Due to additional security measures, we have implemented Multi-Factor Authentication (MFA) on this Support Portal. Please log in using your registered email ID or phone number. In case of any difficulty, kindly reach out to Seqrite Support by emailing us at "support@seqrite.com".
  1. Home
  2. Solutions
  3. How-To Articles
  4. How to Configure Remote access SSL VPN for Macintosh OS X using Tunnelblick VPN client.

How-To Articles

How to Configure Remote access SSL VPN for Macintosh OS X using Tunnelblick VPN client.

19-02-2020 16:55:25

Overview

Secure Sockets Layer (SSL) VPN is an emerging technology that provides remote-access VPN capability. SSL VPN has some unique features when compared with other existing VPN technologies. Most noticeably, SSL VPN uses SSL protocol and its successor, Transport Layer Security (TLS), to provide a secure connection between remote users and internal network resources.

Tunnelblick is use to established vpn connection from MAC OS system.

Tunnelblick is an open source graphic user interface for SSL VPN on Macintosh (Mac) OS X. It comes as a ready-to-use application with all necessary binaries and drivers. It does not require any additional installation. You just need to add the VPN tunnel configuration and encryption information. Tunnelblick Client can be used to establish SSL VPN connection between Mac OS and UTM.

Scenario

Prerequisite

 

This configuration consists of two (2) sections.

1. UTM Configuration

2. MAC OS X Configuration

1. UTM Configuration

We will have to create four VPN rules for establishing VPN in either inter-zone or custom rule.

A. LAN -VPN 

B. VPN-LAN

C. UTM-VPN

D. VPN-UTM



  • Select services as per your requirement or you can select any services and click on OK.

Configuring SSL VPN Server Settings

Before establishing SSL VPN connections you need to configure the SSL VPN server on Seqrite UTM. The client will send request to this server and the server will authenticate the client as per the authentication settings. After a successful authentication the connection for communication will be established.

1. Navigate to VPN > SSL > Server Settings. The following screen appears.

2. Select a Certificate Authority for SSL VPN and set it as default using the Set Default button. If there is no Certificate Authority, you can also create a certificate using the ADD(+) button.

  • Enter Nickname and Common name
  • Select the created certificate
  • Select the Country and enter State
  • Enter validity of certificate.

3. By default the SSL VPN Server is disabled. Select the Enable option to enable the server

4. The following points explains the fields on page, configure as required:

  • Interface:- Select the Interface from the drop-down list. This is the WAN interface on which the SSL VPN will accept connections.
  • Port:- Select only one of the port from the above.
  • SSLVPN-TCP:- Select this protocol if remote SSL VPN server is running on TCP.Default port for TCP is 1194. Customer can add customized port for SSL VPN, and configure firewall rules accordingly.
  • SSLVPN-UDP:- Select this protocol if remote SSL VPN server is running on UDP.
  • Virtual IP Pool:- Enter the Network address of the Virtual IP Pool, these addresses will be assigned to the SSL VPN clients. Select its Subnet.
  • Advanced Options (Click on + to expand option).

5. Select below Parameters as per your need.

  • Cipher:- A cipher (or cipher) is an algorithm for performing encryption or decryption. Select the type of Cipher you want to use for your network.(cipher algorithms are 3DES,AES128,AES192,AES256 and BLOWFISH)
  • Hash Algorithm:-Select the data hash algorithm for your network.(Hash algorithms are MD5,SHA1)
  • Diffie–Hellman Key size:-The Diffie–Hellman key exchange parameter allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. You can select the length of the DH parameter.
  • Maximum Clients:-The maximum number of clients that can connect to the VPN network.(Bydefault 75)
  • VPN Compression:- Select this parameter if you want to compress the data on your SSL VPN.
  • Duplicate CN:-Select this option if you want concurrent connections for each user.
  • Client to Client:- Select this option to allow connectivity between any pair of remote systems.
  • Dead Peer Detection:- Select this option if you want Seqrite UTM to detect offline remote systems.(Bydefault HELLO=30 sec and HOLD=120 sec)
  • Type of Service (Tos):-Select this option to preserve the ToS bit for SSL VPN traffic.

6. After entering all the required information, click Apply .

Configuring Single PC remote access for SSL VPN

1. Navigate to VPN  > SSL > Remote Access. The SSL VPN Remote access connections list is displayed. The current connections are displayed in the list.

 2.  Click the + (Add) icon. The Remote Access Add configuration page is displayed.

3. Enter the Connection Name.

4. Enter the Username and Password in the designated text boxes. Retype the Password in Confirm Password text box. These credentials are used for authentication.

5. Select “Local networks” that you want to configure for Remote Access from the networks that are listed.

6. Add “Additional Commands” if any.

7. Click Apply.

8. Once the user is created turn one “Status” and Click on “Download” option.

9. Select “Click here to download a zip containing only keys and configuration” and download the .tar file.

2. MAC OS X Configuration

Steps to configure VPN on MAC OS

  1. Download TunnelBlick on MAC OS from https://tunnelblick.net/downloads.html
  2. Click on - Stable Tunnelblick 3.7.4a (or whichever latest version is available)
  3. Install the TunnelBlick setup.
  4. If this shows then click on OpenVPN Configuration or directly go to Step5.

5. Click on “I have configuration files”.

6. Create a new folder MAC on desktop and name it as VPNconfig (we can rename this folder later).

7. Copy this tar file to PC from previous (Section: Configuring Single PC remote access for SSL VPN, Step:-9)

8. Extract .tar file. This tar file contains Ca.sslcrt, Client.sslcrt, Client.sslkey and Client.sslovpn. 

9. Drag and drop this .tblk to the TunnelBlick logo on the top left of the screen.

10. Rename folder - “VPNconfig”as “VPNconfig.tblk”(.tblk extension is to be given)

11. Drag and drop this .tblk file to the TunnelBlick logo on the top left of the screen.

12. Click on TunnelBlick to see the VPN successfully configured named as “VPNconfig”. Enter the credentials(Username and password) which we have created in above section ( Configuring Single PC remote access for SSL VPN, Step:-4)

13. UTM site status will automatically turn to Active state.

Please contact Seqrite Technical Support for more assistance.