Forcing IPv4 on OpenVPN Client

Some OpenVPN configurations contain servers that have a IPv6 DNS record configured, but actually do not support establishing connections via IPv6 (e.g. because of a firewall filtering rule). A configuration as shown below can lead to problems:

proto udp
remote <>

The above configuration lines ask the OpenVPN client to resolve the address for Whatever address is returned by the DNS resolution will be used to establish the OpenVPN session via UDP. The man page for the client highlights:

If host is a DNS name which resolves to multiple IP  addresses,  OpenVPN
will try  them  in the order that the system getaddrinfo() presents them,
so priorization and DNS randomization is done by the system  library.
Unless  an  IP version is forced by the protocol specification (4/6
suffix), OpenVPN will try both IPv4 and IPv6 addresses, in the order
getaddrinfo() returns them.

Many systems will prefer IPv6, if available, to IPv4. In a setup in which the firewall is configured to drop traffic on IPv6, this will lead to dropped traffic. The OpenVPN session will not established and aborted after a timeout. In order to avoid that, you can configure OpenVPN to force IPv4 on the client side.

This can be simply done by changing the configuration as follows:

proto udp4
remote <>

With this configuration, OpenVPN will only try the IPv4 address of the remote server.