My CA.crt (stupidly) had a short expiration. My clients got a constantly looping authentication.Tunnelblick: OS X 10.14.1; Tunnelblick 3.7.8beta01 (build 5160); prior version 3.7.7beta06 (build 5140); Admin user. Tunnelblick is a user-friendly and unobtrusive macOS application that enables you to take control over the OpenVPN client and server connections from within a simple and clean interface. Complete package to connect to a VPN server from your Mac. The Tunnelblick utility comes with all the necessary. Viscosity is an OpenVPN client for Mac and Windows, providing a rich user interface for creating, editing, and controlling VPN connections. Tunnelblick's system extensions run as a native programs on M1 and Intel-64 processors. The Tunnelblick application and OpenVPN run as a native program on Intel-64 processors, and run under Rosetta 2 on M1 processors. Updates translations. Fixes a problem that caused the Tunnelblick application to crash. Fixes bad links in warnings.
![Tunnelblick 2fa Tunnelblick 2fa](/uploads/1/1/3/6/113633031/697430400.png)
Highlighted Articles News Installing Tunnelblick Uninstalling Tunnelblick Setting up Configurations Using Tunnelblick Getting VPN Service Common Problems Configuring OpenVPN Release Notes Thanks FAQ Discussion Group Read Before You Post | On This Page It's complicated! I used a different program and uninstalled it, but with Tunnelblick all I can see are my old configurations! How can you tell if OpenVPN connected to a server? If OpenVPN is not connected to the server OpenVPN Connects, but you can't surf the Internet A connection is established, but drops out or is restarted after a few seconds or minutes, or DNS stops working after a few minutes An error messages says to see details in the Console Log An error message says 'write to TUN/TAP : Input/output error (code=5)' An error message says 'You have tried to connect using a configuration file that is the same as the sample configuration file installed by Tunnelblick' An OpenVPN log entry says 'potential route subnet conflict' An OpenVPN log entry says 'Cannot allocate TUN/TAP dev dynamically' An error message says 'Tunnelblick was not able to load a device driver (kext) that is needed to connect...' An OpenVPN log entry says 'Tunnelblick: openvpnstart status #247: Error: Unable to load tun and tap kexts. Status = 71' An OpenVPN log entry says 'Tunnelblick: openvpnstart status #247: Error: Unable to load net.tunnelblick.tun and/or net.tunnelblick.tap kexts in 5 tries. Status = 71' An OpenVPN log entry says 'Note: unable to redirect default gateway -- Cannot read current default gateway from system' An OpenVPN log entry says 'Cannot load certificate file XXX.crt: error: 02001002:system library:fopen:No such file or directory: error: 20074002:BIO routines:FILE_CTRL:system lib: error:140AD002:SSL routines' An OpenVPN log entry says 'TLS Error: Auth Username/Password was not provided by peer' An OpenVPN log entry says 'script failed: could not execute external program' Cannot Empty the Trash I am repeatedly asked for my password or token value (Tunnelblick 3.6.9beta02 or higher) It's complicated!Tunnelblick is an interface for OpenVPN. Most problems people think they have with Tunnelblick are really problems they are having with OpenVPN, so what follows is a mix of information about Tunnelblick and OpenVPN. OpenVPN is such a powerful tool with so many options, and computer configurations are so varied, that it is difficult to have an exhaustive guide to troubleshooting problems. Tunnelblick is designed to deal easily with the most common setups, so if it doesn't apply to your situation, or doesn't help, ask the Tunnelblick Discussion Group or the OpenVPN users mailing list for help. I used a different program and uninstalled it, but with Tunnelblick all I can see are my old configurations!The different program (for example, Urban Shield) uses a customized version of Tunnelblick that makes backups of their configurations and restores them when Tunnelblick starts up, and also hides all other configurations. To solve this problem:
How can you tell if OpenVPN connected to a server?
If OpenVPN is not connected to the serverIf OpenVPN can't connect to the server and Tunnelblick hasn't popped up a window explaining why, there should be one or more error messages in the OpenVPN log to indicate what the problem is. To see the OpenVPN log, click on the Tunnelblick icon, click on 'VPN Details', click on the large 'Configurations' button at the top of the window, click on the name of the configuration you are troubleshooting on the left side of the window, and then click on the 'Log' tab on the right side. The OpenVPN log is the large area of black text on a white background. (It contains messages from Tunnelblick in addition to the messages from OpenVPN.) Look at lines near the end of the log for an error message. OpenVPN Connects, but you can't surf the InternetSee Connects OK, But.... A connection is established, but drops out or is restarted after a few seconds or minutes, or DNS stops working after a few minutesThis can have several causes:
An error messages says to see details in the Console LogSee The Console Log for instructions on viewing the Console Log. An error message says 'write to TUN/TAP : Input/output error (code=5)'OpenVPN may display a series of these messages when using a TAP connection. Although a few such messages are normal, if they continue to be displayed for more than a few seconds and the connection is never established, try to connect with DNS/WINS set to 'Set nameserver (alternate 1)'. An error message says 'You have tried to connect using a configuration file that is the same as the sample configuration file installed by Tunnelblick'This means that you have tried to connect to a VPN without setting up a configuration file. Consult your network administrator or your VPN service provider to obtain configuration and other files or the information you need to modify the sample file. For more information, see Getting VPN Service. An OpenVPN log entry says 'potential route subnet conflict'This means that the remote network you are creating a VPN to has IP addresses that are also in your local LAN. One way to fix this is to include a 'redirect gateway local' option in the OpenVPN configuration file and un-check Tunnelblick's 'Route all IPv4 traffic through the VPN'. (All traffic will still be routed through the VPN because of the 'redirect gateway' option.) Another way to fix this is to change the addresses of your local LAN. You do this by changing your router's configuration. For some routers you specify the first three numbers of the LAN (e.g. 192.168.77); in other routers you specify the address of the router itself (e.g. 192.168.77.1). After changing the LAN address, you should restart all computers (and other network devices including network printers), so they start using addresses in the new address range. Example: WARNING: potential route subnet conflict between local LAN [192.168.1.0/255.255.255.0] and remote VPN [192.168.1.0/255.255.255.0] This means that both the remote network and your local network are using the 192.168.1. ** range of IP addresses. So change your local network to use, for example, 192.168.5.** , or 192.168.23.* . If you get the same warning message, try another address range.An OpenVPN log entry says 'Cannot allocate TUN/TAP dev dynamically'This problem indicates a problem with the Tun and/or Tap system extensions.
An error message says 'Tunnelblick was not able to load a device driver (kext) that is needed to connect...'An OpenVPN log entry says 'Tunnelblick: openvpnstart status #247: Error: Unable to load tun and tap kexts. Status = 71'An OpenVPN log entry says 'Tunnelblick: openvpnstart status #247: Error: Unable to load net.tunnelblick.tun and/or net.tunnelblick.tap kexts in 5 tries. Status = 71'Please see Errors Loading System Extensions. An OpenVPN log entry says 'Note: unable to redirect default gateway -- Cannot read current default gateway from system'There is a problem (in macOS and/or OpenVPN) which causes OpenVPN to be unable to read the default gateway when you try to connect OpenVPN through an existing PPP connection; here is a workaround:
An OpenVPN log entry says 'Cannot load certificate file XXX.crt: error: 02001002:system library:fopen:No such file or directory: error: 20074002:BIO routines:FILE_CTRL:system lib: error:140AD002:SSL routines'Your certificate file (XXX.crt) was not found. Usually the file should be in the same folder as the OpenVPN configuration file, not in a subfolder. For example, if the configuration file has a line such as cert abcde.crt or ca abcde.crt then the file abcde.crt should be in the same folder as the configuration. If the configuration file has a line such as cert xyz/abcde.crt or ca xyz/abcde.crt then the file abcde.crt should be in the xyz subfolder of the folder with the configuration. An OpenVPN log entry says 'TLS Error: Auth Username/Password was not provided by peer'Your client configuration file should include an 'auth-user-pass' option. An OpenVPN log entry says 'script failed: could not execute external program'An up or down script contains an error. Common causes:
Cannot Empty the TrashIf you dragged an old copy of Tunnelblick to the Trash and now cannot empty the Trash and because Finder complains that something is 'in use' (probably something named Sparkle.framework), try the following: Launch Terminal (in /Applications/Utilities). Copy/paste the following into Terminal: You will be asked for your password. Type it in (it will not show up as you type it) then press the 'enter/return' key on the keyboard. Quit Terminal, then try to empty the Trash. I am repeatedly asked for my password or token value (Tunnelblick 3.6.9beta02 or higher)For some OpenVPN setups that use 'small block' ciphers and username/password authentication or two-factor authentication (2FA), this can be very annoying because the user will be asked to authenticate each time 64 MB has been transferred through the VPN. There are several ways to avoid the problem:
More information is available at OpenVPN and SWEET32. |
Tunnelblick For Ios
Highlighted Articles News Installing Tunnelblick Uninstalling Tunnelblick Setting up Configurations Using Tunnelblick Getting VPN Service Common Problems Configuring OpenVPN Release Notes Thanks FAQ Discussion Group Read Before You Post | On This Page Uninstalling Tunnelblick To Use the Uninstaller Included in Tunnelblick To Use the Separate Tunnelblick Uninstaller Program Warnings When Uninstalling Backing Up and Restoring Configurations and Settings Uninstalling TunnelblickNotes:
To Use the Uninstaller Included in Tunnelblick
To Use the Separate Tunnelblick Uninstaller ProgramFirst, download an uninstaller disk image from the Downloads page and double-click it. (The uninstall program may be used to uninstall any version of Tunnelblick or any rebranded version of Tunnelblick.) To uninstall a recent version of Tunnelblick(3.3beta22 and higher), or an earlier Tunnelblick application located in /Applications, or any version of Tunnelblick which has been dragged to the Trash (whether or not the Trash has been emptied):
OR To uninstall an earlier version of Tunnelblick which is not located in /Applications or the Trash, or to uninstall RaptorVPN, Urban Shield VPN, or some other rebranded version of Tunnelblick:
Restarting your computer may not be necessary, but restart if it isn't too inconvenient. * If you get a 'spinning beachball' when you click the Tunnelblick icon, that usually means that Tunnelblick has a window open and is waiting for your response. Use macOS Exposé to find it or minimize or close the windows of all other applications (and in all Spaces) to expose the window. If Tunnelblick does not have an open window, you will have to force Tunnelblick to quit. Follow the procedure described in this discussion in the Tunnelblick Discussion Group.Warnings When UninstallingWhen uninstalling Tunnelblick on some versions of macOS, the system will show warning windows. You must click the 'OK' button in each of the windows to continue the uninstall: However, the third window displayed by macOS is incorrect: The first two warnings are correct: Tunnelblick Uninstaller does control Finder and System Events. It does that as part of the normal uninstall process, to access and delete files and information related to Tunnelblick. The third window displayed by macOS is completely wrong. Tunnelblick Uninstaller DOES NOT want to access your contacts, nor does it access your contacts or any other personal information except information you have entered in Tunnelblick settings and configurations. Tunnelblick Uninstaller does access some files and folders in your home directory, but only files and folders that Tunnelblick created or modified when it was installed. It also accesses corresponding files and folders of all of the other users you have created on your computer. We take your privacy very seriously. For more information, please see Tunnelblick Privacy. Backing Up and Restoring Configurations and SettingsYou can use 'Export Tunnelblick Setup' to save a backup copy of your Tunnelblick settings. See Exporting and Importing Tunnelblick Setups for details. |