May 8th, 2012· Enhances security by digitally signing Sparkle.framework (signed versions only).
· Fixes a problem installing or launching Tunnelblick when a .tblk exists but is not a folder (i.e., not an OS X package).
· Fixes problems on OS X 10.4 ('Tiger').
· Fixes a problem that sometimes caused updates to unsigned versions of Tunnelblick instead of to signed versions.
· Note: this was not caused by a problem in Tunnelblick itself -- it was caused by a misconfiguration on the tunnelblick.net website (the website used to check for updates). The misconfiguration was fixed on 2012-05-05 at 23:54 +04:00.
May 3rd, 2012· Fixes a crash on OS X 10.4 ("Tiger") or PowerPC.
April 30th, 2012· Fixes a problem with the digital signatures of updates in 3.2.4.
April 28th, 2012· SECURITY UPDATE: Replaces OpenSSL 1.0.1 with 1.0.1b.
· Enhances security by making all of the application's contents owned by root.
· Fixes bug when on OS X 10.4 ("Tiger") that used an unavailable method.
· Fixes invalid links in Sparkle (which implements updates) FR_CA localization.
· Fixes Issue 205 (notification windows overlapping each other).
· Fixes some compiler warnings from Xcode 4.
April 28th, 2012· SECURITY UPDATE: Replaces OpenSSL 1.0.0g with 1.0.1b.
· Fixes a problem with 'While connected' actions not always being saved in the 'Advanced' settings window.
· Disconnects a configuration if a Tunnelblick VPN Configuration script returns a non-zero (mod 256) result.
· Logs explanations of why a disconnection occurred.
· Logs Tunnelblick VPN Configuration script execution and result codes.
· Logs unknown 'foreign_option's found by the standard up script.
· Fixes a problem when there are no icon sets.
· Fixes bugs in OpenVPN's easy-rsa scripts that cause errors when the path to easy-rsa contains whitespace.
· Fixes several compiler warnings detected by Xcode 4.
March 17th, 2012Includes Several changes have been made concerning notification windows:
· Notification windows display the total amount of data uploaded and downloaded and recent up and down transfer rates for client connections.
· When the pointer (mouse) is over the Tunnelblick icon in the menu bar, the notification windows for all configurations that have been active since Tunnelblick was launched are displayed. (This may be changed on the 'Appearances' panel of the 'VPN Details…' window.)
· Notification windows do not fade away if the cursor is over any notification window (or the Tunnelblick icon, as described above).
· Notification windows for disconnected configurations have a 'Connect' button.
· Fixes a bug that caused notification windows to appear in Mission Control on Lion even though they were closed.
· Adds Openvpn 2.3alpha1, removes OpenVPN 2.1.4.
Adds a 'Utilities' tab to the VPN Details… window. It includes:
· A 'Terminate all OpenVPN processes' button.
· A 'Run easy-rsa in Terminal' button.
· Click the '?' button on the tab for more information about these features.
· Adds the ability to have a 'route-pre-down.tunnelblick.sh' script that is run before closing a connection. Tunnelblick's 'Set Nameserver' scripts use this to release a TAP device's DHCP lease. This feature (and the DHCP lease release) is available only when using OpenVPN 2.3alpha1 and only in Tunnelblick VPN Configurations.
· Includes a customized version of OpenVPN's 'easy-rsa' 2.0 command-line scripts for creating certificates and keys.
· Adds two AppleScript nouns for configurations: 'bytesIn' and 'bytesOut' report bytes in or out through a client connection since Tunnelblick was launched.
· Adds a 'Suggestion or Bug Report…' menu item to beta versions of Tunnelblick unless the 'doNotShowSuggestionOrBugReportMenuItem' preference is true.
· Includes OpenSSL 1.0.1.
· Does not try to connect if the OpenVPN log file could not be created.
· Does not allow Unicode characters in usernames, passwords, and private keys (OpenVPN does not accept them).
· Includes more debugging information when OpenVPN starts or fails to start.
· Includes enhancements to the Tunnelblick build/clean process (see r1965 for details).
· Includes preparations for Mountain Lion.
· Disconnects a configuration if a Tunnelblick VPN Configuration script returns a non-zero (mod 256) result.
· Logs explanations of why a disconnection occurred.
· Logs Tunnelblick VPN Configuration script execution and result codes.
· Logs unknown 'foreign_option's found by the standard up script.
· Fixes a bug in log display of the command line used to start OpenVPN (cosmetic problem).
· Fixes a bug causing loss of contents in the log display if the log contains invalid characters.
· Fixes problems with the log display if the display gets large.
· Fixes a problem with 'While connected' actions not always being saved in the 'Advanced' settings window.
· Fixes a problem when there are no icon sets.
· Fixes several compiler warnings detected by Xcode 4.
January 27th, 2012· Fixes a security vulnerability in OpenSSL by updating to OpenSSL version 1.0.0g. See http://www.openssl.org/news/secadv_20120118.txt for details.
· Fixes a bug that sometimes caused repeated restarts of a connection when the search domain changed after the connection was established.
· "Deployed" versions that update from the Tunnelblick website always update to unsigned versions to avoid problems with the OS X Keychain.
· Fixes some French localization.
· At launch, if Tunnelblick is updating from the official Tunnelblick site and has an invalid digital signature (for example, the program is a Deployed version or has been modified in some other way by the user), an update to an unsigned version of Tunnelblick will be offered immediately -- even if the user has turned off automatic updates -- unless the "updateCheckAutomatically" preference is being forced to false or the user is not an administrator and the "onlyAdminCanUpdate' preference is false or not present.
January 9th, 2012· Fixes six OpenSSL security flaws by updating OpenSSL from 1.0.0e to 1.0.0f. See http://www.openssl.org/news/secadv_20120104.txt for details.
· Fixes a problem that caused a restart of the connection as a result of a DHCP renewal.
· Fixes failure to ask what should be done when the user enters an incorrect private key (passphrase).
December 30th, 2011· Fixes a problem preventing installation or updates for some users on OS X 10.4.
· Fixes problems connecting (loading tun/tap kexts) for some users.
December 20th, 2011· Fixes a security vulnerability found in Tunnelblick 3.2beta36. (See 2011-12-19 Tunnelblick Vulnerability FAQ for details.)
· Includes complete Japanese localization by Yoshihisa Kawamoto.
· Fixes a memory leak and a problem that caused a failure to localize tabs in the "Advanced" settings window.
December 20th, 2011· Includes additional Japanese localization by Yoshihisa Kawamoto.
· Adds more control over what Tunnelblick does when a network setting changes. Controls are located on the "While Connected" tab of the Advanced configuration settings. (These controls may not be modified if the per-configuration 'CONFIGURATIONNAME-leasewatchOptions' preference is present. That preference is now deprecated.)
· Includes fixes to format of Czech localization of credits.
· Includes additional log entry if ExecuteAuthorized fails.
· When installing and securing Tunnelblick, logs a warning but continues to install if the private configurations folder is not present. (Previously, the installation was abandoned if the private configurations folder was not present.)
November 28th, 2011· Includes a Hungarian translation by Marcell Szabo, and a Czech translation by Petr Šrajer.
· Includes the latest Tuntap release (version 20111101) for Snow Leopard and higher (Tunnelblick uses version 19990913 for Tiger and Leopard). This should fix the "kernel: Failed to add membership to all-hosts multicast address on interface" error in Lion.
· Fixes a bug in the build process that causes an extra copy of a tun/tap kext to be stored inside each tun/tap kext when a build has already been done.
· For an "Unsigned Release" build, " Unsigned" is appended to CFBundleShortVersionString (the marketing version string). Similarly, for a "Debug" build, " Debug" is appended.
Fixes problems updating Tunnelblick caused by digital signatures on Deployed versions. When installing updates on a non-customized version of Tunnelblick (i.e., the Info.plist SUFeedURL entry is "http://tunnelblick.net/appcast.rss"):
· If the "updateSigned" preference is set, the application will be updated with a signed version;
· Otherwise, if the "updateUnsigned" preference is set, the application will be updated with an unsigned version;
· Otherwise, versions before 3.2beta34 are updated with signed versions; versions 3.2beta34 and higher are updated with signed versions only if they are themselves signed, otherwise they are updated with unsigned versions.
· "Signed" does not refer to the update itself, which is always digitally signed for authenticity. It refers to the Tunnelblick.app application being signed so that the updated version can use Keychain items without OS X prompting the user for permission.
· See Tunnelblick and Digital Signatures for more details.
October 12th, 2011· Includes OpenSSL version 1.0.0e.
· Complete Polish localization by Magdelena Zajac and Łukasz M.
· Improved French localization by Olivier Borowski.
· Removes extra logging by Tuntap kexts introduced in 3.2beta30.
· Does not allow a configuration to be renamed or made private or made shared unless the configuration is disconnected.
· Fixes a problem with configurations set to connect 'when computer starts'.
· Fixes a problem not accepting digits in domain names pushed by the VPN server. Now accepts A-Z, a-z, 0-9, '-', and '.' in domain names. Does NOT accept internationalized domain names.
August 1st, 2011· Johan Nilsson and Tim Malmström have provided Swedish localization.
· Prevents kernel panics on OS X 10.7 "Lion" by reverting to OpenVPN 2.1.4.
· Tunnelblick can now be updated even if its name is not Tunnelblick.app.
· A splash window with status information appears while Tunnelblick is starting up. It will not be displayed if 'Display window while Tunnelblick is starting up' is unchecked on the 'Appearance' panel of the 'VPN Details…' window. (Controlled by the 'doNotShowSplashWindow' preference.)
· You can now select and copy the version information in the Info panel.
· Fixes bug that caused a failure to display an error message and a many-second delay when user tries to set a non-.tblk to start when the computer starts.
July 21st, 2011· Aleix Dorca has provided a complete Catalan localization.
· Emma Segev and Tjalling Soldatt have provided complete Dutch localization.
· Peter K. O'Connor has provided complete Chinese (simplified) localization.
· Dennis Ukhanov, Eugene Trufanov, Nail Gilmanov, & Victor Ptichkin have provided complete Russian localization.
· Changes the 'Show/Hide Configuration on Tunnelblick Menu' menu command to be the 'Show on menu' checkbox on the 'Settings' tab.
· Un-rebrands the license description unless the 'doNotUnrebrandLicenseDescription' preference is set.
· Fixes bugs when menu icon sets are not available.
· Fixes bugs when updating Tunnelblick while a connection is active.
· Fixes console warning about unrecognized preference.
July 15th, 2011· Complete German localization by Marcus Schneider.
· Complete French localization by Jeremy Sherman.
· Complete Korean localization by Kyoungmin Kim.
· Complete Norwegian localization by Jon Luberth.
· Complete Portuguese localization by Denis Volpato Martins.
· Includes OpenVPN version 2.2.1.
· Now loads sounds each time the Configurations panel is displayed, so any sounds added by the user can be used immediately.
· Adds protection against race conditions in sleeping and quitting.
· The credits and license description on the Info panel are now localized.
· Fixes a bug that didn't update 'Settings' tab items properly when a different configuration was selected in the 'Configurations' panel.
· Fixes a bug that caused several items to appear in English instead of the preferred language, even if a preferred language translation of the item was available.
· Fixes a bug that caused the 'Advanced' window to pop up in front of any other application's window when the notification window appears.
· Fixes a bug that caused the 'Glass' sound to be used when a tunnel is established and the 'Basso' sound to be used when a tunnel was torn down if the preference for the sound was set to 'None'
· Fixes a bug that caused the 'Advanced' window to pop up in front of any other application's window when the notification window appears.
· Fixes a bug that ignored the Enter and Escape keys when entering a VPN username/password or passphrase.
· Fixes a bug that caused the 'Glass' sound to be used when a tunnel is established and the 'Basso' sound to be used when a tunnel was torn down if the preference for the sound was set to 'None'
· Fixes a bug that caused problems and failed to properly warn the user that a private configuration cannot be set to start when the computer starts.
· Fixes several small memory leaks.
· Fixes a possible race condition when quitting Tunnelblick.
June 28th, 2011· Changes to the sound settings now take effect immediately.
· Shows a splash screen during installation.
· Cascades status windows when multiple status windows are being displayed simultaneously.
· Fixes a problem that displayed incorrect sound 'on connect' and sound 'on unexpected disconnect' selections when no selections have been made. (Should have displayed 'None' for each, but displayed 'Glass' and 'Basso'.)
· Includes several other small changes and bug fixes.
May 18th, 2011· Fixes a crash on startup on OS X 10.4 ("Tiger") and 10.5 ("Leopard").
· Fixes a typo in the help page for the "Appearance" preferences.
April 4th, 2011· Fixes problems causing tun/tap kexts to be loaded even though preferences specify that the kext(s) are not to be loaded.
· Fixes a problem with installing some Tunnelblick VPN Configurations (.tblk).
January 28th, 2011· A bug causing a security vulnerability exists in Tunnelblick versions 3.1, 3.1.1, and 3.1.2. It allows an unprivileged user to erase the contents of any file, including important system files, on any Mac OS X system with a vulnerable version of Tunnelblick installed. As far as is known as of 2011-01-27, the bug cannot be used to take control of the system or obtain root access. All users of Tunnelblick are advised to update to the latest version. For more information including instructions for updating
December 27th, 2010· Removes the 'warns the user when certain unexpected disconnections occur' feature added in version 3.1.1 because it caused Tunnelblick to hang under certain conditions of sleep/wake cycles and/or screensavers. This feature will return in more robust form in a future beta release.
December 20th, 2010· Fixes a problem with the left navigation sometimes not being displayed properly when the Details… window does not have left navigation but adding a configuration changes it to have left navigation.
· Fixes a problem installing Tunnelblick VPN Configurations (.tblk packages) that have a CFBundleIdentifier containing upper-case letters.
· Fixes a problem when a .tblk that is being installed has a path which includes a component which includes the string '.tblk'
· Fixes a problem checking permissions on configuration file when user's home folder is not the usual /Users/username folder -- for example, when it is on a network volume ( Issue 163 ).
· Fixes a problem with the Tunnelblick icon not displaying correctly for multiple simultaneous connections. Now the icon is a closed tunnel if all configurations that the user expects to be closed are in fact closed, is an open tunnel if all configurations that the user expects to be open are in fact open; otherwise the icon is an animation -- neither open nor closed.
· Fixes a problem trying to set a configuration that is in a subfolder to connect at system start.
· Fixes openvpnstart crashes when certain errors occurred. (Tunnelblick itself did not crash.)
· Fixes problems when using 'shadow' configuration files.
· Warns the user when certain unexpected disconnections occur.
· Adds a message to the OpenVPN log displayed in the Details… window when Tunnelblick obtains a VPN passphrase or username/password from the Keychain.
· Waits to go to sleep until all OpenVPN processes have terminated, unless the 'doNotPutOffSleepUntilOpenVPNsTerminate' boolean preference is set true.
· Changes Tunnelblick icon animation and open tunnel icon to show yellow beyond the tunnel, brightening the icon subtly. To use the old icon animation, set the 'menuIconSet' preference to the string 'TunnelBlick-black-white.TBMenuIcons'. Many thanks to Wes Plate for this new icon set.
· Fixes the inability to display the build number when the Tunnelblick version number that has a period in the build number (as do these 3.1.1 builds).
· Fixes a typographical error in an error message referring to a known problem in OpenVPN 2.1 -- the error message incorrectly referred to OpenVPN 2.2.
December 6th, 2010· Only the version and build numbers were updated.
December 4th, 2010· Updates to use OpenSSL 1.0.0c, which fixes several security vulnerabilities.
· Searches for the icon set folder in Tunnelblick.app/Contents/Resources/Deploy and then in /Library/Application Support/Tunnelblick/Shared before defaulting to the version in Tunnelblick.app/Contents/Resources.
· Fixes bug that caused an unneeded folder (dmgFiles) to be built into Tunnelblick.app/Contents/Resources.
December 2nd, 2010· Includes OpenVPN 2.1.4 and OpenSSL 1.0.0b.
· Adds a note to the OpenVPN log (in the Details… window) when the computer goes to sleep or wakes up and a connection is terminated/restarted.
· Fixes a problem modifying 'Set nameserver' on other-than-the-first connection.
· Fixes an OpenVPN problem with special case route targets ('remote_host').
July 12th, 2010· IMPORTANT NOTE FOR THOSE USING "WHEN COMPUTER STARTS" WITH EARLIER BETA VERSIONS: When you update to Tunnelblick 3.1beta08 or above from 3.1beta02 - 3.1beta06, Tunnelblick will not recognize any running "when computer starts" configurations. Five to ten seconds after you start Tunnelblick, they will be identified as unknown OpenVPN processes and you will be given the choice to leave them alone or disconnect them. You should chose to disconnect them in this dialog and then manually connect them in Tunnelblick. (You do not need to do this immediately, but you will not be able to control them with Tunnelblick. The dialog will appear each time you start Tunnelblick if these connections are still active.) This need only be done once, and is not necessary if there are no "when computer starts" configurations that are connected at the time you update.
· Benji Greig has created an updated Tunnelblick icon that looks great in Coverflow. He has also created a distinctive icon for Tunnelblick VPN Configurations, and a new background image for the Disk Image. Thanks, Benji!
Log processing and display have been rewritten:
· OpenVPN log files are kept in /tmp/tunnelblick/logs using filenames encoded with the configuration file path, the management port number, and the arguments to openvpnstart when the connection was created.
· Script log files are kept in the same directory, using filenames encoded with the configuration file path.
· Log files are created each time a connection is made. 'Pipes' are no longer used for the script files, and the OpenVPN management interface is not used to process log data.
· When displaying the log, the entries are merged such that script log entries follow OpenVPN log entries that have the same date/time.
· The log display now shows the most recent 10000 entries. Earlier entries are not displayed, but they are available in the log files stored in /tmp/tunnelblick/logs.
· Formatting of the log display is improved."
· The DNS cache is flushed after a tunnel is established and after it is torn down. This is enabled by default but may be disabled by the per-connection "-doNotFlushCache" preference.
· Tunnelblick VPN Configurations (.tblk packages) may now be shadow copied
· Configurations (.conf, .ovpn, and .tblk) may be stored in subfolders. Note that .tblk configurations are installed at the top level of the shared or private folder; they must then be moved to a subfolder if that is desired.
· Sets share/private button to 'Share configuration' when it is disabled.
· Fixes bug that caused 'Ignoring change of Network Primary Service' message to be displayed when no change occurred.
· Fixes bug that caused unload of tun/tap kext at exactly the right time while a restart was taking place if the user disconnected a different configuration that used the same tun/tap kext.
· Fixes bug that caused .conf configuration files to be ignored.
· Fixes bug that caused failure to connect if "Monitor connection" was checked and the standard up script was used.
· Fixes bug that caused restarts to fail if a different configuration was disconnected at exactly the right (or wrong!) time.
· Fixes bug that didn't clean up when installation of a .tblk package failed.
· Fixes bug that caused 'Set nameserver' script (i.e., 'leasewatch') to be run when it is not necessary.
· Fixes bug that caused launch of leasewatch script (when 'Set nameserver' is checked) to fail if automatically connecting when computer starts
· Fixes bug which causes format errors in the log display if a script generates log entries which don't have a "*" after the date/time. (Inserts a "*" in such entries in the log display.)
May 28th, 2010· Creates pipes for script output to OpenVPN log window on demand instead of when Tunnelblick launches
· Deletes logs for 'when computer starts' connections when they are disconnected
· Doesn't un-check 'Connect automatically' if administrator permission to change from 'when Tunnelblick launches' to 'when computer starts' is cancelled, so connect 'when Tunnelblick launches' will remain in effect
· Allows cancel out of dialog asking if 'openvpn-down-root.so' should be used
· Marks start and end of OpenVPN log entries from before Tunnelblick was launched
· Displays a notice if then OpenVPN log entries from before Tunnelblick was launched are more than 10,000,000 bytes long.
· Includes path of openvpnstart to be used in Console log messages that a configuration will 'connect when computer starts'
· Reinforces security of openvpnstart -- it now verifies it is protected before doing any operations
· Reformats dates in OpenVPN log entries from before Tunnelblick was launched to YYYY-MM-DD HH:MM:SS
· A DHCP renew which restores the original DNS and/or WINS information no longer causes the connection to restart. This new behavior can reversed be by setting Tunnelblick the boolean preferences '-doNotRestoreOnDnsReset' and/or '-doNotRestoreOnWinsReset' to TRUE.
Modified the up, down, and leasewatch scripts:
· client.up.osx.s and client.nomonitor.up.osx.sh are replaced by client.up.tunnelblick.sh
· client.down.osx.s and client.nomonitor.down.osx.sh are replaced by client.down.tunnelblick.sh
The up and down scripts may be called with optional arguments (before the standard OpenVPN-supplied arguments) that are prefixed by a '-'. The arguments are:
· -m to monitor the network configuration (reflects the 'Monitor connection' checkbox);
· -w to cause restoration of expected WINS configuration if it changes to the pre-VPN configuration (via DHCP renewal, for example); and
· -d to cause restoration of expected DNS configuration if it changes to the pre-VPN configuration (via DHCP renewal, for example).
· The -w and -d options are specified if the boolean Tunnelblick preferences '-doNotRestoreOnDnsReset' and/or '-doNotRestoreOnWinsReset' are TRUE.
· The up script saves, and leasewatch and the down script access, additional parameters (the state of the optional arguments, network primary service ID, and logfile path) in the System Configuration database as /Network/OpenVPN/...
· The up script saves the pre-VPN WINS (SMB) configuration in the System Configuration database as /Network/OpenVPN/OldSMB
· The down script ignores the optional arguments (accessing any it needs via the System Configuration database)
· leasewatch behavior has changed, although a Tunnelblick preference restores the old behavior. It used to restart the connection if the DNS or WINS configuration changed from the post-VPN-creation configuration (which reflects 'pushed' values from the OpenVPN server). This caused a restart of the connection when a DHCP renewal changed the settings to the pre-VPN configuration. This situation is now detected, and the DNS and/or WINS configurations are restored to the post-VPN-creation configuration instead of restarting the connection. This new behavior may be inhibited (forcing the old behavior to restart the connection) by setting the boolean Tunnelblick preferences '-doNotRestoreOnDnsReset' and/or '-doNotRestoreOnWinsReset' to FALSE.
· Tunnelblick itself has been modified to use the new scripts, but only if the old scripts are not present. That means that an automated build process, for example, which replaces client.up.osx.sh with a customized version, will continue to work, because Tunnelblick will see the old script, and use that instead of using the new script (even if the new script is present).
· The openvpnstart 'bitMask' argument has additional bits that specify options to send to the scripts (as described above)
· openvpnstart puts a warning in the OpenVPN log (in the Details… window) if the path to the up or down script is very long, which could result in OpenVPN sending incomplete arguments to the scripts. (OpenVPN truncates the command line it uses to start the scripts to 255 characters.)"
· Warnings from the openvpnstart program are now included in the OpenVPN log displayed in the 'Details…' window
· Fixes bug that caused load of tap devices to fail when connecting
· Fixes bug that sometimes caused log file contents not to display
· Fixes bug that caused output from leasewatch ('Monitor connection' checkbox checked) to be stored in a /tmp file instead of displayed in the OpenVPN Log on the Details... window for Tunnelblick VPN Configurations (.tblk packages)
· Fixes bug with 'connect on computer start' causing Tunnelblick to ask, in error, to flip the value of the checkbox
· Fixes bug with 'when Tunnelblick launched' and 'when computer starts' radio buttons
March 3rd, 2010· Fixes incorrect display of 'Automatically Check for Updates' preference on first run after some updates.
· Out of beta!
February 24th, 2010· Wildcards for forced preferences (see the Deploying Tunnelblick wiki).
· Displays configuration name in title of OpenVPN Log window.
· Inserts full command line used for starting OpenVPN into the OpenVPN Log window.
· Full German localization. Many thanks to Markus Markus Schneider.
February 10th, 2010· Now uses OpenVPN version 2.1.1.
· Adds Chinese localization (both simplified and traditional). Many thanks to Aming Lau.
· Installation has been simplified: The Tunnelblick disk image gives instructions to "Double-click to begin" in several languages. Double-clicking starts a small installer. The installer detects installs/reinstalls/upgrades/downgrades and puts the current copy of Tunnelblick.app in the Trash before replacing it, then offers to launch the new version. Warns about other copies of Tunnelblick running during an install and offers to stop them. (Simply copying Tunnelblick.app to /Applications or elsewhere on the hard drive still works, too.)
· The "Welcome to Tunnelblick" window now gives the user much more information, and offers the options of creating and editing a sample configuration file or opening the Configurations folder in Finder.
· Uses Sparkle Updater version 1.5b6 for better security. Updates must be signed with 2048-bit DSA signatures. Updating behavior is now controlled by Tunnelblick preferences, which may be forced. Deployers note: many of these preferences should be forced for security reasons in a deployed environment.
· Tunnelblick now explains why it is asking for an administrator username/password in authentication dialogs.
· Tunnelblick's OpenVPN Log window now includes detailed information about why a connection was restarted by leasewatch (when the 'Monitor connection' checkbox is checked).
· The program's menu has been streamlined.
· Connection timers are now displayed by default (unless the 'showConnectedDurations' preference is FALSE).
· Fixes problem editing configuration files on Tiger and Leopard by allowing non-admin users (without an administrator username/password) to unprotect the configuration file before invoking TextEdit. This ability can be disabled with the 'onlyAdminsCanUnprotectConfigurationFiles' preference. On Snow Leopard (which automatically unprotects files when they are modified), warns user that an administrator username/password will be required to connect if the configuration file is modified. Note: The 'Edit Configuration' button may be still disabled with a per-configuration preference.
· Enhancements: Displays command line used to launch 'openvpnstart' in the OpenVPN Log window. Detects and gives a detailed error message if a configuration file is identical to the sample provided by Tunnelblick. Creates a "Launch Tunnelblick" link in the Configurations folder. Localizes paths that are displayed to the user -- for example, in French (FR), 'Library' becomes 'Bibliothèque'. Detects, complains, and quits if not running on OS X 10.4 ("Tiger") or above. Added Quick Start Guide to disk image.
· Bug fixes: Fixes bug that caused crashes when started automatically on login on some versions of Leopard and Snow Leopard. Fixes bug that didn't localize the title for the OpenVPN Log window. Fixes bug that displayed 'monitoring connection' when 'Set nameserver' is not checked. Fixes bug opening wrong copy of sample configuration file in TextEdit. Fixes bug that tries to to create Configurations folder when not necessary. Fixes bug that tried to create configuration file in Deploy. Fixes typo in dialog for remote home folders. Fixes sporadic failure to detect multiple simultaneous connections.
· Known Issues: See the Known Issues wiki.
December 13th, 2009· New 'Monitor connection' checkbox in the OpenVPN Log window (defaults to checked). When checked, Tunnelblick monitors connection interfaces as it has since 3.0b18. When unchecked, Tunnelblick ignores connection interface changes, as version 3.0b10 did. This allows more users to use the latest version (some users couldn't because of repeated restarts caused by Tunnelblick detecting connection interface changes). Please note that OpenVPN itself restarts connections under certain circumstances. New scripts are used when 'Monitor connection' is not checked and 'Set DNS' is checked: client.nomonitor.up.osx.sh and client.nomonitor.down.osx.sh.
· New 'Options' submenu has entries to change commonly used preferences, check for updates, and view the 'About…' window.
· Tun/tap kernel extensions are loaded when Tunnelblick launches and unloaded when Tunnelblick quits.
· Configuration and other files are now located in ~/Library/Application Support/Tunnelblick/Configurations to conform to OS X standards. The ~/Library/openvpn folder is moved to this new location automatically during the first launch of Tunnelblick after updating to 3.0b24, and is replaced by a symbolic link to the new location. For details see http://groups.google.com/group/tunnelblick-discuss/t/d8f000d1e854b39d.
· Adds Català (Catalan) localization, thanks to Aleix Dorca.
· Additional Español (Spanish) and Deutsch (German) localization, thanks to Diego Rivera and Markus Schneider, respectively.
· Adds OS X version information to the start of the OpenVPN Log.
· Adds configuration, 'Set nameserver', and 'Monitor connection' status to the OpenVPN Log before attempting to make a connection.
Adds new Deployment features:
· Always restores the Resources/Deploy folder from a backup if it does not exist and a backup does. An entry is put in the Console Log, but no other user notification is made. (This happens after an auto-update without the Deploy folder.)
· Monitors Resources/Deploy (if it exists) for changes to configuration files.
· If Deploy contains only *.conf, *.oven, *.up.sh, *.down.sh, and forced-preferences.plist files, then the ~/Library/openvpn folder will be used for all other files (including other scripts).
· If 'Set nameserver' is checked and 'Monitor connection' is checked, then if Deploy/CONFIGNAME.up.sh exists, it will be used instead of Resources/client.up.osx.sh, and if Deploy/CONFIGNAME.down.sh exists, it will be used instead of Resources/client.down.osx.sh.
· If 'Set nameserver' is checked and 'Monitor connection' is not checked, then if Deploy/CONFIGNAME.nomonitor.up.sh exists, it will be used instead of Resources/client.nomonitor.up.osx.sh, and if Deploy/CONFIGNAME.nomonitor.down.sh exists, it will be used instead of Resources/client.nomonitor.down.osx.sh.
· If 'Set nameserver' is checked, then if the 'CONFIGNAME-useDownRootPlugin' preference is true, then Resources/openvpn-down-root.so will be used as a plugin for OpenVPN.
· Sets owner to root:wheel and permissions to 600 for .cer, .crt, .der, .key, .p12, .p7b, .p7c, .pem, and .pfx files in the Deploy folder.
Adds new per-configuration preferences:
· 'CONFIGNAMEdisableEditConfiguration' is a boolean. If set, disables the 'Edit configuration' button. If cleared (the default), enables the button.
· 'CONFIGNAME-notMonitoringConnection' is a boolean. If present, its value reflects/is used for the 'Monitor connection' checkbox. Default is set.
· 'CONFIGNAME-useDownRootPlugin' is a boolean. If set, causes the 'openvpn-down-root.so' plugin to be loaded. If cleared (the default), the plugin is not loaded.
· Closing a connection, putting the computer to sleep, or quitting Tunnelblick may be delayed a few seconds while Tunnelblick waits for OpenVPN processes to terminate.
· Bug fixes: Fixes bug that sometimes caused authentication failures with usernames or passwords longer than 12 characters. Fixes bug that sometimes caused the 'Retry' button to be interpreted as 'Cancel' in the Authentication Failed dialog. Fixes bug that caused a connection attempt to fail with a 'script failed: could not execute external program' error if 'Set nameserver' is checked and there is a space character in the name of Tunnelblick.app or in the path to it. Fixes bug that caused 'Get Info' of Tunnelblick.app to show incorrect copyright information. Fixes bug that often caused loss of last few lines of OpenVPN Log before disconnecting. Fixes bug that sometimes caused problems restoring connections when awakening from sleep. Fixes bug that sometimes caused the Sparkle updater window to not appear on Snow Leopard. Fixes inconsistent logging of ownership/permissions repairs. Fixes bug that caused Tunnelblick to check for updates at launch even though preference to do so was cleared, not set. Fixes bug that ignored forced-preferences.plist when there was no configuration files in Deploy. Fixes bug with configuration files that are actually symbolic links. Fixes bug that didn't verify that ownership/permissions on Deploy contents copied correctly to backup. Complains with specific message in Console log if a configuration file needs repair but is locked. Fixes problems when a configuration file is a link.
November 2nd, 2009· Includes OpenVPN version 2.1_rc20, which fixes problems with the "redirect-gateway" option.
· Includes the 32/64-bit version of tuntap, which fixes problems running Tunnelblick on Snow Leopard under the 64-bit kernel. Thanks to the tuntap project, to Mohammad A. Haque for Xcode help, and to Jean-Philippe Jung for testing.
· Stores username in Keychain instead of preferences.
· Stores shadow copies of configuration files in /Library/Application Support/Tunnelblick/Users/username instead of /Library/Tunnelblick/username.
· Bug fixes: Fixes bugs that interfere with storage or retrieval of usernames and passwords. Adds new configs to OpenVPN Log window when it has been opened but is currently closed. Clears "Automatically launch Tunnelblick upon login" for error exits. Clean exit if 'running from .dmg' error. Fixes several memory and CF leaks. Fixes bug that caused attempt to kill openvpn process that had already been killed. Fixes potential problem detecting locked configuration files during shadow copying. Installer detects and reports errors making ownership and permission modifications.
· Enhancement: Creates openvpn-down-root.so and puts a copy of it in Tunnelblick.app/Contents/Resources, allowing use of OpenVPN 'user' and 'group' options by adding a line to the configuration file. See the Using Tunnelblick wiki for details.
· Deployment enhancements: Several changes have been made which make it easy to create a customized version of Tunnelblick that can easily be deployed to multiple clients or installed once for all users of a computer. Configuration, key, and certificate files and up/down scripts can be put into a Deploy folder within Tunnelblick.app, and Tunnelblick will use them instead of using files in ~/Library/openvpn. These files are read-only, and, combined with read-only preference overrides, can create a tamper-proof application. Such deployed applications may be updated via the automatic update mechanism without losing the configuration information. Detailed information is available in the Deploying Tunnelblick wiki.
· Other enhancements: Clarifies language in a few places. Adds a specific error message if unrecoverable error. Warns if all config files removed and gives a choice of quitting or installing and editing a sample config file. Warns if zero-length passphrase, username, or password. Adds Tunnelblick icon and the configuration name to all applicable dialog windows. Puts dialogs on top of other windows.
October 10th, 2009· Fixes issues with "Set nameserver" on Snow Leopard.
· Inhibits console message that tun and tap are already loaded.
· Sends details of some error messages to the OpenVPN log window instead of the Console log.
· Prefixes all non-OpenVPN messages in the log window with "*Tunnelblick:".
September 23rd, 2009· Implements different behavior when configuration files change: when a configuration file is added, all connections are maintained. When a configuration file is deleted, only the corresponding connection is disconnected (and an alert window is displayed). In either case, the menu and Log window reflect the change immediately without restarting Tunnelblick. Changes to a configuration file's contents or metadata are ignored (but will be used the next time a connection is attempted).
· Works with home folders on network volumes and/or when the home folder is not permitted to have files owned by root. This is implemented transparently with "shadow" copies of configuration files. It is automatic if the config file is on a network volume or if Tunnelblick's "useShadowConfigurationFiles" preference is set.
· Moves "Set nameserver" checkbox to avoid inadvertent changes.
· Fixes issues when DNS is set manually, when 'dhcp-option DOMAIN ...' is pushed to the client, and when --remote-random is used under certain circumstances.
· Fixes misleading language in window that requests a username/password for the VPN.
· Fixes a bug which caused OpenVPN Log window to stay on top of all other windows if it was opened within 3 seconds of starting Tunnelblick.
· Fixes a bug which caused config file changes to be ignored under certain circumstances.
· Fixes a bug which interferes with saving a username/password combination or a passphrase to the Keychain when there is more than one simultaneous connection.
· Fixes a bug which causes a (quitable) infinite loop if an error occurred while changing ownerships and/or permissions.
· Fixes a bug which sometimes causes non-English text of buttons or checkboxes to be truncated or clipped.
· Makes changes to ownership and permissions of parts of Tunnelblick.app for better security.
· Adds support for WINS configurations from the server when using the standard up/down scripts (i.e., when the "Set nameserver" checkbox is checked).
· Warns about multiple simultaneous connections, with a checkbox to suppress such warnings.
· Displays duration times only for connected tunnels.
· Updated to UKKQueue 0.5 and LZO 2.03
· Adds Spanish localization (thanks to Diego Rivera).
August 24th, 2009· Upgraded to OpenVPN version 2.1_rc19
· Additional French translations (contributed by Oliver Hill)
· An entry is appended to the OpenVPN Log window if OpenVPN returns with an error code. (This typically happens when there is an error in the configuration file.)
August 11th, 2009· Fixed issues where DNS settings were not saved properly, and when DHCP is renewed.
· Added support for PKCS#11 and Security Tokens, e.g. Aladdin eToken.
· Additional Korean and German translations.
· Animation improvements, including the ability to have "icon sets". Note: the user interface for this feature is not included yet.
· Fixed issue with "Set nameserver" and "Auto connect on launch" checkboxes being cleared on quit if the "OpenVPN Log" window was never displayed.
· Fixed issue which caused disconnects when any file in ~/Library/openvpn was accessed (for example, by backup software). (Note that changing, adding, or deleting any configuration files will close all open connections).
· Fixed issue with failed authentication: now handled gracefully: allows cancel or retry. If credentials are stored in the KeyChain, also allows retry with new credentials (by deleting the old credentials before the retry).
· Fixed issue with multiple connections with same username; separate passwords are now kept for each username.
· Fixed issue in dialog about configuration files - the correct path is now shown: "~/Library" instead of "/Library".
· Command-C, Command-X, Command-V (copy, cut, paste) and Command-A, Command-M, Command-W, and Command-Q (select all, minimize to the Dock, close window, and quit Tunnelblick) now work properly from the "OpenVPN Log" window.
· Fixed issue which caused invalid dates/times to appear in the OpenVPN Log.
· Shows connection duration in "OpenVPN Log" window's tabs.
· Fixed issue which caused the "OpenVPN Log" window to remain underneath other windows when the "Details..." menu item is clicked.
· Added date/time and Tunnelblick and OpenVPN version info at the beginning of the OpenVPN Log and whenever it is cleared.
· Saves and restores "OpenVPN Log" window size and position.
· Internationalized date/time displayed in the OpenVPN Log, including seconds.
· Fixed bug which caused Japanese localization to fail.
· Displays tab for the left-most established connection when the "OpenVPN Log" window is first displayed. If no established connection exists, displays the left-most tab.
· Added the "Using Tunnelblick.html" document to the installation disk image.
· Added preference, "doNotMonitorConfigurationFolder" (default = False) to disable monitoring of the configuration folder for changes to the configuration files.
· Added preference, "placeIconInStandardPositionInStatusBar" (default = False) to have the Tunnelblick icon placed normally in the Status Bar -- to the left of other items (contributed by Raal Goff and Michael Schloh von Bennewitz).
· Added an "About" window that displays a link to the website, Tunnelblick version and build numbers, and the OpenVPN version number, which is dynamically extracted from the openvpn program (and thus always reports the version of OpenVPN which is actually being used).
· Fixed issue which caused Tunnelblick to pass the "script-security 2" arguments to OpenVPN even if a version of OpenVPN which doesn't support that argument is being used.
openvpnstart enhancements:
· The "Set nameserver" argument is now optional and defaults to 0 (NO).
· Optional argument skips passing the "script-security 2" arguments to OpenVPN.
· Improved error checking and reporting.
· Displays usage instructions if invoked with no arguments.
· Fixed program crashes caused by improper syntax.
· "killall" command shows # of openvpn processes killed if non-zero.
August 5th, 2009· Fixed issues where DNS settings were not saved properly, and when DHCP is renewed (contributed by Diego Rivera)
· Added support for PKCS#11 and Security Tokens, e.g. Aladdin eToken (contributed by Xaver Loppenstedt)
· Additional Korean and German translations (contributed by Markus Schneider and Kyoungmin Kim)
· Animation improvements, including the ability to have "icon sets" (contributed by Raal Goff). Note: the user interface for this feature is not included yet
· Fixed issue with "Set nameserver" and "Auto connect on launch" checkboxes being cleared on quit if the "OpenVPN Log" window was never displayed
· Fixed issue which caused disconnects when any file in ~/Library/openvpn was accessed (for example, by backup software). (Note that changing, adding, or deleting any configuration files will close all open connections)
· Fixed issue which didn't allow configuration files with owners other than root and/or permissions other than 0744 if the user gives permission. This makes possible home folders on NTFS or FAT volumes.
· Fixed issue with failed authentication: now handled gracefully: allows cancel or retry. If credentials are stored in the KeyChain, also allows retry with new credentials (by deleting the old credentials before the retry)
· Fixed issue with multiple connections with same username; separate passwords are now kept for each username
· Fixed issue in dialog about configuration files - the correct path is now shown: "~/Library" instead of "/Library"
· Command-C, Command-X, Command-V (copy, cut, paste) and Command-A, Command-M, Command-W, and Command-Q (select all, minimize to the Dock, close window, and quit Tunnelblick) now work properly from the "OpenVPN Log" window
· Fixed issue which caused invalid dates/times to appear in the OpenVPN Log
· Shows connection duration in "OpenVPN Log" window's tabs
· Fixed issue which caused the "OpenVPN Log" window to remain underneath other windows when the "Details..." menu item is clicked
· Added date/time and Tunnelblick and OpenVPN version info at the beginning of the OpenVPN Log and whenever it is cleared
· Saves and restores "OpenVPN Log" window size and position
· Internationalized date/time displayed in the OpenVPN Log, including seconds
· Fixed bug which caused Japanese localization to fail
· Displays tab for the left-most established connection when the "OpenVPN Log" window is first displayed. If no established connection exists, displays the left-most tab
· Added the "Using Tunnelblick.html" document to the installation disk image
· Added preference, "doNotMonitorConfigurationFolder" (default = False) to disable monitoring of the configuration folder for changes to the configuration files
· Added preference, "placeIconInStandardPositionInStatusBar" (default = False) to have the Tunnelblick icon placed normally in the Status Bar -- to the left of other items (contributed by Raal Goff and Michael Schloh von Bennewitz)
· Added an "About" window that displays a link to the website, Tunnelblick version and build numbers, and the OpenVPN version number, which is dynamically extracted from the openvpn program (and thus always reports the version of OpenVPN which is actually being used).
· Fixed issue which caused Tunnelblick to pass the "script-security 2" arguments to OpenVPN even if a version of OpenVPN which doesn't support that argument is being used
openvpnstart enhancements:
· The "Set nameserver" argument is now optional and defaults to 0 (NO)
· Optional argument skips test of the security of the configuration file. It defaults to 0 (NO), so the test IS performed
· Optional argument skips passing the "script-security 2" arguments to OpenVPN.
· Improved error checking and reporting
· Displays usage instructions if invoked with no arguments
· Fixed program crashes caused by improper syntax
· "killall" command shows # of openvpn processes killed if non-zero
November 21st, 2008· Fix linking problem that resulted in lzo compression not working on PowerPC.
· Prevent user from launching tunnelblick directly from the dmg.
· Remove experimental status from 'Set Nameserver' and make it the default.
· Upgrade to OpenVPN 2.1_rc15.
· Let buffered openvpn log messages appear in the GUI log.
· Possible fix for the crash if password is mistyped when using username/password authentication.
· Add version number to plist file.
· Don't restart connections on NetworkDidChange notification. fixes issue where existing connections would be reset when starting multiple simultaneous vpn connections.
· Always use --script-security 2 so users are allowed to supply custom up/down scripts. needed for OpenVPN 2.1.
· Add missing example config file.
· Properly escape special chars in username or password/passphrase before passing them over to the management interface. fixes issue where the password/passphrase was not accepted when it contained backslashes or " chars.
· Use NSStatusWindowLevel for notification windows. fixes issue that Tunnelblick icon remained visible in spaces or fullscreen mode of some apps.
· Increase robustness when killing openvpn children by explicitly sending the SIGTERM to the process id instead of just sending "signal SIGTERM" over the management socket.
· Kill all openvpn processes on quit. fixes a rare condition where openvpn processes would be left over on Tunnelblick quit.
· Add German, French, Japanese, Korean and Norwegian translations.
July 25th, 2008· Fixed the crash on Leopard
· Fixes the slow shutdown issue
· Updated to the new tun/tap drivers
· Auto-Update Capability using Sparkle
May 5th, 2008· fixes hanging on Quit in Leopard
· updated to new tun/tap driver that will build correctly on leopard (the old one worked fine when built under tiger)
· fixes lzo problem for powerpc users
· updated third_party build system to correctly build universal binaries and to use 10.4u SDK when run under Leopard
October 27th, 2007· fix for auto-connect amnesia issue
· fixed crash when user clicks on cancel in authorization window
· added feature: menu updates in realtime when new configs appear in Library/openvpn
· fixed bug in new animation code where the menu icon would not correctly represent the actual connection state when the animation was interrupted
· fix for spaces in passphrases
· single command build process using a Makefile that will build the Tunnelblick Xcode project as well as all dependencies like lzo, openpvn and tuntap.
Find us on Google+
