Tunnelblick is a free, open source graphic user interface for OpenVPN® on macOS. It provides easy control of OpenVPN client and/or server connections. It comes as a ready-to-use application with all necessary binaries and drivers (including OpenVPN, easy-rsa, and tun/tap drivers). No additional installation is necessary — just add your OpenVPN configuration and encryption information. To use Tunnelblick you need access to a VPN server: your computer is one end of the tunnel and the VPN server is the other end. For more information, see Getting VPN Service. Tunnelblick is free software licensed under the GNU General Public License, version 2 and may be distributed only in accordance with the terms of that license. OpenVPN is a registered trademark of OpenVPN Inc. |
SoftEther VPN. SoftEther VPN is possibly the easiest to use multi-protocol VPN app on this list. It runs on Mac, Windows, and Linux. The open-source app is entirely free, regardless of whether you’re going to use it in a personal or commercial environment.
The MacOSX product feature list discusses interoperability between the MacOSX VPN client and Windows for PPTP and L2TP, so I've been trying to get this to work. I have a Windows Server 2003 RRAS that is configured, working, and with which WinXP desktops can successfully establish an L2TP session using certificates. I've successfully generated a machine certificate for the MacOSX client using Keychain Access's Certificate Assistant (I generated a signing request, signed in on my Windows CA) and imported it onto the System keychain along with the private key. I also imported my CA cert onto the X509Anchors keychain. The RRAS server certificate has the server hostname (FQDN) as the SubjectAltName extension, and I've used this to specify the VPN endpoint hostname in the MacOSX client L2TP definition. AFAICT, these are the right steps. When I try to initiate the VPN, a network sniff shows that communication indeed occurs between the client and the RRAS server, but the VPN never comes up. I figured how to enable verbose VPN logging on the MacOSX client, and from this I've found that the client & server actually do exchange certificate information. However, racoon appears to get two errors ('ID type mismatched' and 'ID value mismatched') during phase 1 of IKE negotiation immediately after the server's certificate is parsed. The only conclusion I've been able to reach so far is that the Windows 2003 RRAS certificate is somehow unpalatable to the MacOSX racoon, but I haven't been able to figure how to get this working. It's as if racoon somehow can't obtain the SubjectAltName from the server certificate. Since L2TP Windows/MacOSX interoperability is mentioned right out loud in the product feature list, then I'm boldly assuming that -someone- has done this at least once in the past. Oddly, though, I've found nothing in the discussion forums or in Google reporting actual success at this (L2TP, certificates, Windows 2003 RRAS with the MacOSX VPN client). Of course, I could resort to something like VPN Tracker, but I am not quite ready to give up on the MacOSX native VPN client yet. Has anyone else accomplished this? Can you refer me to any documents or other resources on what was done? I already opened a support call on my AppleCare certificate and was told that no help is available for what I'm doing - I was referred to this discussion forum.
PowerBook, Mac-Mini, Mac OS X (10.4.10)
Vpn Client Software For Mac
Posted on