Comments on: Correct Way to set up OpenVPN Client on Mac OS X http://www.mccambridge.org/blog/2007/10/correct-way-to-set-up-openvpn-client-on-mac-os-x/ Thoughts, Projects, Happenings, Ideas Thu, 29 Jul 2010 15:36:37 +0000 hourly 1 http://wordpress.org/?v=3.0.1 By: Wes http://www.mccambridge.org/blog/2007/10/correct-way-to-set-up-openvpn-client-on-mac-os-x/comment-page-1/#comment-1611 Wes Wed, 21 Apr 2010 05:02:05 +0000 http://www.mccambridge.org/blog/2007/10/correct-way-to-set-up-openvpn-client-on-mac-os-x/#comment-1611 Using Tunnelblick 3.0 (Build 1437). If you have the "Set nameserver" flag in the UI set then up scripts are not executed. I added the following line to invoke the standard up script as part of tap-up-down.sh. You may have Tunnelblick installed in a different directory, so modify, as appropriate. up) # Invoke standard up script before setting tap0 to DHCP /Applications/Utilities/Tunnelblick.app/Contents/Resources/client.up.osx.sh $1 I've put something in the down) section, but I'm not sure it's needed. This is a known issue in the current Tunnelblick builds (http://code.google.com/p/tunnelblick/wiki/KnownIssues). Using Tunnelblick 3.0 (Build 1437). If you have the “Set nameserver” flag in the UI set then up scripts are not executed. I added the following line to invoke the standard up script as part of tap-up-down.sh. You may have Tunnelblick installed in a different directory, so modify, as appropriate.

up)
# Invoke standard up script before setting tap0 to DHCP
/Applications/Utilities/Tunnelblick.app/Contents/Resources/client.up.osx.sh $1

I’ve put something in the down) section, but I’m not sure it’s needed.

This is a known issue in the current Tunnelblick builds (http://code.google.com/p/tunnelblick/wiki/KnownIssues).

]]> By: Anonymous http://www.mccambridge.org/blog/2007/10/correct-way-to-set-up-openvpn-client-on-mac-os-x/comment-page-1/#comment-1587 Anonymous Wed, 24 Feb 2010 16:18:22 +0000 http://www.mccambridge.org/blog/2007/10/correct-way-to-set-up-openvpn-client-on-mac-os-x/#comment-1587 scutil –dns does not work on 10.4 scutil –dns does not work on 10.4

]]> By: Correct way to set up OpenVPN client on Mac OSX | Nixadmins.net http://www.mccambridge.org/blog/2007/10/correct-way-to-set-up-openvpn-client-on-mac-os-x/comment-page-1/#comment-1499 Correct way to set up OpenVPN client on Mac OSX | Nixadmins.net Sat, 24 Oct 2009 13:47:11 +0000 http://www.mccambridge.org/blog/2007/10/correct-way-to-set-up-openvpn-client-on-mac-os-x/#comment-1499 [...] So checkout the article at http://www.mccambridge.org/blog/2007/10/correct-way-to-set-up-openvpn-client-on-mac-os-x/ [...] [...] So checkout the article at http://www.mccambridge.org/blog/2007/10/correct-way-to-set-up-openvpn-client-on-mac-os-x/ [...]

]]> By: brent http://www.mccambridge.org/blog/2007/10/correct-way-to-set-up-openvpn-client-on-mac-os-x/comment-page-1/#comment-1186 brent Mon, 07 Jul 2008 18:50:38 +0000 http://www.mccambridge.org/blog/2007/10/correct-way-to-set-up-openvpn-client-on-mac-os-x/#comment-1186 We use the webmin plugin (OpenVPN + CA) to manage 3 instances of OpenVPN and two CAs. It's very easy to use - although requires that the CA reside on the OpenVPN server, which could lack some security. I would recommend it. We use the webmin plugin (OpenVPN + CA) to manage 3 instances of OpenVPN and two CAs. It’s very easy to use – although requires that the CA reside on the OpenVPN server, which could lack some security.
I would recommend it.

]]> By: Rola http://www.mccambridge.org/blog/2007/10/correct-way-to-set-up-openvpn-client-on-mac-os-x/comment-page-1/#comment-1178 Rola Wed, 18 Jun 2008 17:43:16 +0000 http://www.mccambridge.org/blog/2007/10/correct-way-to-set-up-openvpn-client-on-mac-os-x/#comment-1178 Hi. i'm just a beginner in using openvpn, let alone using it on mac os. Can anyone point me to where i can find some documentation on how to set up the Certificate Authority (CA) and generate certificates and keys for an OpenVPN server and client? Thanks Hi.

i’m just a beginner in using openvpn, let alone using it on mac os. Can anyone point me to where i can find some documentation on how to set up the Certificate Authority (CA) and generate certificates and keys for an OpenVPN server and client?

Thanks

]]> By: Hartleigh http://www.mccambridge.org/blog/2007/10/correct-way-to-set-up-openvpn-client-on-mac-os-x/comment-page-1/#comment-978 Hartleigh Thu, 24 Jan 2008 04:58:57 +0000 http://www.mccambridge.org/blog/2007/10/correct-way-to-set-up-openvpn-client-on-mac-os-x/#comment-978 Fixed it! I removed the down ./tap-up-down.sh line from the config file and now everything works as it should. Config file now looks like this... <i>verb 1 client dev tap proto udp remote xxx.xxx.xxx.xxx 1194 ca "ca.crt" tls-auth "ta.key" 1 comp-lzo auth-user-pass </i><i>up ./tap-up-down.sh</i> Fixed it!

I removed the down ./tap-up-down.sh line from the config file and now everything works as it should. Config file now looks like this…

verb 1
client
dev tap
proto udp
remote xxx.xxx.xxx.xxx 1194
ca “ca.crt”
tls-auth “ta.key” 1
comp-lzo
auth-user-pass
up ./tap-up-down.sh

]]> By: Hartleigh http://www.mccambridge.org/blog/2007/10/correct-way-to-set-up-openvpn-client-on-mac-os-x/comment-page-1/#comment-976 Hartleigh Thu, 24 Jan 2008 02:11:17 +0000 http://www.mccambridge.org/blog/2007/10/correct-way-to-set-up-openvpn-client-on-mac-os-x/#comment-976 Hi there, I am glad in a way that others are having problems with Tunnelblick... I am not able to get this fix working. I have saved the script you provided and made it executable... <i>ITD001:~/Library/openvpn hburton$ ls -la total 56 drwxr-xr-x 7 hburton hburton 238 Jan 24 12:01 . drwx------ 40 hburton hburton 1360 Jan 24 08:03 .. -rw-r--r-- 1 hburton hburton 6148 Jan 24 10:49 .DS_Store -rwxrwxrwx 1 hburton hburton 1237 Feb 20 2006 ca.crt -rw-r--r-- 1 root wheel 164 Jan 24 12:01 openvpn.conf -rwxrwxrwx 1 hburton hburton 636 Feb 20 2006 ta.key <b>-rwxr-xr-x 1 hburton hburton 4339 Jan 24 10:46 tap-up-down.sh</b></i> Edited my configuration file so it has the required changes... <i>verb 1 client dev tap proto udp remote xxx.xxx.xxx.xxx 1194 ca "ca.crt" tls-auth "ta.key" 1 comp-lzo auth-user-pass <b>up ./tap-up-down.sh down ./tap-up-down.sh</b></i> Previously Tunnelblick would ask for my username/password then establish a connection with the server and give the code=5 error message. However now with this new script in place it will not even attempt to connect. When I press the connect button it will briefly flash to connecting and then back to disconnected with no ouput to the log at all. I am using v3.0b6 on OSX 10.4.11. If anyone has any details that might help it would be greatly appreciated. Hi there,

I am glad in a way that others are having problems with Tunnelblick… I am not able to get this fix working. I have saved the script you provided and made it executable…

ITD001:~/Library/openvpn hburton$ ls -la
total 56
drwxr-xr-x 7 hburton hburton 238 Jan 24 12:01 .
drwx—— 40 hburton hburton 1360 Jan 24 08:03 ..
-rw-r–r– 1 hburton hburton 6148 Jan 24 10:49 .DS_Store
-rwxrwxrwx 1 hburton hburton 1237 Feb 20 2006 ca.crt
-rw-r–r– 1 root wheel 164 Jan 24 12:01 openvpn.conf
-rwxrwxrwx 1 hburton hburton 636 Feb 20 2006 ta.key
-rwxr-xr-x 1 hburton hburton 4339 Jan 24 10:46 tap-up-down.sh

Edited my configuration file so it has the required changes…

verb 1
client
dev tap
proto udp
remote xxx.xxx.xxx.xxx 1194
ca “ca.crt”
tls-auth “ta.key” 1
comp-lzo
auth-user-pass
up ./tap-up-down.sh
down ./tap-up-down.sh

Previously Tunnelblick would ask for my username/password then establish a connection with the server and give the code=5 error message. However now with this new script in place it will not even attempt to connect. When I press the connect button it will briefly flash to connecting and then back to disconnected with no ouput to the log at all. I am using v3.0b6 on OSX 10.4.11. If anyone has any details that might help it would be greatly appreciated.

]]> By: Ryan http://www.mccambridge.org/blog/2007/10/correct-way-to-set-up-openvpn-client-on-mac-os-x/comment-page-1/#comment-927 Ryan Thu, 10 Jan 2008 05:15:18 +0000 http://www.mccambridge.org/blog/2007/10/correct-way-to-set-up-openvpn-client-on-mac-os-x/#comment-927 I also am having the same issue on 10.5.1 Justin. Any headway? I wish I could get this working. I also am having the same issue on 10.5.1 Justin. Any headway? I wish I could get this working.

]]> By: Justin http://www.mccambridge.org/blog/2007/10/correct-way-to-set-up-openvpn-client-on-mac-os-x/comment-page-1/#comment-918 Justin Tue, 08 Jan 2008 20:19:53 +0000 http://www.mccambridge.org/blog/2007/10/correct-way-to-set-up-openvpn-client-on-mac-os-x/#comment-918 Hi - Thanks for positing! I tried this on leopard using tunnelblick 3.0b6 but am still getting the tap/tun error=5 errors. The output from scutil --dns also doesn't seem to change. Have you tried this fix on leopard? Any help would be greatly appreciated! Thanks! Hi – Thanks for positing!

I tried this on leopard using tunnelblick 3.0b6 but am still getting the tap/tun error=5 errors. The output from scutil –dns also doesn’t seem to change.

Have you tried this fix on leopard? Any help would be greatly appreciated!

Thanks!

]]> By: Karel Minarik http://www.mccambridge.org/blog/2007/10/correct-way-to-set-up-openvpn-client-on-mac-os-x/comment-page-1/#comment-719 Karel Minarik Fri, 30 Nov 2007 15:03:36 +0000 http://www.mccambridge.org/blog/2007/10/correct-way-to-set-up-openvpn-client-on-mac-os-x/#comment-719 Hi, thank you very much! Works absolutely brilliant :) (Maybe just add reminder to chmod +x the .sh script, so people like me don't forget to do that :)) Cheers, Karel Hi,

thank you very much! Works absolutely brilliant :)

(Maybe just add reminder to chmod +x the .sh script, so people like me don’t forget to do that :))

Cheers,

Karel

]]>