How to set program options with CyberGhost for Windows

To open the program options, please click on the entry 'Settings' in the upper menu.

[General]   [Exceptions]   [Proxy]   [Connection]   [Wi-Fi]   [App protection]   [Support options]


The general program settings are used to determine the basic behavior of the application during program and system startup.

  • Automatically run at system startup: Activates CyberGhost VPN automatically when the operating system starts. Note: The start of the program is NOT synonymous of being anonymized. Therefore you need also to activate the second option also (see below).
  • Run this profile at startup: Runs the chosen profile automatically when CyberGhost starts (this can be the case at system start up, but doesn't necessarily have to). The profile will be run with the last valid settings. In case of custom defined connections the last valid country and server settings will also be re-established.
  • Install Beta Updates: Installs automatically a beta version of CyberGhost as soon as one is available. 
  • Language: Specify here the program language (application needs to be restarted).
  • Info: Displays the current CyberGhost version number.
Note: Beta versions can provoke connection losses and/or hangers or might contain advertisements, even when you run a Premium subscription (to test banners, etc.). Please don't activate this option, if you want a stable and/or an ad free system.

[General]   [Exceptions]   [Proxy]   [Connection]   [Wi-Fi]   [App protection]   [Support options]


The Internet addresses that you enter here will be visited unencrypted (and not via the CyberGhost network). You can add mail servers to the list as well as security servers (e.g. for your online banking) or FTP servers.

Due to Spam prevention it's not possible to send email anonymously over a VPN server, thus all outgoing traffic to a SMTP server (mails you want to send) is blocked. If you still want to send mails during an active CyberGhost VPN session, please put your e-mail server on this exception list. Web mailer require no exceptions.

To add an address, enter its URL or IP address (if known) in the top input field ('Add Host/IP'). Then click on the 'Add exception' button.

Alternatively you can let CyberGhost try to detect your email settings. For that click on 'Auto-detect email settings'.

Please note, for this is very important: Connections to servers included in this list will NOT being established via CyberGhost VPN and therefore are NOT anonymized. Furthermore you need to restart the program for the added addresses to become valid.

[General]   [Exceptions]   [Proxy]   [Connection]   [Wi-Fi]   [App protection]   [Support options]


Background: Proxy server are intermediate communication interfaces in networks. They receive data traffic from a client und send it to the target while hiding the source. For the target it seems as if the proxy is the original source. When not using a 'full grown VPN' one can at least generate a certain degree of anonymity, but has to manually add the address of the proxy to be used in his Internet application settings, e.g. a web browser. Furthermore one really needs to trust the proxy provider - which sometimes is very hard to do, for you might never knew who really owns the proxy.

As with any other Internet program you can also use a proxy with CyberGhost. The advantage: Your traffic is encrypted before it reaches the proxy (and therefore invisible for its provider) and you can use all your Internet applications without configuring them additionally. Another benefit is, that proxies help to prevent you from DNS leaks. The downside: Your surfing speed might be reduced drastically for the proxy determines how fast you can attend the Internet.

To use a proxy just enter its address here and, if needed, the authentication to be used. You can configure local as well as distant proxies (the difference between SOCKS 5 and HTTP proxies is that both use different protocols).

[General]   [Exceptions]   [Proxy]   [Connection]   [Wi-Fi]   [App protection]   [Support options]


The tab 'Connection' is home of some important technical details ...

  • Force using CyberGhost DNS servers: Activated, this option forces your system to use the CyberGhost DNS servers instead those of your Internet provider. (DNS server take care of the correct access to an address. For example, if you enter '' in your browser, he sends your wish to a DNS server which translates the address into numbers (actually 4 blocks of numbers as XXX.XXX.XXX.XXX). Only then the connection can be established. This also means that a DNS server has complete control over the accessibility of each web address and therefore is the perfect tool for censors. When using the CyberGhost DNS servers you avoid this kind of manipulation.)
  • Disable IPv6: Since IPv4, the old technique for address assignment, is outdated, it will gradually be replaced by IPv6 (some providers already provide both). Until CyberGhost fully support IPv6 you have here the possibility to deactivate IPv6 completely to avoid IPv6 compromising your anonymity. Please note, that you have to run at least Windows Vista, older operating systems don't work with this function. 
  • Prefer TCP instead of UDP connections: By default CyberGhost uses for its connections UDP, which allows higher speed due to its less restrictive data checking procedures. The downside: Downloads can be suddenly interrupted or corrupted and packages can get lost e.g. when playing online games. Then again TCP stands for more stable connections - but for the price of a lower speed due to more precise data checking. Please activate this option, if your Internet connection suffers from unstable traffic. Also this option comes in handy, if a provider blocks or slows down UDP connections. 
  • Use random port to connect:  This option allows CyberGhost to establish its connections through a randomly chosen port (which will be changed with each new connection), instead of a fixed port that makes it easy for providers to slow down or block CyberGhost connections. The used port range can be changed anytime if needed. All ports are secured internally by Firewall rules.

[General]   [Exceptions]   [Proxy]   [Connection]   [Wi-Fi]   [App protection]   [Support options]


The register 'Wi-Fi' determines how CyberGhost should react in general to the detection of an unknown Wi-Fi Hotspot as well as the type of reaction to a network, when re-visiting:

  • Default action for unknown Wi-Fi networks: If CyberGhost enters an unknown (and therefore potentially unsafe) network, you can advise the program to do one of the following actions:
    • Ask: CyberGhost asks with each Wi-Fi detection, if it should start the 'Protect my Wi-Fi' profile automatically.
    • Never protect: CyberGhost never asks, if it should start the 'Protect my Wi-Fi' profile, when entering a Wi-Fi network. A profile has to be started manually then.
    • Always protect: CyberGhost just asks for automatically protection, if it detects a new and potentially unsafe network. In all other networks the 'Protect my Wi-Fi' profile will be started automatically.
  • Default action for known Wi-Fi networks: If CyberGhost enters a known network, you can advise the program how to react by marking the respective network and then deciding for one of following four options:
    • Never protect: The 'Protect my Wi-Fi' profile will never be started automatically. However, any profile can of course be started manually.
    • Ask: CyberGhost asks immediately with each detection of the respective network, if it should start the 'Protect my Wi-Fi' profile.
    • Always protect: CyberGhost automatically activates the 'Protect my Wi-Fi' profile with the last valid settings every time it detects the respective network.
    • Disconnect at known Wi-Fi: CyberGhost disconnects any other current connection, if it detects this specific network.

[General]   [Exceptions]   [Proxy]   [Connection]   [Wi-Fi]   [App protection]   [Support options]

App protection

Here you can define programs to be protected by an encrypted VPN connection every time you start them. That way you make sure, the respective program, such as a browser, will never be used without a VPN. 

To protect an app first enable the function. Then click on 'Add App', search for the application to protect, click on 'Open' and choose the profile you want the app to be started with, such as 'Choose my VPN server'. The profile chosen will be executed with the last valid settings.

If you want to remove an app, mark the respective entry in the list of protected apps and click on 'Remove selected'.

[General]   [Exceptions]   [Proxy]   [Connection]   [Wi-Fi]   [App protection]   [Support options]

Support and maintenance options

When contacting support you might be asked to fine tune options, which usually are not available. These values are crucial for correct functioning of the CyberGhost app and therefore only to be changed, if necessary. If that is the case, support will tell you, how to reach the needed settings. 

  • Fragment Size: The maximum package size has an direct input on your Internet speed.
  • Activate virtual network card only on demand: Limits the TAP adapter to start only when used and a connection shall be established - which is only necessary on some systems to avoid connection problems. In seldom cases this option will even be set automatically by CyberGhost. The downside: each connection will take longer than usual to be established.
  • Repair virtual network card: If you experience driver problems (e.g. after installing a different VPN) use this function to repair the drivers.

[General]   [Exceptions]   [Proxy]   [Connection]   [Wi-Fi]   [App protection]   [Support options]

Have more questions? Submit a request


Article is closed for comments.
Powered by Zendesk