Before I finally decided on Mac OS X, I had to verify that, among other things, VPN clients work on it. We use either OpenVPN or Cisco VPN, so I looked for the following two products.
viscosity
A VPN client of the OpenVPN standard with a price of 9 USD and a very pleasant operation - by this I mean that it is better than under Windows in the classic OpenVPN client, especially:
- The possibility of using a keychain to enter login data (name and password), then it no longer needs to be entered when connecting
- The option to click in the client to allow all communication via VPN (in classic OpenVPN it depends on the server settings)
- A simple option to import settings, although in one case I did not succeed and had to find the settings from the configuration file and manually click them in Viscosity (this is also possible, you only need a crt and key file and parameters - server, ports, etc.)
- Of course, the display of the assigned IP address, traffic via the VPN network, etc.
Traffic view via VPN
The client can be started right after the system starts or manually and then it is added to the icon tray (and does not bother the dock) - I cannot praise it enough.
Cisco VPN client
The second VPN client is from Cisco, it is license free (the license is taken care of by the VPN connection provider), on the other hand, I have a few reservations about it from the user's point of view, and the fact that you cannot use a keychain to store login data (and these must be log in manually), all communication cannot be routed through the VPN as in Viscosity, and the application icon is in the dock, where it takes up space unnecessarily (it would look better in the icon tray).
The client can be downloaded from the cisco website (just put "vpnclient darwin" in the download section). Note: darwin is an opensource operating system, supported by Apple, and its installation files are classic dmg files (installable even under Mac OS X).
You can have both clients installed at the same time, and you can also have them running and connected at the same time - you'll just be on multiple networks. I'm pointing this out because it's not quite common in the Win world, and the problem is at least with the order of installation of individual clients on Windows.
Remote desktop
If you need to remotely access Windows servers, then this utility is definitely for you - Microsoft provides it for free and it is a classic Win remote desktop that you control from the native Mac OS X environment. The download link is http://www.microsoft.com/mac/products/remote-desktop/default.mspx. During use, I didn't find any function that I missed - local disk sharing also works (when you need to copy something to a shared computer), login data can be stored in a keychain, and individual connections can also be saved including their settings.
Local local disk mapping settings
Question about Toho VPN client from Cisco.
After my experience with Windows, where it literally grows into the entire system, I would like to know if, in the case of installation on a Mac, it is "only" copied to Applications or if it also stuffs some system files into the Library and so on? I would like to be able to uninstall it at any time without having to reinstall the system (experience with Win - it totally screwed up the network subsystem, no network communication was possible after uninstallation).
And then just a user question - does the Cisco VPN client support connection via certificates? Unfortunately, it doesn't work on the iPhone, it insists on entering a security group, username and password, but the other company's VPN from Cisco ONLY works via a certificate.
Thanks for a quality and useful article!
Well, personally, I would mention that vpn cisco is a part of Snow Leopard and I would recommend only CoRD for a remote desktop after a long time. It is quickly clear and you can set several things in it, and you can also quickly store your representatives in the side sheets :)
http://cord.sourceforge.net/
Unfortunately, that's only half of it with the integrated Cisco client. Both SL and iOS have something from Cisco in them, but it's a very stripped down version and it doesn't support those certificates for login. Nowadays, when the name and password are no longer considered safe, it is necessary to have either a token or at least private keys. And that's what I'm dealing with right now at our company, where I won't apply without certificates.
If you want a free client for OpenVPN, you can use Tunnelblick http://code.google.com/p/tunnelblick/ (minimum requires Mac OS X 10.3.9).
Reactions to comments :)
I think the Cisco VPN client just copies some of its settings to Library/Preferences/com.cisco…, nothing else.
The procedure for installing the integrated Cisco VPN client in Snow Leopard is here: http://idoc.vsb.cz/cit/tuonet/sluzby/vpn/macOS/index.html. But I had a problem importing the *.pcf file, so I had to use the Cisco client.
CoRD looks very interesting and Tunnelblick - there are certainly a lot of free software, but Viscosity is really easy to install and $9 is not much for it.
As for free OpenVPN clients, I haven't seen many usable ones. In any case, Tunnelblick excels among them. On SL, installation consists of copying one application. It will be placed in tray icons
... allows you to have multiple servers and connect any of them, the option to connect after startup is understandable. I don't deny that Viscosity can do more, but personally I don't need and won't use the other functions, so I don't need to pay for them. Tunnelblick was doing what it was supposed to do and basically I don't need to know about it.
(sorry for the split – I clicked on the iPhone a little bit next to it and it sent right away)
Of course, TunnelBlick also allows multiple servers that it can connect at will... It also starts when the system is turned on, it can also use a key fob for passwords.
I don't see a single reason to pay $9 when there is a free alternative. I've been using it on multiple VPNs a day for over a year now and haven't had a single problem yet.
If it's not PR, IMHO Tunnelblick should definitely have been mentioned in the article…
.pcf file can be opened text. editor and using the obtained data to set the parameters of the VPN integrated in OSX. And if there is an encrypted password, it can be easily found using online decoders ;) … I myself have been connecting to the company network this way for more than a year without any problems … I can also only recommend CoRD thanks to the features described above … I have been using Microsoft RDP since I have not used CoRD…
I have a question about decent VPN clients for the iPhone.
What are the options so that a person does not have to carry a laptop with them, but can easily check from the phone whether the FTP or sFTP transfer of finished data from my home Mac to the client has finished successfully, or if necessary, start it again. I'm not a fan of the command line solution, so I mean something with a graphical interface.
LogMeIn works without problems. But the iPhone (even without JB) has native support for PPTP (I've tried it and I use it), L2TP and IPSec.
I personally use the paid software Logmein for iPhone - and I can recommend it.
on cydia there is a gui for openvpn and iphone, of course it requires jailbreak.
Also, is there any VPN (OpenVPN) server on MAC OS X that supports Easy RSA?
You are not right about the Cisco client that it cannot "drive all traffic through the tunnel" (i.e. default route to the tunnel)
He can do it, but it must be set on the VPN gateway