MacOS - Obfuscation using Tunnelblick and Stunnel

Share This!

Welcome to My Private Network

 

We provide VPN services with servers in over 44 countries to protect your security and privacy, and allow you to bypass geographic restrictions.

Read more about how our VPN works here.

 

These instructions will demonstrate connecting to our GBR service using Stunnel and Tunnelblick (OpenVPN), but the same process applies to connecting to any of our supported countries and all of them support stunnel.

 

 

Don’t Have a VPN yet? give our Free Trial a go by clicking the button below for 3 full days of unlimited access to both our VPN and MyTelly services.

*3 DAY FREE TRIAL – NO CREDIT CARD REQUIRED

 

 

The basic principle is that we use stunnel to create an SSL tunnel across the internet, this is exactly the same protocol used for https connection, so in theory it should not be blocked. 

 

Once the Stunnel connection is in place, we then create an OpenVPN connection over the top of it using the excellent Tunnelblick software, and this provides the networking and security. 

 

So just to recap, Stunnel connects first and then we run Tunnelblick over the top.

 

We have configured Stunnel to listen on port 587, which is the default port for secure mail and is therefore unlikely to be blocked. As this port is fixed by us, you cannot change it, you have to connect stunnel to port 587. 

 

All of the other ports used in this example can be changed if you so wish.

 


Step 1: Download the pre-requisite software

 

In addition to Tunnelblick, you will also need to install Stunnel and depending on the state of your Mac, there may be a few pre-requisites to install.

 

To install stunnel on your Mac, you need to have the brew package manager, if you don’t have it already, you’ll need to install it. 

 

Head on over to https://brew.sh and follow the instructions or just paste this into your terminal prompt:

 

/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

 

NOTE – you should never paste anything into a terminal prompt unless you know exactly what it is going to do, or you totally trust the source. 



Seriously, it’s a really bad idea. Hopefully you trust us enough to continue…..

 

It may take some time to install brew, depending on whether or not you already have Xcode installed. As an indication, it took us 7 minutes on an clean MacBook Air. It will probably prompt you for your password a couple of times before it finishes.

 

Once it is finished, you will be returned to the prompt and it will say something like:

 

==> Next steps:

– Run `brew help` to get started

– Further documentation: 

    https://docs.brew.sh

 

If you’re new to brew, it’s definitely worth exploring, but that is beyond the scope of this article.

 

On to stunnel.

 

Now that you have brew, you can tell it to install stunnel as follows:

 

brew install stunnel

 

Once complete, you need to download our stunnel configuration and save it

 

https://www.my-private-network.co.uk/files/mac/Stunnel/stunnel.conf

 

If you just want to connect to our GBR cluster, you can leave the file as it is, otherwise you will need to edit it and change the cluster name. 

 

This is how it look by default:

 

[openvpn]
client = yes
accept = 127.0.0.1:31337
connect = gbr.mypn.co:587

 

 

This is for GBR, but you can use any country, subject to your MPN subscription.

 

 

Once you are happy with the file, in the terminal window type:

 

stunnel stunnel.conf

 

 

This will run stunnel in the background. If you would like to check, you can type in:

 

ps aux | grep stunnel

and you should see it running.

OK, we now have stunnel running on your computer, now it’s time to configure Tunneblick to use it.

 


Step 2: Download our OpenVPN configuration file for Stunnel

 

If you haven’t already installed Tunnelblick, you need to, grab a copy from here: https://tunnelblick.net/release/Latest_Tunnelblick_Stable.dmg

You’ll also need one of our Stunnel openvpn configuration file, as Stunnel decides which server you are connecting to, you can use the same Tunnelblick configuration for all our servers

https://www.my-private-network.co.uk/files/mac/Stunnel/Stunnel.ovpn

Once you have downloaded it, click on it in the Finder window to install it.

After it has been installed you should see the option for Stunnel in the Tunneblick menu.

Click on it and Tunnelblick will connect via Stunnel.

That’s it, you are now connected and to anyone observing your connection, it just looks like a secure https link to a mail service.

 


Any Problems?

 

Unfortunately it doesn’t always go to plan! 

 

If you have any problems or can’t get connected, please email us at support@my-private-network.co.uk. We’ll get back to you as soon as possible to assist you.