OpenVPN 3 Linux Client
The OpenVPN 3 Linux client is the official next-generation command-line client for Linux systems. It supports modern features for both open-source community users and commercial OpenVPN product users (Access Server and CloudConnexa).
What is OpenVPN 3 Linux?
OpenVPN 3 Linux is a user-space implementation built on the same core library used by OpenVPN Connect. Unlike the older OpenVPN 2.x clients, this version offers:
Unprivileged user support.
Automatic DNS configuration.
Access control for configuration and session management.
D-Bus integration and Python 3 support for scripting and automation.
Note
There is no GUI client (OpenVPN Connect) for Linux. This is a command-line-only client.
Installation
We provide packages for Ubuntu, Debian, RHEL, and Fedora. Refer to these for reference:
Using OpenVPN 3 Linux with Access Server
You can connect to Access Server using the openvpn3-as
tool included in the client package. Follow the detailed steps in this article:
Advanced features
Configuration and session access control (ACL)
To associate a connection profile (.ovpn file) with a configuration file:
openvpn3 config-import --config Brandon.ovpn --name <MY_CONFIG_NAME> --persistent
Tip
The <MY_CONFIG_NAME> (configuration file) is an "alias name" associated with your connection profile (.ovpn file).
To list all available configuration profiles, run this command:
openvpn3 configs-list
Important
A configuration file typically contains generic options to connect to a specific server, regardless of the Device itself. OpenVPN 3 Linux also supports setting more Host-specific settings on a configuration Profile. This is handled via the openvpn3 config-manage interface. Any settings here will also be preserved across boots if the configuration Profile was imported with the --persistent argument.
To start a VPN session:
openvpn3 session-start --config <MY_CONFIG_NAME>
Once a VPN session has started, you can list the active VPN session by running this command:
openvpn3 sessions-list
To disconnect a VPN session:
openvpn3 session-manage --config <MY_CONFIG_NAME> --disconnect
To start a VPN session using the openvpn2 script:
openvpn2 --config Brandon.ovpn --verb 6
Tip
The openvpn2 is a Python script that partly "emulates" the classic OpenVPN.
Python 3 integration
The client ships with a Python 3 module and example scripts:
openvpn2
openvpn3-autoload
openvpn3-as
More examples are available in the source tree.
AWS VPC integration
For AWS routing integration, install the AWS add-on:
# Ubuntu/Debian apt install openvpn3-addon-aws # Fedora/RHEL/CentOS yum install openvpn3-addon-aws
Then start the service:
sudo systemctl enable openvpn3-aws.service
The service listens for VPN route changes and updates your AWS VPC route table.
Important
The openvpn3-service-aws
requires AWS IAM role configuration. We recommend configuring it with AWS CloudFormation scripts. See the openvpn3-service-aws
man page for details.
About DCO (data channel offload)
The OpenVPN 3 client can optionally use the ovpn-dco
kernel module for improved performance.
To start a VPN session with DCO:
openvpn3 session-start --config <MY_CONFIG_NAME> --dco true
Check if the module is installed:
modinfo ovpn-dco-v2
Check DKMS status:
dkms status
If this only says the
ovpn-dco
module is added and not installed, or the installed kernel version doesn't match the running kernel version, there's a mismatch. Use this command to verify your running kernel version:uname -r
Tip
Ensure your host is current on kernel updates.
For advanced build and troubleshooting, refer to the dkms(8)
man page.
Additional documentation and references
All tools include man pages (e.g.,
man openvpn3
,man openvpn3-linux
).Source and example code: Git repository.
D-Bus programming interface: Service overview.
Limitations
Profile autoloading
OpenVPN 3 doesn't support --auth-user-pass
with plain text files like OpenVPN 2.
OpenVPN 2 Linux clients allowed storing user credentials in a text-based file for starting a VPN connection. For specific use cases with OpenVPN 3 where this is still needed, find a workaround here: OpenVPN 3 Linux and --auth-user-pass.
Not using Access Server or CloudConnexa?
This page focuses on using OpenVPN 3 with OpenVPN Inc. products. If you're using OpenVPN 3 Linux with your own server or another VPN provider:
Visit the Community OpenVPN 3 Linux Wiki. Maintained by the open-source community.