal identification information.


Due to the significantly more technical set-up requirements for this option, SAP IoT Connect 365 will charge to implement and maintain IPSec Tunnel implementations. Consult your SAP Sales Advisor for details.


Differences between OpenVPN and IPsec Tunnel


• Very good level of security (medium - high)
• Recommended for start-up and medium size businesses
• Open source Software
• Easy to set up
• Available for most operational systems
• Dynamic/static public IP addresses
• No implementation costs.


IPsec Tunnel

• Highest security level VPN
• Recommended for large enterprises
• Use for sending highly sensitive data
• Requires an implementation team (one person per end)
• Requires IPsec capable router or software solution
• Use a static public IP address
• Implementation costs will be incurred – consult your SAP Sales Adviser for details.


VPN Use Cases

Using either of the VPN options with the SAP IoT Connect 365 solution, allows you to:

  • Perform connectivity tests (ping)
  • Access a specific device and remotely change configuration parameters (SSH/telnet)
  • Secure data transmission
  • Download firmware update file.



Shahzad Ismail
Community Manager – SAP Digital Interconnect
0 Kudos