Frequently Asked Questions
If you have questions about OpenVPN Connect on macOS, refer to this FAQ for answers. If it's not here, feel free to create a support ticket.
- 1. How do I install the Mac client?
- 2. Can the new and old clients co-exist?
- 3. Can I connect to multiple servers at the same time?
- 4. Is the old client still available?
- 5. Where can I find OpenVPN Connect for other OS?
- 6. Should I use this client or the client from my instance of Access Server?
- 7. How do I install the client directly from my Access Server?
- 8. How do I install the client for CloudConnexa?
- 9. How do I import a profile from a server?
- 10. How do I import a profile from my device?
- 11. Why did I receive an error message that TAP mode is unsupported when importing a profile?
- 12. Why am I getting a certificate error? How can I fix using a self-signed certificate?
- 13. Where do I find my CloudConnexa CloudID and credentials?
- 14. Where do I find my Access Server hostname and credentials?
- 15. What do I enter for Profile Name?
- 16. What does Import autologin profile mean?
- 17. Why did I get the message, "In this version, compression was disabled by default. If you need it, please re-enable this setting."
1. | How do I install the Mac client? |
Follow the steps in the installation guide. | |
2. | Can the new and old clients co-exist? |
Yes, you may continue to use both v2 and v3 on the same connect device and import the profiles desired into each. If you like, you can run either one or both. | |
3. | Can I connect to multiple servers at the same time? |
No, OpenVPN Connect can't connect to multiple servers at once. Instead, it supports multiple connection profiles, so you can easily switch from one server to the next, but you can only connect to one at a time. This is designed to prevent unexpected traffic paths when connecting to multiple VPN servers simultaneously. If you're a system administrator and require a complex setup with multiple active connections, use the open-source community OpenVPN client software. | |
4. | Is the old client still available? |
The OpenVPN client v1 — OpenVPN Desktop Client — is no longer available. It's no longer safe to use and hasn't been maintained for years. It was replaced with the OpenVPN client v2. The OpenVPN client v2 — OpenVPN Connect Client — has been u for many years. It's still available on our website. You can download it from the macOS Connect page on our site. The OpenVPN client v3 — OpenVPN Connect — is the latest generation of our software. You can download it from the macOS Connect page on our site. It's also available on Access Server Client Web UIs and user invitation emails for CloudConnexa. | |
5. | Where can I find OpenVPN Connect for other OS? |
6. | Should I use this client or the client from my instance of Access Server? |
You can use OpenVPN Connect from our website or the client from your Access Server instance. This is the official OpenVPN Connect software for macOS developed and maintained by OpenVPN, Inc., the recommended client program for Access Server and CloudConnexa. We provide the latest versions on our website. If you have an Access Server, you can download OpenVPN Connect directly from your Client Web UI, which is pre-configured. The version available from our website contains no connection configuration, although you can use it to update an existing installation and retain settings. | |
7. | How do I install the client directly from my Access Server? |
Refer to the Access Server macOS installation guide. | |
8. | How do I install the client for CloudConnexa? |
Refer to the CloudConnexa macOS installation guide. | |
9. | How do I import a profile from a server? |
Refer to import from URL. | |
10. | How do I import a profile from my device? |
Refer to import from file. | |
11. | Why did I receive an error message that TAP mode is unsupported when importing a profile? |
Layer 2 bridging (TAP) is no longer supported. Switch over to TUN mode to resolve this issue. | |
12. | Why am I getting a certificate error? How can I fix using a self-signed certificate? |
Access Server starts with a self-signed certificate. With this, you receive warnings from your web browser about the site not being secure, as well as a certificate error when importing a profile with OpenVPN Connect. You can simply override the warnings or add an exception for your web browser. To resolve this, you can set up a DNS hostname that resolves to the public address of your Access Server and install a valid SSL certificate corresponding to that DNS hostname. Going forward, you would use that hostname to access your server instead of the IP address. This is also recommended, as validated SSL certificates can only ever function with a valid public DNS hostname. | |
13. | Where do I find my CloudConnexa CloudID and credentials? |
When your administrator creates your user account in their CloudConnexa portal, you then receive an invitation email with this information. Check with your CloudConnexa administrator if you haven't received one. | |
14. | Where do I find my Access Server hostname and credentials? |
Your Access Server hostname is the address at which you can reach your Access Server. For example, it could be https://vpn.yourcompany.com/. If a DNS hostname isn't set up, it's possible to specify the IP address of your Access Server — for example, https://55.193.55.55. Your credentials are your username and password. Check with your Access Server administrator if you don't have those. | |
15. | What do I enter for Profile Name? |
The Profile Name is what displays on the app's home screen after you save the profile. It's defined automatically as the username with your server's hostname or IP address. For example, user1@hostname.com. It differentiates between multiple profiles. You can manually define it as well. | |
16. | What does Import autologin profile mean? |
Choosing this option allows you to import an autologin profile with the address and credentials for Access Server, then start the connection with the tap of a button. You don't need to re-enter credentials each time you connect. The autologin profile contains an embedded, secure certificate that automatically identifies and authorizes your connection. It is an optional setting in Access Server that the server administrator can choose to make available to you. If you can't import the autologin profile, your administrator may not have allowed autologin through user permissions. | |
17. | Why did I get the message, "In this version, compression was disabled by default. If you need it, please re-enable this setting." |
During the investigation of a vulnerability called VORACLE, we found that using compression on the data going through the VPN tunnel has an adverse effect on security. For more, refer to our security notification regarding the VORACLE attack vulnerability. To protect our customers, we turn off compression by default. Some open-source servers can be configured in such a way that the client must do compression to successfully connect. In such a case, we recommend you update the server to turn off compression, but we understand that this is not always possible, and you may need to be able to connect to such a server. In that event, you can go into the settings and re-enable compression. |