This tutorial shows the installation and configuration of OpenVPN on both macOS and Ubuntu.
The easiest way to install OpenVPN on macOS is by using the package manager for macOS Homebrew. But first, you need to install the Xcode Command Line Tools for macOS.
## Install Apple Xcode CLI Tools ----
sudo xcode-select --install
Now let's install Homebrew
.
## Install Homebrew ----
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
Let's install the formula openvpn
.
## Update Homebrew ----
brew update
## Install openvpn formula ----
brew install openvpn
Let's get some information about the formula (version and binaries path):
## Formula information ----
brew info openvpn
# ==> openvpn: stable 2.5.8 (bottled)
# /usr/local/Cellar/openvpn/2.5.8 (87 files, 1.7MB) *
# ...
Unfortunately, Homebrew
has installed OpenVPN
in a non standard path. So macOS cannot find it.
which openvpn
We need to add the openvpn
binary path to the environment variable $PATH
.
openvpn_version=2.5.8
## If you are using the ZSH shell ----
## (default since macOS 10.15)
echo 'export PATH="/usr/local/Cellar/openvpn/'$openvpn_version'/sbin:$PATH"' >> ~/.zshrc
## If you are using the BASH shell ----
## (default until macOS 10.14)
echo 'export PATH="/usr/local/Cellar/openvpn/'$openvpn_version'/sbin:$PATH"' >> ~/.bash_profile
Let's close and reopen the shell to update the configuration.
Now let's try to locate the OpenVPN binaries.
which openvpn
# /usr/local/Cellar/openvpn/2.5.8/sbin/openvpn
The installation is completed.
Let's install the package openvpn
.
## Update apt ----
sudo apt-get update
## Install openvpn package ----
sudo apt-get install openvpn
Let's get the version of the package.
## OpenVPN version ----
sudo openvpn --version
# OpenVPN 2.5.5 x86_64-pc-linux-gnu
The next step is to get a list of VPN servers and to locally store their configuration files. We will take the example of NordVPN and download the configuration files as follow:
## Go to user directory ----
cd ~
## Download configuration files of VPN servers ----
wget https://downloads.nordcdn.com/configs/archives/servers/ovpn.zip
Let's extract the content of the compressed file:
## Extract ZIP content ----
unzip ovpn.zip
## Remove ZIP file ----
rm ovpn.zip
We will only use the TCP protocol. So let's delete the folder ovpn_udp
and move the folder ovpn_tcp
to a hidden location:
## Remove UDP configurations ----
rm -rf ovpn_udp
## Hide config files ----
mv ovpn_tcp .ovpn
As NordVPN requires login information to connect to its servers, we will store these information to avoid having to enter them each time we log in. Let's create a new file:
## Go to user directory ----
cd ~
## Create an empty text file ----
touch ~/.credentials
The first line must contain the NordVPN login (email) and the second line the associated password.
## Store credentials ----
echo "nordvpn_login" >> ~/.credentials
echo "nordvpn_passwd" >> ~/.credentials
Now we will protect our credentials from other users on the computer (only the owner of this file can read it):
sudo chmod 400 ~/.credentials
This is not the end... Now we need to add the path to the credentials file in each of the 5,287 server configuration files. Of course, we will write a simple Shell script to do this automatically.
In each configuration file, we need to replace the line auth-user-pass
by auth-user-pass ~/.credentials
.
- macOS
## Go to servers config files folder ----
cd ~/.ovpn
## Set your session username ----
username="jdoe"
## Add path to credentials file in config files ----
for file in *.ovpn
do
sed -i '' 's/auth-user-pass/auth-user-pass \/Users\/'$username'\/.credentials/g' "$file";
done
- Ubuntu
## Go to servers config files folder ----
cd ~/.ovpn
## Set your session username ----
username="jdoe"
## Add path to credentials file in config files ----
for file in *.ovpn
do
sed -i 's:auth-user-pass:auth-user-pass /home/'$username'/.credentials:' "$file";
done
The configuration is finally completed.
There is two ways to use OpenVPN: the foreground process or the daemon.
Note: You need to launch OpenVPN as a super user (sudo
).
The foreground launch is the follow:
## Connect to a VPN server (foreground) ----
sudo openvpn ~/.ovpn/fr836.nordvpn.com.tcp.ovpn
In a second terminal, get your public IP:
## Get the new public IP ----
curl 'https://api.ipify.org'
Just press CTRL+C
to quit the connexion.
The daemon is a better way of using OpenVPN as it allow you to continue working without opening a new terminal.
## Connect to a VPN server (background) ----
sudo openvpn --config ~/.ovpn/fr836.nordvpn.com.tcp.ovpn --daemon
Get your new public IP:
## Get the new public IP ----
curl 'https://api.ipify.org'
To disconnect from the server and quit OpenVPN you need to use the following command:
sudo killall openvpn
This final line is important: if you forget to disconnect OpenVPN you risk being banned from your VPN provider until you restart your computer.
Enjoy!