Installation of Tunnelblick on Mac (OpenVPN)

It is possible to form an encrypted remote connection from your home computer to the servers of the University of Helsinki. A VPN connection is also useful in HUPnet and other unencrypted networks. If you wish to access your home directory (i.e. the Z drive) or group directories (P drive) from your home computer, first act according to these instructions and then open the instructions for the remote use of home and group directory
You can make the VPN connection run on Mac OS X with Pulse Secure or the Tunnelblick connection software. Pulse Secure is also available for iPad and other mobile devices, see instructions here.

The Macs in the university's centralised administration use the Pulse Secure software - see instructions (in Finnish). You can also install Pulse Secure on your home computer - see instructions.

 

MacOS Catalina 10.15 was released on October 7th, 2019. This version is not yet fully compatible with all University of Helsinki services. Likewise all Software Center applications are not yet compatible with Catalina 10.15. Centrally maintained University of Helsinki computers will be updated according to a schedule determined after testing.

Tabs

Quick help

VPN on Tunnelblick, simple instructions

  1. Download and install Tunnelblick from https://tunnelblick.net/
  2. Download and install the configuration profile from Download Centre.
    See more detailed instructions
  3. Start Tunnelblick and form the connection. See more detailed instructions
Detailed help

Installing Tunnelblick and HY-VPN

  • Download and install the latest version of Tunnelblick from the https://tunnelblick.net/
  • Extract the dmg-file you just downloaded and copy Tunnelblick.app to the Applications folder.
  • Download the latest version of configuration files (HY-VPN.tblk) from Download Centre by clicking Programs > HY-VPN > MacOSX.
  • Extract the HY-VPN.tblk.zip by opening it from the Downloads folder.
  • Double-click on the HY-VPN.tblk file. Tunnelblick starts. Enter the OS X administrator password.

Select Only Me (VPN settings only installed on the user account which is currently logged in) or, preferably, All Users (all user accounts have access to the VPN connection).

HY-VPN.tblk contains an openvpn.conf file with the university's VPN script and the liteca.crt certificate. Tunnelblick creates a Tunnelblick folder in the Application Support folder where the configuration files are copied. The Only Me option creates a folder in the Library folder of the home folder and an All Users Macintosh HD in the Library folder.

Forming an encrypted connection

• Open the Applications folder and click on the Tunnelblick icon.
• A tunnel icon appears in the menu row in the top right corner of the screen. Click on the icon and select Connect 'HY-VPN'.

The software will ask for the user name and password you use in the university's services. After you have entered them, the software initiates the connection.

In future, you can form an encrypted connection by repeating the last three stages.

Error situations

  • You may have encountered a new security feature in High Sierra and higher which restricts the loading of kexts (system extensions). Read more from Tunnelblick's site.
  • If the connection does not work, click on the tunnel icon and select VPN Details. Select Set nameserver in the Set DNS/WINS menu. If the connection still does not work, try another setting.