In close collaboration with Seoul National University's Structural Complexity Laboratory



This shows you the differences between two versions of the page.

Link to this comparison view

resource:sc_lab_info:fedora:macstartup [2016/03/27 11:28] (current)
rim created
Line 1: Line 1:
 +====== Macintosh: Starting OpenVPN on Bootup ======
 +  - Install tunnelblick and make sure it is working by clicking on the tunnel icon
 +  - Download {{:​resource:​info:​startup.tar.gz|This version of Coop's starup items}}
 +    - Unpack the file
 +    - Create /​Library/​StartupItems if necessary, and copy the three directories there
 +    - Make sure permissions are 700 for directories and most files, and 600 for the plist files; make sure owner and group are root and wheel
 +  - Create /​usr/​local/​sbin (it probably doesn'​t exist), and copy /​Applications/​​Contents/​Resources/​openvpn into it
 +    * Make sure it and the path to it have permissions 755
 +  - Create /​etc/​openvpn (it probably doesn'​t exist), and copy /​Applications/​​Contents/​Resources/​openvpn.conf into it
 +    * Make sure the path to it has permissions 755, and it has permissions 644
 +  - Copy the certs and keys directories from the user directory <​user>​ where you created them to /​etc/​openvpn
 +    * cp -r /​Users/<​user>/​Library/​openvpn/​certs /​etc/​openvpn
 +    * cp -r /​Users/<​user>/​Library/​openvpn/​keys /​etc/​openvpn
 +      * Make sure the path to the .crt files has permissions 755, and the contents have permissions 644
 +    * Make sure the path to the .key file has permissions 700, and the file has permissions 600
 +  - Edit /​etc/​openvpn/​openvpn.conf
 +    * You almost certainly need to:
 +      - In the hostname entries, change to: remote 443
 +      - Uncomment the lines 'user nobody'​ and 'group nobody'​
 +      - Uncomment the line '​mute-replay-warnings'​
 +      - Change the lines for the various certs and keys to have the paths /​etc/​openvpn/​...
 +      - Uncomment the line '​ns-cert-type server'​
 +      - Uncomment the line 'mute 20'
 +  - Reboot your computer and confirm that you can connect to it over the vpn
 +  - At this point, you should be able to remove tunnelblick (but I haven'​t checked this carefully). Because the tunnel will be automatically opened at boot, there'​s no need to use the tunnelblick icon to start the openvpn connection (so you might remove the icon even if you don't remove tunnelblick)
 +  - see [[http://​​projects.html|Coop'​s place]] for more details