Features

• Supports WireGuard or OpenVPN protocols.
• Supports GUI or CLI (command-line interface).
• WireGuard privacy controls - Define automatic key and IP address rotation schedule.
• AntiTracker that blocks ads, adware, malicious websites and data harvesting trackers.
• Firewall / killswitch - Ability to configure as on-demand or always-on. Offers comprehensive protection against DNS, IPv6, disconnection and WebRTC leaks.
• Ability to define trusted Wi-Fi networks and create rules for automatic VPN connection/disconnection.
• Multi-hop VPN routes. Connect through multiple servers in separate jurisdictions for enhanced privacy.
• Allow LAN traffic when connected to VPN.
• Port forwarding for OpenVPN, reserved on all servers.
• Pause VPN for when disabling VPN connection temporarily is required.
• Obfsproxy option to circumvent censorship.
• Auto-update.
• Auto-connect on launch / on joining insecure Wi-Fi.

Alternative OpenVPN open source client: Tunnelblick. The open source project also has a client for macOS called Tunnelblick. Tunnelblick supports the option to connect to multiple OpenVPN servers simultaneously, which can cause connection issues if not configured correctly. You must not implement conflicting routes and subnets. Sep 17, 2020 There are three client options for Mac OS X.: The OpenVPN command line client. Most users prefer a graphical client, so this option will not be covered. Tunnelblick, a free option available for download at the Tunnelblick Website. The commercial Viscosity client. At the time of this writing, it costs $14 USD for a single seat.

Mac OS X OpenVPN - VPN Manual Configuration NOT SUPPORTED. Mac OS X does not have native support for VPN using the OpenVPN protocol. In order to use VyprVPN with the OpenVPN protocol, you will need to download and install VyprVPN for Mac or use an OpenVPN client such as Viscosity or Tunnelblick.

Manual configuration

If you prefer not to use the IVPN app please follow the relevant setup guide below.

If you are using OpenVPN download the latest OpenVPN UDP or TCP configuration files. In most cases, you want to use the UDP Protocol.

Download legacy version

Download IVPN-2.12.17.dmg
SHA256: 0fd09967482f53c801dc55eaf23a88ad341da37f58d70d9c9e24c2e5aeb36c22

How to set up OpenVPN Client Mac on your Macbook? Let’s download OpenVPN OS X on your Mac and this guide describes the configuration of OpenVPN on Mac OS X. Click on “Connect totovps” in the drop down. Step 13: Enter “Username” & “Password” then click “OK”. Step 14: TotoVPS is connected.

1. Setup Tunnelblick (macOS 10.5+) OpenVPN. Download the latest Tunnelblick Application. Launch the Tunnelblick Installer you downloaded. A window will pop up with 'Tunnelblick' and 'Online documentation' files listed. Double click the 'Tunnelblick' Icon. You may receive security warnings when executing the application, ignore these and click 'Open'.
2. Login with your IAS username and password, the website will download the client. Open the client installer from your Downloads Open the 'OpenVPN Connect Installer.pkg' file. The installer will open (possibly under your other open windows).
3. Download and install an OpenVPN client for Mac OS X. Download your VPN client config file (called 'client.ovpn'). Run the OpenVPN client with the downloaded client config file. A popular OpenVPN client for Mac OS X is Tunnelblick.

Important

Netgate is offering COVID-19 aid for pfSense software users, learn more.

The easiest way to configure an OpenVPN client on most platforms is to use theOpenVPN Client Export Package on the pfSense® firewall.

Install the OpenVPN Client Export Utility package as follows:

• Navigate to System > Packages

• Locate the OpenVPN Client Export package in the list

• Click Install next to that package listing to install

Once installed, it can be found at VPN > OpenVPN, on the Client Exporttab.

The options for the package include:

Pick the OpenVPN server instance for which a client willbe exported. If there is only one OpenVPN remote access server there willonly be one choice in the list. The list will be empty if there are no RemoteAccess mode OpenVPN servers.

Controls how the “remote” entry the client is formatted.

When chosen, the interface IP address is useddirectly. This is typically the best choice for installations with astatic IP address on WAN.

This option is useful when redirecting multipleports using port forwards for deployments that utilize multi-WAN ormultiple ports on the same WAN. It will seek out and make entries for allport forwards that target the server and use the destination IP addressused on the port forward in the client configuration.

Similar to the previous option, but ituses the first Dynamic DNS entry it finds that matches the chosendestination.

Places the firewall’s hostname, defined underSystem > General Setup, into the client configuration. The hostnamemust exist in public DNS so it can be resolved by clients.

Each Dynamic DNS hostname configured on thefirewall is listed here. These are typically the best choice for running aserver on a single WAN with a dynamic IP address.

Presents a text box in which a hostname or IP address can be enteredfor the client to use.

Specifies how the client will verify the identity of theserver certificate. The CN of the server certificate is placed in the clientconfiguration, so that if another valid certificate pretends to be the serverwith a different CN, it will not match and the client will refuse toconnect.

This is the best forcurrent clients. Older methods have been deprecated since this method ismore accurate and flexible.

This can work on older clients (OpenVPN 2.2.x orearlier) but it will break newer clients as the option has beendeprecated.

Openvpn Download Mac Os X

Works the same as tls-remote butadds quotes around the CN to help some clients cope with spaces in the CN.

Disables client verification of the servercertificate common name.

For current clients, the default (checked) is best,otherwise two OpenVPN connections cannot be run simultaneously on the clientdevice. Some older clients do not support this, however.

Openvpn Macos Dmg

Under Certificate Export Options, forexported installer clients this will place the CA and user certificate inMicrosoft’s certificate storage rather than using the files directly.

Openvpn Mac Os X download free. full

When checked, enter aPassword and confirm it, then the certificates and keys supplied to theclient will be protected with a password. If the OpenVPN server is configuredfor user authentication this will cause users to see two different passwordprompts when loading the client: One to decrypt the keys and certificates,and another for the server’s user authentication upon connecting.

If the client will be located behind a proxy, check Use proxy tocommunicate with the server and then supply a Proxy Type, IPAddress, Port, and Proxy Authentication with credentials if needed.

When checked, this option will bundle the Windows installerwith OpenVPNManager GUI in addition to the normal Windows client. Thisalternate GUI manages the OpenVPN service in such a way that it does notrequire administrator-level privileges once installed.

Any extra configuration options needed forthe client may be placed in this entry box. This is roughly equivalent to theAdvanced options box on the OpenVPN configuration screens, but from theperspective of the client.

Note

There is no mechanism to save these settings, so they must be checkedand set each time the page is visited.

Client Install Packages List¶

Under Client Install Packages is a list of potential clients to export. Thecontents of the list depend on how the server is configured and which users andcertificates are present on the firewall.

The following list describes how the server configuration style affects the listin the package:

User certificates are listed which are made from thesame CA as the OpenVPN server

User entries are listed forlocal users which also have an associated certificate made from the same CAas the OpenVPN server.

Because the usersare remote, user certificates are listed which are made from the same CA asthe OpenVPN server. It is assumed that the username is the same as the commonname of the certificate.

A singleconfiguration entry is shown for all users since there are no per-usercertificates.

The example setup from the wizard made previously in this chapter was forSSL/TLS + User Auth with Local Users, so one entry is shown per user on thesystem which has a certificate created from the same CA as the OpenVPN server.

Note

If no users are shown, or if a specific user is missing from the list,the user does not exist or the user does not have an appropriate certificate.See Local Users for the correct procedure to create auser and certificate.

Client Install Package Types¶

Numerous options are listed for each client that export the configuration andassociated files in different ways. Each one accommodates a different potentialclient type.

Standard Configurations¶

Openvpn Connect Client Mac Os X Download El Capitan

Downloads a ZIP archive containing the configuration file, theserver’s TLS key if defined, and a PKCS#12 file which contains the CAcertificate, client key, and client certificate. This option is usablewith Linux clients or Tunnelblick, among others.

Downloads only the basic configuration file, no certificates orkeys. This would mainly be used to see the configuration file itself withoutdownloading the other information.

Inline Configurations¶

This choice downloads a single configuration file with the certificates and keysinline. This format is ideal for use on all platforms, especially Android andiOS clients or for manually copying a configuration to a system that already hasa client installed. This option will work for any client type based on OpenVPNversion 2.1 or newer.

Used with the Android OpenVPN client mentioned inInstalling the OpenVPN Client on Android.

Used with the OpenVPN Connect client on iOS orAndroid described in Installing the OpenVPN Client on iOS.

Usable by any standard OpenVPN client on platforms such as Windows, OSX, or BSD/Linux. It also works well with Tunnelblick on OS X, simply downloadthe inline config and drag it into the configurations folder forTunnelblick.

SIP Phone archives¶

If the OpenVPN server is configured as SSL/TLS only without authentication thenoptions will appear to export client configurations for several models of SIPhandsets that support OpenVPN. Notable examples are the Yealink T28 and T38G,and SNOM phones. Installing the client to the phone varies by model, check themanufacturer’s documentation for more information.

Note

Ensure the phone has a proper clock setup and/or NTP server, otherwisethe certificates will fail to validate and the VPN will not connect.

Warning

Typically these handsets only support the use of SHA1 as acertificate hash. Ensure the CA, server certificate, and client certificatesare all generated using SHA1 or they may fail. They may also only support alimited set of encryption algorithms such as AES-128-CBC. Consult the phonedocumentation for details.

Windows Installers¶

The Windows Installer options create a simple-to-use executable installer filewhich contains the OpenVPN client with the configuration data embedded. Theinstaller runs like the normal Windows OpenVPN client installer, but it alsocopies all of the settings and certificates needed. SeeInstalling the OpenVPN Client on Windows below for some notes on how to install andrun the Windows client.

Currently, there are four options available:

32-bit installer usable on Windows XP and later

Mac Os X Download Iso

64-bit installer usable on Windows XP and later

32-bit installer usable on Windows Vista and later and includes anewer tap driver

64-bit installer usable on Windows Vista and later and includes anewer tap driver

Note

Openvpn Mac Os X Download 10 11 6

Be sure to click next/finish all the way through the installationprocess. Do not click cancel or X out the install at any step, or the clientsystem may be left with the client installed but no imported configuration.

Warning

On Windows Vista, 7, 8, 10 and later with UAC (User AccountControl) enabled, the client must be run as Administrator. Right clickthe OpenVPN GUI icon and click Run as Administrator for it to work. Itcan connect without administrative rights, but it cannot add the route neededto direct traffic over the OpenVPN connection, leaving it unusable. Theproperties of the shortcut may be set to always launch the program asAdministrator. This option is found on the Compatibility tab of theshortcut properties. One way around that requirement is to checkOpenVPNManager before exporting to use an alternate OpenVPN managementGUI on Windows.

The Viscosity client is also available for Windows and it does not requireadministrative privileges to run properly.

Viscosity Bundle¶

This works like the configuration archive above, but is for the ViscosityOpenVPN client used in OS X and Windows. If the Viscosity client is alreadyinstalled, download this bundle and click it to import it into the client.