openvpn3

Start a new VPN session

$ openvpn3 session-start [[-c|--config]] [path/to/config.conf]

$ openvpn3 sessions-list

$ openvpn3 session-manage [[-c|--config]] [path/to/config.conf] [[-D|--disconnect]]

$ openvpn3 config-import [[-c|--config]] [path/to/config.conf]

$ openvpn3 configs-list

openvpn3 [OPTIONS] [COMMAND-OPTIONS] [ARGUMENTS]

-h, --help
    Display a general help message and exit. When used with a subcommand, it displays help for that specific subcommand.

--version
    Output version information for the openvpn3 client.

-v, --verbose
    Increase output verbosity. Can be specified multiple times for more detailed output.

-d, --debug
    Enable debug output, providing extensive details useful for troubleshooting.

--json
    Format output in JSON, which is useful for scripting and programmatic parsing.

--service-path
    Specify the D-Bus service path for communication with the openvpn3-service-netcfg daemon, if it deviates from the default.

openvpn3 is a modern command-line client for managing OpenVPN connections on Linux. Unlike the traditional openvpn client, openvpn3 is designed with a modular architecture that heavily leverages D-Bus for communication with a background service, openvpn3-service-netcfg. This design allows for better integration with modern Linux desktop environments and network managers, improved security through privilege separation, and a more structured approach to configuration and session management.

Users can import .ovpn configuration files, list and manage stored configurations, establish and terminate VPN sessions, and monitor connection status and logs. It supports various authentication methods and facilitates a streamlined workflow for OpenVPN connectivity.

openvpn3 relies on the openvpn3-service-netcfg D-Bus service to be running and accessible. Without this service, the client cannot establish or manage VPN connections. It is not a direct drop-in replacement for the traditional openvpn client due to its different architectural approach and D-Bus dependency.

The openvpn3 command-line tool primarily acts as a client to the openvpn3-service-netcfg D-Bus daemon. All actual network configuration and tunnel management are handled by this background service, allowing openvpn3 to operate with minimal privileges. This separation enhances security and facilitates integration with other system components like NetworkManager.

Most functionality of openvpn3 is exposed through its subcommands. Key subcommands include:
config: For importing, listing, and managing OpenVPN configurations.
session: For starting, stopping, listing, and managing active VPN sessions.
connection: For interacting with underlying network connections managed by sessions.
show: For displaying various pieces of information, such as capabilities, D-Bus paths, or configuration details.
show-log: For viewing logs from active VPN sessions.

openvpn3 was developed by OpenVPN Inc. as a modern, modular, and D-Bus-integrated client for Linux. It emerged to provide a more streamlined and secure way to manage OpenVPN connections, addressing challenges related to desktop environment integration and privilege management that were present with the older openvpn client. Its development marks a significant architectural evolution for OpenVPN clients on Linux, moving towards a service-oriented model.

openvpn(8), nmcli(1), ip(8), dbus-send(1), openvpn3-session(1), openvpn3-config(1), openvpn3-connection(1), openvpn3-service-netcfg(8)