Install Tunnelblick on macOS 1. Download Tunnelblick. To connect to OVPN you first need to download Tunnelblick. Install Tunnelblick. Double-click on the file you downloaded in the previous step and go through the installation process. Download the configuration you want. Double-click the downloaded file to import it into Tunnelblick.
- Tunnelblick is an open source GUI for OpenVPN on the Mac OS X platform. It gives you easy control over OpenVPN clients and server connections.
- Tunnelblick's Kill Switch - Tunnelblick Free open source OpenVPN VPN client server software GUI for Mac OS X. Includes OpenVPN, OpenSSL, easy-rsa, and drivers.
Your FoxyProxy accounts come with both proxy and VPN service.
These instructions explain how to connect to your VPN accounts using a method called OpenVPN. It is more complicated than IPSec VPN and PPTP VPN. IPSec VPN is the preferred way to use your VPN account. Only use these instructions if IPSec does not work for you.
TunnelBlick is the name of the free, open-source client for FoxyProxy/OpenVPN connections. You must download and install it to connect to your VPN account using the OpenVPN protocol
Step 1: Download the app called TunnelBlick here
a. This will download the package Tunnelblick_3.6.5_build_4566.dmg to your computer. Click on it to start the installer.
b. The package window will open revealing the installer. Double-click the Tunnelblick.app icon to begin installation.
The package window will open revealing the installer.dmg
Step 2: Launching Tunnelblick
a. A dialog box warning you that the application was downloaded from the internet and requiring your approval to continue. Click on Open.
b. An approval of the installation by entering your Mac username and password. Type your username and password, and then click OK.
c. The installation will complete. You’ll then see a dialog asking you if you want to launch Tunnelblick now. Click on launch to start Tunnelblick.
Step 3: Add a configuration
a. A dialog box that says “Welcome to Tunnelblick” appears. This dialog is designed to help you get started with Tunnelblick configuration. Since FoxyProxy provides you with the configuration files to use Tunnelblick, you can click the “I have configuration files” button.
b. Simply click the “Done” button here.
3) You’ll see the Tunnelblick icon appear in the status window next to your username and the Spotlight icon. (Right corner of the screen)
Step 4: Download and Install OpenVPN configuration
a. From the FoxyProxy Control Panel, go to the Actions menu and download the OpenVPN configuration file. If you have any trouble downloading the file, contact FoxyProxy Support and we’ll be glad to email it to you.
Double-click the file (*.ovpn) to install it into TunnelBlick. If you get an error from TunnelBlick, first quit TunnelBlick (click icon in status area and select Quit TunnelBlick) then double-click the *.ovpn file.
Your file won’t be called server.ovpn, but it will have the .ovpn file extension.
b. In the dialog box, select “Only Me” when choosing which users to allow to use this OpenVPN configuration.
c. Enter your Mac OS X username and password to authorize installing the OpenVPN configuration.
d.You should receive a notification that the profile was installed successfully. Click OK.
Step 5: OpenVPN settings
a. Click the Tunnelblick icon in the status area and select VPN Details.
b. In the main Tunnelblick interface, make sure the Server profile is selected. Set the OpenVPN version to 2.3.6. Make sure the “Monitor network settings” and “Keep connected” checkboxes are checked. Click the Advanced button at the bottom.
c.In the profile’s Advanced Settings dialog, select the “While Connected” tab. Check the “Route all traffic through the VPN” checkbox. Then close the Advanced Settings.
Step 6: Connect to OpenVPN
a. There are two ways to connect to the OpenVPN server.
One way is in the main Tunneblick dialog box. You can click the Connect button there:
The other way is to click the TunneBlick icon in the status area and select Connect Server.
b. You will be prompted to provide your OpenVPN username and password. These are the credentials provided to you by FoxyProxy. You can choose to save the credentials in the keychain if you wish.
c. After providing your credentials, you should see a series of screens next to the TunnelBlick icon in the status area. It should end with “Connected” in a GREEN text color. The connection can take up to 30 seconds to complete.
Confirm You’re Connected
To confirm you’re connected to the VPN, visit https://getfoxyproxy.org/geoip and ensure it shows a different location and IP address than you expect.
Tunnelblick Windows Download
Click the OpenVPN icon in the status area and select “Disconnect”.
Uninstall Tunnelblick Mac
On This Page
For the latest information about Tun and Tap VPNs on macOS Big Sur, see Tunnelblick and macOS Big Sur.
Apple has announced changes to macOS which affect many users of Tunnelblick.
You might see a warning from Tunnelblick about this change, or you might see the following warning when connecting your VPN:
What this means is:
How to tell if you have a 'tap' VPN or a 'tun' VPN
If you can't find a line that starts with any of the above, ask for help from the Tunnelblick Discussion Group.
When will this happen?
Apple does not announce its intentions in advance, so there may not be any prior notice of this change.
Our best guess based on similar situations in the past is that the earliest Apple will make this change is in the last version of macOS Catalina, which is expected to be released in July or August of 2020. However, it is also possible that Apple will make the change earlier or later, and it is possible that Tunnelblick's VPNs will continue to work for some period of time even after Apple makes the change.
For updated information about macOS Big Sur, see Tunnelblick on macOS Big Sur.
How to modify a 'tun' VPN so it will continue to work
You need to remove the dev-node option if it exists in the VPN's OpenVPN configuration file:
If you made changes to the file and did not change it from shared to private and back to shared, the next time you connect the configuration you will be asked to have a computer administrator authorize the changes.
If macOS Catalina still complains
Always load tun or always load tap
If you have a 'tun' VPN which does not need to be modified, or has been modified as described above, and Tunnelblick or macOS Catalina still complains, then you have changed a Tunnelblick setting and should restore it to the default setting. All configurations should be set to 'Load tun driver automatically' and 'Load tap driver automatically'. These settings are found on the 'Connecting & Disconnecting' tab of the 'Advanced' settings window. Tunnelblick 3.8.3beta03 and later will automatically disable loading of 'tun' and 'tap' system extensions on versions of macOS that do not allow Tunnelblick to load them.
System Integrity Protection ('SIP') is a feature of macOS which helps keep your computer safe (see About System Integrity Protection on your Mac).
Although it is not recommended because it makes your computer less safe, if you are using macOS Big Sur or later disabling SIP may allow your computer to connect a 'tap' VPN. See Configuring System Integrity Protection for instructions to disable SIP.
Old versions of Tunnelblick will not help
This situation is caused by a change in macOS, not a change in Tunnelblick, so older versions of Tunnelblick will not help. All Macs running OS X 7.5 or later should use the latest stable or beta version of Tunnelblick. See Deprecated Downloads for a version of Tunnelblick that should be used on earlier versions of OS X and on all PowerPC Macs.
What Apple announced
Apple has announced that 'future OS releases will no longer load system extensions that use deprecated KPIs by default'. Tunnelblick includes, and for some configurations loads one of two such extensions:
It isn't clear what Apple means by the phrase 'by default'. It may mean that Apple will provide a mechanism for users to allow loading of system extensions that use deprecated KPIs. However, Apple's practice has been to make such mechanisms very difficult to use, and the warning in macOS Catalina does not indicate such a mechanism will be provided.
Beta versions of macOS Big Sur may allow system extensions to be loaded if SIP is disabled. See Tunnelblick on macOS Big Sur for an additional step that you need to take when using Tunnelblick 3.8.4beta01 and lower.
What is Tunnelblick doing about it?
In the short term:
In the longer term:
At some point in the future when Tunnelblick no longer supports versions of macOS that can load system extensions, system extension loading and unloading will probably be removed from Tunnelblick. Historically, Tunnelblick has supported several years of macOS releases. As of June 2020 Tunnelblick supports OS X and macOS versions as far back as 10.7.5, which was released in 2012, so it is anticipated that the removal will not take place until the mid- to late-2020s.