OpenVPN is a popular open-source VPN tool that’s great for secure browsing on both private and public networks. But sometimes, it can act up, especially on Macs. Understanding the problem from the error messages by yourself can be quite difficult. In this guide, I will help you fix common OpenVPN issues on Mac.
Does OpenVPN Work on Mac?
Yes, OpenVPN works on Macs. You can use it with third-party clients like Tunnelblick or Viscosity, or OpenVPN’s own app, OpenVPN Connect. These let you set up a secure VPN connection using configuration files from your VPN service.
How to Fix OpenVPN Not Working on Mac?
Start by checking the log files on your Mac. These logs are key to figuring out why OpenVPN isn’t working. There are two kinds: server logs and client logs. They’ll give you clues about what’s going wrong.
Server Log Files
On the OpenVPN Access Server, you’ll find the server log file located at: /var/log/openvpnas.log/var/log/openvpnas.node.log
Making a clean log file for analysis may be helpful if you’re having difficulties launching the Access Server or any of its components (such as web services). Start and stop the Access Server service once again after moving the log file. This will generate a fresh log file that solely contains the starting and shutdown procedures. Use your terminal to enter the following commands to do this:
mv /var/log/openvpnas.log /var/log/openvpnas.log.old
service openvpnas start
service openvpnas stop
Now, you can analyze /var/log/openvpnas.log and later start the Access Server again using:
service openvpnas start
Client Log Files on Mac
The log file for OpenVPN Connect Client on Mac can be found here:
However, Mac systems hide certain folders, making them inaccessible through the Finder. To access the /Library folder, do the following:
- Open Finder, and select Go from the menu, followed by Go to folder.
- Enter the path /Library and proceed.
- Additionally, OpenVPN Connect Client log files have permissions set to prevent normal opening. To override this, right-click the log file, select Get info, and under Sharing & Permissions, unlock the settings to grant read access.
Check the Error Message to fix OpenVPN Not Working on Mac
There are different errors that can occur that cause OpenVPN to stop working properly on your Mac, and they require different solutions. The following are the most common error messages as reported by OpenVPN itself:
1. TLS Error: TLS Key Negotiation Failed To Occur Within 60 Seconds (Check Your Network Connectivity)
This error suggests a failure in the TLS key negotiation process. The client program might be old and only supports TLS 1.0, whereas the server expects TLS 1.1 or higher. You can confirm this by checking the server-side log file for messages like:
OpenSSL: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
TLS_ERROR: BIO read tls_read_plaintext error
TLS Error: TLS object -> incoming plaintext read error
TLS Error: TLS handshake failed
SIGUSR1[soft,tls-error] received, client-instance restarting
If you find these messages, then you should update your client, you can do this by following the steps below but without deleting your current OpenVPN Connect app.
Time needed: 2 minutes
Alternatively, your OpenVPN client might be using an old connection profile with incorrect TLS settings. Reinstalling the OpenVPN Connect Client or updating the configuration profile can resolve this issue. Here’s how to do it:
- If you want to update the client, jump to the third step, otherwise, go to Finder > Applications and control-click the OpenVPN Connect app to select Move to Trash.
- Control-click Trash and select Empty Trash.
- Next, head to OpenVPN’s website and click the Download OpenVPN Connect v3.
- Follow the onscreen instructions in order to install the client. The OpenVPN not working on Mac issue should be solved.
Lastly, it might be that your firewall or Internet Service Provider may be blocking or interfering with the TLS handshake.
2. TLS Error: Local/Remote TLS Keys Are Out of Sync
This error occurs when the client and server fail to agree on the TLS key for encrypting and decrypting traffic. This could be due to a bug in the OpenVPN protocol. The solution is to update your client software (as we have shown above) and Access Server to the latest versions. As a last resort, you could also change the TLS key refresh interval in the Advanced VPN settings of the Admin UI, but be aware that this may lower security.
3. Server Poll Timeout
When trying to connect to an OpenVPN Access Server, the client sends a message requesting a reply. If you encounter a “server poll timeout” error message, it means that the server couldn’t be reached at the specified port, and thus OpenVPN will not be working on your Mac.
Check if the port is open, if the port number is correct, and if the address you’re trying to reach is accessible from the internet. Make sure that the Access Server is set up with a proper FQDN DNS name and not just a private IP address. Also, ensure that the necessary ports (TCP 443, TCP 943, and UDP 1194 by default) are open.
4. Authentication Error: Session: Your Session Has Expired, Please Reauthenticate
This error message indicates that your session token has expired. By default, the session token expires after 5 minutes of inactivity or after 24 hours. You can resolve this by re-authenticating or by adjusting the session token duration settings in the server configuration.
5. Unable To Obtain Session ID From vpn.yourserver.com, Ports=443
This error indicates that there is an issue with the server-locked connection profile being used. Ensure that there is a working HTTPS connection to the web services of the Access Server in order to fix the OpenVPN not working on Mac error. You might also encounter SSL handshake failures or other SSL errors, which may indicate a misconfiguration or interference with traffic by firewalls or proxies.
6. SESSION_ID Only Allowed To Be Used by Client IP Address That Created It
This error occurs when the session token offered by your client program was initially generated from a different IP address. OpenVPN Access Server uses a session-based token system for server-locked and user-locked profiles, and each token is locked to the IP address from which the original authentication attempt was made. To resolve this issue, you can disable the session token IP lock if you often switch between different internet connections.
7. Serial Number Not Found in DB
This error means that the certificate serial number is not known to the server, which can happen if you are using a certificate from a different Access Server or an old certificate from a previous installation. To resolve this, delete the wrong connection profile from your client computer and obtain a new one from the current Access Server installation.
8. XML-RPC: TimeoutError
This error indicates that the Access Server web interface’s XML-RPC interface is unreachable. This is necessary for server-locked profiles. Make sure that the web interface is reachable, or use user-locked or auto-login profiles in order to fix OpenVPN not working on Mac.
9. XML-RPC Function GetSession With 1 Arguments May Not Be Called at the Configured Relay Level
This error occurs when the XML-RPC function is set to disabled. To resolve this, you can enable at least limited functionality for XML-RPC calls in the client settings in the Admin UI.
10. See the Logfile “C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe.log” for Details
This error message suggests that you might be missing specific Microsoft Visual C++ Redistributable DLL library files. Make sure to use up-to-date software and update your Access Server to the latest version.
11. Open TAP Device “” PATH=”” FAILED TUN Error: Cannot Acquire TAP Handle EVENT: TUN_IFACE_CREATE Cannot Acquire TAP Handle [FATAL-ERR] 2021 EVENT: DISCONNECTED Client Exception in Transport_recv: Tun_exception: Not Connected
This error may occur if the OpenVPN Connect service stops or does not resume properly, often due to interference by antivirus software. If you are using ESET Antivirus, for example, you will need to adjust its settings or add an exclusion for the OpenVPN client.
In summary, if OpenVPN is not working on your Mac, start by checking the log files. Understand the error messages and use the information provided above to address common issues. Always ensure that both your client software and Access Server are up-to-date, as this can resolve many problems related to TLS key negotiation. For further reading, we recommend checking out how to use Opera as a VPN for your iPhone.
Why Does OpenVPN Keep Dropping Connection?
There are a few reasons why OpenVPN might keep losing its connection. It could be a shaky internet connection, wrong setup settings, firewall blocks, or problems on the VPN server’s end. Sometimes, your Mac’s power settings might also cause disconnections if it goes to sleep.
To fix this, check your internet connection, make sure your OpenVPN settings are right, adjust your firewall, and maybe try a different server. If you’re still having trouble, you might want to try a different VPN like ExpressVPN for a more stable connection.
What VPN does Mac support?
Mac supports a wide range of VPN protocols including IKEv2, IPsec, and L2TP over IPsec natively through its network settings. Additionally, by using third-party VPN clients, you can use other protocols like OpenVPN and WireGuard. There are also numerous VPN services with dedicated Mac clients, including but not limited to, Intego Privacy Protection, ExpressVPN, and CyberGhost, which support various protocols and offer additional features.