Tunnelblick Openvpn Mac

broken image


Disclaimer: Installation and use of any software made by third party developers is at your own discretion and liability. We share our best practices with third party software but do not provide customer support for them.

Tunnelblick's official website is at Tunnelblick is a free, open source graphic user interface for OpenVPN on Mac OS X. It provides easy control of OpenVPN client and/or server connections. It comes as a ready-to-use application with all necessary binaries and drivers (including OpenVPN and tun/tap drivers). If you want to use IPv6, open the Tunnelblick settings. To do this, click on the Tunnelblick icon in the icon bar at the top right and click on the VPN Details. In this window, select the currently imported profile on the left, switch to the Settings tab and uncheck Disable IPv6 unless the VPN server is accessed using IPv6.

Tunnelblick openvpn mac download
Tunnelblick Openvpn Mac

Please Note: This guide assumes that you are using Safari and have 'Allow files to Open/Execute (aka Safe Files) upon download completion' enabled. If you are not, you may have issues with Step 9 ongoing.


  1. Download the Latest TunnelBlick install from https://tunnelblick.net/downloads.html
  2. Double Click the Tunnelblick dmg from your downloads folder to mount the image
  3. Double Click on the Tunnelblick icon to install.
  4. If you get a notice that 'Tunnelblick is an Application downloaded from the Internet' Click Open to confirm that you want to Open it.
  5. Type your computer Admin password to allow the Install.
  6. Click Launch
  7. Click I Have Configuration Files
  8. Download the Configuration Files https://www.privateinternetaccess.com/openvpn/openvpn.zip
  9. Rename this downloaded file as openvpn.tblk and on the window that appears, choose 'Add' to accept the file extension change. Double click openvpn.tblk, and allow the option to apply installation of multiple files.
  10. Tunnelblick will ask if you want to add for All users, or just your user.
  11. Enter your computer Admin password to allow the configuration file to be added.
  12. Click the Tunnelblick icon in the Menu bar to connect
  13. Enter your Username and password when prompted.

EASY Setup Guides for Alternate Configurations (Advanced):

Tunnelblick Openvpn Mac Download


If you need encryption, please use the Private Internet Application or OpenVPN protocol with our service.




  • OpenVPN Configuration Files (Recommended Default)
    OpenVPN Configuration Files (Recommended Default windows only plus block-outside-dns)
    OpenVPN Configuration Files (Strong)
Tunnelblick Openvpn Mac
Tunnelblick Openvpn Mac

  • Legacy

    Although quite different from a VPN, we provide a SOCKS5 Proxy with all accounts in the event users require this feature.
    SOCKS5 Proxy Usage Guides
    proxy-nl.privateinternetaccess.com port 1080
    Enable port forwarding in the application by entering the Advanced area, enabling port forwarding and selecting one of the following gateways:
    After enabling port forwarding and re-connecting to one of the above gateways, please hover your mouse over the System Tray or Menu Bar icon to reveal the tooltip which will display the port number. You can then enter this port into your software.
    Port Forwarding reduces privacy. For maximum privacy, please keep port forwarding disabled.
    IPv6 leak protection disables IPv6 traffic while on the VPN. This ensures that no IPv6 traffic leaks out over your normal internet connection when you are connected to the VPN. This includes 6to4 and Teredo tunneled IPv6 traffic.
    The dns leak protection feature activates VPN dns leak protection. This ensures that DNS requests are routed through the VPN. This enables the greatest level of privacy and security but may cause connectivity issues in non-standard network configurations.
    This can be enabled and disabled in the Windows application, while it is enabled by default on our macOS application.
    We use our own private DNS servers for your DNS queries while on the VPN. After connecting we set your operating system's DNS servers to 209.222.18.222 and 209.222.18.218. When using a DNS Leak testing site you should expect to see your DNS requests originate from the IP of the VPN gateway you are connected to.
    If you change your DNS servers manually or if for some other reason they are changed this does not necessarily mean your DNS is leaking. Even if you use different DNS servers the queries will still be routed through the VPN connection and will be anonymous.
    The internet kill switch activates VPN disconnect protection. If you disconnect from the VPN, your internet access will stop working. It will reactivate normal internet access when you deactivate the kill switch mode or exit the application.
    Users who may be connected to two connections simultaneously (ex.: wired and wireless) should not use this feature, as it will only stop 1 active connection type.
Tunnelblick for pc

Please Note: This guide assumes that you are using Safari and have 'Allow files to Open/Execute (aka Safe Files) upon download completion' enabled. If you are not, you may have issues with Step 9 ongoing.


  1. Download the Latest TunnelBlick install from https://tunnelblick.net/downloads.html
  2. Double Click the Tunnelblick dmg from your downloads folder to mount the image
  3. Double Click on the Tunnelblick icon to install.
  4. If you get a notice that 'Tunnelblick is an Application downloaded from the Internet' Click Open to confirm that you want to Open it.
  5. Type your computer Admin password to allow the Install.
  6. Click Launch
  7. Click I Have Configuration Files
  8. Download the Configuration Files https://www.privateinternetaccess.com/openvpn/openvpn.zip
  9. Rename this downloaded file as openvpn.tblk and on the window that appears, choose 'Add' to accept the file extension change. Double click openvpn.tblk, and allow the option to apply installation of multiple files.
  10. Tunnelblick will ask if you want to add for All users, or just your user.
  11. Enter your computer Admin password to allow the configuration file to be added.
  12. Click the Tunnelblick icon in the Menu bar to connect
  13. Enter your Username and password when prompted.

EASY Setup Guides for Alternate Configurations (Advanced):

Tunnelblick Openvpn Mac Download


If you need encryption, please use the Private Internet Application or OpenVPN protocol with our service.




  • OpenVPN Configuration Files (Recommended Default)
    OpenVPN Configuration Files (Recommended Default windows only plus block-outside-dns)
    OpenVPN Configuration Files (Strong)

  • Legacy

    Although quite different from a VPN, we provide a SOCKS5 Proxy with all accounts in the event users require this feature.
    SOCKS5 Proxy Usage Guides
    proxy-nl.privateinternetaccess.com port 1080
    Enable port forwarding in the application by entering the Advanced area, enabling port forwarding and selecting one of the following gateways:
    After enabling port forwarding and re-connecting to one of the above gateways, please hover your mouse over the System Tray or Menu Bar icon to reveal the tooltip which will display the port number. You can then enter this port into your software.
    Port Forwarding reduces privacy. For maximum privacy, please keep port forwarding disabled.
    IPv6 leak protection disables IPv6 traffic while on the VPN. This ensures that no IPv6 traffic leaks out over your normal internet connection when you are connected to the VPN. This includes 6to4 and Teredo tunneled IPv6 traffic.
    The dns leak protection feature activates VPN dns leak protection. This ensures that DNS requests are routed through the VPN. This enables the greatest level of privacy and security but may cause connectivity issues in non-standard network configurations.
    This can be enabled and disabled in the Windows application, while it is enabled by default on our macOS application.
    We use our own private DNS servers for your DNS queries while on the VPN. After connecting we set your operating system's DNS servers to 209.222.18.222 and 209.222.18.218. When using a DNS Leak testing site you should expect to see your DNS requests originate from the IP of the VPN gateway you are connected to.
    If you change your DNS servers manually or if for some other reason they are changed this does not necessarily mean your DNS is leaking. Even if you use different DNS servers the queries will still be routed through the VPN connection and will be anonymous.
    The internet kill switch activates VPN disconnect protection. If you disconnect from the VPN, your internet access will stop working. It will reactivate normal internet access when you deactivate the kill switch mode or exit the application.
    Users who may be connected to two connections simultaneously (ex.: wired and wireless) should not use this feature, as it will only stop 1 active connection type.

Tunnelblick For Ipad

Highlighted Articles
News
Installing Tunnelblick
Uninstalling Tunnelblick
Setting up Configurations
Using Tunnelblick
Getting VPN Service
Common Problems
Configuring OpenVPN
Release Notes
Thanks
FAQ

Discussion Group
Read Before You Post

On This Page
The Tunnelblick Application
OpenVPN, Drivers, and Standard Scripts
Log Files
Key and Certificate Files
Configuration Files
Custom Scripts
LaunchDaemons
Preferences
One More Thing

The Tunnelblick Application

The Tunnelblick application, Tunnelblick.app, must be stored directly in /Applications on the startup volume for security reasons. Thus it cannot be used from network drives or internal or external drives including thumb or flash drives, CD/DVD drives, etc. unless they are being used as the startup volume. Running Tunnelblick from from anywhere except /Applications on the startup volume will result in an offer to install Tunnelblick in /Applications on the startup volume.

OpenVPN, Drivers, and Standard Scripts

The OpenVPN program, openvpn-down-root.so, the Tun and Tap system extension files, and standard client up/down scripts are included with, and contained within, Tunnelblick.app.

Log Files

Log files are stored in /Library/Application Support/Tunnelblick/Logs. (Early versions of Tunnelblick stored them in /tmp/tunnelblick). The log files for a configuration are created or deleted and recreated each time the connection is made. There are two log files for each configuration, an OpenVPN log file and a scripts log file. The contents of the files are merged in the display in Tunnelblick's 'VPN Details' window.

Key and Certificate Files

These may be stored anywhere, but typically they are stored in the same folder as the configuration (.ovpn or .conf) file. Key and certificate files associated with a Tunnelblick VPN Configuration (.tblk) are stored inside the configuration itself.

Key and certificate files usually have an extension of .cer, .crt, .der, .key, .p12, .p7b, .p7c, .pem, or .pfx.

Configuration Files

There are two types of configuration files:

  • Tunnelblick VPN Connection files (.tblk files), which include within them one OpenVPN configuration file and all key, certificate, and script files used by the configuration; and

  • OpenVPN configuration files (.ovpn and .conf files). Keys, certificates, and scripts associated with a configuration file are often stored as separate files, but may be included within the configuration file itself.

Note: Configurations should always be installed by dropping them on the Tunnelblick icon in the menu bar. If you just move or copy them they may not work properly.

There are five places configuration files may be stored:

  • Private configurations, including both types of files, are stored in '~/Library/Application Support/Tunnelblick/Configurations'. Since these files are all located in the user's Library folder, they must be set up separately for each user. (Note that the '~' in the path indicates the user's home folder; thus the folder is actually located somewhere such as /Users/username/Library/Application Support/Tunnelblick/Configurations. Do not confuse this Library folder with the /Library folder located at the root of the filesystem.)

  • Shared configurations, which can only be Tunnelblick VPN Connection files, are stored in /Library/Application Support/Tunnelblick/Shared. Shared configurations do not need to be set up for each user. (In fact, that's the whole point of sharing them!)

  • Deployed configurations, including both types of files, are stored within the Contents/Resources folder of Tunnelblick.app itself. They do not need to be set up for each user, and are accessible to all users of the computer with access to the application. (To access the internal contents of Tunnelblick.app in the Finder, Control-click Tunnelblick.app in the Applications folder and click 'Show Package Contents'.)

  • 'Shadow' copies of configuration files (if they exist) are located in /Library/Application Support Tunnelblick/Users/username. See 'useShadowConfigurationFiles' in Preferences for details. Shadow copies are created and maintained by Tunnelblick.

  • Backup copies of Deployed configurations are stored in subfolders of /Library/Application Support/Tunnelblick/Backup. These configurations will be restored if a version of Tunnelblick which is not a Deployed version is installed, making it into a Deployed version.

Note: Prior to Tunnelblick version 3.0b24, private configuration files were stored in ~/Library/openvpn. Version 3.0b24 and later versions automatically move that folder to its new location, and replace it with a symbolic link to the new location.

Custom Scripts

There are two types of custom scripts that can be run at certain points in the connect/disconnect process:

  • Scripts supported by OpenVPN: Scripts referred to in the OpenVPN configuration file may be included in a Tunnelblick VPN configuration; use filenames without any path information to refer to them in the OpenVPN configuration file.

  • Scripts supported by Tunnelblick: Tunnelblick VPN Configurations ('.tblk's) can contain custom scripts that will be run automatically at other points in the connect/disconnect process.

These scripts should be located in a Tunnelblick VPN Configurations without any folder structure, and references to them should not contain any path information.

For more information, see Using Scripts.

LaunchDaemons

Durring installation, Tunnelblick sets up a 'daemon' to perform privileged operations such as starting OpenVPN as root. The daemon has a .plist file named net.tunnelblick.tunnelblick.tunnelblickd.plist in /Library/LaunchDaemons.

If a configuration is set to connect when the computer starts, it has a .plist file located in /Library/LaunchDaemons. These .plist files are all named starting with 'net.tunnelblick.startup.'

Preferences

A user's Tunnelblick preferences are contained in ~/Library/Preferences/net.tunnelblick.tunnelblick.plist.

Note: In Tunnelblick 3.2beta10 and earlier, preferences are stored in ~/Library/Preferences/com.openvpn.tunnelblick.plist.

Deployed versions of Tunnelblick may contain a 'forced-preferences.plist' file within the Tunnelblick application itself. They are used to override the user's normal preferences; see Deploying Tunnelblick for details.

Tunnelblick VPN Configurations may also include preference defaults, which are used to initialize the user's preferences (which may then be changed by the user).

One More Thing

Under certain circumstances, Tunnelblick replaces the configuration folder that very old versions of Tunnelblick use,
~/Library/openvpn
with a symbolic link to the new location of the folder,
~/Library/Application Support/Tunnelblick/Configurations





broken image
PreviousNext
Cookie Use
We use cookies to improve browsing experience, security, and data collection. By accepting, you agree to the use of cookies for advertising and analytics. You can change your cookie settings at any time. Learn More
Accept all
Settings
Decline All
Cookie Settings
Necessary Cookies
These cookies enable core functionality such as security, network management, and accessibility. These cookies can’t be switched off.
Analytics Cookies
These cookies help us better understand how visitors interact with our website and help us discover errors.
Preferences Cookies
These cookies allow the website to remember choices you've made to provide enhanced functionality and personalization.
Save