Using OpenVPN from commandLine on Mac OS

[courtesy Topdog:http://www.topdog.za.net/2013/01/31/commandline-openvpn-client-on-mac-osx-with-macports/%5D

Most people use TunnelBrick to setup OpenVPN client connections on Mac OSX, i prefer using the command line.

To get OpenVPN up and running off the command line is a simple process. The commands below need to be run as a privileged user if your root account is not enabled use sudo to run the commands.

[Note: Most of below command make use of mac utility called MacPorts (http://www.macports.org/index.php). So you need to install it first from the above link]

Install OpenVPN

To install OpenVPN 2 from macports run:

port install openvpn2

Install TunTap

To install TunTap from macports run:

port install tuntaposx

Configure it to startup at boot:

launchctl load -w /Library/LaunchDaemons/org.macports.tuntaposx.plist

You need TunTap as it allows you to create virtual interfaces using the supplied kernel extensions. If you don’t install TunTap you will get the error Cannot allocate TUN/TAP dev dynamically when you try and make a OpenVPN connection.

Configuration

Create a directory to hold your configuration and keys.

mkdir /opt/local/etc/openvpn

Place your keys and configuration files in /opt/local/etc/openvpn/

A sample client configuration is provided below.

client
dev tun
proto udp
remote vpn.home.topdog-software.com 1194
nobind
resolv-retry infinite
tls-client
ca /opt/local/etc/openvpn/ca.crt
cert /opt/local/etc/openvpn/client.crt
key /opt/local/etc/openvpn/client.key
ns-cert-type server
cipher BF-CBC
tls-cipher DHE-RSA-AES256-SHA
tls-remote vpn.home.topdog-software.com
tls-auth /opt/local/etc/openvpn/tls-auth.key 1
remote-cert-tls server
comp-lzo
persist-key
persist-tun
mute-replay-warnings
verb 3
mlock

Followings were the changes that I made in my company provided configuration file:

First change

# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one.  On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MYTAP [I comment it by using semi-colon]

Second Change

# SSL/TLS parms.
# See the server config file for more
# description.  It’s best to use
# a separate .crt/.key file pair
# for each client.  A single ca
# file can be used for all clients.
ca /opt/local/etc/openvpn/ca.crt [I provided absolute file name instead of relative ones]
cert /opt/local/etc/openvpn/iraza.crt [I provided absolute file name instead of relative ones]
key /opt/local/etc/openvpn/iraza.key [I provided absolute file name instead of relative ones]

 

Connecting

To connect simply run:

openvpn2 --config /opt/local/etc/openvpn/openvpn.conf
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s