In close collaboration with Seoul National University's Structural Complexity Laboratory


Macintosh: Starting OpenVPN on Bootup

  1. Install tunnelblick and make sure it is working by clicking on the tunnel icon
    1. Unpack the file
    2. Create /Library/StartupItems if necessary, and copy the three directories there
    3. Make sure permissions are 700 for directories and most files, and 600 for the plist files; make sure owner and group are root and wheel
  2. Create /usr/local/sbin (it probably doesn't exist), and copy /Applications/ into it
    • Make sure it and the path to it have permissions 755
  3. Create /etc/openvpn (it probably doesn't exist), and copy /Applications/ into it
    • Make sure the path to it has permissions 755, and it has permissions 644
  4. Copy the certs and keys directories from the user directory <user> where you created them to /etc/openvpn
    • cp -r /Users/<user>/Library/openvpn/certs /etc/openvpn
    • cp -r /Users/<user>/Library/openvpn/keys /etc/openvpn
      • Make sure the path to the .crt files has permissions 755, and the contents have permissions 644
    • Make sure the path to the .key file has permissions 700, and the file has permissions 600
  5. Edit /etc/openvpn/openvpn.conf
    • You almost certainly need to:
      1. In the hostname entries, change to: remote 443
      2. Uncomment the lines 'user nobody' and 'group nobody'
      3. Uncomment the line 'mute-replay-warnings'
      4. Change the lines for the various certs and keys to have the paths /etc/openvpn/…
      5. Uncomment the line 'ns-cert-type server'
      6. Uncomment the line 'mute 20'
  6. Reboot your computer and confirm that you can connect to it over the vpn
  7. At this point, you should be able to remove tunnelblick (but I haven't checked this carefully). Because the tunnel will be automatically opened at boot, there's no need to use the tunnelblick icon to start the openvpn connection (so you might remove the icon even if you don't remove tunnelblick)
  8. see Coop's place for more details