Using OpenVPN from commandLine on Mac OS

[courtesy Topdog:

Most people use TunnelBrick to setup OpenVPN client connections on Mac OSX, i prefer using the command line.

To get OpenVPN up and running off the command line is a simple process. The commands below need to be run as a privileged user if your root account is not enabled use sudo to run the commands.

[Note: Most of below command make use of mac utility called MacPorts ( So you need to install it first from the above link]

Install OpenVPN

To install OpenVPN 2 from macports run:

port install openvpn2

Install TunTap

To install TunTap from macports run:

port install tuntaposx

Configure it to startup at boot:

launchctl load -w /Library/LaunchDaemons/org.macports.tuntaposx.plist

You need TunTap as it allows you to create virtual interfaces using the supplied kernel extensions. If you don’t install TunTap you will get the error Cannot allocate TUN/TAP dev dynamically when you try and make a OpenVPN connection.


Create a directory to hold your configuration and keys.

mkdir /opt/local/etc/openvpn

Place your keys and configuration files in /opt/local/etc/openvpn/

A sample client configuration is provided below.

dev tun
proto udp
remote 1194
resolv-retry infinite
ca /opt/local/etc/openvpn/ca.crt
cert /opt/local/etc/openvpn/client.crt
key /opt/local/etc/openvpn/client.key
ns-cert-type server
cipher BF-CBC
tls-cipher DHE-RSA-AES256-SHA
tls-auth /opt/local/etc/openvpn/tls-auth.key 1
remote-cert-tls server
verb 3

Followings were the changes that I made in my company provided configuration file:

First change

# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one.  On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MYTAP [I comment it by using semi-colon]

Second Change

# SSL/TLS parms.
# See the server config file for more
# description.  It’s best to use
# a separate .crt/.key file pair
# for each client.  A single ca
# file can be used for all clients.
ca /opt/local/etc/openvpn/ca.crt [I provided absolute file name instead of relative ones]
cert /opt/local/etc/openvpn/iraza.crt [I provided absolute file name instead of relative ones]
key /opt/local/etc/openvpn/iraza.key [I provided absolute file name instead of relative ones]



To connect simply run:

openvpn2 --config /opt/local/etc/openvpn/openvpn.conf

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s