> ## Documentation Index
> Fetch the complete documentation index at: https://pentest-tools.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Custom OpenVPN

> Set up VPN profiles using your own OpenVPN server

If you already have an OpenVPN server in your internal network, you can configure Pentest-Tools.com to use it instead of deploying a VPN agent.

<Info>
  VPN profiles require the **Internal network scanning** add-on.
</Info>

## When to use Custom OpenVPN

Use this option when:

* You already have an OpenVPN server deployed
* You want to use your existing VPN infrastructure
* Corporate policy requires using your own VPN

For most users, we recommend using the [VPN Agent](/capabilities/vpn/virtual-machine) instead for easier setup.

## Prerequisites

* An existing OpenVPN server accessible from the internet
* OpenVPN configuration file (.ovpn)
* Optional: Username and password if your server requires authentication

## Setup process

<Steps>
  <Step title="Create VPN profile">
    In Pentest-Tools.com, go to Settings > VPN Profiles > Create.
  </Step>

  <Step title="Select Custom OpenVPN">
    Choose "Custom OpenVPN Server" as the type.
  </Step>

  <Step title="Upload configuration">
    Upload your .ovpn configuration file.
  </Step>

  <Step title="Add credentials">
    If required, enter your OpenVPN username and password.
  </Step>

  <Step title="Configure settings">
    Set DNS servers and other options.
  </Step>
</Steps>

## Configuration file requirements

Your .ovpn configuration file should contain:

* Server endpoint (IP or hostname)
* Port and protocol
* Certificates and keys (inline or referenced)
* Encryption settings

<Warning>
  The OpenVPN configuration will be stored securely. Credentials are encrypted at rest.
</Warning>

## OpenVPN server requirements

Your OpenVPN server must:

* Be reachable from the Pentest-Tools.com scanning infrastructure
* Route traffic to your internal network

### Whitelisting Pentest-Tools.com

When using a Custom OpenVPN profile, the platform connects to your OpenVPN server from `vpn2.pentest-tools.com` (`109.74.200.91`). Make sure your firewall allows inbound connections from this address on the port your OpenVPN server uses.

The full list of scanner IP addresses (used for all scan traffic, not just VPN) is available at [Source IP addresses](/core/scans/source-ip-addresses).

### Recommended server configuration

```conf theme={null}
# Server config snippet
port 1194
proto udp
dev tun

# Enable client routing to internal networks
push "route 10.0.0.0 255.0.0.0"
push "route 192.168.0.0 255.255.0.0"
```

## Testing the connection

After configuration, verify your OpenVPN server is reachable:

1. Go to **Settings > VPN Profiles**
2. Click on your profile name to open the details panel
3. Click **Test connection**
4. The platform will attempt to connect to your OpenVPN server
5. Status shows **Success** if the test passes

<Tip>
  After the test, check the **Connection logs** section in the profile details for detailed output. This is especially helpful when troubleshooting failed connections.
</Tip>

<Note>
  Unlike VPN Agent profiles, Custom OpenVPN profiles do not show Online/Offline status. The platform connects to your OpenVPN server on-demand when running scans. Use **Test connection** to verify your configuration works correctly.
</Note>

## Troubleshooting

<AccordionGroup>
  <Accordion title="Connection fails">
    * Verify the OpenVPN server is reachable from `vpn2.pentest-tools.com` (`109.74.200.91`)
    * Check server firewall rules allow connections on the configured port
    * Check that the configuration file is valid and not corrupted
    * Check the connection logs for specific error messages
  </Accordion>

  <Accordion title="Scans timeout">
    * Verify the VPN server can reach the target
    * Check internal firewall rules
    * Check that routing is configured on the OpenVPN server
  </Accordion>
</AccordionGroup>

## Related topics

* [VPN profiles overview](/capabilities/vpn/overview)
* [Troubleshooting](/capabilities/vpn/troubleshooting)
