Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

[ARCHIVE] HOWTO: Mac/OSX connects via Tunnelblick

Looking for a bit more than customer support, and want to learn more about what cryptostorm is , what we've been announcing lately, and how the cryptostorm network makes the magic? This is a great place to start, so make yourself at home!
User avatar

Topic Author
cryptostorm_support
ForumHelper
Posts: 296
Joined: Sat Jan 26, 2013 4:31 am
Contact:

[ARCHIVE] HOWTO: Mac/OSX connects via Tunnelblick

Postby cryptostorm_support » Sun Oct 20, 2013 2:06 am

Here's a placeholder "how to connect to cryptostorm with Tunnelblick" guide in .pdf form, until this thread is updated to reflect the most current information:

Cryptostorm Mac Connection Guide.pdf
(273.89 KiB) Downloaded 763 times


...and here's a hot-off-the-presses version 1.4 "dynamic" loadbalancer configuration file specifically optimised for the Mac/OSX Tunnelblick framework:
cstorm_mac_dynamic_1-4.ovpn
(5.38 KiB) Downloaded 622 times


Finally, here's a pre-packaged Tunnelblick setup file that includes the 1.4 config in an easier-to-install wrapper (saved here as a .zip; unzip it after download):
Balancer_1_4.tblk.zip
(4.37 KiB) Downloaded 501 times

If using the Balancer_4_1.tblk file immediately above, you can skip steps 2a-2d (but not 2e) from the instructions in the above pdf
cryptostorm_support shared support team forum account
PLEASE DON'T SEND PRIVATE MESSAGES with support questions!
--> feel free to use any of our other contact channels, or post in the support forum
cryptostorm: structurally anonymous, token-based, unlimited ☂ bandwidth, opensource, darknet data security for everyone!
keybase.io validatorsonename.io validatorsPGP key @ MITnetwork statuscryptostorm github
support team bitmessage address: BM-2cTMH8K5JnjbfSALjZtSkRWCLfc3Tr8GBV
support team email: support@cryptostorm.is
live chat support: #cryptostorm

User avatar

Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:

Mac tools for OpenVPN connections

Postby Pattern_Juggled » Sun Oct 20, 2013 3:36 am

klee wrote:Just found this:

https://code.google.com/p/tunnelblick/

Will it do the trick?


I think most Mac folks use Tunnelblick, or so I've heard over the years. What I don't know is if it's possible to run OpenVPN from the console via repositories on that platform. In fact, do they even have repositories?

Yes, I'm sadly ignorant when it comes to the iWorld and it's shiny, happy parts - someday it's a weakness I do hope to rectify.

Cheers,
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

    ✨ ✨ ✨
pj@ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github
bitmessage:
BM-NBBqTcefbdgjCyQpAKFGKw9udBZzDr7f


vibert
Posts: 9
Joined: Wed Sep 04, 2013 2:14 pm

Re: Mac tools for OpenVPN connections

Postby vibert » Sun Oct 20, 2013 3:54 am

Pattern_Juggled wrote:
klee wrote:Just found this:

https://code.google.com/p/tunnelblick/

Will it do the trick?


I think most Mac folks use Tunnelblick, or so I've heard over the years. What I don't know is if it's possible to run OpenVPN from the console via repositories on that platform. In fact, do they even have repositories?



There is a project called Macports that is in fact a package management system for Mac OS X with repositories. There is an OpenVPN package but I am not sure how it works.

User avatar

cryptostorm_team
ForumHelper
Posts: 159
Joined: Sat Mar 02, 2013 12:12 am

tunnelblick

Postby cryptostorm_team » Sun Oct 20, 2013 2:59 pm

We've got some folks on twitter experimenting with Tunnelblick as a client option, & we'll post those results here if they bear fruit.

Again, a reminder: our network access widget is almost ready to release into production, and it automates pretty much all of this fiddly stuff. So if you look at this thread, and think "oh man, that sounds like a pain in the ass" - no worries! These posts here regarding "direct" OpenVPN-based client connections are very much in the spirit of experimentation, and aren't something network members will need to do to gain access. That's what the widget is for.

(also, to be clear, confirming that a wide range of opensource, OpenVPN-based client applications can successfully connect to our darknet partially validates the statement that we're running standards-based OpenVPN libraries on the server side as well; this is far from a perfect theoretical validation and it'd be possible to backdoor the backend even with these front-side connects if someone were motivated to do so... but the fact that standard OpenVPN clients can connect to our exit node topology should give some degree of confidence that we're not deploying some hideous, homebrewed application to manage the guts of the cryptographic process itself)

    ~ cryptostorm_team
cryptostorm_team - a shared, team-wide forum account (not a person)
PLEASE DON'T SEND PRIVATE MESSAGES to this account, as we can't guarantee quick replies!
--> feel free to use any of our other contact channels, or post in the support forum
cryptostorm: structurally anonymous, token-based, unlimited ☂ bandwidth, opensource, darknet data security for everyone!
keybase.io validatorsonename.io validatorsPGP key @ MITnetwork statuscryptostorm github
support team bitmessage address: BM-2cTMH8K5JnjbfSALjZtSkRWCLfc3Tr8GBV
support team email: support@cryptostorm.is
live chat support: #cryptostorm

User avatar

Baneki
Posts: 49
Joined: Wed Jan 16, 2013 6:22 pm
Contact:

wireshark

Postby Baneki » Sun Oct 20, 2013 3:06 pm

cryptostorm_team wrote:(also, to be clear, confirming that a wide range of opensource, OpenVPN-based client applications can successfully connect to our darknet partially validates the statement that we're running standards-based OpenVPN libraries on the server side as well; this is far from a perfect theoretical validation and it'd be possible to backdoor the backend even with these front-side connects if someone were motivated to do so... but the fact that standard OpenVPN clients can connect to our exit node topology should give some degree of confidence that we're not deploying some hideous, homebrewed application to manage the guts of the cryptographic process itself)


...or, one can simply run the pcaps from the physical network adapter thru wireshark's handy OpenVPN dissector & confirm the protocol-level artefacts in the packet headers. It'd be possible to fake this via some seriously methodical protocol obfuscation techniques... but an awful lot of work to make it fool wireshark consistently.
openvpn_sample_traffic.png

(image source)


Wireshark is our friend, always.

User avatar

Mousy
Posts: 18
Joined: Thu Oct 31, 2013 5:12 pm

Re: HOWTO: Mac connects | Tunnelblick

Postby Mousy » Thu Oct 31, 2013 6:01 pm

Hello,

I'm having absolutely no luck getting Tunnelblick to connect on Mac OSx 10.8, running version 3.3 of Tunnelblick.

I can create configurations file which then gets imported easily each time, but after I've put in the username and password crime prompted for my administrator password because the client wants to create a shadow version of the configurations file. And that's as far as it goes, it just won't connect at all.

Completely uninstalled the application and tried the previous version and the beta version, but all to no effect; if anyone's had any luck getting this to work then I'd be interested to find out how.

However, I've been very successfully connected to the network using the client called Viscosity for over a week now. Unfortunately it is a paid application but it is definitely worth the money as far as I'm concerned.

Again, I would definitely be interested to find out how to get Tunnelblick to work!
    Key ID: 0x75DA8C34764DD484
    Key Fingerprint: 5FD9 DF85 ED14 0D6E 5F20 6B20 75DA 8C34 764D D484
    Download My PGP Key.

Mahatma Gandhi wrote:First they ignore you, then they laugh at you, then they fight you and then you win.

User avatar

Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:

Re: HOWTO: Mac connects | Tunnelblick

Postby Pattern_Juggled » Thu Oct 31, 2013 6:28 pm

Mousy wrote:However, I've been very successfully connected to the network using the client called Viscosity for over a week now. Unfortunately it is a paid application but it is definitely worth the money as far as I'm concerned.


Yah, there's a separate howto thread here for Viscosity, but the thread is pretty much just "install Viscosity and it works." Not much howto needed, apparently!

The downside is, afaik, that Viscosity is closed-source so there's no way to verify it's doing what it says it's doing. The upside, I guess, is that it does seem to be making connections with cryptostorm - and the cryptostorm server-side parameters won't allow obviously malformed network connection attempts to get established at all.

Again, I would definitely be interested to find out how to get Tunnelblick to work!


Agreed 100%!

Ok two points here:

    1. The network access widget we've been working on getting ready for public testing... kind of working on it for many months, in fact... is architected to be cross-platform (it's mostly Perl, with Tkl-ish stuff to do GUI painting and whatnot) with only minor UI-layer tweaks, some routing-table add/flush syntax, recompile, and bundle into an installer needed for each different platform. Which translates into: we'll have a Mac-specific "client application" (we call it a "network access widget") shortly. That means there's no need for anyone to fiddle with Tunnelblick unless they want to, prefer it as their Mac client, or whatnot.

    2. Tunnelblick has, in my experience at least, a well-earned reputation for being... twitchy. So I'm not surprised to see it being fiddly here - although, to be clear, I'm not involved in the client-side work at all and my skills there are even lower than in other areas of the architecture! It's just that, over the years, there always seems to be problems with Tunnelblick; it just sounds like it's... nonstandard, in some way. But that's a layman's opinion, to be clear.

Has anyone checked to confirm that the build of OpenVPN that's wrapped by Tunnelblick is current, i.e. 2.3.2x? If it's some old build, especially 2.1, it'll fail to provide hooks for required cipher suites to connect with cryptostorm. That's not a bug, it's a feature - we require a baseline cipher framework to ensure the connections are competently secured, and not just "security theatre" that's easy for a motivated attacker to break with known, confirmed exploits.

Also, we've seen problems with handling of username length in other platforms already (which we've resolved, one by one). The SHA512 hashed version of the token that's passed up to the network as "username" is 128 bytes long. Some builds of OpenVPN will accept exactly 128 bytes of data for username field length... but then tack on a final /null character (per C specification, which is the source language of choice here) which actually makes 129 bytes post-compile. Which can break things. We've fixed those issues up and down the connection chain, including many (many) recompiles of server-side OpenVPN to hunt down all the undocumented instances of this hard-coded constraint in the main for source (yes, we're going to re-commit them back into the fork in due course).

This is really easy to test, for our client app development team, by feeding in specially-truncated SHA'd values to see if that resolves the auth problem. I believe they did that with some of the Android builds last week, with success. So if that's something one of the testers working on this thread is comfortable with, Graze is your go-to guy to see if we can set up some A/B test scenarios and nail this down.

I do think it's worth working through the Tunnelblick stuff, even if (hypothetically) not many folks end up using it as their Mac client of choice. It's a well-established, widely-distributed Mac OpenVPN client - and figuring out what's going on might well be expected to yield additional benefits elsewhere in the overall systems topology. Bug-hunts often end up paying unexpected dividends in unexpected areas, in this old geek's experience anyhow.

Thanks again for the excellent testing assistance!
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

    ✨ ✨ ✨
pj@ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github
bitmessage:
BM-NBBqTcefbdgjCyQpAKFGKw9udBZzDr7f


Newb

Re: HOWTO: Mac connects | Tunnelblick

Postby Newb » Thu Oct 31, 2013 6:49 pm

Hello from Twitter,

Signed on to help you guys figure this out. Problem I'm having right off the bat is that after following the directions to plug the token into the sha512 calculator, I get the hash. I plug hash into Tunnelblick as the username and leave the pw blank. Well, tunnelblick doesn't like that. Requires a pw.

I tried putting the hash as both the username and pw, and no dice. Single space, no dice.


cryptostorm_ops
ForumHelper
Posts: 104
Joined: Wed Jan 16, 2013 9:20 pm
Contact:

Re: HOWTO: Mac connects | Tunnelblick

Postby cryptostorm_ops » Thu Oct 31, 2013 6:57 pm

In the current server-side auth framework, it's possible to put anything whatsoever in the 'password' field as it's entirely vestigial & not part of our authentication methodology. A blank field is fine, "password" is fine, etc.

So, if there's still an auth fail happening with Tunnelblick, it's most assuredly not a result of "password" mismatch - that field isn't even passed out of the OpenVPN process, server-side, to the auth scripts themselves...

As was mentioned previously, this may be another instance of the "exceeds 128 byte fieldlength" issue regarding username. We're looking into it.

User avatar

Mousy
Posts: 18
Joined: Thu Oct 31, 2013 5:12 pm

Re: HOWTO: Mac connects | Tunnelblick

Postby Mousy » Thu Oct 31, 2013 7:44 pm

I definitely agree that it's not optimum that Viscosity is closed source, and therefore not verifiably kosher; but again we come back to that old chestnut Security vs Convenience, you just download the application, plug in your details and you're off to the Encrypted Tunnel Races™.

As for Tunnelblick, I've tried as many different permutations of username and password as I can think of (even Ilovecryptostorm as the password doesn't work!) and still no joy. And now that I come to think of it, it was this flakiness that made me switch to Viscosity in the first place.

The Network Access Widget being cross-platform is an excellent way to go, will certainly make supporting all of the different platforms much easier IMO.

Cheers

M
    Key ID: 0x75DA8C34764DD484
    Key Fingerprint: 5FD9 DF85 ED14 0D6E 5F20 6B20 75DA 8C34 764D D484
    Download My PGP Key.

Mahatma Gandhi wrote:First they ignore you, then they laugh at you, then they fight you and then you win.

User avatar

cryptostorm_team
ForumHelper
Posts: 159
Joined: Sat Mar 02, 2013 12:12 am

confirmed successful Tunnelblick connects?

Postby cryptostorm_team » Sun Nov 03, 2013 2:11 pm

We're hearing unofficial reports that beta testers are successfully using Tunnelblick for cryptostorm network sessions - but haven't been able to convince any of them to post their "howto" here for the simple fact that they claim it's a non-issue: it just works.

But, given the earlier issues as noted in this thread and some feedback we've received via other comms channels that Tunnelblick has been difficult during the beta test, we're not going to confirm things are working until we get at least a couple of beta testers to let us know directly that the process is successful.

Anyone out there: do we have confirmed Tunnelblick-mediate cryptostorm connections? If so, did it require any particular tricks to get things settled, or is it all fairly routine?

It may be that the network-side updates Graze did along with several beta testers, in the Android client setup, also resolved a similar Tunnelblick issue... but that's purely an hypothesis at this point.

Thanks in advance for any reports you can provide!

    ~ cryptostorm_team
cryptostorm_team - a shared, team-wide forum account (not a person)
PLEASE DON'T SEND PRIVATE MESSAGES to this account, as we can't guarantee quick replies!
--> feel free to use any of our other contact channels, or post in the support forum
cryptostorm: structurally anonymous, token-based, unlimited ☂ bandwidth, opensource, darknet data security for everyone!
keybase.io validatorsonename.io validatorsPGP key @ MITnetwork statuscryptostorm github
support team bitmessage address: BM-2cTMH8K5JnjbfSALjZtSkRWCLfc3Tr8GBV
support team email: support@cryptostorm.is
live chat support: #cryptostorm


Guest

Re: HOWTO: Mac connects | Tunnelblick

Postby Guest » Mon Nov 04, 2013 1:52 am

The first thing I checked is what version of OpenVPN it was using. I am happy to report that it is 2.3.2 as of June 2013(TB 3.3beta54). The latest stable includes these updates and the latest beta (needed for 10.9)

Here is my how-to, written while setting it up for the first time on 10.9:
  1. Download TunnelBlick (Beta)
  2. Open .dmg, double click the TunnelBlick icon, click Open when the security warning appears, enter your password.
  3. TunnelBlick will launch a setup wizard, click that you HAVE configuration files, select OpenVPN configurations.
  4. Download the config file, save it to the folder called 'Empty Tunnelblick VPN Configuration' on your desktop.
  5. Rename the folder to whatever you want the connection to be called and add .tblk to the end of the folder name. You will be asked if you want to add the extension, hit add. I decided to keep mine called 'Empty Tunnelblick VPN Configuration' because it is my only connection and I want to appear innocuous and as clueless as possible should my computer be stolen from me.
  6. Double-click the now renamed folder.
  7. Tunnelblick will ask you if you want it to check for public IP address changes. I went with yes.
  8. It will ask if you want the configuration available to all users, I selected 'Only Me' and then entered my MacOS Password to allow it to write the files.
  9. Since this is my first time running TunnelBlick, I am asked if I want it to check for updates. I uncheck the option to include the system profile and tell it to check automatically. (If you have read my other guide, you may be asking why. Remember, we are already running MacOS. The most dangerous activity you should be participating in on this OS should involve torrents.)
  10. I now have a little upside down U between Spotlight and the Notification center icons. Click that and click Connect WHAT_YOU_NAMED_THE_FOLDER_EARLIER_HERE
  11. You will be prompted for a username and password. Paste in the (lowercase) SHA512 hash of your token for the username. Enter gibberish/random letters for the password. (I chose to 'Save in Keychain' because the worst case scenario is that someone steals your access token. Who cares?)
  12. You will then be prompted for your MacOS password, you will enter it and then nothing will happen. You need to change some settings.
  13. Click the upside-down U, click VPN settings. Where it says OpenVPN version, change that to 2.3.2
  14. Change Alert Sounds|Unexpected disconnection to Speak. I did this so it will be obvious when it happens.
  15. Click Advanced...|While Connected|Check 'Route All Traffic Through VPN', close the window.
  16. Click Connect, enjoy your OpenVPN secured connection.


Lignus
Posts: 33
Joined: Sat Nov 02, 2013 1:26 am

Re: HOWTO: Mac connects | Tunnelblick

Postby Lignus » Mon Nov 04, 2013 1:53 am

The first thing I checked is what version of OpenVPN it was using. I am happy to report that it is 2.3.2 as of June 2013(TB 3.3beta54). The latest stable includes these updates and the latest beta (needed for 10.9)

Here is my how-to, written while setting it up for the first time on 10.9:
  1. Download TunnelBlick (Beta)
  2. Open .dmg, double click the TunnelBlick icon, click Open when the security warning appears, enter your password.
  3. TunnelBlick will launch a setup wizard, click that you HAVE configuration files, select OpenVPN configurations.
  4. Download the config file, save it to the folder called 'Empty Tunnelblick VPN Configuration' on your desktop.
  5. Rename the folder to whatever you want the connection to be called and add .tblk to the end of the folder name. You will be asked if you want to add the extension, hit add. I decided to keep mine called 'Empty Tunnelblick VPN Configuration' because it is my only connection and I want to appear innocuous and as clueless as possible should my computer be stolen from me.
  6. Double-click the now renamed folder.
  7. Tunnelblick will ask you if you want it to check for public IP address changes. I went with yes.
  8. It will ask if you want the configuration available to all users, I selected 'Only Me' and then entered my MacOS Password to allow it to write the files.
  9. Since this is my first time running TunnelBlick, I am asked if I want it to check for updates. I uncheck the option to include the system profile and tell it to check automatically. (If you have read my other guide, you may be asking why. Remember, we are already running MacOS. The most dangerous activity you should be participating in on this OS should involve torrents.)
  10. I now have a little upside down U between Spotlight and the Notification center icons. Click that and click Connect WHAT_YOU_NAMED_THE_FOLDER_EARLIER_HERE
  11. You will be prompted for a username and password. Paste in the (lowercase) SHA512 hash of your token for the username. Enter gibberish/random letters for the password. (I chose to 'Save in Keychain' because the worst case scenario is that someone steals your access token. Who cares?)
  12. You will then be prompted for your MacOS password, you will enter it and then nothing will happen. You need to change some settings.
  13. Click the upside-down U, click VPN settings. Where it says OpenVPN version, change that to 2.3.2
  14. Change Alert Sounds|Unexpected disconnection to Speak. I did this so it will be obvious when it happens.
  15. Click Advanced...|While Connected|Check 'Route All Traffic Through VPN', close the window.
  16. Click Connect, enjoy your OpenVPN secured connection.


Edit: I am happy to report that the VPN overhead appears to be less than 15%.

User avatar

Mousy
Posts: 18
Joined: Thu Oct 31, 2013 5:12 pm

Re: HOWTO: Mac connects | Tunnelblick

Postby Mousy » Sat Nov 09, 2013 4:31 pm

Hi,

Just that I would post a quick update just in case anyone is still struggling. I had everything set up and working very easily with Viscosity version 1.4.6, but as easy as it is to use, the fact that it's closed source software brought me out in a strange rash in a place I'm not willing to discuss, so I persevered with Tunnelblick.

But nothing I tried made any difference, until I noticed this little gem from Lingus:

Lingus wrote:Click the upside-down U, click VPN settings. Where it says OpenVPN version, change that to 2.3.2

And that's it, I'm in! Secure mode activated, Captain. Close blast doors, and activate defence grid!

*ahem* (Sorry, been watching a little bit too much Babylon 5 recently!)

For anybody else needing this information, I'm using:

    Key ID: 0x75DA8C34764DD484
    Key Fingerprint: 5FD9 DF85 ED14 0D6E 5F20 6B20 75DA 8C34 764D D484
    Download My PGP Key.

Mahatma Gandhi wrote:First they ignore you, then they laugh at you, then they fight you and then you win.


cryptodunce

Re: HOWTO: Mac connects | Tunnelblick

Postby cryptodunce » Sun Nov 10, 2013 8:26 am

Hmm... glad to see some progress is being made. Still not working for me unfortunately :( I'll keep trying.

User avatar

Mousy
Posts: 18
Joined: Thu Oct 31, 2013 5:12 pm

Re: HOWTO: Mac connects | Tunnelblick

Postby Mousy » Sun Nov 10, 2013 9:56 pm

Unfortunately I seem to have lost access to the VPN entirely, whether I'm using viscosity or Tunnelblick.

I've changed nothing in either of my clients, but for some reason about an hour ago I lost connection entirely; is anybody else having the same problem?
    Key ID: 0x75DA8C34764DD484
    Key Fingerprint: 5FD9 DF85 ED14 0D6E 5F20 6B20 75DA 8C34 764D D484
    Download My PGP Key.

Mahatma Gandhi wrote:First they ignore you, then they laugh at you, then they fight you and then you win.


Guest

Re: HOWTO: Mac connects | Tunnelblick

Postby Guest » Sun Nov 10, 2013 11:14 pm

Mousy wrote:Unfortunately I seem to have lost access to the VPN entirely, whether I'm using viscosity or Tunnelblick.

I've changed nothing in either of my clients, but for some reason about an hour ago I lost connection entirely; is anybody else having the same problem?


I have list access from android client and my Linux client. several others have reported issues this morning as well.

issues seem to be server side, endless looping trying to connect.

User avatar

DesuStrike
ForumHelper
Posts: 345
Joined: Thu Oct 24, 2013 2:37 pm

Re: HOWTO: Mac connects | Tunnelblick

Postby DesuStrike » Sun Nov 10, 2013 11:32 pm

Mousy wrote:Unfortunately I seem to have lost access to the VPN entirely, whether I'm using viscosity or Tunnelblick.

I've changed nothing in either of my clients, but for some reason about an hour ago I lost connection entirely; is anybody else having the same problem?


Hello Mousy (cute name btw ;) ),

please refer to my postings in this thread: viewtopic.php?f=32&t=4758&p=6368#p6368
home is where the artillery hits

User avatar

Mousy
Posts: 18
Joined: Thu Oct 31, 2013 5:12 pm

Re: HOWTO: Mac connects | Tunnelblick

Postby Mousy » Mon Nov 11, 2013 3:27 pm

Aaaaand we're back!

Got up this morning and everything is now hunky-dory, apparently it was something to do with upgrades to the Montréal exitnodes. These things are to be expected on a brand-new service, and I'm glad it didn't take very long to get back up and running :-)
    Key ID: 0x75DA8C34764DD484
    Key Fingerprint: 5FD9 DF85 ED14 0D6E 5F20 6B20 75DA 8C34 764D D484
    Download My PGP Key.

Mahatma Gandhi wrote:First they ignore you, then they laugh at you, then they fight you and then you win.

User avatar

exempt
Posts: 31
Joined: Sun Dec 29, 2013 7:49 am

Fixing Err 244 from compareShadowCopy security check

Postby exempt » Sat Dec 28, 2013 12:14 pm

The guide/tutorial above seemed to work for the most part but I kept getting an error 244 about security while doing shadow config comparison:

(Internal Tunnelblick error: unknown status 244 from compareShadowCopy(Empty Tunnelblick VPN Configuration))

I reinstalled a couple times and thought it was maybe the config file, but I was wrong.
Turns out Tunnelblick is not too fond of lax permissions. Some other non-related App had changed the permissions of the Applications folder, which Tunnelblick didn't like.

the fix:
sudo chmod o-w /Applications

I'm sure a repair disk permissions would have also done the trick.

Some important things you shouldn't miss:
Calculating the SHA512 for your username
Changing the version number of Tunnelblick to 2.3.2
Route All traffic through VPN

:D Hope this was helpful, specs of my MBP below.

OS Version: 10.8.5 x86_64 Mountain Lion
Tunnelblick Version: 3.3.0 (build 3518)

EDIT: 1/23/2014
Had some connection issues but knew my token was still valid, Tunnelblick will say disconnected over and over while attempting to connect to cryptostorm. Fixing the permissions with the command above will solve this problem.

User avatar

exempt
Posts: 31
Joined: Sun Dec 29, 2013 7:49 am

Re: HOWTO: Mac connects | Tunnelblick

Postby exempt » Wed Feb 05, 2014 8:01 pm

Still having connection problems from time to time and realized it was DNS. I've always been able to connect and successfully authenticate, but sometimes internet related activities like web browsing don't work, and then Tunnelblick times out and disconnects. I'm currently on Mountain Lion and supposedly the build version of Tunnelblick I was using is known to exhibit this DNS issue. There is even a dedicated page in the project that explains this problem and describes possible solutions. http://code.google.com/p/tunnelblick/wiki/cMountainLionDnsIssue
After updating to the beta Tunnelblick 3.4beta20 (build 3727), which is the recommended version for Mountain Lion, I haven't had an issue. I'll let you know if this changes in the future. :D


OS Version: 10.8.5 x86_64 Mountain Lion
Current Tunnelblick Version: 3.4beta20 (build 3727)
Previous Tunnelblick Version: 3.3.0 (build 3518)


Return to “cryptostorm in-depth: announcements, how it works, what it is”

Who is online

Users browsing this forum: No registered users and 3 guests

Login