Back to Commands

openvpn

networkLinux/Unix/Windows
The openvpn command is one of the most frequently used commands in Linux/Unix-like operating systems. openvpn Secure Virtual Private Network daemon
See ExamplesView Syntax

Quick Reference

Command Name:

openvpn

Category:

network

Platform:

Linux/Unix/Windows

Basic Usage:

openvpn [options] [arguments]

Common Use Cases

    Syntax

    openvpn [options] [config_file]

    Options

    Option Description
    --config file Load configuration options from file
    --daemon [name] Run as daemon after initialization
    --cd dir Change directory to dir before reading files
    --remote host [port] [proto] Remote host name or IP address
    --dev device TUN/TAP device (tun0, tun1, etc.)
    --proto protocol Use protocol (udp, tcp-client, tcp-server)
    --port port TCP/UDP port number
    --auth-user-pass [file] Authenticate using username/password from file or prompt
    --ca file Certificate authority file
    --cert file Local certificate file
    --key file Local private key file
    --cipher algorithm Specify cipher algorithm (e.g., AES-256-CBC)
    --compress [algorithm] Enable compression
    --ifconfig l rn Set TUN/TAP adapter parameters
    --verb level Set output verbosity (0-11, default=1)
    --status file [n] Write status to file, updated every n seconds
    --log file Output log to file
    --route network [netmask] [gateway] [metric] Add route to routing table after connection
    --redirect-gateway [flags] Automatically execute routing commands to redirect all traffic through VPN
    --server network netmask Configure server mode
    --client Configure client mode
    --mktun Create a TUN/TAP device
    --rmtun Remove a TUN/TAP device
    --genkey secret file Generate a random key to file
    --secret file [direction] Enable static key encryption mode
    --ping n Ping remote every n seconds
    --ping-restart n Restart after n seconds pass without reception of a ping
    --persist-key Don't re-read key files on restart
    --persist-tun Don't close/reopen TUN/TAP device on restart

    Examples

    How to Use These Examples

    The examples below show common ways to use the openvpn command. Try them in your terminal to see the results. You can copy any example by clicking on the code block.

    # Basic Examples Basic
    sudo openvpn --config client.ovpn
    Connect using a client configuration file.
    sudo openvpn --daemon --config server.ovpn
    Start OpenVPN server as a daemon.
    # Advanced Examples Advanced
    sudo openvpn --config client.ovpn --auth-user-pass credentials.txt Connect with a configuration file and supply credentials from a file. sudo openvpn --remote vpn.example.com 1194 udp --dev tun --ca ca.crt --cert client.crt --key client.key Connect to a VPN server with command line options instead of a config file. sudo openvpn --config client.ovpn --verb 4 Connect with increased verbosity for troubleshooting. sudo openvpn --genkey secret static.key Generate a static key for use with static key encryption. sudo openvpn --config server.ovpn --status /var/log/openvpn-status.log 60 Run server with status log updated every 60 seconds. sudo openvpn --config client.ovpn --route-up "/bin/echo Established connection" Run a command when the VPN connection is established. sudo openvpn --mktun --dev tun0 Create a TUN interface without starting OpenVPN. sudo openvpn --config client.ovpn --redirect-gateway def1 Redirect all traffic through the VPN.

    Try It Yourself

    Practice makes perfect! The best way to learn is by trying these examples on your own system with real files.

    Understanding Syntax

    Pay attention to the syntax coloring: commands, options, and file paths are highlighted differently.

    Notes

    OpenVPN is a robust and highly flexible VPN (Virtual Private Network) daemon that uses the OpenSSL library to provide secure point-to-point or site-to-site connections. It implements OSI layer 2 or 3 secure network extension using the industry-standard SSL/TLS protocol, supports flexible client authentication methods based on certificates, usernames, and passwords, and allows for the creation of secure encrypted tunnels between machines. As one of the most popular open-source VPN solutions, OpenVPN strikes a balance between security, performance, and complexity, making it suitable for a wide range of use cases from personal privacy protection to enterprise-level secure networking. It's available for multiple operating systems including Linux, Windows, macOS, FreeBSD, OpenBSD, Solaris, and platforms like Android and iOS. Key features of the OpenVPN command: 1. Strong Security: OpenVPN uses OpenSSL for encryption, providing access to all the ciphers available in the OpenSSL package. It supports a variety of security protocols and can use either pre-shared keys or SSL/TLS certificates for authentication. 2. Tunneling Flexibility: It can tunnel over UDP or TCP, create layer 2 or layer 3 VPNs, and can be configured to use either TUN (network layer) or TAP (data link layer) virtual network interfaces. 3. Dynamic IP Assignment: OpenVPN can assign internal IP addresses to clients and supports pushing route configurations to clients to enable split tunneling or full tunneling configurations. 4. High Configurability: The software offers extensive configuration options through command-line parameters or configuration files, allowing precise control over almost every aspect of the connection. 5. Firewall Traversal: OpenVPN is designed to work through NAT (Network Address Translation) and can often operate through restrictive firewalls with minimal configuration. 6. High Performance: The lightweight protocol and efficient implementation allow for good performance even on low-power devices or over high-latency connections. 7. Reliability Features: OpenVPN includes features like connection monitoring, automatic reconnection, and a control channel that maintains the tunnel even when no data is being transmitted. Common use cases for OpenVPN include: - Securing internet connections when using public Wi-Fi - Accessing geographically restricted content by connecting through servers in different locations - Creating secure connections to corporate networks for remote workers - Establishing site-to-site VPNs between different office locations - Protecting privacy by encrypting internet traffic and hiding IP addresses - Creating virtual networks for distributed teams or services - Securing IoT device communications While OpenVPN is powerful and flexible, it does require proper configuration to ensure security. This typically involves generating and managing certificates, setting up appropriate encryption, and configuring network routing correctly. The configuration process can be complex for newcomers, but many user-friendly front-ends and management tools have been developed to simplify OpenVPN deployment. OpenVPN's popularity stems from its security model, which has been extensively reviewed by security professionals, its open-source nature allowing for community verification and improvement, and its ability to work reliably in challenging network environments where other VPN technologies might fail.

    Related Commands

    These commands are frequently used alongside openvpn or serve similar purposes:

    vpn
    wireguard
    ipsec
    ssl
    tls
    stunnel
    ssh
    route
    Explore All Commands

    Use Cases

    Learn By Doing

    The best way to learn Linux commands is by practicing. Try out these examples in your terminal to build muscle memory and understand how the openvpn command works in different scenarios.

    See ExamplesTry Lab Exercises
    $ openvpn
    View All Commands