Skip to main content

Frequently Asked Questions

If you have questions about OpenVPN Connect on macOS, refer to this FAQ for answers. If it's not here, feel free to create a support ticket.

Yes, you may continue to use both v2 and v3 on the same connect device and import the profiles desired into each. If you like, you can run either one or both.

No, OpenVPN Connect can't connect to multiple servers at once. Instead, it supports multiple connection profiles, so you can easily switch from one server to the next, but you can only connect to one at a time.

This is designed to prevent unexpected traffic paths when connecting to multiple VPN servers simultaneously. If you're a system administrator and require a complex setup with multiple active connections, use the open-source community OpenVPN client software.

The OpenVPN client v1 — OpenVPN Desktop Client — is no longer available. It's no longer safe and hasn't been maintained for years. It was replaced with the OpenVPN client v2.

The OpenVPN client v2 — OpenVPN Connect Client — was used for many years but is no longer available on our website.

The OpenVPN client v3 — OpenVPN Connect — is the latest generation of our software. You can download it from the Apps page on our site. It's also available on Access Server Client Web UIs and user invitation emails for CloudConnexa.

You can use OpenVPN Connect from our website or the client from your Access Server instance.

This is the official OpenVPN Connect software for macOS developed and maintained by OpenVPN, Inc., the recommended client program for Access Server and CloudConnexa. We provide the latest versions on our website.

If you have an Access Server, you can download OpenVPN Connect directly from your Client Web UI, which is pre-configured. The version available from our website contains no connection profile, although you can use it to update an existing installation and retain settings.

Layer 2 bridging (TAP) is no longer supported. Switch over to TUN mode to resolve this issue.

Access Server starts with a self-signed certificate. With this, you receive warnings from your web browser about the site not being secure, as well as a certificate error when importing a profile with OpenVPN Connect. You can simply override the warnings or add an exception for your web browser. To resolve this, you can set up a DNS hostname that resolves to the public address of your Access Server and install a valid SSL certificate corresponding to that DNS hostname. Going forward, you would use that hostname to access your server instead of the IP address. This is also recommended, as validated SSL certificates can only ever function with a valid public DNS hostname.

When your administrator creates your user account in their CloudConnexa portal, you then receive an invitation email with this information. Check with your CloudConnexa administrator if you haven't received one.

Your Access Server hostname is the address at which you can reach it. For example, it could be https://vpn.yourcompany.com/. If a DNS hostname isn't set up, you can specify the IP address of your Access Server—for example, https://203.0.113.55.

Your credentials are your username and password. If you don't have those, check with your Access Server administrator.

The Profile Name is what displays on the app's home screen after you save the profile. It's defined automatically as the username with your server's hostname or IP address. For example, user1@hostname.com. It differentiates between multiple profiles. You can manually define it as well.

Choosing this option allows you to import an autologin profile with the address and credentials for Access Server, then start the connection with the tap of a button. You don't need to re-enter credentials each time you connect.

The autologin profile contains an embedded, secure certificate that automatically identifies and authorizes your connection. It is an optional setting in Access Server that the server administrator can choose to make available to you.

If you can't import the autologin profile, your administrator may not have allowed autologin through user permissions.

During the investigation of a vulnerability called VORACLE, we found that compressing data going through the VPN tunnel has an adverse effect on security. For more, refer to our security notification regarding the VORACLE attack vulnerability.

To protect our customers, we turn off compression by default.

Some open-source servers can be configured so that the client must do compression to successfully connect. In such a case, we recommend you update the server to turn off compression, but we understand that this is not always possible, and you may need to be able to connect to such a server. In that event, you can go into the settings and re-enable compression.