OpenVPN Config file – How to understand it
Each VPN provider will provide you with a config file. If you open this config using Notepad, then it will read something like this.
VPNBook- UDP Port 53 Client config file
– Client (You’re the client, not the server, so we’re off to a good start).
– Protocol = UDP (UDP is faster than TCP, so this is the fastest form of VPN).
– Remote = VPNBook server – the port we connect on is Port 53
-Resolve & retry = infinite = keep trying
-MTU = maximum transmission unit. Consider packets stacked like suitcases in an airplane. Each suitcase has a maximum weight and size. This MTU confirms the maximum weight of each suitcase allowed – to fly with
British Airways OpenVPN. 🙂
-Persist = keep trying
-CA = Certificate authority. The .CRT file is their certificate.
-auth-user-pass = look for a password file (called password.txt)
-verb = verbose level. How “chatty” the error messages are.
– cipher = AES 256
So when you download the UDP Port 53 config file from VPNBook, that’s what the file is saying to your computer.
Line 1 – We are the “client”.
device = tun. Each VPN tunnel has 4 Devices. 2 are real IP, and the other 2 are virtual IP numbers. If it’s not tun, it will read dev tap.
Step 2 – Remote means the OpenVPN server
Protocol = is UDP.
- If not UDP, the protocol would be TCP.
remote (the server) and the IP/Port that we need to connect on
A setting to retry the connection (very handy if the connection fails, or we’re on a busy network)
Line 3 – Persist and HTTP proxy settings (if they’re being used)
Line 4 – SSL
SSL is the security for your Browser (Firefox or IE).
It checks the certificate (that’s a .crt file)
And uses a key for each client (that’s the .key file)
Line 5 – Verify the certificate and SSL security
TLS is the newer version of SSL.
So this TLS-auth is about the browser security or SSL secret keys.
It’s also handy for stopping DOS attacks
Line 6 – 007 James Bond Spy keys go here
Cipher – server/client must agree on an encryption system – to encrypt your data.
AES 256 is very strong, unbreakable in fact.
comp-lzo = Allow compression.
Hopefully, when you get error messages now, you’ll understand what has gone wrong.
Eg if the error says TLS keys – that means the SSL key exchange has not happened in the time allowed – this would close the session. The keys are needed to encrypt your message. If it fails, OpenVPN won’t allow you to connect, as it’s unsafe.