Hop User Guide: Mac
Welcome to Hop
A new way to access the Internet when you’re not at home
Hop is the most user-friendly way to share your home Internet connection
with yourself or your friends. It automates the technical steps needed to run
an Internet-routing VPN server on ordinary Mac hardware.
Getting Started
Things you’ll need
- A Mac, running macOS 10.12 or later, which stays at home while you travel.
- Another device which travels with you.
- The Hop app, installed on both the server and client devices.
Installing & Running Hop
2
Install Hop by dragging it into your Applications Folder.
3
Launch Hop.app by double-clicking it from within your Applications Folder.
4
Hop will present you with a Create Account screen. Fill out the fields to create a new account.
5
Click the bunny in your menubar to bring up Hop. Turn the switch On to start your server.
6
Your Hop server is up and running. You can leave it running on your Mac, and access it from other Mac or iOS devices with the Hop app installed.
Using Hop
Hop's interface consists of two main tabs: THIS COMPUTER and HOP DEVICES.
THIS COMPUTER: Hop server mode
HOP DEVICES: Hop client mode
Running Hop as a server
To run your home-based Mac as a Hop server, click the THIS COMPUTER tab, and click
the on/off switch to enable your server. The server setup process will start. When your
server is successfully running, the switch will glow blue. You can verify your server via
the Hop Doctor (see the Hop Doctor section).
You can close the Hop window and the server will stay running. You can even quit the Hop
app, and you'll be presented with an option to keep the server running in the background.
The Hop server is designed to be resilient against things like power failures and temporary
network outages.
Running Hop as a client
When you're travelling, you can access your running Hop servers via the HOP DEVICES tab.
Click on the server's round icon to start connecting to it. A blue light will begin racing
around the circle as the connection process takes place. When the circle goes solid blue,
you've got an active VPN connection, and your Internet traffic is flowing through the
Hop device you selected.
Verifying your IP address
To ensure that your VPN connection is active, you can click VERIFY IP at the bottom
of the Hop window. The IP address that appears is the IP you show to the sites you visit.
It should match the IP address of the Hop device you connected to.
When you're ready to disconnect, click on the circle icon again. The VPN connection will
go down, and the blue connection glow will disappear. You can click VERIFY IP again,
and you should see the IP address of whatever LAN/WiFi you're currently using.
Sharing your Hop server
If you'll only be using Hop on your own devices, you don't need to share. If you want
other people to be able to access your Hop server for Internet access, the share button
allows you to do that.
Click the Share button to share your Hop server with friends.
Send the link to friends and they'll be able to connect to your Hop server.
With the Hop server running, click the Share button to share your server with friends.
A custom URL will be generated for you, and it will be valid for a time period that you
select. Please ensure that only trusted recipients get this URL, as it is like a password.
Anyone who has this URL can establish a VPN connection to your Hop server, and use your
home Internet connection.
Accessing a shared Hop server
When someone shares a Hop server with you, the share link becomes your key to
accessing that server.
When a user opens a Hop share link, they come to a webpage with a number
of connection options.
Open link in Hop.app
This is the preferred way for Mac or iOS
users to connect. It opens an app-specific hop:// link, and requires that
the Hop application is installed on the device. The user can start and
stop a VPN connection to your Hop server via the Hop app.Open link in OpenVPN (UDP)
For users on non-Apple platforms,
Hop servers can be accessed using the OpenVPN app. This link will download
an OpenVPN configuration profile. The user must have an OpenVPN client app
installed on their device to complete the connection.Open link in OpenVPN (TCP)
For users who aren't able to
establish a UDP connection to the VPN server. This happens sometimes on
restricted networks. Use this option only if UDP fails, as TCP is a
higher-latency protocol than UDP, and VPN performance may be slower.
This page also has links to download the appropriate client apps for your
chosen connection type.
The Hop Doctor
Before you leave home, make sure your Hop server is running without any issues so that you'll be able to access it remotely.
Hop provides the Hop Doctor, a self-testing and remote-testing diagnostic tool. Access the Hop Doctor
via the Gear button at the top-right of Hop’s window.
Running the Hop Doctor
With the Hop Server switch turned on, click the "RUN" button the Hop Doctor. The Hop Doctor
will run through its set of tests.
Connection to Internet
This test determines whether or not you have an active connection to the Internet. It does this by trying to connect to a few large websites, including Google, Yahoo and Apple.Connection to Hop Server
This test checks your ability to contact Hop's registration server. A failure could mean that the server is blocked on your network, or that there's a Hop service outage.Hop helper tool (hopcontrol)
Hop relies on a helper tool called hopcontrol. This test verifies that hopcontrol is available, and that Hop is able to communicate with it.Auto restart after power loss
To run as a server, your Mac should be configured to automatically restart if there is a power failure. This feature isn't available on most laptop Macs. This feature can be set in System Preferences > Energy Saver > Start up automatically…Hop server daemon (hopd)
Hop relies on a background server process called hopd. This test verifies that the hopd server is installed and functioning properly.tun/tap kernel extension
OpenVPN on the Mac requires a kernel extension called tun/tap. This test determines if tun/tap is installed and usable by Hop.Port forwarding
Hop tries to automatically configure your router using either the UPnP or NAT-PMP protocol. Most routers support one of these protocols, but you may need to enable it on your router. If you can't enable UPnP or NAT-PMP on your router, you can also set up manual port forwarding on the router.Sleep prevention
When the Hop server is running, the computer should not be allowed to go to sleep. This test ensures that Hop is able to prevent sleep while it's running.OpenVPN server
Hop runs OpenVPN internally to serve incoming VPN connections. This test verifies the presence and functionality of Hop's OpenVPN server.RVPN server
RVPN is a modern, secure VPN engine developed for Hop. It's used when clients connect from iOS devices.VPN scrambler
The VPN Scrambler offers a scrambled version of your Hop server, over a different TCP port. Hop clients will try the scrambled connection if a regular connection fails. This can be useful in areas where Deep Packet Inspection is in use.Routing config (pf)
In order to serve incoming VPN connections, your computer needs to route external VPN traffic to the Internet. It does this by configuring macOS's built-in pf firewall.Inbound VPN connection
This is the most important test in the Hop Doctor. In this final test, one of Hop's test servers attempts to make an actual connection to your computer. If this test succeeds, your Hop server appears to be reachable from the outside world.
Advanced
Hop provides advanced settings for those who need to customize their setup.
Click the Gear button at the top-right of Hop's window to access the Settings view.
Click the Advanced tab to customize advanced settings.
Hop's aim is to just work, so hopefully you won't need to access the Advanced
settings. But because of all the variables at play on networks (router types,
port blocking, port forwarding, etc), Hop provides some advanced settings for those who
need them.
Hop server ports
Here you can customize the ports and protocols that Hop's
embedded OpenVPN server uses. The defaults are 1194 UDP+TCP, and 443 TCP. Note:
this setting affects only Hop's OpenVPN server, which is used to host Mac and non-Apple
clients. iOS clients connect through Hop's RVPN server. Currently, RVPN always runs on
993 TCP. This port is not yet user-customizable.Keep running after quit
Hop's underlying server process is called hopd. The
execution of hopd is managed by macOS' launchd facility. When enabled, this option keeps
hopd running in the background when you quit the Hop app, either explicitly or by
logging out.Watchdog enabled
Hop implements a watchdog, which is designed to periodically
test the operation of your Hop server, and restart it if a problem is detected. This is
useful for keeping your server running when unexpected events happen such as DHCP lease
expirations and temporary network outages.Manage firewall settings with pf
This option is generally required, in order
to run a Hop server. Only disable it if you are an expert user with custom firewall setup,
and you wish to handle address forwarding on your own.Prevent the computer from going to sleep
This option should be enabled. If
your computer is allowed to sleep when running a Hop server, the Hop server will become
inaccessible. Note: The computer's display is still allowed to turn off when
this option is enabled.Port forwarding auto-config
When enabled, Hop will use the UPnP or NAT-PMP
protocol to automatically configure your router to forward the appropriate ports to
your Mac. Turn this option off if you want to manually configure port forwarding on
your router, or your router doesn't support UPnP/NAT-PMP.Host scrambled VPN
This option is useful if you'll be accessing your Hop
server from networks that use Deep Packet Inspection to block OpenVPN services. With
this option enabled, Hop runs a separate TLS-wrapping stunnel server which obscures
the OpenVPN handshake specifics. This stunnel server is used as a fallback when straight
OpenVPN connections fail.
