Commandline OpenVPN client on Mac OSX with macports

January 31, 2013 at 07:40 AM | categories: Sysadmin, Mac OS X, Tips, Security, Unix | View Comments

Most people use TunnelBrick to setup OpenVPN client connections on Mac OSX, i prefer using the command line.

To get OpenVPN up and running off the command line is a simple process. The commands below need to be run as a privileged user if your root account is not enabled use sudo to run the commands.

Install OpenVPN

To install OpenVPN 2 from macports run:

port install openvpn2

Install TunTap

To install TunTap from macports run:

port install tuntaposx

Configure it to startup at boot:

launchctl load -w /Library/LaunchDaemons/org.macports.tuntaposx.plist

You need TunTap as it allows you to create virtual interfaces using the supplied kernel extensions. If you don't install TunTap you will get the error Cannot allocate TUN/TAP dev dynamically when you try and make a OpenVPN connection.

Configuration

Create a directory to hold your configuration and keys.

mkdir /opt/local/etc/openvpn

Place your keys and configuration files in /opt/local/etc/openvpn/

A sample client configuration is provided below.

client
dev tun
proto udp
remote vpn.home.topdog-software.com 1194
nobind
resolv-retry infinite
tls-client
ca /opt/local/etc/openvpn/ca.crt
cert /opt/local/etc/openvpn/client.crt
key /opt/local/etc/openvpn/client.key
ns-cert-type server
cipher BF-CBC
tls-cipher DHE-RSA-AES256-SHA
tls-remote vpn.home.topdog-software.com
tls-auth /opt/local/etc/openvpn/tls-auth.key 1
remote-cert-tls server
comp-lzo
persist-key
persist-tun
mute-replay-warnings
verb 3
mlock

Connecting

To connect simply run:

openvpn2 --config /opt/local/etc/openvpn/openvpn.conf

blog comments powered by Disqus