Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

HOWTO: Mac/OSX connects via Tunnelblick

Guides, HOWTOs etc on how to setup Cryptostorm on PCs, smartphones, tablets and routers.
User avatar

Topic Author
cryptostorm_support
ForumHelper
Posts: 296
Joined: Sat Jan 26, 2013 4:31 am
Contact:

HOWTO: Mac/OSX connects via Tunnelblick

Postby cryptostorm_support » Sun Nov 30, 2014 10:58 am

UPDATE: Any OpenVPN config files found on the forum are likely to be outdated. To find the most current ones, go to https://github.com/cryptostorm/cryptostorm_client_configuration_files

{direct link: tunnelblick.cryptostorm.org}

A lot has happened and Cryptostorm has come a long way since the old tunnelblick guide (now archived and locked, but still visible) was created, and while it's interesting to read through, there's a lot in there that isn't entirely relevant which can make some specific nuggets of info more difficult to find. So, in the interests of ease of use, we're starting fresh and archiving the old threads that some find scary ;)

Special thanks to everyone who provided information that helped us get where we are today. You guys are awesome. :angel:


Tunnelblick connection tutorial

For OS X, there are a few options as far as getting an openVPN connection up and running, but two of the most popular seem to be Viscosity and Tunnelblick. Viscosity looks nice, and I have heard good things about it, but it is NOT free, so this tutorial will deal with Tunnelblick (there are other reasons you might want to go with tunnelblick, but we'll go over them later). For the sake of brevity, whenever “right-click” appears, feel free to substitute “click with two fingers simultaneously” if you are using their touchpad thingy.

1) First you need to download and install tunnelblick.

  a. The latest stable version of Tunnelblick can be obtained from here
  b. When the .dmg opens, double-click the tunnelblick icon to get installing, and launch the application when it finishes.
   i. If this stage fails, you may need to set OS X to allow applications to be installed from sources other than the Mac App Store or “identified developers”.

   ii. To do this, click the Apple icon in the taskbar at the top of your screen and choose “System Preferences…” and then “Security & Privacy”.

   iii. Ensure your settings are unlocked (if the padlock in the lower left of the window is locked, click it and provide your password when asked), and make sure “Anywhere” is selected under the heading “Allow Apps downloaded from:”. Try the installation again.
   Screen Shot 2014-11-01 at 7.42.49 PM.png

  c. When the “Welcome to tunnelblick window appears, pick “I have configuration files” as shown below, and then click Done.
  Screen Shot 2014-11-01 at 6.20.19 PM.png

2) The next step is to create and install the configuration files used by tunnelblick to connect to cryptostorm.
  a. Download the attached file and unzip it.
  b. Unzipping should create a file titled "Balancer_1_4.tblk". Double-click it and choose “All Users” to install the configuration file for all users on your machine, or “Only Me” to make it available for only the current user logged into your machine.
3) Now, we make final preparations!
  a. At this point it is assumed you have obtained a token from our lovely support staff, so we have to “Hash” it before we can use it with tunnelblick
  b. To do this we need to use our handy-dandy hash creator at https://cryptostorm.is/sha512.html
  c. You need to paste your token in the field that says “Your token…”, but clear that text field COMPLETELY before doing so. Clicking “Calculate!” will give you your hashed token in the “Hash:” field that we will use to actually connect.
   i. It’s a pretty long combination of letters and numbers, so the best thing to do is use your computer to copy it. Highlight the entire length of characters and right-click on it and choose Copy.
  d. When you installed Tunnelblick, it created an icon in the right portion of your taskbar at the top of your screen that looks like this:
  Screen Shot 2014-11-01 at 7.02.05 PM.png
  Screen Shot 2014-11-01 at 7.02.05 PM.png (7.06 KiB) Viewed 25740 times

  e. Click once on the above icon and choose “VPN details…”
  f. Make sure that Balancer_1_4 is selected under Configurations to the left (#1 in pic below (disregard that it only says "Balancer in the screenshot), and to the right “OpenVPN version” is set to 2.3.4 (#2 in pic below) (with recent version of tunnelblick this SHOULD be fine by default.
  Screen Shot 2014-11-01 at 7.47.43 PM.png

  g. While we're here, let's also make one quick settings change.
   i. just up and to the right of #3 in the pic above, click the "Advanced..." button
   ii. In the box that appears, click the "While Conneced" tab, and ensure that the box next to "Route all traffic through the VPN is checked. Once this is done, you can exit out of this new window and return to the VPN Details pane we were in before.
   Screen Shot 2014-11-30 at 12.46.50 AM.png
  h. Now, with this VPN Details window still open, click the Connect button in the lower right (#3 in pic above).
  i. You’ll now be asked for your cryptostorm username and password
   i. Your username is the hashed token we created earlier, so right-click in the username field and choose “Paste”
   ii. Your password can be anything, but cannot be left blank.
   iii. Check the box beside “Save in Keychain” to ensure that you won’t have to enter your password again for this configuration (you may be asked for your computer password to save into your keychain)
  j. You should see a status box pop in briefly in the upper-right portion of your screen.
   i. When the “Authorizing” or “Getting configuration” in yellow text turns to “Connected” in green, you’re all finished!
   ii. You can also tell if you’re connected by looking at the tunnelblick icon itself, where the version used while connected is darker and looks like the following: (compare with the grey icon above)
   Screen Shot 2014-11-01 at 7.18.17 PM.png
   Screen Shot 2014-11-01 at 7.18.17 PM.png (7.02 KiB) Viewed 25740 times
  k. To disconnect from tunnelblick, single-click the tunnelblick icon and choose “Disconnect Balancer_1_4”
  l. Since we’ve done all of the hard work already, all you should need to do to connect in the future is click the Tunnelblick icon and choose “Connect Balancer_1_4”.

That should be it! If you have any further questions or issues, don’t hesitate to leave a note here or contact us through our support channel at [email protected]

Current configurations for premium service is as follows and are installed in the same manner as the Balancer above:

Paris_1-4.tblk.zip
(4.56 KiB) Downloaded 1257 times

Montreal_1-4.tblk.zip
(4.7 KiB) Downloaded 694 times

London_1-4.tblk.zip
(4.58 KiB) Downloaded 756 times

Iceland_1-4.tblk.zip
(4.59 KiB) Downloaded 1382 times

Frankfurt_1-4.tblk.zip
(4.63 KiB) Downloaded 891 times

Stpetersburg_1-4.tblk.zip
(5.01 KiB) Downloaded 11050 times

US-west_1-4.tblk.zip
(4.58 KiB) Downloaded 777 times

US-central_1-4.tblk.zip
(4.96 KiB) Downloaded 733 times

Singapore.tblk.zip
(4.75 KiB) Downloaded 634 times

Lisbon.tblk.zip
(4.5 KiB) Downloaded 597 times


.tblk packages for alternate configurations will be posted here as further 1.4 configurations become finalizedEDITED (3 Dec 2014):

Configuration package for cryptofree (information on our free, speed-capped service can be found at cryptofree.me). When asked, just supply a random username and password (there's no token required, for this capped version of cryptostorm).

cryptofree1_4.tblk.zip
(4.62 KiB) Downloaded 2922 times


EDITED (13 Jan 2015):
Without further ado, here are the .tblk packages based on our version 1.4 configuration files (the latest) for connecting to a specific exit node. As before, just unzip any of the following files and double-click the resulting .tblk file to install it within tunnelblick
EDITED (20 Feb 2015):

A little late to the party, but here are 1.4 configuration files for our St. Petersburg node.EDITED (23 Feb 2015):

Updated Balancer configuration file (re-inserted in it's original location above) for more ubiquity in naming conventions for connection strings. The Balancer was the first 1.4 configuration file created, and was pushed out while 1.4 was still in beta and some naming conventions hadn't quite been finalized yet. As such, it has been throwing unresolvable host errors for some users (thought oddly even my earliest 1.4 beta configs still work for me on 10.9 *shrugs*). These modifications should address those issues, but as always, please post here or contact us via our other channels and let us know if it doesn't

EDITED (2 March 2015):

Somehow a configuration for Central US got glossed over for uploading but it's up now :)
cryptostorm_support shared support team forum account
PLEASE DON'T SEND PRIVATE MESSAGES with support questions!
--> feel free to use any of our other contact channels, or post in the support forum
cryptostorm: structurally anonymous, token-based, unlimited ☂ bandwidth, opensource, darknet data security for everyone!
keybase.io validatorsonename.io validatorsPGP key @ MITnetwork statuscryptostorm github
support team bitmessage address: BM-2cTMH8K5JnjbfSALjZtSkRWCLfc3Tr8GBV
support team email: [email protected]
live chat support: #cryptostorm


Aldous

Re: HOWTO: Mac/OSX connects via Tunnelblick

Postby Aldous » Wed Dec 03, 2014 5:54 pm

Good day and tysm for your work (your time).

I've had no problems connecting on Debian -Network Manger- and OS X Mountain Lion through Viscosity, but Tunnelblick gives me some trouble. Following the HowTo everything is fine (the tunnel opens) but i just can't browse the internet. Looking at the logs it appears to be a routing problem. Fixed it changing the Set DNS/WIN option on the VPN details from 'set nameserver' to 'DNS' but I'm not sure if this could give some security issues.

Best regards and respect for you :)))

User avatar

Topic Author
cryptostorm_support
ForumHelper
Posts: 296
Joined: Sat Jan 26, 2013 4:31 am
Contact:

Re: HOWTO: Mac/OSX connects via Tunnelblick

Postby cryptostorm_support » Wed Dec 03, 2014 6:54 pm

Thanks for letting us know about this. This tutorial was created and tested using Mavericks (but virtually the same method worked with Snow Leopard), so I'm wondering if there might be some slight differences between each OS, because looking right now I don't even have the "DNS" option in my Set DNS/WIN settings.

I'm going to have to look into this more and report back when I have an explanation
cryptostorm_support shared support team forum account
PLEASE DON'T SEND PRIVATE MESSAGES with support questions!
--> feel free to use any of our other contact channels, or post in the support forum
cryptostorm: structurally anonymous, token-based, unlimited ☂ bandwidth, opensource, darknet data security for everyone!
keybase.io validatorsonename.io validatorsPGP key @ MITnetwork statuscryptostorm github
support team bitmessage address: BM-2cTMH8K5JnjbfSALjZtSkRWCLfc3Tr8GBV
support team email: [email protected]
live chat support: #cryptostorm


Aldous

Re: HOWTO: Mac/OSX connects via Tunnelblick

Postby Aldous » Wed Dec 03, 2014 9:40 pm

At last I found it. I was lost in translation.
I was using the Spanish version of Tunnelblick an someone translated 'set nameserver' for 'DNS' :( . As you can see it wasn't a technical problem at all. However had kept me busy for some hours.

I hope you read this before loosing your valuable time.
Sorry for bothering and thx again.

User avatar

Topic Author
cryptostorm_support
ForumHelper
Posts: 296
Joined: Sat Jan 26, 2013 4:31 am
Contact:

Re: HOWTO: Mac/OSX connects via Tunnelblick

Postby cryptostorm_support » Wed Dec 03, 2014 11:29 pm

Ah, no worries and it's not a bother at all. These mistranslations happen, and if they caused any issues for one person, chances are good that they'll do the same for another. It's always good to get these things figured out :)
cryptostorm_support shared support team forum account
PLEASE DON'T SEND PRIVATE MESSAGES with support questions!
--> feel free to use any of our other contact channels, or post in the support forum
cryptostorm: structurally anonymous, token-based, unlimited ☂ bandwidth, opensource, darknet data security for everyone!
keybase.io validatorsonename.io validatorsPGP key @ MITnetwork statuscryptostorm github
support team bitmessage address: BM-2cTMH8K5JnjbfSALjZtSkRWCLfc3Tr8GBV
support team email: [email protected]
live chat support: #cryptostorm


lab
Posts: 2
Joined: Thu Mar 05, 2015 5:33 pm

Re: HOWTO: Mac/OSX connects via Tunnelblick

Postby lab » Thu Mar 05, 2015 5:37 pm

I can’t make it work. Tunnelblick says "getting configuration" and I get the message: "Balancer_1_4: Autentication failed. The credentials (passphrase or username/password) were not accepted by the remote VPN server."
The token I got i new and I did "hash" it like described in this guide...
Any idea what I could do?


lab
Posts: 2
Joined: Thu Mar 05, 2015 5:33 pm

Re: HOWTO: Mac/OSX connects via Tunnelblick

Postby lab » Thu Mar 05, 2015 5:50 pm

Jesus. I found out why!!! I pasted the token in the converter without removing the text "your token".

User avatar

parityboy
Site Admin
Posts: 1085
Joined: Wed Feb 05, 2014 3:47 am

Re: HOWTO: Mac/OSX connects via Tunnelblick

Postby parityboy » Thu Mar 05, 2015 6:02 pm

@lab

I was JUST about to say the same thing to you. :D Also, I'm going to restore your posts so that others reading this can learn. :)


Abc

Re: HOWTO: Mac/OSX connects via Tunnelblick

Postby Abc » Sun May 03, 2015 3:52 pm

Hey,

wanted to thank you for this tutorial! Works really well.

Tho while using Tunnelblick for a while now, wanted to ask, is there a setting that "disconnects" internet when my connection to cryptostorm would fall off?
Sometimes nodes to what i connect stop working, and Tunnelblick would start reconnecting to them, but my internet would continue with my real IP. Is there a way to stop it?

User avatar

parityboy
Site Admin
Posts: 1085
Joined: Wed Feb 05, 2014 3:47 am

Re: HOWTO: Mac/OSX connects via Tunnelblick

Postby parityboy » Sun May 03, 2015 4:24 pm

@Abc

The best thing you can do is use the OS X firewall to only permit connections to the exit node IP addresses on port 443 over the clear network interface, and also permit any traffic to any address over tun0 (or whatever the VPN network interface is on OS X).


Abc

Re: HOWTO: Mac/OSX connects via Tunnelblick

Postby Abc » Sun May 03, 2015 5:50 pm

Hey parityboy,

thanks for the quick reply!
I thought that i haven't seen that setting in Tunnelblick, but still thought of asking, because sometimes i am blind and don't notice things.
I looked at osx firewall under my System Pref, all that i could see and understand was that it is app based. i can allow app to connect and make connections.
I am afraid, that at this point im too stupid to do what you suggested.

I use Little Snitch too, but yet again, im used either allowing apps to connect and make connections.

Anyway, thanks again! I'll go and educate myself on that matter.
But if there's someone, that has done something like that which would improve Tunnelblick a little in my eyes and has the time to share, then im more than open to give it a try :)


parityboy wrote:@Abc

The best thing you can do is use the OS X firewall to only permit connections to the exit node IP addresses on port 443 over the clear network interface, and also permit any traffic to any address over tun0 (or whatever the VPN network interface is on OS X).


User90

Re: HOWTO: Mac/OSX connects via Tunnelblick

Postby User90 » Fri Aug 21, 2015 10:57 pm

Hello.

Anyone with difficulties connecting to the US_west node? Every time I try to connect the tunnelbick displays the following message: "The credentials (passphrase or username/password) were not accepted by the remote VPN server."

All other exit nodes are working.

Thanks in advance.


br420
Posts: 1
Joined: Wed Dec 16, 2015 10:01 am

Re: HOWTO: Mac/OSX connects via Tunnelblick

Postby br420 » Tue Dec 29, 2015 11:56 pm

I keep getting this message an am unable to connect: "Tunnelblick was unable to start OpenVPN to connect Balancer_1_4"

I thought it was Tunnelblick so I updated it but that does not help (was that a mistake?)

On my error log it says " Options error: Unrecognized option or missing or extra parameter(s) in /Library/Application Support/Tunnelblick/Shared/Balancer_1_4.tblk/Contents/Resources/config.ovpn:20: sndbuf (2.3_git_0e591a2)"

This is out of my league....any help would be grateful!

Thanks!


jix

Re: HOWTO: Mac/OSX connects via Tunnelblick

Postby jix » Fri Mar 25, 2016 1:37 am

That all worked fine for me when I did it the first time. Then my Mac crashed, but I had a backup. For some time I used a windows computer, and connected through the widget, that also worked. Now I have a new Mac where I restored my backup (also Tunnelblick), but can't connect anymore with my recent token. Could anyone help?

User avatar

hashtable
Posts: 40
Joined: Sat Mar 26, 2016 4:27 pm

Re: HOWTO: Mac/OSX connects via Tunnelblick

Postby hashtable » Sat Mar 26, 2016 5:06 pm

Update tunnelblick to the latest beta version - either in the settings or you could download it here. Also make sure to use the latest configs (here). Comment out the line the last line with the 'ca ca.crt':

# ca ca.crt
<ca>
....
</ca>

And it should work. Also make sure it's going through ipv4 and the other settings are good too (the app has changed since this was written or the other manual so it looks different but it's easier to find those settings).

User avatar

parityboy
Site Admin
Posts: 1085
Joined: Wed Feb 05, 2014 3:47 am

Re: HOWTO: Mac/OSX connects via Tunnelblick

Postby parityboy » Sun Mar 27, 2016 2:13 am

br420 wrote:I keep getting this message an am unable to connect: "Tunnelblick was unable to start OpenVPN to connect Balancer_1_4"

I thought it was Tunnelblick so I updated it but that does not help (was that a mistake?)

On my error log it says " Options error: Unrecognized option or missing or extra parameter(s) in /Library/Application Support/Tunnelblick/Shared/Balancer_1_4.tblk/Contents/Resources/config.ovpn:20: sndbuf (2.3_git_0e591a2)"

This is out of my league....any help would be grateful!

Thanks!Actually it isn't. :D Open the config file in a text editor, and comment out the line that has sndbuf in it, along with the rcvbuf and txqueuelen lines.

After that you should be good to go .:)


RickOshea
Posts: 1
Joined: Wed Jul 06, 2016 6:08 am

Re: HOWTO: Mac/OSX connects via Tunnelblick

Postby RickOshea » Thu Jul 07, 2016 1:18 am

Hi there Gang!

I need a little help please...

I have successfully installed the above Client Config Files (the tblk.zip files)
and I can see by the date of the post, that this is an old list,
as posted by cryptostorm_support on: Sat Nov 29, 2014.

Could someone please upload the new ones (the new locations/tblk.zip files)
and update the list?

Thanks in advance!

RickOshea

...................


jonnyrevolution

Re: HOWTO: Mac/OSX connects via Tunnelblick

Postby jonnyrevolution » Sat Jul 09, 2016 6:57 am

I've gone through this method and I've tried the Balancer & US Central configs and the Authentication fails one both.

"US-central_1-4: Authentication failed
The username and password were not accepted by the remote VPN server."

I've connected to Cryptostorm on my windows computer and android phone perfectly fine, but this one must not be accepting my hash which was done properly.


jonnyrevolution

Re: HOWTO: Mac/OSX connects via Tunnelblick

Postby jonnyrevolution » Sat Jul 09, 2016 8:05 am

I was reading on another topic and saw that I should try to put my token in as the username without hashing it.

Sure enough that worked.

User avatar

parityboy
Site Admin
Posts: 1085
Joined: Wed Feb 05, 2014 3:47 am

Re: HOWTO: Mac/OSX connects via Tunnelblick

Postby parityboy » Sat Jul 09, 2016 6:36 pm

jonnyrevolution wrote:I was reading on another topic and saw that I should try to put my token in as the username without hashing it.

Sure enough that worked.


Odd. The hashed version should work equally as well - it's what I use. How did you hash the token?


Return to “guides, HOWTOs & tutorials”

Who is online

Users browsing this forum: No registered users and 4 guests

Login