02. Basic Usage
Once you've installed the add-on, go to the Programs menu and find VPN Manager for OpenVPN and select it. Then select Add-on Settings.
Using the Wizard
The first time you access the settings, you'll be offered the option to set up the first connection using a wizard. This will walk through selecting a VPN, supplying the set of authentication details needed, default some options and then connect to the VPN provider. Some providers use a user ID and password, some use user keys and certs, some use both.
The wizard will automatically pick the best settings for your environment, particularly if you're using Linux where it'll default the settings mentioned on the Installation page.
Once you've used the wizard the Settings tabs will be populated with the values you've used and can be further modified.
Once there's a validated connection the wizard will not appear again. You can you use this option to re-enable it. Or you can use this option to disable the wizard if the default options are causing issues.
The VPN configuration tab allows you to enter details about the VPN provider you're using. If your provider doesn't require a user ID and password, don't enter one. If your provider needs user keys and certificates then these will be requested during connection.
This tab also has an option to modify the type of connection, either UDP, TCP or both. Typically UDP is better for streaming, and indeed some providers only have support for UDP. You can also change the port numbers if necessary, but all of the different VPN providers have been set up to use their preferred ports already.
After entering your VPN details, you should validate all of the connections that will be used. The first connection will be the connection that's used to automatically connect to either during boot, or after Kodi has started.
When you click the button to validate a connection you'll be shown a dialog as the connection is attempted. The first time you attempt to make a connection, the VPN provider files required to do so will be downloaded from Github. This can take some minutes for one or two of the providers, but this will only occur on first connection or if there's an update. Once a connection has been made successfully, it will be shown below the button and can be changed by clicking the connection button again.
A connection can be changed at any time, or it can be removed by selecting the last value in the list shown. Currently, all connections must be concurrent so deleting a connection will see all higher numbered connections deleted as well.
Once you've validated at least one connection, the VPN provider details are locked. An option will appear, 'Click here to update VPN settings' to unlock these details so that you can change anything that's become locked. If this is selected and the VPN provider details are unlocked, all connections will need to be re-validated.
If an update to the VPN provider files is found during a subsequent connection attempt, the add-on will not automatically switch to using that update. It will be download ready for use but you'll have to unlock the VPN provider (as above) and re-validate all of the connections.
You can validate as many as 10 connections. These connections will be used as part of the cycle and filter function. However all of the available connections can be selected from the add-on menu.
Once a connection is validated, any connection can be used via the 'Change or disconnect VPN connection' in the add-on menu.
User or Client Keys and Certificates
If you're using a VPN provider that relies on a user or client unique key and certificate then you'll need to obtain your key and cert files and put them on a drive or USB key that's accessible to your Kodi box. It doesn't matter where you put these files as they'll be requested during connection validation. Once these files have been supplied, they'll be stored locally and you won't be asked for them again.
Some providers supply these files separately (or as part of a zip), usually in the client area of the providers website. Locate and download these files, extracting they key and cert from the zip file if necessary.
Other providers embed the key and cert files in the .ovpn files. When you're asked to upload a key, you can also upload a .ovpn file that contains the key and cert and they'll be extracted for you.
Alternatively, you can create your own key and cert files. To make a key file, open up the .ovpn file in a text editor and copy everything between the <key> and </key> tag into a text file with the extension .key. Do not include the <key> and </key> tags. To make a cert file, copy everything between the <cert> and </cert> tag into a text file with the extension .crt, omitting the <cert> and </cert> tags.
Your cert file will look something like this:
**** LOTS OF RANDOM CHARACTERS **** lkncdlijASLKNFLKJHl1L:KSAMVL
Your key file will look something like this:
-----BEGIN PRIVATE KEY-----
**** LOTS OF RANDOM CHARACTERS **** ASFLKJlkj12r12pipikfsamasfAS
-----END PRIVATE KEY-----
Some providers, (e.g. AirVPN, CyberGhost and HideIPVPN) can use a single key/cert pair for all locations. If you see multiple key/cert pairs, just make one available and it will be used for all locations.
Other providers (e.g. Perfect Privacy and Celo) requires a unique key/cert pair for each location so you'll need to make multiple pairs available and match them to the correct location during the validation. If you're uploading .ovpn files that contain the keys, make sure you're selecting the right .ovpn for the location.
For VPNSecure the key is secured by a key password which needs to be entered during connection. This is not (necessarily) your user password, it is used during key generation and if the password changes then you'll need to delete the key and upload new ones.
For Celo it's worth nothing that to get the right file you need to connect to each server with the login option, and then download 'Yourself (user-locked profile)'. This file will contain the key/cert pair for that location. If you're having trouble then see their knowledge centre for setting up the DD-WRT.