In other tips I've covered how to set up an OpenVPN Linux server and an OpenVPN Linux client. Here, I look at setting up OpenVPN as a client on OS X.
Download Viscosity (Mac OS 10.7 or later is required). Viscosity is an OpenVPN client with intuitive interface offering complete configuration of OpenVPN connections on Mac OS. Viscosity is an OpenVPN client with intuitive interface offering complete configuration of OpenVPN connections on Mac OS. VPN.ac is another great Mac VPN and is a close second for the title best VPN for Mac OS. VPN.ac is run by a small team of network security professionals (Netsec Interactive Solutions), with a focus on security and overall quality. This tutorial will guide you how to set up OpenVPN Client on Mac OS X. Follow the steps and surf anonymously. Set up it and hide your ip address.
There are a few possible clients to choose from. One popular OpenVPN client for OS X is Tunnelblick. Tunnelblick is free and open source. Another client is Viscosity. It has a cost of $9USD with a 30 day trial. Finally, my client of choice is Shimo, which is not just an OpenVPN client (like the other two), but also works with a number of other VPN and VPN-like solutions: Cisco VPN, IPSec, PPTP/L2TP, SSH, and so forth. Shimo is more expensive than the others, but not by much: it is only €14.95 (about $21USD).
Shimo is also easy to use with OpenVPN. If you have followed along with the other OpenVPN tutorials in this series, you will have a copy of the client certificate, key, and the CA certificate on your system. If not, you will need to obtain them from the server, where they would have been generated, and securely copy (using SSH or a USB disk) them to your computer. Next, start Shimo and head to the Preferences. In the Profiles pane, add a new OpenVPN profile.
Under the General tab, name your new connection — something like 'OpenVPN Home' would suffice. In the Authentication pane, you will need to select your Certificate Authority file (ca.crt), Local Certificate (client.crt), and Private Key File (client.key). Make sure the Authentication Method is set to Openvpn Client For Mac
- VPN-X Client is a Java/cross-platform P2P/SSL/TLS VPN solution. VPN-X allows Client to have an individual Virtual IP Address. It can help employees on errands use company LAN resource, help your friends access your computer play LAN games, all the network data is encrypted and you can control the special peers to access your computer or LAN with our powerful Access Control feature.
- VPN.AC has a standalone, custom-built client for Mac OS X. The software is nearly identical to its acclaimed Windows-based cousin. For starters, the app enables the user to connect to multiple locations in the US, UK, Netherlands, Hong Kong, Australia, and elsewhere.
- This tutorial will guide you how to set up OpenVPN Client on Mac OS X. Follow the steps and surf anonymously. Set up it and hide your ip address.
Figure A
In the Connection tab, enter in the name of the remote host (i.e., openvpn-server.domain.com). Ensure the Tunnel Device is TUN and the Protocol is UDP (Figure B); unless you have changed the connection port on the server, leave it at the default 1194. Set Compression to Automatic, and enable Automatic Reconnection. You can also elect to send keep-alive packets every few seconds to ensure the connection stays up (i.e., maybe send a keep-alive packet ever 120 seconds or so).Free Openvpn Client Mac Os X
Figure B
That's it! You can save the preferences for this profile; go to the Shimo menu icon, and select the new OpenVPN network from the list, and Shimo will establish the connection. If you have enabled the OpenVPN server to push DNS and DNS domain information to clients, when you connect, you will be able to access systems on the remote network by their computer names directly rather than IP addresses.
If you have an iPhone, you're in for an even bigger treat. With iPhone tethering, you can be on the road, anywhere, and securely access the home or work network simply by connecting your iPhone to the laptop (via USB or Bluetooth) and enabling tethering on the iPhone (via Settings | General | Network | Internet Tethering). Once the connection between the Mac and iPhone is established, simply fire up Shimo or whatever OpenVPN client you have chosen, and establish the VPN connection. This works so well that I have been able to obtain a kerberos-ticket and access a kerberos-authentication-only web site on the internal network while sitting in my car across town.
If you only need to use OpenVPN, Shimo may be overkill. It is a fantastic and robust OpenVPN client, but you may wish to give something like Tunnelblick a go first to see if it meets your needs. The latest version of Tunnelblick is 3.0, but it requires you to edit the OpenVPN client configuration directly.
This makes it a lightweight frontend to the OpenVPN command-line program, and the configuration for such can be found in the previous tip about configuring the Linux client. Primarily, you will need to change the 'remote' directive to point to the OpenVPN server, and ensure that the ca, cert, and key directives are correct. These directives look for those files in the directory that the configuration file resides in, so you will want to copy those files to ~/Library/Application Support/Tunnelblick/Configurations/.
Once that is done and the configuration file has been saved, use the Tunnelblick menu icon to initiate a connection to the specified OpenVPN server and watch the OpenVPN log output as it connects.
There are a few options to establishing connections to OpenVPN on the Mac. Tunnelblick is good, if a little rough. It is, after all, a simple frontend to the openvpn command line program. Shimo is great if you need a little more power, flexibility, and hand-holding. It is also the best of the bunch if you need to connect to different types of VPNs.
Download the PDF, 'How to set up OpenVPN server and create Linux and Mac OS X clients.'
Openvpn Client For Mac Os X
On This Page Release Downloads Verifying Downloads User Contributions Download Integrity Downloading and Installing on macOS Mojave | Release DownloadsTo be notified of new releases, use Tunnelblick's built-in update mechanism or subscribe to the Tunnelblick Announce Mailing List. Beta versions are suitable for most users. See Stable vs. Beta for details. If you are using macOS Mojave, be aware of a privacy concern if you download and use any document or program, including Tunnelblick.
Verifying DownloadsYou should verify all downloads. Even though https:, the .dmg format, and the application's macOS digital signature provide some protection, they can be circumvented. Verifying Hashes Comparing the SHA256, SHA1, and MD5 hashes of your downloaded file with the official published ones will provide additional assurance that the download is legitimate and has not been modified. You can compare the hashes with programs included with macOS without the need to install additional software. To compute the hashes of a file you've downloaded, type the following into /Applications/Utilities/Terminal: shasum -a 256path-to-the-file openssl sha1path-to-the-file openssl md5path-to-the-file Ftp client for mac os. Swift-based file manager and FTP, SFTP, FTPS, Amazon S3 client for Mac OS X with built-in Terminal Emulator and RegEx search. Commander One is an advanced FTP client for macOS. This fast and reliable Mac FTP manager offers all convenient options that one may need to work with files. Then compare the computed hashes with the values shown near the link for the downloaded file. (Don't type 'path-to-the-file' — type the path to the file, that is, the sequence of folders that contain the file plus the file name (e.g. /Users/janedoe/Desktop/Tunnelblick_3.7.2a_build_4851.dmg). An easy way to get it into Terminal is to drag/drop the file anywhere in the Terminal window. The pointer will turn into a green and white plus sign ('+') to indicate the path will be dropped. So you would type 'shasum -a 256 ' — with a space after the '256' — and then drag/drop the disk image file anywhere in the Terminal window.) For additional assurance that the hashes displayed on this site have not been compromised, the hashes are also available in the description of each 'Release' on Tunnelblick's GitHub site, which is hosted and administered separately from this site. Verifying GnuPG Signatures Recent Tunnelblick disk images are also signed with GnuPG version 2. To prepare for verifying signatures, you should download and install GnuPG 2.2.3 or higher, and then add the Tunnelblick Security GnuPG public key (key ID 6BB9367E, fingerprint 76DF 975A 1C56 4277 4FB0 9868 FF5F D80E 6BB9 367E) to your trusted GnuPG keyring by typing the following into /Applications/Utilities/Terminal: gpg --import TunnelblickSecurityPublicKey.asc. To verify the signature of a file, download the corresponding signature file and then type the following into /Applications/Utilities/Terminal: gpg --verify path-to-the-signature-filepath-to-the-disk-image-file The result should be similar to the following: gpg: Signature made Sat Dec 16 19:17:03 2017 EST gpg: using RSA key B4D96F0D6A58E335A0F4923A2FF3A2B2DC6FD12C gpg: Good signature from 'Tunnelblick Security <[email protected]>' [ultimate] User ContributionsThese downloads have been contributed by users and usually help deal with special circumstances. They are not endorsed or checked by the Tunnelblick project, and you use them at your own risk. To contribute a download, send it to the developers or post it on the Tunnelblick Discussion Group. Before using these scripts, please read Tunnelblick and VPNs: Privacy and Security. (Actually, everyone using a VPN should read that!) Note: these scripts are executed as root.Instructions for using scripts.
Download IntegrityIn June 2015 there was much discussion (and outrage) about SourceForge providing downloads that contain unwanted or malicious software; SourceForge has changed their policies to help avoid this. Tunnelblick binaries were hosted on SourceForge from the fall of 2013, when Google Code stopped hosting new binaries, until 2015-07-17, when they were moved from SourceForge to GitHub. Tunnelblick protects against unwanted software insertions by publishing the SHA1 and MD5 hashes for each of our downloads. You should verify the hashes of all Tunnelblick downloads by following the instructions above. Additional safeguards automatically protect updates performed by Tunnelblick's built-in update mechanism:
Downloading and Installing on macOS MojaveWhen Tunnelblick is installed after being downloaded normally, MacOS Mojave sends information to Apple (it 'phones home') [1]. This behavior is considered by some to be a violation of privacy. If you want to avoid having macOS Mojave 'phone home' when you install Tunnelblick, you can do the following to download Tunnelblick to your Desktop:
This will download the file to your Desktop without the flag that indicates the file was downloaded from the Internet. When that flag is present, macOS Mojave 'phones home' when the downloaded file is double-clicked; when the flag is not present, macOS Mojave doesn't. [1] This isn't something peculiar to Tunnelblick – Mojave does this for any program or document downloaded from the Internet using most browsers and some other programs. [2] Tunnelblick downloads are redirected from the tunnelblick.net website to GitHub, which then redirects them further. Typically two or more tiny downloads (a few hundred bytes each) provide information about the redirection, and the final larger download is the desired file. |