News - tunnelblick - The Latest News About Tunnelblick - OpenVPN GUI for Mac OS X

Tunnelblick Discussion Group

Download Tunnelblick

News

Getting Started with Tunnelblick

Installation, Setup, and Usage

Troubleshooting

Releases

Customized Versions

For Developers

Reference

News

The Latest News About Tunnelblick

Updated May 8, 2012 by jkbull...@gmail.com

2012-05-08: Tunnelblick 3.3beta06 is available for download.

Enhances security by digitally signing Sparkle.framework (signed versions only).

Fixes a problem installing or launching Tunnelblick when a .tblk exists but is not a folder (i.e., not an OS X package).

Fixes problems on OS X 10.4 ('Tiger').

Fixes a problem that sometimes caused updates to unsigned versions of Tunnelblick instead of to signed versions.
Note: this was not caused by a problem in Tunnelblick itself -- it was caused by a misconfiguration on the tunnelblick.net website (the website used to check for updates). The misconfiguration was fixed on 2012-05-05 at 23:54 +04:00.

2012-05-03: Tunnelblick 3.2.6 is available for download.

Fixes a crash on OS X 10.4 ("Tiger") or PowerPC.

2012-04-29: Tunnelblick 3.2.5 is available for download.

Fixes a problem with the digital signatures of updates in 3.2.4.

2012-04-28: Tunnelblick 3.3beta04 is available for download.

SECURITY UPDATE: Replaces OpenSSL 1.0.1 with 1.0.1b.

Enhances security by making all of the application's contents owned by root.

Fixes several bugs and compiler warnings.

2012-04-27: Tunnelblick 3.2.4 is available for download.

SECURITY UPDATE: Replaces OpenSSL 1.0.0g with 1.0.1b.

Fixes a problem with 'While connected' actions not always being saved in the 'Advanced' settings window.

Disconnects a configuration if a Tunnelblick VPN Configuration script returns a non-zero (mod 256) result.

Includes enhancements to logging.

Fixes two bugs and several compiler warnings.

2012-03-16: Tunnelblick 3.3beta02 is available for download.

Includes several changes to notification windows, including displaying all windows when the pointer (mouse) is over the Tunnelblick icon in the menu bar and displaying 'bandwidth' statistics.

Includes OpenVPN 2.3alpha1 and OpenSSL 1.0.1.

Includes 'easy-rsa' scripts for creating certificates and keys, accessed from the new 'Utilities' tab.

Adds the ability to have a 'route-pre-down.tunnelblick.sh' script that is run before closing a connection. (Requires OpenVPN 2.3alpha1.)

Adds a 'Suggestion or Bug Report…' menu item to beta versions.

Includes many other enhancements and bug fixes.

2012-01-25: Tunnelblick 3.2.3 is available for download.

Fixes a security vulnerability in OpenSSL by updating to OpenSSL version 1.0.0g. See http://www.openssl.org/news/secadv_20120118.txt for details.

Fixes a bug that sometimes caused repeated restarts of a connection when the search domain changed after the connection was established.

"Deployed" versions that update from the Tunnelblick website always update to unsigned versions to avoid problems with the OS X Keychain.

Fixes some French localization.

At launch, if Tunnelblick is updating from the official Tunnelblick site and has an invalid digital signature (for example, the program is a Deployed version or has been modified in some other way by the user), an update to an unsigned version of Tunnelblick will be offered immediately -- even if the user has turned off automatic updates -- unless the "updateCheckAutomatically" preference is being forced to false or the user is not an administrator and the "onlyAdminCanUpdate' preference is false or not present.

2012-01-09: Tunnelblick 3.2.2 is available for download.

Fixes six OpenSSL security flaws by updating OpenSSL from 1.0.0e to 1.0.0f. See http://www.openssl.org/news/secadv_20120104.txt for details.

Fixes a problem that caused a restart of the connection as a result of a DHCP renewal.

Fixes failure to ask what should be done when the user enters an incorrect private key (passphrase).

2011-12-29: Tunnelblick 3.2.1 is available for download.

Fixes a problem preventing installation/update for some users on OS X 10.4.

Fixes problems connecting (loading tun/tap kexts) for some users.

2011-12-19: Tunnelblick 3.2 is available for download.

Stable 3.2 release -- not a beta release.

Fixes a security vulnerability found in Tunnelblick 3.2beta36. (See 2011-12-19 Tunnelblick Vulnerability FAQ for details.)

Includes complete Japanese localization by Yoshihisa Kawamoto.

Fixes a memory leak and a problem that caused a failure to localize tabs in the "Advanced" settings window.

2011-12-10: Tunnelblick 3.2beta36 is available for download.

Includes additional Japanese localization by Yoshihisa Kawamoto.

Adds more control over what Tunnelblick does when a network setting changes. Controls are located on the "While Connected" tab of the Advanced configuration settings. (These controls may not be modified if the per-configuration 'CONFIGURATIONNAME-leasewatchOptions' preference is present. That preference is now deprecated.)

Includes other minor changes and bug fixes.

2011-11-27: Tunnelblick 3.2beta34 is available for download.

Includes a Hungarian translation by Marcell Szabo and a Czech translation by Petr Šrajer.
Includes the latest Tuntap release (version 20111101) for Snow Leopard and higher (version 19990913 are used for Tiger and Leopard).
Automatically updates with the correct signed or unsigned version.
For an "Unsigned Release" build, " Unsigned" is appended to CFBundleShortVersionString (the marketing version string). Similarly, for a "Debug" build, " Debug" is appended.

2011-10-12: Tunnelblick 3.2beta32 is available for download.

Includes OpenSSL version 1.0.0e.
Complete Polish localization by Magdelena Zajac and Łukasz M.
Improved French localization by Olivier Borowski.
Removes extra logging by Tuntap kexts introduced in 3.2beta30.
Does not allow a configuration to be renamed or made private or made shared unless the configuration is disconnected.
Fixes a problem with configurations set to connect 'when computer starts'.
Fixes a problem not accepting digits in domain names pushed by the VPN server. Now accepts A-Z, a-z, 0-9, '-', and '.' in domain names. Does NOT accept internationalized domain names.

2011-08-31: Tunnelblick 3.2beta30 is available for download.

Includes an experimental version of the Tuntap kexts (device drivers) that should fix problems with kernel panics on Lion with some processors.
Includes both OpenVPN 2.1.4 and OpenVPN 2.2.1.
Includes complete localization for Catalan, German, Spanish, French, Korean, Norwegian, Dutch, Portuguese, Russian, Swedish, and Chinese (simplified).
Includes other new features and fixes several bugs.

2011-07-31: Tunnelblick 3.2beta28 is available for download.

Johan Nilsson and Tim Malmström have provided Swedish localization.
Prevents kernel panics on OS X 10.7 "Lion".
Includes other enhancements and fixes several bugs.

2011-07-20: Tunnelblick 3.2beta26 is available for download.

Aleix Dorca has provided a complete Catalan localization.
Emma Segev and Tjalling Soldatt have provided complete Dutch localization.
Peter K. O'Connor has provided complete Chinese (simplified) localization.
Dennis Ukhanov, Eugene Trufanov, Nail Gilmanov, & Victor Ptichkin have provided complete Russian localization.
Changes the 'Show/Hide Configuration on Tunnelblick Menu' menu command to be the 'Show on menu' checkbox on the 'Settings' tab.
Fixes several bugs.

2011-07-14: Tunnelblick 3.2beta24 is available for download.

Complete German localization by Marcus Schneider.
Complete French localization by Jeremy Sherman.
Complete Korean localization by Kyoungmin Kim.
Complete Norwegian localization by Jon Luberth.
Complete Portuguese localization by Denis Volpato Martins.
Includes OpenVPN version 2.2.1.
Includes other enhancements and fixes several bugs.

2011-07-01: Tunnelblick 3.2beta22 is available for download.

Includes LZO 2.05, replacing 2.03.
Sleep/wake change: When the computer wakes up, it now tries to reconnect all configurations that were connected, or were in the process of being connected, when it went to sleep. (Previously, Tunnelblick only tried to reconnect only those configurations that were connected when the computer went to sleep.)
Adds an additional layer of protection against attacks.
Fixes several bugs.

2011-06-29: Tunnelblick 3.2beta20 is available for download.

Fixes a bug causing domains to be ignored when 'Set nameserver' is selected.

2011-06-27: Tunnelblick 3.2beta18 is available for download.

Changes to the sound settings now take effect immediately.
Shows a splash screen during installation.
Cascades status windows when multiple status windows are being displayed simultaneously.
Fixes a problem that displayed incorrect sound 'on connect' and sound 'on unexpected disconnect' selections when no selections have been made. (Should have displayed 'None' for each, but displayed 'Glass' and 'Basso'.)
Includes several other small changes and bug fixes.

2011-06-24: Tunnelblick 3.2beta16 is available for download.

Portuguese localization by Denis Volpato Martins. Thanks!
Includes a single up/down script pair for Set nameserver which works for both tun and tap devices. Thanks to Nick Williams!
Implements a new simplified menu and a new 'VPN Details…' window:

Allows easy management of configurations, including renaming, duplicating, and removing them, and the ability to remove a configuration's credentials from the Keychain.
Includes a new GUI for modifying configuration settings, program preferences, and the appearance of the Tunnelblick icon and menu.

Optionally plays a sound when the connection is completed or unexpectedly terminated or restarted. By default, the system's 'Glass' sound is used as the tunnel up sound, and the system's 'Basso' sound is used as the tunnel unexpectedly down sound.
Includes several new features for VPN service providers.
Fixes several bugs and includes additional security protections.

2011-05-17: Tunnelblick 3.2beta14 is available for download.

Fixes a crash on startup on OS X 10.4 ("Tiger") and 10.5 ("Leopard").
Fixes a typo in the help page for the "Appearance" preferences.

2011-05-16: Tunnelblick 3.2beta12 is available for download.

Tunnelblick now has a preferences window.
The Tunnelblick menu has been streamlined.
Tunnelblick is digitally signed to avoid asking the user for permission to access the Keychain.
Contains other enhancements and fixes several bugs.

2011-04-29: Tunnelblick 3.2beta10 is available for download.

Includes OpenVPN 2.2 and PKCS#11 1.08.
Includes complete Portuguese localization by Denis Volpato Martins. Thanks, Denis!
Removes the 'Clear log' button from the Details… window. (It is no longer needed because the log display is cleared at the start of each connection and its size is limited to 100,000 characters. This limit can be overridden by the 'maxLogDisplaySize' preference.).
Fixes several bugs.

2011-04-26: Tunnelblick 3.2beta08 is available for download.

No longer uses the down-root plugin if there are no 'user' or 'group' options in the configuration file. (The 'XXX-useDownRootPlugin' preference is removed in this situation.)
'Monitor connection' is more tolerant of unimportant changes and may be customized.
Higher 'verb' levels may be used without performance degradation.
Fixes several bugs.

2011-04-06: Tunnelblick 3.2beta06 is available for download.

Allows copy/paste of usernames, passwords, and passphrases in the VPN login window. (For security reasons, passwords and passphrases may only be pasted.)
Fixes a bug that sometimes failed to alert the user when a VPN username/password or passphrase failed to be authenticated.
Allows Tunnelblick VPN Configurations ('.tblk' packages) to be uninstalled.
Includes several other enhancements and bug fixes.

2011-04-03: Tunnelblick 3.1.7 is available for download.

Fixes problems causing tun/tap kexts to be loaded even though preferences specify that the kext(s) are not to be loaded.
Fixes a problem with installing some Tunnelblick VPN Configurations (.tblk).

2011-02-19: Tunnelblick 3.1.6 is available for download. Full details are in the Release Notes.

Fixes a bug that caused up/down scripts in Tunnelblick VPN Configurations (.tblks) to be ignored.

2011-02-19: Tunnelblick 3.2beta04 is available for download. Full details are in the Release Notes.

Adds AppleScript support.
Includes complete French localization by Jeremy W. Sherman. Thanks, Jeremy!
Includes OpenSSL 1.0.0d.
Unloading of the foo.tap and foo.tun kexts is now attempted only if they are already loaded (previously, it was always attempted and errors were ignored).
Fixes problems with fast user switching and fixes several bugs.

2011-02-08: Tunnelblick not affected by OpenSSL security flaw

2011-02-02: Tunnelblick 3.2beta02 is available for download. Full details are in the Release Notes.

The following scripts may be included in a Tunnelblick VPN Configuration (.tblk package):

pre-connect.sh
post-tun-tap-load.sh
connected.sh
reconnecting.sh
post-disconnect.sh

Fixes problem installing Tunnelblick via double-click when the user's home folder is not on the same volume as /Applications/Tunnelblick.app

Other minor changes

2011-02-01: Tunnelblick 3.1.5 is available for download.

2011-01-28: Tunnelblick 3.1.4 is available.

2011-01-28: OS X 10.4 ("Tiger") Installation Failure

2011-01-27: Security Vulnerability

2011-01-12: Security Vulnerability

2010-12-25: Tunnelblick 3.1.2 is available.

Removes the 'warns the user when certain unexpected disconnections occur' feature added in version 3.1.1 because it caused Tunnelblick to hang under certain conditions of sleep/wake cycles and/or screensavers. This feature will return in more robust form in a future beta release.

2010-12-18: Tunnelblick 3.1.1 is available. Full details are in the Release Notes.

Fixes several problems and warns the user about unexpected disconnections.

2010-12-05: Tunnelblick 3.1 is available. Full details are in the Release Notes.

Only the version and build numbers were updated.

2010-12-03: Tunnelblick 3.1beta24 is available. Full details are in the Release Notes.

Updates to use OpenSSL 1.0.0c, which fixes several security vulnerabilities.

Searches for the icon set folder in Tunnelblick.app/Contents/Resources/Deploy and then in /Library/Application Support/Tunnelblick/Shared before defaulting to the version in Tunnelblick.app/Contents/Resources.

Fixes bug that caused an unneeded folder (dmgFiles) to be built into Tunnelblick.app/Contents/Resources.

2010-12-01: Tunnelblick 3.1beta22 is available. Full details are in the Release Notes.

Updated to include OpenVPN 2.1.4 and OpenSSL 1.0.0b.

Adds a note to the OpenVPN log (in the Details… window) when the computer goes to sleep or wakes up and a connection is terminated/restarted.

Fixes a problem modifying 'Set nameserver' on other-than-the-first connection.

Fixes an OpenVPN problem with special case route targets ('remote_host')

2010-10-31: Tunnelblick 3.1beta20 is available. Full details are in the Release Notes.

Removed confusing question when Tunnelblick is launched and foo.tap and/or foo.tun (old Tunnelblick kexts) are loaded. The question asked if foo.tun and foo.tap should be unloaded. Now they are unloaded only as needed to make a connection: foo.tap is unloaded if net.tunnelblick.tap is being loaded for the connection, and foo.tun is unloaded if net.tunnelblick.tun is being loaded for the connection. The 'skipAskingToUnloadFooKexts' preference is no longer used. To override Tunnelblick's automatic loading of the tun or tap kexts required for a connection, see the following per-configuration Preferences: "-doNotLoadTunKext", "-doNotLoadTapKext", "-loadTunKext", and "-loadTapKext".

2010-10-16: Tunnelblick 3.1beta18 is available. Full details are in the Release Notes.

When there are more than eight configurations, the Details… window changes to display a list of connections on the left side and a single tab with the log and controls on the right. This was done because of OS X problems when there are a large numbers of tabs. The 'maximumNumberOfTabs' preference specifies the maximum number of tabs to display; if there are more than that many configurations, the display will change as described above. The preference defaults to 8. Set this preference to 0 to always show configurations in a list on the left.

Streamlines installation by double-clicking to have only one dialog box explaining what will be installed and asking for admin username/password.

Fixes bug which prevented Standard users from installing Tunnelblick by double-clicking.

Fixes bugs in automatic installation of .tblks when installing Tunnelblick.

2010-10-08: Tunnelblick 3.1beta16 is available. Full details are in the Release Notes.

Replaces the 'Set nameserver' checkbox with a drop-down list that can display additional choices to allow different up/down scripts to be used.

Adds the ability to add menu items to the Tunnelblick menu to execute programs (e.g., scripts).
Adds the ability to specify programs that should be executed when Tunnelblick is launched or when a connection is attempted.

Includes localization-related code tweaks by Stefan Bethke and additional German localization by Stefan Bethke, Marcus Schneider, and 'Dr Hok'.

Fixes a formatting error when displaying file permissions in error messages about being unable to change permissions.

Fixes a problem causing a connection restart when 'Set nameserver' is used, a DHCP renewal occurs, and there are no WINS settings.

Fixes issues when using OpenDirectory and the user's home directory is on a non-Mac platform.

2010-09-09: Tunnelblick 3.1beta14 is available. Full details are in the Release Notes.

Fixes a problem that, under certain circumstances, crashes client.down.tunnelblick.sh. ( Issue 159 .)

Thanks to Mohammad A. Haque, this release imbeds the OpenSSL version. 1.0.0a library into the included OpenVPN binary. This adds support for over 60 additional digests, ciphers, and TLS ciphers.

Includes OpenVPN version 2.1.3.

2010-08-08: Tunnelblick 3.1beta12 is available. Full details are in the Release Notes.

New features include:

Italian localization thanks to Pierpaolo Gulla (Grazie!).

Implements a single, system-wide keyboard shortcut (command-option-F1 by default) to expose the Tunnelblick menu.

No longer displays Tooltips by default.

Terminates faster if going to sleep or if no unknown OpenVPN processes exist and no 'when computer starts' configurations are connected.

Fixes several bugs and includes a workaround for an OpenVPN bug.

2010-07-29: Tunnelblick 3.1beta10 is available. Full details are in the Release Notes.

This beta includes an important bug fix:

Fixes bugs in the shadow copy mechanism that caused connect failures, log-hookup failures, and (possibly) other problems. Thanks to Jim Bo for pointing out the first problem and suggesting a solution. The bugs were introduced in 3.1beta08.

New features include:

Configurations located in subfolders are displayed in submenus of the main Tunnelblick menu.

When a Tunnelblick VPN Configuration (.tblk package) is installed, all Tunnelblick VPN Configurations within it will be installed. If these 'inner' configurations are inside subfolders of the outer .tblk, they will be installed as subfolders of the configurations folders and will appear in submenus of the main Tunnelblick menu.

Automatic installation of configurations from the .dmg has changed: Only one Tunnelblick VPN Configuration (.tblk packages) in the '.auto-install' or '.auto-install' folders and their subfolders is installed.

2010-07-10: Tunnelblick 3.1beta08 is available. Full details are in the Release Notes.

In addition to fixing bugs, this release adds several new features:

Benji Greig has updated the Tunnelblick icon for Coverflow and created a distinctive icon for Tunnelblick VPN Configurations and a new background image for the disk image. Thanks, Benji!

Log processing and display have been rewritten:

Log files are created each time a connection is made.
When displaying the log, the entries are merged such that script log entries follow OpenVPN log entries that have the same date/time.
The log display now shows the most recent 10000 entries. Earlier entries are not displayed, but are in the log files stored in /tmp/tunnelblick/logs.

The DNS cache is flushed after a tunnel is established and after it is torn down. This is enabled by default but may be disabled by the per-connection "-doNotFlushCache" preference.

Tunnelblick VPN Configurations (.tblk packages) may now be shadow copied.

Configurations (.conf, .ovpn, and .tblk) may be stored in subfolders. Note that .tblk configurations are installed at the top level of the shared or private folder; they must then be moved to a subfolder if that is desired.

2010-06-07: Tunnelblick 3.1beta06 is available.

This is mainly a bug-fix release, but it adds one new feature: It runs new scripts, pre-connect.sh and post-disconnect.sh, as root before connecting and/or after disconnecting if the scripts exist. (They must be in a .tblk package). This allows manipulation of kexts and/or the network configuration before the tun/tap kexts are loaded and OpenVPN is run and after OpenVPN exits and the kexts are unloaded.

The full list of changes is in the Release Notes.

2010-05-27: Tunnelblick 3.1beta04 is available.

This is mainly a bug-fix release, but there are some new features:

The pipes for script output to "Details…" window are created on demand instead of when Tunnelblick launches, so if you have 50 configurations, Tunnelblick won't create 50 pipes when launched.

A DHCP renew which restores the original DNS and/or WINS information no longer causes the connection to restart. This new behavior can reversed be by setting Tunnelblick the boolean preferences '-doNotRestoreOnDnsReset' and/or '-doNotRestoreOnWinsReset' to TRUE.

The up, down, and leasewatch scripts have been modified to implement options for the scripts which Tunnelblick causes OpenVPN to put first (before OpenVPN parameters) in the command line which starts the up/down scripts.

The full list of changes is in the Release Notes.

2010-05-14: Tunnelblick 3.1beta02 is available.

The full list of changes is in the Release Notes.

New features include:

Tunnelblick VPN Configurations: All of the files associated with one configuration may be collected together and put into a Tunnelblick VPN Configuration. Tunnelblick VPN Configurations include features such as version control that make them easy to use for distribution to multiple Tunnelblick users.

Shared configurations: Tunnelblick VPN Configurations may be shared by all users of a computer without being installed for each user individually. A button on the "Details…" window switches a configuration from Shared to Private or Private to Shared.

Connect when computer starts: Shared and Deployed Tunnelblick VPN Configurations may be set to automatically connect when the computer starts, before anyone is logged in. Such connections can persist through login and logout and may be controlled by Tunnelblick when a user is logged in.

Tunnelblick deals with the .tun and .tap kexts more flexibly.

Please give feedback on the new features or report problems in the Tunnelblick Discussion Group.