Skip to main content
If you already have an OpenVPN server in your internal network, you can configure Pentest-Tools.com to use it instead of deploying a VPN agent.
VPN profiles require the Internal network scanning add-on.

When to use Custom OpenVPN

Use this option when:
  • You already have an OpenVPN server deployed
  • You want to use your existing VPN infrastructure
  • Corporate policy requires using your own VPN
For most users, we recommend using the VPN Agent instead for easier setup.

Prerequisites

  • An existing OpenVPN server accessible from the internet
  • OpenVPN configuration file (.ovpn)
  • Optional: Username and password if your server requires authentication

Setup process

1

Create VPN profile

In Pentest-Tools.com, go to Settings > VPN Profiles > Create.
2

Select Custom OpenVPN

Choose “Custom OpenVPN Server” as the type.
3

Upload configuration

Upload your .ovpn configuration file.
4

Add credentials

If required, enter your OpenVPN username and password.
5

Configure settings

Set DNS servers and other options.

Configuration file requirements

Your .ovpn configuration file should contain:
  • Server endpoint (IP or hostname)
  • Port and protocol
  • Certificates and keys (inline or referenced)
  • Encryption settings
The OpenVPN configuration will be stored securely. Credentials are encrypted at rest.

OpenVPN server requirements

Your OpenVPN server must:
  • Be reachable from the Pentest-Tools.com scanning infrastructure
  • Route traffic to your internal network

Whitelisting Pentest-Tools.com

When using a Custom OpenVPN profile, the platform connects to your OpenVPN server from vpn2.pentest-tools.com (109.74.200.91). Make sure your firewall allows inbound connections from this address on the port your OpenVPN server uses. The full list of scanner IP addresses (used for all scan traffic, not just VPN) is available at Source IP addresses. 
# Server config snippet
port 1194
proto udp
dev tun

# Enable client routing to internal networks
push "route 10.0.0.0 255.0.0.0"
push "route 192.168.0.0 255.255.0.0"

Testing the connection

After configuration, verify your OpenVPN server is reachable:
  1. Go to Settings > VPN Profiles
  2. Click on your profile name to open the details panel
  3. Click Test connection
  4. The platform will attempt to connect to your OpenVPN server
  5. Status shows Success if the test passes
After the test, check the Connection logs section in the profile details for detailed output. This is especially helpful when troubleshooting failed connections.
Unlike VPN Agent profiles, Custom OpenVPN profiles do not show Online/Offline status. The platform connects to your OpenVPN server on-demand when running scans. Use Test connection to verify your configuration works correctly.

Troubleshooting

  • Verify the OpenVPN server is reachable from vpn2.pentest-tools.com (109.74.200.91)
  • Check server firewall rules allow connections on the configured port
  • Check that the configuration file is valid and not corrupted
  • Check the connection logs for specific error messages
  • Verify the VPN server can reach the target
  • Check internal firewall rules
  • Check that routing is configured on the OpenVPN server