A bunch of scripts I use to build OpenVPN, to patch AirVPN *.ovpn files and to start a KillSwitch stolen from Eddie, the AirVPN official client.

Because I can and because Eddie on macOS is quite a unstable... so to speak.

$ brew install openvpn stunnel

Add to your ~/.bashrc or .bash_profile or .zshrc (if you're using ZSH) the following line:

export PATH=$(brew --prefix openvpn)/sbin:$PATH

Clone the OpenVPN repository (master or checkout a TAG to build stable release).

$ git clone https://github.com/OpenVPN/openvpn.git

Install dependencies with Homebrew

$ brew install automake autoconf libtool pkg-config libressl openssl lzo lz4 stunnel

Call the compiler script $ ./openvpn-build.sh

Add to your ~/.bashrc or .bash_profile or .zshrc (if you're using ZSH) the following line:

export PATH="/usr/local/sbin:$PATH"

macOS has built in it an old version on SSL, if you want the most recent downloaded with Homebrew add to your ~/.bashrc, .bash_profile or .zshrc (if you're using ZSH)

export PATH="/usr/local/opt/openssl/bin:$PATH"

The patch add the following 3 lines of code in the .ovpn file you've downloaded from AirVPN:

AirVPN_WhateverIsTheName.ovpn < patch-ovpn.patch

script-security 2
up "connect.sh"
down "disconnect.sh"

• script-security 2 allows external scripts to be executed.
• up "connect.sh" changes the DNS with the one provided by AirVPN - see section DNS LIST - changes the domain name to openvpn and start the PF firewall killswitch*.
• down "disconnect.sh" restore DNS and domain name to the original one and stops PF.

Change the DNS with the one provided by AirVPN and the network interface.

To list of all network interfaces $ networksetup -listallhardwareports and use the Hardware Port to configure the correct interface you're using to connect to internet (e.g. Wi-Fi not En0).

$ sudo networksetup -setv6off Wi-Fi

Again use the Hardware Port as shown in the previous section.

From inside the folder of this project place your ovpn files downloaded from AirVPN Client Area than from your termina cd into the folder and:

$ sudo openvpn AirVPN_WhateverIsTheName.ovpn

To quit the OpenVPN connection CTRL+C.

If you accidentally or voluntarily close the terminal, you can kill the OpenVPN processl later with:

$ sudo killall -2 openvpn

Translated in english: kill all openvpn processes as they where killed by a keyboard input CTRL+C.

AirVPN uses different DNS's depending on the protocol used for the connection. Change the connect.sh -setdnsservers section with the correspondent DNS based on the protocol you've selected on the configuration page of your account.

Protocol                  IP        DNS
Port 443  - Protocol UDP  10.4.*.*  10.4.0.1
Port 443  - Protocol TCP  10.5.*.*  10.5.0.1
Port 80   - Protocol UDP  10.6.*.*  10.6.0.1
Port 80   - Protocol TCP  10.7.*.*  10.7.0.1
Port 53   - Protocol UDP  10.8.*.*  10.8.0.1
Port 53   - Protocol TCP  10.9.*.*  10.9.0.1
Port 2018 - Protocol UDP  10.30.*.*  10.30.0.1

Port 2018 - Protocol TCP
Port 2018 - Protocol SSH
Port 2018 - Protocol SSL  10.50.*.*  10.50.0.1

This is a bit of a headache for me, seems to work fine to have a fine SSL connection with AirVPN but it's fairly unstable, especially with not so strong connection signal through Wi-Fi, and PF configuration sometimes works, sometimes stunnel and OpenVPN needs to renegotiate credentials and to reconnect with AirVPN servers.

Usually commenting the pfctl section on both connect.sh and disconnect.sh works better, unfortunately you'll lose the killswitch.

• TODO: further testing

• Before building a new OpenVPN version do a $ brew upgrade
• Always check that the DNS script is working on IPLeak
• It works perfectly for me, but in case of doubts I strongly encourage you to ask on AirVPN if this method is safe, there are a bunch of nice guys on their forum that will help in case of necessity.