Tunnelblick For Mac Os

Posted on

Install Tunnelblick on macOS 1. Download Tunnelblick. To connect to OVPN you first need to download Tunnelblick. Install Tunnelblick. Double-click on the file you downloaded in the previous step and go through the installation process. Download the configuration you want. Double-click the downloaded file to import it into Tunnelblick.

  1. Tunnelblick Windows Download
  2. Uninstall Tunnelblick Mac
  • Tunnelblick is an open source GUI for OpenVPN on the Mac OS X platform. It gives you easy control over OpenVPN clients and server connections.
  • Tunnelblick's Kill Switch - Tunnelblick Free open source OpenVPN VPN client server software GUI for Mac OS X. Includes OpenVPN, OpenSSL, easy-rsa, and drivers.

Your FoxyProxy accounts come with both proxy and VPN service.

These instructions explain how to connect to your VPN accounts using a method called OpenVPN. It is more complicated than IPSec VPN and PPTP VPN. IPSec VPN is the preferred way to use your VPN account. Only use these instructions if IPSec does not work for you.

TunnelBlick is the name of the free, open-source client for FoxyProxy/OpenVPN connections. You must download and install it to connect to your VPN account using the OpenVPN protocol

Step 1: Download the app called TunnelBlick here

Tunnelblick

a. This will download the package Tunnelblick_3.6.5_build_4566.dmg to your computer. Click on it to start the installer.

b. The package window will open revealing the installer. Double-click the Tunnelblick.app icon to begin installation.

The package window will open revealing the installer.dmg

Step 2: Launching Tunnelblick

a. A dialog box warning you that the application was downloaded from the internet and requiring your approval to continue. Click on Open.

b. An approval of the installation by entering your Mac username and password. Type your username and password, and then click OK.

c. The installation will complete. You’ll then see a dialog asking you if you want to launch Tunnelblick now. Click on launch to start Tunnelblick.

Step 3: Add a configuration

a. A dialog box that says “Welcome to Tunnelblick” appears. This dialog is designed to help you get started with Tunnelblick configuration. Since FoxyProxy provides you with the configuration files to use Tunnelblick, you can click the “I have configuration files” button.

b. Simply click the “Done” button here.

3) You’ll see the Tunnelblick icon appear in the status window next to your username and the Spotlight icon. (Right corner of the screen)

Tunnelblick icon

Step 4: Download and Install OpenVPN configuration

a. From the FoxyProxy Control Panel, go to the Actions menu and download the OpenVPN configuration file. If you have any trouble downloading the file, contact FoxyProxy Support and we’ll be glad to email it to you.

Double-click the file (*.ovpn) to install it into TunnelBlick. If you get an error from TunnelBlick, first quit TunnelBlick (click icon in status area and select Quit TunnelBlick) then double-click the *.ovpn file.

Your file won’t be called server.ovpn, but it will have the .ovpn file extension.

For

b. In the dialog box, select “Only Me” when choosing which users to allow to use this OpenVPN configuration.

c. Enter your Mac OS X username and password to authorize installing the OpenVPN configuration.

d.You should receive a notification that the profile was installed successfully. Click OK.

Step 5: OpenVPN settings

a. Click the Tunnelblick icon in the status area and select VPN Details.

b. In the main Tunnelblick interface, make sure the Server profile is selected. Set the OpenVPN version to 2.3.6. Make sure the “Monitor network settings” and “Keep connected” checkboxes are checked. Click the Advanced button at the bottom.

Configuration Settings.png

c.In the profile’s Advanced Settings dialog, select the “While Connected” tab. Check the “Route all traffic through the VPN” checkbox. Then close the Advanced Settings.

Step 6: Connect to OpenVPN

a. There are two ways to connect to the OpenVPN server.

One way is in the main Tunneblick dialog box. You can click the Connect button there:

The other way is to click the TunneBlick icon in the status area and select Connect Server.

b. You will be prompted to provide your OpenVPN username and password. These are the credentials provided to you by FoxyProxy. You can choose to save the credentials in the keychain if you wish.

c. After providing your credentials, you should see a series of screens next to the TunnelBlick icon in the status area. It should end with “Connected” in a GREEN text color. The connection can take up to 30 seconds to complete.

Confirm You’re Connected

To confirm you’re connected to the VPN, visit https://getfoxyproxy.org/geoip and ensure it shows a different location and IP address than you expect.

Tunnelblick Windows Download

Disconnecting

Click the OpenVPN icon in the status area and select “Disconnect”.

Uninstall Tunnelblick Mac

Highlighted Articles
News
Installing Tunnelblick
Uninstalling Tunnelblick
Setting up Configurations
Using Tunnelblick
Getting VPN Service
Common Problems
Configuring OpenVPN
Release Notes
Thanks
FAQ

Discussion Group
Read Before You Post

On This Page
The Problem
How to tell if you have a 'tap' VPN or a 'tun' VPN
When will this happen?
How to modify a 'tun' VPN so it will continue to work
If macOS Catalina still complains
Always load tun or always load tap
Disabling SIP
Old versions of Tunnelblick will not help
What Apple announced
What is Tunnelblick doing about it?

For the latest information about Tun and Tap VPNs on macOS Big Sur, see Tunnelblick and macOS Big Sur.

The Problem

Apple has announced changes to macOS which affect many users of Tunnelblick.

You might see a warning from Tunnelblick about this change, or you might see the following warning when connecting your VPN:

What this means is:

  • If you have a 'tap' VPN, a future version of macOS will cause your VPN to stop working. (Apple's announcement to developers is worded differently and may mean that users will be able to use some mechanism to enable 'tap' VPNs to continue to work, but that interpretation is contradicted by the warning shown above. See What Apple announced, below.) On macOS Big Sur you may be able to allow 'tap' VPNs to continue to work by disabling SIP. You may be able to convert your 'tap' VPN to a 'tun' VPN which will work. However, that requires being able to change the OpenVPN configurations on both your computer and on the VPN server, and it may not provide all of the networking facilities that you are currently using. Consult OpenVPN experts and support for help with doing this.

  • If you have a 'tun' VPN, your configurations may continue to work in future version of macOS without you doing anything, or you might need to make a simple change to the OpenVPN configuration file so that the configuration will continue to work. If your OpenVPN configuration file does not contain a 'dev-node' option, you do not need to do anything and the configuration will continue to work. If your OpenVPN configuration file does contain a 'dev-node' option, you will need to remove that option so the configuration continues to work (see below).

How to tell if you have a 'tap' VPN or a 'tun' VPN

  1. Click to select a configuration in the left side of the 'Configurations' panel of Tunnelblick's 'VPN Details' window.
  2. Click on the little 'gear' icon at the bottom of the list of configurations and click on either 'Examine OpenVPN Configuration file…' or 'Edit OpenVPN Configuration File…'. The configuration file will open in a window or in Apple's 'TextEdit' editor.
  3. Find a line that starts with 'dev tun', 'dev-type tun', or 'dev-node tun'. If you find one, you have a 'tun' VPN.
  4. Find a line that starts with 'dev tap', 'dev-type tap', or 'dev-node tap'. If you find one, you have a 'tap' VPN.

If you can't find a line that starts with any of the above, ask for help from the Tunnelblick Discussion Group.

When will this happen?

Apple does not announce its intentions in advance, so there may not be any prior notice of this change.

Our best guess based on similar situations in the past is that the earliest Apple will make this change is in the last version of macOS Catalina, which is expected to be released in July or August of 2020. However, it is also possible that Apple will make the change earlier or later, and it is possible that Tunnelblick's VPNs will continue to work for some period of time even after Apple makes the change.

For updated information about macOS Big Sur, see Tunnelblick on macOS Big Sur.

How to modify a 'tun' VPN so it will continue to work

You need to remove the dev-node option if it exists in the VPN's OpenVPN configuration file:

  1. Click to select a configuration in the left side of the 'Configurations' panel of Tunnelblick's 'VPN Details' window.
  2. Click on the little 'gear' icon at the bottom of the list of configurations. If you can click 'Make Configuration Private…', do so and have a computer administrator authorize the change. (If you can't click it, don't : )
  3. Click on the little 'gear' icon and click on 'Edit OpenVPN Configuration File…'. The configuration file will open in Apple's 'TextEdit' editor.
  4. Find a line that starts with 'dev-node tun'. If you find one, delete the line. If you dont find one, skip the next step.
  5. Look for a line that starts 'dev tun' or 'dev-type tun'. If neither one exists in the file, add a new line that says 'dev tun'.
  6. Quit TextEdit, saving the changes if asked.
  7. If you previously made the configuration private, make it shared by clicking the little 'gear' icon, clicking 'Make Configuration Shared', and having the change authorized by a computer administrator.

If you made changes to the file and did not change it from shared to private and back to shared, the next time you connect the configuration you will be asked to have a computer administrator authorize the changes.

If macOS Catalina still complains

Always load tun or always load tap

If you have a 'tun' VPN which does not need to be modified, or has been modified as described above, and Tunnelblick or macOS Catalina still complains, then you have changed a Tunnelblick setting and should restore it to the default setting. All configurations should be set to 'Load tun driver automatically' and 'Load tap driver automatically'. These settings are found on the 'Connecting & Disconnecting' tab of the 'Advanced' settings window. Tunnelblick 3.8.3beta03 and later will automatically disable loading of 'tun' and 'tap' system extensions on versions of macOS that do not allow Tunnelblick to load them.

Disabling SIP

System Integrity Protection ('SIP') is a feature of macOS which helps keep your computer safe (see About System Integrity Protection on your Mac).

Although it is not recommended because it makes your computer less safe, if you are using macOS Big Sur or later disabling SIP may allow your computer to connect a 'tap' VPN. See Configuring System Integrity Protection for instructions to disable SIP.

Old versions of Tunnelblick will not help

This situation is caused by a change in macOS, not a change in Tunnelblick, so older versions of Tunnelblick will not help. All Macs running OS X 7.5 or later should use the latest stable or beta version of Tunnelblick. See Deprecated Downloads for a version of Tunnelblick that should be used on earlier versions of OS X and on all PowerPC Macs.

What Apple announced

Apple has announced that 'future OS releases will no longer load system extensions that use deprecated KPIs by default'. Tunnelblick includes, and for some configurations loads one of two such extensions:

  • 'tap' configurations always require the use of one system extension.
  • 'tun' configurations may require the use of the other system extension but can easily be modified so no system extension is required.

It isn't clear what Apple means by the phrase 'by default'. It may mean that Apple will provide a mechanism for users to allow loading of system extensions that use deprecated KPIs. However, Apple's practice has been to make such mechanisms very difficult to use, and the warning in macOS Catalina does not indicate such a mechanism will be provided.

Beta versions of macOS Big Sur may allow system extensions to be loaded if SIP is disabled. See Tunnelblick on macOS Big Sur for an additional step that you need to take when using Tunnelblick 3.8.4beta01 and lower.

What is Tunnelblick doing about it?

In the short term:

  • macOS Catalina 10.15.5 loads Tunnelblick's system extensions. Although system extensions signed by 'Jonathan Bullard' must be interactively allowed by the user in the Security and Privacy window of System Preferences, macOS guides the user through the process.

  • macOS Big Sur 11.0 Developer Beta 3 (20A5323l) refuses to load Tunnelblick's existing, notarized system extensions unless SIP is disabled. It isn't known if this behavior will be present in future beta versions of Big Sur or in the final version of Big Sur. Apple's suggested workaround, using an 'installer package', cannot be easily integrated into the Tunnelblick installation process. It is possible that someone else will develop an installer which can load Tunnelblick's system extensions and make it publicly available, but there is no way to know if or when that will happen. (If it does happen, we expect to link to the installer or installers on the Downloads page.)

  • Versions of Tunnelblick that are running on macOS Big Sur may disable loading of system extensions. You may override this; see Tunnelblick on macOS Big Sur for details.

  • Apple proposes that programs such as Tunnelblick be modified to use a different method to accomplish the function that the system extensions currently perform. The current Tunnelblick developers do not have the time or expertise to use the new method Apple proposes and have no plans to do so. It is possible that someone else will develop such an alternative method and make it publicly available, but there is no way to know if or when that will happen. (If it does happen, we expect to include it in Tunnelblick.)

In the longer term:

At some point in the future when Tunnelblick no longer supports versions of macOS that can load system extensions, system extension loading and unloading will probably be removed from Tunnelblick. Historically, Tunnelblick has supported several years of macOS releases. As of June 2020 Tunnelblick supports OS X and macOS versions as far back as 10.7.5, which was released in 2012, so it is anticipated that the removal will not take place until the mid- to late-2020s.