1 65535 1194 1 10 604800 1 10 1 65535 1500 1 10 65535 1300 1 10 65535 1 10 1 65535 128 1 10 1 65535 30 1 10 1 65535 30 1 10 100000000 100 1 10 None TLS-Auth TLS-Crypt No Maybe Yes Not required False 5 OpenVPN Advanced Options center-on-parent True stock-preferences dialog True True False vertical 2 True False end gtk-cancel False True True False True False False 0 gtk-ok False True True False True False False 1 False True end 0 True True True False 12 vertical 6 True False 6 Use custom gateway p_ort: False True True False TCP/UDP port number for peer. (Default value when there is no port for gateway). config: port True 0.5 True False True 0 True True TCP/UDP port number for peer. (Default value when there is no port for gateway). config: port adjustment1 1 True False False 1 False True 0 True False 6 Use custom _renegotiation interval: False True True False Renegotiate data channel key after the specified number of seconds. config: reneg-sec True 0.5 True False True 0 True True Renegotiate data channel key after the specified number of seconds. config: reneg-sec adjustment2 1 True False False 1 False True 1 True False 6 Use L_ZO data compression False True True False Use fast LZO compression. config: comp-lzo True 0 True False True 0 True True Select the LZO data compression mode. config: comp-lzo model4 0 False False 1 False True 2 Use a _TCP connection False True True False Use TCP for communicating with remote host. (This is a default setting only used when no protocol is specified for the gateway.) config: proto tcp-client | udp True 0 True False True 3 True False 6 Set virtual _device type: False True True False Explicitly set virtual device type and name (TUN/TAP). True 0.5 True False True 0 True True Explicitly set virtual device type (TUN/TAP). config: dev-type tun | tap model4 0 False False 1 True False and _name: True dev_entry 0 False False 2 True True Use custom name for TUN/TAP virtual device (instead of default “tun” or “tap”). config: dev <name> 15 False False 3 False True 4 True False 6 Use custom tunnel Maximum Transmission _Unit (MTU): False True True False Take the TUN device MTU to be the specified value and derive the link MTU from it. config: tun-mtu True 0.5 True False True 0 True True Take the TUN device MTU to be the specified value and derive the link MTU from it. config: tun-mtu adjustment3 1 True False False 1 False True 5 True False 6 Use custom UDP _fragment size: False True True False Enable internal datagram fragmentation with this maximum size. config: fragment True 0.5 True False True 0 True True Enable internal datagram fragmentation with this maximum size. config: fragment adjustment4 1 True False False 1 False True 6 Restrict tunnel TCP Maximum _Segment Size (MSS) False True True False Restrict tunnel TCP MSS. config: mssfix True 0 True False True 7 Rando_mize remote hosts False True True False Randomize the order of gateways list (remote) as a kind of basic load-balancing measure. config: remote-random True 0 True False True 8 IPv6 tun link False True True False Build a tun link capable of forwarding IPv6 traffic config: tun-ipv6 True 0 True False True 9 True False 6 Specify _exit or restart ping: False True True False Exit or restart after n seconds pass without reception of a ping or other packet from remote. config: ping-exit | ping-restart <n> True 0.5 True False True 0 True True Exit or restart after n seconds pass without reception of a ping or other packet from remote. config: ping-exit | ping-restart <n> model8 0 False False 1 True True Exit or restart after n seconds pass without reception of a ping or other packet from remote. config: ping-exit | ping-restart <n> adjustment8 1 True False False 2 False True 10 True False 6 Specify pin_g interval: False True True False Ping remote over the TCP/UDP control channel if no packets have been sent for at least n seconds. config: ping <n> True 0.5 True False True 0 True True Ping remote over the TCP/UDP control channel if no packets have been sent for at least n seconds. config: ping <n> adjustment7 1 True False False 1 False True 10 Accept authenticated packets from any address (F_loat) False True True False Allow remote peer to change its IP address and/or port number, such as due to DHCP (this is the default if --remote is not used). --float when specified with --remote allows an OpenVPN session to initially connect to a peer at a known address, however if packets arrive from a new address and pass all authentication tests, the new address will take control of the session. This is useful when you are connecting to a peer which holds a dynamic address such as a dial-in user or DHCP client. Essentially, --float tells OpenVPN to accept authenticated packets from any address, not only the address which was specified in the --remote option. config: float True 0 True False True 11 True False 6 Specify max routes: False True True False Specify the maximum number of routes the server is allowed to specify. config: max-routes <n> True 0.5 True False True 0 True True Specify the maximum number of routes the server is allowed to specify. config: max-routes <n> adjustment9 1 True False False 1 False True 12 True False General False True False 0 0 0 0 12 12 12 12 True False 12 12 True False Encrypt packets with cipher algorithm. The default is BF-CBC (Blowfish in Cipher Block Chaining mode). config: cipher model3 0 1 0 Use custom _size of cipher key: False True True False Set cipher key size to a custom value. If unspecified, it defaults to cipher-specific size. config: keysize <n> True 0.5 True 0 1 True True Set cipher key size to a custom value. If unspecified, it defaults to cipher-specific size. config: keysize <n> adjustment6 1 True 1 1 True False Authenticate packets with HMAC using message digest algorithm. The default is SHA1. config: auth model4 0 1 2 True False Ci_pher: True right cipher_combo 1 0 0 True False _HMAC Authentication: True right hmacauth_combo 1 0 2 1 True False Security 1 False True False 12 12 12 12 True False vertical 12 True False start True 6 12 True False _Subject Match: True tls_remote_entry 1 0 1 True True Subject or Common Name to verify server certificate information against. config: verify-x509-name subject-or-name [mode] config (legacy mode): tls-remote subject-or-name True 1 1 True False Server _Certificate Check: True tls_remote_mode_combo 1 0 0 True False Verify server certificate identification. When enabled, connection will only succeed if the server certificate matches some expected properties. Matching can either apply to the whole certificate subject (all the fields), or just the Common Name (CN field). The legacy option tls-remote is deprecated and removed from OpenVPN 2.4 and newer. Do not use it anymore. config: verify-x509-name subject-or-name [mode] config (legacy mode): tls-remote subject-or-name True model9 0 1 0 True True 0 True False start 3 12 _Verify peer (server) certificate usage signature False True True False Require that peer certificate was signed with an explicit key usage and extended key usage based on RFC3280 TLS rules. True 0 True 0 0 2 True False _Remote peer certificate TLS type: True remote_cert_tls_combo 0 0 1 True False Require that peer certificate was signed with an explicit key usage and extended key usage based on RFC3280 TLS rules. config: remote-cert-tls client|server model7 0 1 1 True True 6 1 True False start 3 12 _Verify peer (server) certificate nsCertType designation False True True False Require that peer certificate was signed with an explicit nsCertType designation. baseline start True 0 True 0 0 2 True False _Remote peer certificate nsCert designation: True remote_cert_tls_combo 0 0 1 True False Require that peer certificate was signed with an explicit nsCertType designation. config: ns-cert-type client|server model7 0 1 1 True True 6 2 True False 6 12 True False start 24 True 6 12 True False Key _Direction: True direction_combo 1 0 2 True False Add an additional layer of HMAC authentication on top of the TLS control channel to protect against DoS attacks. config: tls-auth <file> [direction] True 1 1 True False Direction parameter for static key mode. If key direction is used, it must be the opposite of that used on the VPN peer. For example, if the peer uses “1”, this connection must use “0”. If you are unsure what value to use, contact your system administrator. config: tls-auth <file> [direction] model5 0 1 2 True False Key _File: True tls_auth_chooser 1 0 1 True False Mode 0 0 True False Add an additional layer of encryption or HMAC authentication. model10 0 0 0 1 0 0 1 True False Add an additional layer of encryption or HMAC authentication. start start Additional TLS authentication or encryption 0 0 True True 3 2 True False TLS Authentication 2 False True False 0 0 0 12 12 12 12 True False 6 12 True False Proxy type: HTTP or Socks. config: http-proxy or socks-proxy model6 on 0 1 0 True False Proxy _Type: True right proxy_type_combo 1 0 0 True False start <i>Select this option if your organization requires the use of a proxy server to access the Internet.</i> True True 35 0 1 1 True False Server _Address: True proxy_server_entry 1 0 2 True False 0 0 0 True False True True Connect to remote host through a proxy with this address. config: http-proxy or socks-proxy True True 0 True False _Port: True right proxy_port_spinbutton 1 True True 6 1 True True Connect to remote host through a proxy with this port. config: http-proxy or socks-proxy 5 adjustment5 1 True True True 2 1 2 _Retry indefinitely when errors occur False True True False Retry indefinitely on proxy errors. It simulates a SIGUSR1 reset. config: http-proxy-retry or socks-proxy-retry True 0 True 1 3 True False Proxy _Username: True right proxy_username_entry 1 0 4 True False Proxy Passwor_d: True right proxy_password_entry 1 0 5 True True HTTP/Socks proxy username passed to OpenVPN when prompted for it. 1 4 True True HTTP/Socks proxy password passed to OpenVPN when prompted for it. False 1 5 _Show password False True True False True 0.5 True 1 6 3 True False Proxies 3 False True False 12 vertical 6 True False 6 Path mtu discovery True True False True False True 1 True False model11 0 0 0 False True 2 False True 0 4 True False Misc 4 False False False 1 cancel_button ok_button 500 400 True False 12 vertical 16 True True never in True False True False vertical True False vertical 5 True False Interface 0 False True 0 True False True False Address (IPv4): 15 15 False False 0 True True True True 1 False True 1 True False True False Address (IPv6): 15 15 False False 0 True True True True 1 False True 2 True False True False Listen Port: 15 15 False False 0 True True True True 1 False True 3 True False True False Private Key: 15 15 False False 0 True True True True 1 False True 4 True False True False DNS: 15 15 False False 0 True True True True 1 False True 6 True False True False MTU: 15 15 False False 0 True True True True 1 False True 7 True False True False Pre Up: 15 15 False False 0 True True True True 1 False True 8 True False True False Post Up: 15 15 False False 0 True True True True 1 False True 9 True False True False Pre Down: 15 15 False False 0 True True True True 1 False True 10 True False True False Post Down: 15 15 False False 0 True True True True 1 False True 11 False True 0 True False vertical 5 True False Peer 0 False True 0 True False True False Public Key: 15 15 False False 0 True True True True 1 False True 1 True False True False Allowed IPs: 15 15 False False 0 True True True True 1 False True 2 True False True False Endpoint: 15 15 False False 0 True True True True 1 False True 3 True False True False Preshared Key: 15 15 False False 0 True True True True 1 False True 4 False True 1 True True 0