Command-line Functionality
We introduced support for the command-line interface (CLI) in OpenVPN Connect version 3.3 for Microsoft Windows. Using a console on a supported operating system, you can use the CLI to manage most application functions. This document provides an overview of the commands you can use.
Locate OpenVPN Connect binary:
<Program Files|Program Files (x86)/OpenVPN Connect/OpenVPNConnect.exe
These commands won’t launch the application but are useful for gathering information from the terminal output.
Commands available
--help
List all of the available commands with a short description.
--accept-gdpr - Accept GDPR for application usage --hide-tray - Launch the application and hide tray icon --minimize - Launch app in the background and UI window does not display --quit - Quit the application --list-settings - Show all application's setting values --set-setting - Change any application setting Format: --set-setting=<name> --value=<value> Setting values (values in [] are default options): vpn-protocol: [adaptive]|udp|tcp timeout: 0,10,30,[60],120 launch-options: none|connect-latest|[start-app]|restore-connection seamless-tunnel: true|[false] shortcut-minimize: [true]|false captive-portal-detection: [true]|false software-update: never|[daily]|weekly|monthly theme: [system]|default|dark tray-icon-style: [monochrome]|colorful enable-crash-reporting: true|[false] min-tls-version: [default]|tls-1-0|tls-1-1|tls-1-2|tls-1-3 ipv6: [default]|no|yes compression: [no]|yes|asym google-dns-fallback: [true]|false --skip-startup-dialogs - Close (skip) information dialogs that OpenVPN Connect shows during the first launch (onboarding tour, update changes, etc.) --version - Show the application version --list-profiles - Show list of profiles imported in the application --import-profile - Import profile by path to a file. All parameters except path are optional and will be saved in the profile configuration Format: --import-profile=<path-to-profile> --name=<profile-name> --username=<username> --password=<password> --pkp=<private-key-password> certificate=<cert-id> --remove-profile - Remove profile by ID or profile name. ID has a higher priority Format: --remove-profile=<profile-id|profile-name> --list-certificates - Show list of certificates imported into the application --import-certificate - Import PKCS12 certificate/key pair (.p12) into the application. Password parameter is optional Format: --import-certificate=<path-to-pkcs12> --password=<password> --remove-certificate - Remove certificate from the application storage Format: --remove-certificate=<cert-id>
App version
--version
Displays the application version and build number.
{
version: "3.2.3",
build-number: "1900"
}These commands can launch OpenVPN Connect if it is not running, or can be executed on the running instance. They can be used together, in any order.
Launch in background
--minimize
Launches the app in the background. The UI window won’t open.
Hide tray icon
--hide-tray
Launches the application and hides the tray icon.
Notifications
Accept GDPR consent
--accept-gdpr
Accepts the General Data Protection (GDPR) consent.
Notice
After installation, if you start the application without this flag and haven’t previously accepted GDPR through the UI, OpenVPN Connect won’t function and won’t accept commands. Instead, you receive an error message.
{
status: "error",
error: "Accept GDPR to use the application."
}Skip startup dialogs
--skip-startup-dialogs
Closes and dismisses the information dialogs that display at first launch of OpenVPN Connect. These dialogs include the onboarding tour and the list of recent changes. The next time the application UI launches, these dialogs won’t display.
Note
This flag doesn't skip the GDPR dialog.
Profiles
List all profiles
--list-profiles
Displays the list of profiles that are imported into OpenVPN Connect. The information includes profile ID, profile name, hostname, type, username, and server override.
[{
id: <profile-id>,
name: <profile-name>,
host: <hostname>,
type: <autologin|user-locked|server-locked>,
username: <username>,
server-override: <hostname|none>
},
...
]Import a profile
--import-profile=<path-to-the-profile> --name=<display-name> --username=<username> --password=<password> --pkp=<private-key-password> certificate=<cert-id>
Imports a profile from a file location, with the file path as a required parameter. All other parameters are optional, but if provided they are saved in the profile configuration. For example, a password can be used during connection for the specific profile. Also, you can pass these parameters in the UI for each connection.
If the import is successful, the command outputs the profile information.
{
"message": {
"id": "<profile-id>",
"name": "<profile-name>",
"host": "<hostname>",
"type": "<autologin|user-locked|server-locked>",
"username": "<username>",
"server-override": "<hostname|none>"
},
"status": "success"
}If unsuccessful, the command outputs an error message.
{
"error": <error-message>,
"status": "error"
}Remove a profile
--remove-profile=<profile-id|profile-name>
Removes a profile using either the profile ID or profile name. The command line outputs either a success or error status message.
{
"message|error": <Result of operation>,
"status": "success|error"
}Certificates Management
List all certificates
--list-certificates
Displays the list of imported certificates. The output includes the cert ID, hash, expiration state, and a subject summary.
[{
cert-id: <cert-id>,
hash: <hash>,
is-expired: true|false,
subject-summary: <Subject Summary>
},
...
]Import a certificate
--import-certificate=<path-to-certificate> --password=<password>
Imports the PKCS 12 certificate/key pair from a file location. The certificate saves in OS Certificate Storage or keychain. The file path is required, but the password is optional. The command output displays the cert ID, hash, expiration state, and a subject summary.
{
"message": {
"cert-id": <cert-id>,
"hash": <hash>,
"is-expired": true|false,
"subject-summary": <Subject Summary>
},
"status": "success"
}If the import fails, the command output displays an error message.
{
"error": <error-message>,
"status": "error"
}Remove a certificate
--remove-certificate=<cert-id>
Removes a certificate by cert ID. The command line outputs either a success or error status message.
{
"message|error": <Result of operation>,
"status": "success|error"
}Settings Management
List all application setting values
--list-settings
Lists all of the application setting values, including protocol, timeout, launch options, seamless tunnel, and others.
{
protocol: adaptive|udp|tcp
timeout: 0,10,30,60,120
launch-options: none|connect-latest|start-app|restore-connection
seamless-tunnel: true|false
shortcut-minimize: true|false
captive-portal-detection: true|false
software-update: never|daily|weekly|monthly
theme: system|default|dark
tray-icon-style: monochrome|colorful
enable-crash-reporting: true|false
min-tls-version: default|tls-1-0|tls-1-1|tls-1-2|tls-1-3
ipv6: default|no|yes
compression: no|yes|asym
google-dns-fallback: true|false
}Set a setting value
--set-setting=<name> --value=<value>
Changes any of the application settings. The command line outputs either a success or error status message.
{
"message|error": <Result of operation>,
"status": "success|error"
}