- Proton VPN is removing support for old manual OpenVPN configuration files
- Users must download new configs or switch to WireGuard before February 28
- Proton VPN confirms that support for OpenVPN on its servers will remain
Proton VPN has announced the retirement of outdated manual OpenVPN configuration files due to security concerns, with a cutoff date set for February 28, 2026.
This change impacts all users who have downloaded configuration files prior to September 2023. While users of the official Proton VPN apps are unaffected, those utilizing manual setups on routers, Linux terminals, or third-party clients will lose connectivity unless they update their credentials.
In a blog post announcing the move, the company explained that this update is essential for transitioning users to more modern and secure encryption standards that older configuration files do not support.
Why is this happening?
The old configuration files are being phased out to enforce the use of AES-256-GCM encryption, which replaces the older CBC mode.
According to Proton, the switch to GCM provides "built-in integrity, support for parallel processing, and other efficiency improvements," resulting in faster performance and reduced battery drain on mobile devices.
Moreover, the new configurations implement TLS-Crypt, a feature that encrypts the control channel and packet headers. This effectively conceals the TLS handshake and metadata, making it significantly more challenging for firewalls and censors to detect VPN usage.
What you need to do
If you are using a manual OpenVPN setup, check when you last downloaded your configuration files. If it was before September 2023, or if you are uncertain, it is advisable to update them now.
Failing to update these files before the February deadline will lead to a sudden loss of connectivity, potentially exposing your traffic or completely blocking your internet access.
Follow these steps to ensure uninterrupted service:
- Log in to your Proton VPN dashboard via your web browser.
- Navigate to the Downloads tab on the left sidebar and select OpenVPN configuration files.
- Download and upload the new files to your router’s firmware (such as AsusWRT, DD-WRT, or OPNsense) or your third-party network manager.
However, if your router or hardware supports it, we strongly recommend switching to WireGuard instead of reinstalling OpenVPN.
WireGuard utilizes modern cryptography that executes faster, likely resulting in improved connection speeds and lower latency, which is crucial for gaming or 4K streaming on a router level.
Additionally, Proton’s custom implementation of WireGuard includes specific "Stealth" obfuscation capabilities, making it much harder for ISPs or strict firewalls to detect and block your VPN tunnel compared to a standard OpenVPN connection.
Mullvad vs. Proton: A different approach
This news follows closely after Mullvad VPN took a more drastic step. On January 15, Mullvad completely shut down support for OpenVPN across its entire server network, compelling all users to transition to the newer WireGuard protocol.
Proton’s approach is more gradual. While the company acknowledges it is moving towards phasing out OpenVPN from its apps, it has confirmed that server-side support will continue.
David Peterson, General Manager at Proton VPN, stated that while WireGuard is becoming more prevalent, legacy support remains a priority.
"With the higher performance of WireGuard, particularly on mobile devices, and our extension of WireGuard for Proton VPN's Stealth protocol, we have observed a significant decline in OpenVPN usage among our user base," Peterson noted. "As such, we will gradually phase out OpenVPN support in our client apps—especially for mobile devices where speed and battery performance are critical."
However, Peterson emphasized the distinction between the apps and the servers: "We will continue to support OpenVPN on Proton VPN's servers for the foreseeable future to accommodate legacy routers and other older devices that cannot support WireGuard."