OpenVPN with homebrew on OS X 10.10 Yosemite

If you upgraded to Yosemite and you are using OpenVPN which you compiled and installed with homebrew you may have noticed it stopped working. Thats because the tun and tap kernel extensions it depends on don’t load…

Yosemite no longer permits unsigned kernel extensions to run. That includes kernel extensions you compile yourself. Signing the extensions can only be done with an Apple Developer account. And even than it will only be loaded on your own machine until Apple approves the extension.
You can read more about it on the homebrew issue

Putting aside the debate about this move by apple being good or bad you now have 2 options:

1. Completely disable kernel extension signature checks, with all the security implications that come with it, by setting an nvram variable and reboot:

sudo nvram boot-args="kext-dev-mode=1"

2. Get signed kernel extensions from somewhere…

Grab the beta version of tunnelblick from sourceforge. Dig out of the app in the dmg file the tap-signed.kext and tun-signed.kext extensions ( hint: its under Tunnelblick.app/Contents/Resources ) and place those under /Library/Extensions. I also renamed them simply tap.kext and tun.kext.

Add two launchd files to load the modules at startup in /Library/LaunchDaemons. Apparently the old method suggested by homebrew no longer works and to be honest was always ugly. Credits go to this german website I can’t read.

Now load the new services:

sudo launchctl load -w com.tuntap.tun.kext.plist
sudo launchctl load -w com.tuntap.tap.kext.plist