Most people use TunnelBrick to setup OpenVPN client connections on Mac OSX, i prefer using the command line.
To get OpenVPN up and running off the command line is a simple process. The commands below need to be run as a privileged user if your root account is not enabled use sudo to run the commands.
[Note: Most of below command make use of mac utility called MacPorts (http://www.macports.org/index.php). So you need to install it first from the above link]
To install OpenVPN 2 from macports run:
port install openvpn2
To install TunTap from macports run:
port install tuntaposx
Configure it to startup at boot:
launchctl load -w /Library/LaunchDaemons/org.macports.tuntaposx.plist
You need TunTap as it allows you to create virtual interfaces using the supplied kernel extensions. If you don’t install TunTap you will get the error Cannot allocate TUN/TAP dev dynamically when you try and make a OpenVPN connection.
Create a directory to hold your configuration and keys.
Place your keys and configuration files in /opt/local/etc/openvpn/
A sample client configuration is provided below.
client dev tun proto udp remote vpn.home.topdog-software.com 1194 nobind resolv-retry infinite tls-client ca /opt/local/etc/openvpn/ca.crt cert /opt/local/etc/openvpn/client.crt key /opt/local/etc/openvpn/client.key ns-cert-type server cipher BF-CBC tls-cipher DHE-RSA-AES256-SHA tls-remote vpn.home.topdog-software.com tls-auth /opt/local/etc/openvpn/tls-auth.key 1 remote-cert-tls server comp-lzo persist-key persist-tun mute-replay-warnings verb 3 mlock
Followings were the changes that I made in my company provided configuration file:
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MYTAP [I comment it by using semi-colon]
# SSL/TLS parms.
# See the server config file for more
# description. It’s best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
ca /opt/local/etc/openvpn/ca.crt [I provided absolute file name instead of relative ones]
cert /opt/local/etc/openvpn/iraza.crt [I provided absolute file name instead of relative ones]
key /opt/local/etc/openvpn/iraza.key [I provided absolute file name instead of relative ones]
To connect simply run:
openvpn2 --config /opt/local/etc/openvpn/openvpn.conf