A bunch of scripts I use to build OpenVPN, to patch AirVPN *.ovpn files and to start a KillSwitch stolen from Eddie, the AirVPN official client.
Because I can and because Eddie on macOS is quite a unstable... so to speak.
Use OpenVPN installed with Homebrew
$ brew install openvpn stunnel
Add to your ~/.bashrc
or .bash_profile
or .zshrc
(if you're using ZSH) the following line:
export PATH=$(brew --prefix openvpn)/sbin:$PATH
Clone the OpenVPN repository (master or checkout a TAG to build stable release).
$ git clone https://github.com/OpenVPN/openvpn.git
Install dependencies with Homebrew
$ brew install automake autoconf libtool pkg-config libressl openssl lzo lz4 stunnel
Call the compiler script $ ./openvpn-build.sh
Add to your ~/.bashrc
or .bash_profile
or .zshrc
(if you're using ZSH) the following line:
export PATH="/usr/local/sbin:$PATH"
By default the script compiles with LibreSSL support, if you want OpenSSL instead comment/uncomment the openvpn-build.sh
script in the appropriate section.
macOS has built in it an old version on SSL, if you want the most recent downloaded with Homebrew add to your ~/.bashrc
, .bash_profile
or .zshrc
(if you're using ZSH)
export PATH="/usr/local/opt/openssl/bin:$PATH"
Configure ovpn files downloaded from AirVPN
The patch add the following 3 lines of code in the .ovpn file you've downloaded from AirVPN:
AirVPN_WhateverIsTheName.ovpn < patch-ovpn.patch
script-security 2
up "connect.sh"
down "disconnect.sh"
script-security 2
allows external scripts to be executed.up "connect.sh"
changes the DNS with the one provided by AirVPN - see section DNS LIST - changes the domain name to openvpn and start the PF firewall killswitch*.down "disconnect.sh"
restore DNS and domain name to the original one and stops PF.
Change the DNS with the one provided by AirVPN and the network interface.
To list of all network interfaces $ networksetup -listallhardwareports
and use the Hardware Port to configure the correct interface you're using to connect to internet (e.g. Wi-Fi not En0).
$ sudo networksetup -setv6off Wi-Fi
Again use the Hardware Port as shown in the previous section.
From inside the folder of this project place your ovpn files downloaded from AirVPN Client Area than from your termina cd
into the folder and:
$ sudo openvpn AirVPN_WhateverIsTheName.ovpn
To quit the OpenVPN connection CTRL+C
.
If you accidentally or voluntarily close the terminal, you can kill the OpenVPN processl later with:
$ sudo killall -2 openvpn
Translated in english: kill all openvpn processes as they where killed by a keyboard input CTRL+C
.
AirVPN uses different DNS's depending on the protocol used for the connection.
Change the connect.sh
-setdnsservers
section with the correspondent DNS based on the protocol you've selected on the configuration page of your account.
Protocol IP DNS
Port 443 - Protocol UDP 10.4.*.* 10.4.0.1
Port 443 - Protocol TCP 10.5.*.* 10.5.0.1
Port 80 - Protocol UDP 10.6.*.* 10.6.0.1
Port 80 - Protocol TCP 10.7.*.* 10.7.0.1
Port 53 - Protocol UDP 10.8.*.* 10.8.0.1
Port 53 - Protocol TCP 10.9.*.* 10.9.0.1
Port 2018 - Protocol UDP 10.30.*.* 10.30.0.1
Port 2018 - Protocol TCP
Port 2018 - Protocol SSH
Port 2018 - Protocol SSL 10.50.*.* 10.50.0.1
This is a bit of a headache for me, seems to work fine to have a fine SSL connection with AirVPN but it's fairly unstable, especially with not so strong connection signal through Wi-Fi, and PF configuration sometimes works, sometimes stunnel and OpenVPN needs to renegotiate credentials and to reconnect with AirVPN servers.
Usually commenting the pfctl section on both connect.sh
and disconnect.sh
works better, unfortunately you'll lose the killswitch.
- TODO: further testing
- Before building a new OpenVPN version do a
$ brew upgrade
- Always check that the DNS script is working on IPLeak
- It works perfectly for me, but in case of doubts I strongly encourage you to ask on AirVPN if this method is safe, there are a bunch of nice guys on their forum that will help in case of necessity.