Multiple connection profiles – vpn.client.basic

The OpenVPN Connect Client that comes with the OpenVPN Access Server can be installed and configured in various ways. Depending on your configuration and method of installation of the Connect Client, it can be configured in the 'basic' mode, or not. The basic mode removes the 'import' functions and only allows the Connect Client to remember one single Access Server connection. If the Connect Client is configured not to run in the basic mode, then the 'import' function is available, you can manually delete connection profiles from the Connect Client, and you can have the Connect Client remember multiple servers so you can switch easily from one server to the next. Please keep in mind that the Connect Client is designed to allow only one active OpenVPN tunnel at a time, so while you can have the Connect Client store and remember multiple connection profiles, only one can be active at any given time. If you are connected to server A and want to connect to server B, you have to disconnect the connection to server A first.

 

Turn 'basic' mode on/off for all new installations

You can configure this setting on the Access Server itself, using the command line. What this will do is not alter the settings on clients that are currently already installed, but it will make it so that new copies of the OpenVPN Connect Client downloaded and installed from your Access Server's client web interface will already be configured to the basic mode setting you have chosen. To make this configuration change on the Access Server, open an SSH session to it or log on to the console. Obtain root privileges and then run the following commands:

/usr/local/openvpn_as/scripts/confdba -mk vpn.client.basic -v false
/etc/init.d/openvpnas restart

Please note that "false" in the above command disables the basic mode, so that the import and delete menu options and multiple profiles option is enabled. Setting it to true enables the basic mode and hides these features. Also note that the 'restart' command will disconnect all your currently connected VPN users temporarily.

If you have a Connect Client already installed, changing this setting on the Access Server will not change it on the already installed Connect Client. To resolve this you have 2 options; you can adjust the setting manually on the computer, with a similar command line but executed on the client computer (Mac OS X or Windows) itself, or to simply log on to the web interface using the "LOGIN" (not "CONNECT") function and downloading and installing a new copy of the Connect Client so that the updated setting can take effect on the client computer.

 

Configuring this on a single VPN client computer

As mentioned earlier, if you have the OpenVPN Connect Client already installed, and it is configured with basic mode either on or off, then this doesn't change when you make a configuration change on the Access Server itself. It doesn't automatically get this setting pushed by the Access Server. Configuration changes for this particular setting don't take effect until you download a new copy of the Connect Client and install it. However, you can make this configuration change on a single computer via the command line.

For Windows:

  1. Open cmd.exe with administrative privileges.
  2. Run the following 2 commands: (if you have 32 bits Windows, leave out the " (x86)" part):
  3. cd "C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core"
  4. capicli -k basic_client -v false SetPreference
  5. Restart the Windows computer.

For Macintosh:

  1. Open 'terminal' program on your Mac.
  2. Run the following 2 commands:
  3. cd "/Library/Frameworks/OpenVPN.framework/Versions/Current/bin"
  4. capicli -k basic_client -v false SetPreference
  5. Restart the Macintosh computer.

Please note that "false" in the above commands disables the basic mode, so that the import and delete menu options and multiple profiles option is enabled. Setting it to true enables the basic mode and hides these features. As an alternative to restarting the whole computer system it is also possible to just close the OpenVPN Connect Client program and opening it again. But for most users the action to restart the computer may be simpler to do.