VPN/VPN-Client/Config

New in the wiki: 06.2026

notempty

This article refers to a Beta version

-

Option	Type	Required	Description	Example
ca	string (path or x509)	Yes	Certificate Authority
cert	string (path or x509)	Yes
key	string (path or x509)	Yes	Key
remote	string	Yes		remote 1.2.3.4 1194 udp
tun-mtu	int	No		tun-mtu 1500
link-mtu	int	No		link-mtu 1500
verb	int	No		verb 1
key-method	int	No		key-method 2
connect-retry	int	No		connect-retry 5
connect-retry-max	int	No		connect-retry-max 5
ping	int	No		ping 10
ping-restart	int	No		ping-restart 10
max-rekeying-time	int	No		max-rekeying-time 30
wakeup-time	int	No		wakeup-time 30
push-continuation	int	No		push-continuation 2
resolve-retry	int	No		resolve-retry 60
hibernate-time	int	No		hibernate-time 60
dev	string	No		dev tun
dev-type	string	No		dev-type tun
proto	string	No		proto udp
cipher	string	No		cipher AES-256-CBC
data-ciphers	string	No		data-ciphers AES-256-GCM
auth	string	No		auth SHA256
auth-user-pass or inline	string	No		<auth-user-pass> username password </auth-user-pass> or auth-user-pass
route-gateway	string	No		route-gateway 1.2.3.4
dhcp-option	string	No		dhcp-option DNS 1.2.3.4
ifconfig	string	No		ifconfig l rn
ifconfig-ipv6	string	No		ifconfig-ipv6 <local-ipv6> [<remote-ipv6>]
route	string	No		route <netmask> <gateway> <metric>
route-ipv6	string	No		route-ipv6 <netmask> <gateway> <metric>
redirect-gateway	string	No		redirect-gateway def1
tls-auth	string	No
tls-crypt	string	No
remote-cert-tls	string	No		remote-cert-tls server
remote-cert-ku	string	No		remote-cert-ku "Key Encipherment"
remote-cert-eku	string	No		remote-cert-eku "TLS Web Server Authentication"