- Viscosity 1 7 9 – Graphical User Interface For Openvpn Download
- Viscosity 1 7 9 – Graphical User Interface For Openvpn Configuration
- Viscosity 1 7 9 – Graphical User Interface For Openvpn Ubuntu
- 1Generic
- 1.3Features
- 1.4Certificates
- 2Server configuration
- 2.1Seperate segment for VPN and destination network
- 2.1.1RouterOS
- 2.2Bridge mode
- 2.2.1RouterOS
- 2.2.2Linux
- 2.3Client configuration
- 2.3.1RouterOS
- 2.3.2Linux
- 2.3.3Windows
- 2.1Seperate segment for VPN and destination network
- 3Additional tweaks
![User User](https://static.macupdate.com/screenshots/253276/m/viscosity-screenshot.png?v=1594124467)
Download Mac Viscosity 1.8.6 Full version – FREE! Viscosity is an awesome OpenVPN client spent for Mac that features an efficient Cocoa user interface to make, change, and control VPN connections. With its total OpenVPN solution for macOS, customers don’t need any extra downloads or software. Notes on the Graphical User Interface 10 RM GUI EAGLE Release 3.4 03/2020 Notes on the Graphical User Interface The Graphical User Interface of the device is divided as follows: Navigation area Dialog area Buttons Navigation area The Navigation area is located on the left side of the Graphical User Interface. Viscosity 1.7 MAC OS X Graphical user interface for OpenVPN. Size: 11.39 MB Viscosity is an OpenVPN client for Mac, providing a rich Cocoa user interface for creating, editing, and controlling VPN connections. 2 Access to the user interfaces 23 2.1 System Monitor 24 2.2 Command Line Interface 26 2.3 Graphical User Interface 29 2.3.1 Opening the graphical user interface via the internal port 29 2.3.2 Opening the graphical user interface via the external port 33 3 Entering the IP Parameters 35 3.1 IP Parameter Basics 37 3.1.1 IP address (version 4) 37.
Why to use OpenVPN ?
OpenVPN has been ported to various platforms, including Linux and Windows, and it's configuration is throughout likewise on each of these systems, so it makes it easier to support and maintain. Also, OpenVPN is one of the few VPN protocols that can make use of a proxy, which might be handy sometimes.
Download OpenVPN
Debian provides OpenVPN packages as part of the standard distribution, just install them by typing apt-get install openvpn.
For a server, you want additionally to install the openssl package.
For easy client access, you would want to install network-manager, network-manager-openvpn and network-manager-gnome or network-manager-kde. This is a nice gui for handling wired and wireless network connections, connections via openvpn and cisco vpn (vpnc) and ppp connections (like a regular or 3g modem for example).
RouterOS requires v3.x and you will need to install and enable the ppp package. There is one limitation to using OpenVPN on the RouterOS platform: currently only tcp is supported. udp will not work.
For Windows you probably also want the GUI, that allows you to choose and activate certain VPN configuration from a simple click in the systray. A complete package for installation of OpenVPN incl. OpenVPN GUI can be downloaded at http://www.openvpn.se/download.html .
For a server, you want additionally to install the openssl package.
For easy client access, you would want to install network-manager, network-manager-openvpn and network-manager-gnome or network-manager-kde. This is a nice gui for handling wired and wireless network connections, connections via openvpn and cisco vpn (vpnc) and ppp connections (like a regular or 3g modem for example).
RouterOS requires v3.x and you will need to install and enable the ppp package. There is one limitation to using OpenVPN on the RouterOS platform: currently only tcp is supported. udp will not work.
For Windows you probably also want the GUI, that allows you to choose and activate certain VPN configuration from a simple click in the systray. A complete package for installation of OpenVPN incl. OpenVPN GUI can be downloaded at http://www.openvpn.se/download.html .
Features
OpenVPN V2.1 Features of RouterOS V4.2
Supported
- TCP
- bridging (tap device)
- routing (tun device)
- certificates
- p2p mode (refer to OpenVPN V2.1 manual page)
Unsupported
- UDP
- LZO compression
Certificates
OpenVPN works with SSL certificates. You can either use http://cacert.org to issue these or use the easy-rsa scripts, that come with most OpenVPN distributions. On RouterOS, all you have to do is to upload them via ftp (ca certificate and router certificate and private key) and import them with /certificate import .
Creating Certificates with CAcert.org
Make sure you have created an account at CAcert.org. Login to your CAcert.org account and define your domain (Domains > Add). Note: You will need access to a root, postmaster, webmaster or other authoritive e-mail account to do this.
Add template with following command replacing name with one you desire (note that common-name = Domain name):
And set template parameters described below:
In RouterOS, open a New Terminal window and create a certificate request with the following command:
You will be asked for:
As you can see, the only important fields are the Passphrase and Common Name fields, everything else can be left empty or default. This howto assumes you used 'server' as common name. If not, you will have to replace it also in the command for the vpn server! After a few seconds you will receive notification that the Certificate Request file was created:
Copy the certificate-request.pem file to your desktop and open it with Wordpad, Textpad, or any other text editor (except Notepad).Now go back to your CAcert.org account, and create a new Server Certificate (Server Certificates > New). Copy the entire contents of the certificate-request.pem file and Paste them into the 'Paste Your CSR(Certificate Signing Request) below..' box on the CAcert.org site. Submit the form and if all goes well, you should be presented with a 'Below is your Server Certificate' page with a bunch of text. Copy/Paste this text into a text file using Wordpad/Textpad (or anything except Notepad), and save it as certificate-response.pem. Upload this file to the router, and import it.
Warning: Generated private keys will be in pkcs8 format, which is not supported in RouterOS. To import such keys, run: openssl rsa -in private-key.key -text and write key output to new file. Upload new file to RouterOS and import
To import the keys, do this from the terminal: (you can also do it from Winbox - System -> Certificates -> Import)
Without converting and importing the private key you will get the dreaded 'Couldn't change OVPN Server - no certificate found (6)' error as soon as you choose the certificate in OVPN Server!
Once you have imported the private key, your certificate should get a 'KR' written next to it (K: decrypted-private-key, R: RSA). Now you will be able to use this key for OVPN.
Creating Certificates with Easy-RSA
Easy-RSA is part of OpenVPN package at [[1]].As of OpenVPN version 2.1 the usage is as follows:
Initialisation on Linux:
Create CA (Certificate Authority, required to sign client and server certificates)
Create Server Certificate
Convert Server private key to .pem format
Create Client Certificate
Convert Client private key to .pem format
Usage
Referring to easy-rsa example above upload following files via sftp to RouterBoard
Do not upload your private ca.key !!!Now import the certificate and then its key:
To the clients upload
And import the keys:
Naming Linux/Windows vs. RouterOS
There are two interface types within OpenVPN, that are used.
- tun, RouterOS defines this as ip.
- tap, which is needed for bridge mode gateways. RouterOS defines this as ethernet.
A few comments
The configuration files here are fully layed out for Debian and Ubuntu. If you're using something else, you'll have to do your own research, what you need. Hope they'll give a guideline.
Some new Linux- distributions use OpenSSL 1.0 (like Fedora 13) which is incompatible with older versions and (currently) MikroTik, it won't recognize the certificates generated with that version. Use OpenSSL version 0.9.8 instead.
Some new Linux- distributions use OpenSSL 1.0 (like Fedora 13) which is incompatible with older versions and (currently) MikroTik, it won't recognize the certificates generated with that version. Use OpenSSL version 0.9.8 instead.
Seperate segment for VPN and destination network
RouterOS
The network configuration of your box:
Lan and Wan are the internal networks, Internet is obviously the Internet.
Altough it was explained here I still was confused since I didn't expect Internet on ether2. If your router is already working and online, all you need is the first line ( /ip address add address=10.15.30.31/24 interface=ether1 comment=Lan ) and replace interface=ether1 with your Lan interface) If NAT/masquerading is needed, this will do the job:
Altough it was explained here I still was confused since I didn't expect Internet on ether2. If your router is already working and online, all you need is the first line ( /ip address add address=10.15.30.31/24 interface=ether1 comment=Lan ) and replace interface=ether1 with your Lan interface) If NAT/masquerading is needed, this will do the job:
Define an IP pool:
This pool is used for the OpenVPN clients.
Define a profile:
Add a vpn user:
Some might want to set service to ovpn to allow connection by this username only to openvpn server, not pppoe or pptp.
OpenVPN server configuration:
Firewall
If you have a firewall defined, that denies access, you would want to allow access to OpenVPN:
Default Route
I haven't figured out, how to redistribute the default route from the OpenVPN server, so you'll have to add it yourself on the client by specifying the add-default-route option (if you have a RouterOS client).
If you have a Linux or a Windows client, you can use the route-up directive. Place it on your OpenVPN configuration (client) file with a command in append, and OpenVPN will execute it when the default route comes up.
For example, if you want to add a static route for 192.168.0.0 (obviously this net are on the remote side) through your OpenVPN gateway (IP 10.15.30.31), you have to add for Linux:
route-up 'route add -net 192.168.0.0 netmask 255.255.255.0 gw 10.15.30.31'
or, for Windows:
route-up 'route add 192.168.0.0 mask 255.255.255.0 10.15.30.31'
If you have a Linux or a Windows client, you can use the route-up directive. Place it on your OpenVPN configuration (client) file with a command in append, and OpenVPN will execute it when the default route comes up.
For example, if you want to add a static route for 192.168.0.0 (obviously this net are on the remote side) through your OpenVPN gateway (IP 10.15.30.31), you have to add for Linux:
route-up 'route add -net 192.168.0.0 netmask 255.255.255.0 gw 10.15.30.31'
or, for Windows:
route-up 'route add 192.168.0.0 mask 255.255.255.0 10.15.30.31'
Linux
/etc/network/interfaces:
eth0 is the network, that we want to get access to. eth1 is our outside interface.
/etc/openvpn/gw.conf:
If you want to push a route to the client, this can be added:
For a default gw to the client, usually, this is added:
With RouterOS, this has no effect, whatsover, so if you want to push the default route from the server, please add:
And to tell the client, what DNS servers to use, this will do the job:
Bridge mode
RouterOS
Create the bridge
The network configuration of your box:
Lan and Wan are the internal networks, Internet is obviously the Internet.
If NAT/masquerading is needed, this will do the job:
If NAT/masquerading is needed, this will do the job:
Define an IP pool:
This pool is used for the OpenVPN clients.
Define a profile:
Add a vpn user:
OpenVPN server configuration:
Before using require-client-certificate option, CA and correct server/client certificate must be imported to both OpenVpn server and client.
OpenVPN server Instance
At the moment, it looks like, that even though we've specified the vpn-bridge in the profile, RouterOS does not honour that fact. So we need to add a OpenVPN server Instance ourselfes for each user and add it to the bridge. (Not required after RC11).
This will result in, that the dynamically created openvpn server instance automatically get's assigned to this interface and thus the bridge. Megapack for iwork 2015: keynote numbers pages templates 2 3.
Firewall
If you have a firewall defined, that denies access, you would want to allow access to OpenVPN:
Default Route
I haven't figured out, how to redistribute the default route from the OpenVPN server, so you'll have to add it yourself on the client by specifying the add-default-route option (if you have a RouterOS client).
If you have a Linux or a Windows client, you can use the route-up directive. Place it on your OpenVPN configuration (client) file with a command in append, and OpenVPN will execute it when the default route comes up.
For example, if you want to add a static route for 192.168.0.0 (obviously this net are on the remote side) through your OpenVPN gateway (IP 10.15.30.31), you have to add for Linux:
route-up 'route add -net 192.168.0.0 netmask 255.255.255.0 gw 10.15.30.31'
or, for Windows:
route-up 'route add 192.168.0.0 mask 255.255.255.0 10.15.30.31'
If you have a Linux or a Windows client, you can use the route-up directive. Place it on your OpenVPN configuration (client) file with a command in append, and OpenVPN will execute it when the default route comes up.
For example, if you want to add a static route for 192.168.0.0 (obviously this net are on the remote side) through your OpenVPN gateway (IP 10.15.30.31), you have to add for Linux:
route-up 'route add -net 192.168.0.0 netmask 255.255.255.0 gw 10.15.30.31'
or, for Windows:
route-up 'route add 192.168.0.0 mask 255.255.255.0 10.15.30.31'
Linux
Packages
These packages are needed: openvpn bridge-utils openssl
Configuration
The configuration bits here are needed to set up a bridged gateway.
/etc/network/interfaces:
/etc/openvpn/bridge-gw.conf
If you want to push a route to the client, this can be added:
For a default gw to the client, usually, this is added:
With RouterOS, this has no effect, whatsover, so if you want to push the default route from the server, please add:
And to tell the client, what DNS servers to use, this will do the job:
Client configuration
RouterOS
client of a routed server (tun)
client of a bridged server (tap)
Linux
client of a routed server (tun)
The file auth.cfg holds your username/password combination. On the first line must be the username and on the second line your password.
client of a bridged server (tap)
Please replace dev tun with dev tap. Otherwise the configuration on the bridged client is exactly the same as the routed client.
Windows
client of a bridged server (tap)
The file auth.cfg holds your username/password combination. On the first line must be the username and on the second line your password.
Alternatively, if you don't specify the filename the client will prompt for the details.
Date & Time (certificate validity) - IMPORTANT
Don't forget to correctly set time and date on client and server. If possible, i suggest to use ntp to keep time in sync.
If time and date is not set correctly, certificates can be invalid. On RouterOS, openvpn will not connect, and you get just following lines in log, which are not very helpfull:
server (RouterOS)
.. to be added ..
client (RouterOS) Mini metro 1 0 13.
.. to be added ..
Retrieved from 'https://wiki.mikrotik.com/index.php?title=OpenVPN&oldid=27201'
Viscosity is an OpenVPN client for macOS and Windows offering many user-friendly functionalities. The client is not free and costs $9. However, we definitely think it’s worth it. If you are not convinced, you can always use it for a trial period of 30 days to test it without any commitment.
This guide will explain how you can get the maximum utility of the features that Viscosity has to offer.
I will show you how you can shut down applications if the VPN connection should stop working, how you can simply import several configuration files, and lastly how to prevent data leakages.
I will show you how you can shut down applications if the VPN connection should stop working, how you can simply import several configuration files, and lastly how to prevent data leakages.
First of all, you need to download the Viscosity client. You can find the download link on their official website. You can choose to download the client for Mac or Windows depending on your OS. Note that this guide has been dedicated to using Viscosity on Windows). However, the same functionalities can be set up for macOS.
After completing the installation process, you simply run Viscosity and make sure that you don’t have another VPN client running at the same time. You should also make sure you’ve downloaded our configuration files and have them ready. If you want to connect to OVPN, it’s recommended that you download all available configuration files from us.
To import a connection is very simple. Just click the plus sign in the lower-left corner and choose “Import connection” >” From file…” and then choose your OVPN configuration file.
If you wish, you can import all OVPN configuration files and change the file names to the name of the server that uses it. This should look something like this:
Remember to let all your traffic go through the VPN connection! Go to the “Networking' tab and check the box called 'Send all traffic over VPN connection.'
(1.) Run Viscosity on login.
You can configure Viscosity to run on login or computer startup. You can also customize Viscosity so that it connects to the most recently used server.
You’ll do this by setting up “Start Viscosity at login” and “Reconnect active connections on wake”. The settings should be as the picture below:
You’ll do this by setting up “Start Viscosity at login” and “Reconnect active connections on wake”. The settings should be as the picture below:
In order to automatically connect to a server when running Viscosity, find the connection you want to edit and right-click on it and choose 'Edit.' Then check the box called “Connect when Viscosity opens,” which can be found on the bottom of the page.
(2.) Exit specified applications if the VPN connection is terminated.
Viscosity 1 7 9 – Graphical User Interface For Openvpn Download
One of the best features of Viscosity is that you can choose to run certain scripts if your VPN connection is temporarily lost or terminated. You can set this up for virtually any application, but perhaps the most common use of this feature is for a torrent client.
In order to accomplish this, you need to right-click on the connection you want to run the exit script for and choose “Edit.” Then click the “Advanced” tab and choose to add script within Disconnected Script. It should look like this:
We’ve provided a script for this purpose that will run if you lose your VPN connection:
You don’t need to worry about the code here except for this line:
as this is the line specifying which application that should be closed if and when you lose your VPN connection. Note that you can specify several applications here.
strProcessKill = array('notepad.exe', 'utorrent.exe', 'vuze.exe')
as this is the line specifying which application that should be closed if and when you lose your VPN connection. Note that you can specify several applications here.
Once you’ve chosen which applications to be closed when the VPN connection is lost, save the file as “OVPN-avsluta.vbs”.
(3.) Terminate your Internet connection if your VPN connection is lost.
This fully prevents your real IP address from being shown in the case of you losing your VPN connection. Usually, Windows will use the ordinary adapter if you lose your VPN connection. In order for you to stay protected, we want to prevent this from happening using another *Disconnected Script”.
Just like before, you should go to Disconnected Scripts and enter the following script:
Dim objShell
Set objShell = WScript.CreateObject ('WScript.shell')
objShell.run 'cmd /K netsh interface set interface name='Ethernet' admin=disabled'
Set objShell = Nothing
In effect, this script tells Windows to set your network adapter to “Disabled” when the VPN connection is lost, which in turn terminates your Internet connection.
In order for this to work properly, please make sure of the following:
In order for this to work properly, please make sure of the following:
- That you run Viscosity as administrator
- Check that the networking adapter is correctly entered
To find the exact name of your networking adapter, go to Control Panel -> Network and Internet -> Network Connections
It should look like this:
It should look like this:
In order to enable your Internet connection again, you need to enable your networking adapter. You can do this manually by going to network settings. An easier solution is to make a BAT-file and place it on your desktop that can be run as administrator:
netsh interface set interface name='Ethernet' admin=enable'
(4.) Terminate the Internet connection as well as specified applications if your VPN connection is lost.
Copy the code from step 3 and put the code from step 2 on the bottom.
Viscosity 1 7 9 – Graphical User Interface For Openvpn Configuration
(5.) Make sure everything works.
It’s always recommended that everything works as intended. You can run the following tests:
- Test the termination scripts by right-clicking and choosing “Disconnect”.
- Go to our dashboard to see that you're connected properly and don't have any DNS leaks
(6.) Conclusion
This has been a short guide showing you how to explore the functionalities of Viscosity. Viscosity is a great alternative if you wish to use more advanced VPN features.
Viscosity 1 7 9 – Graphical User Interface For Openvpn Ubuntu
If you’ve followed the steps in this guide, you should now have a VPN client that terminates your Internet connection as well as close specified applications if your VPN connection is lost.