Next install Homebrew. This is a package management system for MacOS. You can either download and install from the website or by pasting the following command into a terminal window:
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
This will take a while to finish.
Now download the OpenVPN configuration files for MacOS from the Perfect Privacy download site in the member area. Make sure to select the TCP configuration as obfuscation does not work with UDP. Here is the direct download link (you need to login with your Perfect Privacy credentials).
If you are using Safari, the zip file will be automatically unpacked after download. If you are using a different browser, you may need to unzip the file first.
Choose the location you want to connect to and copy the configuration file to modify it for usage with obfsproxy. In this example we have copied Basel.ovpn and named the file Basel-obfs.ovpn.
Right-click on the basel-obfs.ovpn file and open it with any text editor like TextEdit.
First, either remove or comment out all lines starting with remote. (comment by putting # in front of the line, see the screenshot on the left).
Then add the following four lines:
socks-proxy-retry socks-proxy 127.0.0.1 LOCAL_PORT remote 4TH_SERVER_IP TUNNEL_PORT route 4TH_SERVER_IP 255.255.255.255 net_gateway
LOCAL_PORT can be any port that is not in use on your system. For this howto we are using port 990.
You can choose between obfsproxy2 and obfsproxy3. We recommend the latter, obfsproxy2 is provided for legacy support. When using obfsproxy3 you will need to connect to the 4th IP address of the VPN server (for obfsproxy2 use the 5th IP instead). You can find the server IP addresses on the server page in the member area. In this howto we are using obfsproxy3, so we use the 4th IP of the Basel server which is is 188.8.131.52.
For TUNNEL_PORT you can choose between the following ports: 22, 53, 443, 8085, 9009 and 36315. Generally, 443 (SSL) should work fine for all purposes but port 53 may help to get internet access from hotspots where you normally need to register on a public website first.
Once you added these lines you can save the file and exit the editor.
Now you can import the edited configuration into Tunnelblick by double clicking the file. You will be asked whether you want to import the configuration for all users on your system or just for you.
Next start obfsproxy with the following line:
sudo obfsproxy obfs3 socks 127.0.0.1:LOCAL_PORT
The LOCAL_PORT must be the same that you used in the OpenVPN configuration file, in our case this was 990.
Note: If you use a high port (>1024) you don’t need to use sudo when starting obfsproxy.
Now you can connect the VPN. Click on the Tunnelblick symbol in the top right and choose the modified configuration file for the connection.
You will be asked to enter your Perfect Privacy username and password. If you check “Save in keychain”, your credentials will be remembered for future sessions.