OpenVPN Example Scripts

[mmpestorich (Mike M Pestorich)]

I recently setup an OpenVPN environment for various computers in remote locations within my organization. Originally I fooled around with ​Tunnelblick and while I learned a lot about OpenVPN in doing so, ultimately I decided that I just wanted to keep things simple and install the OpenVPN port and set it up to run at boot. Simple right? Nope. Then it became a challenge. Namely the interaction with DHCP and DNS that occurs between OpenVPN and OS X's rather dynamic SystemConfiguration framework. After a lot of research online about how OS X's SystemConfiguration framework works (and has evolved over time) and looking through Tunnelblick's source, I got things to work well and wanted to contribute some example scripts.

Currently this port installs with not much information regarding how to use it with OS X. It would be nice if there were some examples to point people in the right direction.

Attached are:

net.openvpn2.server.plist

Starts an OpenVPN server:

• Goes into /Library/LaunchDaemons
• Runs on load once a Network is available
• Loads a configuration file from /opt/local/etc/openvpn2/example/server.conf
• Logs to /opt/local/var/log/openvpn2/server.log and /opt/local/var/log/openvpn2/status.log

net.openvpn2.client.plist

Connects to an OpenVPN server:

• Goes into /Library/LaunchDaemons
• Runs on load once a Network is available
• Loads a configuration file from /opt/local/etc/openvpn2/example/client.conf
• Logs to /opt/local/var/log/openvpn2/client.log and /opt/local/var/log/openvpn2/status.log

net.openvpn2.watcher.plist

Loads a watcher utility that loads on changes to /Library/Preferences/SystemConfiguration

• Goes into /Library/LaunchDaemons
• Reloads OpenVPN's configuration when the network configuration changes

up.sh

Runs after a client successfully connects to a server:

• Goes into /opt/local/etc/openvpn2
• A script that configures OS X's DNS and Search Domain settings for the vpn
• This is a modified version of a Tunnelblick script sans the Tunnelblick specific stuff

down.sh

Runs after a client successfully disconnects from a server:

• Goes into /opt/local/etc/openvpn2
• A script that restores OS X's DNS and Search Domain settings to its previous state
• This is a modified version of a Tunnelblick script sans the Tunnelblick specific stuff

watcher

The utility loaded by the net.openvpn2.watcher.plist on a network change:

• Goes into /opt/local/etc/openvpn2
• Checks to see if the change to the network requires OpenVPN to reload its configuration
• Reconfigures the vpn's DNS and Domain Search settings if necessary
• This is a modified version of a Tunnelblick script sans the Tunnelblick specific stuff

server.conf

An example server configuration:

• Goes into /opt/local/etc/openvpn2/example
• User still needs to create necessary certificates and keys in /opt/local/etc/openvpn2/example

client.conf

An example client configuation:

• Goes into /opt/local/etc/openvpn2/example
• User still needs to create necessary certificates and keys in /opt/local/etc/openvpn2/example

[mmpestorich (Mike M Pestorich)]

Cc Me!