We introduced support for the command-line interface (CLI) in OpenVPN Connect version 3.3 for Microsoft Windows and macOS. Using a console on a supported operating system, you can use the CLI to manage most application functions. This document provides an overview of the commands you can use.

Get Started

Locate OpenVPN Connect binary:

  1. Windows: <Program Files|Program Files (x86)/OpenVPN Connect/OpenVPNConnect.exe
  2. macOS: /Applications/OpenVPN Connect/OpenVPN Connect.app/contents/MacOS/OpenVPN Connect

Helpers

These commands won’t launch the application, but are useful for gathering information from the terminal output.

Commands available

--help

List all of the available commands with a short description.

--accept-gdpr  -  Accept GDPR for application usage
--hide-tray  -  Launch the application and hide tray icon
--minimize  -  Launch app in the background and UI window does not display
--quit  -  Quit the application
--list-settings  -  Show all application's setting values
--set-setting  -  Change any application setting
 Format: 
   --set-setting=<name> --value=<value>
 Setting values (values in [] are default options):
 vpn-protocol: [adaptive]|udp|tcp
 timeout: 0,10,30,[60],120
 launch-options: none|connect-latest|[start-app]|restore-connection
 seamless-tunnel: true|[false]
 shortcut-minimize: [true]|false
 captive-portal-detection: [true]|false
 software-update: never|[daily]|weekly|monthly
 theme: [system]|default|dark
 tray-icon-style: [monochrome]|colorful
 enable-crash-reporting: true|[false]
 min-tls-version: [default]|tls-1-0|tls-1-1|tls-1-2|tls-1-3
 ipv6: [default]|no|yes
 compression: [no]|yes|asym
 google-dns-fallback: [true]|false
--skip-startup-dialogs  -  Close (skip) information dialogs that OpenVPN Connect shows during the first launch (onboarding tour, update changes, etc.)
--version  -  Show the application version
--list-profiles  -  Show list of profiles imported in the application
--import-profile  -  Import profile by path to a file. All parameters except path are optional and will be saved in the profile configuration
 Format:
   --import-profile=<path-to-profile> --name=<profile-name> --username=<username> --password=<password> --pkp=<private-key-password> certificate=<cert-id>
--remove-profile  -  Remove profile by ID or profile name. ID has a higher priority
 Format:
   --remove-profile=<profile-id|profile-name>
--list-certificates  -  Show list of certificates imported into the application
--import-certificate  -  Import PKCS12 certificate/key pair (.p12) into the application. Password parameter is optional
 Format:
   --import-certificate=<path-to-pkcs12> --password=<password>
--remove-certificate  -  Remove certificate from the application storage
 Format:
   --remove-certificate=<cert-id>

App version

--version

Displays the application version and build number.

{
 version: "3.2.3",
 build-number: "1900"
}

Launch flags

These commands can launch OpenVPN Connect if it is not running, or can be executed on the running instance. They can be used together, in any order.

Launch in background

--minimize

Launches the app in the background. The UI window won’t open.


Hide tray icon

--hide-tray

Launches the application and hides the tray icon.

Configuration

Notifications

--accept-gdpr

Accepts the General Data Protection (GDPR) consent. Note: After installation, if you start the application without this flag and haven’t previously accepted GDPR through the UI, the Connect app won’t function and won’t accept commands. Instead, you will receive an error message.

{
 status: "error",
 error: "Accept GDPR to use the application."
}

Skip startup dialogs

--skip-startup-dialogs

Closes and dismisses the information dialogs that display at first launch of OpenVPN Connect. These dialogs include the onboarding tour and the list of recent changes. The next time the application UI launches, these dialogs won’t display. Note: This flag doesn’t skip the GDPR dialog.

Profiles

List all profiles

--list-profiles

Displays the list of profiles that are imported into OpenVPN Connect. The information includes profile ID, profile name, hostname, type, username, and server override.

[{
 id: <profile-id>,
 name: <profile-name>,
 host: <hostname>,
 type: <autologin|user-locked|server-locked>,
 username: <username>,
 server-override: <hostname|none>
},
...
]

Import a profile

--import-profile=<path-to-the-profile> --name=<display-name> --username=<username> --password=<password> --pkp=<private-key-password> certificate=<cert-id>

Imports a profile from a file location, with the file path as a required parameter. All other parameters are optional, but if provided they are saved in the profile configuration. For example, a password can be used during connection for the specific profile. Also, you can pass these parameters in the UI for each connection.

If the import is successful, the command outputs the profile information.

{
 "message": {
   "id": "<profile-id>",
   "name": "<profile-name>",
   "host": "<hostname>",
   "type": "<autologin|user-locked|server-locked>",
   "username": "<username>",
   "server-override": "<hostname|none>"
 },
 "status": "success"
}

If unsuccessful, the command outputs an error message.

{
 "error": <error-message>,
 "status": "error"
}

Remove a profile

--remove-profile=<profile-id|profile-name>

Removes a profile using either the profile ID or profile name. The command line outputs either a success or error status message.

{
 "message|error": <Result of operation>,
 "status": "success|error"
}

Certificates Management

List all certificates

--list-certificates

Displays the list of imported certificates. The output includes the cert ID, hash, expiration state, and a subject summary.

[{
 cert-id: <cert-id>,
 hash: <hash>,
 is-expired: true|false,
 subject-summary: <Subject Summary>
},
...
]

Import a certificate

--import-certificate --path=<path-to-certificate> --password=<password>

Imports the PKCS 12 certificate/key pair from a file location. The certificate saves in OS Certificate Storage or keychain. The file path is required, but the password is optional. The command output displays the cert ID, hash, expiration state, and a subject summary.

{
 "message": {
   "cert-id": <cert-id>,
   "hash": <hash>,
   "is-expired": true|false,
   "subject-summary": <Subject Summary>
 },
 "status": "success"
}

If the import fails, the command output displays an error message.

{
 "error": <error-message>,
 "status": "error"
}

Remove a certificate

--remove-certificate=<cert-id>

Removes a certificate by cert ID. The command line outputs either a success or error status message.

{
 "message|error": <Result of operation>,
 "status": "success|error"
}

Settings Management

List all application setting values

--list-settings

Lists all of the application setting values, including protocol, timeout, launch options, seamless tunnel, and others.

{
 protocol: adaptive|udp|tcp
 timeout: 0,10,30,60,120
 launch-options: none|connect-latest|start-app|restore-connection
 seamless-tunnel: true|false
 shortcut-minimize: true|false
 captive-portal-detection: true|false
 software-update: never|daily|weekly|monthly
 theme: system|default|dark
 tray-icon-style: monochrome|colorful
 enable-crash-reporting: true|false
 min-tls-version: default|tls-1-0|tls-1-1|tls-1-2|tls-1-3
 ipv6: default|no|yes
 compression: no|yes|asym
 google-dns-fallback: true|false
}

Set a setting value

--set-settings=<name> --value=<value>

Changes any of the application settings. The command line outputs either a success or error status message.

{
 "message|error": <Result of operation>,
 "status": "success|error"
}