Important
Mac OS X 10.13 (High Sierra) and later; Free Security Suite for Mac. With the use of our best Mac VPN client software, you are benefiting from 30 years of experience in computer security “Made in Germany”. Leave the minimum number of traces and conceal your real IP address. To use Tunnelblick you need access to a VPN server: your computer is one end of the tunnel and the VPN server is the other end. For more information, see Getting VPN Service. Tunnelblick is licensed under the GNU General Public License, version 2 and may be distributed.
VPN for Mac features. Our new macOS app provides a highly secure (yet easy-to-use) alternative to OpenVPN applications like Tunnelblick. If you have used our apps for Android or Windows, you will recognize many of the features in our macOS VPN client. This document will guide you throught the installation process of OpenVPN for Mac OS X. For other operating systems, visit here. Remote access requires the use of Multi-Factor Authentication. If you haven't set this up for your IAS account, please see our information page or contact the Computing Helpdesk for DuoSecurity before continuing.
Netgate is offering COVID-19 aid for pfSense software users, learn more.
There are three client options for Mac OS X.:
- The OpenVPN command line client. Most users prefer a graphical client, so thisoption will not be covered.
- Tunnelblick, a free option available for download at the Tunnelblick Website.
- The commercial Viscosity client. At the time of this writing, it costs $14USD for a single seat. If OpenVPN is used frequently, Viscosity is a muchnicer client and well worth the cost.
Both Tunnelblick and Viscosity are easily installed, with no configurationoptions during installation.
Configuring Viscosity¶
When using the Viscosity client, it can be configured manually or the OpenVPNClient Export package may be used to import the configuration. Viscosityprovides a GUI configuration tool that can be used to generate the underlyingOpenVPN client configuration. The CA and certificates can be imported manually,and all of the parameters can be set by hand. This section cover importing aViscosity bundle from the export package.
Openvpn Server For Mac Os X
- Download a copy of the Viscosity bundle for the client from the OpenVPNClient Export package
- Locate the saved file, which will end in
.visc.zip
indicating that it is acompressed archive - Copy this exported bundle to a folder on the Mac
- Double click this file and it will expand to
Viscosity.visc
- Double click
Viscosity.visc
and Viscosity will open and import theconnection as shown in Figure Viscosity Import
- Delete the
Viscosity.visc
directory and the.zip
archive - Viscosity will be running after import, and may be found in the menu bar
- Click the lock icon added to the menu bar at the top of the screen
- Click Preferences to check that the configuration was imported as shown inFigure Viscosity Preferences
Viscosity Preferences¶
- Check the Connections area to see if the connection imported successfullyas shown in Figure Viscosity View Connections.
- Close the Preferences screen
- Click the lock in the menu bar
- Click the name of the VPN connection to connect as shown in FigureViscosity Connect. After a few seconds, the lock in the menu barwill turn green to show it connected successfully.
Viscosity Connect¶
- Click on it and then click Details as shown in FigureViscosity Menu to see connection information
On the first screen (Figure Viscosity Details), the connectionstatus, connected time, the IP assigned to the client, and the IP of the serverare all displayed. A bandwidth graph is displayed at the bottom of the screen,showing the throughput in and out of the OpenVPN interface.
Viscosity Details¶
Openvpn Connect For Mac Os X
Clicking the up/down arrow button in the middle of the details screen displaysadditional network traffic statistics. This shows the traffic sent within thetunnel (TUN/TAP In and Out), as well as the total TCP or UDP traffic sentincluding the overhead of the tunnel and encryption. For connections usingprimarily small packets the overhead is considerable with all VPN solutions. Thestats shown in Figure Viscosity Details: Traffic Statistics are from only afew pings traversing the connection. The traffic sent in bringing up theconnection is also counted here, so the initial overhead is higher than what itwill be after being connected for some time. Also, the typical VPN traffic willhave larger packet sizes than 64 byte pings, making the total overhead anddifference between these two numbers considerably less.
Clicking on the third icon in the middle of the Details screen shows theOpenVPN log file (Figure Viscosity Details: Logs). If there is any troubleconnecting, review the logs here to help determine the problem. See alsoTroubleshooting OpenVPN.
Openvpn For Mac Os X
Viscosity Details: Logs¶