Skip to main content
Skip table of contents

Options for OpenVPN Client-Server Communication on IGEL OS

Here, you can configure the interaction between the OpenVPN client on IGEL OS and the server.

Further information regarding the options can be found in the OpenVPN documentation which is maintained by the OpenVPN project.



Menu path: Setup > Network > VPN > OpenVPN > [OpenVPN Connection] > Options


Gateway Port

Local gateway port. Default: 1194


Custom renegotiation interval

Renegotiate data channel key after a given number of seconds. (Default: 0)


Use LZO data compression

From OpenVPN v2.4, LZO data compression ("comp-lzo") is deprecated. 

☑ The client will use LZO compression. Necessary if the server uses compression.

☐ The client will not use LZO compression. (Default)


Protocol used for communication to the host

  • udp: UDP will be used. (Default)
  • tcp-client: TCP will be used.
If you use a proxy, select tcp-client.

Virtual network type

  • tun: Routing will be used. (Default)
  • tap: Bridging will be used.


Use custom tunnel maximum transmission unit (MTU)

The MTU of the TUN device will be used as a given value. The MTU of the interface will be derived from it.


UDP fragment size

Allow internal data fragmenting up to this size in bytes. Leave this field empty to keep the default value.


Restrict tunnel TCP maximum segment size (MSS)

☑ The TCP segment size (MSS) of the tunnel will be restricted.

☐ The TCP segment size (MSS) will not be restricted. (Default)


Randomize remote hosts

☑ The remote gateways will be ordered randomly as a simple type of load balancing.

☐ The remote computers will not be ordered randomly. (Default)


Cipher (legacy parameter)

Encryption algorithm for data packets. If you do not want to use any of the ciphers in this menu, select unset. Default: BF-CBC (Blowfish in the Cipher Block Chaining mode)


Use default data cipher list

The default list of ciphers that are to be negotiated between client and server is "AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305".

☑ The default cipher list is used. (Default)

☐ The list provided in Data ciphers is used.


Data ciphers

You can enter enter a custom list of ciphers. The ciphers must be separated by a semicolon ';'. Example: "AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305"


HMAC authentication: Hashing algorithm for packet authentication (default: SHA1)

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.