Skip to main content

OpenVPN Directives not Supported by the App

Abstract

The OpenVPN Connect mobile apps don't support the directives listed on this page.

OpenVPN Connect uses the OpenVPN3 client library. While it supports almost all configuration directives, some are deemed obsolete or rarely used. If you believe there is a directive we need to support, let us know by opening a support ticket and providing the details there.

Here is a partial list of directives not currently supported:

  • dev tap — This directive is not supported because the underlying mobile OS VPN API doesn't support TAP-style tunnels.

  • fragment — The fragment directive is not supported due to the complexity it adds to the OpenVPN implementation. It’s better to leave fragmentation up to the lower-level transport protocols. Note that the client also doesn’t support connecting to a server that uses the fragment directive.

  • secret — Static key encryption mode (non-TLS) isn’t supported.

  • socks-proxy — Socks proxy support is currently not supported.

  • Not all ciphers are supported — OpenVPN Connect fully supports the AES-GCM and AES-CBC ciphers and ChaCha20-Poly1305 as of Connect v3.3. The AES-GCM cipher algorithm is well-suited for modern processors generally used in Android devices, iOS devices, macs, and modern PCs. The deprecated DES and Blowfish ciphers are currently supported but will be removed in the future.

  • Proxy directives — While proxy directives are currently supported (http-proxy and http-proxy-option), they are currently NOT supported in <connection> profiles.

Additionally, you can find unsupported options in the connection log under the section "UNUSED OPTIONS", where OpenVPN Connect prints all those directives specified in the profile that are not used by the app.