Skip to main content

Overview

OpenVPN servers use username and password authentication. When a user connects, the OpenVPN server calls back to StartMyVPN to verify the credentials in real time.

How authentication works

The authentication endpoint is part of the standalone script server — a lightweight HTTP server running on the VPN server that handles auth callbacks securely.

Downloading OpenVPN config

Users download a .ovpn config file from their dashboard:
  • Web dashboard: /vpn/download/{server}
  • API: GET /v1/servers/{server}/openvpn
The config file contains:
  • Server IP and port
  • Protocol (UDP/TCP) and port
  • TLS/CA certificates
  • auth-user-pass directive (prompts for username/password on connect)

Connection logging

Every successful OpenVPN authentication is logged in the database with:
  • User ID
  • Server ID
  • Connection timestamp
  • Bytes received and transmitted
This data feeds the bandwidth usage tracking system.

Bandwidth enforcement

When a user attempts to connect and their bandwidth limit is exceeded (if the plan has a limit), the authentication request is rejected and the connection is denied.

Manual installation

If you’re adding an existing server manually, install OpenVPN using the bundled script:
The installation script handles:
  • OpenVPN installation
  • Certificate generation
  • auth-user-pass-verify hook pointing to StartMyVPN’s script server
  • Firewall rules

OpenVPN config stored

The openvpn_configs table stores one config record per server containing:
  • The client .ovpn template
  • CA certificate
  • Server certificate
  • TLS auth key