Keep-alive timeout: Zorp pings the remote endpoint periodically. This parameter specifies the time between two ping messages in seconds.

Keep-alive delay: The amount of time in seconds until Zorp waits for a response to the ping messages. If no response is received within this period, Zorp restarts the VPN connection.

Verbose: It is the verbosity level of the VPN tunnel.

Compression: Compress the data transferred in the VPN tunnel.

Propagate ToS: If enabled and the Type of Service (ToS) parameter of the packet transferred using the VPN is set, Zorp sets the ToS parameter of the encrypted packet to the same value.

Persistent IP address: This option is available only in Zorp 3.3R6 or later. Preserve the initially resolved local IP address and the port number across SIGUSR1 or --ping-restart restarts.

Persistent TUN Interface: This option is available only in Zorp 3.3R6 or later. Create a persistent tunnel. Normally TUN/TAP tunnels exist only for the period of time that an application has them open. Enabling this option builds persistent tunnels that live through multiple instantiations of OpenVPN and die only when they are deleted or the machine is rebooted.

Duplicate CN: This option is available only in Zorp 3.4 or later. If enabled, multiple clients with the same common name can connect at the same time. If this option is disabled, Zorp will disconnect new clients if a client having the same common name is already connected.

CCD Exclusive: This option is available only in Zorp 3.4 or later. If enabled, the connecting clients must have a --client-config-dir file configured, otherwise the authentication of the client will fail. This file is generated automatically if the Roadwarrior Server option is enabled on the General tab.

Additional options: This option is available only in Zorp 3.4 or later. Enter any additional options required to be set here. Options entered here are automatically appended to the end of the configuration file of the VPN tunnel.

SSL engine: Use the specified SSL-accelerator engine.

Enable management daemon: Enable a TCP server on an IP port to handle daemon management funtions. The password provided is used by the TCP clients to access management functions.

While the management port is designed for the programmatic control of the OpenVPN by other applications, it is possible to telnet to the port, using a telnet client in raw mode. Once connected, type help for a list of commands.

Handle service manually: Do not start this VPN at boot (omit from the /etc/default/openvpn file). This VPN will be managed by other processes like by keepalived or by monitoring. This tunnel will not be accidentally started or stopped with the global control button.