Companies usually use Windows machines on a Windows network – everything is pretty much the same flavor of Windows, and all updates are forced upon the users. It’s actually very easy to maintain a Windows environment, provided the company allows the IT department to lock everything down on the end users.<\/p>\n
Ah, but I had a new challenge today – get a Macintosh OSX 10.6.3 (now 10.6.4) to connect to the VPN and gain access to all of the network resources.<\/p>\n
The company is using an OpenVPN solution – which means the choices for connecting are a lot nicer.<\/p>\n
Download Tunnelblick for Mac OS X
\nhttp:\/\/code.google.com\/p\/tunnelblick<\/a>
\nAt the time of this writing, they’re on version 3.0 stable and 3.1.06 beta. I’m using the stable version.
\nInstall Tunnelblick by double clicking on the DMG file and then double clicking on the Tunnelblick.app file
\nPress the Install button
\nLaunch Tunnelblick
\nUse your LOCAL credentials to install
\nCreate and open configuration folder
\nMove your filename.ovpn and your certificate.pem\/crt file (\/Users\/username\/Library\/Application Support\/Tunnelblick\/Configurations)
\nLaunch the Tunnelblick program – it should show up next to the time in the apple menu bar
\nNow you can click on the icon and select the VPN you want to connect to\n<\/p><\/blockquote>\nAh, but you want static routes too? OK.<\/p>\n
Roark Holz gave me this snippet to use (I edited a bit):
\nLogin as root (or sudo in front of all of these commands)
\ncd \/Library\/StartupItems<\/code>
\nmkdir AddRoutes<\/code>
\ncd AddRoutes<\/code>
\nnano AddRoutes<\/code><\/p>\n#!\/bin\/sh
\n. \/etc\/rc.common
\nStartService ()
\n{
\n ConsoleMessage “Adding Static Routing Tables”
\n route add -net 10.1.0.0 -netmask 255.255.255.0 10.50.0.254
\n}
\nStopService ()
\n{
\n return 0
\n}
\nRestartService ()
\n{
\n return 0
\n}
\nRunService “$1”\n<\/p><\/blockquote>\n
nano StartupParameters.plist<\/code><\/p>\n{
\n Description = “Add static routing tables”;
\n Provides = (“AddRoutes”);
\n Requires = (“Network”);
\n OrderPreference = “None”;
\n}<\/p><\/blockquote>\n
chmod 755 AddRoutes StartupParameters.plist<\/code>
\nreboot<\/code><\/p>\nAfter rebooting, check the route tables with:
\nnetstat -r<\/code><\/p>\nObviously 10.1.0.0 is the network, the netmask will be any variation of your netmask on the network, and the final IP is the gateway.<\/p>\n
***EDIT***
\nOK, so I found out that since the TAP network is not enabled until AFTER booting and starting Tunnelblick… I had to edit the .ovpn file to include the following:
\n--route 10.1.0.0 255.255.255.0 10.50.0.254<\/code>
\n--route 10.2.0.0 255.255.255.0 10.50.0.254<\/code>
\nETC. Works like a charm now.<\/p>\n","protected":false},"excerpt":{"rendered":"Companies usually use Windows machines on a Windows network – everything is pretty much the same flavor of Windows, and all updates are forced upon the users. It’s actually very easy to maintain a Windows environment, provided the company allows the IT department to lock everything down on the end users. Ah, but I had … Continue reading OpenVPN, Mac OSX, Static Routes<\/span>