OpenVPN on macOS 10.14

If you want to install most recent version of OpenVPN on macOS you will need:

tuntap   git clone git://tuntaposx.git.sourceforge.net/gitroot/tuntaposx/tuntaposx
LZO http://www.oberhumer.com/opensource/lzo/download/
OpenSSL git clone https://github.com/openssl/openssl.git
OpenVPN     OpenVPN download
XCode XCode in AppStore

Double check you can download all the stuff. Once it’s in place, you can proceed with installation.


# Make sure to install command line tools

> xcode-select --install

# Then, you can proceed with tun/tap

> mkdir -p ~/opt/src
> cd ~/opt/src
> git clone git://tuntaposx.git.sourceforge.net/gitroot/tuntaposx/tuntaposx 

# Note for macOS 10.14 !!
# (if you are working with macOS 10.13, you don't have to do it)
#
# make sure to change following lines inside sources

# src/tun/Makefile
-INCLUDE = -I.. -I/System/Library/Frameworks/Kernel.framework/Headers
+INCLUDE_D = -I.. -I/Library/Developer
+INCLUDE_S = /CommandLineTools/SDKs/MacOSX.sdk
+INCLUDE_F = /System/Library/Frameworks
+INCLUDE_K = /Kernel.framework/Versions/A/Headers/
+INCLUDE = $(INCLUDE_D)$(INCLUDE_S)$(INCLUDE_F)$(INCLUDE_K)

# src/tap/Makefile
-INCLUDE = -I.. -I/System/Library/Frameworks/Kernel.framework/Headers
+INCLUDE_D = -I.. -I/Library/Developer
+INCLUDE_S = /CommandLineTools/SDKs/MacOSX.sdk
+INCLUDE_F = /System/Library/Frameworks
+INCLUDE_K = /Kernel.framework/Versions/A/Headers/
+INCLUDE = $(INCLUDE_D)$(INCLUDE_S)$(INCLUDE_F)$(INCLUDE_K)


> cd tuntaposx/tuntap
> make

# note that make install will put some files inside /Library
# /Library/Extensions/tap.kext
# /Library/Extensions/tun.kext
# /Library/StartupItems/tap
# /Library/StartupItems/tun

> make install

# make sure to load modules before running OpenVPN
# sudo kextload /Library/Extensions/tap.kext
# sudo kextload /Library/Extensions/tun.kext

# it might be you need to disable system integrity protection on more recent macOS installations
# if you are running macOS >=14, make sure to disable SIP
# 1. restart mac
# 2. hold command-R
# 3. run Terminal
# 4. execute command: csrutil disable

# once tun/tap is in place, you can install LZO

> cd ~/opt/src
> curl -O http://www.oberhumer.com/opensource/lzo/download/lzo-2.10.tar.gz
> tar zxf lzo-2.10.tar.gz
> cd lzo-2.10
> mkdir -p ~/opt/lzo
> ./configure --prefix=$HOME/opt/lzo
> make
> make install

# another piece of software we need is OpenSSL

> cd ~/opt/src
> git clone https://github.com/openssl/openssl.git
> cd openssl
> ./config --prefix=$HOME/opt/openssl
> make
> make install


# Install OpenVPN
# Download tar.gz from
# https://openvpn.net/index.php/download/community-downloads.html

> cd ~/opt/src
> curl -O https://swupdate.openvpn.org/community/releases/openvpn-2.4.6.tar.gz
> tar -zxf openvpn-2.4.6.tar.gz
> cd openvpn-2.4.6

# eventually, we can compile OpenVPN
# make sure to export CFLAGS and LDFLAGS in order to use
# our own installation of libs and headers

> export CFLAGS="-I/Applications/Xcode.app/Contents/Developer\
/Toolchains/XcodeDefault.xctoolchain/usr/lib/swift-migrator\
/sdk/MacOSX.sdk/usr/include\
 -I$HOME/opt/lzo/include -I$HOME/opt/openssl/include"

> export LDFLAGS="-L$HOME/opt/lzo/lib/ -L$HOME/opt/openssl/lib"

# eventually, you can configure and install OpenVPN

> ./configure --prefix=$HOME/opt/openvpn
> make
> make install

> ~/opt/openvpn/sbin/openvpn --version
OpenVPN 2.4.6 x86_64-apple-darwin17.4.0 ...
library versions: OpenSSL 3.0.0-dev xx XXX xxxx, LZO 2.10
...
...
...

That’s it.