Openvpn config mac os

Настройка OpenVPN в macOS

Настройка для Tunelblick

Если ваша версия macOS старшее MacOS X Leopard, вы можете воспользоваться клиентом OpenVPN Tunnelblick.
Tunnelblick также работает и на современных версиях macOS. Для настройки работы Tunellblick выполните следующие действия:

1. Скачайте инсталятор Tunelblick Tunnelblick и установите его.

2. Распакуйте конфигурационные файлы, выданные техподдержкой. Вы также можете их скачать в личном кабинете.

3. Откройте файл с конфигурационного файла ovpn в программе Tunnelblick.

4. Выберите в меню Tunelblick пункт Connect config. При запросе логина и пароля, ввести их, взяв из файла pass.txt,
который также был в архиве с конфигурационными файлами.

5. Для проверки работы сервиса, можете обратитесь к странице https://whoer.net/ru. В отчете Вы можете увидеть текущий IP-адрес.
После окончания работы с VPN, кликните в меню Tunelblick выберите Disconnect config.

Настройка для Viscosity

Если у Вас Mac OS X Leopard или новее, наиболее удобной в использовании является клиент OpenVPN Viscosity.
В этом случае настройка VPN-сервиса сводится к следующим действиям:

1. Скачайте последнюю версию программы Viscosity и установите.

2. Распакуйте конфигурационные файлы, доступные в ваших заказах, в любой каталог.

3. Откройте конфигурационный файл ovpn в программе Viscosity.

4. Далее в верхнем меню рядом с часами кликаем на икноку Viscosity и в выпадающем меню программы выбираем Connect,

в диалоговом окне вводим имя пользователя и пароль (находятся в файле pass.txt в архиве в Ваших заказах).

5. Для проверки работы сервиса, можете обратитесь к странице https://whoer.net/ru. В отчете Вы можете увидеть текущий IP-адрес.
После окончания работы с VPN, кликните в меню Viscosity выберите Disconnect.

Настройка для OpenVPN Connect 3

1. Скачайте дистрибутив OpenVPN Connect 3 с официального сайта openvpn.net и установите его.

2. Скачайте конфигурационные файлы из личного кабинете и распакуйте их

3. Чтобы добавить конфигурационный файл в OpenVPN Connect просто переместите файл на приложение.

4. Отметье галочкой — Connect after import и нажмите Add

5. При появлении ошибки Connection error — Missing external certificate, нажмите Continue.

6. Вы можете избежать появления данной ошибки в будущем, добавив в конфигурационый файл ovpn строчку

после этого, изменённый конфигурационный файл нужно снова передобавить в OpenVPN Connect.

7. Впн подключение активируется, вы сможете управлять им в OpenVPN Connect.

Источник

Installation guide for OpenVPN Connect Client on macOS

Introduction

This guide is meant for users of the OpenVPN Access Server product that wish to connect their macOS computer using the official OpenVPN Connect Client software. In the steps outlined below we’ll take you through the process of obtaining the OpenVPN Connect Client from your Access Server’s web interface, and installing and using it on the macOS operating system. Aside from some minor differences due to different versions of software used this guide should be accurate and easy to follow. Each step can be clicked to show a screenshot for that particular step in the installation process. Each screenshot can be clicked to reveal an image gallery you can follow to go through all the steps.

Requirements

You will need to have a valid set of credentials, like user name and password, and of course the address of your OpenVPN Access Server. If you are not the administrator of the Access Server you are going to connect to, then you should contact the administrator of this server to obtain this information. We here at OpenVPN Inc. cannot provide this information, since we do not manage servers run by our customers. If you are the administrator of your Access Server, you can create new user accounts using the admin web interface of the Access Server or the external authentication backend you have configured, and then use those credentials to obtain and install the OpenVPN Connect Client on macOS.

The OpenVPN Connect Client for macOS, latest version, currently supports these operating systems:

• OS X 10.8 Mountain Lion
• OS X 10.9 Mavericks
• OS X 10.10 Yosemite
• OS X 10.11 El Capitan
• macOS 10.12 Sierra
• macOS 10.13 High Sierra
• macOS 10.14 Mojave
• macOS 10.15 Catalina
• macOS 11.0 Big Sur

Downloading and installing the OpenVPN Connect Client for macOS

Navigate to the OpenVPN Access Server client web interface.

Login with your credentials.

Click on the Mac icon to begin download.

Wait until the download completes, and then open it (the exact procedure varies a bit per browser).

Open the ‘OpenVPN Connect installer’ to start the installation.

Please read the licensing terms. Then click ‘Continue’.

Click ‘Agree’ to accept the licensing terms.

Click ‘Install’ to proceed.

Enter your device password, if you have one configured, and click ‘Install Software’.

Wait for the installation process to complete.

Click ‘Close’ to end the installation process.

If your device asks, click ‘Move to Trash’ to clean up the installer file.

Rightclick (ctrl+click) ‘OpenVPN Connect’ and eject it.

In Applications, OpenVPN Connect is now ready for use.

Источник

Connecting to Access Server with macOS

Each macOS device needs a client application to connect with your OpenVPN Access Server. We recommend using OpenVPN Connect, which is pre-configured to connect with your Access Server. This document provides information on using OpenVPN Connect as well as alternative solutions.

Installing a client application

The OpenVPN protocol is not built into macOS. Therefore, you must install a client app to handle communication with Access Server. A client app is required to capture the traffic you want to send through the OpenVPN tunnel, encrypt it, pass it on to the server, and decrypt the return traffic.

OpenVPN Connect with your Access Server

Your installation of OpenVPN Access Server includes a copy of OpenVPN Connect, which is a separate package called openvpn-as-bundled-clients that is updated when new versions of OpenVPN Connect are released. OpenVPN Connect is our official client app and your users can download it directly from your client UI, pre-configured to connect with your server, or download it separately from our website and import a connection profile.

Steps: Access your client UI

• Open a browser and enter your Access Server IP address or the custom hostname if you have set that up (recommended).
• Enter your username and password.
  • Once you have signed in, the recommended OpenVPN Connect app for your device displays at the top. Also shown are downloads for other platforms as well as connection profiles.

OpenVPN Connect only supports one active VPN tunnel at a time. It was purposely designed to not support connections to two or more servers simultaneously. Connecting to two servers at the same time requires two different adjustments to the routing table on the client computer. Therefore, it is very easy to make a mistake and break connectivity or cause traffic to flow to the wrong destination. Limiting connections to one server ensures connectivity and traffic flow. OpenVPN Connect can store many profiles for different servers, but you can only actively connect to one at a time.

OpenVPN Connect also supports client-side scripting, importing connection profiles directly from Access Server, and connecting with a server-locked profile. A server-locked profile enables you to authenticate any valid user on your Access Server without installing unique connection profiles for each user.

OpenVPN Connect v3

We recommend and support OpenVPN Connect v3 as the official app for OpenVPN Access Server and OpenVPN Cloud. The client software offers client connectivity across four major platforms: Windows, macOS, Android, and iOS. For Linux, we recommend the open source OpenVPN client.

We recommend downloading OpenVPN Connect v3 directly from your Access Server web client UI. You can also download the installation file for OpenVPN Connect v3 from the download page on our site or with the link below. The app installation from our site does not contain any connection settings, so you’ll need to take additional steps to configure the connection to your Access Server. If you are installing the below file on a computer that already has OpenVPN Connect v3 installed and configured, it simply updates it to the latest version and retains all settings.

OpenVPN Connect v2

This is the previous generation of OpenVPN Connect client software for OpenVPN Access Server. It is still supported but we recommend people to use OpenVPN Connect v3 instead.

Alternative OpenVPN open source client: Tunnelblick

The open source project also has a client for macOS called Tunnelblick. Tunnelblick supports the option to connect to multiple OpenVPN servers simultaneously, which can cause connection issues if not configured correctly. You must not implement conflicting routes and subnets. Unlike on Windows platform, however, you don’t need to add multiple virtual network adapters because they are provisioned automatically.

Tunnelblick also supports drag-and-drop for adding OpenVPN connection profiles, which can be .conf or .ovpn file extensions. For example, you can download a user-locked or auto-login profile from the OpenVPN Access Server web interface and drag-and-drop it on the Tunnelblick icon. The system tray menu then shows you the options for using the connection profile. Tunnelblick doesn’t support client-side scripting, importing connection profiles directly from an Access Server, or connecting with a server-locked profile.

Alternative OpenVPN client: Viscosity

Viscosity is a third-party OpenVPN client that is created by SparkLabs. Viscosity is available for Windows and macOS and is compatible with OpenVPN Access Server.

Other client GUI projects

There are many VPN clients built for the OpenVPN protocol that will also work with OpenVPN Access Server. Refer to the community website for the current list.

Helpful Resources

For further information on VPN configuration details, refer to this documentation:

Источник

OpenVPN Connect for Mac OS

This is the official OpenVPN Connect client software for Mac OS developed and maintained by OpenVPN Inc. This is the recommended client program for the OpenVPN Access Server. The latest version of OpenVPN Connect client for Mac is available on our website.

If you have an OpenVPN Access Server, it is recommended to download the OpenVPN Connect client software directly from your own Access Server, as it will then come preconfigured for use. The version available here contains no configuration to make a connection, although it can be used to update an existing installation and retain settings.

sha256 signature: 221fe99f9eaa998a2f39f02ffdb16005eb5fae890dce1c1474bbd4b5fa691171

For mac OS versions titled Yosemite, El Capitan, Sierra, High Sierra, Mojave, Catalina, Big Sur, and Monterey.

Previous generation OpenVPN Connect V2 is available here:

sha256 signature: 2b49e35d0c1b8ee83d1b7067e07f382beacb626e8f5bb7d75fe92debeda42dbc

The Interface

Our latest line of OpenVPN Connect software available for the major platforms features a new and improved user interface, making the experience of installing and using the OpenVPN software a snap. With an easy to use import feature you can import profiles straight from your OpenVPN Access Server or just import a saved profile from disk.

Frequently Asked Questions

Can the new and old client co-exist?

Yes, you may continue to use both v2 and v3 on the same connect device and import the profiles desired into each. If you like, you can run either one or both.

Can i connect to multiple servers at the same time?

No, the client cannot connect to multiple servers at once. It does support multiple connection profiles, giving you the option to switch easily from one server to the next, but you can only be connected to one at a time. This is by design, to prevent unexpected traffic paths when connecting to multiple VPN servers at the same time. If you are a system administrator and you require a complex setup where multiple connections are active at the same time, there is the option to use the open source community OpenVPN client software available from our website.

Is the old client still available?

The OpenVPN client v1 was called “OpenVPN Desktop Client” and is no longer available. It is also not safe to use this anymore as it hasn’t been maintained for many years. It was replaced with the OpenVPN client v2. The OpenVPN client v2 is called “OpenVPN Connect Client” and has been in use for many years. It is still available from our website and offered in the OpenVPN Access Server client web interface itself. The OpenVPN client v3 is called “OpenVPN Connect” and is the latest generation of our software. It is available on our website as a beta version, and will be included soon in Access Server releases.

Where can I get this for other OS?

Should I use this client or the client from my instance of Access Server?

This is the official OpenVPN Connect software for Windows workstation platforms developed and maintained by OpenVPN Inc. This is the recommended client program for the OpenVPN Access Server. The latest versions are available on our website. If you have an OpenVPN Access Server, you can download the OpenVPN Connect client software directly from your own Access Server, and it will then come pre-configured for use. The version available here contains no configuration to make a connection, although it can be used to update an existing installation and retain settings.

How do I install the Mac client?

1. Download the DMG file
2. Open the file and double click the box icon to begin the installation.
3. Give permissions to install on your Mac by entering your credentials when prompted.
4. Click Close when you get the “installation was successful” message.
5. You can move or keep the OpenVPN Connect installer, simply choose the appropriate action when prompted.
6. Open the Launchpad app from the app bar and click on OpenVPN Connect to send it to your app bar.
7. Click on the icon to start the Onboarding Tour.
8. Review how to import a profile from a server by entering the Access Server Hostname and credentials or uploading a profile from your computer.
9. Agree to the data collection use and retention policies after reviewing them.
10. Import a profile, either from the server or from file.

How do I install the client directly from my Access Server?

Directions found here for installing the client directly from Access Server for your macOS computer. This install is preconfigured with your connection settings from your server.

How do I import a profile from a server?

1. From the OpenVPN Connect UI, choose “Import from Server”.
2. Enter your Access Server Hostname, Title, Port (optional), and your credentials—username and password.
3. Click Add.
4. If you choose to Import autologin profile, it is less secure, but you won’t need to re-enter credentials.

How do I import a profile from my computer?

1. Choose “Import from File”.
2. Drag and drop a .OVPN file or click on Browse to navigate to the location on your computer.
3. The message displays that the profile is successfully imported and displays the hostname and the title. You can change the title if desired.
4. Click on Add to complete the import.

Why did I receive an error message that TAP mode is not supported when importing a profile?

Layer 2 bridging (TAP) is no longer supported. Switch over to TUN Mode to resolve this issue.

Why am I getting a certificate error? How can I fix using a self-signed certificate?

OpenVPN Access Server starts with a self-signed certificate. With this, you will receive warnings from your web browser about the site not being secure as well as a certificate error when importing a profile with the Connect Client. You can simply override the warnings or add an exception for your web browser. To resolve this, you can set up a DNS host name that resolves to the public address of your Access Server and install a valid SSL certificate that corresponds to that DNS host name. Going forward, you would use that hostname to access your server instead of the IP address. This is also the recommended method as validated SSL certificates can only ever function with a valid public DNS hostname.

Where do I find my Access Server Hostname and credentials?

Your Access Server Hostname is the address at which your Access Server can be reached. For example it could be https://vpn.yourcompany.com/. If a DNS hostname is not set up, it is also possible to specify the IP address where your Access Server. For example:https://55.193.55.55 Your credentials are your username and password. You may need to get that information from your Access Server administrator if you don’t know it.

What do I enter for “Title”?

Title is the name for the profile. It is automatically defined as the username with the hostname or IP address(example: user1@hostname). It differentiates between multiple profiles. You can define it manually as well. The title can be anything you want is just so you can see which profile is which.

What does “import autologin profile” mean?

Choosing this option allows you to import an autologin profile with the address and credentials for your Access Server, then simply start the connection with the tap of a button. You would not need to re-enter credentials each time you connect. The autoprofile itself contains an embedded secure certificate that identifies and authorizes your connection automatically. It is an optional setting on the OpenVPN Access Server that the administrator of the server can choose to make available to you. If you find you cannot import the autologin profile, your administrator may not have allowed autologin through user permissions.

Why did I get this message: “In this version compression was disabled by default. If you need it, please re-enable this setting.”

During investigation of a vulnerability called VORACLE, it was found that using compression to make the data that goes through the VPN tunnel smaller, and thus faster, has an adverse effect on security. To learn more about this see our security notification on our website regarding the VORACLE attack vulnerability. In order to protect our customers, we are disabling compression by default. Some servers of the open source variety can be configured in such a way that the client must do compression, or else the client may not connect successfully. In such a case, you should get the server updated to disable compression. But we understand that this is not always possible, and you may need to be able to connect to such a server. In that event you can go into the settings and re-enable compression.

Источник