OpenVPN configuration file

Learn how to compose an .ovpn file from the UserAPI responses

This article is valid for OpenVPN 2.4

To compose a valid .ovpn file, you should make a call to the UserAPI and use several field values from the response. Specifically: GET /user/provide

Please make sure to use a proper "protocol" parameter value (the one you actually are going to use for the VPN connection)

Minimal requirements

client
dev tun
proto tcp-client
remote 0.0.0.0 443
auth-user-pass passfile.txt
<ca>
</ca>

Option	Values	Description
client	client server	Defines that we want to configure an OpenVPN client, not a server
dev	tun tap	Defines virtual device we are going to use (tun devices encapsulate IPv4 or IPv6 (OSI Layer 3) while tap devices encapsulate Ethernet 802.3 (OSI Layer 2)
proto	tcp-client tcp-server udp	Defines a network protocol to use
remote	IP server-name	Defines a server address and a port to connect. The value for this option should be taken from the servers.address and server.port fields of the API response.
auth-user-pass	-	Should have a file name as a value. The file itself should contain the username and the password in that exact order, on separate lines. The actual values should be taken from the respective API response fields. If the file is omitted, username/password are going to be prompted from the console.
<ca></ca>	-	Should include a security certificate from the API response field openvpn-tcp / openvpn-udp

According to the OpenVPN man page, it is impossible to inline username and password directly in the configuration file

Additional options can be used for fine-tuning:

• tun-mtu,

• tun-mtu-extra,

• ping,

• cipher,

• auth

More information on those and other options can be found in the official OpenVPN documentation.