Configuration overview

General settings
Server pool public:pw.openvpn.ipredator.se
Server pool IPv6:ipv6.openvpn.ipredator.se
Server pool NAT:nat.openvpn.ipredator.se
Standard port:1194
Protocol:UDP (default) / TCP
User authentication:credentials (auth-user-pass)
Encryption settings
Encryption:AES-256-CBC
Auth hash:SHA1
CA:IPredator.se.ca.crt
TLS auth key:yes (IPredator.se.ta.key)
Key direction:not set
Compression:yes (comp-lzo)
Assigned DNS servers
DNS 1:46.246.46.46
DNS 2:194.132.32.23

Config files

Below you find configs for OpenVPN in various configurations. Use the default config to get a routable internet IP address. The NAT config will assign you a RFC1918 IP address and will also shield your client from the internet and other VPN users. If you want to experience the smell of the future use the IPv6 config.

Please note that all configs default to TLS 1.2. Older OpenVPN or OpenSSL releases do not support TLS 1.2. If thats the case for your setup please disable tls-version-min in the config file.

If your are looking for a static IP config please contact the support.

Client / OS Pool Configuration file Inlined certificate & TA auth key
Viscosity or native / Windows Default IPredator-Windows-Password.ovpn yes
Viscosity or native / Windows TCP Default IPredator-Windows-Password-TCP.ovpn yes
Viscosity or native / Windows NAT IPredator-Windows-NAT-Password.ovpn yes
Viscosity or native / Windows IPv6 IPredator-Windows-IPv6-Password.ovpn yes
Viscosity or Tunnelblick / OSX Default IPredator-MacOSX-Password.ovpn yes
Viscosity or Tunnelblick / OSX NAT IPredator-MacOSX-NAT-Password.ovpn yes
Viscosity or Tunnelblick / OSX IPv6 IPredator-MacOSX-IPv6-Password.ovpn yes
Gnome Network Manager / Linux Default IPredator-NetworkManager-Password.ovpn no
Gnome Network Manager / Linux NAT IPredator-NetworkManager-NAT-Password.ovpn no
Gnome Network Manager / Linux IPv6 IPredator-NetworkManager-IPv6-Password.ovpn no
CLI / Any Default IPredator-CLI-Password.conf yes
CLI / Any NAT IPredator-CLI-NAT-Password.conf yes
CLI / Any IPv6 IPredator-CLI-IPv6-Password.conf yes
iOS Default IPredator-iOS-Password.ovpn yes
iOS NAT IPredator-iOS-NAT-Password.ovpn yes
iOS IPv6 IPredator-iOS-IPv6-Password.ovpn yes
Android Default IPredator-Android-Password.ovpn yes
Android NAT IPredator-Android-NAT-Password.ovpn yes
Android IPv6 IPredator-Android-IPv6-Password.ovpn yes

Connecting to different server ports

Our OpenVPN servers are not just reachable via 1194 UDP. You can use every available port for UDP and TCP connections.

If you experience packet loss or low speed try to switch from the default port 1194 to 22, 53, 80, 443, or some completely random port.

You can also try to use the TCP protocol if you have difficulties getting a connection via UDP.

Floating connections to fix reconnect issues

In some cases OpenVPN does not reconnect properly after a connection dropped or a new VPN gateway was assigned.

This can happen out of two reasons. Either OpenVPN tries to keep up the old connection and does not communicate with a newly assigned gateway. Or OpenVPN does not reuse your credentials and cannot reauthenticate without you reentering your credentials. These are security features to reduce the risk of getting rerouted after e.g. a DNS spoofing attack.

You can work around connection drops on reconnects if you allow your client to float between VPN gateways. This basically results in your client establishing OpenVPN connections with arbitrary peers. If you like to activate this feature add the keyword float as new line to your configuration file.

If you want OpenVPN to reauthenticate without interaction, you need to add auth-retry nointeract to your configuration file. This is the default setting in current configuration files.

TLS key refresh

If you need a more frequent TLS key renegotiation, use the following options in the OpenVPN configuration file:

reneg-bytes n
renegotiate after n bytes have been sent (disabled by default)
reneg-pkts n
renegotiate after n packets have been sent (disabled by default)
reneg-sec n
renegotiate after n seconds (defaults to 3600)

Disable default route

If you need to set up the routing table yourself you have two options:

route-nopull
Disables to configure pushed routes on your client but still allows the VPN gateway to set interface parameters like the MTU.
route-noexec
Does not execute route commands at all and passes the routing information to the route-up script for processing. You have to take care of everything yourself.

A use case for the route-noexec option is shown in the OpenVZ HowTo.