A VPN connection allows you to securely connect to an otherwise private network over the Internet. Your Mac has built-in support for managing VPN connections and in this guide we’ll go through how to setup, manage and connect using a VPN. To wrap up, we'll walk through how to set up your own VPN server.
What is a VPN?
VPN stands for Virtual Private Network. If you have files on a server at work, that server is unlikely to be public facing (accessible over the Internet) and will no doubt be behind a firewall. Operating a VPN is far more secure than just opening ports on a firewall, which can be a security risk. Since more and more workers are traveling and/or working from home, companies require a way of allowing employees access to resources they need while still maintaining a high level of security.
Enter VPN, a way of securely connecting to a private network over the Internet. Using a VPN connection, it is just like you’re at the office. Imagine being at home and you realize there’s something you need from a server or internal website at the office. A VPN connection is just like having a really long ethernet cable that you plug into your Mac that’s connected to your work’s network.
Uses for a VPN
Remotely Connecting to a Network at Work
As we briefly touched upon, when you’re at work you’ll be able to access any file servers that are there. When you’re on the road or at home, you won’t be able to. With a VPN connection, it’s as though you’re on the same network. When it’s connected, you’ll be able to access any of the file servers using their normal IP address.
Encrypting Your Web Browsing
As a VPN connection is secure, any data going across it is encrypted. When you’re at a coffee shop and you’re browsing the web, your traffic could potentially be monitored. Most VPN software (such as OS X) includes an option to have all your Internet traffic - not just when you’re accessing the VPN destination - to pass over a VPN connection, thus encrypting all your web browsing and increasing the security of anything you do online.
Be Somewhere Else in the World
As you can pass your Internet traffic over the VPN connection, to most websites you will look like you’re accessing it from wherever the VPN server is. Confused? Let’s clear that up!
Let’s say you’re in London on a trip and stuck in a hotel room for a few hours. If you try and access a site that is only available in the US (such as Hulu), then you’ll be greeted with a message explaining that. If your VPN server is located in the US and you connect and make sure your Internet traffic passes through the VPN connection, then you’ll be able to access the site.
The reason for this is that when you’re connected via VPN, you’re effectively on that network. You’ll have a local IP address on that network that’s assigned to your VPN connection and your Internet traffic effectively starts from where the VPN server is. As a result, to most sites, your location is actually wherever the VPN server is. I’ll explain this with an example.
There are plenty of speed test websites out there, one of the most popular ones is Speedtest.net. If I run a speed test from my current location, I get feedback of my broadband speed and the closest testing server I connected to (in this case it was Skipton, UK).
Now, when I connect via a VPN to a US server, ensure that all Internet traffic is sent via the VPN and run the test again, the site assumes that my closest server is in Miami! This is because it’s the VPN server the speed test is basing it from.
Depending on the VPN server and your connection, you’ll notice that the speed drops dramatically.
Tip: For users in restricted countries such as China where many sites we take for granted (Twitter and Facebook) are blocked, some users “circumvent” this restriction by using services such as VPN.
Set up a VPN Connection
There are a few things things you need to have before setting up a VPN connection:
VPN Server Address
This is the IP address that we need of the VPN server. It can also be a fully qualified domain name (FQDN) such as vpn.mycompany.com, depending on how it’s been configured.
Username and Password
All VPN connections have a username and password. These are usually set up for you by your IT administrator.
There are two types of VPN connections, L2TP and PPTP. Both allow a secure connection, though L2TP is generally found to be the better of the two. This is because, in addition to a username and password, L2TP connections can require a shared secret. This is like a secret passphrase that any VPN users will need to add to their connection.
How to Connect Your Mac via VPN
To set up a VPN connection on your Mac, you need the following details.
- Server IP address or fully qualified domain name
- Username and password
- Connection type (L2TP or PPTP)
For the purposes of this tutorial, I’ll be using dummy information. While there are “free” VPN services out there we could use, I take the safety and security of your Mac (and mine) very seriously! If you would like to know more about commercial VPN services, I’ll be exploring these later.
All VPN settings can be entered into System Preferences, under the Network preference pane.
Step 1: Open System Preferences and then select Network
Step 2: Click + and then select VPN under the interface option. Specify either PPTP or L2TP.
Step 3: Select Configuration and then Add Configuration. Name it “Server 1”.
Tip: In the steps above, I asked you to add a configuration named “Server 1”. This step is actually optional and you can in fact just enter it under the default configuration. The reason for adding a configuration is that some users find they have multiple VPN settings. OS X can manage multiple VPN settings using the configuration option. For example, you may have a VPN profile (another name for a your VPN settings) for an office in the US and one in Australia.
Step 4: Enter the VPN server’s IP address (or FQDN) and user name.
Step 5: Select Authentication Settings… and then enter the password. Note: If you selected L2TP as the VPN type then this is panel is where you’d also enter the shared secret.
Step 6: Make sure Show VPN status in menu bar is selected, then click Apply.
That’s it, you’re ready to go! On your menu bar, you’ll see a new icon that looks like a luggage tag. Click this and then select Connect VPN. Once it’s connected, you’ll see a timer starting.
Now we’ve established a VPN connection, go back to System Preferences and you’ll see some connection information, including your VPN’s IP address.
Sending All Traffic Over VPN
By default, your Mac will only pass necessary traffic via VPN, such as accessing a file server or other machines or sites that are on the same network as the VPN server. This is because most VPN connections can be quite slow, so your Mac doesn’t want to slow your Internet experience down needlessly. However, we can override this.
Go back in System Preferences and select Advanced….
Straight away, we see an option to Send all traffic over VPN connection. Ticking this and then saving the changes will mean your Mac will pass all network traffic over the VPN. It is generally not recommended since it can make your Internet connection appear very slow and you may also find accessing servers and printers on the network you’re physically on is stopped.
For all the data to be passed over the VPN once the option is enabled, we need to set the service order. This is the order that your Mac passes data over the network. We must have the VPN as the first service in the list. To do this, select the drop down cog menu and select Set Service Order... From here, you can drag the services into the required order, making sure the VPN is at the top.
However, this is necessary if you need to access a site as we discussed earlier that’s only available in the country where your VPN server is located. Going back to our earlier example, if you were in the UK and you needed to access a US only site, enabling this option will allow you access to that site.
Getting a VPN Account
For many users, you’ll probably have a VPN profile from your employer’s IT department. If you’re wanting a VPN for personal use, there are many services that offer a VPN account for a low monthly cost.
One such company is Strong VPN, which offers VPN accounts from $7 to $30 month, depending on the features you require. They offer VPN accounts in many countries around the world and their price plans vary depending on the service you require and the length of time you pay for (it’s cheaper to pay annually than monthly overall).
Tip: Be careful when selecting a VPN provider. While the traffic is encrypted, make sure you go for a company with a good reputation rather than one that looks a little too good to be true!
Roll Your Own VPN Server
You can use OS X Server, but if you’ve got a spare Mac that can run Leopard or above, you add VPN server functionality to the standard version of OS X using a nifty little app called iVPN (trial available, £14.99).
You’ll need to know what your router’s IP address is (known as an external or WAN IP address). If it’s static, then it won’t change and you can use this as the VPN server address. If it’s dynamic (which changes) then I recommend using a service such as Dynamic DNS (DDNS) if your router supports it. You are provided with a generic domain name such as myname.dyndns.org and it is assigned to your external IP address. With Dynamic DNS, your router will automatically update the domain name whenever your IP address changes so you will always be able to connect.
Before using iVPN, make sure the Mac you want to use it on is set up with a static IP address and make sure you set up port forwarding. The ports you need to forward to the Mac is as follows:
- TCP - 1701 and 1723
- UDP 500
Now you can connect to your home network via VPN wherever you are. Your Internet access will be secure and if you have a Time Capsule or network storage, you can access them as well!
In this guide, we’ve touched on the uses for a VPN, how to establish a connection and even how to set up a new server. Do you use a VPN connection for work or home? Do you use a commercial VPN provider? Let us know in the comments!