Short answer

The OpenVPN outbound connects to an OpenVPN server and includes certificate, authentication, protocol, MTU and remote DNS fields. In real use, trust the provider subscription first and then verify whether the selected client core supports this exact type.

What It Means

In Clash/Mihomo configuration, openvpn identifies the outbound type used by the node, policy or group. The same display name in a GUI can hide different transport fields, so the YAML or subscription output is more reliable than the node nickname.

Common Fields

type: openvpn
server / port
proto
username / password
ca / cert / key
tls-crypt
remote-dns-resolve

When to Use It

You already have an OpenVPN server or provider-supplied ovpn-style config.
Some rule-matched traffic should enter a VPN tunnel.
Certificates and account credentials can be managed safely.

Support Checks Checks

Do not mix username/password mode with certificate mode.
Certificate blocks must keep line breaks intact.
proto, cipher, auth, MTU and DNS settings affect compatibility.

Minimal Shape

proxies:
- name: "openvpn-node"
  type: openvpn
  server: vpn.example.com
  port: 1194
  proto: udp
  username: "user"
  password: "pass"
  udp: true

Compatibility Notes

Client support changes with the bundled core. A maintained Mihomo-based client usually supports more modern node types than historical Clash clients, but mobile clients and iOS alternatives still vary by app and release.

If a subscription contains this type but the client filters it out, switch to a compatible client, ask the provider for a compatible subscription format, or use a converter only when you understand what fields are being changed.

Official Reference

OpenVPN in Mihomo docs

OpenVPN Protocol