Skip to content

OS X VPN Server and Client Configuration (OpenVPN, Tunnelblick, PF)

License

Notifications You must be signed in to change notification settings

copperlab/osx-openvpn-server

 
 

Repository files navigation

osx-openvpn-server

OS X OpenVPN Server and Client Configuration

This repo describes how to build an OpenVPN VPN server on OS X using pfctl and Tunnelblick.

This configuration provides a TLS-based VPN server using 4096-bit certificates and UDP port 443, accessible by any OpenVPN client, especially iOS with the OpenVPN app.

OpenVPN iPad

VPN Configuration Advantages

This OpenVPN configuration provides the following advantages:

Privatizing Proxy for Mobile Devices

A privatizing proxy is necessary to block mobile carriers from adding uniquely identifying HTTP headers used for customer tracking. See, for example, Does your phone company track you?. The repo essandess/osxfortress provides a firewall, blackhole, and privatizing proxy . Use the server configuration config.ovpn.osxfortress for these features, including blocking the mobile carrier tracking headers:

# Mobile carrier uniquely identifying headers
request_header_access MSISDN deny all           # T-Mobile
request_header_access X-MSISDN deny all         # T-Mobile
request_header_access X-UIDH deny all           # Verizon
request_header_access x-up-subno deny all       # AT&T
request_header_access X-ACR deny all            # AT&T
request_header_access X-UP-SUBSCRIBER-COS deny all
request_header_access X-OPWV-DDM-HTTPMISCDD deny all
request_header_access X-OPWV-DDM-IDENTITY deny all
request_header_access X-OPWV-DDM-SUBSCRIBER deny all
request_header_access CLIENTID deny all
request_header_access X-VF-ACR deny all
request_header_access X_MTI_USERNAME deny all
request_header_access X_MTI_EMAIL deny all
request_header_access X_MTI_EMPID deny all

About

OS X VPN Server and Client Configuration (OpenVPN, Tunnelblick, PF)

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Shell 100.0%