OpenVPN on Linux using Network Manager

Note: we have a VPN client app for Ubuntu/Debian/Mint distros, please check the KB article.

This guide describes how to configure OpenVPN on Linux using the Network Manager tool, with AES 256-bit encryption and 4096-bit RSA authentication. The setup process should be identical/very similar on all distros because Network Manager is standard.

You can import the OpenVPN config files directly into Network Manager or create the connection from scratch.

Method 1
This method is the quickest, by importing the .ovpn server profile

  1. Download the .ovpn server profile(s) you want to use from our repository
    The profiles are found in the subfolders, such as AES-256-UDP/
  2. Open the Network Settings and click on the “+” sign to add a new connection type, from the menu select Import from file...
  3. Select the .ovpn server profile you downloaded earlier, add your VPN username and password, click Add or Save to save it
  4. You can now find the VPN connection profile listed when you click on the network icon in the notifications bar

Method 2
This method should be used if the import feature doesn’t work as expected.

  1. Open your browser and download our ca.crt and the tls-preshared-256.key from the repository (important: download the CA certificate file with Right click > Save as in Firefox; left click would auto-import the CA into the certificates store instead of downloading it)

  2. Open the Network Settings > Add a new connection and select OpenVPN

  3. In the settings window, you have to enter the following:

Connection name: choose a name to identify this connection or leave it unchanged
Gateway: the server hostname you want to connect to (list at such as
Authentication Type: Password
Enter your VPN username and password
CA Certificate: select the ca.crt file you downloaded earlier

Open the Advanced... section

  1. Choose port 8000 or 50000. If you use a TCP connection, use ports 8333 or 5900.
  2. Open the Security tab and select Cipher AES-256-GCM and HMAC-Authentication SHA512
  3. Open the TLS Authentication tab, check Verify peer (server), choose Server from the drop-down menu. Check Use additional TLS authentication and select the tls-preshared-256.key file. Select 1 for Key Direction
  4. Save it and connect.

Other tutorials: