DSVPN uses positional arguments only — no flags, no configuration file. All parameters have sensible defaults accessible via theDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/jedisct1/dsvpn/llms.txt
Use this file to discover all available pages before exploring further.
auto keyword, and trailing auto arguments can be omitted entirely. The result is that a fully working server needs just two arguments and a fully working client needs just three.
dsvpn server
Run on the machine that will act as the VPN gateway and route client traffic to the internet.
Must be
server to run in server mode.Path to the 32-byte shared secret key file (e.g.
vpn.key). Must contain exactly 32 raw bytes. See Key Management for how to generate this file.IP address or hostname to bind to. Use
auto to listen on all interfaces (0.0.0.0). Default: auto.TCP port to listen on. Use
auto for port 443. Default: auto (443).Name of the TUN interface to create. Use
auto to let the OS assign a name. On Linux any name is valid; on macOS the name must follow the utunN pattern, so auto is recommended. Default: auto.Local IP address of the tunnel interface on the server side. Default:
auto → 192.168.192.254.Remote (client-side) IP address of the tunnel. Must match the client’s
local tun ip. Default: auto → 192.168.192.1.External IP address of the server, used when constructing firewall and routing rules. Default:
auto (auto-detected from the system’s default external interface).dsvpn client
Run on each device that should tunnel its traffic through the DSVPN server.
Must be
client to run in client mode.Path to the 32-byte shared secret key file. Must be identical to the key file used by the server.
IP address or hostname of the DSVPN server to connect to. This argument is required on the client;
auto is not a valid value here.TCP port on the server to connect to. Use
auto for port 443. Must match the port the server is listening on. Default: auto (443).Name of the TUN interface to create locally. Use
auto to let the OS assign a name. Default: auto.Local IP address of the client-side tunnel interface. Must match the server’s
remote tun ip. Default: auto → 192.168.192.1.IP address of the server-side tunnel interface, used as the default gateway inside the tunnel. Must match the server’s
local tun ip. Default: auto → 192.168.192.254.IP address of the local network router (the device’s current default gateway). DSVPN needs this to add a specific host route for the VPN server so the VPN’s own TCP socket is not sent back into the tunnel. Use
auto to detect it from the system routing table. Default: auto.The auto Keyword
auto is a placeholder that tells DSVPN to use the built-in default for that position. Because all parameters after key file have defaults, trailing auto arguments can be omitted. DSVPN reads arguments left-to-right; any argument not supplied at all is treated as auto.
This means:
- The minimum valid server command is
dsvpn server vpn.key— all remaining positions default toauto. - The minimum valid client command is
dsvpn client vpn.key <server-ip>— the server IP is the only required non-autoargument on the client.
auto for the earlier positions. For example, to set only the gateway IP on the client:
Default Values
| Parameter | Server Default | Client Default |
|---|---|---|
| port | 443 | 443 |
| tun interface | OS-assigned | OS-assigned |
| local tun ip | 192.168.192.254 | 192.168.192.1 |
| remote tun ip | 192.168.192.1 | 192.168.192.254 |
| MTU | 9000 (1500 on NetBSD) | 9000 (1500 on NetBSD) |
| reconnect attempts | N/A | 100 |
auto defaults on both ends produces a correctly matched tunnel with no manual coordination required.
Examples
DSVPN does not support flags such as
--port, -k, or --key. All
configuration is passed as positional arguments in the exact order shown
above. Passing flags will cause DSVPN to print its usage message and exit.