App Support.

We're here to help.



Connection Settings

The Viscosity connection editor allows you to easily and quickly make changes to your OpenVPN configuration, or to create a new connection. Below is an outline of what each setting does, tab by tab. Please note, some settings are Mac or Windows specific and will be noted if this is the case.

General

  • Name - The name for your connection. This is your reference for how to identify the connection later.
  • Address - The address for the server you are connecting too. Multiple servers can be entered separated by a comma.
  • Port - The port for the server you are connecting too.
  • Protocol - The protocol type for the connection.
  • IP Version - The IP Version to connect to the server over.
  • Device - The type of network interface to use. Most connections use tun.
  • Enable IPv6 - Enabling this options allows IPv6 to be setup for the connection.
  • Connect when Viscosity opens - This option is available on all tabs and will cause this connection to begin connecting as soon as Viscosity is launched.

Authentication

The following are common options to all authentication types:

  • Type - The type of authentication setup to use for this connection, these are described more in depth below
  • Use Username/Password authentication - Check this if the server you are connecting to requires a username and password.

SSL/TLS Client

This is the most common form of authentication for OpenVPN. It uses at minimum a server (CA) and user (Cert) certificate and a user key (Key) for authentication. A TLS (Tls-Auth) key can also be optionally used for an additional layer of authentication.

  • CA - The Certificate Authority file for the server.
  • Cert - Your user certificate.
  • Key - Your user key.
  • Tls-Auth - An optional key for an additional layer of authentication if your server supports it.
  • Direction - The direction for TLS authentication, defined by your server.

SSL/TLS Client (PKCS11)

PKCS11 allows you to use a smart key or token to store your keys on and retrieve them directly from the key. For more information on PKCS11, please see Using Tokens/Smartcards (PKCS#11).

  • CA - The Certificate Authority file for the server.
  • Providers - The libraries which allows communication with your token or smart card.
  • Retrieval - You can define a certificate to always use for this connection, or choose to be prompted each time you connect (handy if you regularly receive new certificates).
  • Name - The name of the certificate to use on the token or smart card.
  • Tls-Auth - An optional key for an additional layer of authentication if your server supports it.
  • Direction - The direction for TLS authentication, defined by your server.

SSL/TLS Client (PKCS12)

PKCS12 is like the original SSL/TLS client method, except a PKCS12 file is your CA, Cert and Key bundled into a single pfx or p12 file.

  • PKCS12 - The PKCS12 file to use for this connection.
  • Tls-Auth - An optional key for an additional layer of authentication if your server supports it.
  • Direction - The direction for TLS authentication, defined by your server.

Static Key

Static Key is a very out dated method of authentication which we recommend you do not use but is available for older server configurations.

  • Secret - The Secret key for the connection.
  • Direction - The direction for TLS authentication, defined by your server.

Options

  • Ping - Pings the remote host every x seconds to maintain a connection.
  • Ping Restart - Restarts the connection if no traffic has passed in x seconds.

Please see this article for more information if you are having issues with ping-restarts.

The following persist options are only effected if the connection or OpenVPN restart without Viscosity disconnecting the connection.

  • Persist Tun - Do not reset the network adapter if the connection restarts.
  • Persist Key - Don't re-read key files if the connection restarts.
  • Persist Local IP - Do not change local IP settings if the connection restarts.
  • Persist Remote IP - Do no change remote IP settings if the connection restarts.
  • Require Server nsCertType - Require that the server certificate was signed with the name server. This adds an extra layer of protection to mitigate MITM attacks.
  • Compression - Compression options for the connection. This must match with what the server allows.
  • No Bind - Use a dynamic port for the local end of the connection, this is recommended.
  • Pull Options - Pull options from the server when connecting.

Networking

All Traffic

This drop down offers the following options and controls whether all traffic is sent over the VPN Connection.

  • Automatic (Set by server) - Allows All Traffic to be set by the server. All traffic is sent over the VPN Connection if the server pushes an option to do so, otherwise no traffic is sent over the VPN Tunnel except by routes which are set in your configuration or pushed by the server.
  • Send all traffic over VPN connection - All IPv4 and IPv6 traffic is sent over the VPN connection if it is supported. If IPv4 or IPv6 is not supported by the VPN Connection a warning will be displayed in the log.
  • Send all IPv4 traffic over VPN connection - All IPv4 traffic is sent over the VPN connection if it is supported.
  • Send all IPv6 traffic over the VPN connection - All IPv6 traffic is sent over the VPN connection if it is supported.

Routing

  • Send all traffic over VPN connection - All traffic should be redirected over the VPN unless there are specific routes set in the configuration or pushed by the server
  • Default Gateway - The default gateway for the connection, this should be left blank in most scenarios.

Routes for the connection can be defined by pressing the +. For more information on routing, please see Routing Traffic For Websites & Applications.

DNS

For more information on DNS setup, as well as troubleshooting help, please see Configuring DNS and WINS settings.

  • Mode - The DNS Mode for the connection, please see Configuring DNS and WINS settings for more information.
  • Servers - DNS Servers to be used for this connection. Servers defined here are used first. Multiple servers can be added separated by a comma.
  • Domains - DNS Domains to be used for this connection. Domains defined here are used first. Multiple domains can be added separated by a comma.
  • Ignore DNS settings sent by the VPN server - Any DNS Servers, Domains, or WINS servers pushed by the server will not be used.

Other

  • Shaper - A value in bps (bits per second) can be defined here to throttle the upload speed for the VPN connection.
  • Fragment - Defines the max size of a UDP packet in bytes.
  • Tun MTU - The MTU (Maximum Transmission Unit) for a tun device connection. Lowering this value may help with connection stability.
  • Inactive - Disconnect if no traffic is sent or received after x seconds. Leaving this value blank will disable this option.

Proxy

If you normally connect to the Internet through a Proxy, you can set the details here so that OpenVPN can also connect through your proxy server.

  • Connect using proxy - Enable or disable this feature.
  • Type - The type of proxy you connect through. If Systemwide is specified, Viscosity will attempt to retrieve proxy details from your system.
  • Address - The address of the proxy server.
  • Port - The port of the proxy server.
  • Auth - The authentication type for the proxy server.
  • Retry on proxy errors - If there is an error connecting or authenticating to the server, enable to keep retrying until a manual disconnection takes place.

Advanced

Scripting

Scripts can be defined here. For more information on scripting, please see our articles for Mac or Windows.

Extra Commands

Extra commands can be defined here that are not available in the rest of the connection editor. For more information please see Advanced Configuration Commands.

After creating a new connection, or editing an existing connection, you will see a few commands here, it is recommended you do not modify them. For example:

  • --route-delay - This adds a delay to allow your system to catch up between the connection being completed, and Viscosity setting up your network confinguration. By default this is 5 (seconds).
  • --dev-node (Windows Only) - This is the GUID for the network adapter this connection will use.
  • Don't create a network adapter for this connection (Windows Only) - Do not create a network adapter for this connection. This is an extremely advanced command for users who want to manage the network adapter their connection uses completely manually. For normal operation, never use this option.

If you do not wish for a network adapter to be created for each connection, please see Single Adapter Mode (Windows).