Saturday, April 15, 2006


TunnelblickTunnelblick is a very nice GUI for OpenVPN. A tunnel icon is added to the menu bar. You can click on the icon to connect/disconnect to your VPN.

The "stable" version (2.0.1) allows for connnecting to a single VPN. You create a ~/Library/openvpn directory and save your configuration file as openvpn.conf.

The 3.0 Release Candidate (I just now noticed that RC2 is out) allows for the ability to connect to multiple VPNs depending on the name of your configuration file. Save your configuration file as Server1.conf, Server2.conf (where "Server1" is an arbitrary string).

I can't see using OpenVPN on a Mac without it.


  1. Were you able to get Tunnelblick to add routes that were pushed from the server? I can't seem to get my general internet traffic routed across the VPN link. I figured this should be as simple as adding a default route across the tunnel.

  2. This is not a Tunnelblick issue. It's an OpenVPN issue. Look at the 'push "redirect-gateway"' option on the server.

  3. I have tried to get RC2 to work on my Macbook Pro without success. I seem to get routes pushed down but get multiple "write UDPv4: No buffer space available (code=55). I also tried to replace the TUN/TAP Kernel Extensions with an Intel version I found but that doesnt work. Tunnelblink wont try to connect due to tamperd files :(

  4. I have seen this problem. It seems with RC2, his up and down scripts hang with Tiger (at least). Check out where I describe using custom scripts. You could substitute my scripts with the up/down scripts from RC1. Good luck.

  5. Hi,

    I'm having the same "no buffer space" problem. I've tried Tunnelblick 3.0 RC1 but had teh same problem. I've seen reports that this problem doesn't exist with the A3 version. Any ideas where I might be able to get hold of this version ?



  6. You could try the tunnelblick website.

  7. I downloaded Tunnelblick 3.0 RC1 (not published on Tunnelblick Website; I got it here: ). This fixed the code 55 error on my 2.0 GHz MacBook Pro when running RC2.

  8. Sorry, first try didn't publish the URL. It's:

  9. I get the following error:
    OpenVPN 2.0.5 i686-apple-darwin8.3.1 [SSL] [LZO] built on Dec 4 2005
    Nov 28 21:20:53 MacBookPro openvpn[283]: Footer text not found in file '/etc/openvpn/static.key' (256/128/256 bytes found/min/max)
    Nov 28 21:20:53 MacBookPro openvpn[283]: Exiting

    My static.key is at the specified location. Any suggestions?

  10. I have been trying to VPN to my office for ages, havn't got it working! Using OS X 10.4 on an intel macbook. Tunnelblick seems to connect okay, but when i try and ssh in, I get the error: No address associated with nodemname.

    I typed ifconfig, and tried to ping the tun0 addresses given, no joy. I also tried manually adding the nameserver to /etc/resolve/conf. Any ideas????

  11. >Posted May 8, 2006 @ 11:16 am EDT
    > By mike
    > This is not a Tunnelblick issue. It’s an OpenVPN issue. Look at the ‘push “redirect-gateway”‘ option on the server.

    mike we meet again for Tunnelblick questions!

    have you ever gotten Tunnelblick to pass the gateway properly with this option?

    i have been trying to do just that... push all traffic through the VPN with redirect-gateway directtive on the client.

    Tunnelblick just says
    NOTE: unable to redirect default gateway -- VPN gateway parameter (--route-gateway or --ifconfig) is missing

    i was able to get the DNS server passed correctly as per my other note referencing this thread...

  12. "redirect-gateway" is a server side setting. Not a client side setting.

    For my home network, I have two instances of openvpn running. One for just securely connecting to home resources and the second for routing all of my network traffic through my home network with redirect-gateway. One is on port 1194 and the other is on 1195. I have two configuration files so Tunnelblick gives me two options.

  13. my understanding is that redirect-gateway is a server option or a client option, either way, which makes it very flexible and client selectable.

    if that wasnt true, then i like your idea of 2 servers as a work around.

    i'm actually much closer now to getting it to work on the client.
    my problem was that in the client settings i only had:

    redirect-gateway def1 #def1 makes it temporary

    instead of

    redirect-gateway def1 #def1 makes it temporary

    I didn't know you had to hardcode the route-gateway in there.
    perhaps if i did a push "route-gateway" from the server.
    but last time i pushed both the gateway and the dns from the dd-wrt openvpn server the openvpn process would die.

    BEFORE netstat -r reveals:
    default UGSc 19 214 en1

    AFTER: netstat -r reveals:
    0/1 UGSc 5 22 en1
    default UGSc 2 145 en1

    as you can see, the problem is the command is adding the gateway to en1 not tap0 as it should. i need to find a way to give the redirect-gateway command a parameter of tun0

    btw, i had to use a script with Tunnelblick to get the tunnel to work at all:

    ipconfig set tap0 DHCP

  14. i meant tap0, not tun0...

  15. Hi,
    Sounds like I'm not the only one facing problems with openvpn on leopard.. spent hours trying to figure out how to push all the traffic through the VPN tunnel, so maybe someone here can give me a tip?

    I'm using openVPN in bridged mode - my home router (myISP_IP/ runs the server and allocates an IP to connecting clients (192.168.1.x, this works fine with my PDAphone with OpenVPN for windows mobile and on my previous XP laptop).

    On my MacBook Pro, I have compiled OpenVPN and the tunnel is properly created with no warning. The tap0 if gets an IP as it's supposed to, I can ping the gateway but the rest of the traffic goes through my company's gateway...

    The server looks like this:

    openvpn --dev tap0 --secret /tmp/static.key --comp-lzo --port 443 --proto tcp-server --verb 3 --log /tmp
    /openvpn.log --daemon

    and the client on my mac:

    remote myISP_IP # IP
    route-delay 3
    redirect-gateway def1
    port 443
    dev tap
    secret static.key
    proto tcp-client
    up ./
    down ./

    The client log says:
    Wed Mar 5 19:57:23 2008 Peer Connection Initiated with myIP:443
    add net myISP_IP: gateway myCompany_IP
    add net gateway
    add net gateway
    Wed Mar 5 19:57:26 2008 Initialization Sequence Completed

    but no way... notice that I used both route_gateway and redirect_gateway is an apparently appropriate way, but the default routes are not changed... I'm losing network connection and cannot even see my routing tables: netstat -r hangs or takes ages and confirms default still not

    If someone sees the problem... I'd be really glad to fix this!



  16. @Gilles: I think I have exactly the same problem. Tunnelbllick reports "Initialization Sequence Completed", but after that, I'm unable to connect to the windows server at work. It's not a problem of the server, as I don't have any problem connecting to it when I'm at the office. Have you found a solution?
    My VPN used to work fine last january, so I think it may be an issue with 10.5.2.

  17. I am also affected with this problem - and after much battling to get Tunnelblick working under 10.5.2 at the office I find I am still caught short when accessing from home through my wrt54g.

    The two previous posts seem to describe the situation exactly.

  18. Newbie question.... Trying to run Tunnelblick on MacBook Pro Leopard. Copied the config files that worked on Windows. Do I need to do something equivalent to creating a TAPI adapter (whatever that means) like I did on Windows and if so how? So far I just get these errors in the Tunnelblick log. Any help appreciated please? Are there good instructions anywhere or a more organized discussion group besides this long thread? Thanks!

    Sat 04/26/08 03:10 AM: IMPORTANT: OpenVPN's default port number is now 1194
    Sat 04/26/08 03:10 AM: WARNING: No server certificate verification method has been enabled. See for more info.
    Sat 04/26/08 03:10 AM: Cannot load certificate file client.crt: error:02001002:system library:fopen:No such file or directory: error:20074002:BIO routines:FILE_CTRL:system lib: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib