diff --git a/internal/openvpn/custom.go b/internal/openvpn/custom.go
index 607bf68e..0cfe5906 100644
--- a/internal/openvpn/custom.go
+++ b/internal/openvpn/custom.go
@@ -80,7 +80,9 @@ func modifyCustomConfig(lines []string, username string,
 	modified = append(modified, "pull-filter ignore \"auth-token\"") // prevent auth failed loop
 	modified = append(modified, "auth-retry nointeract")
 	modified = append(modified, "suppress-timestamps")
-	modified = append(modified, "auth-user-pass "+constants.OpenVPNAuthConf)
+	if settings.User != "" {
+		modified = append(modified, "auth-user-pass "+constants.OpenVPNAuthConf)
+	}
 	modified = append(modified, "verb "+strconv.Itoa(settings.Verbosity))
 	if len(settings.Cipher) > 0 {
 		modified = append(modified, utils.CipherLines(settings.Cipher, settings.Version)...)
diff --git a/internal/openvpn/loop.go b/internal/openvpn/loop.go
index 77cbeea5..a98dd668 100644
--- a/internal/openvpn/loop.go
+++ b/internal/openvpn/loop.go
@@ -143,10 +143,12 @@ func (l *looper) Run(ctx context.Context, done chan<- struct{}) { //nolint:gocog
 			continue
 		}
 
-		if err := l.conf.WriteAuthFile(settings.User, settings.Password, l.puid, l.pgid); err != nil {
-			l.signalCrashedStatus()
-			l.logAndWait(ctx, err)
-			continue
+		if settings.User != "" {
+			if err := l.conf.WriteAuthFile(settings.User, settings.Password, l.puid, l.pgid); err != nil {
+				l.signalCrashedStatus()
+				l.logAndWait(ctx, err)
+				continue
+			}
 		}
 
 		if err := l.fw.SetVPNConnection(ctx, connection); err != nil {