DSVPN is designed to work out of the box with sensible defaults. Every parameter after the key file accepts the literal valueDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/jedisct1/dsvpn/llms.txt
Use this file to discover all available pages before exploring further.
auto, and trailing auto arguments can be omitted entirely — so dsvpn server vpn.key is a fully valid server invocation. This page covers how to override each parameter when you need a custom deployment.
Full parameter reference
The complete command signatures are:|"auto" can be set to auto (or omitted if they are the final arguments) to use the built-in defaults.
Custom tunnel IP addresses
By default, the tunnel uses192.168.192.254 as the server-side TUN address and 192.168.192.1 as the client-side TUN address. If either of those ranges conflicts with an existing subnet in your environment, you can override them:
The local and remote tunnel IPs must be the same pair on both ends, just swapped. The server’s local IP becomes the client’s remote IP, and vice versa. In the example above: the server’s local is
10.8.0.1 and its remote is 10.8.0.2; the client’s local is 10.8.0.2 and its remote is 10.8.0.1.Custom TUN interface name
On Linux, the TUN interface can be named anything that fits within the system’s interface name limit. On macOS, the kernel control socket mechanism requires the interface to follow theutunN naming pattern.
auto for the interface name picks the first available TUN device: on Linux it lets the kernel assign a name (typically tun0); on macOS it iterates utun0 through utun31 and uses the first one that is not already open.
Custom listen address (server)
By default the server listens on all interfaces. To bind to a specific IP address — for example, when the host has multiple network cards and you only want to accept VPN connections on one of them — pass the IP as the third argument:Point-to-point mode (NO_DEFAULT_ROUTES)
Compiling DSVPN with -DNO_DEFAULT_ROUTES instructs it to skip the installation of default routes when a client connects. Only the TUN interface addresses are configured; no policy routing rules, no default-route entries, and no IPv6 blackhole routes are added. This is useful for site-to-site tunnels or selective routing scenarios where you manage the routing table yourself.
auto parameters all still work. You are then responsible for adding whichever ip route (Linux) or route add (macOS/BSD) commands your topology requires.
IPv6 tunnel addresses
DSVPN automatically derives IPv6 addresses for the tunnel interface using the NAT64 well-known prefix64:ff9b::, appended with the IPv4 tunnel addresses. For the default IPs:
- Server TUN IPv6:
64:ff9b::192.168.192.254 - Client TUN IPv6:
64:ff9b::192.168.192.1
MTU
The default MTU is 9000 (jumbo frames), which maximises throughput on networks that support large frames. The sole exception is NetBSD, where the default is 1500 due to platform limitations. If the physical path between client and server has a lower MTU limit, the oversized TUN MTU may cause fragmentation of the outer TCP segments. The MTU is not configurable at runtime; to change it you must editDEFAULT_MTU in include/vpn.h and recompile.