Updated Mac OS X utilities list

  • Spectacle to set up key bindings for window tiling.
  • SmoothMouse to make mouse acceleration more Windows-like, instead of Mac OS X’s weird mouse behaviour.
  • ClamXav, a free and open source antivirus.
  • TunnelBlick to connect to OpenVPN networks.
  • Homebrew package manager.
  • Transmission, a free and open source BitTorrent client.
  • The Unarchiver to decompress most popular archive formats.
  • XQuartz, X.org system for Mac OS X
  • Burn to burn cd’s and dvd’s
  • Emacs, the best Emacs package for Mac OS X.

Quick notes on hardening OpenVPN

The following has been tested with OpenVPN version 2.3. It won’t work in earlier versions.

  • Create 3072 bit RSA keys instead of the default of 1024: Change KEY_SIZE parameter in easy-rsa/vars to 3072, before creating keys with easy-rsa.
  • Uses tls-auth configuration option to add extra protection to the TLS channel. More info here. To do this, generate a PSK with:
# openvpn --genkey --secret ta.key

This file goes into the folder with the rest of the keys.

  • Use well known and battle tested authentication digests and ciphers. The tls-cipher, auth and cipher options below accomplish this.
  • Make sure you secure the keys/ folder with the appropriate permissions.
  • Change the default port from 1194 to something else.
  • Create the /usr/local/etc/openvpn/jail/ folder that OpenVPN will chroot to after it starts. The ccd/ folder should be there, as well as a tmp/ folder:
# mkdir -p /usr/local/etc/openvpn/jail/{ccd,tmp}

Server configuration:

user nobody
group nobody
local myserver.com
port 2837
proto udp
dev tun
chroot /usr/local/etc/openvpn/jail
ca /usr/local/etc/openvpn/keys/ca.crt
cert /usr/local/etc/openvpn/keys/server.crt
key /usr/local/etc/openvpn/keys/server.key
dh /usr/local/etc/openvpn/keys/dh3072.pem
client-config-dir /ccd
server 10.8.0.0 255.255.0.0
#push "route 10.0.0.0 255.0.0.0"
keepalive 10 60
comp-lzo
persist-key
persist-tun
#client-to-client
tls-cipher TLS-DHE-RSA-WITH-AES-128-CBC-SHA
auth SHA256
cipher AES-128-CBC
tls-auth /usr/local/etc/openvpn/keys/ta.key 0
verb 3
mute 20

Client configuration:

client
dev tun
proto udp
remote myserver.com 2837
resolv-retry infinite
nobind
user nobody
group nobody
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
tls-auth ta.key 1
tls-cipher TLS-DHE-RSA-WITH-AES-128-CBC-SHA
auth SHA256
cipher AES-128-CBC
comp-lzo
verb 3
mute 20
keepalive 10 60