OpenVPN
Copy the certificate contents from an existing .ovpn config file, and you can use that OpenVPN connection as a Clash outbound node.
Example Config
proxies: - name: "openvpn" type: openvpn server: vpn.example.com port: 1194 proto: udp # auth-user-pass mode username: "user" password: "pass" ca: | -----BEGIN CERTIFICATE----- MIIB...example -----END CERTIFICATE----- udp: true
Field Reference
protoDefault: udpThe protocol type — supports udp/tcp.
username / passwordOptionalThe username and password for auth-user-pass authentication — choose either this or the cert/key certificate mode (both can't be empty).
caRequiredThe CA certificate content — copy it directly from the <ca> tag in the .ovpn file.
cert / keyOptionalThe client certificate and private key content, copied from the corresponding tags in the .ovpn file; can be omitted when using username/password authentication.
tls-cryptOptionalThe TLS encryption key, copied from the corresponding tag in the .ovpn file — no need to keep the tag itself.
cipher / authOptionalcipher defaults to AES-128-GCM, supporting the AES-GCM/CBC families and CHACHA20-POLY1305; auth defaults to SHA256 and is ignored when using an AEAD cipher.
peer-infoOptionalKey-value pairs passed through to the server, appended after the built-in IV_VER/IV_PROTO/IV_CIPHERS — the server may use these for access decisions.
dialer-proxy / remote-dns-resolve / dnsOptionalWorks the same as other protocols — see the dialer-proxy docs.