Install along OS X Server

[Gustavo Domínguez]

Can I install Tunnelblick Server on an OS X Server Mac? Will it affect OS X Server install on any way?

Can I remove it later without it screwing up with OS X Server's files and ports? I'm already running VPN (L2TP) on Server so I'd like it to keep working.

Thanks for your support!

[Tunnelblick developer]

Yes, you can install Tunnelblick on an OS X Server Mac, and neither it's installation nor it's uninstallation should cause any problems for OS X.

There isn't really a "Tunnelblick Server" as such, but you can have Tunnelblick run an OpenVPN server by using an OpenVPN configuration that includes options that make that instance of OpenVPN into an OpenVPN server. (OpenVPN can act as either a server or a client. What determines if it is a server or a client is is controlled by the OpenVPN configuration file.)

There shouldn't be any interference between the two types of VPN, assuming you:

• Configure the OpenVPN server to use different ports than your L2TP server (The default port for OpenVPN is 1194; I don't know the default port for L2TP); and
  
  
• Don't use Tunnelblick's "Route all IPv4 traffic through the VPN" or OpenVPN's "--redirect-gatway" option (which does the same thing). It would be very unusual to use these options in a server (I don't think the server would work with these options anyway).
  

Note that you could have both OpenVPN server and OpenVPN client configurations, and you could run instances of them simultaneously, but it is very complicated to set up everything (routing, subnets, etc.) to do that; you'd have to consult some OpenVPN experts for help with that.

Similarly, if you were running both OpenVPN and L2TP VPNs simultaneously, you would need to figure out how to manage traffic between the two.

[Gustavo Domínguez]

Thank you for the information.

L2TP has worked great for me so far but there are places where its ports are blocked and I've read 443 is regularly used for OpenVPN and that one's basically always open so I think I'd be great to have a backup.

Thanks again!

[Tunnelblick developer]

Another thing you should look into is the Tunnelblick openvpn_xorpatch.

It can help defeat blocking, although it isn't always 100% effective.

It is very easy to use if you are using Tunnelblick for both the client and the server because the patch is built into Tunnelblick and you need only add a single identical option line to both the client and server configuration files. If you are only using Tunnelblick as a client, your VPN server must be running a copy of OpenVPN that has been patched (hopefully with Tunnelblick's version of the patch, which fixes many critical bugs in the original patch).