Command Line Functionality for OpenVPN Connect

We introduced support for the command-line interface (CLI) in OpenVPN Connect version 3.3 for Microsoft Windows and macOS. Using a console on a supported operating system, you can use the CLI to manage most application functions. This document provides an overview of the commands you can use.

Get Started

Locate OpenVPN Connect binary:

  1. Windows: <Program Files|Program Files (x86)/OpenVPN Connect/OpenVPNConnect.exe
  2. macOS: /Applications/OpenVPN Connect/OpenVPN Connect


These commands won’t launch the application, but are useful for gathering information from the terminal output.

Commands available


List all of the available commands with a short description.

--accept-gdpr  -  Accept GDPR for application usage
--hide-tray  -  Launch the application and hide tray icon
--minimize  -  Launch app in the background and UI window does not display
--quit  -  Quit the application
--list-settings  -  Show all application's setting values
--set-setting  -  Change any application setting
   --set-setting=<name> --value=<value>
 Setting values (values in [] are default options):
 vpn-protocol: [adaptive]|udp|tcp
 timeout: 0,10,30,[60],120
 launch-options: none|connect-latest|[start-app]|restore-connection
 seamless-tunnel: true|[false]
 shortcut-minimize: [true]|false
 captive-portal-detection: [true]|false
 software-update: never|[daily]|weekly|monthly
 theme: [system]|default|dark
 tray-icon-style: [monochrome]|colorful
 enable-crash-reporting: true|[false]
 min-tls-version: [default]|tls-1-0|tls-1-1|tls-1-2|tls-1-3
 ipv6: [default]|no|yes
 compression: [no]|yes|asym
 google-dns-fallback: [true]|false
--skip-startup-dialogs  -  Close (skip) information dialogs that OpenVPN Connect shows during the first launch (onboarding tour, update changes, etc.)
--version  -  Show the application version
--list-profiles  -  Show list of profiles imported in the application
--import-profile  -  Import profile by path to a file. All parameters except path are optional and will be saved in the profile configuration
   --import-profile=<path-to-profile> --name=<profile-name> --username=<username> --password=<password> --pkp=<private-key-password> certificate=<cert-id>
--remove-profile  -  Remove profile by ID or profile name. ID has a higher priority
--list-certificates  -  Show list of certificates imported into the application
--import-certificate  -  Import PKCS12 certificate/key pair (.p12) into the application. Password parameter is optional
   --import-certificate=<path-to-pkcs12> --password=<password>
--remove-certificate  -  Remove certificate from the application storage

App version


Displays the application version and build number.

 version: "3.2.3",
 build-number: "1900"

Launch flags

These commands can launch OpenVPN Connect if it is not running, or can be executed on the running instance. They can be used together, in any order.

Launch in background


Launches the app in the background. The UI window won’t open.

Hide tray icon


Launches the application and hides the tray icon.




Accepts the General Data Protection (GDPR) consent. Note: After installation, if you start the application without this flag and haven’t previously accepted GDPR through the UI, the Connect app won’t function and won’t accept commands. Instead, you will receive an error message.

 status: "error",
 error: "Accept GDPR to use the application."

Skip startup dialogs


Closes and dismisses the information dialogs that display at first launch of OpenVPN Connect. These dialogs include the onboarding tour and the list of recent changes. The next time the application UI launches, these dialogs won’t display. Note: This flag doesn’t skip the GDPR dialog.


List all profiles


Displays the list of profiles that are imported into OpenVPN Connect. The information includes profile ID, profile name, hostname, type, username, and server override.

 id: <profile-id>,
 name: <profile-name>,
 host: <hostname>,
 type: <autologin|user-locked|server-locked>,
 username: <username>,
 server-override: <hostname|none>

Import a profile

--import-profile=<path-to-the-profile> --name=<display-name> --username=<username> --password=<password> --pkp=<private-key-password> certificate=<cert-id>

Imports a profile from a file location, with the file path as a required parameter. All other parameters are optional, but if provided they are saved in the profile configuration. For example, a password can be used during connection for the specific profile. Also, you can pass these parameters in the UI for each connection.

If the import is successful, the command outputs the profile information.

 "message": {
   "id": "<profile-id>",
   "name": "<profile-name>",
   "host": "<hostname>",
   "type": "<autologin|user-locked|server-locked>",
   "username": "<username>",
   "server-override": "<hostname|none>"
 "status": "success"

If unsuccessful, the command outputs an error message.

 "error": <error-message>,
 "status": "error"

Remove a profile


Removes a profile using either the profile ID or profile name. The command line outputs either a success or error status message.

 "message|error": <Result of operation>,
 "status": "success|error"

Certificates Management

List all certificates


Displays the list of imported certificates. The output includes the cert ID, hash, expiration state, and a subject summary.

 cert-id: <cert-id>,
 hash: <hash>,
 is-expired: true|false,
 subject-summary: <Subject Summary>

Import a certificate

--import-certificate=<path-to-certificate> --password=<password>

Imports the PKCS 12 certificate/key pair from a file location. The certificate saves in OS Certificate Storage or keychain. The file path is required, but the password is optional. The command output displays the cert ID, hash, expiration state, and a subject summary.

 "message": {
   "cert-id": <cert-id>,
   "hash": <hash>,
   "is-expired": true|false,
   "subject-summary": <Subject Summary>
 "status": "success"

If the import fails, the command output displays an error message.

 "error": <error-message>,
 "status": "error"

Remove a certificate


Removes a certificate by cert ID. The command line outputs either a success or error status message.

 "message|error": <Result of operation>,
 "status": "success|error"

Settings Management

List all application setting values


Lists all of the application setting values, including protocol, timeout, launch options, seamless tunnel, and others.

 protocol: adaptive|udp|tcp
 timeout: 0,10,30,60,120
 launch-options: none|connect-latest|start-app|restore-connection
 seamless-tunnel: true|false
 shortcut-minimize: true|false
 captive-portal-detection: true|false
 software-update: never|daily|weekly|monthly
 theme: system|default|dark
 tray-icon-style: monochrome|colorful
 enable-crash-reporting: true|false
 min-tls-version: default|tls-1-0|tls-1-1|tls-1-2|tls-1-3
 ipv6: default|no|yes
 compression: no|yes|asym
 google-dns-fallback: true|false

Set a setting value

--set-settings=<name> --value=<value>

Changes any of the application settings. The command line outputs either a success or error status message.

 "message|error": <Result of operation>,
 "status": "success|error"