Each macOS device needs a client application to connect with your OpenVPN Access Server. We recommend using OpenVPN Connect, which is pre-configured to connect with your Access Server. This document provides information on using OpenVPN Connect as well as alternative solutions.

Installing a client application

The OpenVPN protocol is not built into macOS. Therefore, you must install a client app to handle communication with Access Server. A client app is required to capture the traffic you want to send through the OpenVPN tunnel, encrypt it, pass it on to the server, and decrypt the return traffic.

OpenVPN Connect with your Access Server

Your installation of OpenVPN Access Server includes a copy of OpenVPN Connect, which is a separate package called openvpn-as-bundled-clients that is updated when new versions of OpenVPN Connect are released. OpenVPN Connect is our official client app and your users can download it directly from your client UI, pre-configured to connect with your server, or download it separately from our website and import a connection profile.

Steps: Access your client UI

  • Open a browser and enter your Access Server IP address or the custom hostname if you have set that up (recommended).
  • Enter your username and password.
    • Once you have signed in, the recommended OpenVPN Connect app for your device displays at the top. Also shown are downloads for other platforms as well as connection profiles. 

OpenVPN Connect only supports one active VPN tunnel at a time. It was purposely designed to not support connections to two or more servers simultaneously. Connecting to two servers at the same time requires two different adjustments to the routing table on the client computer. Therefore, it is very easy to make a mistake and break connectivity or cause traffic to flow to the wrong destination. Limiting connections to one server ensures connectivity and traffic flow. OpenVPN Connect can store many profiles for different servers, but you can only actively connect to one at a time.

OpenVPN Connect also supports client-side scripting, importing connection profiles directly from Access Server, and connecting with a server-locked profile. A server-locked profile enables you to authenticate any valid user on your Access Server without installing unique connection profiles for each user.

For more information, refer to: Installation guide for OpenVPN Connect Client on macOS.

OpenVPN Connect v3

We recommend and support OpenVPN Connect v3 as the official app for OpenVPN Access Server and OpenVPN Cloud. The client software offers client connectivity across four major platforms: Windows, macOS, Android, and iOS. For Linux, we recommend the open source OpenVPN client.

We recommend downloading OpenVPN Connect v3 directly from your Access Server web client UI. You can also download the installation file for OpenVPN Connect v3 from the download page on our site or with the link below. The app installation from our site does not contain any connection settings, so you’ll need to take additional steps to configure the connection to your Access Server. If you are installing the below file on a computer that already has OpenVPN Connect v3 installed and configured, it simply updates it to the latest version and retains all settings.

OpenVPN Connect v2

This is the previous generation of OpenVPN Connect client software for OpenVPN Access Server. It is still supported but we recommend people to use OpenVPN Connect v3 instead.

Alternative OpenVPN open source client: Tunnelblick

The open source project also has a client for macOS called Tunnelblick. Tunnelblick supports the option to connect to multiple OpenVPN servers simultaneously, which can cause connection issues if not configured correctly. You must not implement conflicting routes and subnets. Unlike on Windows platform, however, you don’t need to add multiple virtual network adapters because they are provisioned automatically.

Tunnelblick also supports drag-and-drop for adding OpenVPN connection profiles, which can be .conf or .ovpn file extensions. For example, you can download a user-locked or auto-login profile from the OpenVPN Access Server web interface and drag-and-drop it on the Tunnelblick icon. The system tray menu then shows you the options for using the connection profile. Tunnelblick doesn’t support client-side scripting, importing connection profiles directly from an Access Server, or connecting with a server-locked profile.

Alternative OpenVPN client: Viscosity

Viscosity is a third-party OpenVPN client that is created by SparkLabs. Viscosity is available for Windows and macOS and is compatible with OpenVPN Access Server.

Other client GUI projects

There are many VPN clients built for the OpenVPN protocol that will also work with OpenVPN Access Server. Refer to the community website for the current list.

Helpful Resources

For further information on VPN configuration details, refer to this documentation: