Setting up VPN on MacBook. How to Use a VPN on Your Mac

Over the past two weeks, the topic of having your own VPN server has become more pressing than ever for Russian residents. And while Roskomnadzor is trying to block Telegram, a variety of services regularly fail in the country.

PlayStation servers, YouTube video hosting, cloud servers and a number of Google services– you can continue indefinitely.

There is only one way out of this chaos - set up your own VPN server and forget about the endless “Unable to connect” messages.

In this article I will tell you how to connect a VPN server with one-tap access using standard macOS tools.

note, this article assumes that you have the IP address, login and passwords of the corresponding VPN server. I talked about how to create your own VPN on a budget.

Setting up a VPN using Mac

Step 1. Opening Settings -> Network. Just below the list of connections, tap on “+” and select:

Interface: VPN

VPN type: L2TP over IPSec

Service name: at your request.

Click Create.

Step 2. A new connection with the name you specified will appear. Carefully fill in the fields that appear.

Configuration: Add a new one and give any desired name

Server address: issued IP address from VPN

Name account: username specified or received during the creation of the VPN server

Immediately check the box next to the item Show VPN status in menu bar. This way you can quickly turn the VPN on and off as needed.

Step 3. Click on the item Authentication settings. In the pop-up window that opens, specify shared key(aka IPsec PSK password) and user password (Password).

Field Group name can be left blank. Select "OK" and click in the lower right corner Apply.

Click Additionally and check the box next to the item Send all traffic through VPN.

Setting up VPN on Mac is complete. Feel free to tap on the connect option. A new connection status icon will appear in the Dock menu on your Mac's status bar.

The VPN is successfully connected and now all traffic passes through the intermediate remote server, and you have access to any resources.

A VPN connection allows you to securely connect to another private network over the Internet. Your Mac has built-in support for managing VPN connections, and in this guide we'll look at how to set up, manage and connect with a VPN. Finally, let's look at how to set up your own VPN server.

What is a VPN?

VPN is virtual private network. If you have files on a server in production, that server is unlikely to be public (accessible over the Internet) and will certainly be behind a firewall. Managing a VPN is much safer than opening ports on a firewall, which is risky. As more workers travel and/or work from home, companies need a way to give employees access to the resources they need while maintaining high level security.

Enter VPN, method secure connection to a private network over the Internet. With a VPN connection, it's like you're in the office. Imagine being at home and realizing that you need something from a server or internal website at the office. VPN connection is like Very a long Ethernet cable connected through your Mac to your network.

Using a VPN

Remote network connection at work

As noted, at work you will be able to access any existing file servers. When you are on the road or at home, you will not be able to. Using a VPN connection, you are on the same network. Once it connects, you can access any file server using your normal IP address.

With a VPN connection you can establish a secure connection to a private (and inaccessible) network

Encrypting your web browser

Because the VPN connection is secure, any data passing through it is encrypted. When you are in a cafe and browsing the web, your traffic may be monitored. Most VPN programs (such as OS X) have an option to have all of your internet traffic, not just accessing the VPN destination, go through the VPN connection, thus encrypting all of your web browsers and increasing the security of everything you do online.

While somewhere else in the world

Because your Internet traffic is over a VPN connection, most websites will appear as if you are accessing it from the location where the VPN server is located. Confused? Let's clarify!

Let's say you're on a trip to London and you're stuck in a hotel room for a few hours. If you try to access a site that is only available in the US (such as Hulu), you will see a message explaining this. If your VPN server is located in the US and after connecting you make sure that your internet traffic is going through the VPN connection, you will be able to access the site.


With a VPN connection, you can connect to a VPN server's network and browse the web as if you were in another country

The reason is that when you are connected via VPN, you work efficiently on this network. You will have a local IP address on the network that is assigned to your VPN connection, and your Internet traffic is effectively routed from where the VPN server is located. As a result, for most sites, your location is actually where the VPN server is. I'll explain this with an example.

There are many speed testing sites, one of the most popular is Speedtest.net. If I run a speed test from my current location I get feedback from my broadband speed and the nearest testing server I connected to (in this case Skipton, UK).


Speed ​​test shows the nearest testing server as well as provider information

Now, when I connect via VPN to an American server, making sure that all Internet traffic is sent through the VPN, I run the test again, the site assumes that my nearest server is in Miami! This is due to the fact that VPN server based on test speed.


When using a VPN connection, the speed test thinks I'm near Miami

Depending on the VPN server and your connection, you will notice that your speed drops dramatically.

Advice: In restricted countries such as China, where many of the sites we are familiar with (Twitter and Facebook) are blocked, some users "bypass" this restriction by using services such as VPNs.

Setting up a VPN connection

Before establishing a VPN connection, you need to do a few things:

VPN server address

This is the IP address we need for the VPN server. This could be a fully qualified domain name (FQDN) such as vpn.mycompany.com, depending on how it was configured.

Username and Password

All VPN connections have a username and password. These are usually configured by your IT administrator.

Connection type

There are two types of VPN connections, L2TP and PPTP. Both provide a secure connection, although L2TP is generally considered better. This is because in addition to a username and password, L2TP connections may require shared secret. This is similar to a secret passphrase that any VPN users will have to add to their connection.

How to connect a Mac via VPN

To set up a VPN connection on your Mac, you will need the following information.

  1. Server IP address or fully qualified domain name
  2. Username and Password
  3. Connection type (L2TP or PPTP)

For the purposes of this tutorial I will be using dummy information. While there are "free" VPN services we could use, I take the security of your Mac (and mine) very seriously! If you want to learn more about paid VPN services, I'll cover that later.

All VPN settings can be entered in System Preferences, In chapter Network.

Step 1: Open System Preferences and select Network


Step 1: Open System Preferences and select Network


Network settings

Step 2: Click + and then select VPN in interface option. Specify either PPTP, or L2TP.


Step 2: Click + and then select VPN from the interface options. Specify either PPTP or L2TP

Step 3: Select Configuration and then Add Configuration. Name it “Server 1”.


Step 3: Select Configuration and then Add Configuration. Name it “Server 1”

Advice: in the above steps I asked you to add a configuration named “Server 1”. This step is actually optional and you can leave it with the settings default. The reason for adding the configuration is that some users have multiple VPN settings. OS X can manage multiple VPN settings using the option configurations. For example, you might have one VPN profile (another name for your VPN settings) for your US office and another for your Australia office.

Step 4: Enter the IP address (or FQDN) of the VPN server and username.


Step 4: Enter the IP address (or FQDN) of the VPN server and username.

Step 5: Select Authentication Settings... and then enter your password. Note: If you choose L2TP as VPN type, in this panel you must enter shared secret.


Step 5: Select Authentication Settings and enter the password.

Step 6: Make sure that you have selected Show VPN status in menu bar and press Apply.

That's it, you're ready! You'll see a new icon in the menu bar that looks like a luggage tag. Click on it and then select Connect VPN. Once it connects, you will see the timer start.

When the VPN connection is established, a timer will appear in the menu bar

Once your VPN connection is established, head back to System Preferences and you'll see some connection information, including your VPN's IP address.


System Settings display connection information such as IP address and time,

Sending all traffic through VPN

By default, your Mac will only transmit necessary traffic through the VPN, such as accessing the file server or other machines or sites that are on the same network as the VPN server. This is because most VPN connections can be quite slow, so your Mac doesn't want to slow down your internet resource unnecessarily. However, we can override this.

Return to System Preferences and select Advanced….


Go back to System Preferences and select Advanced.

Right now we see an opportunity Send all traffic over VPN connection. Trimming this and saving the changes will mean that your Mac will transfer all network traffic via VPN. Generally not recommended as your Internet connection will be very slow and you will find that access to servers and printers on the network you are physically on is stopped.

For all data that must be transferred over the VPN after the option is enabled, we need to set service order. This is the order in which your Mac transfers data over the network. We should put VPN as the first service on the list. To do this, select the cog drop-down menu and select Set Service Order... Here you can drag the services in the order you want, making sure the VPN is at the top.


Set VPN to the top of the list of services

However, this is necessary if you need to access a site that is only available in the country where your VPN server is located. Going back to the previous example, if you were in the UK and only needed to access a site in the US, enabling this option will allow you to access it.

Getting a VPN Account

Many users will likely have a VPN profile from their employer's IT department. If you need a VPN for personal use, there are many services that offer a VPN account for a small monthly fee.

You can choose to install a specific application or create a new connection in your existing network settings - either way, installing a VPN on your Mac will not be difficult. All this will take you a few minutes if you follow the steps described in this article.

Installation on Mac is very intuitive, there are three ways to do it. We'll start our guide with native Mac apps, as this is the fastest and easiest way. Next, we turn our attention to OpenVPN, an open-source application source code for Mac, and then we'll look at how to set up a VPN connection through the Mac OS X settings.
Using the instructions below, you can set up a secure connection in just seconds.

What you will need

You will need two things before you start:

  • A Mac running the latest version of OS X. In this article, we are using High Sierra version 10.13.2. For your own safety, always update to the latest software version.
  • VPN account. You can use both paid and free subscriptions. We use paid subscription ExpressVPN in our example.

Before you begin, you should make sure that your VPN account is activated. This usually means you need to register, then check your email for a confirmation email and activate your account. If you don't do this, you will encounter login problems in the future.

Method 1: VPN App

Most well-known VPN providers provide dedicated apps for Mac OS X, and if you're new to VPNs, this is the best one. easy way connections for you. In our example, we'll use ExpressVPN, but most of the steps will apply to other providers as well.

Before you begin, you should make sure that you have the latest version of the software installed (you can find this information in the Updates section Software in the Settings app). After that, download the app and follow your provider's instructions to log in. Here's a simple example of how this is done:

  • Go to ExpressVPN and download the Mac installer.
  • Double click on the downloaded file to start the installation. If you see a window like this, click Continue.

  • Click the Continue button again.
  • If you want to change the installation location, now is the time. Otherwise, just click Install and enter your password when asked.

  • After installation is complete, you can move the installer to the trash.

  • ExpressVPN will open automatically. Click Sign in to continue (hopefully your account is already set up).

At this step you will be asked for an activation code. You can find it on the ExpressVPN website in your account. It's located at the bottom of the login page, under the green Set Up ExpressVPN button.
Remember: the activation code is unique, so you should not tell it to anyone or send it over unsecured communication channels.
We complete the installation:

  • Copy your activation code into the ExpressVPN app, then click Sign in.
  • Click Allow if you want ExpressVPN to launch as soon as your Mac starts.

  • Click Allow if you don't mind having your connection information sent anonymously. If you click Don’t Allow, your information will remain with you.

The installation process is complete and ExpressVPN is awaiting your further instructions.

One of the benefits of using the ExpressVPN app is the choice of server locations. In the following connection methods, each location will have to be set manually, but in the application they are all collected together and ready to go.
Of course, if you do not need a specific location, then it is best to use Smart Location, since in this mode it is selected for you best server at this moment.

Method 2: OpenVPN on Mac

If you prioritize security, then open source software should appeal to you more than vendor apps. Plus, you'll get access to some advanced settings and configurations.
We recommend for Mac.
Setting up:

  • Open Tunnelblick website, click on green arrow to download latest version product.

  • Once the download is complete, open the disk image and double-click on the Tunnelblick icon to begin the installation.

  • If necessary, enter a password to confirm that you want to install the software.
  • After installation you will be able to add configuration.

  • In your Mac's menu bar, click on the Tunnelblick icon and then on VPN Details...

In this step, you need to log into the ExpressVPN website in order to get some information:

  • Log in, click on Set up ExpressVPN and then Manual Config. On the right you will see OpenVPN connection information.
  • Below the input you will see a list of locations. Click on the desired location, and then select the server you want to connect to.
  • Download the connection profile to your Mac. This is a file with the extension .ovpn.

Leave your browser window open and return to your desktop:

  • In the Downloads folder, find your .ovpn file and drag it to the left panel of Tunnelblick. Note: if you accidentally move a file to the right panel, nothing will happen.

  • Click Only Me if you want only you to be able to use this VPN server. Click All Users if you want to share with other Mac accounts. If required, enter a password.

  • Click Connect in the lower right corner of the Tunnelblick window.
  • A window will appear in front of you that will ask for your input data. Do not enter the information you use to log into the site here, as this will not give any results. Instead, find the OpenVPN section on the ExpressVPN website. If you left your browser open, you can find the information you need just above the list of servers we used.
  • Copy and paste the username and password into the Tunnelblick window. You need to choose whether you want to save the input data in the application or not.

  • Click OK to connect.

You will see the corresponding output information after the connection to the server is completed. Once connected, the Disconnect button will become active and the icon will change color to black.

Method 3: Manual setup

Mac OS X has built-in VPN functionality. If you do not wish to use the application, then you can connect to your VPN network using the section Network settings in the System Settings application.

This method has its drawbacks. You will lose some features of the application, such as killswitch, so we advise you to weigh everything before starting. Also, instead of automatically accessing the provider's typically large-scale network, you'll have to manually configure access to each server.
For manual settings you will need L2TP/IPSec connection details. This information is usually located on your provider's website.
Let's quickly look at the example of ExpressVPN:

  • Log in to the site and go to the Manual config section on the settings page. This time, click on the L2TP/IPSec button on the right side to get the necessary information. Keep in mind that OpenVPN data is different and will not work here.
  • Open System Preferences on your Mac and click Network.

  • Click on the small plus icon in the lower left corner to add a connection.

  • In the window that appears, select VPN in the Interface field, L2TP over IPSec in the VPN Type field.
  • You can choose any name. As a name, you can use the name of the location where the server is located so as not to get confused. Then click Create.

  • Leave the configuration as default, copy the address of the server you want to connect to from the ExpressVPN Manual Config page and paste it into the Server Address field. Copy your username into the Account Name field.

  • Click on the Authentication Settings button.
  • Copy and paste the L2TP/IPSec password from the ExpressVPN Manual Config page into the Password field.
  • In the Shared Secret field, write 12345678 and then click OK to close the dialog box.

  • Click Advanced...

  • Check the box next to Redirect all traffic through the VPN connection, then click OK.

  • Check the Show VPN status in the menu bar checkbox, then click Apply.

In the top right corner of your Mac's screen, you'll see an icon that looks like a loading bar. This is the icon for your VPN connection.

Click on the first item in the list to connect. Once the Mac connects successfully, you will see the icon change color.
If you need to disconnect, then click on the VPN icon again, and then again on the same item in the list.

Best VPN Services for Mac in 2018:

Troubleshooting your VPN

If you are having difficulty connecting, the first thing you need to do is download your provider's app and try connecting through it. If it works, then there is a high probability that your account is working, but the settings are most likely set incorrectly. Try resetting them and setting them up again.
Tunnelblick provides a lot of useful information in the logs, which can be useful when solving connection problems.
If you still have unresolved questions, contact your provider for further advice.

Denial of responsibility: This article is written for educational purposes only. The author or publisher did not publish this article for malicious purposes. If readers would like to use the information for personal gain, the author and publisher are not responsible for any harm or damage caused.

VPN

VPN (English: Virtual Private Network - virtual private network - a generalized name for technologies that allow one or more network connections(logical network) on top of another network (such as the Internet) WikiPedia

Suppose you are a developer and some resources (for example, a database) are located on a corporate network, accessed through a VPN.

If you look at all the available instructions on how to set up a VPN on Mac OS, you will see that the authors tell you to check the box “send all traffic through the VPN”, which leads to the fact that (Captain Obvious) all traffic goes through the VPN, which in turn imposes all restrictions on the corporate network (prohibition on visiting certain resources, closed ports etc.) or restrictions of the anonymization service (narrow channel, long ping, etc.).

The question arises: is it not possible to allow only certain traffic through the VPN, and let all other (main) traffic go through a regular channel without restrictions.

This is done quite simply.

Let's briefly walk through setting up a VPN connection.

Click on the “apple” in the upper left corner of the screen and select “System Settings”.

Select "Network"

Click on the plus sign in the list of network connections.

Select "VPN"

VPN type (in my case it's L2TP over IPSec)

Filling in the connection parameters

Check the box “Send all traffic through VPN” we don't put it

Now we need to find out the interface through which the VPN traffic goes.

Run ifconfig without a connected VPN

Connect the VPN and run ifconfig again

We see that the ppp0 interface has appeared

Now, by default, all traffic goes over a regular connection (not VPN).

Sudo /sbin/route add -host 192.168.0.20 -interface ppp0

Now all traffic goes through my regular connection, and traffic to the corporate server goes through the VPN.

For convenience, in the ~/.profile file we create aliases for the command to add routes

Alias ​​server-vpn-up="sudo /sbin/route add -host 192.168.0.20 -interface ppp0"

Now, to raise the connection, you need to connect to the VPN and run the server-vpn-up command.

Alternative option, this is to create a file /etc/ppp/ip-up, write it into it [in my case]

#!/bin/sh /sbin/route add 192.168.0.0/24 -interface $1

And give execution rights

Sudo chmod +x /etc/ppp/ip-up

After this, the route will be registered automatically after connecting to the VPN.

Which ones can meet underwater rocks.

1. There may be a conflict of IP addresses if the internal and external networks use the same address space (perhaps I am using the wrong term, please correct it in the comments). Those. your VPN and internal home network are at 192.168.0... In my case, the solution was reconfiguration home network on 10.0.1...

2. When connecting to a VPN, the corporate DNS was automatically set to 192.168.0.7. And although all traffic should not have gone through the VPN, all sites stopped opening. This was solved by adding Google's DNS 8.8.8.8 and raising it to the very top.

VPN settings are done by opening the menu Apple -> System Preferences(Apple -> System Preferences) then select Network(Net). It is possible that the network settings menu is locked, in which case you need to click on the lock icon and enter the administrator name and password, after which you will have access to manage connections on your Mac.

Menu Network located at the bottom left immediately below the list of connections by clicking on the plus icon, a dialog box appears for creating a new connection.

Parameter Interface(Interface) must be selected VPN. In the appeared VPN Type(VPN type) select L2TP over IPSec. The third parameter allows you to set a name for this connection. Then press the button Create(Create).

L2TP (Layer 2 Tunneling Protocol) is a network link layer tunneling protocol. And IPSec means data transmission is protected over the IP protocol and stands for IP Security.

The VPN connection has been created and requires configuration. On the left, select the created VPN connection; in the menu on the right, click on the parameter Configuration(Configuration) select from the pop-up list Add Configuration(Add configuration).

After selection Add Configuration(Add Configuration) The connection wizard requires you to specify a configuration name. Call it arbitrarily as you like in this case My NPN. We set up the My VPN configuration, set the server address and the account name (account, login).

When all this is done, press the button Authentication Settings(Authentication settings) and in the window that appears, set a password, and if necessary, a group and traffic encryption.

After you finish setting up authentication, go to Advanced(Optional), check the box here Send all traffic over VPN connection(Transmit all traffic through this VPN connection), click OK.

VPN connection completed, click Apply(Apply) and Connection(Connection), well, if you entered the data correctly, you will successfully connect to the VPN. The connection status is similar to “ Status: Connected to 129.123.67.xxx" In addition, you can tick the box Show VPN Status in menu bar, in order to see the status VPN connections in the bar menu

mob_info