• Stars
    star
    206
  • Rank 190,504 (Top 4 %)
  • Language
    Shell
  • License
    MIT License
  • Created almost 10 years ago
  • Updated almost 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

macOS OpenVPN Server and Client Configuration (OpenVPN, Tunnelblick, PF)

macos-openvpn-server

macOS OpenVPN Server and Client Configuration

This repo describes how to build an OpenVPN VPN server on macOS using pfctl and Tunnelblick.

This configuration provides a TLS-based VPN server using EC ed25519 certificates and UDP port 443, accessible by any OpenVPN client, especially iOS with the OpenVPN app.

OpenVPN iPad

Installation and Configuration Notes

  • Configuration for openvpn version 2.5 and easy-rsa version 3
  • Presumes latest macOS versions that use editable /etc/sysctl.conf to set:
net.inet.ip.forwarding=1
net.inet6.ip6.forwarding=1

This is known to work for macOS 11+. See previous versions of this repo for a launchctl-based approach

  • Uses Edwards curve ed25519 EC-based PKI for very fast VPN connections with 128-bit security

VPN Configuration Advantages

This OpenVPN configuration provides the following advantages:

  • Secure VPN networking for all mobile clients
  • Secure, certificate-based VPN
  • PF-based firewall security on the server
  • Privatizing Proxy Configuration for all mobile client devices
    • Mobile device networking through PF firewall security
    • Tracker blocking
    • Ad blocking
    • Malware blocking

Tunnelblick Configuration

Configure Tunnelblick settings so that the server connection persists over macOS Fast User Switching. Failure to do this is observed to cause routing problems beyond OpenVPN server accessibility. Use the recommended standard and advanced settings:

Tunnelblick Settings Advanced…
Tunnelblick Settings Tunnelblick Advanced Settings

More Repositories

1

isp-data-pollution

ISP Data Pollution to Protect Private Browsing History with Obfuscation
Python
544
star
2

macOS-Fortress

Firewall and Privatizing Proxy for Trackers, Attackers, Malware, Adware, and Spammers with Anti-Virus On-Demand and On-Access Scanning (PF, squid, privoxy, hphosts, dshield, emergingthreats, hostsfile, PAC file, clamav)
Shell
400
star
3

easylist-pac-privoxy

EasyList Tracker and Adblocks to Proxy Auto Configuration (PAC) File and Privoxy Actions and Filters
JavaScript
103
star
4

adblock2privoxy

Convert adblock config files to privoxy format
Haskell
90
star
5

etv-comskip

Commercial Marking and Skipping for EyeTV and iTunes Exports
AppleScript
47
star
6

macOS-clamAV

A simple macOS clamAV configuration with scheduled volume scans and on-access scans of user Downloads and Desktop directories
Shell
31
star
7

macOS-Open-Source-Server

macOS Open Source Server: An Open Source Version of macOS Server Services
21
star
8

matryoshka-name-tool

A recursive call of OS X's install_name_tool for shared library distributions
Python
15
star
9

sd-py

Schedules Direct JSON and XMLTV Python API
Python
7
star
10

midi-yamaha-modus-converter

Convert MIDI files for compatibility with a Yamaha Modus Piano
Python
5
star
11

HungarianPhrasebook

A Mastermind-like game for Pythonista
Python
3
star
12

Harvard-University-Metafont-Seal

Harvard's seal in Metafont
TeX
2
star
13

PS-resize-image

Photoshop Resize Image Script That Respects Landscape and Portrait Orientation
JavaScript
1
star
14

HP41-EIGEN

Characteristic equation and eigenvalues for matrix order 2,3,4,5 on the HP41
1
star