Easy Tunnelblick Server setup and maintenance options.

[fsteff]

I'm attempting to update my Mac-Mini to also host an OpenVPN server. 

I'm doing so remotely from China, using the OSX VPN server, which is currently running on the Mac-Mini.

My goal is to have all my phones, computers etc. in China to behave as if they were directly connected to the network at home, just as if they connect to my current VPN server solution. All units should be able to see each other.

Reading up on OpenVPN, it quickly becomes apparent that Tunnelblick is the way to go on OSX, so I've installed the latest Tunnelblick. Only during installation did I discover that it only focuses on ease of setting up a VPN client.

I've then been searching for simple tutorials on how to setup an OpenVPN server, but almost everything I find is either outdated or too technical - without a deep time-investment.

I did find an excellent video tutorial on a road warrior script to download and configure/maintain an OpenVPN server, which seemed perfect for me - except that it was for Debian, Ubuntu and CentOS .

Video: https://www.youtube.com/watch?v=S9ZP08Y2PvQ

Script: https://github.com/Nyr/openvpn-install

Does anyone know if a similar script exists somewhere for OSX?

Any other recommendations will also be appreciated. 

Best regards,

-- 

Fsteff

[jkbull...gmail.com]

One part of setting up an OpenVPN server is creating the OpenVPN configuration files for the server and its clients. Tunnelblick doesn't do much to help you with that.

The other part is using the server configuration: making sure you have up-to-date versions of OpenVPN and OpenSSL, loading tun and/or tap drivers as needed, making sure everything is secure, and starting and stopping the server. That's what Tunnelblick does.

That is, Tunnelblick doesn't help create configuration files, but it makes it easy to use configuration files.

You're correct, though: Tunnelblick is primarily focused on acting as a client; most of its features are useful for clients and are not necessarily useful for servers.

That said, Tunnelblick is just a GUI for OpenVPN, and OpenVPN can act as a client or a server. So if you use Tunnelblick to install an OpenVPN configuration that is for a server, your computer will act as an OpenVPN server.

Tunnelblick does not include any server controls other than the ability to start or stop the server. The only "server" functionality that Tunnelblick includes is the ability to start the VPN (server or client) when the computer starts, before anyone logs in (or even if nobody ever logs in). It doesn't have typical server-oriented features such as the ability to monitor what clients are connected, disconnect clients, etc. If you need features like that (it doesn't sound as if you do), you might want to look at other solutions.

[fsteff]

Thank you for your clarification.

So my task now is to figure out how to configure OpenVPN and then create configuration files for both server and client.

Can you (anybody?) recommend a tutorial for doing so, as all the ones I've found so far either clearly states they are outdated, or are for other systems than OS X.

I need the simplest possible setup, and will at max have 15 clients connected - which, when connected, should be able to see each other.

Any pointers are appreciated.

[jkbull...gmail.com]

Take a look at this thread. It's long, but read or at least scan all the way through it because there are a lot of changes, clarifications, and improvements. (For example, Tunnelblick now includes easy-rsa, so you can skip some of the original instructions.)

Or if you can find Linux/Unix instructions they should work; OpenVPN has some Windows-specific stuff so you should probably steer clear of instructions meant for Windows.

[fsteff]

Thank you for that link, and the windows remarks.

I'll dive right in. :-)