Reference Manual

Ontrol Panel

NAME

openvpn - interact with the OpenVPN client

openvpns - interact with the OpenVPN Interactive Service  Elevation required

SYNOPSIS

openvpn ['connection' | close | abort | list | status | check] [ifn.gwn]

 

USERS
         
CONNECTIONS
...
DESCRIPTION
Command openvpn 'connection' establishes the specified OpenVPN connection, where connection is either an OpenVPN connection file name or a short connection ID defined in file openvpn.txt in the current directory (usually \NAT32v2).

An established connection is not actually used until a host issues a route vpn command. This feature is called Selective VPN Sharing and allows only specific computers to use a shared connection.

Command openvpn close closes an established connection if no hosts are currently using it.

Command openvpn abort closes an established connection unconditionally.

Command openvpn list prints the connections contained in file openvpn.txt.

Command openvpn status prints status information.

Command openvpn check prints status information for a host that is using a connection.

NOTES
A TAP-WIN32 adapter must be available in order to use OpenVPN. NAT32 should be configured to use 2 Internet interfaces, with the main Internet adapter as the Main interface and the TAP-WIN32 adapter as the Auxiliary interface.

The first line of the openvpn.txt file must contain the full path of the OpenVPN executable file, typically:

C:\Program Files\OpenVPN\bin\openvpn.exe

Subsequent lines contain a short connection ID, followed by the name of the associated .ovpn file.

Example

C:\Program Files\OpenVPN\bin\openvpn.exe
AU ipvanish-AU-Sydney-syd-a05.ovpn
CH ipvanish-CH-Zurich-zrh-c04.ovpn
DE ipvanish-DE-Frankfurt-fra-a05.ovpn
UK ipvanish-UK-London-lon-a05.ovpn
US ipvanish-US-Seattle-sea-a05.ovpn

The .ovpn files are connection-specific OpenVPN configuration files that your VPN Service Provider will have supplied. Be sure to copy those that you need to your C:\Users\name\OpenVPN\config directory. If that directory doesn't exist, simply create it with the Windows Explorer.

Be sure to change the auth-user-pass line in those files to auth-user-pass up.txt or OpenVPN will prompt for a Username and Password before connecting. Authentication is done as described below.

For OpenVPN versions 2.4.x and later, be sure to also remove "tls-remote" lines.

For OpenVPN versions 2.5.x and later, be sure to select the Custom install option and then disable the installation of the WIN-TUN driver.

For authentication, create a file up.txt containing the needed Username in line 1 and Password in line 2. OpenVPN will then be able to connect without requiring additional user input.

The C:\Users\name\OpenVPN\config directory must also contain the .crt certificate file issued by your VPN Service Provider. The file is typically included in the list of .ovpn files.

Because certificates have an expiry date, be sure to update the certifcate file regularly.

Example \Users\name\OpenVPN\config directory

ca.ipvanish.com.crt
ipvanish-AU-Sydney-syd-a05.ovpn
ipvanish-CH-Zurich-zrh-c04.ovpn
ipvanish-DE-Frankfurt-fra-a05.ovpn
ipvanish-UK-London-lon-a05.ovpn
ipvanish-US-Seattle-sea-a05.ovpn
up.txt

Up to 16 connections can be specified in the openvpn.txt file, but note that comments are currently not allowed.

Before starting an OpenVPN connection, be sure that the NAT32 Interface selection algorithm is set to main. Any other value will render the connection inoperable.

Per default, OpenVPN connections are established over the Primary interface via the Main gateway, but a different interface and/or gateway can be specified via the ifn.gwn argument if needed.

An OpenVPN connection can be shared by all computers that are using NAT32 as their Internet gateway. However, after a connection is established, only those computers that issue a route vpn command will actually start using the connnection for Internet access. All computers continue to have unaltered local access.

A route vpn command can also be issued on behalf of another computer. This is used to grant devices that have no browser interface access to the Internet via the OpenVPN connection.

VPN connections are particularly useful for streaming video content from geo-blocked Internet sites for playback on a local media player (such as an Apple TV).

For convenience, the Control Panel can be used to control OpenVPN connection behaviour. The Control Panel has been designed for use on mobile devices and should be customized as needed.

For even more convenience, this User Interface can be used to control OpenVPN connections, select a gateway and set Filters and Blocks.

To use OpenVPN connections when NAT32 is running in User Mode, be sure that the OpenVPN Interactive Service is running. The Windows Service Control Manager can be used to start it.

SEE ALSO
Interface Selection, Control Panel, Default User Interface, DNS Analyser, Route via VPN, Use the VPN