I have been using Tunnelblick to connect to the VPN I have configured on my Linksys WRT54GL router running DD-WRT. DD-WRT provides several different tutorials for configuring OpenVPN on your router. Tunnelblick works fairly well on my laptop running Mac OS X most of the time, but every now and then I have had issues connecting. Therefore, I decided to investigate alternatives.
I decided to try some variation of what was described in this post on Tony’s Cafe. The first step was to install the TunTap driver for Mac OS X. This provides the necessary network interfaces to connect to an OpenVPN. It appears that a reboot is no longer required. For command line simplicity and for scripting purposes, you can use the following to install the TunTap driver.
cd /tmp/ curl -O http://superb-east.dl.sourceforge.net/sourceforge/tuntaposx/tuntap_20080804.tar.gz tar xzvf tuntap_20080804.tar.gz installer -verbose -pkg tuntap_20080804.pkg -target / rm -Rf tuntap*
The post on Tony’s Cafe then shows the steps necessary to build OpenVPN from source. You are welcome to do this and you can check it out in the post. However, the simply way is to make use the openvpn binary inside of the Tunnelblick application package. I simply copied it out of the .app and into /usr/sbin. The following again automates the entire process for installing the openvpn binary.
cd /tmp/
curl -O http://tunnelblick.googlecode.com/files/Tunnelblick_3.0b10.dmg
hdiutil attach Tunnelblick_3.0b10.dmg
cp /Volumes/Tunnelblick/Tunnelblick.app/Contents/Resources/openvpn \
/usr/sbin/openvpn
hdiutil detach $( df | grep Tunnelblick | awk '{print $1}' )
rm -Rf Tunnelblick*
I then created a new OpenVPN configuration file using the example provided in the referenced Tony’s Cafe post. The example I used is provided below.
client dev tap0 # In the next line, specify the IP address and subnet mask of the tap0 device ifconfig [IP Address] [Subnet Mask] proto udp remote [OpenVPN Server DNS Address] [port] resolv-retry infinite # Downgrade privileges after initialization (non-Windows only) user nobody group nobody persist-key persist-tun ;http-proxy-retry # retry on connection failures ;http-proxy [proxy server] [proxy port #] mute-replay-warnings # If using SSL Certificates, use the following 3 lines: ca /etc/openvpn/ca.crt cert /etc/openvpn/client.crt key /etc/openvpn/client.key # If using a SSL static key, use the following line: secret “/etc/openvpn/vpn.key” # Use the next line if utilizing LZO compression: comp-lzo verb 3 mute 20
I then plugged in the host to connect to, the IP address and subnet mask for my laptop to use while it is on the road, and the path to the certificates and keys stored on my machine. All that was left was to launch OpenVPN from the command line:
/usr/local/sbin/openvpn --config /path/to/openvpn.conf
I haven’t used this new method of connecting to my VPN extensively; however, so far it appears to be working well.