Commandline OpenVPN client on Mac OSX with macports
January 31, 2013 at 07:40 AM | categories: Sysadmin, Mac OS X, Tips, Security, Unix | View CommentsMost people use TunnelBrick to setup OpenVPN client connections on Mac OSX, i prefer using the command line.
To get OpenVPN up and running off the command line is a simple process. The commands below need to be run as a privileged user if your root account is not enabled use sudo to run the commands.
Install OpenVPN
To install OpenVPN 2 from macports run:
port install openvpn2
Install TunTap
To install TunTap from macports run:
port install tuntaposx
Configure it to startup at boot:
launchctl load -w /Library/LaunchDaemons/org.macports.tuntaposx.plist
You need TunTap as it allows you to create virtual interfaces using the supplied kernel extensions. If you don't install TunTap you will get the error Cannot allocate TUN/TAP dev dynamically when you try and make a OpenVPN connection.
Configuration
Create a directory to hold your configuration and keys.
mkdir /opt/local/etc/openvpn
Place your keys and configuration files in /opt/local/etc/openvpn/
A sample client configuration is provided below.
client dev tun proto udp remote vpn.home.topdog-software.com 1194 nobind resolv-retry infinite tls-client ca /opt/local/etc/openvpn/ca.crt cert /opt/local/etc/openvpn/client.crt key /opt/local/etc/openvpn/client.key ns-cert-type server cipher BF-CBC tls-cipher DHE-RSA-AES256-SHA tls-remote vpn.home.topdog-software.com tls-auth /opt/local/etc/openvpn/tls-auth.key 1 remote-cert-tls server comp-lzo persist-key persist-tun mute-replay-warnings verb 3 mlock
Connecting
To connect simply run:
openvpn2 --config /opt/local/etc/openvpn/openvpn.conf
blog comments powered by Disqus
About
I am a Sysadmin and programmer, passionate about Open source software A few notable projects i am associated with are:
Contact
topdog at fedoraproject.organdrew at topdog.za.net
Follow me on Twitter
Latest blog posts
Categories
- Book review (rss) (10)
- CCSP (rss) (1)
- Centos (rss) (16)
- Certification (rss) (1)
- Cisco (rss) (1)
- CouchDB (rss) (1)
- Cyrus (rss) (2)
- DHCP (rss) (2)
- DKIM (rss) (2)
- DLNA (rss) (2)
- DNS (rss) (2)
- Domainkeys (rss) (1)
- Email (rss) (11)
- Exim (rss) (7)
- Fedora (rss) (1)
- Horde (rss) (2)
- Howto (rss) (29)
- IPSEC (rss) (6)
- IPv6 (rss) (1)
- Kickstart (rss) (1)
- Links (rss) (2)
- Linux (rss) (25)
- Mac OS X (rss) (6)
- Markdown (rss) (1)
- Mediaplayer (rss) (2)
- PHP (rss) (1)
- PS3 (rss) (2)
- Postfix (rss) (6)
- Projects (rss) (1)
- PyMYSK (rss) (14)
- Python (rss) (19)
- RHEL (rss) (7)
- SSL (rss) (2)
- Security (rss) (13)
- Sysadmin (rss) (16)
- Tips (rss) (28)
- Ubuntu (rss) (2)
- Unix (rss) (4)
Archives
- February 2014 (1)
- December 2013 (1)
- September 2013 (1)
- March 2013 (1)
- February 2013 (2)
- January 2013 (4)
- November 2012 (3)
- October 2012 (2)
- September 2012 (5)
- August 2012 (7)
- July 2012 (1)
- June 2012 (2)
- May 2012 (9)
- April 2012 (17)
- March 2012 (4)
- August 2010 (1)
- March 2009 (4)
- January 2009 (2)
- August 2008 (1)
- June 2008 (1)
- March 2008 (1)
- February 2008 (2)
- January 2008 (1)
