In other tips I've covered how to set up an OpenVPN Linux server and an OpenVPN Linux client. Here, I look at setting up OpenVPN as a client on OS X.
There are a few possible clients to choose from. One popular OpenVPN client for OS X is Tunnelblick. Tunnelblick is free and open source. Another client is Viscosity. It has a cost of $9USD with a 30 day trial. Finally, my client of choice is Shimo, which is not just an OpenVPN client (like the other two), but also works with a number of other VPN and VPN-like solutions: Cisco VPN, IPSec, PPTP/L2TP, SSH, and so forth. Shimo is more expensive than the others, but not by much: it is only €14.95 (about $21USD).
Shimo is also easy to use with OpenVPN. If you have followed along with the other OpenVPN tutorials in this series, you will have a copy of the client certificate, key, and the CA certificate on your system. If not, you will need to obtain them from the server, where they would have been generated, and securely copy (using SSH or a USB disk) them to your computer. Next, start Shimo and head to the Preferences. In the Profiles pane, add a new OpenVPN profile.
Popular Alternatives to OpenVPN Gui for Mac. Explore 5 Mac apps like OpenVPN Gui, all suggested and ranked by the AlternativeTo user community.
Under the General tab, name your new connection — something like 'OpenVPN Home' would suffice. In the Authentication pane, you will need to select your Certificate Authority file (ca.crt), Local Certificate (client.crt), and Private Key File (client.key). Make sure the Authentication Method is set to Certificate (Figure A). There is no need to set the username and password unless it is required by the server (for the purposes of this series, we elected to use just certificates without further authentication mechanisms).Figure A
In the Connection tab, enter in the name of the remote host (i.e., openvpn-server.domain.com). Ensure the Tunnel Device is TUN and the Protocol is UDP (![Openvpn macos high sierra Openvpn macos high sierra](/uploads/1/2/5/8/125866829/643142633.png)
![Macos Openvpn Macos Openvpn](http://www.freeproxy.ru/img/vpn-setup/mac_os_openvpn_18.jpg)
Figure B
That's it! You can save the preferences for this profile; go to the Shimo menu icon, and select the new OpenVPN network from the list, and Shimo will establish the connection. If you have enabled the OpenVPN server to push DNS and DNS domain information to clients, when you connect, you will be able to access systems on the remote network by their computer names directly rather than IP addresses.
If you have an iPhone, you're in for an even bigger treat. With iPhone tethering, you can be on the road, anywhere, and securely access the home or work network simply by connecting your iPhone to the laptop (via USB or Bluetooth) and enabling tethering on the iPhone (via Settings | General | Network | Internet Tethering). Once the connection between the Mac and iPhone is established, simply fire up Shimo or whatever OpenVPN client you have chosen, and establish the VPN connection. This works so well that I have been able to obtain a kerberos-ticket and access a kerberos-authentication-only web site on the internal network while sitting in my car across town.
If you only need to use OpenVPN, Shimo may be overkill. It is a fantastic and robust OpenVPN client, but you may wish to give something like Tunnelblick a go first to see if it meets your needs. The latest version of Tunnelblick is 3.0, but it requires you to edit the OpenVPN client configuration directly.
This makes it a lightweight frontend to the OpenVPN command-line program, and the configuration for such can be found in the previous tip about configuring the Linux client. Primarily, you will need to change the 'remote' directive to point to the OpenVPN server, and ensure that the ca, cert, and key directives are correct. These directives look for those files in the directory that the configuration file resides in, so you will want to copy those files to ~/Library/Application Support/Tunnelblick/Configurations/.
Once that is done and the configuration file has been saved, use the Tunnelblick menu icon to initiate a connection to the specified OpenVPN server and watch the OpenVPN log output as it connects.
There are a few options to establishing connections to OpenVPN on the Mac. Tunnelblick is good, if a little rough. It is, after all, a simple frontend to the openvpn command line program. Shimo is great if you need a little more power, flexibility, and hand-holding. It is also the best of the bunch if you need to connect to different types of VPNs.
Download the PDF, 'How to set up OpenVPN server and create Linux and Mac OS X clients.'
Important note about software versions
We strongly recommend you do not automatically update Tunnelblick when prompted to, as new releases often break things. Instead check this web page first to find out if we have tested the new version and only upgrade to versions we have mentioned here that we have tested.
Installing
Which version to install depends on which version of MacOS you have. For 10.7.5 and up we currently recommend the 3.7.5a stable release which may be downloaded from https://tunnelblick.net/downloads.html . Although we cannot test every version this one has been seen to work on OSX 10.11 for us. Please note we do not recommend the 3.5.5 or 3.6.2 stable releases which we have had reports of problems with. For older Macs version 3.5.11 should work.
If you have difficulty with version 3.7.5a then what to try depends on the version of OSX you have. If you have OSX 10.7 or above try the latest beta release from https://tunnelblick.net/downloads.html . For older versions of OSX there is no readily available alternative.
After installing tunnelblick, download the config file. The configuration file is compressed, so double-click it to expand it: you should then get a file 'chemistry.tblk'. ('chemistry.tblk' will not run from the Downloads folder. Copy to the Desktop). Double-click 'chemistry.tblk' to install the configuration.
Connecting
Select 'Connect Chemistry' from the TunnelBlick icon. The credentials you should use are your ChemNet credentials. These can be collected from https://apps.ch.cam.ac.uk/ssms/collectchemnet and it is OK to tell Tunnelblick to save them. Please note that the ChemNet username is your CRSID followed by @ch.cam.ac.uk , not @cam.ac.uk .