OpenVPN Tips

Setting up OpenVPN on a Mac

Download TunnelBlick

https://tunnelblick.net/release/Tunnelblick_3.8.4b_build_5602.dmg

Right click (or CTRL + Click) the icon and press Open

Once installed you can open it from the top icon

image-1621509001411.png

Click VPN Details. You can drag the OVPN file from the Config Files into TunnelBlick (should be sent directly to you)

image-1621509111223.png

 

When you connect, you will need to enter the username and password supplied.

Once connected, go to Finder and Connect to Server

image-1621509170989.png

And enter the details to connect to your Server

You may be asked your network credentials, this is separate from the the VPN credentials and will most often be the same as you log on with on the network or your machine if supplied by the company.

 

 

 

Push all traffic through OpenVPN

Sometimes the users home network is the same as the remote network (typically if the office is on a 192.168.0.x or 192.168.1.x range), which then means that the PC will not route any traffic through the VPN as it thinks the remote destination is on the local network.

Fortunately with OpenVPN we can work around this by adding a single line to the config file to push ALL traffic through the VPN whether it's destined for the remote network or not.  This has the unfortunate side effect of making anything on the local network unavailable while the VPN is connected though, but there is no other way around the issue, short of changing the entire IP addressing setup of the users home network.

Locate the OpenVPN config file in use:

image-1631783144456.png

image-1631783196666.png

image-1631783251961.png

 

Once you've identified the path to the .opvn file, open notepad as administrator and navigate to the file in question.  Once it's open in notepad, add the following line to the bottom of the file

redirect-gateway def1

Save over the current config file (make sure you don't just save it as a txt file) and reconnect the VPN, no need to restart the OpenVPN client.  

Once connected, the user should have access to everything on the remote network.