Skip to main content

Integrate OpenVPN on macOS

Using emnify, you can create a virtual private network (VPN) for your mobile IoT/M2M devices fitted with emnify SIMs. Data traffic is exchanged between the devices and the application server through an OpenVPN tunnel, enabling direct communication with the IPs of the mobile devices—no network address translation (NAT) applied.

The tunnel is established between the emnify Core Network and the customer's VPN gateway or server.

tip

The Cellular IoT University: Secure your devices with OpenVPN video provides a step-by-step walk-through.

Required preparation in the emnify Portal

Any traffic exchanged with mobile devices is encrypted before being transmitted over the public internet, which adds an additional layer of security and privacy. No VPN software needs to be installed on the device, or there aren't any required configuration changes necessary. The default emnify APN also supports VPN flows.

Download the VPN configuration file

warning

You can't use accounts with app authentication enabled to authenticate the OpenVPN tunnel. Email authentication doesn't affect OpenVPN.

For more information, see the MFA FAQ in the emnify Knowledge Base.

  1. Log in to your emnify account.

  2. Navigate to Integrations and find the Secure Connection section.

  3. Under OpenVPN, select Show instructions.

  4. Make sure you're on the macOS tab, then click Download client.ovpn.

    Select the region that matches the breakout region configured in the device's service policy or Download all regions.

    warning

    End-to-end connectivity only works between devices and OpenVPN clients configured in the same region.

Once downloaded, store that file on your server in the folder /etc/openvpn.

Change the internet breakout region

  1. Navigate to Device Policies in the emnify Portal.
  2. In Service Policies, select the policy assigned to the devices you want to secure and expand the policy details.
  3. In Data, find Internet breakout region. By default, the badge next to the section title reads Automatic Breakout Region. Click Edit to access the Breakout region dropdown menu.
  4. Select a VPN breakout region (for example, eu-west-1 (VPN)).

Changes save automatically.

Set up with OpenVPN

Install the OpenVPN software

First, install OpenVPN via Homebrew:

brew install openvpn

Create the credentials file

sudo touch /etc/openvpn/credentials.txt
sudo nano /etc/openvpn/credentials.txt

The credentials.txt file should contain OrgID and Application Token (preferred):

orgId
Application Token

Alternatively, you can use your username and password:

username@domain.com
YourPassword

Connect with the following command, passing the configuration file to OpenVPN using the --config option:

sudo openvpn --config path/to/emnify-eu-west-1.conf

Set up with Tunnelblick

Drop the configuration file onto the Tunnelblick icon in the top bar. Alternatively, drop the configuration file onto the Configurations list via the settings panel in VPN Details > Configurations. Tunnelblick asks for a user password.

Create credentials

In the /etc/openvpn directory, create the credentials file:

sudo touch /etc/openvpn/credentials.txt
sudo nano /etc/openvpn/credentials.txt
note

To connect to the regions VPN, you need to enter your Mac's password.