OpenVPN
Other Links:
OpenVPN Description Page
OpenVPN Demo
OpenVPN Forums
OpenVPN Reports
OpenVPN FAQs

Configure, build and install the OpenVPN Access Server on your Mac The OpenVPN software archive includes the source code for the secure access server: to actually use the utility, you must start. The OpenVPN Connect Client for macOS, latest version, currently supports these operating systems: OS X 10.8 Mountain Lion; OS X 10.9 Mavericks; OS X 10.10 Yosemite; OS X 10.11 El Capitan; macOS 10.12 Sierra; macOS 10.13 High Sierra; macOS 10.14 Mojave; macOS 10.15 Catalina; macOS 11.0 Big Sur; Downloading and installing the OpenVPN Connect Client for macOS. Split-DNS behavior on macOS was markedly different from our other OpenVPN Connect software programs, and this has now been corrected. OpenVPN Connect v3. We recommend and support OpenVPN Connect v3 as the official app for OpenVPN Access Server and OpenVPN Cloud. The client software offers client connectivity across four major platforms: Windows, macOS, Android, and iOS. For Linux, we recommend the open source OpenVPN client. We recommend downloading OpenVPN Connect v3. FinchVPN OpenVPN Config. For user who want to set up and connect manually or do not have.NET framework installed. Supported Devices: Windows OS; MacOS X; Ubuntu; Android; iOS (No jailbreak needed) Download v 2.4.8 Last Updated: 2018-04-12 OpenVPN GUI Windows Client and Config Login with your FinchVPN username and API Key.



  • 2Settings
    • 2.1Status
    • 2.2Server
    • 2.3Client
    • 2.4Advanced
      • 2.4.2Server Configuration and Client Configuration
  • 3Reports
  • 5OpenVPN FAQs
    • 5.1What operating systems are supported?
    • 5.2Can I use it with my phone or tablet?

About OpenVPN

OpenVPN enables you to create an SSL-based VPN (virtual private network) that supports both site-to-site and client-to-site tunnels. This allows your road warrior users to connect to local resources as if they were in the office, or connect the networks of several geographically distant offices together - all with the added security of encryption protecting your data. OpenVPN supports any operating system with an OpenVPN-compatible VPN client (which is almost every OS), even smartphones!

The OpenVPN application can run as a server allowing for remote client to connect to the Untangle server, and the OpenVPN application can connect to other remote Untangle servers as a client.

The VPN Overview article provides some general guidance of which VPN technology may be the best fit for different scenarios.

Mac

Settings

This section reviews the different settings and configuration options available for OpenVPN.

Status

The Status tab shows you a list of open connections, the time the tunnels were created and transmit statistics.

Connected Remote Clients

This grid shows the currently connected remote clients that are connected to this OpenVPN (if server is enabled.)

Name Description
AddressThe IP of the remote client.
ClientThe OpenVPN client name.
Start TimeThe time that the client connected.
Rx DataThe amount of data received from this client in this session.
Tx DataThe amount of data sent to this client in this session.

Remote Server Status

This grid shows the remote servers this OpenVPN is connecting to as a client.

Name Description
NameThe name of the remote server.
ConnectedThe current connection status
Rx DataThe amount of data received from this client in this session.
Tx DataThe amount of data sent to this client in this session.


Server

The Server tab includes all the configuration for OpenVPN's server functionality.

Site Name is the name of the this OpenVPN site. A random name is chosen so that it is unique. A new name can be given, but it should be unique across all Untangle sites in the organization. For example, if the company name is 'MyCompany' then 'mycompany' is a bad site name if you have multiple Untangles deployed as it might be used elsewhere. The Site Namemust be unique.

Site URL shows the URL that remote clients will use to connect to this server. This is just for reference. Verify that this address will resolve and be publicly reachable from remote networks. This URL can be configured in Config > Network > Hostname.

If Server Enabled is checked, the OpenVPN server will run and accept connections from configured Remote Clients. If unchecked the OpenVPN server will not run and not server services will be provided.

Address Space defines an IP network/space for the VPN to use internally. The Address Spacemust be unique and separate from all existing networks and other address spaces on other OpenVPNs. A default will be chosen that does not conflict with the existing configuration.

NAT OpenVPN Traffic will NAT all traffic from remote networks to local networks to a local address. This helps solve routing and host-based firewall issues. The default and recommended value is enabled.

Username/Password Authentication can be enabled to activate two factor authentication, requiring clients to also provide a username and password when connecting.

Authentication Method is used to select the authentication method for clients when Username/Password authentication is enabled.

Remote Clients

The Remote Clients sub-tab configures all the Remote Clients that can connect to this OpenVPN server. A Remote Client is any entity that connects to this OpenVPN server as a client. This includes both remote desktops, laptops, devices, road warriors, etc. This also includes remote OpenVPNs and remote Untangle networks.

Initially there are no clients that are allowed to connect and an unique entry must be created for each remote client you wish to allow to connect to this server.

To add a new Remote Client click on the Add and provide the following information:

  • Enabled - If checked, this client is enabled. If unchecked, this client is disabled and can not connect.
  • Client Name - A unique name for the client. (alphanumerics only)
  • Group - The group for this client. More information below.
  • Type - The type of this client. Individual Client for a single host like a remote desktop or laptop. Network for an entire remote network that the server should also be able to reach.
  • Remote Networks - The remote network in CIDR notation if this remote client is of type Network. For example: 192.168.1.0/24 means that the 192.168.1.* network lives behind the remote client and should be reachable from the server. If there are multiple networks reachable through this remote client, a comma separated list of CIDR networks can be used. These networks are automatically exported such that hosts on the main network and other remote clients can reach these networks.

After configuring this information save the new Remote Client by clicking OK then Apply. After saving settings, click on the Download Client button in the Remote Clients table on the row for the new client.This will provide links to download the configuration profile for the configured client.

  • Click here to download this client's configuration zip file for other OSs (Apple/Linux/etc). provides a zip file with the OpenVPN client configuration files. This file can be used to configure various OpenVPN clients for various OSs, like linux, apple, and even some phones/tables/devices.
  • Click here to download this client's configuration file for remote Untangle OpenVPN clients. provides a zip file with the OpenVPN client configuration for setting up a remote OpenVPN application on Untangle to connect as a client to this server. For more information about how to install this on the remote client read the OpenVPN#Client documentation below.
  • Click here to download this client's configuration onc file for Chromebook. provides a onc file that can be used to configure your Chromebook as a client to connect to the Untangle OpenVPN server. On the target device, browse to chrome://net-internals and use Import ONC file.

On the client system, you must first install the OpenVPN client. You can download the Windows client from here: https://openvpn.net/client-connect-vpn-for-windows/. Various downloadable OpenVPN clients such as Tunnelblick for macOS are available for other Operating Systems. After installing the OpenVPN client on the remote client, you can import the OpenVPN profile into the client.

Note: A client can only be connected once. If you install the same client on multiple remote devices they will kick each other off when a new one logs in. In most cases you need to setup a client for each remote device.

Groups

Groups are convenience feature to 'group' clients together and apply some settings to that entire group.By default there will be a Default Group. Each group has the following settings:

  • Full Tunnel - If checked, remote clients will send ALL traffic bound to the internet through the VPN. This allows for Untangle to filter ALL internet traffic for connected clients by 'proxying' it through the VPN and then out through Untangle's internet connection. This will have no effect on remote Untangle OpenVPN clients. If unchecked, then only traffic destined to the local network are subject to filtering.
  • Push DNS - If enable, OpenVPN will 'push' some DNS configuration to the remote clients when they connect. This is useful if you wish for some local names and services to properly resolve via DNS that would not publicly resolve.
  • Push DNS Server - If set to OpenVPN Server then the IP of the Untangle server itself will be pushed to the remote clients and all remote clients will use Untangle for all DNS lookups. If Custom is selected then one or two DNS entries can be specified that will be used for DNS resolution.
  • Push DNS Custom 1 - If Push DNS Server is set to custom, this IP will be pushed to remote clients to use for DNS resolution. It is important to export this address if that traffic should travel through the VPN tunnel. If this value is blank nothing will be pushed.
  • Push DNS Custom 2 - Just like Push DNS Custom 1 except this sets the secondary DNS value. If blank, no secondary DNS will be pushed.
  • Push DNS Domain - If set this domain will be pushed to remote clients to extend their domain search path during DNS resolution.

These settings will apply to all clients belonging to that group. Many sites will only have one group because all clients need the same settings. However, some clients have some Full Tunnel remote clients and some Split Tunnel remote clients. In this case, you need two groups where each client belongs to the appropriate group.


Exported Networks

Exported Networks is a list of networks that are reachable through the OpenVPN server for remote clients. Exported Networks are routes that are pushed to remote clients when they connect effectively telling remote clients to reach the specified network through the OpenVPN server.

For example, exporting 1.2.3.4/24 will result in all 1.2.3.* traffic going through the OpenVPN server.

The Exported Networks grid is pre-populated on installation with the IP/netmask of each static non-WAN interface.

  • If Enabled is checked this network will be exported/pushed to connecting remote clients.
  • Export Name is a name, purely used for documentation purposes.
  • Network is the network, in CIDR notation.

Client

The Client tab is used to configure which remote servers this OpenVPN will connect to as a client.

Connect


Remote Servers

The Remote Servers grid lists the currently configured remote servers that OpenVPN is configured to connect to.

To configure a new server to connect to, first login to the remote server and configure a new client as described above and click on the Download Client as described above in the OpenVPN#Remote_Clients section. After you have downloaded the distribution zip file return to this OpenVPN and click on the Browse button below the Remote Servers grid. Select the zip file downloaded from the OpenVPN server and then press OK. Next press the Submit button to upload the zip file to OpenVPN which will add a new entry into the Remote Servers grid based on the configuration in the submitted zip file.

If the remote server requires Username/Password authentication, you will have to edit the configuration, enabled the Username/Password authentication checkbox, and enter the username and password to be used when establishing the connection.

Once connected to a remote server, you will be able to reach their exported networks. They will also be able to reach the networks on this server specified as the Remote Network in the OpenVPN#Remote_Clients configuration.

  • Note: Site to Site connections are not full-tunnel even if selected in the Group for the site to site. Internet traffic on the remote site will exit through its local gateway.

Advanced

The Advanced tab is provided for advanced users who have a detailed knowledge and understanding of OpenVPN, and need very specific configuration changes to address unique or unusual situations. It is entirely possible to completely break your OpenVPN configuration with a single wrong character, misplaced space, or by changing a configuration option that probably shouldn't be changed. Changes you make on this page can possibly compromise the security and proper operation of your sever, and are not officially supported.

Common Settings

At the top of the Advanced page are the Protocol, Port, and Cipher options. These must be the same on both the client and server for connections to work. Since they are the options most frequently modified, they can be easily configured here and will apply to both the client and server.

The Client to Client Allowed checkbox is used to enable or disable traffic passing between OpenVPN clients. When enable, all clients will have full network access to each other when connected. If disabled, traffic will not be allowed to flow between connected clients.

Server Configuration and Client Configuration

If you require changes to other low level parameters, the Server Configuration and Client Configuration grids allow you to effectively have total control of the OpenVPN configuration file that is generated. Both grids work the same way, with each configuration applied to the corresponding server or client openvpn.conf file respectively.

Openvpn

Both lists contain config items comprised of a Option Name and Option Value pair. By default, all items in both configuration grids are read only. The lists represent the default configuration settings used for the server and client configuration files. The default items cannot be modified or deleted, they can only be excluded. When you exclude an item, it is effectively removed from the resulting configuration file. To change one of the default items, simply add a new item with the same Option Name, and input the Option Value that you want to be used. This will effectively override the default. The same method can also be used to add configuration items that are not included in the default list.

Exclude Default Configuration Item
  • This example shows how to disable the comp-lzo option in the server configuration file to turn off compression:
Modify Default Configuration Item
  • This example shows how to change the default keepalive setting in the server configuration file:
Add New Configuration Item
  • This example shows how to add a socks-proxy setting to the client configuration file:


Reports

The Reports tab provides a view of all reports and events for all connections handled by OpenVPN.

Reports

This applications reports can be accessed via the Reports tab at the top or the Reports tab within the settings. All pre-defined reports will be listed along with any custom reports that have been created.

Reports can be searched and further defined using the time selectors and the Conditions window at the bottom of the page. The data used in the report can be obtained on the Current Data window on the right.

Pre-defined report queries:

Report EntryDescription
OpenVPN Summary A summary of OpenVPN actions.
OpenVPN Bandwidth Usage The approximate amount of data transfered over openvpn connections.
OpenVPN Events The amount of login and logout events over time.
OpenVPN Sessions The amount of openvpn sessions over time.
Top Clients (by usage) The number of bytes transferred grouped by remote client.
Connection Events OpenVPN client connection events.
Statistic Events Shows all OpenVPN connection traffic statistics events.


The tables queried to render these reports:

  • [[Database_Schema#openvpn_stats|openvpn_stats]



Related Topics


OpenVPN FAQs

What operating systems are supported?

OpenVPN supports most operating system.


Microsoft Windows

You can download the Windows client from here: https://openvpn.net/client-connect-vpn-for-windows/. After installing the OpenVPN client, you can import the OpenVPN profile into the client.

Apple Mac

For Macs, we suggest http://code.google.com/p/tunnelblick tunnelblick.

  1. Download and install an OpenVPN client for MacOSX
  2. Login to the Untangle Server, download the client config file zip and extract the files from the zip file.
  3. Place it in the ~/Library/Application Support/Tunnelblick/Configurations folder on the Mac.
  4. Run Tunnelblick by double-clicking its icon in the Applications folder.


Linux

For all other operating systems Untangle distributes a .zip with configuration and certificate files - these can be used with any OpenVPN-compatible VPN software on any operating system.

Chrome OS

Steps to install OpenVPN on Chrome OS devices:

Can I use it with my phone or tablet?

For smartphones, you'll need to install and run a VPN client that supports OpenVPN.


iOS based iPhones and iPads

For iPhones, we suggest OpenVPN Connect available on iTunes https://itunes.apple.com/us/app/openvpn-connect/id590379981?mt=8


  1. Install OpenVPN Connect app on your iPhone or iPad.
  2. Login to the Untangle Server, download the client config file by selecting 'client's configuration zip for other OSs'.
  3. Unzip the config file.
  4. Open iTunes and select the .ovpn, .crt, and .key files from the config zip to add to the app on your iPhone or iPad.

Android Based Phones

OpenVPN for Android 4.0+ is available for connecting to Untangle OpenVPN. Detailed instructions from our forum contributor WebFool. http://forums.untangle.com/openvpn/30472-openvpn-android-4-0-a.html

  1. Download/Install Openvpn for Android on your android unit.
  2. Then download the Openvpn Configuration files from the Untangle Unit.
  3. Unzip them and copy them to the Phone/SDcard.
  4. Now Open 'Openvpn for Android'
  5. Click 'All your precious VPNs'
  6. In the top right corner Click on the folder.
  7. Browse to the folder where you have the OpenVPN .Conf file. Click on the file and hit Select
  8. Then in the top right corner hit the little Floppy disc Icon to save the import.
  9. Now you should see 'imported profile' click on it to connect to the tunnel.


With OpenVPN, can I force all network traffic through the VPN tunnel?

Yes, you can run 'Full Tunnel' which forces all internet-bound traffic to go through the VPN and out the Untangle on the remote end (and is subject to all Untangle filtering). If running as a 'Split Tunnel' where Full Tunnell is not checked only traffic to exported networks only will go through the VPN.


Can I still use OpenVPN if my Untangle does not have a public IP?

Sometimes Untangle is installed behind another router (typically as a bridge). You can still run OpenVPN, however you will need to make some additional changes so remote clients can connect to the server:

  1. Port forward UDP port 1194 from your router to the Untangle server. This will allow remote clients to connect to Untangle even though it doesn't have a public IP.
  2. Configure your public address in Config > Network > Hostname. This is the address in the distributed clients that remote clients and networks will attempt to connect to.

Can I use OpenVPN on both of my WAN connections?

Yes. The client chooses which WAN to connect to; the server will answer via the same WAN the client connected on. The client chooses based on your configuration of Public Address. If the Public Address fails it will then try the IPs of the WANs manually as configured in the conf file.


Is there a way to setup a password for the OpenVPN users?

Yes, if you right click on the OpenVPN icon on the client's PC there is an option for a password - please note this password is only used when launching the client.


OpenVPN connects, however I can not access anything. Why is this?

Many things could cause this issue. First verify that the hosts that you are trying to reach are exported in Exported Networks. After connecting OpenVPN, try to ping Untangle's LAN IP address (if exported), then try to bring up the UI by entering the IP in a browser. If these work your tunnel is up and operational. If you can't reach a Windows machine, verify Windows Firewall is disabled on the target machine as it will block access from non-local subnets by default. If the target machine runs another OS, verify it is either using Untangle as a gateway or the machine its using as a gateway has a static route sending the VPN Address Pool to the Untangle.


How can I restrict access to certain OpenVPN users?

By default, openvpn users can connect to any machine that the Untangle can connect to. However, routes are pushed to all the 'Exported' network automatically. Beware, nothing prevents adding remote users that have administrator access to their machines to add routes manually.

If restricting access to OpenVPN users is a concern, Firewall rules or Forward Filter Rules can be used. In the Firewall, the easiest way is to create a block rule blocking traffic when Source InterfaceOpenVPN. Above that rule create rules to allow traffic when Username is the openvpn user you want to allow to the desired locations. In this scenario openvpn traffic will be blocked into your network except for explicitly allowed traffic.

Using rules you can limit access to certain resources to only the desired remote users.


Can I create site-to-site tunnels with non-Untangle devices?

When using OpenVPN for site-to-site tunnels Untangle only supports using other Untangle boxes as endpoints. Some users have had success with DD-WRT and Tomato, but this is not supported by Untangle. If you need to connect a VPN tunnel to a non-Untangle device, we recommend using IPsec VPN.


I'm using site-to-site and my software clients can only talk to the main server. Why?

If you have both software clients on the road and site-to-site tunnels, the software clients will only be able to see your main site by default. To allow them to transit the tunnel(s) to other sites, simply add the VPN Address Pool to the Exported Hosts and Networks. After this is done, software clients will be able to reach all exported sites.


How can I allow software clients to resolve DNS over the tunnel?

To allow DNS resolution for remote clients you'll need to modify some OpenVPN settings - if Untangle is doing DNS resolution on your network, simply check Push DNS in OpenVPN Settings > Server > Groups > Group Name for any groups you want to push DNS settings to. Configure the DNS settings you would like pushed to the remote clients. You may need to use the FQDN when accessing resources across the tunnel.


How do I auto-start OpenVPN when my computer boots?

This only applies to Windows XP Pro, Vista, & Windows 7 to auto-start OpenVPN on boot:First, Navigate to C:Program FilesOpenVPNconfig. This directory will have sitename.conf, sitename.ovpn and subdirectory untangle-vpn. In this directory, identify the .ovpn file that corresponds to your site's name.

Modify OpenVPN

  1. Go to START > Control Panel > Administrative Tools > Services
  2. Right click on OpenVPN and select Properties
  3. Change Startup Type to Automatic
  4. Click OK
  5. Close the Services window
  6. Close the Administrative Tools window
  7. Close Control Panel

Modify Registry

  1. Go to Start > Run > Regedit
  2. Follow path down to: HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun
  3. Locate the entry for 'openvpn-gui'
  4. The command reference should say: C:Program FilesOpenVPNbinopenvpn-gui.exe
  5. MODIFY IT TO: C:Program FilesOpenVPNbinopenvpn-gui.exe --connect sitename.ovpn. Where sitename is customized for your specific site.
  6. Modify the following registry value to 1: HKEY_LOCAL_MACHINESOFTWAREOpenVPN-GUIallow_service
  7. Exit RegEdit

When the machine restarts, the user will automatically be connected with the VPN client.


Clients are getting disconnected after 60 seconds. Why?

Did you share the same client config between multiple machines. If both are running they will conflict. When the second one connects the first is disconnected. After 60 seconds the first will reconnect and disconnect the second. This repeats endlessly. Do not share the same client config with multiple machines.

Mac


I'm setting up a new client and can't connect. Why?

Openvpn connect for mac os x

Make sure that the IP that the client is connecting to is the public IP of the server, or that the traffic to that IP on port 1194 is being forwarded to your server. Also make sure you are testing from the outside. By default the Access Rules block OpenVPN clients from connecting to a server from one of its own LANs. This is to prevent clients from losing connectivity while on the local network because of a routing loop.


How do load a 9.4.x (server) remote network client zip on a 10.x Untangle (client)

9.4.2 site-to-site client zip will load on 10.x without modifications. 10.x has built-in converters to load 9.4 configuration zip files.


How do load a 10.0 and later (server) remote network client zip on a 9.4.x Untangle (client)

The directory structure of the client config zip has changed in 10.0. This means 9.4 Untangle instances will not load 10.0 and later config zip files correctly. The workaround is to modify the 10.0+ zip file to the 9.4 directory structure.


Modify OpenVPN config zip file for use on 9.4 instances

  1. Download client config zip from 10.0 OpenVPN server.
  2. Unzip the config zip.
  3. The directory structure is
    • openvpn-<name of untangle>-config
      • untangle-vpn
        • untangle-<random number>.conf
        • untangle-<random number>.ovpn
        • key <--- rename this directory to untangle-vpn
          • untangle-<random number>-<name of untangle>.crt
          • untangle-<random number>-<name of untangle>.key
          • untangle-<random number>-<name of untangle>-ca.crt
  4. Modify untangle-<random number>.conf and untangle-<random number>.ovpn files
    • Change the following lines:
      • cert key/untangle-4855-FortWayne.crt
      • key key/untangle-4855-FortWayne.key
      • ca key/untangle-4855-FortWayne-ca.crt
    • To:
      • cert untangle-vpn/untangle-4855-FortWayne.crt
      • key untangle-vpn/untangle-4855-FortWayne.key
      • ca untangle-vpn/untangle-4855-FortWayne-ca.crt
  5. Rezip the directory structure from the top untangle-vpn folder
  6. Import this new remote openVPN client config file to the 9.4 Untangle in VPN client mode.
Retrieved from 'https://wiki.untangle.com/index.php?title=OpenVPN&oldid=27683'

Key Features

Cross-Platform.

Viscosity has been designed from the ground up for both macOS and Windows, using native frameworks for perfect integration.

VPN For Everyone.

Completely configure your OpenVPN connections through an intuitive interface, without any need to know complex commands.

Proven Technology.

Viscosity has been protecting users for over a decade, everyone from home users to large enterprise, with regular updates the entire time.

Traffic Statistics.

Viscosity monitors your OpenVPN connections to ensure you know all the important traffic, network and connection details in style.

DNS. Done Right.

Viscosity's powerful DNS system allows you to ensure that all DNS queries use your VPN DNS servers, or only lookups for select domains.

Enterprise Support.

Easily bundle Viscosity with settings and connections so your users are ready to get started. Create simple deployable connection profiles.

Performance Focused.

Every component of Viscosity has been designed to maximise the speed and reliability of your OpenVPN connections.

Script Everything.

Control Viscosity using AppleScript or VBScript, and call custom scripts and actions when a VPN connection changes state.

More. Much More.

Powerful authentication options, connection folders, IPv6, traffic obfuscation, advanced networking, simultaneous connections, and more!

Powerful Connections

Viscosity is a first class VPN client, providing everything you need to establish fast and secure OpenVPN connections on both macOS and Windows.


Viscosity caters to both users new to VPNs and experts alike, providing secure and reliable VPN connections. Whether remotely connecting to your workplace network, home network, VPN Service Provider, or other setup, Viscosity ensures it's done with ease and style.


Stay Informed

Viscosity has a clear and intuitive interface for monitoring your VPN connections. Whether you simply want a quick overview of your OpenVPN connections, or want to drill down to the technical network and encryption details, Viscosity has you covered.


Viscosity's unobtrusive main menu provides an instant overview of your VPN connections, making it a breeze to monitor connection details in real-time. When more information is needed, Viscosity's powerful Details window provides a stylish traffic graph and detailed connection statistics.

Intuitive Editor

Viscosity takes the complexity out of editing VPN connections, while also adding a lot of power at your fingertips. Viscosity's connection editor makes it easy to configure new VPN connections from scratch or edit existing ones. All without needing to know complex commands.


Easily configure everything from network settings to complex multi-factor authentication. Viscosity's powerful DNS modes and traffic routing are also readily accessible to ensure that traffic goes where you want. Power users are also accommodated, with scripting and advanced command support.


New to VPN?

Viscosity makes it easy for users new to VPNs to get started. Its clear and intuitive interface makes creating, configuring, or importing connections a snap. Read our detailed 'Introduction to VPNs' guide for an extensive introduction to VPNs and how to get started using Viscosity.


Experts Welcome

As well as being welcoming to new users, Viscosity caters for power and expert users. Viscosity allows for full control over VPN connections, powerful routing options, running custom scripts, controlling Viscosity using scripting, advanced configuration options, and much more.


Enterprise Ready

Viscosity has been designed for both small business and enterprise. Easily make connection bundles for your users, or completely preconfigure Viscosity with all settings and connections. You can even auto-mount shares and open apps to make life easy for your users.


Expert Features

Obfuscation

Obfuscation helps to prevent your VPN connections from being blocked or throttled by network operators, and Viscosity has powerful traffic obfuscation features built right in. Easily integrate with an existing Obfsproxy server, or run your own, to allow your OpenVPN connections to function even when Deep Packet Inspection (DPI) is being used.

Powerful Editor

Viscosity's connection editor offers unparalleled control over your OpenVPN connections. It allows users unfamiliar with OpenVPN to quickly get started, while also allowing experts to configure all aspects of their connections.

Connection Scripts

Viscosity supports automatically calling your own custom scripts on VPN connection events. Power users can write their own AppleScript, Batch, or VBS scripts to automatically perform almost any action they want. This includes tasks like opening and closing certain applications on connect or disconnect, opening web pages, mounting file shares, or controlling other apps.

Scriptable

Viscosity is fully scriptable, allowing your OpenVPN connections to be controlled using your own custom AppleScript or Batch scripts. It also allows Viscosity to be combined with other third party tools to provide functionality such as automatically when connecting to certain WiFi networks, or when in certain locations.

Complete IPv6 Support

Viscosity has complete IPv6 support. No matter whether you want to connect to your OpenVPN server over an IPv6 network, or have your VPN network support IPv6, Viscosity has you covered. Viscosity's DNS support also fully supports IPv6, including Split DNS.

Connection Folders

Easily group your OpenVPN connections into folders to make them easier to manage. This is particularly useful if you want to share credentials or scripts between multiple VPN connections, such as with a VPN Service Provider.

Full & Split DNS

Viscosity's powerful DNS system goes above and beyond other VPN clients, offering both Full and Split DNS modes. Ensure that your VPN DNS servers are used by default with Full DNS mode, or use Split DNS mode to only use your VPN DNS servers for certain domains.

Native Apps

Viscosity is written using completely native frameworks on both macOS and Windows, letting it perfectly integrate with your operating system and offer top performance. No memory and CPU hungry cross-platform frameworks are used: Viscosity offers a completely native user interface with no bloated web-application frameworks.

Simultaneous Connections

Connect to a single VPN connection at a time, or connect to multiple simultaneously. No need to switch between VPN connections when working with multiple sites remotely: Viscosity lets you connect to them at the same time and correctly routes traffic and DNS requests for each network.

Enterprise Features

Cross-Platform

Viscosity has been developed from the ground up for both macOS and Windows to provide a premier and native experience on both platforms. This makes is easy to deploy a single solution to all of your users, without the expense of having to train support staff and users in the use of multiple clients for different platforms.

Deployment Ready

Viscosity has been designed to be easy and straightforward to deploy in managed environments. Easily package Viscosity with VPN connections and settings and deploy it using tools such as Mobile Device Management (MDM) or Group Policy (GPO). Or use third-party deployment software such as Munki or Jamf to deploy Viscosity and offer self-service installation.

Bundle Connections & Settings

Viscosity can be bundled together with connections and settings, so Viscosity is ready to go as soon as it is installed, with no configuration required by end users. Viscosity also provides a number of extra customisable settings to help Viscosity fit into your networking and security environment, including the ability to change Viscosity's username and password storage behaviour and global scripting.

Openvpn Connect Mac Os X

Supported Software

Viscosity is commercially supported software. We stand behind our products: if you run into trouble, need help, or would like advice, we are only an email away. There is no need to try your luck on mailing lists, or attempt to hunt down developers for support.

Ease of Use

Viscosity has a clear and intuitive interface for controlling VPN connections, allowing users new to VPNs and Viscosity to easily use OpenVPN on both macOS and Windows. Viscosity's Details window provides a simple interface for obtaining connection statistics and diagnostic information to pass on to support staff.

Reliability

Viscosity is in use everywhere, from large enterprise to small business, schools, universities, at home and on the road. You can use deploy Viscosity with piece of mind that it has been constantly tested and refined for almost any network environment. Viscosity has been constantly refined to automatically adjust to a huge variety of network conditions to ensure your user's VPN connections are reliable and trouble-free as possible.

Connection Profiles

Viscosity connection packages can be exported and distributed to users, providing an easy mechanism to supply users with connections (and all associated certificates, keys, and scripts) in a single package when providing a fully bundled version of Viscosity is not suitable.

Standard & Admin User Support

Viscosity can run under both administrator accounts and standard user accounts, for both macOS and Windows. This makes deploying Viscosity to machines that are not department controlled/imaged (such as machines at a user's home) much easier and simpler.

Smartcard, Token, & U2F Support

Viscosity supports PKCS#11 and FIDO Universal 2nd Factor (U2F) authentication options, allowing your users to use devices like smartcards and eTokens for authentication. You can use these devices as the sole method for authentication, or combine them with other authentication methods to create two-factor, or even three-factor, authentication. This helps you meet strict security polices, such as the Payment Card Industry Data Security Standard (PCI DSS).

Automatic Actions

Viscosity allows calling custom scripts before a connection connects, when it connects, or when it disconnects. This allows common tasks to be easily automated, such as connecting to file servers and mounting shares, opening web pages, opening applications, controlling other applications, and displaying messages to the user. Viscosity supports AppleScript scripts under macOS, and both Batch (.bat) and Visual Basic/VBS (.vbs) scripts under Windows.

Conditional Connections

Viscosity's conditional connections mechanism makes it easy to have Viscosity only connect to a VPN server on certain networks, or only in certain environments. A custom script can check for certain conditions (such as the wireless network the machine is connected to, the IP address, location, etc.) and decide whether to allow or terminate the connection attempt.

Big shout-out to @sparklabs! Viscosity is excellent with constant updates and flawless operation. #wortheverypenny #bestvpnclient

@daveprovine | Twitter

If you're using #OpenVPN and you're not using #Viscosity then you're doing it wrong :) @sparklabs - Thanks for an awesome app!

@systemcentersyn | Twitter

Just wanted to say that Viscosity is a great app. I'm very happy with its performance, ease of use, reliability, and design.

@CyborgInteract | Twitter

Every professional VPN solution I've used for Mac can't hold a candle to @sparklabs's Viscosity. Its by far the best

@JonoH | Twitter

Hat tip to @sparklabs for Viscosity. It's the OpenVPN client I'd write if I had to. Which I don't, because they wrote it.

@landonfuller | Twitter

I'm really pleased with Viscosity. It's an extremely elegant #Mac #OpenVPN client solution.

@noviantech | Twitter

PSA: The Viscosity OpenVPN client from @sparklabs is awesome - regularly updated and a great value. Recommended!

@_4bdi3l | Twitter

Love Viscosity from @sparklabs. Easy install, it just works. Reliable OpenVPN connections for Windows and Mac.

@clemensmol | Twitter

I just downloaded Viscosity after toiling with the various OpenVPN offerings... I must say, I have fallen in love! Keep it up!

@MilesKjeller | Twitter

All Features

Authentication

  • Username & Password
  • Public Key Infrastructure (PKI) & PKCS#12
  • Shared Secret
  • PKCS#11 Token & Smartcard
  • FIDO Universal 2nd Factor (U2F)
  • One Time Password (OTP)
  • Dynamic & Static Two Factor

Network

  • Simultaneous Connections
  • Full & Split DNS Modes
  • Connect via HTTP or SOCKS Proxy
  • Traffic Obfuscation
  • DHCP IP, DNS, And Route Assignment
  • Complete IPv4 and IPv6 Support
  • Automatic & Manual Proxy Settings
  • Powerful Traffic Routing Options
  • Intelligent Server Selection & Fallback

Interface

  • Powerful Connection Editor
  • Traffic Graph & Statistics
  • Unobtrusive Status Icon & Menu
  • Customisable Menu Icons
  • Customisable Menu Quick Statistics
  • Connection Folders & Shared Credentials
  • OpenVPN Version Selection

Install Openvpn Mac

Performance & Integration

  • Native Implementation for Each Platform
  • Low CPU & Memory Usage
  • Reliable OpenVPN Connections
  • Automatically Disconnect on Inactivity
  • Automatically Reconnect on Disconnect
  • Automatically Reconnect on Network Availability
  • Automatically Disable Time Machine Backups

Security

  • Latest Cipher & Digest Support
  • Sandboxed OpenVPN & Scripts
  • Keychain & Windows Password Store Integration
  • IPv6 Leak Protection

Enterprise

  • Bundling Connections & Preferences
  • GPO Group Policy Deployment
  • Connection Importing & Exporting
  • Admin Rights Not Required for User Operation

Advanced

  • Conditional Connections
  • Control Viscosity using AppleScript
  • Control Viscosity using Scripts or Command Line
  • Run Scripts on Connection Events
  • Advanced Configuration Commands

Platform Screenshots

Viscosity for macOS and Windows

Download Viscosity now to trial it for 30-days with no purchase necessary and no limitations. Purchase Viscosity to remove the 30-day trial limitation and help support its development. Viscosity is a one-time purchase, with no subscriptions or recurring fees.

Release Notes | Volume Licenses & Discounts | Upgrades & Extensions