Integrate OpenVPN on macOS

Using emnify, you can create a virtual private network (VPN) for your mobile IoT/M2M devices fitted with emnify SIMs. Data traffic is exchanged between the devices and the application server through an OpenVPN tunnel, enabling direct communication with the IPs of the mobile devices—no network address translation (NAT) applied.

The tunnel is established between the emnify Core Network and the customer's VPN gateway or server.

tip

The Cellular IoT University: Secure your devices with OpenVPN video provides a step-by-step walk-through.

Required preparation in the emnify Portal

Any traffic exchanged with mobile devices is encrypted before being transmitted over the public internet, which adds an additional layer of security and privacy. No VPN software needs to be installed on the device, or there aren't any required configuration changes necessary. The default emnify APN also supports VPN flows.

Download the VPN configuration file

warning

You can't use accounts with time-based one-time password (TOTP) MFA enabled to authenticate the OpenVPN tunnel. Email-based MFA doesn't affect OpenVPN.

For more information, see the MFA FAQ in the emnify Knowledge Base.

1. Log in to your emnify account.

2. Navigate to Integrations and find the Secure Connection section.

3. Under OpenVPN, select Show instructions.

   

4. Make sure you're on the macOS tab, then click Download client.ovpn.

   

   Select the desired region or choose Download all regions.

   

Once downloaded, store that file on your server in the folder /etc/openvpn.

Change the internet breakout region

1. Navigate to Device Policies in the emnify Portal.
2. In the Service Policies section, select the policy assigned to the devices you want to secure and expand the policy details.
3. Under Internet Breakout Region, set the service policy to a VPN breakout region (for example, eu-west-1 (VPN)).

Set up with OpenVPN

Install the OpenVPN software

First, install OpenVPN via Homebrew:

brew install openvpn

Create the credentials file

sudo touch /etc/openvpn/credentials.txt
sudo nano /etc/openvpn/credentials.txt

The credentials.txt file should contain OrgID and Application Token (preferred):

orgId
Application Token

Alternatively, you can use your username and password:

username@domain.com
YourPassword

Connect with the following command, passing the configuration file to OpenVPN using the --config option:

sudo openvpn --config path/to/emnify-eu-west-1.conf

Set up with Tunnelblick

Drop the configuration file onto the Tunnelblick icon in the top bar. Alternatively, drop the configuration file onto the Configurations list via the settings panel in VPN Details > Configurations. Tunnelblick asks for a user password.

Create credentials

In the /etc/openvpn directory, create the credentials file:

sudo touch /etc/openvpn/credentials.txt
sudo nano /etc/openvpn/credentials.txt

note

To connect to the regions VPN, you need to enter your Mac's password.