False5OpenVPN Advanced Optionscenter-on-parentTruestock-preferencesdialogTrueTrueFalsevertical2TrueFalseendgtk-cancelFalseTrueTrueFalseTrueFalseFalse0gtk-okFalseTrueTrueFalseTrueFalseFalse1FalseTrueend0TrueTrueTrueFalse12vertical6TrueFalse6Use custom gateway p_ort:FalseTrueTrueFalseTCP/UDP port number for peer. (Default value when there is no port for gateway).
config: portTrue0.5TrueFalseTrue0TrueTrueTCP/UDP port number for peer. (Default value when there is no port for gateway).
config: portadjustment11TrueFalseFalse1FalseTrue0TrueFalse6Use custom _renegotiation interval:FalseTrueTrueFalseRenegotiate data channel key after the specified number of seconds.
config: reneg-secTrue0.5TrueFalseTrue0TrueTrueRenegotiate data channel key after the specified number of seconds.
config: reneg-secadjustment21TrueFalseFalse1FalseTrue1TrueFalse6Use L_ZO data compressionFalseTrueTrueFalseUse fast LZO compression.
config: comp-lzoTrue0TrueFalseTrue0TrueTrueSelect the LZO data compression mode.
config: comp-lzomodel40FalseFalse1FalseTrue2Use a _TCP connectionFalseTrueTrueFalseUse TCP for communicating with remote host.
(This is a default setting only used when no protocol is specified for the gateway.)
config: proto tcp-client | udpTrue0TrueFalseTrue3TrueFalse6Set virtual _device type:FalseTrueTrueFalseExplicitly set virtual device type and name (TUN/TAP).True0.5TrueFalseTrue0TrueTrueExplicitly set virtual device type (TUN/TAP).
config: dev-type tun | tapmodel40FalseFalse1TrueFalse and _name:Truedev_entry0FalseFalse2TrueTrueUse custom name for TUN/TAP virtual device (instead of default “tun” or “tap”).
config: dev <name>15FalseFalse3FalseTrue4TrueFalse6Use custom tunnel Maximum Transmission _Unit (MTU):FalseTrueTrueFalseTake the TUN device MTU to be the specified value and derive the link MTU from it.
config: tun-mtuTrue0.5TrueFalseTrue0TrueTrueTake the TUN device MTU to be the specified value and derive the link MTU from it.
config: tun-mtuadjustment31TrueFalseFalse1FalseTrue5TrueFalse6Use custom UDP _fragment size:FalseTrueTrueFalseEnable internal datagram fragmentation with this maximum size.
config: fragmentTrue0.5TrueFalseTrue0TrueTrueEnable internal datagram fragmentation with this maximum size.
config: fragmentadjustment41TrueFalseFalse1FalseTrue6Restrict tunnel TCP Maximum _Segment Size (MSS)FalseTrueTrueFalseRestrict tunnel TCP MSS.
config: mssfixTrue0TrueFalseTrue7Rando_mize remote hostsFalseTrueTrueFalseRandomize the order of gateways list (remote) as a kind of basic load-balancing measure.
config: remote-randomTrue0TrueFalseTrue8IPv6 tun linkFalseTrueTrueFalseBuild a tun link capable of forwarding IPv6 traffic
config: tun-ipv6True0TrueFalseTrue9TrueFalse6Specify pin_g interval:FalseTrueTrueFalsePing remote over the TCP/UDP control channel if no packets have been sent for at least n seconds.
config: ping <n>True0.5TrueFalseTrue0TrueTruePing remote over the TCP/UDP control channel if no packets have been sent for at least n seconds.
config: ping <n>adjustment71TrueFalseFalse1FalseTrue10TrueFalse6Specify _exit or restart ping:FalseTrueTrueFalseExit or restart after n seconds pass without reception of a ping or other packet from remote.
config: ping-exit | ping-restart <n>True0.5TrueFalseTrue0TrueTrueExit or restart after n seconds pass without reception of a ping or other packet from remote.
config: ping-exit | ping-restart <n>model80FalseFalse1TrueTrueExit or restart after n seconds pass without reception of a ping or other packet from remote.
config: ping-exit | ping-restart <n>adjustment81TrueFalseFalse2FalseTrue10Accept authenticated packets from any address (F_loat)FalseTrueTrueFalseAllow remote peer to change its IP address and/or port number, such as due to DHCP (this is the default if --remote is not used). --float when specified with --remote allows an OpenVPN session to initially connect to a peer at a known address, however if packets arrive from a new address and pass all authentication tests, the new address will take control of the session. This is useful when you are connecting to a peer which holds a dynamic address such as a dial-in user or DHCP client.
Essentially, --float tells OpenVPN to accept authenticated packets from any address, not only the address which was specified in the --remote option.
config: floatTrue0TrueFalseTrue11TrueFalse6Specify max routes:FalseTrueTrueFalseSpecify the maximum number of routes the server is allowed to specify.
config: max-routes <n>True0.5TrueFalseTrue0TrueTrueSpecify the maximum number of routes the server is allowed to specify.
config: max-routes <n>adjustment91TrueFalseFalse1FalseTrue12TrueFalseGeneralFalseTrueFalse000012121212TrueFalse1212TrueFalseEncrypt packets with cipher algorithm. The default is BF-CBC (Blowfish in Cipher Block Chaining mode).
config: ciphermodel3010Use custom _size of cipher key:FalseTrueTrueFalseSet cipher key size to a custom value. If unspecified, it defaults to cipher-specific size.
config: keysize <n>True0.5True01TrueTrueSet cipher key size to a custom value. If unspecified, it defaults to cipher-specific size.
config: keysize <n>adjustment61True11TrueFalseAuthenticate packets with HMAC using message digest algorithm. The default is SHA1.
config: authmodel4012TrueFalseCi_pher:Truerightcipher_combo100TrueFalse_HMAC Authentication:Truerighthmacauth_combo1021TrueFalseSecurity1FalseTrueFalse12121212TrueFalsevertical12TrueFalsestartTrue612TrueFalse_Subject Match:Truetls_remote_entry101TrueTrueSubject or Common Name to verify server certificate information against.
config: verify-x509-name subject-or-name [mode]
config (legacy mode): tls-remote subject-or-nameTrue11TrueFalseServer _Certificate Check:Truetls_remote_mode_combo100TrueFalseVerify server certificate identification.
When enabled, connection will only succeed if the server certificate matches some expected properties.
Matching can either apply to the whole certificate subject (all the fields),
or just the Common Name (CN field).
The legacy option tls-remote is deprecated and removed from OpenVPN 2.4 and newer. Do not use it anymore.
config: verify-x509-name subject-or-name [mode]
config (legacy mode): tls-remote subject-or-nameTruemodel9010TrueTrue0TrueFalsestart312_Verify peer (server) certificate usage signatureFalseTrueTrueFalseRequire that peer certificate was signed with an explicit key usage and extended key usage based on RFC3280 TLS rules.True0True002TrueFalse_Remote peer certificate TLS type:Trueremote_cert_tls_combo001TrueFalseRequire that peer certificate was signed with an explicit key usage and extended key usage based on RFC3280 TLS rules.
config: remote-cert-tls client|servermodel7011TrueTrue61TrueFalsestart312_Verify peer (server) certificate nsCertType designationFalseTrueTrueFalseRequire that peer certificate was signed with an explicit nsCertType designation.baselinestartTrue0True002TrueFalse_Remote peer certificate nsCert designation:Trueremote_cert_tls_combo001TrueFalseRequire that peer certificate was signed with an explicit nsCertType designation.
config: ns-cert-type client|servermodel7011TrueTrue62TrueFalse612TrueFalsestart24True612TrueFalseKey _Direction:Truedirection_combo102TrueFalseAdd an additional layer of HMAC authentication on top of the TLS control channel to protect against DoS attacks.
config: tls-auth <file> [direction]True11TrueFalseDirection parameter for static key mode.
If key direction is used, it must be the opposite of that used on the VPN peer. For example, if the peer uses “1”, this connection must use “0”. If you are unsure what value to use, contact your system administrator.
config: tls-auth <file> [direction]model5012TrueFalseKey _File:Truetls_auth_chooser101TrueFalseMode00TrueFalseAdd an additional layer of encryption or HMAC authentication.model100001001TrueFalseAdd an additional layer of encryption or HMAC authentication.startstartAdditional TLS authentication or encryption00TrueTrue32TrueFalseTLS Authentication2FalseTrueFalse00012121212TrueFalse612TrueFalseProxy type: HTTP or Socks.
config: http-proxy or socks-proxymodel6on010TrueFalseProxy _Type:Truerightproxy_type_combo100TrueFalsestart<i>Select this option if your organization requires the use of a proxy server to access the Internet.</i>TrueTrue35011TrueFalseServer _Address:Trueproxy_server_entry102TrueFalse000TrueFalseTrueTrueConnect to remote host through a proxy with this address.
config: http-proxy or socks-proxyTrueTrue0TrueFalse_Port:Truerightproxy_port_spinbutton1TrueTrue61TrueTrueConnect to remote host through a proxy with this port.
config: http-proxy or socks-proxy5adjustment51TrueTrueTrue212_Retry indefinitely when errors occurFalseTrueTrueFalseRetry indefinitely on proxy errors. It simulates a SIGUSR1 reset.
config: http-proxy-retry or socks-proxy-retryTrue0True13TrueFalseProxy _Username:Truerightproxy_username_entry104TrueFalseProxy Passwor_d:Truerightproxy_password_entry105TrueTrueHTTP/Socks proxy username passed to OpenVPN when prompted for it.14TrueTrueHTTP/Socks proxy password passed to OpenVPN when prompted for it.False15_Show passwordFalseTrueTrueFalseTrue0.5True163TrueFalseProxies3FalseTrueFalse12vertical6TrueFalse6Path mtu discoveryTrueTrueFalseTrueFalseTrue1TrueFalsemodel11000FalseTrue2FalseTrue04TrueFalseMisc4FalseFalseFalse1cancel_buttonok_button