Integrate OpenVPN on macOS
Using emnify, you can create a virtual private network (VPN) for your mobile IoT/M2M devices fitted with emnify SIMs. Data traffic is exchanged between the devices and the application server through an OpenVPN tunnel, enabling direct communication with the IPs of the mobile devices—no network address translation (NAT) applied.
The tunnel is established between the emnify Core Network and the customer's VPN gateway or server.
The Cellular IoT University: Secure your devices with OpenVPN video provides a step-by-step walk-through.
Required preparation in the emnify Portal
Any traffic exchanged with mobile devices is encrypted before being transmitted over the public internet, which adds an additional layer of security and privacy. No VPN software needs to be installed on the device, or there aren't any required configuration changes necessary. The default emnify APN also supports VPN flows.
Download the VPN configuration file
You can't use accounts with time-based one-time password (TOTP) MFA enabled to authenticate the OpenVPN tunnel. Email-based MFA doesn't affect OpenVPN.
For more information, see the MFA FAQ in the emnify Knowledge Base.
-
Navigate to Integrations and find the Secure Connection section.
-
Under OpenVPN, select Show instructions.
-
Make sure you're on the macOS tab, then click Download client.ovpn.
Select the region that matches the breakout region configured in the device's service policy or Download all regions.
warningEnd-to-end connectivity only works between devices and OpenVPN clients configured in the same region.
Once downloaded, store that file on your server in the folder /etc/openvpn.
Change the internet breakout region
- Navigate to Device Policies in the emnify Portal.
- In Service Policies, select the policy assigned to the devices you want to secure and expand the policy details.
- In Data, find Internet breakout region. By default, the badge next to the section title reads Automatic Breakout Region. Click Edit to access the Breakout region dropdown menu.
- Select a VPN breakout region (for example,
eu-west-1 (VPN)).
Changes save automatically.
Set up with OpenVPN
Install the OpenVPN software
First, install OpenVPN via Homebrew:
brew install openvpn
Create the credentials file
sudo touch /etc/openvpn/credentials.txt
sudo nano /etc/openvpn/credentials.txt
The credentials.txt file should contain OrgID and Application Token (preferred):
orgId
Application Token
Alternatively, you can use your username and password:
username@domain.com
YourPassword
Connect with the following command, passing the configuration file to OpenVPN using the --config option:
sudo openvpn --config path/to/emnify-eu-west-1.conf
Set up with Tunnelblick
Drop the configuration file onto the Tunnelblick icon in the top bar. Alternatively, drop the configuration file onto the Configurations list via the settings panel in VPN Details > Configurations. Tunnelblick asks for a user password.
Create credentials
In the /etc/openvpn directory, create the credentials file:
sudo touch /etc/openvpn/credentials.txt
sudo nano /etc/openvpn/credentials.txt
To connect to the regions VPN, you need to enter your Mac's password.