Reference Manual

Ontrol Panel


openvpn - interact with the OpenVPN client

openvpns - interact with the OpenVPN Interactive Service  Elevation required


openvpn ['connection' | close | abort| list | status | check]


Command openvpn 'connection' establishes the specified OpenVPN connection, where connection is either an OpenVPN connection file name or a short connection ID defined in file openvpn.txt in the current directory (usually \NAT32v2).

An established connection is not actually used until a host issues a route vpn command. This feature is called Selective VPN Sharing and allows only desired computers to use a shared connection.

Command openvpn close closes an established connection if no hosts are currently using it.

Command openvpn abort closes an established connection unconditionally.

Command openvpn list prints the connections contained in file openvpn.txt.

Command openvpn status prints status information.

Command openvpn check prints status information for a host that is using a connection.

A TAP-WIN32 adapter must be available in order to use OpenVPN. NAT32 should be configured to use 2 Internet interfaces, with the main Internet adapter as the Main interface and the TAP-WIN32 adapter as the Auxiliary interface.

The first line of the openvpn.txt file must contain the full path of the OpenVPN executable file, typically:

C:\Program Files\OpenVPN\bin\openvpn.exe

Subsequent lines contain a short connection ID, followed by the name of the associated .ovpn file.


C:\Program Files\OpenVPN\bin\openvpn.exe
AU ipvanish-AU-Sydney-syd-a05.ovpn
CH ipvanish-CH-Zurich-zur-c14.ovpn
DE ipvanish-DE-Frankfurt-fra-a05.ovpn
UK ipvanish-UK-London-lon-a05.ovpn
US ipvanish-US-Seattle-sea-a05.ovpn

The .ovpn files are connection-specific OpenVPN configuration files that your VPN Service Provider will have supplied. Be sure to copy those that you need to your NAT32 directory.

Be sure to change the auth-user-pass line in those files to auth-user-pass up.txt or OpenVPN will prompt for a Username and Password before connecting. Authentication is done as described below.

For OpenVPN versions 2.4.x and later, be sure to also remove "tls-remote" lines.

For authentication, create a file up.txt containing the needed Username in line 1 and Password in line 2. OpenVPN will then be able to connect without requiring additional user input.

The current directory must also contain the certificate file .crt issued by the VPN Service Provider. The file can be copied from the directory in which the Service Provider's software is installed.

Because certificates have an expiry date, BE SURE to update the certifcate file regularly.

Up to 16 connections can be specified in the openvpn.txt file, but note that comments are currently not allowed.

Before starting an OpenVPN connection, be sure that the NAT32 Interface selection algorithm is set to main. Any other value will render the connection inoperable.

An OpenVPN connection can be shared by all computers that are using NAT32 as their Internet gateway. However, after a connection is established, only those computers that issue a route vpn command will actually start using the connnection for Internet access. All computers continue to have unaltered local access.

A route vpn command can also be issued on behalf of another computer. This is used to grant devices that have no browser interface access to the Internet via the OpenVPN connection.

VPN connections are particularly useful for streaming video content from geo-blocked Internet sites for playback on a local media player (such as an Apple TV).

For convenience, the Control Panel can be used to control OpenVPN connection behaviour. The Control Panel has been designed for use on mobile devices and should be customized as needed.

For even more convenience, this User Interface can be used to control OpenVPN connections and set Filters and Blocks.

To use OpenVPN connections when NAT32 is running in User Mode, be sure to copy up.txt, the .ovpn files and the .crt file to your \Users\name\OpenVPN\config directory. If that directory doesn't exist, simply create it with the Windows Explorer. Also, be sure that the OpenVPN Interactive Service is running. The Windows Service Control Manager can be used to start it.

Interface Selection, Control Panel, Default User Interface, DNS Analyser, Route via VPN