8/10/2012

Connecting to OpenVPN from a Mac using Tunnelblink

To connect to an OpenVPN server you need an appropriate OpenVPN client installed to establish the SSL link. For Apple Mac OS X systems, TunnelBlick (http://code.google.com/p/tunnelblick/) is a good graphical user interface. At the time of this blog the current latest stable version of TunnelBlick available was 3.2.7. These instructions were executed on an Apple iMac running Mac OS X 10.7.4. As with all other posts on this blog, the purpose of this post is not to provide a tutorial, but instead to documents the steps taken, for my own benefit.

Download and install Tunnelblink

  1. Download the latest stable version of TunnelBlick (3.2.7).
  2. Click on the downloaded dmg package file to mount it.
  3. Once the Tunnelblink window is open double-click the Tunnelblink.app icon
  4. A warning may be displayed to indicate that the package may be unsafe as it was downloaded, continue by clicking the "Open" button
  5. Enter the system administrator credentials to start the install
  6. Once installation is completed, the installation succeeded window will be displayed, click the "Quit" button
  7. Close the Tunnelblink window, and eject the dmg package
  8. Start the Tunnelblink GUI by going to Applications and clicking Tunnelblink.app
  9. You should see a Tunnelblink icon up the top
The first time you start the Tunnelblink application
  1. A warning may be displayed to indicate that the package may be unsafe as it was downloaded, continue by clicking "Open" button
  2. When prompted, click on the "I have configuration files" button
Setting up the OpenVPN connection
  1. Then click on "OpenVPN Configuration(s)" button
  2. Select the "Create Tunnelblick VPN Configuration" button to generate a configuration based on your OpenVPN configuration files
  3. Take a note of the instructions in the dialog box and Click the "Done" button
  4. You may be prompted for automatic updates
    1. To prevent your system details (although it is anonymous) from being transmitted, uncheck the "Include anonymous system profile" 
    2. Then click on "Check Automatically" button to enable automatic checking of updates
  5. You should have a directory called "Empty Tunnelblick VPN Configuration" on your desktop
  6. Get the CA certificate (ca.crt), your private key (I used MACHINE.key as an example) and certificate (e.g. MACHINE.crt) and your client configuration file (this may be something like client.ovpn or client.conf). These should be provided by your network administrator.
    1. ca.crt
    2. MACHINE.crt
    3. MACHINE.key
    4. client-config.ovpn
  7. Copy or move the files above into the directory on your desktop
  8. Rename the directory into something meaningful with a .tblk extension, e.g. Office-VPN.tblk
  9. When prompted to add the .tblk extension click on the "Add" button, you should see the directory icon change to a Tunnelblink icon
  10. Double-click the renamed directory to install the configuration
  11. When prompted to continue the installation click the "Only Me" button
  12. Enter the system administrator credentials to complete the install
  13. Once installed, click the "OK button"
Changing DNS settings
  1. Right click on the Tunnelblink icon up the top
  2. Select VPN Details, then select the VPN connection you wish to edit, e.g. "Office-VPN"
  3. Select the "Settings" option on the middle of the window
  4. Change the "Set DNS/WINS" option to suit, e.g. You may want to disable DNS changes to be pushed through from the VPN tunnel, thus to use your existing nameserver configuration select "Do not set nameserver"
Connecting to the VPN

  1. Once Tunnelblink has been installed and the configuration completed
  2. Right click the Tunnelblink icon up the top
  3. You should see the VPN connection, e.g. "Connect Office-VPN", select it to connect

Disconnecting from the VPN

  1. Once the VPN connection has been established and you wish to disconnect
  2. Right click the Tunnelblink icon up the top
  3. You should see the VPN connection, e.g. "Disconnect Office-VPN", select it to disconnect
Here is a sample client configuration file for reference, substitute the SERVER, PORT and MACHINE as appropriate
client
dev tun
proto udp
remote SERVER PORT
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert MACHINE.crt
key MACHINE.key
comp-lzo
verb 3
; the following lines are needed for Windows Vista, 7 and 8 machines, not needed for Windows XP
route-method exe
route-delay 2


References:

  1. http://code.google.com/p/tunnelblick/

No comments:

Post a Comment