Open VPN on Mac OS Steps to use OpenVPN on Mac OS Open VPN Client starts operating as an automatic system once it is installed on your Open VPN Mac Setup. Keep a closer look at the step by step phases of its installation and usage. The OpenVPN protocol is not one that is built into macOS. Therefore a client program is required that can handle capturing the traffic you wish to send through the OpenVPN tunnel, and encrypting it and passing it to the OpenVPN server. And of course, the reverse, to decrypt the return traffic. Connect using the Softether VPN protocol. As the VPN client for Mac from Softether is not. On your Mac, choose Apple menu System Preferences, then click Network. OpenVPN is a full-featured SSL VPN which implements OSI layer 2 or 3 secure network extension using the industry standard SSL/TLS protocol, supports flexible client authentication methods based on certificates, smart cards, and/or username/password credentials, and allows user or group-specific access control policies using firewall rules applied to the VPN virtual interface.
Export macOS Server DataWe’re not going to import this, as it only takes a few seconds to configure new settings. Additionally, if you have outstanding services built on macOS Server, you might be able to pull this off without touching client systems. First, let’s grab which protocols are enabled, running the following from Terminal:
sudo serveradmin settings vpn:Servers:com.apple.ppp.pptp:enabled
sudo serveradmin settings vpn:Servers:com.apple.ppp.l2tp:enabled
sudo serveradmin settings vpn:Servers:com.apple.ppp.pptp:IPv4:DestAddressRanges
sudo serveradmin settings vpn:Servers:com.apple.ppp.pptp:DNS:OfferedServerAddresses:_array_index
sudo serveradmin settings vpn:Servers:com.apple.ppp.l2tp:DNS:OfferedServerAddresses:_array_index
sudo serveradmin settings vpn:Servers:com.apple.ppp.l2tp:L2TP:IPSecSharedSecretValue
Ports
Before we configure any VPN services, let’s talk about ports. The following ports need to be opened per The Official iVPN Help Docs (these are likely already open if you’re using a macOS Server to provide VPN services):
- PPTP: TCP port 1723
- L2TP: UDP ports 1701, 4500 and 500
- Enable VPN pass-through on the firewall of the server and client if needed
openvpn
There are a number of ways to get a VPN Server installed on macOS. One would be to install openvpn:
There are a number of ways to get a VPN Server installed on macOS. One would be to install openvpn:
sudo port -v install openvpn2
OpenVPN has a lot of sweet options, which you can read about at openvpn.net.
![Openvpn server for mac os 10.10 Openvpn server for mac os 10.10](/uploads/1/2/4/3/124392923/116305020.png)
SoftEther
One of the other tools Apple mentioned is SoftEther. I decided not to cover it here because it uses Wine. And I’m not a fan of Wine.
Or Use iVPN
That will require some work to get dependencies and some working with files and network settings. Another option would be to install iVPN from here, on the Mac App Store. You can install it manually as well, and if you do, you’ll need to pay separately through PayPal, which is what we’ll cover here.
Once installed, if you purchased the license separately, use the Enter Manually button to provide it.
At the Registration screen, make sure the name, email, and serial are entered exactly as you see them in the email you received.
At the Thank You screen, click OK.
At the EULA screen, click Accept assuming you accept the license agreement.
Configure iVPN
At the main screen, you’ll have a few options, which we’ll unpack here:
- Use Directory Server: Allows you to use an LDAP or Active Directory connection to provide username and passwords to the service.
- Use custom accounts: Allows you to manually enter accounts to provide username and passwords for clients to connect to the
- Shared Secret: The secret, or a second factor used with L2TP connection.
- Allow 40-bit encryption keys: Allows clients to use lower levels of encryption. Let’s not do this.
- IP Address Range: The beginning and ending IP that will be manually handed out to client computers. When configuring the range, take care not to enter a range of addresses in use by any other DHCP services on your network or you will end up with conflicts.
- Basic DNS: Allows you to configure a primary and second DNS server to send to clients via DHCP when they connect to the VPN interface.
- Advanced DNS: Allows you to configure DNS servers as well as Search Domains.
- Configure Static Routes: Allows you to specify the interface and netmask used to access a given IP.
- Export Configuration Profile: Exports a configuration profile. When imported into a Mac or iOS device, that profile automatically configures the connection to the PPTP or L2TP service you’ve setup.
- VPN Host Name: Used for the configuration profile so a client system can easily find the server w
Openvpn On Mac
If you configure Directory Authentication, you’ll get prompted that it might be buggy. Click OK here.The Directory Authentication screen allows you to choose which directory services to make available to PPTP or L2TP. If the system hasn’t been authenticated to a directory server, do so using the Users & Groups” System Preference pane.
Once you’ve chosen your directory service configuration, if you require a third DNS server, click on Advanced DNS and then enter it, or any necessary search-domains. Click Done when you’re finished.
Click the log button in the upper left-hand side to see the logs for the service. This is super-helpful when you start troubleshooting client connections or if the daemon stops for no good reason (other than the fact that you’re still running a VPN service on macOS Server and so the socket can’t bind to the appropriate network port).
Finally, you can also create a static route. Static routing provides a manually-configured routing entry, rather than information from a dynamic routing traffic, which means you can fix issues where a client can’t access a given IP because it’s using an incorrect network interface to access an IP.
Once everything is configure, let’s enter the publicly accessible IP address or DNS name of the server. Client computers that install the profile will then have their connection to the server automatically configured and will be able to test the connection.
Openvpn For Mac Os X
Configure ClientsIf you configured the new server exactly as the old one and just forwarded ports to the new host, you might not have to do anything, assuming you’re using the same username and password store (like a directory service) on the back-end. If you didn’t, you can setup new interfaces with a profile. If you pushed out an old profile to configure those, I’d recommend removing it first if any settings need to change. To configure clients, we’ll install the new profile. When you open the profile on a client system (just double-click it to open it), you’ll see the Install dialog box. Here, click on Continue.
Because the profile isn’t signed, you’ll then get prompted again (note: you can sign the profile using another tool, like an MDM or Apple Configurator). Click Continue.
Then enter the username that will be used to connect to the VPN and click the Install button.
The Profile can then be viewed and manually removed if needed.
Openvpn Setup Mac Os
Click on the new iVPN entry in the Network System Preference pane. Here, you can enable
Now that it’s easy, let’s click the VPN icon in the menu bar and then click on Connect iVPN to test the connection.
Once clients can connect, you can use the iVPN icon in the menu bar to monitor the status of clients.
Your FoxyProxy accounts come with both proxy and VPN service.
These instructions explain how to connect to your VPN accounts using a method called OpenVPN. It is more complicated than IPSec VPN and PPTP VPN. IPSec VPN is the preferred way to use your VPN account. Only use these instructions if IPSec does not work for you.
TunnelBlick is the name of the free, open-source client for FoxyProxy/OpenVPN connections. You must download and install it to connect to your VPN account using the OpenVPN protocol
Step 1: Download the app called TunnelBlick here
a. This will download the package Tunnelblick_3.6.5_build_4566.dmg to your computer. Click on it to start the installer.
b. The package window will open revealing the installer. Double-click the Tunnelblick.app icon to begin installation.
The package window will open revealing the installer.dmg
Step 2: Launching Tunnelblick
a. A dialog box warning you that the application was downloaded from the internet and requiring your approval to continue. Click on Open.
b. An approval of the installation by entering your Mac username and password. Type your username and password, and then click OK.
c. The installation will complete. You’ll then see a dialog asking you if you want to launch Tunnelblick now. Click on launch to start Tunnelblick.
Step 3: Add a configuration
a. A dialog box that says “Welcome to Tunnelblick” appears. This dialog is designed to help you get started with Tunnelblick configuration. Since FoxyProxy provides you with the configuration files to use Tunnelblick, you can click the “I have configuration files” button.
b. Simply click the “Done” button here.
3) You’ll see the Tunnelblick icon appear in the status window next to your username and the Spotlight icon. (Right corner of the screen)
Tunnelblick icon
Step 4: Download and Install OpenVPN configuration
a. From the FoxyProxy Control Panel, go to the Actions menu and download the OpenVPN configuration file. If you have any trouble downloading the file, contact FoxyProxy Support and we’ll be glad to email it to you.
Double-click the file (*.ovpn) to install it into TunnelBlick. If you get an error from TunnelBlick, first quit TunnelBlick (click icon in status area and select Quit TunnelBlick) then double-click the *.ovpn file.
Your file won’t be called server.ovpn, but it will have the .ovpn file extension.
b. In the dialog box, select “Only Me” when choosing which users to allow to use this OpenVPN configuration.
c. Enter your Mac OS X username and password to authorize installing the OpenVPN configuration.
d.You should receive a notification that the profile was installed successfully. Click OK.
Step 5: OpenVPN settings
a. Click the Tunnelblick icon in the status area and select VPN Details.
b. In the main Tunnelblick interface, make sure the Server profile is selected. Set the OpenVPN version to 2.3.6. Make sure the “Monitor network settings” and “Keep connected” checkboxes are checked. Click the Advanced button at the bottom.
Configuration Settings.png
c.In the profile’s Advanced Settings dialog, select the “While Connected” tab. Check the “Route all traffic through the VPN” checkbox. Then close the Advanced Settings.
Step 6: Connect to OpenVPN
a. There are two ways to connect to the OpenVPN server.
One way is in the main Tunneblick dialog box. You can click the Connect button there:
The other way is to click the TunneBlick icon in the status area and select Connect Server.
b. You will be prompted to provide your OpenVPN username and password. These are the credentials provided to you by FoxyProxy. You can choose to save the credentials in the keychain if you wish.
c. After providing your credentials, you should see a series of screens next to the TunnelBlick icon in the status area. It should end with “Connected” in a GREEN text color. The connection can take up to 30 seconds to complete.
Confirm You’re Connected
To confirm you’re connected to the VPN, visit https://getfoxyproxy.org/geoip and ensure it shows a different location and IP address than you expect.
Disconnecting
Click the OpenVPN icon in the status area and select “Disconnect”.