Tunnelblick Mac Download

Posted on by

The purpose of this document is to lead the users to configure theirs OpenVPN clients to access to a VPN server. We will see how to install and configure the most used OpenVPN’s GUI for Microsoft Windows, Linux, Mac OS X and Windows Mobile for Pocket PC. At the end of the document we will learn to use the OpenVPN’s command line interface. This last possibility is useful, because the openvpn command, which you can execute by using the prompt (Unix Shell or Windows Prompt) accepts the same parameters and has the same behavior regardless from which Operating System you use. In addition, you could use the openvpn command in a script to automatically start the VPN connection.
More precisely, we will see how to access to a VPN server builded with ZeroShell and configured with the default parameters. To obtain an OpenVPN server with the default behavior, you only need, after you have activated Zeroshell on your network, to enable the OpenVPN service by clicking on the Enabled flag in the [VPN]->[OpenVPN] section of the Zeroshell’s web interface. By default, the OpenVPN server of Zeroshell listens on the port 1194/TCP with TLS/SSL encryption and LZO compression enabled. The user authentication well be checked by using username and password credentials, but we will try the X.509 authentication as well.
For further details about the configuration of an OpenVPN server builded with ZeroShell, you can read the “An OpenVPN server using Zeroshell” how-to.

  1. Tunnelblick Mac Download 3.8.1
  2. Tunnelblick For Pc
  3. Tunnelblick Mac Catalina Download
  4. Tunnelblick Download For Windows
  5. Tunnelblick Mac Download Deutsch
  6. Tunnelblick For Mac Download
Tunnelblick

The sections in which this how-to is divided are as follows below. Keep in mind that the first section, which is related to the configuration file of OpenVPN, it is common to the other ones, because the configuration file do not depend on the GUI or Operating System that you use.

Tunnelblick Mac Download 3.8.1

The configuration file of OpenVPN

Because the large number of parameters you can define either in the configuration file or in the command line, you could configure OpenVPN in many different manners. In any case, to obtain a connection with a Zeroshell VPN server, you only need to define a small number of them in your client’s configuration file. In order to further simplify the configuration of the OpenVPN client, you could download an example of configuration file by clicking on the link OpenVPN Client configuration.The file has comments that explain the meaning of the parameters, but only 2 of them you surely need to change to obtain a VPN connection with Zeroshell:

Mac OS 10.7.5 and later versions. Step #1: Download FastestVPN TCP and UDP Config Files for Tunnelblick from here. Step #2: Download Tunnelblick for Mac from here. Step #3: Double click on the downloaded Tunnelblick App to run the installation. Step #4: The following screen will appear. Double click on “Tunnelblick”. Buy VPN For Mac. Install Tunnelblick Mac; Tunnelblick Vpn Client; Install Tunnelblick Mac. Navigate to your Downloads folder and double-click the Tunnelblick installation file you have just downloaded (it has a.dmg extension). In the window that opens, double-click on the Tunnelblick icon. A new dialogue box will pop up, asking you if you are sure you want to. Step-by-step guide to setup an OpenVPN connection on macOS Mac OS X using tunnelblick OpenVPN client softwareHow To Setup OpenVPN tunnelblick on macOS Mac OS. The Tunnelblick application is one of the alternative ways to connect to NordVPN servers on your Mac. This is a good option for those who prefer a manual connection and like tinkering with open-source software. Download Tunnelblick 3.8.5 for Mac from our software library for free. The unique identifier for this app's bundle is net.tunnelblick.tunnelblick. The application belongs to Internet & Network Tools. The actual developer of this free software for Mac is Tunnelblick team. The most popular versions of the software are 3.4, 3.3 and 3.2.

  • remote zeroshell.example.com 1194You have to replace zeroshell.example.com with the hostname or the IP address of the OpenVPN server. The Zeroshell’s default configuration requires that the OpenVPN service listens on the port 1194/TCP and therefore you must not modify the second parameter (1194).
  • ca CA.pemThe ca parameter specify a file (in PEM format), that contains the X.509 Certification Authority with which the server certificate has been signed. To get the CA’s X.509 certificate, you only need to click on the CA hyperlink in the Zeroshell’s login page. If you save the CA’s certificate with the name CA.pem in the same directory of the configuration file, the you do not need to change the parameter. Otherwise, you must specify the absolute path of the file.
    Keep in mind that certificate of the Certification Authority is required also if you do not use the X.509 client authentication but the “Only Password” authentication (Default in Zeroshell).

Notice, that you will always have to manually edit the configuration file. This is because the Graphical User Interfaces that we are going to learn do not assist you in the creation and maintenance of the OpenVPN’s configuration. They only help you to connect and disconnect the VPN, and ask for the username and password if they are required.

OpenVPN GUI for Windows

Tunnelblick Mac Download

To install OpenVPN GUI for Windows on a Microsoft Windows XP 32/64 bits, follow the steps below:

  • Download the installer from the URL https://openvpn.net/index.php/open-source/downloads.html. Choose he file that contains the GUI and the OpenVPN software already included;
  • Start with the installation. Select the default options and confirm the installation of the TAP-Win32 Adapter V8 device (it is a Virtual Ethernet interface used by OpenVPN).
    When the Installer has finished to work, the TrayBar contains the VPN icon with two red terminals and the Earth Globe symbol. Such terminals are yellow when OpenVPN is trying to establish the connection and they are green when you are finally connected with the VPN;
  • In the Windows Start Menu, click on [Start]->[All Programs]->[OpenVPN]->[OpenVPN configuration file directory]. You will be able to explore the folder:

    C:Program FilesOpenVPNconfig

    in which you must copy the files zeroshell.ovpn that contains the OpenVPN configuration and CA.pem that is the X.509 Certification Authority certificate. You can look at the previous section for details on how to obtain these files;

  • Edit the file zeroshell.ovpn and replace zeroshell.example.com with the hostname or the IP address of the OpenVPN router;
  • At this point, you have finished to install and configure the OpenVPN client and its GUI. With a double-click on the OpenVPN icon in the Tray Bar, you can try to start the VPN connection. A dialog box will appear and request you to type the username and the password to be authenticated (look at the note *). If the authentication step is successfully completed, then the VPN connection will be established and the two yellow terminals will become green.

By right-clicking on the OpenVPN icon in the Traybar appears a contextual menu with several useful options: Connect, Disconnect, Show Status, View Log, Edit Config, Proxy Settings. Particularly useful to solve connection problems is the item View Log that allows to know the reason of the failures.

If instead the VPN is connected (the two terminals are green), but you are not able to reach the remote LAN or Internet using the Virtual Private Network, then you should use the ipconfig /all command from the Windows Prompt. Here there is an example of the lines of output about the virtual Ethernet interface:

To be sure that the IP traffic is actually routed across the VPN and hence encrypted, you must check that the IP Address and the Default Gateway assigned to the TAP Virtual Interface belong to the remote LAN you are connected. To better check this condition, you could also use the tracert /d <Remote IP Address> command: if the first hop that is printed belongs to a subnet of the remote LAN then your VPN works fine and the traffic that reaches the remote site is encrypted across Internet.

Tunnelblick For Pc

Tunnelblick for Mac OS X

A Graphical User Interface for OpenVPN on Mac OS X is a package called Tunnelblick. To install this GUI, follow the steps below:

  • Download the package from the site https://tunnelblick.net. It is a disk image file which contains the GUI, the OpenVPN software, and some documentation;
  • Double-click on the .dmg file;
  • A Finder window appears on the desktop. The window contains Tunnelblick.app. Double-click it;
  • A dialog box will ask you to confirm that you wish to install Tunnelblick.app to Applications. Click the Install button;
  • A dialog box will ask if you wish to launch Tunnelblick. Click the Launch button;
  • A dialog box will ask for an administrator username/password to secure Tunnelblick. Type administrator credentials and click the OK button;
  • A dialog box will appear welcoming you to Tunnelblick. Click the Create and open configuration folder button;
  • A Finder window will open with the configuration folder. The window will contain only an alias to Tunnelblick.app. Drag the files zeroshell.ovpn and CA.pem to the window. If you don’t know how to obtain these two files, please read the section The configuration file of OpenVPN
  • Double-click on the Launch Tunnelblick alias;
  • A dialog box will appear asking if you wish to check for updates to Tunnelblick automatically. Click Check Automatically or Don’t Check, as you prefer;
  • Tunnelblick is now installed. Its icon appears near the clock. Click on the Tunnelblick icon, then select the [Details…] item;
  • Click on the Edit Configuration button in the dialog box which appears. Replace zeroshell.example.com with the hostname or the IP address of the VPN server. Save the configuration file and quit;
  • Start the VPN connection by clicking on the Tunnelblick icon near the clock and selecting the Connect ‘Zeroshell’ item;
  • A dialog box will appear asking for an administrator username/password to secure the configuration file. Type administrator credentials and click OK;
  • A dialog box will appear asking for the VPN username and password. Type the VPN username and password and click “OK” (look at the Note *). You may save them in the Keychain by putting a check in the check box.

In the case in which there are connection problems, select the item [Details…] to check the OpenVPN’s log messages.
If you want to verify that the IP address that the VPN server has assigned to you, actually belongs to the remote LAN with which you are connected, you have to open a Mac OS X Terminal and at the prompt of the shell type the command:

ifconfig tap0

the result looks like this:

The line that starts with inet show you that the VPN IP address assigned to you is 192.168.250.1 (by default Zeroshell issues IP addresses which belong to the subnet 192.168.250.0/24 with 192.168.250.254 as Default Gateway). To be sure that the IP traffic is actually routed across the VPN and hence encrypted, you must check that the IP Address and the Default Gateway assigned to the TAP Virtual Interface belong to the remote LAN you are connected. To better check this condition, you could also use the traceroute -n <Remote IP Address> command: if the first hop that is printed belongs to a subnet of the remote LAN (192.168.250.254 by default) then your VPN works fine and the traffic that reaches the remote site is encrypted across Internet.

KVpnc for Linux

KVpnc is a Linux frontend that is able to manage many type of VPN clients such as: Cisco VPN, IPSec, PPTP, OpenVPN, L2TP. It has also the SmartCard support. Obviously, in this document we will see only the installation and configuration of KVpnc related to OpenVPN. Binary packages of KVpnc exist for many Linux distributions such as the RPM for Suse and Fedora. For Ubuntu and Kubuntu (and other Debian derived distributions), you can easily install KVpnc with OpenVPN by using the commands:

sudo apt-get install openvpn
sudo apt-get install kvpnc

Notice that, unlike the other GUIs, the packages of KVpnc do not include OpenVPN, but you must install it alone. In order to make this document regardless of the Linux Distribution used, we will build and install KVpnc by compiling the source code, but if a binary package exists for your Linux distribution, you should prefer to use it without waste your time in the building process.
Because KVpnc uses the QT libraries, their presence and their include files are required in the build process. In the next steps, we will assume that the OpenVPN package is already installed. If you are not in this situation, you should read the section Build and install OpenVPN to learn to install OpenVPN.
Now we are ready to install and configure KVpnc by following the steps given bellow:

  • Download the KVpnc’s source code package from the web page https://userbase.kde.org/KVpnc. We’ll use the release 0.8.9 of KVpnc, but you should get the latest one;
  • Extract the source code by using the command:
    tar xvfj kvpnc-0.8.9.tar.bz2
  • Build and install KVpnc by following this steps:
    cd kvpnc-0.8.9
    ./configure
    make
    sudo make installFor some Linux distributions, the ./configure command could be unable to locate the QT libraries. In this case, you must find out where the include files and the libraries are located and specify the paths by adding the parameters –with-qt-includes=/usr/lib64/qt-3.3/include/ –with-qt-libraries=/usr/lib64/qt-3.3/lib/ to the ./configure. Of course, you should replace the path /usr/lib64/qt-3.3/ with the one in which the QT libraries are located in your Linux system;
  • Make the directory /etc/openvpn/ with the command sudo mkdir /etc/openvpn and copy in the new directory the files zeroshell.ovpn and CA.pem. How to obtain such files is described in the section The configuration file of OpenVPN;
  • To use KVpnc with unprivileged users the sudo command is required and the line
    ALL ALL=NOPASSWD:/usr/bin/kvpncmust be added at the end of the file /etc/sudoers (notice that you need to have administrator privileges to change this file). After that, you are able to launch the kvpnc process by using the command:
    sudo /usr/bin/kvpnc

In this manner, the kvpnc will have the root‘s privileges needed to create the tap0 Virtual Ethernet Interface and add the static routes in the Kernel routing table;

  • Import the profile that allow you to create a VPN with Zeroshell by using the following command:kvpnc –openvpnimport=/etc/openvpn/zeroshell.ovpnBy using the Profile Manager that appears, make the following configuration changes:
    • From the General options, insert in the VPN gateway field the IP address or the hostname of the VPN server;
    • From the OpenVPN options, check that the Authentication method is the SHA1 hash function and not MD5 one;

    Press [Apply] and then [Ok] on the Profile Manager. After that, save the Zeroshell profile using the [Profile]->[Save Profile…] menu item and close kvpnc interface with [File]->[Quit] menu item;

  • Start the KVpnc GUI with the command sudo /usr/bin/kvpnc and click the [Connect] button to establish the VPN connection. At this point, you are requested for the username and the password to use to authenticate your identity against the VPN server (look at the Note *).

If you want to verify that the IP address that the VPN server has assigned to you, actually belongs to the remote LAN with which you are connected, you have to open a terminal and at the prompt of the shell type the command:

ifconfig tap0

the result looks like this:

The line that starts with inet show you that the VPN IP address assigned to you is 192.168.250.50 (by default Zeroshell issues IP addresses which belong to the subnet 192.168.250.0/24 with 192.168.250.254 as Default Gateway). To be sure that the IP traffic is actually routed across the VPN and hence encrypted, you must check that the IP Address and the Default Gateway assigned to the TAP Virtual Interface belong to the remote LAN you are connected. To better check this condition, you could also use the traceroute -n <Remote IP Address> command: if the first hop that is printed belongs to a subnet of the remote LAN (192.168.250.254 by default) then your VPN works fine and the traffic that reaches the remote site is encrypted across Internet.

OpenVPN for Windows Mobile on Pocket PC

OpenVPN for Pocket PC is still an Alpha release, but it worked fine during the test on Microsoft Windows Mobile v5.0 installed on a PDA i-Mate JASJAR (equivalent to a HTC Universal Qtek 9000). Before seeing how to install and configure this software, notice that you will have to manually modify the OpenVPN configuration file and therefore you should use Microsoft ActiveSync for editing from your Personal Computer. Another solution could be to install on your PPC the Total Commander CE that is a Freeware File Manager for Pocket PC, available at the URL http://www.ghisler.com/pocketpc.htm. This filemanager includes an Editor which allows you to edit the OpenVPN configuration file directly from your Palm Device.
Now, follow the steps below to install OpenVPN for Windows Mobile on your Pocket PC:

  • Download the OpenVPN for Pocket PC from the site http://ovpnppc.ziggurat29.com/ovpnppc-main.htm. There are two type of file: the .exe format that you can install from your Personal Computer connected to the PPC with ActiveSync; the .cab format that you can directly install on your Pocket PC. Pick the package in the format that you prefer and install it.
  • Supposing that you have installed OpenVPN for Pocket PC in the directory Program FilesOpenVPN of the device’s memory, copy the files zeroshell.ovpn and CA.pem in the folder Program FilesOpenVPNconfig. To know how to obtain these two files, read the section The configuration file of OpenVPN;
  • Edit the configuration file Program FilesOpenVPNconfigzeroshell.ovpn to connect to your OpenVPN server:
    • Replace zeroshell.example.com with the IP address or the hostname of the OpenVPN server;
    • Replace CA.pem with the path of the file that contains the Certification Authority. In your case the path is:ca “Program FilesOpenVPNconfigCA.pem”Notice the double quotes and the double backslashes that are requested by the syntax of this parameter;
  • Click on the icon of OpenVPN and from the submenu [Start from Config.] select zeroshell. At this point you are requested for the Username and Password (look at the Note *). If the client is authenticated against the server, the VPN connection is established.

Tunnelblick Mac Catalina Download

If you have connection problems, check the log file Program FilesOpenVPNlogzeroshell.log. Finally, to verify that the traffic is actually routed and encrypted in the VPN you need to perform a traceroute operation at a remote host: if the first hop that is reported belongs to the remote LAN (by default the VPN box has the IP 192.168.250.254), you are sure that the VPN works as you expect. Windows Mobile has not a traceroute utility and therefore you need to install one. A free software to make network debugging is ceNetTools with which you are able to make the traceroute, the ping and whois operations.

Tunnelblick Download For Windows

The command line of OpenVPN

If the system you are using has not a Graphical User Interface for OpenVPN, you have to use the OpenVPN’s command line. This can also be used in the case in which you want to automatically start the VPN by using the startup scripts. By typing the command man openvpn from a Unix shell, the OpenVPN’s manual page will be displayed. A great number of parameters are available to directly use in the command line prefixed by two consecutive hyphens (–). The same parameters (not prefixed by –) can also be specified in the configuration file. Except for a few cases, it is better to specify the parameters in a configuration file rather than having them in a too long and heavy to read command line.
This section does not examine the parameters because they are already listed and described in the manual page of OpenVPN, but it only describe how to establish a VPN with a Zeroshell OpenVPN server by using the command line:

  • Put the files zeroshell.ovpn and CA.pem in a same directory (suppose /etc/openvpn/). For details about how to obtain these files, read the section The configuration file of OpenVPN;
  • Edit the configuration file zeroshell.ovpn replacing zeroshell.example.com with the IP address or hostname of the VPN server;
  • Change the current directory to /etc/openvpn/ and exec (with root privileges) the command:openvpn –config zeroshell.ovpnAt this point, you are requested for the Username and the Password (look at the Note *). If the client is authenticated against the server, the VPN connection is established.

Build and install OpenVPN

For the most operating system in which OpenVPN works, binary packages already compiled exist. Anyway, sometimes, above all for some Linux Distributions, you could need to build OpenVPN by starting with the source code. Below, it is described how to build OpenVPN:

  • Download the OpenVPN’s source code from the site http://openvpn.net. Pick the latest stable release that is available (suppose the release 2.0.9 in the rest of this document);
  • Extract the files which are stored in the zipped archive that you have downloaded by using the tar command in the following manner:
    tar xvfz openvpn-2.0.9.tar.gz
  • Change the current directory to openvpn-2.0.9 with the command:
    cd openvpn-2.0.9
  • Check the system and produce the Makefiles by using the following command:
    ./configure –prefix=/usrIf the ./configure procedure claims that the lzo libraries and headers are not found in the system, install the lzo compression software as follows below:
  • Download the source package of LZO from the site http://www.oberhumer.com/ and extract its content with the command:
    tar xvfz lzo-2.02.tar.gz
  • Change the current directory to lzo-2.02 and install the LZO software with the commands:
    • ./configure
    • make
    • make install (This command needs to be executed with root privileges to write in /usr)

    Once installed the lzo libraries and headers, came back to the directory openvpn-2.0.9 and launch again the command
    ./configure –prefix=/usr

  • Compile the source code with the Makefiles you have just created by using the command:
    make
  • Install the binary program openvpn and its manual pages with the command:
    make installBecause the files will be written below the system directory /usr, the last command must be executed with root privileges.

Tunnelblick Mac Download Deutsch

Notes

Tunnelblick For Mac Download

(*) The manner in which the users are authenticated depend on the OpenVPN server configuration. Zeroshell supports a multi-domain authentication system in which you have to configure the authentication source which can be a Kerberos 5 KDC (local, external and trusted) or an external RADIUS server. One of these authentication domains is set to be the default domain. The users of the default domain do not need to specify the username in the form of username@domain (ex. fulvio@example.com). Notice that the domain name is not case sensitive, because if the domain is configured to be a Kerberos V realm, it is automatically converted to uppercase.

On This Page
Release Downloads
Verifying Downloads
User Contributions
Download Integrity
Downloading and Installing on macOS Mojave and Higher

Release Downloads

To be notified of new releases, use Tunnelblick's built-in update mechanism or subscribe to the Tunnelblick Announce Mailing List.

Beta versions are suitable for many users. See Stable vs. Beta for details.

As a Free Software project, Tunnelblick puts its users first. There are no ads, no affiliate marketers, no tracking — we don't even keep logs of your IP address or other information. We just supply open technology for fast, easy, private, and secure control of VPNs.

BetaTunnelblick 3.8.7beta02(build 5730, macOS 10.10+, Universal, notarized) released 2021-09-01 Release Notes
SHA1: a3af1397bc94525eb4958df14117deb7b13f4924 MD5: 4ce17de0b11555956161e318dc6596fb
SHA256: f5d38cb9608fac0f60df777f3dcfcfc4a33a6a4df04a48d3bef6713160356d5b
GnuPG v2 signature
StableTunnelblick 3.8.6a(build 5711, macOS 10.10+, Universal, notarized) released 2021-09-01 Release Notes
SHA1: a5ac61e13d312ae22723b47b57fc4c394d35d3ec MD5: d2eaf7966bf6910e473e233059188cf8
SHA256: 636c52eaba89a0fc7549160892fabb62f4d11bb34d959872f2c0ab93765e0835
GnuPG v2 signature
OlderSee the Deprecated Downloads page. Includes versions for earlier versions of macOS and OS X.
UninstallerThe Tunnelblick Uninstaller has been replaced by an 'Uninstall' button on the 'Utilities' panel of Tunnelblick's 'VPN Details' window as of Tunnelblick 3.8.5beta02.
Please read Uninstalling Tunnelblick before using Tunnelblick Uninstaller.
Tunnelblick Uninstaller 1.12(build 5090, macOS and OS X 10.7.5+, Intel-64 only, works on M1 using Rosetta) released 2018-06-26 Release Notes
SHA1: c4503360e032877e1ab0c2742872250c646ba983 MD5: 0b8c3f0898ca88f4bbe90fe61271d7ab
SHA256: 62b528da3212fd78146c6bcf03d88f4f8653845068b61f4f62029a3af791ef42
GnuPG v2 signature

Verifying Downloads

You should verify all downloads. Even though https:, the .dmg format, and the application's macOS digital signature provide some protection, they can be circumvented.

Verifying Hashes

Comparing the SHA256, SHA1, and MD5 hashes of your downloaded file with the official published ones will provide additional assurance that the download is legitimate and has not been modified. You can compare the hashes with programs included with macOS without the need to install additional software.

To compute the hashes of a file you've downloaded, type the following into /Applications/Utilities/Terminal:

shasum -a 256path-to-the-file
openssl sha1path-to-the-file
openssl md5path-to-the-file

Then compare the computed hashes with the values shown near the link for the downloaded file.

(Don't type 'path-to-the-file' — type the path to the file, that is, the sequence of folders that contain the file plus the file name (e.g. /Users/janedoe/Desktop/Tunnelblick_3.7.2a_build_4851.dmg). An easy way to get it into Terminal is to drag/drop the file anywhere in the Terminal window. The pointer will turn into a green and white plus sign ('+') to indicate the path will be dropped. So you would type 'shasum -a 256 ' — with a space after the '256' — and then drag/drop the disk image file anywhere in the Terminal window.)

For additional assurance that the hashes displayed on this site have not been compromised, the hashes are also available in the description of each 'Release' on Tunnelblick's GitHub site, which is hosted and administered separately from this site.

Verifying GnuPG Signatures

Recent Tunnelblick disk images are also signed with GnuPG version 2.

To prepare for verifying signatures, you should download and install GnuPG 2.2.3 or higher, and then add the Tunnelblick Security GnuPG public key (key ID 6BB9367E, fingerprint 76DF 975A 1C56 4277 4FB0 9868 FF5F D80E 6BB9 367E) to your trusted GnuPG keyring by typing the following into /Applications/Utilities/Terminal:

gpg --import TunnelblickSecurityPublicKey.asc.

To verify the signature of a file, download the corresponding signature file and then type the following into /Applications/Utilities/Terminal:

gpg --verify path-to-the-signature-filepath-to-the-disk-image-file

The result should be similar to the following:

gpg: Signature made Sat Dec 16 19:17:03 2017 EST
gpg: using RSA key B4D96F0D6A58E335A0F4923A2FF3A2B2DC6FD12C
gpg: Good signature from 'Tunnelblick Security <tunnelblicksecurity@protonmail.com>' [ultimate]

User Contributions

These downloads have been contributed by users and usually help deal with special circumstances. They are not endorsed or checked by the Tunnelblick project, and you use them at your own risk. To contribute a download, send it to the developers or post it on the Tunnelblick Discussion Group.

Before using these scripts, please read Tunnelblick and VPNs: Privacy and Security. (Actually, everyone using a VPN should read that!)

Note: these scripts are executed as root.Instructions for using scripts.

Scripts to Unload Cisco Tun Kext: user-contributed-001-pre-post.zip
SHA1: d3b09a2284de2862be7d55059581a85698930b28 MD5: f6f484864697607ee5c7206a5b056b12
Contributed by 'petiepooo'.
These scripts unload the Cisco AnyConnect tun kext before a Tunnelblick connection is started, and reload the Cisco tun kext after a Tunnelblick connection is stopped. (The Cisco kext interferes with Tunnelblick's operation of tun connections.)
Scripts to Mount/Unmount a Volume: user-contributed-002-mount-unmount-volume.zip
SHA1: eb69727620fa8c46633d9ccf9f86c4b258fea7e6 MD5: 5b3b04bea43403b2a709aaa4c92d7473
Contributed by John Griffis.
These scripts mount a volume after a configuration is connected and unmount it when the configuration is disconnected. Scripts must be edited before use (in any plain-text editor) to specify details of the volume to be connected. For a note about connecting to a CIFS account, see this discussion.
Scripts to Monitor Connection Time and Bandwidth Use: user-contributed-003-monitor-uptime-and-bandwidth.zip
SHA1: 384b370967e722eacb2f3a782e8c326d87174003 MD5: 2c23ed5c31a1238843fb5ea36fd5dd74
Contributed by 'vkapovit'.
These scripts provide a mechanism for the user to be alerted when the VPN has been up for more than 20 minutes or when bandwidth has exceeded 100MB. See this discussion for details. Requires Growl.
Includes compiled binaries; use at your own risk.
Scripts to Launch and Kill a Program: user-contributed-004-launch-kill-program.zip
SHA1: 977aa7cc55f3e191b50057fe766c426af01808eb MD5: beccc55286b398fe0a8bcb798e25a883
Contributed by 'anonymous'.
These scripts cause a program to be launched when a VPN is connected and then killed when the VPN is disconnected. It can be used with a torrent program, for example, so that the program is only active when the VPN is connected.
Note that there may be a short time after the VPN has been disconnected before the program is killed.

Download Integrity

In June 2015 there was much discussion (and outrage) about SourceForge providing downloads that contain unwanted or malicious software; SourceForge has changed their policies to help avoid this. Tunnelblick binaries were hosted on SourceForge from the fall of 2013, when Google Code stopped hosting new binaries, until 2015-07-17, when they were moved from SourceForge to GitHub.

Tunnelblick protects against unwanted software insertions by publishing the SHA1 and MD5 hashes for each of our downloads. You should verify the hashes of all Tunnelblick downloads by following the instructions above.

Additional safeguards automatically protect updates performed by Tunnelblick's built-in update mechanism:

  • Updates are controlled by tunnelblick.net and all update data is transported via https:
  • Update downloads contain digital signatures to verify they have not been modified. (This is in addition to the macOS digital signature of the Tunnelblick application itself.) See Digital Signatures.

Downloading and Installing on macOS Mojave and Higher

When you install any application, including Tunnelblick, after it has been downloaded normally, macOS Mojave and higher send information to Apple (they 'phone home'). macOS Catalina and higher also 'phone home' each time you launch any application, including Tunnelblick.

These behaviors are considered by some to be a violation of privacy.

You can avoid these behaviors, but you will be disabling security checks which macOS would normally do on a downloaded program, including checks that the program is correctly notarized and has been found to not contain malware.

To avoid having macOS Mojave and higher 'phone home' when you install Tunnelblick, you can do the following to download Tunnelblick to your Desktop:

  1. Open the Terminal application located in /Applications/Utilities.
  2. Type (or copy/paste) 'curl --output ~/Desktop/Tunnelblick.dmg --location ' into Terminal without the quotation marks (the space after '--location' is important).
  3. In your browser, instead of clicking on the link to download Tunnelblick, Control-click the link and select 'Copy Link' (Safari), 'Copy Link Location' (Firefox), or 'Copy Link Address' (Chrome).
  4. Click in the Terminal window to select it for input, then Paste (Command-V). A URL starting with https://tunnelblick.net/release/ should appear after the '.dmg '.
  5. Press the enter/return key on the keyboard.
  6. You will see two or more progress bars showing the timing of downloads [1].
  7. Verify the download.
  8. Double-click the downloaded Tunnelblick disk image file on your Desktop to open the Tunnelblick disk image, then double-click the Tunnelblick icon in the window that appears to install Tunnelblick.

This will download the file to your Desktop without the flag that indicates the file was downloaded from the Internet. When that flag is present, macOS Mojave and higher 'phone home' when the downloaded file is double-clicked to install it; when the flag is not present, macOS Mojave doesn't.

To avoid having macOS Catalina and higher 'phone home' when you launch Tunnelblick (or other applications), see How to run apps in private.

[1] Tunnelblick downloads are redirected from the tunnelblick.net website to GitHub, which may redirect them further. Typically one or more tiny downloads (a few hundred bytes each) provide information about the redirection, and the final larger download is the desired file.