OpenVPN (`openvpn`)

The OpenVPN service is used to sign a user’s certificate request and receive a generated connection profile which can be used to connect to a VPN.

Before a client can use this service, they must install OpenVPN (learn more).

Client Commands

The OpenVPN workflows can be managed through openvpn subcommands.

base-profile (details) – show the base connection profile of the OpenVPN server
create-launchd-service (details) – create a launchd service
create-onc-profile (details) – create an ONC profile
create-profile (details) – create and sign an OpenVPN configuration profile
create-tunnelblick-profile (details) – create a Tunnelblick profile
exec (details) – connect to a remote OpenVPN server

Server Configuration Options

The following may be configured in the options section when configuring an openvpn service.

profile – the OVPN profile configuration defining the user-agnostic client connection parameters
certauth – the name of a configured certificate authority (default default)
validity – a duration of time for which certificates are signed for (default 2m)

The OpenVPN server must be configured to trust certificates signed by ssoca and to optionally enforce extended certificate validity (learn more).