How to set up VPN for macOS with Veltar: A step-by-step guide

It’s common for a team to be scattered across the globe, working from different locations. But your company’s sensitive data is just a click away from potential threats. To keep it all safe, setting up a secure VPN for macOS is important. 

But don’t stress. Let’s check out how you can effortlessly configure a VPN for macOS using Veltar, ensuring that your network stays locked down and your team stays connected, no matter where they are.

How to set up VPN for macOS with Veltar

How to set up the server

To enable managed devices to access internal resources, the first step is to configure the Veltar VPN server. Here’s a quick guide to set it up:

1. Access Scalefusion dashboard: Navigate to Veltar > VPN Tunnel and click on Setup VPN Server.
2. Download and install Veltar VPN server:
   • Download the Veltar VPN package on your server.
   • Install the required dependencies by running:

sudo apt-get update

sudo apt-get install wireguard wireguard-tools

3. Install Veltar VPN server:
   • Run the following command to install:

sudo dpkg -i veltar-vpn_X.X.X_amd64.deb

4. Configuration:
   • Use the command sudo veltar-vpn-ctl setup to start the setup process.
   • Enter the required domain/IP, choose HTTP or HTTPS, and configure the SSL certificates.
5. Complete setup:
   • Generate the API Bearer Token for Scalefusion MDM integration:

sudo veltar-vpn-ctl api-token-display

By completing these steps, the server setup is now ready for integrating Veltar VPN with Scalefusion.

Pre-requisites

Before setting up the VPN on macOS devices, ensure the following prerequisites are met:

1. Enrollment modes: The macOS device must be enrolled in one of the supported enrollment modes:
   • BYOD (Bring Your Own Device)
   • AUE (Apple User Enrollment)
   • User Authenticated
   • DEP/ADE (Device Enrollment Program/Automated Device Enrollment)
2. Minimum Agent App Version: Ensure the Scalefusion macOS agent is version v4.11.8 or above.
3. Device Profile: Create a device profile for macOS on the Scalefusion Dashboard. This profile will allow you to configure and push the VPN settings to the device.
4. User Group: The device must be added to the appropriate User Group, as VPN configurations can only be published to devices within a User Group.

With these prerequisites in place, you’re ready to proceed with the VPN configuration setup for your macOS devices.

How to set up VPN on macOS

Follow these steps to set up VPN for macOS devices:

Step 1: Create VPN config

1. Navigate to the VPN section: On the Scalefusion Dashboard, go to Veltar > VPN Tunnel and click on Create VPN Config.

2. Setup VPN config: Fill in the details under the following tabs:

• VPN server details:
  • VPN Host address: Enter the IP address or domain name of the VPN server that devices will connect to.
  • API Access Token: Enter the unique identifier for authenticating API calls.
  • API Port: Specify the network port on the server for handling API requests.

• Click Next.
• Tunnel details:
  • Tunnel name: Choose a name for the VPN tunnel.
  • IP Address: Enter the base IP address for the tunnel, which will be auto-generated for each device.
  • Listen port: Enter the port number on the server that will accept incoming connections.

• Click Next.
• Peer details:
  • Allowed IPs: Define the IPs that should pass through the VPN tunnel (note: range is not supported).
  • DNS servers: If using an on-premise DNS server, enter its details; otherwise, leave it blank.
  • Persistent keep-alive time: Set the idle time for keeping the connection active when not in use (default is 60 seconds).

• Connection settings:
  • Auto-connect to VPN on device reboot: Enable this to automatically connect to the VPN after a device restart.
  • Allow users to disconnect from VPN: Enable or disable user control over VPN disconnection. Disabling this forces an always-on connection.

3. Save configuration: After entering all the details, click Save. The VPN configuration will now be listed on the main VPN Tunnel page, with details such as Tunnel Name, IP: Port, Total Peers, Sent/Received data, and more.

Step 2: Publish VPN configuration

1. Publish VPN: To apply the created VPN configuration, click the three dots under Actions and select Publish.

2. Select user groups: In the new window, choose the User Group(s) where the configuration should be applied.

3. Confirm: Click Publish to deploy the VPN configuration to the selected User Groups.

Additional actions

• Edit: Modify only peer details if necessary.
• Delete: Remove the VPN configuration and unpublish it from the devices.

User experience on device

• Once the VPN configuration is published, a new section for Veltar will appear inside the Scalefusion Agent. Toggle on Secure VPN to activate the VPN.

Event logs

1. View logs: For detailed logs on VPN access, click the Event Logs tab under VPN Tunnel. These logs help in security monitoring, troubleshooting, and performance optimization.
2. Log details: View event logs that include information such as device name, connection status, data usage (downloads/uploads), and the connection time.

Summary view

• Connection and usage overview: The summary view gives a quick glance at VPN tunnel usage, including:
  • Total VPN connections: Count of unique connections to VPN tunnels.
  • Active connections: Displays currently active connections.
  • Usage details: Cumulative usage, download/upload data, and the most/least used tunnels.

Event info and filters

• Filters: Use filtering options to sort event logs by tunnel, connection status, date range, or search by device name or IP address.
• Download report: Download a CSV file with filtered log data for up to 7 days.

With these steps completed, your macOS device will be securely connected to the VPN, and you’ll be able to track its performance and usage through Veltar’s VPN Tunnel Dashboard

Wrapping up your macOS VPN setup

Setting up a VPN for macOS devices doesn’t have to be complicated. By following the steps outlined, you can easily establish a secure connection for your devices, protecting both your company’s data and your users. 

Veltar makes it simple to manage and monitor your VPN configurations, giving you full control over your macOS devices. With the right setup, you’ll have the confidence that your devices are safe and your network is secure, no matter where your team is working from.