Mac users have three options:



Tunnelblick

(Source code available on Tunnelblick's GitHub)

  • Download Tunnelblick from https://tunnelblick.net/downloads.html

  • Open your Downloads folder then open the .dmg disk image file you just downloaded

  • Start the installation by double-clicking on the Tunnelblick icon

  • Click "Open" when asked if you're sure you want to open an application you downloaded from the internet

  • Enter your password when prompted.
    You should now see a notification that the installation was successful, and the new Tunnelblick icon in the top right

  • If this is your first time using Tunnelblick, a window should pop up letting you know that you have no configuration files.
    Click 'I have configuration files' on this window and 'OK' on the next.

  • Next, download the cryptostorm OpenVPN configs.
    The ECC configs are at https://cryptostorm.is/configs/ecc/configs.zip
    The RSA configs are at https://cryptostorm.is/configs/rsa/configs.zip
    The Ed25519 configs are at https://cryptostorm.is/configs/ecc/ed25519/configs.zip
    The Ed448 configs are at https://cryptostorm.is/configs/ecc/ed448/configs.zip

    For information on these different configs, read https://cryptostorm.is/configs/
    The Ed25519 and Ed448 configs require OpenSSL 1.1.1, which was added to Tunnelblick 3.7.7beta05 build 5130 (2018-09-22).
    So if you want to use either of those, you will need at least Tunnelblick version 3.7.7beta05 build 5130.

    Open "configs.zip" with the default "Archive Utility". This will create a "configs" folder containing the OpenVPN configs.

  • Navigate to the 'configs' folder, then select the configs that you would like to use (or all of them) and drag them to the Tunnelblick icon

  • You'll be asked if you want to install these configs for just yourself, or all users on the system.
    The default "Only Me" is probably what you want.
    Be sure you also check the "Apply to all" box, otherwise this window will popup for each config file.

  • Enter your password again then you should see a notification that the configs were added successfully.

  • Before you connect, you should first tell Tunnelblick to use OpenSSL 1.1.1 instead of the default OpenSSL 1.0.2.
    Open Tunnelblick by left-clicking on the Tunnelblick icon and going to "VPN Details..."

  • Next, click the "Settings" button, then click the "OpenVPN version" drop down list.
    From that list, choose any of the ones that include "OpenSSL v1.1.1"


    Doing this will allow you to use the new Ed25519 or Ed448 configs.
    It will also allow you to use the new TLS cipher ChaCha20-Poly1305 for all configs.
    You can close that window now.

  • To begin connecting, left-click on the Tunnelblick icon and choose a node to connect to

  • When prompted for a username and password, enter your cryptostorm token as the username, and enter any random text for the password.
    Note: It's recommended that you first hash your token using the token hasher at https://cryptostorm.is/#section6 (under the teddy bear).
    Select "Save in Keychain" if you don't want to have to type in your token every time you connect to that node.

  • You're done! You should now be connected. Visit https://cryptostorm.is/test to verify that your IP has changed.



Viscosity

  • Visit https://www.sparklabs.com/viscosity/download/ to download Viscosity
    It's up to you if you want to download the 30-day free trial or buy it for $14

  • On the download page, click "Download Now" if you are using Mac OS 10.9 or newer.
    For older versions of Mac OS, use the "Legacy downloads for older operating systems" link.

  • Choose to open the .dmg file with the default "DiskImageMounter"

  • Follow the on-screen instructions to install Viscosity

  • Start Viscosity from LaunchPad

  • Click "Open" when asked if you are sure you want to open an application you downloaded from the internet.

  • If prompted, allow Viscosity to install or update it's helper tool, enter your password, then close the Welcome window.

    If you also installed Tunnelblick and imported the cryptostorm configs into that, allow Viscosity to import the configs from there so you can skip the next steps.

  • Next, download the cryptostorm OpenVPN configs.
    You can use the ECC configs from https://cryptostorm.is/configs/ecc/configs.zip
    or the RSA configs from https://cryptostorm.is/configs/rsa/configs.zip
    See https://cryptostorm.is/configs/ for information on the difference between these two.
    According to https://www.sparklabs.com/viscosity/releasenotes/mac/, the latest OpenSSL version included with Viscosity (as of writing this tutorial) is version 1.0.2o,
    so the Ed25519 and Ed448 configs can't be used, since they require OpenSSL 1.1.1

    Once you decide on the configs to use, open "configs.zip" with the default "Archive Utility". This will create a "configs" folder containing the OpenVPN configs.

  • Next, left-click on the Viscosity icon in the upper-right and click on "Preferences"

  • Then, click the "+" icon, and navigate to "Import Connection" then "From File..."

  • Navigate to your Downloads folder and select the "configs" folder, then click "Open"

  • Viscosity should tell you that the configs were imported successfully

  • Select the node you want to use with right-click then choose "Connect"

  • When prompted for a username and password, enter your cryptostorm token as the username, and enter any random text for the password.
    Note: It's recommended that you first hash your token using the token hasher at https://cryptostorm.is/#section6 (under the teddy bear).
    Select "Save in Keychain" if you don't want to have to type in your token every time you connect to that node.

  • You're done! Check with https://cryptostorm.is/test to verify that your IP has changed.



Terminal

  • Visit https://www.macports.org/install.php and follow the QuickStart instructions to install MacPorts.

  • Once you have MacPorts installed, open up Terminal and install OpenVPN 2 with the command:
    port install openvpn2

  • After OpenVPN is installed, you'll need TunTap installed to actually use it. Install TunTap with the command:
    port install tuntaposx
    Then, to configure TunTap to start automatically on boot, run the command:
    launchctl load -w /Library/LaunchDaemons/org.macports.tuntaposx.plist

  • Next, create a directory that will store the cryptostorm OpenVPN config files:
    mkdir -p /opt/local/etc/openvpn
    And change your current directory to the newly created one:
    cd /opt/local/etc/openvpn

  • Download the cryptostorm OpenVPN configs from either https://cryptostorm.is/configs/ecc/configs.zip or https://cryptostorm.is/configs/rsa/configs.zip
    See https://cryptostorm.is/configs/ for information on the difference between the two.
    wget https://cryptostorm.is/configs/ecc/configs.zip
    As with Viscosity, the OpenSSL version that MacPorts uses (1.0.2p) is too old to use the Ed25519 or Ed448 configs.
  • Unzip the configs.zip file:
    unzip configs.zip

  • Start OpenVPN, using one of the new configs as a paramater to the --config argument:
    openvpn2 --config /opt/local/etc/openvpn/Balancer_UDP.ovpn
  • When prompted for a username, enter your cryptostorm token.
    It's recommended that you first hash your token using the token hasher on https://cryptostorm.is/#section6 (under the teddy bear).
    When prompted for the password, enter any random text.

  • Once you see "Initialization Sequence Completed", you're connected!
    Check with https://cryptostorm.is/test/ to see that your IP has changed.