Looking for an OSX->{PPTPD,OpenVPN} Setup Guide

raindog308

Subject says it all. My goto has been @KuJoe 's template, which was pretty sweet for Windows - reinstall your VPS, run a script, and you're good to go. But I don't think it works when OSX is the client...or at least, it hasn't for me.

Anyone have a soup to nuts "here is how to setup the VPS, here is how to setup OSX" guide handy? I'm fairly VPN ignorant.

Nekki

Not sure what you're trying to do exactly, but I've always used @Nyr's OpenVPN road warrior script with Tunnelblick installed on OSX.

tehdan

PPTP built into Mac OS - click the plus at the bottom of your interface list in system preferences -> networking. Same settings/ credentials should work as on Windows.

Tunnelblick is a good free openvpn client for Mac OS, viscosity is a bit nicer and more stable (perhaps not such an issue now, not used for a while) but non-free. Both will import same config files as Windows....

Nekki

tehdan said: Tunnelblick is a good free openvpn client for Mac OS, viscosity is a bit nicer and more stable (perhaps not such an issue now, not used for a while)

In a good 18 months I've had no instability issues with Tunnelblick on Snow Leopard and Yosemite/El Capitan OSX installs.

tehdan

Oh well, $9 probably still well spent - it was very iffy for me on 10.something...

raindog308

tehdan said: PPTP built into Mac OS - click the plus at the bottom of your interface list in system preferences -> networking. Same settings/ credentials should work as on Windows.

Right, but it is not working - terminates immediately. Which probably is due to some pilot error on my end.

I could post the syslog, etc. but I figured maybe I should go through a proper guide to make sure I'm not goofing something up on my setup.

tehdan

What does 'plog' show on server right after connection terminates?

Nyr

For anyone asking about my script, this is it:
https://github.com/Nyr/openvpn-install

raindog308

Well Nyr's script + Viscosity has at least got me successfully connecting, but no Internet traffic once I'm on. I can ping/ssh to the VPN Host (a Debian 7 LEB from SecureDragon) but can't go anywhere else, either via ssh or browser.

TUN is enabled on the VPN host (Nyr's script checks for that and fails if it isn't).

Any ideas? So out of my networking depth here...

RA4W

@raindog308 said:
Well Nyr's script + Viscosity has at least got me successfully connecting, but no Internet traffic once I'm on. I can ping/ssh to the VPN Host (a Debian 7 LEB from SecureDragon) but can't go anywhere else, either via ssh or browser.

TUN is enabled on the VPN host (Nyr's script checks for that and fails if it isn't).

Any ideas? So out of my networking depth here...

99% sure it's iptables.

raindog308

Nope, iptables --list says nothing. But it seems to be working now, so I'll chalk it up to the dodgy wifi I was on earlier.

Thanks all. I tipped @Nyr for his awesome script - really nice work.

Nyr

raindog308 said: Thanks all. I tipped @Nyr for his awesome script - really nice work.

Thanks! I'll be sure to have some beers on you this weekend

emg

It appears that @raindog308 has his solution for a Mac VPN client, and it is free (even better!).

For commercial products, the heavyweight in the Mac VPN client business is VPN Tracker. It is very expensive, and they recently switched to a subscription-only pricing model.

(Off topic: I hate subscription-based software. I hate that it deliberately breaks functionality when the license expires. So far I have not had to buy any.)

A few days ago, I got an email offer from MacUpdate for a Mac VPN client program called Shimo. Pricing is $49.95 normally, but the MacUpdate price is $25.95. The offer expires in 5 days (8 or 9 February 2016). I bought Shimo and have been trying it out on an OpenSSL-based firewall. The license is not subscription. The website says that they give you two "activations", but their support told me that it is actually four "activations". You can activate/deactivate a license in Preferences and install the product on another Mac. (Off topic: I don't like licenses that must be activated with a far-away license server, either, but I live with them.)

https://www.feingeist.io/shimo/

http://www.macupdate.com/app/mac/22929/shimo

WARNING: If you buy anything from MacUpdate, DO NOT download it from the MacUpdate website. They will add crapware to the installer.

(Off topic, again: Always download software from the developer's website. That's common sense, I know, but the crapware aggregators are getting themselves up to the top of web searches, above the actual product developers, and they are creating URLs that fool the unsuspecting into using their download links, which install toolbars, adware, and sometimes malware. Take the effort to find the true developer's website.)

If you are interested, I would create a special email address for MacUpdate, too. One that you can destroy later if you wish. If you buy Shimo, change the registration email address with Feingeist after you purchase. MacUpdate bombards me with email offers. I was just about to destroy my email address with them, when this Shimo offer came and I decided to try it.

Shimo (Feingeist.io) has excellent ticket-based email support in English. I assume their native language is German. The product supports a lot of VPN protocols (SSL, IPsec, and more). They support VPNs that have "quirky" VPN implementations.

The user interface is very sparse, but it appears that there is a lot of functionality under the hood. I wish they had a "getting started document". In my case, Shimo automatically imported the necessary configuration file and certs, and then the VPN just worked. Easy peasy.

My firewall offers many different VPN protocols (much more than just SSL). Shimo claims to support them, but I have not tested those protocols with Shimo, nor have I set up a VPN on one of my VPSs. Yet.