TweetFollow Us on Twitter

DIY: OpenVPN Server How to turn OS X client into an OpenVPN server

Volume Number: 23 (2007)
Issue Number: 12
Column Tag: Networking

DIY: OpenVPN Server

How to turn OS X client into an OpenVPN server

by Ben Greisler

Security is important!

To paraphrase Steve Ballmer, "Security! Security! Security!"

In this episode of DIY Computing we will be putting together an OpenVPN server running on OS X (client). To quote openvpn.net: "OpenVPN is a full-featured SSL VPN which implements OSI layer 2 or 3 secure network extension using the industry standard SSL/TLS protocol, supports flexible client authentication methods based on certificates, smart cards, and/or username/password credentials, and allows user or group-specific access control policies using firewall rules applied to the VPN virtual interface."

Like most other projects similar to this, there are many, many configuration options. In this article we will do enough to get a functional VPN running and use it as the basis for additional exploration.

Collecting the pieces

This OpenVPN server was set up on a fully patched 10.4.10 install running on a G4 AGP (PPC) that I had hanging around. This is a perfect machine to put back to work. I wanted to test on an Intel machine, but I didn't have one available to play with. The process for installation on an Intel machine should be identical to the PPC with any exceptions noted.

Before installing the OpenVPN software, I downloaded the latest Macports (1.5.0, macports.org) and Apple Developer tools (Xcode 2.5 Developer Preview). I ended up using the preview version of Xcode simply because I already had it downloaded, but the 2.4.1 version should work as well. I also downloaded the nice tun/tap package from: http://www-user.rhrk.uni-kl.de/~nissler/tuntap/. I used the stable Tiger version for PPC, but if you are on Intel there is a Universal version available too. The developers of the package do note that they have had some crashing issues, so tread carefully if you are in a production environment. Test, test, test!

We could have installed OpenVPN without using Macports, but using it makes life a little easier as Macports takes care of any dependencies that also may need to be installed, such as lzo2, openssl and zlib.

For the client machine, we are going to use Tunnelblick, a gui for OpenVPN. It can be downloaded from tunnelblick.net. Tunnelblick is pretty much self-contained. It has OpenVPN, the tun/tap drivers from Nissler and the appropriate scripts to make everything work.

Installation

We start with a fully patched install of 10.4.10 and then install the Xcode Tools (developer.apple.com).

At this point adjust the Energy Saver preferences to not allow the computer to go to sleep.

With the Developer Tools in place, we can install Macports. If you are not familiar with Macports, refer to the website (www.macports.org) for installation instructions, requirements and usage information. Check for updates:

sudo port update

With Macports in place, I checked for the availability of openvpn:

testbeds-G4:~ testbed$ sudo port search openvpn
openvpn  net/openvpn 1.6.0 easy-to-use, robust, and highly configurable VPN
openvpn2  net/openvpn2   2.0.9 easy-to-use, robust, and highly configurable VPN

As we can see, we are given our choice of two versions of openvpn. The one we want is openvpn2:

testbeds-G4:~ testbed$ sudo port install openvpn2
--->  Fetching lzo2
--->  Attempting to fetch lzo-2.02.tar.gz from http://www.oberhumer.com/opensource/lzo/download/
--->  Verifying checksum(s) for lzo2
--->  Extracting lzo2
--->  Configuring lzo2
--->  Building lzo2 with target all
--->  Staging lzo2 into destroot
--->  Installing lzo2 2.02_1+darwin_8
--->  Activating lzo2 2.02_1+darwin_8
--->  Cleaning lzo2
--->  Fetching zlib
--->  Attempting to fetch zlib-1.2.3.tar.bz2 from http://www.zlib.net/
--->  Verifying checksum(s) for zlib
--->  Extracting zlib
--->  Applying patches to zlib
--->  Configuring zlib
--->  Building zlib with target all
--->  Staging zlib into destroot
--->  Installing zlib 1.2.3_1
--->  Activating zlib 1.2.3_1
--->  Cleaning zlib
--->  Fetching openssl
--->  Attempting to fetch openssl-0.9.8e.tar.gz from http://www.openssl.org/source/
--->  Verifying checksum(s) for openssl
--->  Extracting openssl
--->  Applying patches to openssl
--->  Configuring openssl
--->  Building openssl with target all
--->  Staging openssl into destroot
--->  Installing openssl 0.9.8e_0+darwin_8
--->  Activating openssl 0.9.8e_0+darwin_8
--->  Cleaning openssl
--->  Fetching openvpn2
--->  Attempting to fetch openvpn-2.0.9.tar.gz from http://www.openvpn.net/release/
--->  Verifying checksum(s) for openvpn2
--->  Extracting openvpn2
--->  Configuring openvpn2
--->  Building openvpn2 with target all
--->  Staging openvpn2 into destroot
--->  Installing openvpn2 2.0.9_1+darwin_8
--->  Activating openvpn2 2.0.9_1+darwin_8
--->  Cleaning openvpn2

You don't have to do the next step, but I like moving the files to a more convenient location:

testbeds-G4:/etc testbed$ sudo cp -r  /opt/local/share/doc/openvpn2/ /etc/openvpn/

Now we can install the tun/tap drivers from the package downloaded. You can choose to install the tun or tap kexts individually along with the startup items, or do what I did and use the .mpkg to install all of them. That will give more flexibility in future configurations. The tun and tap kexts will be installed in /Library/Extension and the startup items will be installed in /System/Library/StartupItems.


Figure 1: Tun and tap installer packages

We need to generate the keys and certificates for the server and clients. To make things a little easier, I edited the vars file in /etc/openvpn/easy-rsa to reflect my location and email address. This will give us the defaults when we set up the security items. We now get to work on the PKI (public key infrastructure) and build the certificate authority (CA). Note that I used "OpenVPN-CA" for the Common Name:

testbeds-G4:/etc/openvpn/easy-rsa testbed$ . ./vars

NOTE: when you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/keys

testbeds-G4:/etc/openvpn/easy-rsa testbed$ sudo ./clean-all
testbeds-G4:/etc/openvpn/easy-rsa testbed$ sudo ./build-ca
Generating a 1024 bit RSA private key
.....++++++
.......++++++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [NA]:PA  
Locality Name (eg, city) [ANYTOWN]:
Organization Name (eg, company) [OpenVPN-TEST]:
Organizational Unit Name (eg, section) []:.
Common Name (eg, your name or your server's hostname) []:OpenVPN-CA
Email Address [vpnadmin@greisler.org]:
testbeds-G4:/etc/openvpn/easy-rsa testbed$ ls -l
total 160
drwxr-xr-x   23 root  wheel   782 Aug 12 13:53 2.0
-rw-r--r--    1 root  wheel  6075 Aug 12 13:53 README
drwxr-xr-x   14 root  wheel   476 Aug 12 13:53 Windows
-rwxr-xr-x    1 root  wheel   242 Aug 12 13:53 build-ca
-rwxr-xr-x    1 root  wheel   228 Aug 12 13:53 build-dh
-rwxr-xr-x    1 root  wheel   529 Aug 12 13:53 build-inter
-rwxr-xr-x    1 root  wheel   516 Aug 12 13:53 build-key
-rwxr-xr-x    1 root  wheel   424 Aug 12 13:53 build-key-pass
-rwxr-xr-x    1 root  wheel   695 Aug 12 13:53 build-key-pkcs12
-rwxr-xr-x    1 root  wheel   662 Aug 12 13:53 build-key-server
-rwxr-xr-x    1 root  wheel   466 Aug 12 13:53 build-req
-rwxr-xr-x    1 root  wheel   402 Aug 12 13:53 build-req-pass
-rwxr-xr-x    1 root  wheel   280 Aug 12 13:53 clean-all
drwx------    6 root  wheel   204 Aug 12 14:40 keys
-rw-r--r--    1 root  wheel   264 Aug 12 13:53 list-crl
-rw-r--r--    1 root  wheel   268 Aug 12 13:53 make-crl
-rw-r--r--    1 root  wheel  7487 Aug 12 13:53 openssl.cnf
-rw-r--r--    1 root  wheel   268 Aug 12 13:53 revoke-crt
-rwxr-xr-x    1 root  wheel   593 Aug 12 13:53 revoke-full
-rwxr-xr-x    1 root  wheel   411 Aug 12 13:53 sign-req
-rw-r--r--    1 root  wheel  1269 Aug 12 14:22 vars
testbeds-G4:/etc/openvpn/easy-rsa/keys root# ls -l
total 24
-rw-r--r--   1 root  wheel  1233 Aug 12 14:40 ca.crt
-rw-------   1 root  wheel   887 Aug 12 14:40 ca.key
-rw-r--r--   1 root  wheel     0 Aug 12 14:39 index.txt
-rw-r--r--   1 root  wheel     3 Aug 12 14:39 serial

Now let's build the server certificate and key. Note that I used "server" as the Common Name:

testbeds-G4:/etc/openvpn/easy-rsa testbed$ sudo ./build-key-server server Password: Generating a 1024 bit RSA private key ..................++++++ ....................++++++ writing new private key to 'server.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [US]: State or Province Name (full name) [NA]:PA Locality Name (eg, city) [ANYTOWN]: Organization Name (eg, company) [OpenVPN-TEST]: Organizational Unit Name (eg, section) []:. Common Name (eg, your name or your server's hostname) []:server Email Address [vpnadmin@greisler.org]: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: Using configuration from /etc/openvpn/easy-rsa/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName :PRINTABLE:'US' stateOrProvinceName :PRINTABLE:'PA' localityName :PRINTABLE:'ANYTOWN' organizationName :PRINTABLE:'OpenVPN-TEST' commonName :PRINTABLE:'server' emailAddress :IA5STRING:'vpnadmin@greisler.org' Certificate is to be certified until Aug 9 18:55:31 2017 GMT (3650 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated testbeds-G4:/etc/openvpn/easy-rsa/keys root# ls -l total 80 -rw-r--r-- 1 root wheel 3640 Aug 12 14:55 01.pem -rw-r--r-- 1 root wheel 1233 Aug 12 14:40 ca.crt -rw------- 1 root wheel 887 Aug 12 14:40 ca.key -rw-r--r-- 1 root wheel 100 Aug 12 14:55 index.txt -rw-r--r-- 1 root wheel 21 Aug 12 14:55 index.txt.attr -rw-r--r-- 1 root wheel 0 Aug 12 14:39 index.txt.old -rw-r--r-- 1 root wheel 3 Aug 12 14:55 serial -rw-r--r-- 1 root wheel 3 Aug 12 14:39 serial.old -rw-r--r-- 1 root wheel 3640 Aug 12 14:55 server.crt -rw-r--r-- 1 root wheel 676 Aug 12 14:55 server.csr -rw------- 1 root wheel 887 Aug 12 14:55 server.key

Now let's build the server certificate and key. Note that I used "client" as the Common Name. For each client certificate and key, use a different Common Name (ie: client1, client2, bob, fred, etc):

testbeds-G4:/etc/openvpn/easy-rsa testbed$ sudo ./build-key client
Generating a 1024 bit RSA private key
................................................++++++
.......++++++
writing new private key to 'client.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [NA]:PA
Locality Name (eg, city) [ANYTOWN]:
Organization Name (eg, company) [OpenVPN-TEST]:
Organizational Unit Name (eg, section) []:.
Common Name (eg, your name or your server's hostname) []:client
Email Address [vpnadmin@greisler.org]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'US'
stateOrProvinceName   :PRINTABLE:'PA'
localityName          :PRINTABLE:'ANYTOWN'
organizationName      :PRINTABLE:'OpenVPN-TEST'
commonName            :PRINTABLE:'client'
emailAddress          :IA5STRING:'vpnadmin@greisler.org'
Certificate is to be certified until Aug  9 18:59:59 2017 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
testbeds-G4:/etc/openvpn/easy-rsa/keys root# ls -l
total 128
-rw-r--r--   1 root  wheel  3640 Aug 12 14:55 01.pem
-rw-r--r--   1 root  wheel  3541 Aug 12 15:00 02.pem
-rw-r--r--   1 root  wheel  1233 Aug 12 14:40 ca.crt
-rw-------   1 root  wheel   887 Aug 12 14:40 ca.key
-rw-r--r--   1 root  wheel  3541 Aug 12 15:00 client.crt
-rw-r--r--   1 root  wheel   676 Aug 12 14:59 client.csr
-rw-------   1 root  wheel   891 Aug 12 14:59 client.key
-rw-r--r--   1 root  wheel   200 Aug 12 15:00 index.txt
-rw-r--r--   1 root  wheel    20 Aug 12 15:00 index.txt.attr
-rw-r--r--   1 root  wheel    21 Aug 12 14:55 index.txt.attr.old
-rw-r--r--   1 root  wheel   100 Aug 12 14:55 index.txt.old
-rw-r--r--   1 root  wheel     3 Aug 12 15:00 serial
-rw-r--r--   1 root  wheel     3 Aug 12 14:55 serial.old
-rw-r--r--   1 root  wheel  3640 Aug 12 14:55 server.crt
-rw-r--r--   1 root  wheel   676 Aug 12 14:55 server.csr
-rw-------   1 root  wheel   887 Aug 12 14:55 server.key

Now build the Diffie Hellman parameters:

testbeds-G4:/etc/openvpn/easy-rsa testbed$ sudo ./build-dh
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
................+...........................+............................
<lots of dots removed to prevent boredom>
.......................................................+...+..++*++*++*
testbeds-G4:/etc/openvpn/easy-rsa/keys root# ls -l
total 136
-rw-r--r--   1 root  wheel  3640 Aug 12 14:55 01.pem
-rw-r--r--   1 root  wheel  3541 Aug 12 15:00 02.pem
-rw-r--r--   1 root  wheel  1233 Aug 12 14:40 ca.crt
-rw-------   1 root  wheel   887 Aug 12 14:40 ca.key
-rw-r--r--   1 root  wheel  3541 Aug 12 15:00 client.crt
-rw-r--r--   1 root  wheel   676 Aug 12 14:59 client.csr
-rw-------   1 root  wheel   891 Aug 12 14:59 client.key
-rw-r--r--   1 root  wheel   245 Aug 12 15:06 dh1024.pem
-rw-r--r--   1 root  wheel   200 Aug 12 15:00 index.txt
-rw-r--r--   1 root  wheel    20 Aug 12 15:00 index.txt.attr
-rw-r--r--   1 root  wheel    21 Aug 12 14:55 index.txt.attr.old
-rw-r--r--   1 root  wheel   100 Aug 12 14:55 index.txt.old
-rw-r--r--   1 root  wheel     3 Aug 12 15:00 serial
-rw-r--r--   1 root  wheel     3 Aug 12 14:55 serial.old
-rw-r--r--   1 root  wheel  3640 Aug 12 14:55 server.crt
-rw-r--r--   1 root  wheel   676 Aug 12 14:55 server.csr
-rw-------   1 root  wheel   887 Aug 12 14:55 server.key

The files in the "keys/" folder are distributed as such:

Server: ca.crt, ca.key (secret), dh1024.pem server.key (secret) and server.crt (these files can stay in the /keys folder)

Client: ca.crt, client.key (secret) and client.crt (these will be moved in a secure manner to the client machine)

We now get to work on the configuration files for the server and client. I suggest starting with the sample config files contained in the /openvpn/sample-config-files folder. The sample server config is called server.conf. Make a copy of the server.conf file and place it in /etc/openvpn then edit the file to reflect the location of the server certificates, key and DH parameters:

<clip>
# SSL/TLS root certificate (ca), certificate
# (cert), and private key (key).  Each client
# and the server must have their own cert and
# key file.  The server and all clients will
# use the same ca file.
# 
# See the "easy-rsa" directory for a series
# of scripts for generating RSA certificates
# and private keys.  Remember to use
# a unique Common Name for the server
# and each of the client certificates.
# 
# Any X509 key management system can be used.
# OpenVPN can also use a PKCS #12 formatted key file
# (see "pkcs12" directive in man page).
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key  # This file should be kept secret
# Diffie hellman parameters.
# Generate your own with:
#   openssl dhparam -out dh1024.pem 1024
# Substitute 2048 for 1024 if you are using
# 2048 bit keys.
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
</clip>

In this article we are keeping to the basics, but you should review the server.conf file and look at the choices. The sample file on which we are basing our server.conf file on states that the VPN virtual IP range will be in the 10.8.0.0/24 subnet. The VPN will be listening on port 1194 UPD. All this can be changed as long as the changes are reflected in the client config file and the network can support it. OpenVPN will default to Blowfish encryption unless changed. Also, the file says that we are building a tunnel (tun) rather than bridging (tap).

With the server.conf file set, we can start the vpn server. For production use you will want to make a StarupItem to start it on boot:

testbeds-G4:/etc/openvpn/ testbed$ sudo openvpn2 /etc/openvpn/server.conf
Password:
Sun Aug 12 15:59:13 2007 OpenVPN 2.0.9 powerpc-apple-darwin8.10.0 [SSL] [LZO] built on Aug 12 2007
Sun Aug 12 15:59:14 2007 Diffie-Hellman initialized with 1024 bit key
Sun Aug 12 15:59:14 2007 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Aug 12 15:59:14 2007 gw 192.168.254.1
Sun Aug 12 15:59:14 2007 TUN/TAP device /dev/tun0 opened
Sun Aug 12 15:59:14 2007 /sbin/ifconfig tun0 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
Sun Aug 12 15:59:14 2007 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
Sun Aug 12 15:59:14 2007 /sbin/ifconfig tun0 10.8.0.1 10.8.0.2 mtu 1500 netmask 255.255.255.255 up
Sun Aug 12 15:59:14 2007 /sbin/route add -net 10.8.0.0 10.8.0.2 255.255.255.0
add net 10.8.0.0: gateway 10.8.0.2
Sun Aug 12 15:59:14 2007 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Aug 12 15:59:14 2007 UDPv4 link local (bound): [undef]:1194
Sun Aug 12 15:59:14 2007 UDPv4 link remote: [undef]
Sun Aug 12 15:59:14 2007 MULTI: multi_init called, r=256 v=256
Sun Aug 12 15:59:14 2007 IFCONFIG POOL: base=10.8.0.4 size=62
Sun Aug 12 15:59:14 2007 IFCONFIG POOL LIST
Sun Aug 12 15:59:14 2007 Initialization Sequence Completed

We need to modify the client config file with the location of the vpn server and the keys and certificates:

# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote greisler.org 1194
;remote my-server-2 1194

Copy the client.conf file along with ca.crt, client.crt and client.key files to ~/Library/openvpn on the client machine. Then install Tunnelblick. When you start Tunnelblick for the first time and you don't have the client.conf file in place, it was ask you to do it or it will install a sample file for you. Once Tunnelblick is started, you will have a small tunnel icon in the upper right side menu bar. Click on it and it will allow you to start the tunnel. If the tunnel connects correctly, the center of the tunnel icon goes clear as in a "light at the end of the tunnel." You can click on Details to see log info and modify the config file.


Figure 2: Location and structure of the client.conf and pki files for Tunnelblick


Figure 3: A successful OpenVPN tunnel connection

To test the connection you can ping the client machine from the server and vice-versa keeping in mind that the server is now 10.8.0.1 and the clients ip can be checked by checking the tun0 interface:

computator1:~ magikben$ ifconfig tun0
tun0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 10.8.0.6 --> 10.8.0.5 netmask 0xffffffff 
        open (pid 4801)
computator1:~ magikben$ ping 10.8.0.1
PING 10.8.0.1 (10.8.0.1): 56 data bytes
64 bytes from 10.8.0.1: icmp_seq=0 ttl=64 time=98.426 ms
64 bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=42.783 ms
64 bytes from 10.8.0.1: icmp_seq=2 ttl=64 time=5.103 ms
^C
--- 10.8.0.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 5.103/48.771/98.426/38.333 ms
testbeds-G4:~ testbed$ ping 10.8.0.6
PING 10.8.0.6 (10.8.0.6): 56 data bytes
64 bytes from 10.8.0.6: icmp_seq=0 ttl=64 time=71.537 ms
64 bytes from 10.8.0.6: icmp_seq=1 ttl=64 time=197.671 ms
64 bytes from 10.8.0.6: icmp_seq=2 ttl=64 time=40.110 ms
64 bytes from 10.8.0.6: icmp_seq=3 ttl=64 time=45.709 ms
64 bytes from 10.8.0.6: icmp_seq=4 ttl=64 time=64.629 ms
^C
--- 10.8.0.6 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 40.110/83.931/197.671/58.042 ms

Putting the VPN to work

This configuration will work but you might need to look at a few other issues that will impact actual usage. You may need to add routing statements so VPN clients can get to resources beyond the actual VPN server. You may need to adjust the PKI to better meet your needs. As it is the setup we just did can possibly be a target for man-in-the-middle attacks since there is nothing that verifies the server certificate; this was even pointed out in the logs along with where to look to solve this (http://openvpn.net/howto.html#mitm). The test environment had a single interface G4 as the VPN server and thus I had to port forward UDP 1194 to server for outside access.

Go ahead and try it out. There are many good sources on the net to find out additional information, the OpenVPN.net site being one of the best. One of the few downsides to OpenVPN is that it is fairly hands-on and it doesn't lend itself to easy administration of users with all configurations occurring via command line. There are a few GUI's available, but I didn't have a chance to get them running in time for this article, plus a number of them are Windows only.


Ben has been everything from a Mac user to CTO of one of the leading Macintosh professional services firms. Besides writing an occasional article for MacTech, you can find him presenting at Macworld or consulting with clients around the world. You can reach him at ben@greisler.org.

 
AAPL
$102.99
Apple Inc.
+0.52
MSFT
$44.38
Microsoft Corpora
-0.50
GOOG
$532.71
Google Inc.
+6.17

MacTech Search:
Community Search:

Software Updates via MacUpdate

Evernote 5.6.2 - Create searchable notes...
Evernote allows you to easily capture information in any environment using whatever device or platform you find most convenient, and makes this information accessible and searchable at anytime, from... Read more
OmniOutliner 4.1.3 - Organize your ideas...
OmniOutliner is a flexible program for creating, collecting, and organizing information. Give your creativity a kick start by using an application that's actually designed to help you think. It's... Read more
BBEdit 11.0 - Powerful text and HTML edi...
BBEdit is the leading professional HTML and text editor for the Mac. Specifically crafted in response to the needs of Web authors and software developers, this award-winning product provides a... Read more
Apple Security Update 2014-005 - For OS...
Apple Security Update is recommended for all users and improves the security of Mac OS X. For information on the security content of this update, please visit this website: http://support.apple.com/... Read more
EyeTV 3.6.6 - Watch and record TV on you...
EyeTV brings a rich TV experience to your Mac. Watch live TV on your Mac. Pause, rewind, and record whenever you want. EyeTV gives you powerful control over what you watch and how you watch it. Put... Read more
RapidWeaver 6.0 - Create template-based...
RapidWeaver is a next-generation Web design application to help you easily create professional-looking Web sites in minutes. No knowledge of complex code is required, RapidWeaver will take care of... Read more
NTFS 12.0.39 - Provides full read and wr...
Paragon NTFS breaks down the barriers between Windows and OS X. Paragon NTFS effectively solves the communication problems between the Mac system and NTFS, providing full read and write access to... Read more
RestoreMeNot 2.0.3 - Disable window rest...
RestoreMeNot provides a simple way to disable the window restoration for individual applications so that you can fine-tune this behavior to suit your needs. Please note that RestoreMeNot is designed... Read more
Command-C 1.1.5 - Clipboard sharing tool...
Command-C is a revolutionary app which makes easy to share your clipboard between iOS and OS X using your local WiFi network, even if the app is not currently opened. Copy anything (text, pictures,... Read more
Macgo Blu-ray Player 2.10.9.1750 - Blu-r...
Macgo Mac Blu-ray Player can bring you the most unforgettable Blu-ray experience on your Mac. Overview Macgo Mac Blu-ray Player can satisfy just about every need you could possibly have in a Blu-ray... Read more

Latest Forum Discussions

See All

Pro Strategy Football 2014 (Games)
Pro Strategy Football 2014 2014.141001 Device: iOS Universal Category: Games Price: $4.99, Version: 2014.141001 (iTunes) Description: Take the proven strategy of the PSF franchise and add in Casual Play, improved graphics and... | Read more »
Super Glyph Quest (Games)
Super Glyph Quest 1.01 Device: iOS Universal Category: Games Price: $2.99, Version: 1.01 (iTunes) Description: Adventure is back Questers! Combine elemental glyphs together to cast powerful spells and vanquish adorable monsters in... | Read more »
Fighting Fantasy: Caverns of the Snow Wi...
Fighting Fantasy: Caverns of the Snow Witch 1.0 Device: iOS Universal Category: Games Price: $5.99, Version: 1.0 (iTunes) Description: Travel to Northern Allansia’s perilous Icefinger Mountains to defeat the wicked Snow Witch in this... | Read more »
Star Warfare 2: Payback Review
Star Warfare 2: Payback Review By Blake Grundman on October 22nd, 2014 Our Rating: :: ONE-TRICK PONYUniversal App - Designed for iPhone and iPad Unfortunately, it doesn’t take long for Star Warfare 2’s free-firing fun to turn into... | Read more »
TinType by Hipstamatic (Photography)
TinType by Hipstamatic 1.0 Device: iOS iPhone Category: Photography Price: $.99, Version: 1.0 (iTunes) Description: Create hauntingly beautiful, soul capturing portraits with TinType by Hipstamatic. Inspired by daguerreotypes,... | Read more »
The Latest Update for Heroes of Dragon A...
The Latest Update for Heroes of Dragon Age Introduces Daily PvE Challenges Posted by Ellis Spice on October 22nd, 2014 [ permalink ] | Read more »
Bee Brilliant Review
Bee Brilliant Review By Jennifer Allen on October 22nd, 2014 Our Rating: :: SAMEY MATCH-3Universal App - Designed for iPhone and iPad Want even more Match-3 gaming and fancy a bee based twist? Bee Brilliant is that game. Don’t... | Read more »
A New Trailer has Been Revealed for Epic...
A New Trailer has Been Revealed for Epic of Kings Posted by Jessica Fisher on October 22nd, 2014 [ permalink ] Dead Mage Inc. has released a new, action-packed trailer for the upcoming Epic of Kings. | Read more »
Find the Line Review
Find the Line Review By Campbell Bird on October 22nd, 2014 Our Rating: :: INSLIDE THE LINESUniversal App - Designed for iPhone and iPad Tease out beautiful line drawings in this unique, free-to-play puzzle game.   | Read more »
Things Get Magical in The Sims FreePlay...
Things Get Magical in The Sims FreePlay with a New Halloween Update Posted by Ellis Spice on October 22nd, 2014 [ permalink ] Universal App - Designed for iPhone and iPad | Read more »

Price Scanner via MacPrices.net

Save with Best Buy’s College Student Deals
Take an additional $50 off all MacBooks and iMacs at Best Buy Online with their College Students Deals Savings, valid through November 1st. Anyone with a valid .EDU email address can take advantage... Read more
iPad Air 2 & iPad mini 3 Best Tablets Yet...
The new iPads turned out to be pretty much everything I’d been hoping for and more than I’d expected.”More” particularly in terms of a drinking-from-a-firehose choice of models and configurations,... Read more
Drafts 4 Reinvents iOS Productivity App
N Richland Hills, Texas based Agile Tortoise has announced the release of Drafts 4 for iPhone and iPad. Drafts is a quick capture note taking app with flexible output actions. Drafts 4 scales from... Read more
AT&T accepting preorders for new iPads fo...
AT&T Wireless is accepting preorders for the new iPad Air 2 and iPad mini 3, cellular models, for $100 off MSRP with a 2-year service agreement: - 16GB iPad Air 2 WiFi + Cellular: $529.99 - 64GB... Read more
Apple offering refurbished Mac Pros for up to...
The Apple Store is offering Apple Certified Refurbished 2013 Mac Pros for up to $600 off the cost of new models. An Apple one-year warranty is included with each Mac Pro, and shipping is free. The... Read more
Select MacBook Airs $100 off MSRP, free shipp...
B&H Photo has 2014 a couple of MacBook Airs on sale for $100 off MSRP. Shipping is free, and B&H charges NY sales tax only. They also include free copies of Parallels Desktop and LoJack for... Read more
13-inch 2.5GHz MacBook Pro on sale for $100 o...
B&H Photo has the 13″ 2.5GHz MacBook Pro on sale for $999.99 including free shipping plus NY sales tax only. Their price is $100 off MSRP. Read more
Strong iPhone, Mac And App Store Sales Drive...
Apple on Monday announced financial results for its fiscal 2014 fourth quarter ended September 27, 2014. The Company posted quarterly revenue of $42.1 billion and quarterly net profit of $8.5 billion... Read more
Apple Posts How-To For OS X Recovery
OS X 10.7 Lion and later include OS X Recovery. This feature includes all of the tools you need to reinstall OS X, repair your disk, and even restore from a Time Machine backup. OS X Recovery... Read more
Mac OS X Versions (Builds) Supported By Vario...
Apple Support has posted a handy resource explaining which Mac OS X versions (builds) originally shipped with or are available for your computer via retail discs, downloads, or Software Update. Apple... Read more

Jobs Board

Senior Event Manager, *Apple* Retail Market...
…This senior level position is responsible for leading and imagining the Apple Retail Team's global event strategy. Delivering an overarching brand story; in-store, Read more
*Apple* Solutions Consultant (ASC) - Apple (...
**Job Summary** The ASC is an Apple employee who serves as an Apple brand ambassador and influencer in a Reseller's store. The ASC's role is to grow Apple Read more
Project Manager / Business Analyst, WW *Appl...
…a senior project manager / business analyst to work within our Worldwide Apple Fulfillment Operations and the Business Process Re-engineering team. This role will work Read more
*Apple* Retail - Multiple Positions (US) - A...
Job Description: Sales Specialist - Retail Customer Service and Sales Transform Apple Store visitors into loyal Apple customers. When customers enter the store, Read more
Position Opening at *Apple* - Apple (United...
…customers purchase our products, you're the one who helps them get more out of their new Apple technology. Your day in the Apple Store is filled with a range of Read more
All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.