Secure all data communications and extend private network services

OpenVPN for Mac

OpenVPN for Mac

  -  2 MB  -  Open Source
OpenVPN for Mac (also known as OpenVPN Connect) is the official client application developed and maintained by OpenVPN Inc., enabling users of all knowledge levels to transfer data over an encrypted secure tunnel via the internet, using the OpenVPN protocol, to a VPN server.

This downloads the source code. Please download OpenVPN Connect if you need a working OpenVPN GUI client.



It is used for secure remote access, enforcing zero trust network access, protecting access to SaaS apps, securing IoT communications, and in many other scenarios.

The core functionality of the service is to provide full access for peers to authenticate each with pre-shared secret keys, certificates, or account login info, providing the necessary data to the OpenSSL encryption library to establish a secure connection without the possibility of 3rd party unauthorized access.

Similarly to other VPN solutions, this open-source VPN platform can be used to dramatically fortify user’s security on the web, enabling them strong wireless hot spot protection, AES encryption of all incoming and outgoing data, user location spoofing, and much more.

Since its first release in 2001, this VPN system has become one of the most popular solutions for building hardened online networks not only on home, education, business, and enterprise computers but also wide variety of mobile hardware and even built-in support in network routing hardware.

Main Features
  • Secure Data Transport – Establish an encrypted secure tunnel for data transport.
  • Integration with Business Solutions – Built-in integrations with a large catalog of business solutions.
  • Cross-Platform Support – Ported to Windows, macOS, Android, and other computing platforms.
  • Built-in into modern Routers – Access hardened network traffic via VPN-aware hardware.
  • Easily deployable on all modern Mac computers – Optimized for use on High Sierra, Mojave, Catalina, Big Sur, Monterey, Ventura, and Sonoma.
Installation and Setup

To get this VPN app up and running on any modern Mac, users simply must download the official DMG installer file, either from the official website or the secure FileHorse servers.

The installation procedure is quite streamlined, requiring users to follow a few simple on-screen instructions and give the app the necessary permissions.

How to Use

First-time users will be welcomed with the built-in “Onboarding Tour” that will introduce them to the wealth of options this advanced networking tool offers.

The users are then able to set up their VPN routing, add their credentials, review, and import a profile via the Access Server Hostname option. Importing the profile can be done by browsing the OVPN file or entering a URL to remote access the file.

After connecting to the active server, the app showcases a wide array of real-time statistics, including a visual chart of upload/download transfer speeds, duration of the connection, and more.

User Interface

The latest version of this app features a new and improved user interface with a white theme and bright orange on-screen elements, making the experience of installing and using the software very easy even for first-time VPN users.

FAQ

What is OpenVPN Connect for macOS?
It is the official client application of OpenVPN Inc., enabling users to effortlessly connect to distant VPN servers, thus dramatically increasing the security of their internet browsing, unlocking geo-blocked content, and avoiding monitoring by ISPs, websites, and various government agencies.

Is it safe?
100% yes! This app is designed to provide secure data transport over the Internet with industry-leading services and a fully transparent open-source development approach.

What are the core benefits of using a VPN?
Unified virtual presence, enhanced privacy, secure file transfers, secure instant messaging and VoIP sessions, travel protection, wireless hot spot protection, and more.

Alternatives

Tunnelblick for Mac – An open-source app that allows Mac users to connect to multiple OpenVPN servers simultaneously.

ProtonVPN for Mac – A popular free VPN client that provides excellent privacy and geo-unblocking services to Mac and Windows users.

IPVanish for Mac – A reliable and easy-to-use VPN application that caters to casual users who want to quickly harden the security of their internet connection.

NordVPN for Mac – A reliable and user-friendly VPN service, providing secure and private internet access for users on the macOS.

Pricing

This app is free to use!

The platform is available to users via two distinct licenses – “OpenVPN Community Edition” unlocks free and open-source access to the core offerings, and “OpenVPN Access Server” provides access to a large selection of advanced tools such as SMB server, Web UI dashboard, and more.

System Requirements

Developers of this app have optimized it for use on all modern versions of macOS - High Sierra, Mojave, Catalina, Big Sur, Monterey, Ventura, and Sonoma.

PROS
  • Easy to use and scalable for both personal and business use.
  • Secure data transport over an encrypted tunnel.
  • Cross-platform support for various operating systems.
  • Free!
CONS
  • None.
Conclusion

OpenVPN for Mac is a reliable and secure client application for establishing VPN connections on Mac computers.

It provides a secure and encrypted tunnel for data transport and is compatible with various use cases and operating systems, making it a perfect security platform for individuals, education organizations, and businesses of all sizes.

Also Available: Download OpenVPN for Windows

Why is this app published on FileHorse? (More info)
  • OpenVPN 2.7.5 Screenshots

    The images below have been resized. Click on them to view the screenshots in full size.

    OpenVPN 2.7.5 Screenshot 1
  • OpenVPN 2.7.5 Screenshot 2
  • OpenVPN 2.7.5 Screenshot 3
  • OpenVPN 2.7.5 Screenshot 4
  • OpenVPN 2.7.5 Screenshot 5

What's new in this version:

Security fixes:
- openvpnserv (windows): fix DNS SearchList state pollution on (dis)connect.
- specific combinations of --dns config entries plus local DNS config could lead to corruption of pre-openvpn DNS config
- Fix use-after-free bug in ack_write_buf(), triggerable by a well-timed sequence of control channel + authentication packets

Bug found by multiple researchers:
- Fix use-after-free bug in tls_wrap_reneg(), triggerable by suitable sequence of dynamic tls-crypt control-channel packets
- Fix server crash on reception of suitably malformed auth-token, if auth-gen-token external-auth is active
- Fix memory-leak in tls-crypt-v2 client key handling that could lead to out-of-memory situations and subsequent server crashes
- Fix possible 1-byte buffer overrun on NTLMv2 proxy responses
- Fix another memory leak on reception of suitable tls-crypt-v2 packets that could lead to an out of memory situation and server crash

Fixed:
- Windows: fix plugin trusted-dir check prefix bypass this fixes a bug in the path checking logic we do on Windows for "is loading a plugin from this path allowed?", but since we could not find a way to exploit this unless starting with admin privs or a social engineering attack, not classified as a security fix)
- Windows: openvpnserv: rework ConvertItfDnsDomains and tests this fixes a buffer overread that is not exploitable and as such not classified as security fix)
- options: fix use-after-free of DNS options on client connect using suitable --dns or --dhcp-option DNS options in a server config - not pushed, but applying to the server itself - triggers a double free() and use-after-free condition, possibly crashing the server) (Github: OpenVPN/openvpn#1060)
- dns: Fix memory leak in dns_server_addr_parse, if too many server addresses are configured (Github: OpenVPN/openvpn#1055)
- improve multi-socket event handling further - multiple open UDP sockets with concurrent traffic could lead to inefficient processing, and theold code was also very hard to follow. This was initially triggered by a report from Joshua Rogers using ZeroPath, but turned out to be "just bad code" not a security vulnerability)
- Null-terminate tls-crypt client keys when testing - non-exploitable strlen() on a buffer that is not null-terminated mudp: send HMAC reset reply synchronously this fixes a bug where multiple incoming tls-crypt-v2 RESET packets on different sockets could end up overwriting each other's control structures, leading to initial handshake packets (HMAC reset reply) being sent to the wrong client IP, or on a non-suitable socket "v4 packet on a v6 socket"). Since the overall flow here is stateless by nature, do not artificially create state by creating elaborate queues, just send-or-drop.
- fix port-share and multi-socket interaction - port-share needs TCP listeners, but the check was wrong. So "as long as any of the listening sockets is TCP, port-share can be used" (Github: OpenVPN/openvpn#1027)
- Ensure pushed tun-mtu is no lower than TUN_MTU_MIN - this fixes a bug where a server can push a suitable combination of options and make the client ASSERT(). Reported as security issue by Haiyang Huang, but it was decided that the server always has means to make the client "not function properly", and it can not be exploited beyond that)
- Windows: socket: assert buffer length before reading prepended sockaddr family - a misbehaviour in the windows DCO driver could trigger an overread in the userland client. No such bug exists, which this was not treated as a security vulnerability

Documentation improvements:
- improve documentation for --float (Github: OpenVPN/openvpn#358)
- add documentation for --preresolve (Github: OpenVPN/openvpn#532)
- impove documentation around DNS config (Github: OpenVPN/openvpn#937)