02. Basic Usage
Once you've installed the add-on, go to the Programs menu and find VPN Manager for OpenVPN and select it. Then select Add-on Settings.
The first time you access the settings, you'll be offered the option to set up the first connection using a wizard. This will walk through selecting a VPN, supplying the set of authentication details needed and then connect to the VPN provider. Some providers use a user ID and password, some use user keys and certs, some use both.
Once you've used the wizard the Settings tabs will be populated with the values you've used and can be further modified.
The VPN configuration tab allows you to enter details about the VPN provider you're using. If your provider doesn't require a user ID and password, don't enter one. If your provider needs user keys and certificates then these will be requested during connection.
This tab also has an option to modify the type of connection, either UDP, TCP or both. Typically UDP is better for streaming, and indeed some providers only have support for UDP. You can also change the port numbers if necessary, but all of the different VPN providers have been set up to use their preferred ports already.
After entering your VPN details, you should validate all of the connections that will be used. The first connection will be the connection that's used to automatically connect to either during boot, or after Kodi has started.
When you click the button to validate a connection you'll be shown a dialog as the connection is attempted. Once a connection has been made successfully, it will be shown below the button and can be changed by clicking the connection button again.
A connection can be changed at any time, or it can be removed by selecting the last value in the list shown. Currently, all connections must be concurrent so deleting a connection will see all higher numbered connections deleted as well. Once you've validated at least one connection, the VPN provider details are locked. An option will appear to unlock these details but if selected, all connections will need to be re-validated.
You can validate as many as 10 connections. These connections will be used as part of the cycle and filter function. However all of the available connections can be selected from the add-on menu.
Once a connection is validated, any connection can be used via the 'Change or disconnect VPN connection' in the add-on menu.
If you're using a VPN provider that relies on a user or client unique key and certificate then you'll need to obtain your key and cert files and put them on a drive or USB key that's accessible to your Kodi box. These files will be used during connection validation. Once these files have been supplied, they'll be stored locally and you won't be asked for them again.
Some providers supply these files separately (or as part of a zip), usually in the client area of the providers website. Locate and download these files, extracting they key and cert from the zip file if necessary.
Other providers embed the key and cert files in the .ovpn files. For these providers, you'll need to create your own key and cert files. To make a key file, open up the .ovpn file in a text editor and copy everything between the <key> and </key> tag into a text file with the extension .key. Do not include the <key> and </key> tags. To make a cert file, copy everything between the <cert> and </cert> tag into a text file with the extension .crt, omitting the <cert> and </cert> tags.
Your cert file will look something like this:
-----BEGIN CERTIFICATE-----
DSAJKLQ>KJAfLSIBAgICA/UwDQYJKoZIhvcNAQELBQAwFTETMBEGA1UEAwwKT3Bl
blZQTiBDQTAeFw0xNjA2MDExMTA4MTVaFw0yNjA2MDYxMTA4MTVaMBYxFDASBgNV
**** LOTS OF RANDOM CHARACTERS **** lkncdlijASLKNFLKJHl1L:KSAMVL
/0ArssSqwbqQlksajflkASLKFJL12SAKJAGFlkjASFrlETE94Xp2OkB2YjcwwjGv
hfX423ytcnMoMLKRWebatMHCNXuTyi7ASFLKJA:LSFKxm+GSFY1Lrga3sDQ==
-----END CERTIFICATE-----
Your key file will look something like this:
-----BEGIN PRIVATE KEY-----
MIIEvgIBAaSdaslaksjflASFJLKJAASCBKgwggSkAgEAAoIBAQC/LQpK23htdCaH
LWxpNxGZ+7PMyhGccl9ioASLKFJLAKJASFLKjASkljfhMn46QrMBZsd8LTedA+dO
sEuk0IS5c4HASFLKJASFLKJlkjasH8zYezVzczsj7pCpREprVzGDPYxQQ27s2rtz
**** LOTS OF RANDOM CHARACTERS **** ASFLKJlkj12r12pipikfsamasfAS
OQMHgQZPx8WOOjOA0/x4p5EQzAFKiyfn1S+H6xZdAoGBAMrKfvanOhfs0dc11oS1
hLGVYXNmSZdP5JFDandNASFLKjllkjpoiqrwlkALKSJFnSCtj5AKTuWGrSUBJ6eO
tSIF/pjbNFLlHUuTKASKJFHkljhasflkjoi1u2r98ywfasWqK6aEPLmgmJb/OjIc
I4dgK1SwXZ7yZ46alksjflkjfsaQjx
-----END PRIVATE KEY-----
Some providers, (e.g. AirVPN, CyberGhost and HideIPVPN) can use a single key/cert pair for all locations. If you see multiple key/cert pairs, just make one available and it will be used for all locations.
Other providers (e.g. Perfect Privacy and Celo) requires a unique key/cert pair for each location so you'll need to make multiple pairs available and match them to the correct location during the validation.
For Celo it's worth nothing that to get the right file you need to connect to each location with the login option, and then download 'Yourself (user-locked profile)'. This file will contain the key/cert pair for that location.