Connect to VPN via integrated MacOSX tool

I have following openvpn.conf from my old PC:

port 11194
dev tap
remote vpn.company.com

proto tcp-client
tls-client
tls-remote vpn.company.com
ca  /etc/ssl/certs/CompanyCA.pem
cert    /etc/ssl/openvpn/me.at.candytech.cz.crt
key /etc/ssl/openvpn/me.at.candytech.cz.key

pull
comp-lzo yes

I would love to use built-in support for VPN in MacOSX like this:

screenshot

but I don't know which and where should I put these three certificates/keys mentioned in config file above.

Radek Simko

Posted 2012-02-29T17:15:16.560

Reputation: 392

Did you try seeking support from the VPN provider? – Oxwivi – 2012-02-29T18:04:21.443

Answers

Brief answer: you can't use the built-in VPN client with these credentials.

It appears that the credentials that you have are for OpenVPN server, even the filename: openvpn.conf says so (however the standard OpenVPN port is 1194, which has changed to 11194 in this case). The built-in OSX client supports PPTP, L2TP/IPSec and Cisco IPSec (Cisco in 10.7), but not OpenVPN. You need OpenVPN client from here, or if you need GUI -- popular GUI for OpenVPN is Tunnelblick

lupincho

Posted 2012-02-29T17:15:16.560

Reputation: 1 630

They need to go in your user login keychain if you want to connect to the VPN from your user account, and in your machine's System keychain you want your machine to connect to the VPN even when no users are logged into the GUI console.

You can copy CompanyCA.pem to your Mac, and double-click on it to import it into the keychain via the "Keychain Access" utility app.

For your user cert, I don't know if Keychain Access can handle importing a private key separately from a cert, so you might need to use a tool like the openssl command to combine your .crt and .key into a .p12 (PKCS#12) file, and then double-click that .p12 file on your Mac to import it via Keychain Access.

Spiff

Posted 2012-02-29T17:15:16.560

Reputation: 84 656