Project

General

Profile

Actions

Tunnelblick - OpenVPN GUI for MacOSX

A Graphical User Interface for OpenVPN on Mac OS X is a package called Tunnelblick.

To install this GUI, follow the steps below:

1) Download the package from the site http://code.google.com/p/tunnelblick/. It is a disk image file which contains the GUI, the OpenVPN software, and some documentation;
2) Double-click on the .dmg file;
3) A Finder window appears on the desktop. The window contains Tunnelblick.app. Double-click it;
4) A dialog box will ask you to confirm that you wish to install Tunnelblick.app to Applications. Click the Install button;
5) A dialog box will ask if you wish to launch Tunnelblick. Click the Launch button;
6) A dialog box will ask for an administrator username/password to secure Tunnelblick. Type administrator credentials and click the OK button;
7) A dialog box will appear welcoming you to Tunnelblick. Click the Create and open configuration folder button;
8) A Finder window will open with the configuration folder. The window will contain only an alias to Tunnelblick.app. Drag the files t2.ovpn and CA.pem to the window. If you don't know how to obtain these two files, please read the section The configuration file of OpenVPN
9) Double-click on the Launch Tunnelblick alias;
10) A dialog box will appear asking if you wish to check for updates to Tunnelblick automatically. Click Check Automatically or Don't Check, as you prefer;
11) Tunnelblick is now installed. Its icon appears near the clock. Click on the Tunnelblick icon, then select the [Details...] item;
12) Start the VPN connection by clicking on the Tunnelblick icon near the clock and selecting the Connect 'ciop' item;
13) A dialog box will appear asking for an administrator username/password to secure the configuration file. Type administrator credentials and click OK;

In the case in which there are connection problems, select the item [Details...] to check the OpenVPN's log messages.
If you want to verify that the IP address that the VPN server has assigned to you, actually belongs to the remote LAN with which you are connected, you have to open a Mac OS X Terminal and at the prompt of the shell type the command:

ifconfig tun0

the result looks like this:
tun0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 10.12.0.6 netmask 0xffffff00 broadcast 10.12.0.255
ether b6:da:d9:91:22:ff
open (pid 368)
The line that starts with inet show you that the VPN IP address assigned to you is 12.10.0.6 (by default CIOP issues IP addresses which belong to the subnet 10.12.0.0/24 with 10.12.0.1 as Default Gateway). To be sure that the IP traffic is actually routed across the VPN and hence encrypted, you must check that the IP Address and the Default Gateway assigned to the TUN Virtual Interface belong to the remote LAN you are connected. To better check this condition, you could also use the traceroute -n <Remote IP Address> command: if the first hop that is printed belongs to a subnet of the remote LAN (192.168.250.254 by default) then your VPN works fine and the traffic that reaches the remote site is encrypted across Internet.

Updated by Herve Caumont over 11 years ago · 1 revisions