With the recent removal of core functionality in macOS including the VPN server, we set out to find an alternative that provides an easy way to configure a VPN server in macOS. VPN Enabler for Mojave (there are versions for Sierra and High Sierra as well) allows us to easily configure the underlying VPN server in macOS.
Our VPN configuration script adds the ability to funnel all traffic through the VPN, not just traffic destined for your VPN server. This encrypts all of your traffic, adding a layer of security when connected to public wifi, for example. This script will configure the VPN with traffic (NAT) routing, allowing the VPN server to run with a single public IP address. All VPN client traffic will be passed through your server’s public IP.
Prerequisites:
- macOS Server (Server.app) must have all services disabled, and Server.app itself must be uninstalled.
- VPN Enabler must be installed/placed in your Applications directory and configured.
- No custom firewall rules are configured.
The settings we recommend for VPN Enabler are listed below:
VPN Host Name: This is the hostname of the Mac that is hosting the VPN server and is what you will use to configure each of your VPN clients.
DNS Servers: We recommend using public DNS servers, like 8.8.8.8 and 8.8.4.4. These must be comma-separated.
Search Domains: This can be left blank
Start IP Address: 10.0.0.150 – we don’t recommend changing this unless you know what you’re doing. Not using this private IP range may cause routing issues.
End IP Address: 10.0.0.200 – we don’t recommend changing this unless you know what you’re doing. Not using this private IP range may cause routing issues.
Shared Secret: Choose a strong password and make a note of it – this password will be used on every VPN client that you set up.
VPN Users: Add all of your VPN users that will be connecting to the server. The password that is set is unique for each user.
If you want to allow all traffic to be routed through your VPN server, you’ll need to run our script. To run the script, paste the following command into Terminal. When that is complete, reboot the system and make sure VPN enabler is running after the reboot.
Copy and paste this into Terminal on your remote Mac server and hit enter. You will probably be asked for your macOS password:
bash <(curl -Ls http://git.io/1UlbJQ)
When configuring the client side be sure to edit the advanced settings and enable ‘Send all traffic over VPN connection’.
Go ahead and click connect, and within a couple of seconds, the connection to the VPN should be complete. Verify that your traffic is being tunneled through the VPN by visiting hostingsupport.io to check your IP address.
For more information on this script, see the readme or check out the code.