TweetFollow Us on Twitter

DIY: OpenVPN Server How to turn OS X client into an OpenVPN server

Volume Number: 23 (2007)
Issue Number: 12
Column Tag: Networking

DIY: OpenVPN Server

How to turn OS X client into an OpenVPN server

by Ben Greisler

Security is important!

To paraphrase Steve Ballmer, "Security! Security! Security!"

In this episode of DIY Computing we will be putting together an OpenVPN server running on OS X (client). To quote openvpn.net: "OpenVPN is a full-featured SSL VPN which implements OSI layer 2 or 3 secure network extension using the industry standard SSL/TLS protocol, supports flexible client authentication methods based on certificates, smart cards, and/or username/password credentials, and allows user or group-specific access control policies using firewall rules applied to the VPN virtual interface."

Like most other projects similar to this, there are many, many configuration options. In this article we will do enough to get a functional VPN running and use it as the basis for additional exploration.

Collecting the pieces

This OpenVPN server was set up on a fully patched 10.4.10 install running on a G4 AGP (PPC) that I had hanging around. This is a perfect machine to put back to work. I wanted to test on an Intel machine, but I didn't have one available to play with. The process for installation on an Intel machine should be identical to the PPC with any exceptions noted.

Before installing the OpenVPN software, I downloaded the latest Macports (1.5.0, macports.org) and Apple Developer tools (Xcode 2.5 Developer Preview). I ended up using the preview version of Xcode simply because I already had it downloaded, but the 2.4.1 version should work as well. I also downloaded the nice tun/tap package from: http://www-user.rhrk.uni-kl.de/~nissler/tuntap/. I used the stable Tiger version for PPC, but if you are on Intel there is a Universal version available too. The developers of the package do note that they have had some crashing issues, so tread carefully if you are in a production environment. Test, test, test!

We could have installed OpenVPN without using Macports, but using it makes life a little easier as Macports takes care of any dependencies that also may need to be installed, such as lzo2, openssl and zlib.

For the client machine, we are going to use Tunnelblick, a gui for OpenVPN. It can be downloaded from tunnelblick.net. Tunnelblick is pretty much self-contained. It has OpenVPN, the tun/tap drivers from Nissler and the appropriate scripts to make everything work.

Installation

We start with a fully patched install of 10.4.10 and then install the Xcode Tools (developer.apple.com).

At this point adjust the Energy Saver preferences to not allow the computer to go to sleep.

With the Developer Tools in place, we can install Macports. If you are not familiar with Macports, refer to the website (www.macports.org) for installation instructions, requirements and usage information. Check for updates:

sudo port update

With Macports in place, I checked for the availability of openvpn:

testbeds-G4:~ testbed$ sudo port search openvpn
openvpn  net/openvpn 1.6.0 easy-to-use, robust, and highly configurable VPN
openvpn2  net/openvpn2   2.0.9 easy-to-use, robust, and highly configurable VPN

As we can see, we are given our choice of two versions of openvpn. The one we want is openvpn2:

testbeds-G4:~ testbed$ sudo port install openvpn2
--->  Fetching lzo2
--->  Attempting to fetch lzo-2.02.tar.gz from http://www.oberhumer.com/opensource/lzo/download/
--->  Verifying checksum(s) for lzo2
--->  Extracting lzo2
--->  Configuring lzo2
--->  Building lzo2 with target all
--->  Staging lzo2 into destroot
--->  Installing lzo2 2.02_1+darwin_8
--->  Activating lzo2 2.02_1+darwin_8
--->  Cleaning lzo2
--->  Fetching zlib
--->  Attempting to fetch zlib-1.2.3.tar.bz2 from http://www.zlib.net/
--->  Verifying checksum(s) for zlib
--->  Extracting zlib
--->  Applying patches to zlib
--->  Configuring zlib
--->  Building zlib with target all
--->  Staging zlib into destroot
--->  Installing zlib 1.2.3_1
--->  Activating zlib 1.2.3_1
--->  Cleaning zlib
--->  Fetching openssl
--->  Attempting to fetch openssl-0.9.8e.tar.gz from http://www.openssl.org/source/
--->  Verifying checksum(s) for openssl
--->  Extracting openssl
--->  Applying patches to openssl
--->  Configuring openssl
--->  Building openssl with target all
--->  Staging openssl into destroot
--->  Installing openssl 0.9.8e_0+darwin_8
--->  Activating openssl 0.9.8e_0+darwin_8
--->  Cleaning openssl
--->  Fetching openvpn2
--->  Attempting to fetch openvpn-2.0.9.tar.gz from http://www.openvpn.net/release/
--->  Verifying checksum(s) for openvpn2
--->  Extracting openvpn2
--->  Configuring openvpn2
--->  Building openvpn2 with target all
--->  Staging openvpn2 into destroot
--->  Installing openvpn2 2.0.9_1+darwin_8
--->  Activating openvpn2 2.0.9_1+darwin_8
--->  Cleaning openvpn2

You don't have to do the next step, but I like moving the files to a more convenient location:

testbeds-G4:/etc testbed$ sudo cp -r  /opt/local/share/doc/openvpn2/ /etc/openvpn/

Now we can install the tun/tap drivers from the package downloaded. You can choose to install the tun or tap kexts individually along with the startup items, or do what I did and use the .mpkg to install all of them. That will give more flexibility in future configurations. The tun and tap kexts will be installed in /Library/Extension and the startup items will be installed in /System/Library/StartupItems.


Figure 1: Tun and tap installer packages

We need to generate the keys and certificates for the server and clients. To make things a little easier, I edited the vars file in /etc/openvpn/easy-rsa to reflect my location and email address. This will give us the defaults when we set up the security items. We now get to work on the PKI (public key infrastructure) and build the certificate authority (CA). Note that I used "OpenVPN-CA" for the Common Name:

testbeds-G4:/etc/openvpn/easy-rsa testbed$ . ./vars

NOTE: when you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/keys

testbeds-G4:/etc/openvpn/easy-rsa testbed$ sudo ./clean-all
testbeds-G4:/etc/openvpn/easy-rsa testbed$ sudo ./build-ca
Generating a 1024 bit RSA private key
.....++++++
.......++++++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [NA]:PA  
Locality Name (eg, city) [ANYTOWN]:
Organization Name (eg, company) [OpenVPN-TEST]:
Organizational Unit Name (eg, section) []:.
Common Name (eg, your name or your server's hostname) []:OpenVPN-CA
Email Address [vpnadmin@greisler.org]:
testbeds-G4:/etc/openvpn/easy-rsa testbed$ ls -l
total 160
drwxr-xr-x   23 root  wheel   782 Aug 12 13:53 2.0
-rw-r--r--    1 root  wheel  6075 Aug 12 13:53 README
drwxr-xr-x   14 root  wheel   476 Aug 12 13:53 Windows
-rwxr-xr-x    1 root  wheel   242 Aug 12 13:53 build-ca
-rwxr-xr-x    1 root  wheel   228 Aug 12 13:53 build-dh
-rwxr-xr-x    1 root  wheel   529 Aug 12 13:53 build-inter
-rwxr-xr-x    1 root  wheel   516 Aug 12 13:53 build-key
-rwxr-xr-x    1 root  wheel   424 Aug 12 13:53 build-key-pass
-rwxr-xr-x    1 root  wheel   695 Aug 12 13:53 build-key-pkcs12
-rwxr-xr-x    1 root  wheel   662 Aug 12 13:53 build-key-server
-rwxr-xr-x    1 root  wheel   466 Aug 12 13:53 build-req
-rwxr-xr-x    1 root  wheel   402 Aug 12 13:53 build-req-pass
-rwxr-xr-x    1 root  wheel   280 Aug 12 13:53 clean-all
drwx------    6 root  wheel   204 Aug 12 14:40 keys
-rw-r--r--    1 root  wheel   264 Aug 12 13:53 list-crl
-rw-r--r--    1 root  wheel   268 Aug 12 13:53 make-crl
-rw-r--r--    1 root  wheel  7487 Aug 12 13:53 openssl.cnf
-rw-r--r--    1 root  wheel   268 Aug 12 13:53 revoke-crt
-rwxr-xr-x    1 root  wheel   593 Aug 12 13:53 revoke-full
-rwxr-xr-x    1 root  wheel   411 Aug 12 13:53 sign-req
-rw-r--r--    1 root  wheel  1269 Aug 12 14:22 vars
testbeds-G4:/etc/openvpn/easy-rsa/keys root# ls -l
total 24
-rw-r--r--   1 root  wheel  1233 Aug 12 14:40 ca.crt
-rw-------   1 root  wheel   887 Aug 12 14:40 ca.key
-rw-r--r--   1 root  wheel     0 Aug 12 14:39 index.txt
-rw-r--r--   1 root  wheel     3 Aug 12 14:39 serial

Now let's build the server certificate and key. Note that I used "server" as the Common Name:

testbeds-G4:/etc/openvpn/easy-rsa testbed$ sudo ./build-key-server server Password: Generating a 1024 bit RSA private key ..................++++++ ....................++++++ writing new private key to 'server.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [US]: State or Province Name (full name) [NA]:PA Locality Name (eg, city) [ANYTOWN]: Organization Name (eg, company) [OpenVPN-TEST]: Organizational Unit Name (eg, section) []:. Common Name (eg, your name or your server's hostname) []:server Email Address [vpnadmin@greisler.org]: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: Using configuration from /etc/openvpn/easy-rsa/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName :PRINTABLE:'US' stateOrProvinceName :PRINTABLE:'PA' localityName :PRINTABLE:'ANYTOWN' organizationName :PRINTABLE:'OpenVPN-TEST' commonName :PRINTABLE:'server' emailAddress :IA5STRING:'vpnadmin@greisler.org' Certificate is to be certified until Aug 9 18:55:31 2017 GMT (3650 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated testbeds-G4:/etc/openvpn/easy-rsa/keys root# ls -l total 80 -rw-r--r-- 1 root wheel 3640 Aug 12 14:55 01.pem -rw-r--r-- 1 root wheel 1233 Aug 12 14:40 ca.crt -rw------- 1 root wheel 887 Aug 12 14:40 ca.key -rw-r--r-- 1 root wheel 100 Aug 12 14:55 index.txt -rw-r--r-- 1 root wheel 21 Aug 12 14:55 index.txt.attr -rw-r--r-- 1 root wheel 0 Aug 12 14:39 index.txt.old -rw-r--r-- 1 root wheel 3 Aug 12 14:55 serial -rw-r--r-- 1 root wheel 3 Aug 12 14:39 serial.old -rw-r--r-- 1 root wheel 3640 Aug 12 14:55 server.crt -rw-r--r-- 1 root wheel 676 Aug 12 14:55 server.csr -rw------- 1 root wheel 887 Aug 12 14:55 server.key

Now let's build the server certificate and key. Note that I used "client" as the Common Name. For each client certificate and key, use a different Common Name (ie: client1, client2, bob, fred, etc):

testbeds-G4:/etc/openvpn/easy-rsa testbed$ sudo ./build-key client
Generating a 1024 bit RSA private key
................................................++++++
.......++++++
writing new private key to 'client.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [NA]:PA
Locality Name (eg, city) [ANYTOWN]:
Organization Name (eg, company) [OpenVPN-TEST]:
Organizational Unit Name (eg, section) []:.
Common Name (eg, your name or your server's hostname) []:client
Email Address [vpnadmin@greisler.org]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'US'
stateOrProvinceName   :PRINTABLE:'PA'
localityName          :PRINTABLE:'ANYTOWN'
organizationName      :PRINTABLE:'OpenVPN-TEST'
commonName            :PRINTABLE:'client'
emailAddress          :IA5STRING:'vpnadmin@greisler.org'
Certificate is to be certified until Aug  9 18:59:59 2017 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
testbeds-G4:/etc/openvpn/easy-rsa/keys root# ls -l
total 128
-rw-r--r--   1 root  wheel  3640 Aug 12 14:55 01.pem
-rw-r--r--   1 root  wheel  3541 Aug 12 15:00 02.pem
-rw-r--r--   1 root  wheel  1233 Aug 12 14:40 ca.crt
-rw-------   1 root  wheel   887 Aug 12 14:40 ca.key
-rw-r--r--   1 root  wheel  3541 Aug 12 15:00 client.crt
-rw-r--r--   1 root  wheel   676 Aug 12 14:59 client.csr
-rw-------   1 root  wheel   891 Aug 12 14:59 client.key
-rw-r--r--   1 root  wheel   200 Aug 12 15:00 index.txt
-rw-r--r--   1 root  wheel    20 Aug 12 15:00 index.txt.attr
-rw-r--r--   1 root  wheel    21 Aug 12 14:55 index.txt.attr.old
-rw-r--r--   1 root  wheel   100 Aug 12 14:55 index.txt.old
-rw-r--r--   1 root  wheel     3 Aug 12 15:00 serial
-rw-r--r--   1 root  wheel     3 Aug 12 14:55 serial.old
-rw-r--r--   1 root  wheel  3640 Aug 12 14:55 server.crt
-rw-r--r--   1 root  wheel   676 Aug 12 14:55 server.csr
-rw-------   1 root  wheel   887 Aug 12 14:55 server.key

Now build the Diffie Hellman parameters:

testbeds-G4:/etc/openvpn/easy-rsa testbed$ sudo ./build-dh
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
................+...........................+............................
<lots of dots removed to prevent boredom>
.......................................................+...+..++*++*++*
testbeds-G4:/etc/openvpn/easy-rsa/keys root# ls -l
total 136
-rw-r--r--   1 root  wheel  3640 Aug 12 14:55 01.pem
-rw-r--r--   1 root  wheel  3541 Aug 12 15:00 02.pem
-rw-r--r--   1 root  wheel  1233 Aug 12 14:40 ca.crt
-rw-------   1 root  wheel   887 Aug 12 14:40 ca.key
-rw-r--r--   1 root  wheel  3541 Aug 12 15:00 client.crt
-rw-r--r--   1 root  wheel   676 Aug 12 14:59 client.csr
-rw-------   1 root  wheel   891 Aug 12 14:59 client.key
-rw-r--r--   1 root  wheel   245 Aug 12 15:06 dh1024.pem
-rw-r--r--   1 root  wheel   200 Aug 12 15:00 index.txt
-rw-r--r--   1 root  wheel    20 Aug 12 15:00 index.txt.attr
-rw-r--r--   1 root  wheel    21 Aug 12 14:55 index.txt.attr.old
-rw-r--r--   1 root  wheel   100 Aug 12 14:55 index.txt.old
-rw-r--r--   1 root  wheel     3 Aug 12 15:00 serial
-rw-r--r--   1 root  wheel     3 Aug 12 14:55 serial.old
-rw-r--r--   1 root  wheel  3640 Aug 12 14:55 server.crt
-rw-r--r--   1 root  wheel   676 Aug 12 14:55 server.csr
-rw-------   1 root  wheel   887 Aug 12 14:55 server.key

The files in the "keys/" folder are distributed as such:

Server: ca.crt, ca.key (secret), dh1024.pem server.key (secret) and server.crt (these files can stay in the /keys folder)

Client: ca.crt, client.key (secret) and client.crt (these will be moved in a secure manner to the client machine)

We now get to work on the configuration files for the server and client. I suggest starting with the sample config files contained in the /openvpn/sample-config-files folder. The sample server config is called server.conf. Make a copy of the server.conf file and place it in /etc/openvpn then edit the file to reflect the location of the server certificates, key and DH parameters:

<clip>
# SSL/TLS root certificate (ca), certificate
# (cert), and private key (key).  Each client
# and the server must have their own cert and
# key file.  The server and all clients will
# use the same ca file.
# 
# See the "easy-rsa" directory for a series
# of scripts for generating RSA certificates
# and private keys.  Remember to use
# a unique Common Name for the server
# and each of the client certificates.
# 
# Any X509 key management system can be used.
# OpenVPN can also use a PKCS #12 formatted key file
# (see "pkcs12" directive in man page).
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key  # This file should be kept secret
# Diffie hellman parameters.
# Generate your own with:
#   openssl dhparam -out dh1024.pem 1024
# Substitute 2048 for 1024 if you are using
# 2048 bit keys.
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
</clip>

In this article we are keeping to the basics, but you should review the server.conf file and look at the choices. The sample file on which we are basing our server.conf file on states that the VPN virtual IP range will be in the 10.8.0.0/24 subnet. The VPN will be listening on port 1194 UPD. All this can be changed as long as the changes are reflected in the client config file and the network can support it. OpenVPN will default to Blowfish encryption unless changed. Also, the file says that we are building a tunnel (tun) rather than bridging (tap).

With the server.conf file set, we can start the vpn server. For production use you will want to make a StarupItem to start it on boot:

testbeds-G4:/etc/openvpn/ testbed$ sudo openvpn2 /etc/openvpn/server.conf
Password:
Sun Aug 12 15:59:13 2007 OpenVPN 2.0.9 powerpc-apple-darwin8.10.0 [SSL] [LZO] built on Aug 12 2007
Sun Aug 12 15:59:14 2007 Diffie-Hellman initialized with 1024 bit key
Sun Aug 12 15:59:14 2007 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Aug 12 15:59:14 2007 gw 192.168.254.1
Sun Aug 12 15:59:14 2007 TUN/TAP device /dev/tun0 opened
Sun Aug 12 15:59:14 2007 /sbin/ifconfig tun0 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
Sun Aug 12 15:59:14 2007 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
Sun Aug 12 15:59:14 2007 /sbin/ifconfig tun0 10.8.0.1 10.8.0.2 mtu 1500 netmask 255.255.255.255 up
Sun Aug 12 15:59:14 2007 /sbin/route add -net 10.8.0.0 10.8.0.2 255.255.255.0
add net 10.8.0.0: gateway 10.8.0.2
Sun Aug 12 15:59:14 2007 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Aug 12 15:59:14 2007 UDPv4 link local (bound): [undef]:1194
Sun Aug 12 15:59:14 2007 UDPv4 link remote: [undef]
Sun Aug 12 15:59:14 2007 MULTI: multi_init called, r=256 v=256
Sun Aug 12 15:59:14 2007 IFCONFIG POOL: base=10.8.0.4 size=62
Sun Aug 12 15:59:14 2007 IFCONFIG POOL LIST
Sun Aug 12 15:59:14 2007 Initialization Sequence Completed

We need to modify the client config file with the location of the vpn server and the keys and certificates:

# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote greisler.org 1194
;remote my-server-2 1194

Copy the client.conf file along with ca.crt, client.crt and client.key files to ~/Library/openvpn on the client machine. Then install Tunnelblick. When you start Tunnelblick for the first time and you don't have the client.conf file in place, it was ask you to do it or it will install a sample file for you. Once Tunnelblick is started, you will have a small tunnel icon in the upper right side menu bar. Click on it and it will allow you to start the tunnel. If the tunnel connects correctly, the center of the tunnel icon goes clear as in a "light at the end of the tunnel." You can click on Details to see log info and modify the config file.


Figure 2: Location and structure of the client.conf and pki files for Tunnelblick


Figure 3: A successful OpenVPN tunnel connection

To test the connection you can ping the client machine from the server and vice-versa keeping in mind that the server is now 10.8.0.1 and the clients ip can be checked by checking the tun0 interface:

computator1:~ magikben$ ifconfig tun0
tun0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 10.8.0.6 --> 10.8.0.5 netmask 0xffffffff 
        open (pid 4801)
computator1:~ magikben$ ping 10.8.0.1
PING 10.8.0.1 (10.8.0.1): 56 data bytes
64 bytes from 10.8.0.1: icmp_seq=0 ttl=64 time=98.426 ms
64 bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=42.783 ms
64 bytes from 10.8.0.1: icmp_seq=2 ttl=64 time=5.103 ms
^C
--- 10.8.0.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 5.103/48.771/98.426/38.333 ms
testbeds-G4:~ testbed$ ping 10.8.0.6
PING 10.8.0.6 (10.8.0.6): 56 data bytes
64 bytes from 10.8.0.6: icmp_seq=0 ttl=64 time=71.537 ms
64 bytes from 10.8.0.6: icmp_seq=1 ttl=64 time=197.671 ms
64 bytes from 10.8.0.6: icmp_seq=2 ttl=64 time=40.110 ms
64 bytes from 10.8.0.6: icmp_seq=3 ttl=64 time=45.709 ms
64 bytes from 10.8.0.6: icmp_seq=4 ttl=64 time=64.629 ms
^C
--- 10.8.0.6 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 40.110/83.931/197.671/58.042 ms

Putting the VPN to work

This configuration will work but you might need to look at a few other issues that will impact actual usage. You may need to add routing statements so VPN clients can get to resources beyond the actual VPN server. You may need to adjust the PKI to better meet your needs. As it is the setup we just did can possibly be a target for man-in-the-middle attacks since there is nothing that verifies the server certificate; this was even pointed out in the logs along with where to look to solve this (http://openvpn.net/howto.html#mitm). The test environment had a single interface G4 as the VPN server and thus I had to port forward UDP 1194 to server for outside access.

Go ahead and try it out. There are many good sources on the net to find out additional information, the OpenVPN.net site being one of the best. One of the few downsides to OpenVPN is that it is fairly hands-on and it doesn't lend itself to easy administration of users with all configurations occurring via command line. There are a few GUI's available, but I didn't have a chance to get them running in time for this article, plus a number of them are Windows only.


Ben has been everything from a Mac user to CTO of one of the leading Macintosh professional services firms. Besides writing an occasional article for MacTech, you can find him presenting at Macworld or consulting with clients around the world. You can reach him at ben@greisler.org.

 

Community Search:
MacTech Search:

Software Updates via MacUpdate

Bookends 13.2.5 - Reference management a...
Bookends is a full-featured bibliography/reference and information-management system for students and professionals. Bookends uses the cloud to sync reference libraries on all the Macs you use.... Read more
Quicken 2019 5.11.2 - Complete personal...
Quicken makes managing your money easier than ever. Whether paying bills, upgrading from Windows, enjoying more reliable downloads, or getting expert product help, Quicken's new and improved features... Read more
Dashlane 6.1927.0 - Password manager and...
Dashlane is an award-winning service that revolutionizes the online experience by replacing the drudgery of everyday transactional processes with convenient, automated simplicity - in other words,... Read more
Capo 3.7.4 - Slow down and learn to play...
Capo lets you slow down your favorite songs so you can hear the notes and learn how they are played. With Capo, you can quickly tab out your songs atop a highly-detailed OpenCL-powered spectrogram... Read more
BetterTouchTool 3.153 - Customize multi-...
BetterTouchTool adds many new, fully customizable gestures to the Magic Mouse, Multi-Touch MacBook trackpad, and Magic Trackpad. These gestures are customizable: Magic Mouse: Pinch in / out (zoom)... Read more
calibre 3.46.0 - Complete e-book library...
Calibre is a complete e-book library manager. Organize your collection, convert your books to multiple formats, and sync with all of your devices. Let Calibre be your multi-tasking digital librarian... Read more
Firefox 68.0.1 - Fast, safe Web browser.
Firefox offers a fast, safe Web browsing experience. Browse quickly, securely, and effortlessly. With its industry-leading features, Firefox is the choice of Web development professionals and casual... Read more
Vivaldi 2.6.1566.49 - An advanced browse...
Vivaldi is a browser for our friends. We live in our browsers. Choose one that has the features you need, a style that fits and values you can stand by. From the look and feel, to how you interact... Read more
Daylite 6.7.3.1 - Dynamic business organ...
Daylite helps businesses organize themselves with tools such as shared calendars, contacts, tasks, projects, notes, and more. Enable easy collaboration with features such as task and project... Read more
Vivaldi 2.6.1566.49 - An advanced browse...
Vivaldi is a browser for our friends. We live in our browsers. Choose one that has the features you need, a style that fits and values you can stand by. From the look and feel, to how you interact... Read more

Latest Forum Discussions

See All

Void Tyrant guide - Tips and tricks for...
Void Tyrant continues to get a lot of play in these parts. Probably because the game is just so deep and varied. The next stop on our guide series for Void Tyrant is class-specific guides. First up is the Knight, as it’s the first class anyone has... | Read more »
Summon beasts and battle evil in epic re...
Imagine a tale of conlict between factions of good and evil, where rogueish heroes summon beasts to aid them in them in warfare and courageously battle dragons over fields of scorched earth and brimstone - that's exactly the essence of epic fantasy... | Read more »
Upcoming visual novel Arranged shines a...
If you’re in the market for a new type of visual novel designed to inform and make you think deeply about its subject matter, then Arranged by Kabuk Games could be exactly what you’re looking for. It’s a wholly unique take on marital traditions in... | Read more »
TEPPEN guide - The three best decks in T...
TEPPEN’s unique take on the collectible card game genre is exciting. It’s just over a week old, but that isn’t stopping lots of folks from speculating about the long-term viability of the game, as well as changes and additions that will happen over... | Read more »
Intergalactic puzzler Silly Memory serve...
Recently released matching puzzler Silly Memory is helping its fans with their intergalactic journeys this month with some very special offers on in-app purchases. In case you missed it, Silly Memory is the debut title of French based indie... | Read more »
TEPPEN guide - Tips and tricks for new p...
TEPPEN is a wild game that nobody asked for, but I’m sure glad it exists. Who would’ve thought that a CCG featuring Capcom characters could be so cool and weird? In case you’re not completely sure what TEPPEN is, make sure to check out our review... | Read more »
Dr. Mario World guide - Other games that...
We now live in a post-Dr. Mario World world, and I gotta say, things don’t feel too different. Nintendo continues to squirt out bad games on phones, causing all but the most stalwart fans of mobile games to question why they even bother... | Read more »
Strategy RPG Brown Dust introduces its b...
Epic turn-based RPG Brown Dust is set to turn 500 days old next week, and to celebrate, Neowiz has just unveiled its biggest and most exciting update yet, offering a host of new rewards, increased gacha rates, and a brand new feature that will... | Read more »
Dr. Mario World is yet another disappoin...
As soon as I booted up Dr. Mario World, I knew I wasn’t going to have fun with it. Nintendo’s record on phones thus far has been pretty spotty, with things trending downward as of late. [Read more] | Read more »
Retro Space Shooter P.3 is now available...
Shoot-em-ups tend to be a dime a dozen on the App Store, but every so often you come across one gem that aims to shake up the genre in a unique way. Developer Devjgame’s P.3 is the latest game seeking to do so this, working as a love letter to the... | Read more »

Price Scanner via MacPrices.net

Flash sale! New 11″ 1TB WiFi iPad Pros for th...
Amazon has the 11″ 1TB WiFi iPad Pro on sale today for only $1199.99 including free shipping. Their price is $350 off Apple’s MSRP for this model, and it’s the lowest price ever for a 1TB 11″ iPad... Read more
Weekend Deal: 2018 13″ MacBook Airs starting...
B&H Photo has clearance 2018 13″ MacBook Airs available starting at only $999 with all models now available for $200 off Apple’s original MSRP. Overnight shipping, or expedited shipping, is free... Read more
Apple has clearance 10.5″ iPad Pros available...
Apple has Certified Refurbished 2017 10.5″ iPad Pros available starting at $469. An Apple one-year warranty is included with each iPad, outer shells are new, and shipping is free: – 64GB 10″ iPad Pro... Read more
Apple restocks refurbished iPad mini 4 models...
Apple has restocked Certified Refurbished 32GB iPad mini 4 WiFi models for $229 shipped. That’s $70 off original MSRP for the iPad mini 4. Space Gray, Silver, and Gold colors are available. Read more
Apple, Yet Again, Is Missing An Ultraportable...
EDITORIAL: 07.19.19 Prior to the decision made by Apple earlier this month to retire the thin and light MacBook model with a 12-inch retina display, the Cupertino, California-based company offered,... Read more
Verizon is offering a 50% discount on iPhone...
Verizon is offering 50% discounts on Apple iPhone 8 and iPhone 8 Plus models though July 24th, plus save 50% on activation fees. New line required. The fine print: “New device payment & new... Read more
Get a new 21″ iMac for under $1000 today at t...
B&H Photo has new 21″ Apple iMacs on sale for up to $100 off MSRP with models available starting at $999. These are the same iMacs offered by Apple in their retail and online stores. Shipping is... Read more
Clearance 2017 15″ 2.8GHz Touch Bar MacBook P...
Apple has Certified Refurbished 2017 15″ 2.8GHz Space Gray Touch Bar MacBook Pros available for $1809. Apple’s refurbished price is currently the lowest available for a 15″ MacBook Pro. An standard... Read more
Clearance 12″ 1.2GHz MacBook on sale for $899...
Focus Camera has clearance 12″ 1.2GHz Space Gray MacBooks available for $899.99 shipped. That’s $400 off Apple’s original MSRP. Focus charges sales tax for NY & NJ residents only. Read more
Get a new 2019 13″ 2.4GHz 4-Core MacBook Pro...
B&H Photo has new 2019 13″ 2.4GHz MacBook Pros on sale for up to $150 off Apple’s MSRP. Overnight shipping is free to many addresses in the US: – 2019 13″ 2.4GHz/256GB 6-Core MacBook Pro Silver... Read more

Jobs Board

Best Buy *Apple* Computing Master - Best Bu...
**707083BR** **Job Title:** Best Buy Apple Computing Master **Job Category:** Sales **Location Number:** 000045-Rockford-Store **Job Description:** **What does a Read more
Geek Squad *Apple* Master Consultation Agen...
**702908BR** **Job Title:** Geek Squad Apple Master Consultation Agent **Job Category:** Services/Installation/Repair **Location Number:** 000360-Williston-Store Read more
Best Buy *Apple* Computing Master - Best Bu...
**711023BR** **Job Title:** Best Buy Apple Computing Master **Job Category:** Sales **Location Number:** 000012-St Cloud-Store **Job Description:** **What does a Read more
*Apple* Systems Architect/Engineer, Vice Pre...
…its vision to be the world's most trusted financial group. **Summary:** Apple Systems Architect/Engineer with strong knowledge of products and services related to Read more
Best Buy *Apple* Computing Master - Best Bu...
**696259BR** **Job Title:** Best Buy Apple Computing Master **Job Category:** Store Associates **Location Number:** 001076-Temecula-Store **Job Description:** The Read more
All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.