Obtain OpenVPN from http://openvpn.net/ and unpack the tarball. OpenVPN has 2 prerequisites, OpenSSL (encryption) and LZO (real-time compression). With Mac OS X 10.2 or higher, OpenSSL headers are included, so it should not be problem. LZO, is for a real-time compression. You can disable LZO with --disable-lzo Otherwise, install LZO. Once the prerequisites have worked out, build OpenVPN. An example:
./configure
make
make install (if not root, use sudo make install)
OpenVPN should be installed in /usr/local/sbin and ready to use.
Next up is installation of Tunnelblick. Download it from http://www.tunnelblick.net, mount the disk image and double click on "Tunnelblick-Complete.mpkg", which will install all the necessary drivers and software packages. You can start the program from the /Applications folder. It offers the sample configuration with necessary directives and samples. Make appropriate changes in the ~/Library/openvpn/openvpn.conf according to your needs.
Next step is to put all the certificate files in place. The certificates are received from the VPN server. Copy all certificates files to ~/Library/openvpn folder (this is where our openvpn.conf resides).
If you are accessing a remote network, and not just a single host, you need an "up" shell script to set the appropriate static routes. Download the OpenVPN TAP up-down script from:
Save it to ~/Library/openvpn, the folder where your Tunnelblick OpenVPN configuration lives.
You need to make the script executable.
sudo chmod +x ~/Library/openvpn/tap-up-down.sh
You need to edit your openvpn.conf to include these lines:
up ./tap-up-down.sh
down ./tap-up-down.sh
This about it as far as setup is concerned. It is now time to test our setup. Run Tunnelblick. If it successfully connects to the VPN server, the color of the icon will change to white from dark-grey. Upon failure, you can view the connection log by clicking on Tunnelblick icon on your menu bar (top-right) and click "Details...".
Hope this will help you to setup OpenVPN + Tunnelblick on your Mac OS X.
No comments:
Post a Comment