Connecting to OpenVPN Access Server from OS X

July 27, 2013

I have recently bought a MacBook Air, even if I'm mostly a Windows guy. I needed a replacement for my old laptop, and with the 13" MacBook Air I now have a computer that is easy to bring with me, while still having good power. And as a geek I also like the challenge og getting to know a new OS. I will still be using Windows a lot, and I have also installed Windows in BootCamp on the new MacBook Air, and tried to get Parallels to work with my BootCamp partition - more on that in another blog entry.

Problem

OpenVPN

At home I'm running an OpenVPN Access Server on my Linux computer, so that I can access my home network when I'm on the road. And on my Windows laptop, the official OpenVPN Desktop Client for Windows has always worked without problems. On my new MacBook Air I installed the Tunnelblick client, since this is the client suggested by the OpenVPN website, and I had no problems importing the profile I was using on my Windows computers. And I could also connect to the home network, but I could not get access to the Internet when connected to the VPN. The VPN is configured to route all traffic through the VPN. I could ping all computers on the home network including the router, but traffic to the Internet stopped at the router.

I then began investigating on Google to see if others had had the same problems, without finding any hints on how to solve the problem. I also tried other OpenVPN clients for OS X, without any luck. I then wondered if I needed to create some static routes in the VPN configuration to get it to work on OS X, and started looking through the OpenVPN AS documentation to see how that should be done. And in the documentation I found the solution. I had been running my OpenVPN AS using OSI Layer 2 (ethernet bridging) topology, since that gave my laptop an ip-address on the home network when connected with VPN. But in the documentation (and on the Admin Interface for OpenVPN AS), it states that Layer 2 only works with Windows Clients. But since it's several years since I did the initial setup of the OpenVPN AS this was not something that sprung to mind when I tried getting the connection to work.

Solution

After switching to Layer 3 (routing/NAT), and downloading a new profile, I can now access the Internet when connected to the VPN, while still having access to the computers on the home network from from both Windows and OS X clients. I have not had to make any changes to the default settings on the OpenVPN AS (yet). I find it a little strange that I have not seen this information mentioned in connection with any of the OpenVPN clients available for OS X, since it must be a common trap.

Facebook comments