Windows 10 User? See the Windows 10 Setup Guide
This guide shows you how to set up the OpenVPN client on your Mac. Before proceeding, please ensure that you have been set up for VPN Access by Macnamara ICT. The request for VPN access must come from a contact at your company authorised to give you remote access.
Macnamara is partnering with LuJam Cyber to provide additional levels of security for your company network. Using the secure VPN connection outlined in this document provides you an encrypted link to your office network, protected by 2 factors of authentication; a password and a secure certificate. This allows you to access your office files securely from any location, but please note if you are in another corporate environment there may be additional restrictions and controls on that network that prevent you from using a VPN connection. If that is the case, contact Macnamara ICT Support in the first instance with the error message that you are getting and we will be able to advise you accordingly.
If you are using a public wireless connection, it is potentially insecure. Using this VPN will ensure that your internet access on that network is secure from other users who may be able to snoop on your internet activity. You should never connect to an insecure public network to access sensitive data.
If you are using a device managed by Macnamara, we can help you set this up.
Before You Begin
You will require the VPN certificate emailed to you from email@example.com before you begin, and the VPN password emailed to you separately. If you have only just been set up it may take a little longer for this to have arrived. If in doubt, please contact Macnamara ICT Support.
1 Download the Tunnelblick Client by clicking on the the following link:
2. Run the installer
The installer should be in your Downloads directory, and should be version 3.7.6 or higher. Simply double click the file or open it using the menu. Once it’s unpacked, you should see the following installation screen:
To continue, double-click on the Tunnelblick icon.
3. Agree to run the downloaded application
You should see the following security warning after starting the application (if not, you’re security settings may need reviewing):
Click on the Open button and enter your password if prompted. The installer will now run and start the configuration process, as shown below:
4. Select “I have configuration files”
The following screen will be displayed, providing information on how to add a new configuration to Tunnelblick:
5. Click OK
When you hit OK, the installation process is complete, and the Tunnelblick client is now running. You should see the Tunnelblick icon in the Mac’s menu bar. If you click on the icon, you should see the following menu items:
6. Open the email from LuJam Cyber containing the OpenVPN configuration
You should have received an email from the LuJam support team (firstname.lastname@example.org) with the subject “LuJam VPN Certificate for network: <name of network>”. If not, please contact Macamara ICT Support, and ask them to add you as a VPN user.
Contained in the email is an OpenVPN configuration file for your VPN account – it will have the name “<your email address>.ovpn”. Download the file to your desktop, where it should look like this:
7. Double click on the configuration file
This will add the OpenVPN configuration data to the Tunnelblick client. Instead of double-clicking, you can also “Open” the file using the menu. You should see the following Tunnelblick prompt:
Select “Only Me” and then enter your password. When you click on the Tunnelblick icon in the Mac’s menu bar, you should now see a “Connect <your email address>” option. You’ve successfully configured the VPN client and are now ready to access your company’s VPN.
However, we do recommend the following next step to provide the highest level of protection.
8. Configure Tunnelblick to route all internet traffic over the configured VPN
Click on the Tunnelblick icon in the Mac’s menu bar and select “VPN Details…”. This will bring up the following configuration screen (if not, select the “Configurations” tab, select the email address you’ve just configured, and then click on the secondary “Settings” tab):
The only change that needs to be made is to make sure the “Route all IPV4 traffic through the VPN” checkbox is ticked, as shown above.
You can also change the name of the configuration by double clicking on the email address (you will be prompted for your password if you do make a change). This is only recommended if you regularly access multiple VPN locations.
Connecting to the VPN
You’re now ready to connect to your company’s network over VPN. To do this, simply click on the Tunnelblick icon and select “Connect <your email address>”. If this is the first time you’ve connected, you will be prompted for the passphrase (i.e. VPN password) associated with the configuration:
You can find the password in the second email sent by the LuJam Support team (email@example.com) with the subject “LuJam VPN Password for network: <company name>”. To avoid re-entering the password, select the “Save in Keychain” checkbox.
During connection, you will see a red/orange/green status window, similar to the one shown below:
Once you’re successfully connected to the VPN, the Tunnelblick icon will turn from grey to solid black and the status window will disappear.
If you’re testing the VPN connection from within the office, you may well see the following warning:
This is what you’d expect to see, and shouldn’t be cause for alarm. However, we recommend you do not disable the warnings.
Disconnecting from the VPN
To disconnect from the VPN, simply click on the Tunnelblick icon in the Mac menu bar and select either the “Disconnect all” or “Disconnect <email address>” option.
You should see a Tunnelblick disk icon on your Mac’s desktop. Once you’ve successfully installed and tested the VPN connection, you no longer need this disk. Once finished, eject the disk by opening the file menu and choosing Eject “Tunnelblk”. You can delete the installer from the Download directory as well, as well as the ovpn file you used to configure the client (we recommend keeping the email that contains the original configuration in case you need to install on a different machine or device).
This guide has been edited by Macnamara ICT based on the original setup provided by LuJam Cyber. For additional information about LuJam Cyber, please visit their website https://lujam.com