Vpn Clients For Mac Os X

/ Comments off



This article outlines instructions to configure a client VPN connection on commonly-used operating systems. For more information about client VPN, please refer to our Client VPN Overviewdocumentation.

Here is an instruction how to connect to a VPN Gate Public VPN Relay Server by using L2TP/IPsec VPN Client which is built-in on Mac OS X. On this instruction, every screen-shots are taken on Mac OS X Mountain Lion. Other versions of Mac OS X are similar to be. Installation Instructions for the Cisco AnyConnect VPN Client for Mac OSX. Visit Select the group 'Drexel VPN' (usually the default option). Enter your Drexel User-id and password. Note: For most users the Drexel User-id is your initials, followed by two to four numbers. Step 4: Verify your VPN connection by using a web browser to visit The web page will display the network address your computer is using. If the VPN is in use, it should say “On-campus address (VPN).” Step 5: To disconnect from the campus VPN service, click the.

For troubleshooting, please refer to our Troubleshooting Client VPN documentation.

Android

To configure an Android device to connect to the Client VPN, follow these steps:

  • Navigate to Settings -> Wireless & Networks -> VPN
  • Click the Plus Icon to add an additional VPN profile

Cisco Vpn Client For Mac Os X 10.11

  • Name: This can be anything you want to name this connection, for example, 'Work VPN.'

  • Type: select L2TP/IPSEC PSK

  • Server address: Enter the hostname (e.g. .com)orthe active WAN IP (e.g. XXX.XXX.XXX). Hostname is encouraged instead of active WAN IP because it is more reliable in cases of WAN failover. Admin can find them in Dashboard, under Security appliance > Monitor > Appliance status.

  • IPSec pre-shared key: Enter the pre-shared key that admin created in Security appliance >Configure > Client VPN settings.

  • Press save

You will be prompted for user credentials when you connect.

Chrome OS

Chrome OS based devices can be configured to connect to the Client VPN feature on MX Security Appliances. This allows remote users to securely connect to the LAN. This article will cover how to configure the VPN connection on a Chrome OS device. For more information on how to setup the Client VPN feature of the MX or how to connect from other operating systems, please visit the MX documentation.

  1. If you haven't already, sign in to your Chromebook.
  2. Click the status area at the bottom of your screen, where your account picture is located.
  3. Select Settings.
  4. In the 'Internet connection' section, click Add connection.
  5. Select Add private network.
  6. In the box that appears, fill in the information below:
    1. Server hostname:Enter the hostname (e.g. .com)orthe active WAN IP (e.g. XXX.XXX.XXX). Hostname is encouraged instead of active WAN IP because it is more reliable in cases of WAN failover. Admin can find them in Dashboard, under Security appliance > Monitor > Appliance status.
    2. Service name: This can be anything you want to name this connection, for example, 'Work VPN.'
    3. Provider type: Select L2TP/IPsec + Pre-shared key.
    4. Pre-shared key: Enter shared secret that admin created in Security appliance >Configure > Client VPN settings.
    5. Username credentials for connecting to VPN. If using Meraki authentication, this will be an e-mail address.
    6. Password credentials for connecting to VPN.
  7. Click Connect.

For more information regarding the configuration of VPN connections in Chrome OS, visit the Google Support page.

To configure an iOS device to connect to the Client VPN, follow these steps:

  1. Navigate to Settings -> General-> VPN -> Add VPN Configuration...
  2. Type: set to L2TP.
  3. Description:This can be anything you want to name this connection, for example, 'Work VPN.'
  4. Server: Enter the hostname (e.g. .com)orthe active WAN IP (e.g. XXX.XXX.XXX). Hostname is encouraged instead of active WAN IP because it is more reliable in cases of WAN failover. Admin can find them in Dashboard, under Security appliance > Monitor > Appliance status.
  5. Account: Enter the username
  6. Password: Enter if desired. If the password is left blank, it will need to be entered each time the device attempts to connect to the Client VPN.
  7. Secret: Enter shared secret that admin created in Security appliance >Configure > Client VPN settings.
  8. Ensure that Send All Traffic is set to On.
  9. Save the configuration.

macOS

Currently only the following authentication mechanisms are supported:

  • User authentication: Active Directory (AD), RADIUS, or Meraki hosted authentication.
  • Machine authentication: Preshared keys (a.k.a., shared secret).

When using Meraki hosted authentication, VPN account/user name setting on client devices (e.g., PC or Mac) is the user email address entered in the Dashboard.

The instructions below are tested on Mac OS 10.7.3 (Lion).

Open System Preferences > Network from Mac applications menu. Click the '+' button to create a new service, then select VPN as the interface type, and choose L2TP over IPsec from the pull-down menu.

  • Server Address: Enter the hostname (e.g. .com)orthe active WAN IP (e.g. XXX.XXX.XXX). Hostname is encouraged instead of active WAN IP because it is more reliable in cases of WAN failover. Admin can find them in Dashboard, under Security appliance > Monitor > Appliance status.
  • Account Name: Enter the account name of the user (based on AD, RADIUS or Meraki Cloud authentication).
For
Click Authentication Settings and provide the following information:
  • User Authentication > Password: User password (based on AD, RADIUS or Meraki Cloud authentication).
  • Machine Authentication > Shared Secret: Enter shared secret that admin created in Security appliance >Configure > Client VPN settings.
Click OK to go back to the main VPN settings page, then click Advanced and enable the Send all traffic over VPN connection option.

The VPN connectivity will not be established if you don't enable the Send all traffic over VPN connection option!

Windows 7

Currently only the following authentication mechanisms are supported:

  • User authentication: Active Directory (AD), RADIUS, or Meraki hosted authentication.
  • Machine authentication: Preshared keys (a.k.a., shared secret).

When using Meraki hosted authentication, VPN account/user name setting on client devices (e.g., PC or Mac) is the user email address entered in the Dashboard.

Open Start Menu > Control Panel, click on Network and Internet, click on View network status and tasks.

In the Set up a connection or network pop-up window, choose Connect to a workplace (Set up a dial-up or VPN connection to your workplace).

Choose Use my Internet connection (VPN), in the Connect to a workspace dialog window.

In the Connect to a Workplace dialog box, enter:

  • Internet address: Enter the hostname (e.g. .com)orthe active WAN IP (e.g. XXX.XXX.XXX). Hostname is encouraged instead of active WAN IP because it is more reliable in cases of WAN failover. Admin can find them in Dashboard, under Security appliance > Monitor > Appliance status.
  • Destination name:This can be anything you want to name this connection, for example, 'Work VPN.'

Choose 'Don't connect now; just set it up so that I can connect later' option.

Click Next. In the next dialog window, enter the user credentials, and click Create.

Close the VPN connection wizard.
Go to Networking and Sharing Center and click Change Adapter Settings
In Network Connections window, right-click on the new VPN connection settings and choose Properties
In the General tab, verify the hostname (e.g. .com)orthe active WAN IP (e.g. XXX.XXX.XXX). Hostname is encouraged instead of active WAN IP because it is more reliable in cases of WAN failover. Admin can find them in Dashboard, under Security appliance > Monitor > Appliance status.
Client
In the Options tab, uncheck 'Include Windows logon domain'
In the 'Security' tab, choose 'Layer 2 Tunneling Protocol with IPsec (L2TP/IPSec)'.
Then, check 'Unencrypted password (PAP)', and uncheck all other options.
Click on 'Advanced settings'.

Despite the name 'Unencrypted PAP', the client's password is sent encrypted over an IPsec tunnel between the client device and the MX. The password is fully secure and never sent in clear text over either the WAN or the LAN.

In Advanced Properties dialog box, choose 'Use preshared key for authentication' and enter the pre-shared key that admin created in Security appliance >Configure > Client VPN settings.
Back at the Network Connections window, right-click on the VPN connection and click Connect
Verify your user name and click Connect.

Best Vpn For Mac Os

Windows 8

Currently only the following authentication mechanisms are supported:

  • User authentication: Active Directory (AD), RADIUS, or Meraki hosted authentication.
  • Machine authentication: Preshared keys (a.k.a., shared secret).

When using Meraki hosted authentication, VPN account/user name setting on client devices (e.g., PC or Mac) is the user email address entered in the Dashboard.

Open Start Menu > Network and Sharing Center and click Settings.

In the Network and Sharing Center, click Set up a new connection or network.

In the Set Up a Connection or Network pop-up window, choose Connect to a workplace.
(Set up a dial-up or VPN connection to your workplace).

Choose Use my Internet connection (VPN), in the Connect to a Workspace dialog window.

In the Connect to a Workplace dialog box, enter:

  • Internet address: Enter the hostname (e.g. .com)orthe active WAN IP (e.g. XXX.XXX.XXX). Hostname is encouraged instead of active WAN IP because it is more reliable in cases of WAN failover. Admin can find them in Dashboard, under Security appliance > Monitor > Appliance status.
  • Destination name:This can be anything you want to name this connection, for example, 'Work VPN.'
Click Create.

Go back to Network and Sharing Center and click Change Adapter Settings.

In the Networks Connections window, right click on the VPN connection icon and choose Properties.
In the General tab, verify the hostname (e.g. .com)orthe active WAN IP (e.g. XXX.XXX.XXX). Hostname is encouraged instead of active WAN IP because it is more reliable in cases of WAN failover. Admin can find them in Dashboard, under Security appliance > Monitor > Appliance status.
In the 'Security' tab, choose 'Layer 2 Tunneling Protocol with IPsec (L2TP/IPSec)'.
Then, check 'Unencrypted password (PAP)', and uncheck all other options.

Despite the name 'Unencrypted PAP', the client's password is sent encrypted over an IPsec tunnel between the client device and the MX. The password is fully secure and never sent in clear text over either the WAN or the LAN.

In Advanced Properties dialog box, choose 'Use preshared key for authentication' and enter the pre-shared key that admin created in Security appliance >Configure > Client VPN settings.
Back at the Network Connections window, right-click on the VPN connection and click Connect / Disconnect.
Find your VPN profile and click Connect.
Enter your user name and password.

Windows 10

Globalprotect vpn client for mac os x

Currently only the following authentication mechanisms are supported:

  • User authentication: Active Directory (AD), RADIUS, or Meraki hosted authentication.
  • Machine authentication: Preshared keys (a.k.a., shared secret).

When using Meraki hosted authentication, VPN account/user name setting on client devices (e.g., PC or Mac) is the user email address entered in the Dashboard.

Open Start Menu > Search 'VPN' > Click Change virtual private networks (VPN)

From the VPN settings page, click Add a VPN connection.

In the Add a VPN connection dialog:

  • VPN provider: Set to Windows (built-in)
  • Connection name: This can be anything you want to name this connection, for example, 'Work VPN.'
  • Server name or address: Enter the hostname (e.g. .com)orthe active WAN IP (e.g. XXX.XXX.XXX). Hostname is encouraged instead of active WAN IP because it is more reliable in cases of WAN failover. Admin can find them in Dashboard, under Security appliance > Monitor > Appliance status.
  • VPN type: Select L2TP/IPsec with pre-shared key
  • User name and Password: optional

Press Save.

After the VPN connection has been created, click Change adapter options under Related settings.

Right-click on the VPN Connection from the list of adapters and click Properties.

In the Security tab, select 'Require encryption (disconnect if sever declines)' under Data encryption.
Then, select 'Allow these protocols' under Authentication. From the list of protocols, check 'Unencrypted password (PAP)', and uncheck all other options.

Despite the name 'Unencrypted PAP', the client's password is sent encrypted over an IPsec tunnel between the client device and the MX. The password is fully secure and never sent in clear text over either the WAN or the LAN.

In Advanced Properties dialog box, choose 'Use preshared key for authentication' and enter the pre-shared key that admin created in Security appliance >Configure > Client VPN settings.

Back at the Network Connections window, right-click on the VPN connection and click Connect / Disconnect.

Find your VPN profile and click Connect.

Click OK.

Windows XP

Currently only the following authentication mechanisms are supported:

  • User authentication: Active Directory (AD), RADIUS, or Meraki hosted authentication.
  • Machine authentication: Preshared keys (a.k.a., shared secret).

When using Meraki hosted authentication, use the email address for VPN account / user name.

Free Vpn Mac Os X

Open Start Menu > Control Panel, click on Network Connections.

In the Network Tasks section, click on Create a new connection.

Choose Connect to the network at my workplace, in the New Connection Wizard window.

Choose Virtual Private Network connection in the next section.

Then, give a name for this connection. This can be anything you want to name this connection, for example, 'Work VPN.'

Vpn Software Mac

Enter the hostname (e.g. .com)orthe active WAN IP (e.g. XXX.XXX.XXX). Hostname is encouraged instead of active WAN IP because it is more reliable in cases of WAN failover. Admin can find them in Dashboard, under Security appliance > Monitor > Appliance status.

In the Connect <Connection Name> box, click on Properties

In the General tab, verify the hostname (e.g. .com)orthe active WAN IP (e.g. XXX.XXX.XXX). Hostname is encouraged instead of active WAN IP because it is more reliable in cases of WAN failover. Admin can find them in Dashboard, under Security appliance > Monitor > Appliance status.

In the Options tab, uncheck 'Include Windows logon domain'
In the Security tab, choose Advanced (custom settings).
In Advanced Security Settings page, select Optional encryptionfrom the Data encryption pull-down menu.

Mac Os L2tp Vpn

Choose Unencrypted password (PAP) from the Allow these protocols options and uncheck everything else.

Despite the name 'Unencrypted PAP', the client's password is sent encrypted over an IPsec tunnel between the client device and the MX. The password is fully secure and never sent in clear text over either the WAN or the LAN.

Back on the Security tab, click IPSec Settings...
Check 'Use pre-shared key for authentication' and enter the pre-shared key that admin created in Security appliance >Configure > Client VPN settings.
In Networking tab, choose L2TP IPSec VPN from the Type of VPN options.
Back at the Network Connections window, right-click on the VPN connection and click Connect
Verify your user name and click Connect

Linux

Since Client VPN uses the L2TP over IPsec standard, any Linux client that properly supports this standard should suffice. Please note that newer versions of Ubuntu do not ship with a VPN client that supports L2TP/IP, and will therefore require a 3rd party VPN client that supports the protocol.

Note: The xl2tp package does not send user credentials properly to the MX when using Meraki Cloud Controller authentication, and this causes the authentication request to fail. Active Directory or RADIUS authentication can be used instead for successful authentication.

Important

Netgate is offering COVID-19 aid for pfSense software users, learn more.

There are three client options for Mac OS X.:

  • The OpenVPN command line client. Most users prefer a graphical client, so thisoption will not be covered.

  • Tunnelblick, a free option available for download at the Tunnelblick Website.

  • The commercial Viscosity client. At the time of this writing, it costs $14USD for a single seat. If OpenVPN is used frequently, Viscosity is a muchnicer client and well worth the cost.

Both Tunnelblick and Viscosity are easily installed, with no configurationoptions during installation.

Configuring Viscosity¶

When using the Viscosity client, it can be configured manually or the OpenVPNClient Export package may be used to import the configuration. Viscosityprovides a GUI configuration tool that can be used to generate the underlyingOpenVPN client configuration. The CA and certificates can be imported manually,and all of the parameters can be set by hand. This section cover importing aViscosity bundle from the export package.

Download Vpn Client For Mac Os X

  • Download a copy of the Viscosity bundle for the client from the OpenVPNClient Export package

  • Locate the saved file, which will end in .visc.zip indicating that it is acompressed archive

  • Copy this exported bundle to a folder on the Mac

  • Double click this file and it will expand to Viscosity.visc

  • Double click Viscosity.visc and Viscosity will open and import theconnection as shown in Figure Viscosity Import

  • Delete the Viscosity.visc directory and the .zip archive

  • Viscosity will be running after import, and may be found in the menu bar

  • Click the lock icon added to the menu bar at the top of the screen

  • Click Preferences to check that the configuration was imported as shown inFigure Viscosity Preferences

Viscosity Preferences

For

  • Check the Connections area to see if the connection imported successfullyas shown in Figure Viscosity View Connections.

  • Close the Preferences screen

  • Click the lock in the menu bar

  • Click the name of the VPN connection to connect as shown in FigureViscosity Connect. After a few seconds, the lock in the menu barwill turn green to show it connected successfully.

Viscosity Connect

  • Click on it and then click Details as shown in FigureViscosity Menu to see connection information

On the first screen (Figure Viscosity Details), the connectionstatus, connected time, the IP assigned to the client, and the IP of the serverare all displayed. A bandwidth graph is displayed at the bottom of the screen,showing the throughput in and out of the OpenVPN interface.

Viscosity Details

Stonesoft Vpn Client For Mac Os X

Clicking the up/down arrow button in the middle of the details screen displaysadditional network traffic statistics. This shows the traffic sent within thetunnel (TUN/TAP In and Out), as well as the total TCP or UDP traffic sentincluding the overhead of the tunnel and encryption. For connections usingprimarily small packets the overhead is considerable with all VPN solutions. Thestats shown in Figure Viscosity Details: Traffic Statistics are from only afew pings traversing the connection. The traffic sent in bringing up theconnection is also counted here, so the initial overhead is higher than what itwill be after being connected for some time. Also, the typical VPN traffic willhave larger packet sizes than 64 byte pings, making the total overhead anddifference between these two numbers considerably less.

Clicking on the third icon in the middle of the Details screen shows theOpenVPN log file (Figure Viscosity Details: Logs). If there is any troubleconnecting, review the logs here to help determine the problem. See alsoTroubleshooting OpenVPN.

Viscosity Details: Logs