This article outlines instructions to configure a client VPN connection on commonly-used operating systems. For more information about client VPN, please refer to our Client VPN Overviewdocumentation.
- Openvpn For Mac Os X
- Openvpn Connect For Mac Os High Sierra
- Configure Openvpn Mac Os X
- Openvpn For Mac Os
For troubleshooting, please refer to our Troubleshooting Client VPN documentation.
Put the file in the Applications folder and Install the file Tunnelblick.dmg file. Download and connect with the OVPN file Download file from user portal Download Configuration for Other OSs in the.ovpn format. Double Click on the configuration file it will open in Tunnelblick. Install monVPN Connect on Mac OS In order to take full advantage of all the advanced features of our VPN service we recommend using our monVPN Connect connection software for Mac Os X. – Download the file HERE, run it and drag to Applications. Start the VPN client for Mac, select the server location you want to connect to and surf the internet through an encrypted tunnel. All data is sent and received anonymously and secured with military-grade security. The outside world only sees your virtual IP address through the VPN server location selected. You are an online phantom. Downloading and installing the OpenVPN Connect Client for macOS Navigate to the OpenVPN Access Server client web interface. Login with your credentials. Click on the Mac icon to begin download.
Android
To configure an Android device to connect to the Client VPN, follow these steps:
- Navigate to Settings -> Wireless & Networks -> VPN
- Click the Plus Icon to add an additional VPN profile
Name: This can be anything you want to name this connection, for example, 'Work VPN.'
Os x lion. The system was considered, but its architectural limitations were critiqued, such as limited, lack of and, and susceptibility to conflicts among. It is a -based operating system built on and other technology developed at from the late 1980s until early 1997, when Apple purchased the company and its CEO returned to Apple. Released in 2018(originally named 'Mac OS X' until 2012 and then 'OS X' until 2016) is the current Mac operating system that officially succeeded the classic Mac OS in 2001.Although the system was originally marketed as simply 'version 10' of Mac OS, it has of the classic Mac OS. Precursors to the original release of Mac OS X include, Apple's project, and the.macOS makes use of the codebase and the kernel, and its core set of components is based upon Apple's.macOS is the basis for some of Apple's other operating systems, including /, and.Releases.
Type: select L2TP/IPSEC PSK
Server address: Enter the hostname (e.g. .com)orthe active WAN IP (e.g. XXX.XXX.XXX). Hostname is encouraged instead of active WAN IP because it is more reliable in cases of WAN failover. Admin can find them in Dashboard, under Security appliance > Monitor > Appliance status.
IPSec pre-shared key: Enter the pre-shared key that admin created in Security appliance >Configure > Client VPN settings.
Press save
You will be prompted for user credentials when you connect.
![Openvpn Connect For Mac Os Openvpn Connect For Mac Os](https://openvpn.net/wp-content/uploads/vpn_server_resources/please_read_the_licensing_terms_click_continue.jpg)
Chrome OS
Chrome OS based devices can be configured to connect to the Client VPN feature on MX Security Appliances. This allows remote users to securely connect to the LAN. This article will cover how to configure the VPN connection on a Chrome OS device. For more information on how to setup the Client VPN feature of the MX or how to connect from other operating systems, please visit the MX documentation.
- If you haven't already, sign in to your Chromebook.
- Click the status area at the bottom of your screen, where your account picture is located.
- Select Settings.
- In the 'Internet connection' section, click Add connection.
- Select Add private network.
- In the box that appears, fill in the information below:
- Server hostname:Enter the hostname (e.g. .com)orthe active WAN IP (e.g. XXX.XXX.XXX). Hostname is encouraged instead of active WAN IP because it is more reliable in cases of WAN failover. Admin can find them in Dashboard, under Security appliance > Monitor > Appliance status.
- Service name: This can be anything you want to name this connection, for example, 'Work VPN.'
- Provider type: Select L2TP/IPsec + Pre-shared key.
- Pre-shared key: Enter shared secret that admin created in Security appliance >Configure > Client VPN settings.
- Username credentials for connecting to VPN. If using Meraki authentication, this will be an e-mail address.
- Password credentials for connecting to VPN.
- Click Connect.
For more information regarding the configuration of VPN connections in Chrome OS, visit the Google Support page.
To configure an iOS device to connect to the Client VPN, follow these steps:
- Navigate to Settings -> General-> VPN -> Add VPN Configuration..
- Type: set to L2TP.
- Description:This can be anything you want to name this connection, for example, 'Work VPN.'
- Server: Enter the hostname (e.g. .com)orthe active WAN IP (e.g. XXX.XXX.XXX). Hostname is encouraged instead of active WAN IP because it is more reliable in cases of WAN failover. Admin can find them in Dashboard, under Security appliance > Monitor > Appliance status.
- Account: Enter the username
- Password: Enter if desired. If the password is left blank, it will need to be entered each time the device attempts to connect to the Client VPN.
- Secret: Enter shared secret that admin created in Security appliance >Configure > Client VPN settings.
- Ensure that Send All Traffic is set to On.
- Save the configuration.
macOS
Currently only the following authentication mechanisms are supported:
- User authentication: Active Directory (AD), RADIUS, or Meraki hosted authentication.
- Machine authentication: Preshared keys (a.k.a., shared secret).
When using Meraki hosted authentication, VPN account/user name setting on client devices (e.g., PC or Mac) is the user email address entered in the Dashboard.
The instructions below are tested on Mac OS 10.7.3 (Lion).
Open System Preferences > Network from Mac applications menu. Click the '+' button to create a new service, then select VPN as the interface type, and choose L2TP over IPsec from the pull-down menu.
- Server Address: Enter the hostname (e.g. .com)orthe active WAN IP (e.g. XXX.XXX.XXX). Hostname is encouraged instead of active WAN IP because it is more reliable in cases of WAN failover. Admin can find them in Dashboard, under Security appliance > Monitor > Appliance status.
- Account Name: Enter the account name of the user (based on AD, RADIUS or Meraki Cloud authentication).
- User Authentication > Password: User password (based on AD, RADIUS or Meraki Cloud authentication).
- Machine Authentication > Shared Secret: Enter shared secret that admin created in Security appliance >Configure > Client VPN settings.
The VPN connectivity will not be established if you don't enable the Send all traffic over VPN connection option!
Windows 7
Currently only the following authentication mechanisms are supported:
- User authentication: Active Directory (AD), RADIUS, or Meraki hosted authentication.
- Machine authentication: Preshared keys (a.k.a., shared secret).
When using Meraki hosted authentication, VPN account/user name setting on client devices (e.g., PC or Mac) is the user email address entered in the Dashboard.
Open Start Menu > Control Panel, click on Network and Internet, click on View network status and tasks.
In the Set up a connection or network pop-up window, choose Connect to a workplace (Set up a dial-up or VPN connection to your workplace).
Choose Use my Internet connection (VPN), in the Connect to a workspace dialog window.
In the Connect to a Workplace dialog box, enter:
- Internet address: Enter the hostname (e.g. .com)orthe active WAN IP (e.g. XXX.XXX.XXX). Hostname is encouraged instead of active WAN IP because it is more reliable in cases of WAN failover. Admin can find them in Dashboard, under Security appliance > Monitor > Appliance status.
- Destination name:This can be anything you want to name this connection, for example, 'Work VPN.'
Choose 'Don't connect now; just set it up so that I can connect later' option.
Click Next. In the next dialog window, enter the user credentials, and click Create.
Despite the name 'Unencrypted PAP', the client's password is sent encrypted over an IPsec tunnel between the client device and the MX. The password is fully secure and never sent in clear text over either the WAN or the LAN.
Windows 8
Currently only the following authentication mechanisms are supported:
- User authentication: Active Directory (AD), RADIUS, or Meraki hosted authentication.
- Machine authentication: Preshared keys (a.k.a., shared secret).
When using Meraki hosted authentication, VPN account/user name setting on client devices (e.g., PC or Mac) is the user email address entered in the Dashboard.
Open Start Menu > Network and Sharing Center and click Settings.
In the Set Up a Connection or Network pop-up window, choose Connect to a workplace.
(Set up a dial-up or VPN connection to your workplace).
Choose Use my Internet connection (VPN), in the Connect to a Workspace dialog window.
In the Connect to a Workplace dialog box, enter:
- Internet address: Enter the hostname (e.g. .com)orthe active WAN IP (e.g. XXX.XXX.XXX). Hostname is encouraged instead of active WAN IP because it is more reliable in cases of WAN failover. Admin can find them in Dashboard, under Security appliance > Monitor > Appliance status.
- Destination name:This can be anything you want to name this connection, for example, 'Work VPN.'
Go back to Network and Sharing Center and click Change Adapter Settings.
Despite the name 'Unencrypted PAP', the client's password is sent encrypted over an IPsec tunnel between the client device and the MX. The password is fully secure and never sent in clear text over either the WAN or the LAN.
Windows 10
Currently only the following authentication mechanisms are supported:
- User authentication: Active Directory (AD), RADIUS, or Meraki hosted authentication.
- Machine authentication: Preshared keys (a.k.a., shared secret).
When using Meraki hosted authentication, VPN account/user name setting on client devices (e.g., PC or Mac) is the user email address entered in the Dashboard.
Open Start Menu > Search 'VPN' > Click Change virtual private networks (VPN)
From the VPN settings page, click Add a VPN connection.
In the Add a VPN connection dialog:
- VPN provider: Set to Windows (built-in)
- Connection name: This can be anything you want to name this connection, for example, 'Work VPN.'
- Server name or address: Enter the hostname (e.g. .com)orthe active WAN IP (e.g. XXX.XXX.XXX). Hostname is encouraged instead of active WAN IP because it is more reliable in cases of WAN failover. Admin can find them in Dashboard, under Security appliance > Monitor > Appliance status.
- VPN type: Select L2TP/IPsec with pre-shared key
- User name and Password: optional
Press Save.
After the VPN connection has been created, click Change adapter options under Related settings.
Right-click on the VPN Connection from the list of adapters and click Properties.
Despite the name 'Unencrypted PAP', the client's password is sent encrypted over an IPsec tunnel between the client device and the MX. The password is fully secure and never sent in clear text over either the WAN or the LAN.
In Advanced Properties dialog box, choose 'Use preshared key for authentication' and enter the pre-shared key that admin created in Security appliance >Configure > Client VPN settings.
Back at the Network Connections window, right-click on the VPN connection and click Connect / Disconnect.
Find your VPN profile and click Connect.
Windows XP
Currently only the following authentication mechanisms are supported:
- User authentication: Active Directory (AD), RADIUS, or Meraki hosted authentication.
- Machine authentication: Preshared keys (a.k.a., shared secret).
When using Meraki hosted authentication, use the email address for VPN account / user name.
Open Start Menu > Control Panel, click on Network Connections.
In the Network Tasks section, click on Create a new connection.
Choose Connect to the network at my workplace, in the New Connection Wizard window.
Choose Virtual Private Network connection in the next section.
Then, give a name for this connection. This can be anything you want to name this connection, for example, 'Work VPN.'
Enter the hostname (e.g. .com)orthe active WAN IP (e.g. XXX.XXX.XXX). Hostname is encouraged instead of active WAN IP because it is more reliable in cases of WAN failover. Admin can find them in Dashboard, under Security appliance > Monitor > Appliance status.
In the Connect box, click on Properties
In the General tab, verify the hostname (e.g. .com)orthe active WAN IP (e.g. XXX.XXX.XXX). Hostname is encouraged instead of active WAN IP because it is more reliable in cases of WAN failover. Admin can find them in Dashboard, under Security appliance > Monitor > Appliance status.
Despite the name 'Unencrypted PAP', the client's password is sent encrypted over an IPsec tunnel between the client device and the MX. The password is fully secure and never sent in clear text over either the WAN or the LAN.
Linux
Since Client VPN uses the L2TP over IPsec standard, any Linux client that properly supports this standard should suffice. Please note that newer versions of Ubuntu do not ship with a VPN client that supports L2TP/IP, and will therefore require a 3rd party VPN client that supports the protocol.
Note: The xl2tp package does not send user credentials properly to the MX when using Meraki Cloud Controller authentication, and this causes the authentication request to fail. Active Directory or RADIUS authentication can be used instead for successful authentication.
Important
Netgate is offering COVID-19 aid for pfSense software users, learn more.
There are three client options for Mac OS X.:
The OpenVPN command line client. Most users prefer a graphical client, so thisoption will not be covered.
Tunnelblick, a free option available for download at the Tunnelblick Website.
The commercial Viscosity client. At the time of this writing, it costs $14USD for a single seat. If OpenVPN is used frequently, Viscosity is a muchnicer client and well worth the cost.
Both Tunnelblick and Viscosity are easily installed, with no configurationoptions during installation.
Configuring Viscosity¶
When using the Viscosity client, it can be configured manually or the OpenVPNClient Export package may be used to import the configuration. Viscosityprovides a GUI configuration tool that can be used to generate the underlyingOpenVPN client configuration. The CA and certificates can be imported manually,and all of the parameters can be set by hand. This section cover importing aViscosity bundle from the export package.
Download a copy of the Viscosity bundle for the client from the OpenVPNClient Export package
Locate the saved file, which will end in
.visc.zip
indicating that it is acompressed archiveCopy this exported bundle to a folder on the Mac
Double click this file and it will expand to
Viscosity.visc
Double click
Viscosity.visc
and Viscosity will open and import theconnection as shown in Figure Viscosity Import
Delete the
Viscosity.visc
directory and the.zip
archiveViscosity will be running after import, and may be found in the menu bar
Click the lock icon added to the menu bar at the top of the screen
Xvid codec download for mac. Click Preferences to check that the configuration was imported as shown inFigure Viscosity Preferences
Viscosity Preferences¶
Openvpn For Mac Os X
Check the Connections area to see if the connection imported successfullyas shown in Figure Viscosity View Connections.
Close the Preferences screen
Click the lock in the menu bar
Click the name of the VPN connection to connect as shown in FigureViscosity Connect. After a few seconds, the lock in the menu barwill turn green to show it connected successfully.
Viscosity Connect¶
Click on it and then click Details as shown in FigureViscosity Menu to see connection information
On the first screen (Figure Viscosity Details), the connectionstatus, connected time, the IP assigned to the client, and the IP of the serverare all displayed. A bandwidth graph is displayed at the bottom of the screen,showing the throughput in and out of the OpenVPN interface.
Openvpn Connect For Mac Os High Sierra
Viscosity Details¶
Configure Openvpn Mac Os X
Clicking the up/down arrow button in the middle of the details screen displaysadditional network traffic statistics. This shows the traffic sent within thetunnel (TUN/TAP In and Out), as well as the total TCP or UDP traffic sentincluding the overhead of the tunnel and encryption. For connections usingprimarily small packets the overhead is considerable with all VPN solutions. Thestats shown in Figure Viscosity Details: Traffic Statistics are from only afew pings traversing the connection. The traffic sent in bringing up theconnection is also counted here, so the initial overhead is higher than what itwill be after being connected for some time. Also, the typical VPN traffic willhave larger packet sizes than 64 byte pings, making the total overhead anddifference between these two numbers considerably less.
Clicking on the third icon in the middle of the Details screen shows theOpenVPN log file (Figure Viscosity Details: Logs). If there is any troubleconnecting, review the logs here to help determine the problem. See alsoTroubleshooting OpenVPN.
Openvpn For Mac Os
Viscosity Details: Logs¶