Spurred by a unhelpful digg post on setting up an OpenVPN server on Windows, I decided to finally get OpenVPN working on my Mac, which is currently running as my web server / other servers. I eventually found some help, but it took awhile, so why not gather it all up here.
- Openvpn Server Mac Download
- Openvpn Server For Mac
- Openvpn Mac Install
- Openvpn Server For Mac Installer
OpenVPN is a powerful software solution that provides support for secure network tunneling, which translates into being able to remotely access internal networks and all their resources in a secure manner. Configure, build and install the OpenVPN Access Server on your Mac. The OpenVPN software. Get Started with OpenVPN Connect. OpenVPN Connect is the free and full-featured VPN Client that is developed in-house. It is the official Client for all our VPN solutions. Any other OpenVPN protocol compatible Server will work with it too. Our desktop client software is directly distributed from our Access Server User portal. OpenVPN allows VPN server to issue an authentication certificate to the clients. The exported file is a zip file that contains ca.crt (certificate file for VPN server), openvpn.ovpn (configuration file for the client), and README.txt (simple instruction on how to set up OpenVPN.
What is OpenVPN?
A VPN or Virtual Private Network essentially connects a remote machine to a network, over the Internet, securely. A common use for VPN is to let a user at home or on the road make an encrypted connection to his office’s network as if he/she were actually in the office. In this type of setup, you would be able to connect to file servers, mail servers, or printers remotely, without having to worry about someone on the Internet watching what you do and snagging private information.
Openvpn Server Mac Download
I wanted to use it so I could use VNC to connect to some of my home machines on my laptop at school.
OpenVPN utilizes SSL, the same technology used to encrypt websites to make its connection secure. Its also OpenSource and free, which are two good reasons for using it. It is also fast and very powerful, once you get things set up.
One alternative to OpenVPN commonly cited is Hamachi. It seems easier to set up and can run on the major 3 OS platforms. The main reason I shyed away from Hamachi, as many people do, is because it is closed source, and owned by a company. That means you just really can’t be sure about what its doing or how its doing it. Sometimes this is acceptable, like when using Skype, but sometimes, you’d just rather have the open software. Plus, OpenVPN is a much cooler thing to have running on your system anyways.
Configuring The Server
This was where there isn’t a lot of Mac specific info. Most tutorials deal with using Linux or Windows. Thats fine, probably what most people have as servers. But I wanted it on a Mac! The ever useful Darwinports has a port of OpenVPN, labelled “openvpn2”. They have the regular openvpn port, but it is an older (1.6) version, and that won’t due.
Install it by using the command
Install it by using the command
sudo port install openvpn2
This will get you most of the packages you need to get things going.
Now we turn to the OpenVPN site for configuration instructions. You can follow the Linux instructions pretty closely, and things will work out well with a few exceptions:
- The easy-rsa folder can be found at /opt/local/share/doc/openvpn2/easy-rsa . I copied the openvpn2 folder to someplace easier to find like /opt/local/etc/openvpn . You could make it easier and put it in /etc/openvpn too, but sometimes I forget to check there…
- The sample server and client configuration files can be found at /opt/local/share/doc/openvpn2/sample-config-files. I also grabbed the server.conf file and copied it to my simplier openvpn folder. Making these copies will also ensure your changes won’t be overwritten when OpenVPN is updated.
- according to this hint from macosxhints.com,tunnelblick might be needed to get OpenVPN working correctly. Download tunnelblick here,the current version I got was 3.0 RC3. We will be using it as our client as well, so more info in that section below
So with the help of the OpenVPN manual and the nice tip about tunnelblick, we should have a working version of OpenVPN on our server.
Openvpn Server For Mac
Configuring the Client
Openvpn Mac Install
Like I mentioned, we need tunnelblick to connect to our server. Tunnelblick is a very elegant and easy to manage GUI front end to OpenVPN. The 3.0 RC3 version comes with everything bundled together, and all you need to do is drop it into your Applications folder.
Run it and you should see a little tunnel in the upper-right hand corner of your screen.
It should also add the folder ~/Library/OpenVPN. In this folder I copied the ca.crt, client.crt, client.csr, and client.key which were created on the server during the PKI section of the tutorial. I used fugu to move stuff over from the server.
Now you can click on the tunnelblick tunnel icon and then click on “details” to get to the meat of the program. Select “edit configuration” to modify the important stuff. I basically copied OpenVPN’s sample client configuration, and pasted it into here. Modifying the destination IP address and the location of the crt and key files. I had to use the entire path file to get these to work correctly for some reason, namely:
/Users/username/Library/openvpn/ca.crt . I don’t know why I couldn’t use realitive file names, but it wasn’t having it.
Also, I started by using the local IP address of my server to make sure things were working correctly before trying to connect to it from the Internet.
When that was all finished, I selected “Connect” and you should be connected to your own VPN server!
Run it and you should see a little tunnel in the upper-right hand corner of your screen.
It should also add the folder ~/Library/OpenVPN. In this folder I copied the ca.crt, client.crt, client.csr, and client.key which were created on the server during the PKI section of the tutorial. I used fugu to move stuff over from the server.
Now you can click on the tunnelblick tunnel icon and then click on “details” to get to the meat of the program. Select “edit configuration” to modify the important stuff. I basically copied OpenVPN’s sample client configuration, and pasted it into here. Modifying the destination IP address and the location of the crt and key files. I had to use the entire path file to get these to work correctly for some reason, namely:
/Users/username/Library/openvpn/ca.crt . I don’t know why I couldn’t use realitive file names, but it wasn’t having it.
Also, I started by using the local IP address of my server to make sure things were working correctly before trying to connect to it from the Internet.
When that was all finished, I selected “Connect” and you should be connected to your own VPN server!
If you have file sharing turned on, you can check your connection by hitting apple + k to go to the connection dialog and connecting to afp://10.8.0.1 (if you followed the tutorial exactly, else use the IP address you set it up for). This should connect to your server.
Openvpn Server For Mac Installer
The next step is to get more machines from your intranet on the vpn. But that is for another post, as I haven’t quite figured it out yet…