This guide explains how to set up a VPN client on a Mac laptop or iMac running OSX. Before following the steps in this guide, you should have already initialised the VPN on your LuJam ACPU by following the instructions in the LuJam VPN Guide, and added one or more VPN users.
LuJam VPN uses OpenVPN configuration files (e.g. email@example.com) to allow users to easily configure VPN clients on their devices. As such, any VPN client that supports these files can be used.
However, for those that haven't used OpenVPN on a Mac before, we recommend using the Tunnelblick client, because:
- It's secure and widely used
- The OpenVPN community recommends it
- It's free
- It's easy to use
The rest of this guide will therefore focus on installing and configuring a VPN client using the Tunnelblick client.
If you already have Tunnelblick installed, please go straight to step 6.
1. Download the Tunnelblick client
The installer is small (about 15M) and can be downloaded from the following link:
2. Run the installer
The installer should be in your Downloads directory, and should be version 3.7.6 or higher.
Simply double click the file or open it using the menu. Once it's unpacked, you should see the following installation screen:
To continue, double-click on the Tunnelblick icon, which is on the left of the link to the online documentation.
3. Agree to run the downloaded application
You should see the following security warning after starting the application (if not, you're security settings may need reviewing):
Click on the Open button and entered your password if prompted.
The installer will now run and start the configuration process, as shown below:
4. Select "I have configuration files"
The following screen will be displayed, providing information on how to add a new configuration to Tunnelblick:
5. Click OK
When you hit OK, the installation process is complete, and the Tunnelblick client is now running. You should see the Tunnelblick icon in the Mac's menu bar. If you click on the icon, you should see the following menu items:
6. Open the email from LuJam Cyber containing the OpenVPN configuration
You should have received an email from the LuJam support team (firstname.lastname@example.org) with the subject "LuJam VPN Certificate for network: <name of network>". If not, please contact the local admin for the LuJam Portal, and ask them to add you as a VPN user.
Contained in the email is an OpenVPN configuration file for your VPN account - it will have the name "<your email address>.ovpn". Download the file to your desktop, where it should look like this:
7. Double click on the configuration file
This will add the OpenVPN configuration data to the Tunnelblick client. Instead of double-clicking, you can also "Open" the file using the menu. You should see the following Tunnelblick prompt:
Select "Only Me" and then enter your password. When you click on the Tunnelblick icon in the Mac's menu bar, you should now see a "Connect <your email address>" option. You've successfully configured the VPN client and are now ready to access your company's VPN.
However, we do recommend the following next step to provide the highest level of protection.
8. Configure Tunnelblick to route all IPV4 traffic over the configured VPN
Click on the Tunnelblick icon in the Mac's menu bar and select "VPN Details...". This will bring up the following configuration screen (if not, select the "Configurations" tab, select the email address you've just configured, and then click on the secondary "Settings" tab):
The only change that needs to be made is to make sure the "Route all IPV4 traffic through the VPN" checkbox is ticked, as shown above.
You can also change the name of the configuration by double clicking on the email address (you will be prompted for your password if you do make a change). This is only recommended if you regularly access multiple VPN locations.
Connecting to the VPN
You're now ready to connect to your company's network over VPN. To do this, simply click on the Tunnelblick icon and select "Connect <your email address>". If this is the first time you've connected, you will be prompted for the passphrase (i.e. password) associated with the configuration:
You can find the password in the second email sent by the LuJam Support team (email@example.com) with the subject "LuJam VPN Password for network: <company name>". To avoid re-entering the password, select the "Save in Keychain" checkbox.
During connection, you will see a red/orange/green status window, similar to the one shown below:
Once you're successfully connected to the VPN, the Tunnelblick icon will turn from grey to solid black and the status window will disappear.
If you're testing the VPN connection from within the office, you may well see the following warning:
This is what you'd expect to see, and shouldn't be cause for alarm. However, we recommend you do not disable the warnings.
Disconnecting from the VPN
To disconnect from the VPN, simply click on the Tunnelblk icon in the Mac menu bar and select either the "Disconnect all" or "Disconnect <email address>" option. Once disconnected, you are no longer protected by the LuJam ACPU, unless you are on another network protected by LuJam.
You should see a Tunnelblk disk icon on your Mac's desktop. Once you've successfully installed and tested the VPN connection, you no longer need this disk. Once finished, eject the disk by opening the file menu and choosing Eject "Tunnelblk". You can delete the installer from the Download directory as well, as well as the ovpn file you used to configure the client (we recommend keeping the email that contains the original configuration in case you need to install on a different machine or device).