- This free Mac application is an intellectual property of OpenVPN. OpenVPN (OS X) for Mac lies within Internet & Network Tools, more precisely Network tools. The latest installation package takes up 1.7 MB on disk. This Mac download was checked by our built-in antivirus and was rated as virus free.
- Alternative: OpenVPN open source Tunnelblick program. The open source project has a client for the macOS operating system as well. It is called Tunnelblick and it is less limited in functionality than the OpenVPN Connect Client because it does support the option to connect to multiple OpenVPN servers at the same time.
1.Download and install Tunnelblick - OpenVPN client for Mac.
Download the latest version of Tunnelblick for Mac OS X here.
Setup OpenVPN on Mac OS X. After quick installation, Viscosity icon appears on your menu bar near the top right corner of the screen. Click the Viscosity icon located on your menu bar and choose “Preferences”. Download OpenVPN config file for Mac OS X. Now you need to download configuration file for OpenVPN on Mac.
2. Open the downloaded .dmg file by double-clicking it:
3.Double-click on the Tunnelblick icon:
6. Select 'I have configuration files':
7.Select and download the BoxPNOpenVPN protocol configurations files from here
8. To add the OpenVPN file to Tunnelblick simply right-click on the file, and select 'Open With' > 'Tunnelblick'
9. Select 'Only Me'
10. Enter your mac username and password and click 'OK'
11. Click on Tunnelblick icon and select your connection
12.Enter the following and click 'OK'
Username: Enter your BoxPN username
Password: Enter your BoxPN password
Once your connection is successful you will see the following window appear:
All of your online activities are now 100% secure and anonymous while connected to BoxPN.
If you have any questions, or experience any issues while installing and setting up your
Mac device to connect to the BoxPN VPN servers - please contactour Support Team anytime.
Netgate is offering COVID-19 aid for pfSense software users, learn more.
The easiest way to configure an OpenVPN client on most platforms is to use theOpenVPN Client Export Package on the pfSense® firewall.
Install the OpenVPN Client Export Utility package as follows:
Navigate to System > Packages
Locate the OpenVPN Client Export package in the list
Click Install next to that package listing to install
Once installed, it can be found at VPN > OpenVPN, on the Client Exporttab.
The options for the package include:
Pick the OpenVPN server instance for which a client willbe exported. If there is only one OpenVPN remote access server there willonly be one choice in the list. The list will be empty if there are no RemoteAccess mode OpenVPN servers.
Controls how the “remote” entry the client is formatted.
When chosen, the interface IP address is useddirectly. This is typically the best choice for installations with astatic IP address on WAN.
This option is useful when redirecting multipleports using port forwards for deployments that utilize multi-WAN ormultiple ports on the same WAN. It will seek out and make entries for allport forwards that target the server and use the destination IP addressused on the port forward in the client configuration.
Similar to the previous option, but ituses the first Dynamic DNS entry it finds that matches the chosendestination.
Places the firewall’s hostname, defined underSystem > General Setup, into the client configuration. The hostnamemust exist in public DNS so it can be resolved by clients.
Each Dynamic DNS hostname configured on thefirewall is listed here. These are typically the best choice for running aserver on a single WAN with a dynamic IP address.
Presents a text box in which a hostname or IP address can be enteredfor the client to use.
Specifies how the client will verify the identity of theserver certificate. The CN of the server certificate is placed in the clientconfiguration, so that if another valid certificate pretends to be the serverwith a different CN, it will not match and the client will refuse toconnect.
This is the best forcurrent clients. Older methods have been deprecated since this method ismore accurate and flexible.
This can work on older clients (OpenVPN 2.2.x orearlier) but it will break newer clients as the option has beendeprecated.
Works the same as tls-remote butadds quotes around the CN to help some clients cope with spaces in the CN.
Disables client verification of the servercertificate common name.
For current clients, the default (checked) is best,otherwise two OpenVPN connections cannot be run simultaneously on the clientdevice. Some older clients do not support this, however.
Under Certificate Export Options, forexported installer clients this will place the CA and user certificate inMicrosoft’s certificate storage rather than using the files directly.
When checked, enter aPassword and confirm it, then the certificates and keys supplied to theclient will be protected with a password. If the OpenVPN server is configuredfor user authentication this will cause users to see two different passwordprompts when loading the client: One to decrypt the keys and certificates,and another for the server’s user authentication upon connecting.
If the client will be located behind a proxy, check Use proxy tocommunicate with the server and then supply a Proxy Type, IPAddress, Port, and Proxy Authentication with credentials if needed.
When checked, this option will bundle the Windows installerwith OpenVPNManager GUI in addition to the normal Windows client. Thisalternate GUI manages the OpenVPN service in such a way that it does notrequire administrator-level privileges once installed.
Any extra configuration options needed forthe client may be placed in this entry box. This is roughly equivalent to theAdvanced options box on the OpenVPN configuration screens, but from theperspective of the client.
There is no mechanism to save these settings, so they must be checkedand set each time the page is visited.
Client Install Packages List¶
Under Client Install Packages is a list of potential clients to export. Thecontents of the list depend on how the server is configured and which users andcertificates are present on the firewall.
The following list describes how the server configuration style affects the listin the package:
User certificates are listed which are made from thesame CA as the OpenVPN server
User entries are listed forlocal users which also have an associated certificate made from the same CAas the OpenVPN server.
Because the usersare remote, user certificates are listed which are made from the same CA asthe OpenVPN server. It is assumed that the username is the same as the commonname of the certificate.
A singleconfiguration entry is shown for all users since there are no per-usercertificates.
The example setup from the wizard made previously in this chapter was forSSL/TLS + User Auth with Local Users, so one entry is shown per user on thesystem which has a certificate created from the same CA as the OpenVPN server.
If no users are shown, or if a specific user is missing from the list,the user does not exist or the user does not have an appropriate certificate.See Local Users for the correct procedure to create auser and certificate.
Client Install Package Types¶
Numerous options are listed for each client that export the configuration andassociated files in different ways. Each one accommodates a different potentialclient type.
Downloads a ZIP archive containing the configuration file, theserver’s TLS key if defined, and a PKCS#12 file which contains the CAcertificate, client key, and client certificate. This option is usablewith Linux clients or Tunnelblick, among others.
Mac Os Openvpn Client
Downloads only the basic configuration file, no certificates orkeys. This would mainly be used to see the configuration file itself withoutdownloading the other information.
This choice downloads a single configuration file with the certificates and keysinline. This format is ideal for use on all platforms, especially Android andiOS clients or for manually copying a configuration to a system that already hasa client installed. This option will work for any client type based on OpenVPNversion 2.1 or newer.
Used with the Android OpenVPN client mentioned inInstalling the OpenVPN Client on Android.
Used with the OpenVPN Connect client on iOS orAndroid described in Installing the OpenVPN Client on iOS.
Usable by any standard OpenVPN client on platforms such as Windows, OSX, or BSD/Linux. It also works well with Tunnelblick on OS X, simply downloadthe inline config and drag it into the configurations folder forTunnelblick.
SIP Phone archives¶
If the OpenVPN server is configured as SSL/TLS only without authentication thenoptions will appear to export client configurations for several models of SIPhandsets that support OpenVPN. Notable examples are the Yealink T28 and T38G,and SNOM phones. Installing the client to the phone varies by model, check themanufacturer’s documentation for more information.
Ensure the phone has a proper clock setup and/or NTP server, otherwisethe certificates will fail to validate and the VPN will not connect.
Typically these handsets only support the use of SHA1 as acertificate hash. Ensure the CA, server certificate, and client certificatesare all generated using SHA1 or they may fail. They may also only support alimited set of encryption algorithms such as AES-128-CBC. Consult the phonedocumentation for details.
The Windows Installer options create a simple-to-use executable installer filewhich contains the OpenVPN client with the configuration data embedded. Theinstaller runs like the normal Windows OpenVPN client installer, but it alsocopies all of the settings and certificates needed. SeeInstalling the OpenVPN Client on Windows below for some notes on how to install andrun the Windows client.
Currently, there are four options available:
32-bit installer usable on Windows XP and later
64-bit installer usable on Windows XP and later
32-bit installer usable on Windows Vista and later and includes anewer tap driver
64-bit installer usable on Windows Vista and later and includes anewer tap driver
Be sure to click next/finish all the way through the installationprocess. Do not click cancel or X out the install at any step, or the clientsystem may be left with the client installed but no imported configuration.
On Windows Vista, 7, 8, 10 and later with UAC (User AccountControl) enabled, the client must be run as Administrator. Right clickthe OpenVPN GUI icon and click Run as Administrator for it to work. Itcan connect without administrative rights, but it cannot add the route neededto direct traffic over the OpenVPN connection, leaving it unusable. Theproperties of the shortcut may be set to always launch the program asAdministrator. This option is found on the Compatibility tab of theshortcut properties. One way around that requirement is to checkOpenVPNManager before exporting to use an alternate OpenVPN managementGUI on Windows.
The Viscosity client is also available for Windows and it does not requireadministrative privileges to run properly.
Openvpn Mac Os Client Download
This works like the configuration archive above, but is for the ViscosityOpenVPN client used in OS X and Windows. If the Viscosity client is alreadyinstalled, download this bundle and click it to import it into the client.