What's new in Tunnelblick 5.0.1 Build 6020 Beta 1
Apr 8, 2024
- Complains and quits Tunnelblick if the user has disabled a background program it requires.
- Updates localization.
- Fixes macOS misidentifying a Tunnelblick background program as 'Jonathan Bullard'.
- Fixes Tunnelblick problems that caused connection retries to happen too often, sometimes locking up Tunnelblick.
- Fixes a problem installing Tunnelblick VPN Configurations that contain an OpenVPN configuration file not named 'config.ovpn'.
New in Tunnelblick 5.0.0 Build 6010 Beta 2 (Mar 13, 2024)
- Fixes a problem that caused the loss of the local DNS configuration on disconnection (Issue 789).
- Fixes a problem that caused Tunnelblick to fail to launch automatically at login.
New in Tunnelblick 4.0.1 Build 5971 (Mar 13, 2024)
- Fixes a problem that caused the loss of the local DNS configuration on disconnection (Issue 789).
- Fixes a problem that caused Tunnelblick to fail to launch automatically at login.
New in Tunnelblick 4.0.0 Build 5970 (Mar 10, 2024)
- Adds support for client-pending-auth with WEB_AUTH.
- Adds commands to install private and shared configurations from the command line.
- Changes the versions of OpenVPN/OpenSSL that are included.
- Changes the default version of OpenVPN/OpenSSL used for connecting.
- Includes several other improvements and fixes many problems.
New in Tunnelblick 4.0.0 Build 5960 Beta 16 (Feb 28, 2024)
- Fixes a security vulnerability when installing Tunnelblick.
- Fixes a problem when no OpenVPN 'dhcp-option: options are specified and Tunnelblick's 'Monitor network settings' is checked.
- Fixes problems loading system extensions automatically.
- Includes OpenVPN 2.4.12, 2.5.9, and 2.6.9 with OpenSSL 1.1.1w, and OpenVPN 2.6.9 with OpenSSL 3.0.13.
New in Tunnelblick 4.0.0 Build 5950 Beta 15 (Feb 13, 2024)
- Defaults to use OpenVPN 2.6 and OpenSSL 3.0 instead of OpenVPN 2.5 and OpenSSL 1.1.1.
- Includes OpenVPN 2.6.9, replacing 2.6.8. See Changes in OpenVPN 2.6.
- Allows disabling IPv6 and/or secondary network services even if no dhcp-option is specified.
- Fixes a problem when Tunnelblick is not installed by double-clicking.
New in Tunnelblick 3.8.8g Build 5779.3 (Dec 5, 2023)
- Fixes a problem running Tunnelblick's privileged helper.
New in Tunnelblick 3.8.8f Build 5779.2 (Dec 5, 2023)
- Fixes several problems installing configurations and installing and running Tunnelblick.
New in Tunnelblick 3.8.8f Build 5779.2 (Dec 2, 2023)
- Fixes several problems installing configurations and installing and running Tunnelblick.
New in Tunnelblick 4.0.0 Build 5930 Beta 13 (Nov 22, 2023)
- Fixes a problem installing configurations.
New in Tunnelblick 4.0.0 Build 5920 Beta 12 (Nov 20, 2023)
- Includes OpenVPN 2.6.8, replacing 2.6.6..
- Enables the 'Copy Diagnostic Info to Clipboard' button even if there are no configurations.
- Always requires administrator authorization to add or modify an OpenVPN configuration file that has an 'client-crresponse' option.
- Includes OpenVPN 2.4.12, 2.5.9, and 2.6.8 with OpenSSL 1.1.1w, and OpenVPN 2.6.8 with OpenSSL 3.0.12.
New in Tunnelblick 4.0.0 Build 5910 Beta 11 (Nov 6, 2023)
- Fixes a problem installing or securing configurations.
New in Tunnelblick 4.0.0 Build 5900 Beta 10 (Oct 25, 2023)
- Includes OpenSSL 3.0.12, replacing 3.0.10.
- Adds support for client-pending-auth with WEB_AUTH.
- Runs only on macOS 10.13 and later.
- Includes OpenVPN 2.4.12, 2.5.9, and 2.6.6 with OpenSSL 1.1.1w, and OpenVPN 2.6.6 with OpenSSL 3.0.12.
New in Tunnelblick 3.8.8e Build 5779.1 (Oct 25, 2023)
- Fixes several problems installing and running Tunnelblick.
- Runs only on macOS 10.13 and later.
- Includes OpenVPN 2.3.18 with LibreSSL 2.7.1 and OpenSSL 1.0.2u, and OpenVPN 2.4.12 and 2.5.9 with OpenSSL 1.1.1v.
New in Tunnelblick 4.0.0 Build 5890 Beta 9 (Sep 12, 2023)
- Includes OpenVPN 2.6.6, replacing 2.6.5, and OpenSSL 1.1.1w, replacing 1.1.1v.
- Includes the installer log in the Diagnostic Info.
- Updates localization.
- Fixes several problems.
New in Tunnelblick 4.0.0 Build 5880 Beta 8 (Aug 6, 2023)
- Fixes several security vulnerabilities. See Assisted Local Privilege Escalation and Arbitrary File Overwrite Vulnerabilities.
- Warns if updated or modified configurations may run scripts.
- Includes OpenVPN 2.6.5, replacing 2.6.4. See Changes in OpenVPN 2.6.
- Includes OpenSSL 1.1.1v, replacing 1.1.1u. See OpenSSL 1.1.1 Series Release Notes.
- Includes OpenSSL 3.0.10, replacing 3.0.9. See OpenSSL 3.0 Series Release Notes.
- Fixes problems with some TAP connections.
- Fixes problems if a macOS string manipulation method fails.
- Fixes a problem determining the username when using Tunnelblick's installer from the command line.
- Fixes a problem installing Tunnelblick 4.0.0beta07.
New in Tunnelblick 3.8.8d Build 5779 (Aug 6, 2023)
- Fixes several security vulnerabilities. See Assisted Local Privilege Escalation and Arbitrary File Overwrite Vulnerabilities.
- Warns if converted, updated, or modified configurations may run scripts.
- Includes OpenSSL 1.1.1v, replacing 1.1.1u. See OpenSSL 1.1.1 Series Release Notes.
- Discontinues migrating old file layout to 'new' (new 10 years ago) layout.
- Discontinues converting .ovpn and .conf files found in Tunnelblick's standard folder to Tunnelblick VPN Configurations.
- Fixes a problem installing Tunnelblick 3.8.8c.
New in Tunnelblick 4.0.0 Build 5870 Beta 7 (Aug 3, 2023)
- Fixes several security vulnerabilities. See Assisted Local Privilege Escalation and Arbitrary File Overwrite Vulnerabilities.
- Warns if updated or modified configurations may run scripts.
- Includes OpenVPN 2.6.5, replacing 2.6.4. See Changes in OpenVPN 2.6.
- Includes OpenSSL 1.1.1v, replacing 1.1.1u. See OpenSSL 1.1.1 Series Release Notes.
- Includes OpenSSL 3.0.10, replacing 3.0.9. See OpenSSL 3.0 Series Release Notes.
- Fixes problems with some TAP connections.
- Fixes problems if a macOS string manipulation method fails.
- Fixes a problem determining the username when using Tunnelblick's installer from the command line.
New in Tunnelblick 3.8.8c Build 5778 (Aug 3, 2023)
- Fixes several security vulnerabilities. See Assisted Local Privilege Escalation and Arbitrary File Overwrite Vulnerabilities.
- Warns if converted, updated, or modified configurations may run scripts.
- Includes OpenVPN 2.6.5, replacing 2.6.4. See Changes in OpenVPN 2.6.
- Includes OpenSSL 1.1.1v, replacing 1.1.1u. See OpenSSL 1.1.1 Series Release Notes.
- Discontinues migrating old file layout to 'new' (new 10 years ago) layout.
- Discontinues converting .ovpn and .conf files found in Tunnelblick's standard folder to Tunnelblick VPN Configurations.
New in Tunnelblick 4.0.0 Build 5860 Beta 6 (Jun 4, 2023)
- Includes OpenSSL 1.1.1u, replacing 1.1.1t.
- Includes OpenSSL 3.0.9, replacing 3.0.8.
- Includes OpenVPN 2.6.4, replacing 2.6.3.
- Adds installer commands to install private and shared configurations from the command line. See Installing and Deleting VPN Configurations.
- No longer converts 10-year-old OpenVPN setups automatically.
- Fixes a problem with fast user switching (GitHub Issue #738).
- Fixes several other minor problems.
New in Tunnelblick 3.8.8b Build 5777 (Jun 4, 2023)
- Includes OpenSSL 1.1.1u, replacing 1.1.1t.
New in Tunnelblick 4.0.0 Build 5850 Beta 5 (May 7, 2023)
- Adds OpenVPN 2.6.3 with OpenSSL 3.0.8.
- Removes OpenVPN 2.3.18, OpenSSL 1.0, and LibreSSL.
- Adds the 'install private configurations' AppleScript command.
- Truncates the OpenVPN log if it becomes too large (GitHub Issue #739).
- Fixes several problems.
New in Tunnelblick 4.0.0 Build 5840 Beta 4 (Apr 25, 2023)
- Includes OpenVPN 2.6.3, replacing 2.6.0. See Changes in OpenVPN 2.6.
- Fixes a problem installing configurations with 'up' commands that run binary executables instead of scripts (GitHub Issue #726).
- Fixes a problem that caused the Tunnelblick login item to be shown as being from an unidentified developer on macOS Ventura (GitHub Issue #742).
- Fixes a problem that caused the display of long configuration names to be truncated (GitHub Issue #744).
- Fixes a problem using OpenVPN 2.6.3 (GitHub Issue #751).
- Updates localization.
New in Tunnelblick 4.0.0 Build 5830 Beta 3 (Apr 24, 2023)
- Includes OpenVPN 2.6.3, replacing 2.6.0. See Changes in OpenVPN 2.6.
- Fixes a problem installing configurations with 'up' commands that run binary executables instead of scripts (GitHub Issue #726).
- Fixes a problem that caused the Tunnelblick login item to be shown as being from an unidentified developer on macOS Ventura (GitHub Issue #742).
- Fixes a problem that caused the display of long configuration names to be truncated (GitHub Issue #744).
- Updates localization.
New in Tunnelblick 4.0.0 Build 5820 Beta 2 (Feb 17, 2023)
- Fixes a problem on Apple Silicon Macs that do not have Rosetta 2 installed.
- Includes OpenSSL 1.1.1t, replacing 1.1.1o. See OpenSSL 1.1.1 Change Log.
- Includes OpenVPN 2.5.9, replacing 2.5.6. See Changes in OpenVPN 2.5.9.
- Includes OpenVPN 2.6.0. See Changes in OpenVPN 2.6.
- Does not need TAP device driver; uses macOS built-in driver instead.
- Fixes a misleading error message.
New in Tunnelblick 3.8.8a Build 5776 (Feb 17, 2023)
- Fixes a problem on Apple Silicon Macs that do not have Rosetta 2 installed.
- Includes OpenSSL 1.1.1t, replacing 1.1.1o. See OpenSSL 1.1.1 Change Log.
- Includes OpenVPN 2.5.9, replacing 2.5.6. See Changes in OpenVPN 2.5.9.
New in Tunnelblick 4.0.0 Build 5810 Beta 1 (Feb 15, 2023)
- Includes OpenSSL 1.1.1t, replacing 1.1.1o.
- Includes OpenVPN 2.5.8, replacing 2.5.6.
- Includes OpenVPN 2.6.0.
- Does not need TAP device driver; uses macOS built-in driver instead.
- Fixes a misleading error message.
New in Tunnelblick 3.8.8 Build 5775 (Feb 15, 2023)
- Includes OpenSSL 1.1.1t, replacing 1.1.1o.
- Includes OpenVPN 2.5.8, replacing 2.5.6.
New in Tunnelblick 3.8.8 Build 5800 Beta 4 (May 6, 2022)
- Includes OpenSSL 1.1.1o, replacing 1.1.1m. See OpenSSL Security Advisory 03 May 2022.
- Includes OpenVPN 2.5.6, replacing 2.5.5. See Changes in OpenVPN 2.5.6.
- Includes OpenVPN 2.4.12, replacing 2.4.11. See Changes in OpenVPN 2.4.12.
- Updates the message shown when the IP address was changed successfully after a VPN connection.
New in Tunnelblick 3.8.8 Build 5790 Beta 3 (May 6, 2022)
- Includes OpenSSL 1.1.1m, replacing 1.1.1l
- Includes OpenVPN 2.5.5, replacing 2.5.4.
- Includes a new checkbox, 'Disable secondary network interfaces'.
- Always includes OpenSSL 2.3.18; running Tunnelblick in Rosetta is no longer required.
- Warns if running under Rosetta.
- Hides the security token checkbox and textbox in the VPN login window if the per-configuration '-loginWindowSecurityTokenIsHidden' preference is true. (The preference should be set using the 'default' command.)
- Warns if DNS settings are not as expected after connecting.
New in Tunnelblick 3.8.8 Build 5780 Beta 2 (Dec 2, 2021)
- Enhances the security of access to the OpenVPN management interface.
- Fixes problems displaying some warnings in dark mode.
- Fixes two problems in 3.8.8beta01.
New in Tunnelblick 3.8.7a Build 5770 (Dec 2, 2021)
- Enhances the security of access to the OpenVPN management interface.
- Updates OpenVPN to version 2.5.4 from version 2.5.3. (Also includes 2.3.18 and 2.4.11.)
- Shows the login window on all spaces.
- Includes many other improvements and fixes several problems.
New in Tunnelblick 3.8.8 Build 5760 Beta 1 (Nov 29, 2021)
- Enhances the security of access to the OpenVPN management interface.
- Fixes problems displaying some warnings in dark mode.
New in Tunnelblick 3.8.7 Build 5750 (Nov 29, 2021)
- Enhances the security of access to the OpenVPN management interface.
- Updates OpenVPN to version 2.5.4 from version 2.5.3. (Also includes 2.3.18 and 2.4.11.)
- Shows the login window on all spaces.
- Includes many other improvements and fixes several problems.
New in Tunnelblick 3.8.7 Build 5740 Beta 3 (Oct 31, 2021)
- Updates OpenVPN to version 2.5.4 from version 2.5.3. (Also includes 2.3.18 and 2.4.11.)
- Shows the login window on all spaces.
- Fixes a problem that prevented loading of kexts on macOS Monterey.
- Fixes problems that caused Tunnelblick to crash or hang.
New in Tunnelblick 3.8.6a Build 5711 (Sep 2, 2021)
- Fixes a problem that caused Tunnelblick to crash.
New in Tunnelblick 3.8.7 Build 5720 Beta 1 (Aug 26, 2021)
- Updates OpenSSL to 1.1.1l from 1.1.1k. See OpenSSL Security Advisory 24 August 2021.
- Sets the initial focus of the VPN login window to the security token text field if the password is filled in.
- Fixes a problem that caused configurations to be disabled when first installed.
New in Tunnelblick 3.8.6 Build 5710 (Aug 26, 2021)
- Changes the default version of OpenVPN from 2.4 to 2.5.
- Updates OpenSSL to 1.1.1l from 1.1.1k. See OpenSSL Security Advisory 24 August 2021.
- Updates OpenVPN versions to 2.5.3 and 2.4.11.
- Allows security codes to be appended to passwords.
- Includes other enhancements and fixes several problems.
New in Tunnelblick 3.8.6 Build 5707 Beta 6 (Aug 18, 2021)
- PREVIEW: For testing only. Runs natively on M1 and Intel Macs.
- Fixes a failure to run post-disconnect.sh scripts when Tunnelblick shuts down.
- Fixes a problem that caused updates to fail.
New in Tunnelblick 3.8.6 Build 5706 Beta 5 (Jun 27, 2021)
- PREVIEW: For testing only. Runs natively on M1 and Intel Macs.
- Fixes a bug that can cause undefined behavior.
New in Tunnelblick 3.8.6 Build 5705 Beta 4 (Jun 27, 2021)
- PREVIEW: For testing only. Runs natively on M1 and Intel Macs.
- Replaces OpenVPN 2.5.2 with 2.5.3.
- Changes the default version of OpenVPN from 2.4 to 2.5.
- Allows the new 'auth-token-user' OpenVPN option.
- Includes additional debugging information.
New in Tunnelblick 3.8.6 Build 5700 Beta 3 (Apr 23, 2021)
- Fixes a problem retrieving saved usernames and passwords.
New in Tunnelblick 3.8.6 Build 5690 Beta 2 (Apr 22, 2021)
- Updates Openvpn 2.5.1 to 2.5.2. See Overview of changes in 2.5.2 for details.
- Updates Openvpn 2.4.10 to 2.4.11. See Overview of changes in 2.4.11 for details.
- Optionally allows the code from an authentication device to be entered in the VPN login window with the username and password.
New in Tunnelblick 3.8.5a Build 5671 (Apr 22, 2021)
- Updates Openvpn 2.5.1 to 2.5.2. See Overview of changes in 2.5.2 for details.
- Updates Openvpn 2.4.10 to 2.4.11. See Overview of changes in 2.4.11 for details.
New in Tunnelblick 3.8.6 Build 5680 Beta 1 (Apr 12, 2021)
- If a fatal error occurs in a beta version of Tunnelblick, macOS will force quit Tunnelblick without notifying the user. On the next launch of Tunnelblick the user will be asked to email extended diagnostic data to the developers.
- Includes cosmetic changes to Tunnelblick's copyright notice and credits.
- Updates translations.
New in Tunnelblick 3.8.5 Build 5670 (Apr 12, 2021)
- Requires macOS 10.10 or higher.
- Updates OpenVPN, LZ4, and PKCS11.
- Runs OpenVPN and Tunnelblick's system extensions as a native programs on M1 and Intel-64 processors. The Tunnelblick application runs as a native program on Intel-64 processors, and runs under Rosetta 2 on M1 processors.
- Includes many other improvements and fixes several problems.
New in Tunnelblick 3.8.5 Build 5660 Beta 6 (Apr 2, 2021)
- Updates OpenSSL to 1.1.1k from 1.1.1j. See OpenSSL Security Advisory 25 March 2021.
- Updates the list of 'safe' OpenVPN options.
- Updates translations.
- Fixes a problem that caused settings to be changed when disconnecting.
- Fixes a problem that caused the wrong log to be displayed.
New in Tunnelblick 3.8.4b Build 5602 (Apr 2, 2021)
- Updates OpenSSL to 1.1.1k from 1.1.1i. (See OpenSSL Security Advisory 25 March 2021.)
New in Tunnelblick 3.8.5 Build 5650 Beta 5 (Feb 26, 2021)
- Replaces OpenVPN 2.5.0 with 2.5.1.
- Runs OpenVPN and Tunnelblick's system extensions as a native programs on M1 and Intel-64 processors. The Tunnelblick application runs as a native program on Intel-64 processors, and runs under Rosetta 2 on M1 processors.
- Updates translations.
- Fixes a problem that caused tabs or buttons in the 'VPN Details' window to be only partially visible.
New in Tunnelblick 3.8.5 Build 5640 Beta 4 (Feb 21, 2021)
- Replaces OpenSSL 1.1.1i with 1.1.1j. See OpenSSL Security Advisory 16 February 2021.
- Tunnelblick's system extensions run as a native programs on M1 and Intel-64 processors. The Tunnelblick application and OpenVPN run as a native program on Intel-64 processors, and run under Rosetta 2 on M1 processors.
- Updates translations.
- Fixes a problem that caused the Tunnelblick application to crash.
- Fixes bad links in warnings.
New in Tunnelblick 3.8.5 Build 5620 Beta 3 (Feb 12, 2021)
- Tunnelblick and OpenVPN are now universal binaries built with Xcode 12.4 and run as native programs on both Intel-64 and M1 processors.
- Includes a new 'Install system extensions' button on the Utilities panel which facilitates installing system extensions on macOS Big Sur if they are required.
- Disconnects the VPN automatically and complains if a certificate has expired or is not yet valid.
- Updates translations.
- Fixes a problem on macOS Big Sur that hid the 'Advanced' button.
- Fixes a problem that could cause Tunnelblick to hang.
- Fixes a problem that caused authentication failures if a passphrase was visible.
New in Tunnelblick 3.8.5 Build 5620 Beta 2 (Dec 15, 2020)
- Updates OpenSSL to version 1.1.1i from 1.1.1h. (See OpenSSL Security Advisory 08 December 2020.)
- Updates OpenVPN to version 2.4.10 from 2.4.8.
- Updates LZ4 to version 1.93 from 1.92.
- Updates PKCS11 to version 1.27 from 1.26.0.
- Includes a button to uninstall Tunnelblick. (On the 'Utilities' panel of the 'VPN Details' window.)
- Skips warning about disabling tun or tap in Big Sur if tun and tap are set to load automatically.
- Skips warning when the user cancels an uninstall.
- Fixes a problem that hid some "'do not warn about this again' checkboxes.
- Fixes several problems that caused hangs or crashes.
New in Tunnelblick 3.8.4a Build 5601 (Dec 15, 2020)
- Updates OpenSSL to version 1.1.1i from 1.1.1h. (See OpenSSL Security Advisory 08 December 2020.)
New in Tunnelblick 3.8.5 Build 5610 Beta (Nov 10, 2020)
- Updates localization.
- Fixes a problem showing information about loading Tunnelblick system extensions.
New in Tunnelblick 3.8.4 Build 5600 (Nov 10, 2020)
- Ready for macOS 11 'Big Sur'.
- Includes updated versions of OpenVPN, OpenSSL, PKCS11, and LZ4.
- Includes many improvements and fixes several bugs.
New in Tunnelblick 3.8.3a Build 5521 (Sep 8, 2020)
- Includes OpenVPN 2.5 Beta 3, replacing OpenVPN 2.5 git master cc76e177 dated 2020-05-19.
New in Tunnelblick 3.8.3 Build 5520 (Jul 27, 2020)
- Adds the ability to create, delete, and rename folders containing configurations, and to copy and move these folders and configurations using drag and drop.
- Includes updated versions of OpenVPN and OpenSSL.
- Allows scripts to set or modify the VPN password before it is sent to OpenVPN.
- Includes other enhancements and fixes many problems.
New in Tunnelblick 3.8.2a Build 5481 (Jul 19, 2020)
- Changes from 3.8.2 to 3.8.2a (SECURITY UPDATE):
- Replaces OpenVPN 2.4.8 with 2.4.9. See Changes in OpenVPN v2.4.
New in Tunnelblick 3.8.2 Build 5470 Beta 07 (Mar 20, 2020)
- Includes OpenSSL 1.1.1e instead of 1.1.1d. See OpenSSL Security Advisory 6 December 2019 and OpenSSL 1.1.1 Series Release Notes.
- Includes a partial Swahili (Tanzania) translation and updates the Finnish translation.
New in Tunnelblick 3.8.2 Build 5460 Beta 06 (Mar 13, 2020)
- Built on macOS 10.11.6 with Xcode 7.3.1.
- Fixes problems causing fatal errors.
New in Tunnelblick 3.8.2 Build 5450 Beta 05 (Mar 2, 2020)
- Includes OpenVPN 2.5 git master 32723d2 dated 2020-02-20.
- Built on macOS 10.14.6 with Xcode 10.3.
- Ignores invisible files and folders when updating configurations.
- Includes better logging when updating configurations.
- Fixes problems using non-Tunnelblick OpenVPN binaries.
New in Tunnelblick 3.8.2 Build 5440 Beta 04 (Jan 31, 2020)
- Allows the use of custom OpenVPN binaries.
- Includes better logging of problems when updating configurations.
- Includes updated localization.
- Fixes two problems updating configurations using the 'new' method.
- Fixes a problem updating or installing configurations that include localization.
- Fixes a problem when resetting disabled warnings.
- Fixes a cosmetic problem when deleting a configuration enclosed in a folder.
- Fixes two misleading log entries.
New in Tunnelblick 3.8.2 Build 5430 Beta 03 (Dec 23, 2019)
- Allows standard users to install and update 'restricted' configurations if allowed by a computer administrator.
- Includes a new, simpler method of updating configurations.
- Optionally requires authentication to connect, using TouchID if it is available.
- Defaults to use OpenSSL 1.1.1 and replaces OpenSSL 1.0.2t with 1.0.2u. (OpenSSL support for 1.0.2 ends 2019-12-31.)
- Creates an installer package for tuntap which includes Tunnelblick's notarized kexts.
- Includes updated translations.
- Corrects a statement about the removal of the comp-lzo OpenVPN option.
- Fixes a problem exporting a Tunnelblick setup.
New in Tunnelblick 3.8.2 Build 5420 Beta 02 (Nov 1, 2019)
- Includes OpenVPN 2.4.8 (changes), OpenVPN 2.5 at git master commit 57623b4 dated 2019-10-28, and OpenVPN 2.3.18.
- No longer warns about out-of-date builds.
- Includes updated localization and adds a partial Thai translation.
- Fixes a problem that briefly showed overlapping contents when switching panels of the 'VPN Details' window.
New in Tunnelblick 3.8.2 Build 5410 Beta 01 (Sep 12, 2019)
- Includes OpenSSL 1.0.2t and 1.1.1d. See OpenSSL Security Advisory 10 September 2019.
- Includes updated translations.
- Fixes misspelling of founder Anglelo Laub's name in the credits (!).
New in Tunnelblick 3.8.1 Build 5400 (Sep 12, 2019)
- Includes OpenSSL 1.0.2t and 1.1.1d. See OpenSSL Security Advisory 10 September 2019.
- Includes OpenVPN git master d42f070 dated 2019-08-18.
- Warns about two or more simultaneous connections with at least one set to use 'Set nameserver'.
- Includes updated translations.
- Fixes Issue 564 Catastrophic error: Could not create a temporary directory.
- Fixes misspelling of founder Anglelo Laub's name in the credits (!).
New in Tunnelblick 3.8.1 Build 5390 Beta 02 (Sep 6, 2019)
- Replaces OpenVPN git master 2.5 ccb636c withd42f070 dated 2019-08-18.
- Warns about two or more simultaneous connections with at least one set to use 'Set nameserver'.
- Includes updated translations.
- Fixes Issue 564 Catastrophic error: Could not create a temporary directory.
New in Tunnelblick 3.8.1 Build 5380 Beta 01 (Jul 22, 2019)
- Includes the macOS build number when displaying the macOS version.
- Includes updated translations.
New in Tunnelblick 3.8.0 Build 5370 (Jul 22, 2019)
- Improves the appearance of windows.
- Adds the ability to show or hide passwords and passphrases while they are being entered.
- Fixes problems restoring DNS and IPv6 settings after shutting down or restarting the computer while a VPN was connected.
- Includes updated translations and other enhancements and fixes many other problems.
New in Tunnelblick 3.7.9a Build 5321 (Jun 4, 2019)
- Fixes a failure to restore DNS settings after shutting down or restarting the computer while a VPN was connected.
New in Tunnelblick 3.7.9 Build 5320 (May 23, 2019)
- Disables IPv6 only if the OpenVPN server is not accessed via IPv6.
- Add warnings about common DHCP problems for tap connections.
- Includes a checkbox to always display the username and password dialog, even if both are saved in the Keychain. (Useful for some 2-factor authentication methods.)
- Updates translations to 40 languages.
- Displays environment variables when debugging the 'up' script.
- Fixes a bug that caused Tunnelblick entries to appear in the log in black.
New in Tunnelblick 3.7.8 Build 5180 (Apr 27, 2019)
- Ignores any empty "Icon?" files in a .tblk. (Such files are added by Google Drive as part of its synchronization process.)
- Fixes a problem that caused all disconnections of "Private" configurations to be considered unexpected.
- Fixes a problem verifying Tunnelblick's digital signature on macOS 10.9 ("Mavericks").
New in Tunnelblick 3.7.7 Build 5150 (Nov 6, 2018)
- Includes OpenSSL 1.0.2p and 1.1.1 (see release notes for 1.0.2 and 1.1.1).
- Supports macOS Mojave (10.14) 'Dark Mode'.
- Adds support for static and dynamic challenge/response, including control by scripts (useful for TOTP and other authentication mechanisms). See Multi-factor and Two-factor Authentication for details.
- Adds support for IPv6.
- Adds the ability to export and import all Tunnelblick configurations and settings in a single operation.
- Includes other enhancements and fixes several problems.
New in Tunnelblick 3.7.7 Build 5140 Beta 06 (Oct 1, 2018)
- Fixes a problem in 3.7.7beta05 that caused crashes.
- Fixes a problem that allowed update checks even if "Inhibit automatic update checking and IP Address checking" was checked.
New in Tunnelblick 3.7.7 Build 5130 Beta 05 (Sep 23, 2018)
- Includes OpenSSL 1.0.2p and 1.1.1 (see release notes for 1.0.2 and 1.1.1).
- Supports macOS Mojave (10.14) "Dark Mode".
- Adds the ability to export and import all Tunnelblick configurations in a single operation.
- Sets DNS servers and domain via networksetup when using 'Set nameserver (alternate 2)'.
- Improves security by using full paths for system utilities.
- Explains the cause of certain routing errors.
- Improves dialogs explaining why Tunnelblick needs a computer administrator's authorization.
- Adds 'D. Simeonidis' and 'Zack Strulovitch' to translator credits on the Info panel.
- Fixes a crash when non-default scripts are used and a connection exists when Tunnelblick is launched.
- Fixes a typo in a log message shown only when debugging.
- Fixes a problem that caused the 'on unexpected disconnect' button to be disabled.
- Fixes a problem that caused spurious warnings in the Console log.
- Fixes a problem that caused certain Console log messages to generate errors.
- Fixes a problem that caused errors in seriously damaged systems.
New in Tunnelblick 3.7.7 Build 5120 Beta 04 (Aug 1, 2018)
- Allows scripts to control challenge/response (useful for TOTP and other authentication devices). See Multi-factor and Two-factor Authentication for details.
- Includes OpenVPN git master 57d6f10 dated 2018-07-25, and includes two patches (1 and 2) that have been proposed to fix gateway and IPv6 problems.
- Uses non-modal windows for more activities.
- Allows OpenVPN's 'management' option in configuration files (but always overrides it).
- Improves error handling for extremely unlikely errors.
- Adds Cloudflare/APNIC DNS servers (IPv4 and IPv6, including 1.1.1.1) to the list of known public DNS providers.
- Includes updated translations.
- Complains if /tmp, /private, and /private/tmp are do not have the correct ownership and permissions.
- Fixes several problems with dynamic challenge/response.
- Fixes a problem and speeds up checking for apparent public IP address changes.
New in Tunnelblick 3.7.7 Build 5100 Beta 03 (Jul 18, 2018)
- Adds support for static and dynamic challenge/response.
- Adds support for IPv6.
- Improves 'Copy Diagnostic Info to Clipboard'.
- Updates translations in many languages.
- Fixes a problem enabling some checkboxes.
- Fixes a problem disconnecting.
New in Tunnelblick 3.7.7 Build 5090 Beta 02 (Jun 26, 2018)
- Includes OpenVPN git master 4376805 dated 2018-06-24 (and 2.4.6 and 2.3.18).
New in Tunnelblick 3.7.6a Build 5080 (Jun 26, 2018)
- Includes a partial Hebrew translation.
- Fixes a problem when a logout is cancelled.
- Fixes a problem re-enabling network access for certain devices.
New in Tunnelblick 3.7.6 Build 5060 / 3.7.7 Build 5070 Beta 01 (Jun 10, 2018)
- Makes a better choice of the version of OpenVPN to use when the requested version is not available.
- Warns if the Tunnelblick application is more than 180 days old.
- Removes untranslated text, resulting in a smaller application.
- Includes updated translations.
- Fixes a problem that required the selection of Serbian (Cyrillic) in macOS to get the Serbian (Latin) version of Tunnelblick.
- Fixes a cosmetic problem when /etc/resolv.conf does not exist.
New in Tunnelblick 3.7.6 Build 5050 Beta 04 (Apr 27, 2018)
- Includes OpenVPN 2.4.6 and 2.5 git master 1394192 (and 2.3.18).
- Displays detailed log if user doesn't respond to success/failure dialog.
- Includes information about Tunnelblick login items and Tunnelblick items in the Dock.
- Includes several other enhancements and fixes several problems.
New in Tunnelblick 3.7.5a Build 5011 (Mar 28, 2018)
- Replaces OpenSSL 1.0.2n with 1.0.2o and LibreSSL 2.6.3 with 2.7.1.
New in Tunnelblick 3.7.6 Build 5031 Beta 03 (Mar 28, 2018)
- Includes OpenVPN 2.3.18 with OpenSSL 1.0.2o and LibreSSL 2.7.1.
- Includes OpenVPN 2.4.5 with OpenSSL 1.1.0h and OpenSSL 1.0.2o.
- Includes OpenVPN 2.5 git-master 8acc40b dated 2018-03-26 with OpenSSL 1.1.0h and OpenSSL 1.0.2o.
- Includes PKCS#11 support only in OpenVPN with OpenSSL 1.0.2o and LibreSSL 2.7.1, not OpenVPN with OpenSSL 1.1.0h.
- Includes support for TBMinimumTunnelblickVersion and TBMaximumTunnelblickVersion entries in Tunnelblick VPN Configuration Info.plist files.
- Fixes a problem that caused a message to always be shown in English.
- Clarifies wording about computer administrator authorization.
- Includes updated translations.
New in Tunnelblick 3.7.6 Build 5030 Beta 02 (Mar 16, 2018)
- Adds a partial Hebrew translation.
- Fixes a problem that caused fatal errors from 'Signal 13'.
- Fixes a problem that caused errors when installing configurations.
- Fixes problems in easy-rsa when certain paths contain spaces.
New in Tunnelblick 3.7.6 Build 5020 Beta 01 (Mar 4, 2018)
- Secures Tunnelblick's connection to the OpenVPN management interface with a password.
- Includes OpenVPN 2.4.5, OpenVPN 2.5 git-master b607900 dated 2018-03-02, and OpenVPN 2.3.18.
- Fixes a problem when using a debug version of Tunnelblick and monitoring network changes.
- Fixes a problem that made the git master version of OpenVPN unavailable.
- Fixes several problems choosing the best version of OpenVPN to connect a configuration.
- Fixes a problem when the 'installer' program is used from the command line.
New in Tunnelblick 3.7.5 Build 5010 (Mar 4, 2018)
- Secures Tunnelblick's connection to the OpenVPN management interface with a password.
- Fixes a problem when using a debug version of Tunnelblick and monitoring network changes.
- Fixes a problem that made the git master version of OpenVPN unavailable.
- Fixes several problems choosing the best version of OpenVPN to connect a configuration.
- Fixes a problem when the 'installer' program is used from the command line.
New in Tunnelblick 3.7.5 Build 5002 Beta 07 (Feb 17, 2018)
- Does better selection of the OpenVPN version to be used when connecting.
- Launches Tunnelblick at login if network access was disabled by Tunnelblick.
- Does not use DHCP for tap connections if an IP address is detected (thanks to mpsrig).
- Includes OpenVPN 2.4.4, 2.3.18, and git master 5a0e82c dated 2018-02-14.
- Includes other enhancements and fixes several problems.
New in Tunnelblick 3.7.5 Build 5000 Beta 06 (Feb 16, 2018)
- Does better selection of the OpenVPN version to be used when connecting.
- Launches Tunnelblick at login if network access was disabled by Tunnelblick.
- Does not use DHCP for tap connections if an IP address is detected (thanks to mpsrig).
- Includes OpenVPN 2.4.4, 2.3.18, and git master 5a0e82c dated 2018-02-14.
- Includes other enhancements and fixes several problems.
New in Tunnelblick 3.7.5 Build 4980 Beta 05 (Dec 30, 2017)
- Selects the closest match if Tunnelblick doesn't include the version of OpenVPN specified by the user.
- Offers to enable network access when a connection attempt is made and network access has been disabled.
- Fixes a problem installing Tunnelblick.
New in Tunnelblick 3.7.5 Build 4970 Beta 04 (Dec 8, 2017)
- Includes OpenSSL 1.0.2n. See OpenSSL Security Advisory 07 December 2017.
- Includes OpenVPN 2.5 git-master 5a0e82c dated 2017-12-05, OpenVPN 2.4.4, and OpenVPN 2.3.18.
- Fixes a problem in 3.7.5beta03 that caused crashes and weird behavior.
New in Tunnelblick 3.7.4b Build 4921 (Dec 8, 2017)
- Includes OpenSSL 1.0.2n. See OpenSSL Security Advisory 07 December 2017.
New in Tunnelblick 3.7.5 Build 4950 Beta 03 (Dec 3, 2017)
- Adds a 'Kill Switch' which can automatically disable all network access for unexpected VPN disconnections and/or for expected VPN disconnections. Also adds a menu command to re-enable network access.
- Adds the ability to automatically reset the primary network interface for unexpected VPN disconnections and/or for expected VPN disconnections.
- Defaults to OpenVPN 2.4 (currently, 2.4.4) instead of 2.3.
- Replaces LibreSSL 2.6.2 with 2.6.3.
- Includes other enhancements and fixes several problems.
New in Tunnelblick 3.7.4a Build 4920 / 3.7.5 Build 4930 Beta 02 (Nov 10, 2017)
- No longer requires that the user agree to terms and conditions before using Tunnelblick.
- No longer attempts to access tunnelblick.net before installing or updating.
- Adds an option to keep a VPN's status window visible when it is connected.
New in Tunnelblick 3.7.4 Build 4900 (Nov 3, 2017)
- Includes OpenSSL 1.0.2m. See OpenSSL 1.0.2 Series Release Notes.
- Requires the user's consent to terms of use before installing or updating and logs the install or update to the Tunnelblick website. (Other than the IP address, no personally identifiable information is sent.) See Privacy and Security.
- Replaces multiple dialog windows with a single window when installing Tunnelblick.
- Never sends any system information (e.g., macOS version) when checking for updates (even if the user previously agreed to it).
- Includes other enhancements and fixes several problems.
New in Tunnelblick 3.7.5 Build 4910 Beta 01 (Nov 3, 2017)
- Includes OpenSSL 1.0.2m. See OpenSSL 1.0.2 Series Release Notes.
- Includes LibreSSL 2.6.2 (from the development branch), replacing 2.5.5 (from the stable branch).
- Fixes two minor problems.
New in Tunnelblick 3.7.4 Build 4890 Beta 01 (Oct 19, 2017)
- Requires the user's consent to terms of use before installing or updating and logs the install or update to the Tunnelblick website. (Other than the IP address, no personally identifiable information is sent.)
- Replaces multiple dialog windows with a single window when installing Tunnelblick.
- Allows the installation of configurations that include options that are new in OpenVPN 2.4.
- Displays a clearer error message when a system extension (kext) fails to load.
- Never sends any system information (e.g., macOS version) when checking for updates (even if the user previously agreed to it).
- Fixes a misleading checkbox. (It was 'Do not check for IP address change', now it is 'Do not warn about this again for any configuration').
- Fixes a problem detecting corruption in preferences from ancient versions of Tunnelblick.
- Fixes a problem detecting running Tunnelblick or OpenVPN instances (false positives).
- Includes updated translations.
New in Tunnelblick 3.7.3 Build 4880 (Oct 19, 2017)
- Includes LibreSSL 2.5.5, lz4 1.7.5, lzo 2.10, OpenSSL 1.0.2l, and pkcs#11 1.22.
- Allows manual scrolling of the credits on the Info panel of the VPN Details window.
- Includes better graphics for several controls.
- Includes other enhancements and fixes several problems.
New in Tunnelblick 3.7.2a Build 4851 / 3.7.3 Build 4870 Beta 03 (Sep 27, 2017)
- Includes OpenVPN 2.4.4 and OpenVPN 2.3.18, each of which fixes a security issue that affects some users.
New in Tunnelblick 3.7.3 Build 4861 Beta 02 (Aug 28, 2017)
- Includes better graphics for several controls.
- Fixes several problems when installing configurations.
New in Tunnelblick 3.7.3 Build 4860 Beta 01 (Aug 28, 2017)
- Includes LibreSSL 2.5.5, lz4 1.7.5, lzo 2.10, OpenSSL 1.0.2l, and pkcs#11 1.22.
- Includes OpenVPN 2.5 git-master 974513e dated 2017-08-17, OpenVPN 2.4.3, and OpenVPN 2.3.17.
- Includes other enhancements and fixes several problems.
New in Tunnelblick 3.7.2 Build 4850 (Aug 28, 2017)
- Adds a checkbox to "Allow changes to manually-set network settings".
- Includes updated translations and credits for translations.
- Fixes an inability to install configurations that use OpenVPN's "tls-crypt" option.
- Fixes problems with configuration names that include a trailing period.
New in Tunnelblick 3.7.1b Build 4813 / 3.7.2 Build 4840 Beta 03 (Jun 22, 2017)
- This release replaces OpenVPN 2.4.2 with OpenVPN 2.4.3 and OpenVPN 2.3.16 with OpenVPN 2.3.17.
New in Tunnelblick 3.7.1a Build 4812 (May 20, 2017)
- This release replaces OpenVPN 2.3.15 with OpenVPN 2.3.16 (OpenVPN change log). (Also includes OpenVPN 2.4.2.)
- From the OpenVPN Downloads page:
- "This [OpenVPN 2.3.16] is a minor release that fixes a few bugs. This release was made primarily because CloudFlare managed to serve obsolete pre-release OpenVPN 2.3.15 tarballs which lack the fix for CVE-2017-7478. The official OpenVPN 2.3.15 Windows installers do have the fix. Nevertheless, you are advised to upgrade your OpenVPN installations to 2.3.16 or 2.4.2."
New in Tunnelblick 3.7.2 Build 4830 Beta 02 (May 20, 2017)
- This release replaces OpenVPN 2.3.15 with OpenVPN 2.3.16 (OpenVPN change log). (Also includes OpenVPN 2.4.2.)
- It also fixes an inability to install configurations that use OpenVPN's "tls-crypt" option.
- From the OpenVPN Downloads page:
- "This [OpenVPN 2.3.16] is a minor release that fixes a few bugs. This release was made primarily because CloudFlare managed to serve obsolete pre-release OpenVPN 2.3.15 tarballs which lack the fix for CVE-2017-7478. The official OpenVPN 2.3.15 Windows installers do have the fix. Nevertheless, you are advised to upgrade your OpenVPN installations to 2.3.16 or 2.4.2."
New in Tunnelblick 3.7.1 Build 4811 (May 12, 2017)
- Includes OpenVPN 2.4.2 and 2.3.15. See the OpenVPN Advisory at https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits.
- Includes popup help for most checkboxes and buttons when the pointer hovers over the checkbox or button.
- Includes other enhancements and fixes several problems.
New in Tunnelblick 3.7.2 Build 4820 Beta 01 (May 12, 2017)
- Includes OpenVPN 2.4.2 and 2.3.15. See the OpenVPN Advisory at https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits.
- Adds a checkbox to "Allow changes to manually-set network settings".
- Includes a Flemish translation.
- Includes updated translations and credits for translations.
New in Tunnelblick 3.7.1 Build 4810 Beta 02 (Mar 25, 2017)
- Includes OpenVPN 2.4.1 and OpenVPN 2.3.14.
- Includes updated translations and credits for translations.
- Allows a path in --askpass and --auth-user-pass OpenVPN options.
- Warns about problems with paths in --ifconfig-pool-persist and other OpenVPN options.
- Fixes a problem if the last character in a configuration file is a CR (0x0D).
New in Tunnelblick 3.7.1 Build 4800 Beta 01 (Jan 30, 2017)
- Includes popup help for most checkboxes and buttons when the pointer hovers over the checkbox or button.
- Includes OpenVPN 2.5 git-master 4590c38 dated 2017-01-26, OpenVPN 2.4.0, and OpenVPN 2.3.14.
- Includes updated translations.
New in Tunnelblick 3.7.0 Build 4790 (Jan 30, 2017)
- Includes OpenSSL 1.0.2k. See OpenSSL Security Advisory 26 January 2017 at https://www.openssl.org/news/secadv/20170126.txt.
- Allows 'dhcp-option SEARCH-DOMAIN' in addition to 'dhcp-option DOMAIN-SEARCH'.
- Fixes several problems that caused invalid parameters to the 'dhcp-option' OpenVPN option to be misinterpreted.
- Fixes a problem that caused an erroneous 'Waiting for password' status when renegotiating keys for a connection.
- Fixes a problem that caused unnecessary logging when tunnelblickd needs to be updated.
New in Tunnelblick 3.7.0 Build 4780 Beta 01 (Jan 17, 2017)
- Does more stringent validation of updates.
- No longer allows "downgrades" from a beta version to a stable version using the update mechanism.
- Updatable configurations no longer require DSA signatures (although they optionally can be required).
- Includes updated translations.
- Fixes a problem when a Keychain item has been deleted.
New in Tunnelblick 3.6.10 Build 4760 (Jan 17, 2017)
- Includes OpenVPN 2.4.0 and 2.3.14.
- Shows stdout and stderr output from scripts in the Tunnelblick log.
- Includes updated translations.
- Fixes several problems.
New in Tunnelblick 3.6.10 Build 4750 Beta 6 (Dec 28, 2016)
- Includes OpenVPN 2.4.0 (and OpenVPN 2.3.14).
New in Tunnelblick 3.6.10 Build 4740 Beta 5 (Dec 23, 2016)
- Includes OpenVPN 2.4_rc2 (and OpenVPN 2.3.14).
- Includes scripts for signing appcasts and updates (for the Tunnelblick application itself and for configurations).
- Displays stdout and stderr output from scripts in the Tunnelblick log.
- No longer creates ~/Library/openvpn.
- Logs more information when tunnelblickd needs to be reloaded.
- Uses Sparkle's feedURLStringForUpdater for updatable configurations.
- Uses SUPublicDSAKey instead of SUPublicDSAKeyFile.
- Displays Tunnelblick version in splash screen.
- Includes updated translations.
- Fixes a spurious warning about ~/Library/openvpn.
- Fixes a crash when installing an updatable configuration.
- Fixes a problem with PKCS#11 tokens.
New in Tunnelblick 3.6.10 Build 4730 Beta 4 (Dec 8, 2016)
- Includes OpenVPN 2.3.14 and 2.4_rc1 (release candidate 1).
- Includes new translations for for Azerbaijani, Catalan, and Indonesian.
New in Tunnelblick 3.6.10 Build 4720 Beta 3 (Dec 5, 2016)
- Includes OpenVPN 2.4_rc1 (release candidate 1) and 2.3.13.
- Includes new translations for Korean and adds some Azerbaijani translations.
New in Tunnelblick 3.6.10 Build 4710 Beta 2 (Nov 29, 2016)
- Includes OpenVPN 2.4_beta2 and 2.3.13.
- Includes new translations.
New in Tunnelblick 3.6.10 Build 4700 Beta 1 (Nov 18, 2016)
- Includes OpenVPN 2.4_beta1 and 2.3.13.
- Adds Yandex Public DNS to the list of known DNS providers.
New in Tunnelblick 3.6.9 Build 4685 (Nov 18, 2016)
- Adds versions of OpenVPN that use LibreSSL 2.5.0. Special thanks to GΛVĪN for his work on this.
- Includes OpenVPN 2.3.13 and OpenVPN 2.3.12.
- Displays the computer's apparent public IP address in the Tunnelblick menu when connected to a VPN.
- Includes other enhancements and fixes several problems.
New in Tunnelblick 3.6.9 Build 4675 Beta 2 (Nov 4, 2016)
- Includes OpenVPN 2.3.13 and OpenVPN 2.4 alpha2 in addition to 2.3.12.
- Displays the computer's apparent public IP address in the Tunnelblick menu when connected to a VPN.
- Includes additional popup help.
- Fixes several problems.
New in Tunnelblick 3.6.8 Build 4625 (Oct 10, 2016)
- Fixes a problem automatically installing configurations with Tunnelblick when Tunnelblick is not already installed.
- Fixes a problem displaying popup help in some languages.
New in Tunnelblick 3.6.9 Build 4651 Beta 1 (Oct 10, 2016)
- Adds versions of OpenVPN that use LibreSSL 2.5.0. Special thanks to GΛVĪN for his work on this.
- Includes OpenVPN 2.3 git-master bae1ad7 dated 2016-10-07.
New in Tunnelblick 3.6.8 Build 4622 Beta 10 (Sep 30, 2016)
- Fixes a problem loading tun or tap kexts on macOS Sierra.
New in Tunnelblick 3.6.7c Build 4606 / 3.6.8 Build 4621 Beta 8 (Sep 27, 2016)
- Updates OpenSSL from version 1.0.2i to version 1.0.2j. See OpenVPN Security Advisory 26 Sep 2016 at https://www.openssl.org/news/secadv/20160926.txt.
New in Tunnelblick 3.6.7b Build 4604 / 3.6.8 Build 4620 Beta 6 (Sep 26, 2016)
- Fixes problems that caused Tunnelblick to crash.
New in Tunnelblick 3.6.8 Build 4619 Beta 4 (Sep 22, 2016)
- Updates OpenSSL from version 1.0.2h to version 1.0.2i. See OpenVPN Security Advisory 22 Sep 2016 at https://www.openssl.org/news/secadv/20160922.txt.
- Includes OpenVPN 2.3 git-master 38f98fd dated 2016-09-21 (and OpenVPN 2.3.12).
- Updates localization.
- Fixes problems with long usernames, passwords, passphrase, credentials names, and configuration names.
- Fixes a problem when a configuration file is modified outside of Tunnelblick.
New in Tunnelblick 3.6.7a Build 4603 (Sep 22, 2016)
- Updates OpenSSL from version 1.0.2h to version 1.0.2i. See OpenVPN Security Advisory 22 Sep 2016 at https://www.openssl.org/news/secadv/20160922.txt.
New in Tunnelblick 3.6.8 Build 4618 Beta 2 (Sep 15, 2016)
- Includes OpenVPN 2.3 git-master cbc3c5a dated 2016-09-09.
- Improves handling of UTF-16 (Windows) files.
- Includes a pre-built icon for authentication dialogs.
- Updates localization.
- Fixes a problem removing a configuration that is connected.
New in Tunnelblick 3.6.7 Build 4602 (Sep 15, 2016)
- Includes only OpenVPN 2.3.12.
- Fixes a problem with incorrect 'Tunnelblick has been tampered with' messages.
New in Tunnelblick 3.6.7 Build 4601 Beta 4 (Sep 10, 2016)
- CRITICAL: Fixes a problem that causes updates to fail when running on macOS Sierra.
- Requires OS X 10.7.
- Includes OpenVPN 2.3 git-master 4db0629 dated 2016-08-26.
- Includes the latest version of Sparkle Updater.
- Updates localization.
- Fixes several problems when running on macOS Sierra.
- Fixes several problems when rebranding Tunnelblick.
- Fixes a problem installing configurations in auto-install folders.
- Fixes a problem installing configurations containing files with extensions that are not recognized.
New in Tunnelblick 3.6.6 Build 4582 (Aug 26, 2016)
- Enables strict transport security when accessing tunnelblick.net.
- Adds new popup help for the "Place icon near the Spotlight icon" checkbox.
- Includes OpenVPN 2.3 git-master d728ebe dated 2016-07-14.
- Requires OS X 10.6.8 or higher.
- Includes other enhancements and fixes several problems.
New in Tunnelblick 3.6.7 Build 4594 Beta 2 (Aug 26, 2016)
- Adds the ability to drag/drop configurations onto the list of configurations on the left side of the 'Configuration' panel of the 'VPN Details' window.
- Includes OpenVPN 2.3.12 and OpenVPN 2.3 git-master 8cba9ff dated 2016-08-24.
- Displays the SSL/TLS library built into Tunnelblick's copies of OpenVPN. (Currently only OpenSSL.)
- Includes updated localization.
- Fixes various typos (thanks to Mitchell Cash).
- Fixes a problem that could occur in low memory situations.
- Fixes a problem handling unexpected messages from OpenVPN servers.
- Fixes a problem when running on case-sensitive filesystems.
- Fixes several bad links to Google Code.
New in Tunnelblick 3.6.5 Build 4566 (Jul 18, 2016)
- Includes "admin mode", which temporarily (for five minutes) authorizes changes that require a computer administrator password.
- Includes and OpenVPN 2.3 git-master ec0c1dc dated 2016-06-20.
- Fixes several problems.
New in Tunnelblick 3.6.6 Build 4581 Beta 2 (Jul 18, 2016)
- Enables strict transport security when accessing tunnelblick.net.
- Adds new popup help for the "Place icon near the Spotlight icon" checkbox.
- Includes OpenVPN 2.3 git-master d728ebe dated 2016-07-14.
- Includes other enhancements and fixes several problems.
New in Tunnelblick 3.6.4a Build 4561 (Jun 23, 2016)
- Fixes a problem loading kexts on recent versions of OS X (caused by the build number).
New in Tunnelblick 3.6.5 Build 4565 Beta 04 (Jun 23, 2016)
- Includes updated localization.
New in Tunnelblick 3.6.5 Build 4564 Beta 02 (Jun 22, 2016)
- Includes OpenVPN 2.3.11 and OpenVPN 2.3 git-master ec0c1dc dated 2016-06-20.
- Includes "admin mode", which temporarily (for five minutes) authorizes changes that require a computer administrator password.
- Includes updated localization.
- Fixes spurious warnings logged by atsystemstart.
- Fixes a problem with IP checking by IP address on El Capitan and Sierra.
- Fixes invalid permissions on some .strings files.
- Fixes problems installing on Sierra.
New in Tunnelblick 3.6.4 Build 4560.4563 (Jun 22, 2016)
- Includes OpenVPN version 2.3.11.
- Includes updated localization.
New in Tunnelblick 3.6.4 Build 4562 Beta 04 (May 9, 2016)
- Fixes a problem that sometimes caused the "Reset the primary interface after disconnecting" setting to be ignored.
- Updates localization.
New in Tunnelblick 3.6.3 Build 4560 / 3.6.4 Build 4561 Beta 02 (May 3, 2016)
- Includes OpenSSL version 1.0.2h. See OpenSSL Security Advisory 3rd May 2016.
- Fixes a problem causing the 'Add a VPN' window to fail to be closed.
- Fixes a problem when updating very old versions of Tunnelblick.
- Fixes a problem parsing configurations with inline keys or certificates that are in comments.
New in Tunnelblick 3.6.3 Build 4559 Beta 02 (Apr 24, 2016)
- Allows VPN configurations to be installed by dropping them on the Tunnelblick icon in the menu bar.
New in Tunnelblick 3.6.2 Build 4558 (Apr 24, 2016)
- Updates localization
- Fixes a problem when using the non-outline view of configurations (OS X 10.4).
New in Tunnelblick 3.6.2 Build 4555 Beta 06 (Apr 8, 2016)
- Fixes problems with the "Welcome to Tunnelblick" window and other modal windows.
- Fixes a problem that can cause user-supplied up/down scripts to be ignored (affected only 3.6.1beta02).
- Fixes a problem with the 'Copy Diagnostic Info to Clipboard' function.
New in Tunnelblick 3.6.2 Build 4551 Beta 02 (Apr 2, 2016)
- Adds the ability to set the VPN Log Level from the "Settings" tab.
- Allow configurations using scripts or commands to be installed automatically.
- Clarifies a warning to say that an unrecognized OpenVPN option can cause a warning about suspicious programs.
- Does additional checking of the application's digital signature.
- Includes the source code's git status in the "diagnostic info".
- Fixes problems displaying and deleting the VPN log.
New in Tunnelblick 3.6.1 Build 4543.4551 (Apr 2, 2016)
- Adds Afrikaans and Croation translations.
- Fixes a problem that caused Farsi, Icelandic, and Indonesian localization to be unavailable.
- Fixes a problem that caused new installations of configuration files containing certain Unicode sequences to be corrupted.
- Fixes a problem that caused connection attempts to get stuck waiting for a password without asking for a password.
- Fixes problems with renaming or duplicating a configuration.
New in Tunnelblick 3.6.1 Build 4544 Beta 02 (Mar 19, 2016)
- Closing a VPN status window prevents it from reappearing until the user attempts to connect its configuration.
- Makes the "VPN Details" window resizable.
New in Tunnelblick 3.6.0a Build 4543.4546 (Mar 19, 2016)
- Fixes a problem that caused kexts in 3.6.0 to fail to load on OS X 10.11.
New in Tunnelblick 3.6.0 Build 4543.4544 (Mar 19, 2016)
- Updates localization.
- Updates the help pages to be consistent with changes to the application.
- Makes the Info panel's credits table display properly in right-to-left languages.
- Skips the DSA signature check on appcast and update notes if there is no DSA public key in the Info.plist.
- Fixes a problem with the "Wait for DHCP if Tap" and "Do not wait for Internet access" options.
- Fixes a problem that caused Tunnelblick to hang when installing configurations in multiple folders with names that differ only in their last character.
- Fixes a problem installing configurations that are to be installed in new private folders.
- Fixes a problem installing configurations that have inline options.
New in Tunnelblick 3.5.8 Build 4270.4530 (Mar 2, 2016)
- Replaces OpenSSL 1.0.1r with 1.0.1s, see OpenSSL Security Advisory 1st March 2016 at https://www.openssl.org/news/secadv/20160301.txt.
New in Tunnelblick 3.6.0 Build 4530 Beta 24 (Mar 2, 2016)
- Replaces OpenSSL 1.0.2f with 1.0.2g, see OpenSSL Security Advisory 1st March 2016.
- Replaces OpenVPN git-master 3a5a46c with 6a4edc7 dated 2016-02-25.
- Allows the OpenVPN --auth-user-pass option to specify a file containing a username and password.
- Allows empty VPN passwords.
- Includes only the OS X version in the anonymous profile information optionally sent during update checks.
- Updates localization.
- Is built using Xcode 7 and supports only the 64-bit Intel architecture.
- Eliminates spurious Console log entries when OpenVPN exits immediately.
New in Tunnelblick 3.5.7 Build 4270.4517 (Feb 18, 2016)
- Does not install configurations in auto-install folders at the time Tunnelblick is installed.
New in Tunnelblick 3.6.0 Build 4517 Beta 22 (Feb 18, 2016)
- Digitally signs all update information to thwart attacks when updating Tunnelblick even if https: access to the update website (or the website itself) is compromised.
- Refuses to install configurations in auto-install folders at the time Tunnelblick is installed if the configurations contain scripts or reference external scripts.
- Issues warnings if the user install configurations by double-clicking and the configurations contain scripts or reference external scripts.
- Issues warnings if an automatically-updated configuration contains scripts or reference external scripts.
- Does not use UUIDs and removes the UUID stored in the Tunnelblick preferences for the user running Tunnelblick. (We never used this information.)
- Includes updated localization.
- Fixes a problem when installing a .tblk which contains identically-named .conf and .ovpn files.
- Fixes a problem when using PKCS#11.
- Fixes a problem that caused double-clicks of configurations to be ignored.
New in Tunnelblick 3.5.6 Build 4270.4505 (Feb 1, 2016)
- Replace OpenSSL 1.0.1q with 1.0.1r.
New in Tunnelblick 3.6.0 Build 4505 Beta 20 (Feb 1, 2016)
New in Tunnelblick 3.6.0 Build 4486 Beta 18 (Dec 28, 2015)
- Allows a user to replace a configuration's certificate and key files without requiring authorization by an administrator. (Must be enabled by an administrator.)
- Installs forced preferences from auto-install/forced-preferences.plist.
- Replaces OpenVPN 2.3.7 with 2.3.9.
- Replaces OpenVPN git-master 80442ae (2015-11-29) with 0e591a2 (2015-12-27).
- Adds lz4 compression to the OpenVPN git-master version (x86_64 only).
- Implements 'always', 'only-if-exists', and 'remove' entries in auto-install/preferences.plist.
- Minimizes use of [NSUserDefaults synchronize].
- Removes CR characters in files that may not have them on OS X when installing or converting a configuration.
- Adds a timeout exit to tunnelblickd.
- Clarifies language when authentication failed.
- Asks users to report crashes to [email protected].
- Fixes a problem causing hangs on OS X 10.10 and 10.11.
- Fixes a problem that deleted the passphrase (private key) when authentication of the username/password failed and the user chose to 'Try again with different credentials'.
- Fixes a crash when deleting credentials that include a passphrase
New in Tunnelblick 3.6.0 Build 4461 Beta 16 (Dec 11, 2015)
- SECURITY UPDATE: Replaces OpenSSL version 1.0.2d with version 1.0.2e. See https://www.openssl.org/news/secadv/20151203.txt.
- Includes OpenVPN git-master as of commit 80442ae (2015-11-29), in addition to versions 2.3.7 and 2.3.8.
- Allows auth-user-pass with a file when using the 'git-master' version of OpenVPN
- Updates localization and adds support for right-to-left languages such as Arabic and Hebrew. (Only Arabic localization is currently available.)
- Removing a credentials group or terminating all OpenVPN processes no longer makes Tunnelblick busy.
- Successful installation or replacement of the program or configurations, reversion of configurations, and the successful termination of all OpenVPN processes are presented in the OS X Notification Center on OS X 10.8 ('Mountain Lion') and higher.
- Includes more extensive checking of Tunnelblick's digital signatures at launch.
- Allows up to 50 seconds before abandoning an installation attempt.
- Renamed 'Notification window' to 'VPN status windows' on the 'Appearance' panel of the 'VPN Details' window.
- Fixes a problem that caused Console Log warnings about a deleted thread with an uncommitted CATransaction.
- Fixes a problem that caused Console Log warnings about being unable to change an NSStatusItem priority.
- Fixes a problem that caused the last line of some error messages to not be displayed.
- Fixes a problem loading kexts on OS X 10.10.11.2 ('El Capitan').
- Fixes two problems that caused crashes on OS X 10.4 ('Tiger').
- Fixes a problem that caused a hang on OS X 10.10 ('Yosemite') and 10.11 ('El Capitan').
New in Tunnelblick 3.6.0 Build 4441 Beta 14 (Dec 11, 2015)
- Fixes a problem when switching languages.
- Repairs ownership and permissions of reactivateTunnelblick.sh if they are damaged.
New in Tunnelblick 3.6.0 Build 4435 Beta 12 (Dec 11, 2015)
- Includes OpenVPN git-master as of commit 7546cba (2015-11-13), in addition to 2.3.7 and 2.3.8.
- Includes the "Tunnelblick Xor Patch" in all versions of OpenVPN and removes versions of OpenVPN without the patch.
- Includes changes so that operations such as installing, removing, duplicating, or renaming configurations no longer make Tunnelblick busy.
- Updates and adds localization for several languages, including Latvian and Indonesian.
- Reactivates Tunnelblick so the "VPN Details" window regains focus after Tunnelblick obtains authorization from a computer administrator.
- Deleting configurations or their credentials, making them private or shared, reverting them to their secured configurations, and setting them to show or not show on the Tunnelblick menu may be done for all selected configurations.
- Changes to settings are applied to all selected configurations without a confirmation dialog.
- "Make Configuration Private..." and "Make Configuration Public..." are now two separate menu items, as are "Show on Tunnelblick Menu" and "Do Not Show on Tunnelblick Menu".
- Maintains panel and tab selections when relaunched.
- Detects attempts to install Tunnelblick while an OpenVPN VPN is connected.
- Disconnects a VPN while it is being updated and then reconnects it after the update is complete.
- Comments out lines in OpenVPN configuration files that have a “status”, “write-pid”, or “replay-persist” option when a configuration is installed or converted.
- Includes NSSupportsAutomaticGraphicsSwitching in the Info.plist to support use of the integrated graphics controller.
- Always launches Tunnelblick after a successful install.
- Logs system and Tunnelblick version numbers to the Console Log at launch.
- Includes additional logging if system commands used by Tunnelblick take a long time to execute.
- Highlights in red (i.e., as an error) OpenVPN's "no default was specified by either --route-gateway or --ifconfig options" log entry
- Removes debug logging from Sparkle Updater subsystem.
- Fixes a problem that caused some updatable configurations to fail when installing an update.
- Fixes a problem copying the installer log to the Console log if user quits after an installer failure.
- Fixes a problem installing a .tblk if the user's home folder is on a network volume. (This is an experimental feature.)
- Fixes a problem that caused Tunnelblick to crash on OS X 10.4 ("Tiger").
- Fixes a problem that caused Tunnelblick to crash if Bartender was managing the Tunnelblick icon.
- Fixes a problem with placing the Tunnelblick icon near the Spotlight icon on OS X 10.9 and higher.
- Fixes a problem that sometimes caused the wrong configuration to be selected after a configuration is renamed.
- Fixes an out-of-date link to Online Documentation on the disk image.
New in Tunnelblick 3.5.5 Build 4270.4461 (Dec 11, 2015)
- SECURITY UPDATE: Replaces OpenSSL version 1.0.1p with version 1.0.1q.
New in Tunnelblick 3.6.0 Build 4400 Beta 10 (Sep 25, 2015)
- Reverts so that "Route all IPv4 traffic through the VPN" defaults to NO, as it was before 3.6beta09.
New in Tunnelblick 3.5.4 Build 4270.4395 (Sep 20, 2015)
- Fixes problems on OS X 10.4.11 ("Tiger").
New in Tunnelblick 3.6.0 Build 4395 Beta 9 (Sep 20, 2015)
- Defaults to “Route all IPv4 traffic through the VPN" and “Disable IPv6 for Tun connections”.
- Includes OpenVPN 2.3.8 and 2.3.7, replacing 2.3.7 and 2.3.6. This fixes a problem with usernames and passwords.
- Allows “pre-disconnect.sh” scripts in Tunnelblick VPN Configurations. Such scripts are executed before disconnecting a configuration.
- Displays a server-supplied error message when a username/password authentication fails.
- Updates the list of free public DNS servers (used only for warning if other DNS servers are used).
- User interface changes:
- Moves sound settings and the “Keep connected” checkbox to the “Advanced” window.
- Moves the “Show configuration on the Tunnelblick menu” checkbox to the “gear” menu at the bottom of the configuration list.
- Moves the “Check if the apparent public IP address changed after connecting”, the “Route all IPv4 traffic through the VPN” checkbox, and the “Reset the primary interface after disconnecting” checkbox to the main “Settings” tab.
- Adds the “Disable IPv6 for Tun connections” checkbox to the main “Settings” tab.
- Adds the “Enable IPv6 for Tap connections” checkbox to the “Advanced” settings window.
- Fixes a problem with the Tunnelblick icon if the "Displays have different Spaces" setting is checked in the Mission Control System Preference.
- Fixes a problem when “All configurations use Common credentials” is changed; Tunnelblick will no longer ask for each configuration’s credentials until it is relaunched.
- Fixes several problems installing Tunnelblick on unusual systems.
- Fixes a problem installing configurations.
New in Tunnelblick 3.5.3 Build 4270.4371 (Jul 15, 2015)
- SECURITY UPDATE: Replaces OpenSSL version 1.0.1o with version 1.0.1p.
New in Tunnelblick 3.6.0 Build 4371 Beta 8 (Jul 11, 2015)
- SECURITY UPDATE: Replaces OpenSSL version 1.0.2c with version 1.0.2d.
- Includes additional protection against attacks.
- Includes additional logging when installer must be run.
- Updates localization.
New in Tunnelblick 3.6.0 Build 4346 Beta 6 (Jun 15, 2015)
- Replaces OpenSSL version 1.0.2b with version 1.0.2c.
New in Tunnelblick 3.5.2 Build 4270.4346 (Jun 15, 2015)
- Replaces OpenSSL version 1.0.1n with version 1.0.1o.
New in Tunnelblick 3.6.0 Build 4340 Beta 4 (Jun 13, 2015)
- Replaces LZO version 2.08 with version 2.09.
New in Tunnelblick 3.5.1 Build 4270.4335 (Jun 12, 2015)
- SECURITY UPDATE: Replaces OpenSSL version 1.0.1m with version 1.0.1n.
- Fixes problems flushing the DNS cache on some versions of OS X.
New in Tunnelblick 3.6.0 Build 4335 Beta 2 (Jun 12, 2015)
- SECURITY UPDATE: Replaces OpenSSL version 1.0.1m with version 1.0.2b.
- Includes OpenVPN versions 2.3.7 in addition to 2.3.6.
- Updates localization, including full Turkish localization and partial Latvian localization.
- Changes OpenVPN 'verb' default from 1 to 3.
- Highlights notes, warnings, and errors in the Tunnelblick log.
- Launches Tunnelblick at login if any 'openvpn' processes are running (or 'openvpnstart' or 'tunnelblick-helper') or if Tunnelblick was running when the user logged out or the computer was shut down or restarted.
- Includes a modified version of the 'openvpn_xorpatch' to support the unofficial OpenVPN 'scramble' option. Modifications to the patch include better syntax checking of the option and repair of a buffer overflow bug. Uses the patched version of OpenVPN automatically but only when the configuration file includes the 'scramble' option. For more details, see Tunnelblick and openvpn_xorpatch.
- Includes better diagnostic info.
- Reduces non-error logging by tunnelblickd.
- Fixes problems flushing the DNS cache on some versions of OS X.
- Fixes problems that affect some TAP connections.
- Fixes problems with 'Connect when computer starts' configurations.
- Fixes problems reading configuration files that have CR (0x0D) characters.
- Fixes misleading output in warnings about IP address changes.
- Fixes a problem that caused incorrect restore DNS and restore WINS settings when connecting Tunnelblick to an already-running OpenVPN.
- Fixes problems with Deploy/Welcome.bundle permissions.
- Fixes typos in help for the 'Appearances' panel.
New in Tunnelblick 3.5.0 Build 4265 (Apr 4, 2015)
- This is the first stable version of Tunnelblick 3.5 -- many thanks to our tens-of-thousands of beta testers!
- It is identical to 3.5beta10 except for version and build numbers.
New in Tunnelblick 3.5 Build 4262 Beta 10 (Mar 31, 2015)
- Updates localization and credits.
- Adds output from the 'ipconfig' command to the diagnostic info.
- Fixes a problem that caused Tunnelblick to incorrectly report that there are no DNS settings.
- Fixes a problem that caused Tunnelblick to be unable to perform privileged activity.
- Fixes several problems when running on OS X 10.4 and 10.5 ("Tiger" and "Leopard").
New in Tunnelblick 3.5 Build 4236 Beta 8 (Mar 20, 2015)
- SECURITY UPDATE: Includes OpenSSL 1.0.1m. See OpenSSL Security Advisory 19 Mar 2015.
- Updates localization for several languages.
- Adds partial localization for Estonian and Turkish.
- Adds log entries from helper programs to the output of 'Copy Diagnostic Info to Log'.
- Fixes problems with configurations that connect when the computer starts.
- Fixes problems scrolling the log in the 'VPN Details...' window.
- Fixes problems that caused log entries to not be logged properly.
New in Tunnelblick 3.5 Build 4211 Beta 6 (Jan 23, 2015)
- Uses a launchd daemon instead of an SUID helper to start OpenVPN on OS X Version 10.5 ("Lion") and higher.
- Updates Arabic, Japanese, and Chinese (traditional) localization.
- Fixes problems with IP address checking on OS X 10.10 ("Yosemite").
- Fixes problems with the VPN login or passphrase window appearing when waking from sleep or the displays change.
- Fixes a problem that caused an older version of the tun/tap kexts to be used on OS X 10.6-10.8.
- Fixes problems with certain malformed updates to Tunnelblick or to configurations.
- Fixes a problem if certain errors occurred during an update.
- Fixes a problem showing the failure notification window when an install fails.
- Fixes a minor memory leak.
New in Tunnelblick 3.5 Build 4198 Beta 4 (Jan 9, 2015)
- SECURITY UPDATE: Includes OpenSSL 1.0.1K. See OpenSSL Security Advisory 08 Jan 2015 (https://www.openssl.org/news/secadv_20150108.txt)
- Adds easy-rsa version 3.0-rc2 to the easy-rsa folder.
- Adds the per-configuration '-waitForDHCPInfoIfTap' preference which, for TAP configurations, causes the 'up' script to wait until the DHCP info has been processed before continuing with the VPN setup.
- Adds the 'managementPortStartingPortNumber' preference, which specifies the port number Tunnelblick uses for communication with OpenVPN. If the port is unavailable, successive ports will be tried until an available port is found.
- Includes complete localization in 20 languages.
- Flushes DNS cache even if no DNS changes are made by Tunnelblick.
- Logs additional information about DNS servers being used when connected to the VPN.
- Fixes problems when Tunnelblick is denied access to the Keychain.
- Fixes the tab sequencing in the VPN username/password dialog.
New in Tunnelblick 3.4.3 Build 4055.4198 (Jan 9, 2015)
- SECURITY UPDATE:
- Includes OpenSSL 1.0.1K. See OpenSSL Security Advisory 08 Jan 2015 (https://www.openssl.org/news/secadv_20150108.txt)
New in Tunnelblick 3.5 Build 4165 Beta 2 (Dec 3, 2014)
- SECURITY UPDATE: Includes OpenVPN 2.3.6. See OpenVPN Security Announcement-97597e732b.
- Includes complete localization in 18 languages including Danish and Greek and partial localization in 7 others, including Arabic and Bulgarian.
- Uses new (2014-11-04) tun/tap kexts when on OS X 10.9 or 10.10 ("Mavericks" or "Yosemite").
- Includes new status icon animation which clarifies the connected/connecting/disconnected VPN status -- thanks to William Faulk.
- Adds the ability to save only the VPN username to the Keychain without saving the VPN password.
- Adds ability to localize configuration names (and folder names).
- Moves the 'VPN Details…' menu item to be above the configurations. May be disabled with the 'putVpnDetailsAtBottom' preference is set TRUE.
- Recreates the status icon only when necessary.
- Centers the login or passphrase window in the new screen when a screen change occurs or if the computer awakens from sleep unless the 'doNotRedisplayLoginOrPassphraseWindowAtScreenChangeOrWakeFromSleep' preference is set to TRUE.
- Deletes log files not modified in the last week.
- An empty name for an 'added menu item' (or the name after translation) causes the item to be skipped.
- Adds crash report log entries for Tunnelblick components such as openvpn and atsystemstart to the 'Diagnostic Info'.
- Flushes DNS cache via 'discoveryutil udnsflushcaches' and 'discoveryutil mdnsflushcache' if available.
- Fixes several problems with Tunnelblick's handling of 'private keys' (passphrases).
- Fixes a problem with updates to Deployed versions of Tunnelblick and a problem causing failures on OS X 10.4 ('Tiger').
- Fixes a problem renaming configurations.
- Fixes visibility problems with the standard status icon in 'dark mode' on OS X 10.10 ('Yosemite').
- Fixes problems on OS X 10.4 and 10.5 Intel machines using OpenVPN versions higher than 2.2.1.
- Fixes a problem with invalid permissions in IconSets contents.
- Fixes problems that caused digital signature checking to fail on OS X 10.5.
- Fixes a problem with password and passphrase windows.
- Fixes status window icon animation.
- Fixes typo of Feetu Nyrhinen's name on the Info panel.
- Fixes a problem that caused the 'tun' kext to not be loaded even if 'dev-node tun' was specified in the OpenVPN configuration file.
New in Tunnelblick 3.4.2 Build 4055.4161 (Dec 2, 2014)
- SECURITY UPDATE: Includes OpenVPN 2.3.6 See OpenVPN Security Announcement-97597e732b.
New in Tunnelblick 3.4.1 (Oct 16, 2014)
- SECURITY UPDATE:
- Includes OpenSSL 1.0.1j. See OpenSSL Security Advisory (15 Oct 2014): https://www.openssl.org/news/secadv_20141015.txt
New in Tunnelblick 3.4.0 (Oct 3, 2014)
- Better Security:
- Fixes several security-related bugs.
- Includes the latest stable versions of OpenVPN, LZO, the OpenSSL library, and Tuntap.
- Uses https: for updates and IP address checks (still uses digital signatures for additional security).
- Does additional checks to ensure the program's integrity.
- Better Usability:
- Enhances installation of configurations with improved error detection and correction and automatic conversion of OpenVPN configurations.
- On OS X 10.6 ('Snow Leopard') and higher, allows the user to select multiple configurations in the VPN Details… window and then change settings for all of the selected configurations.
- Includes a new status icon (the icon in the menu bar) more in keeping with recent OS X aesthetics.
- Changes many warning dialogs so they do not block other Tunnelblick operations.
- More Capabilities:
- On OS X 10.6.8 and higher when using OpenVPN 2.3.3 and higher in a TUN configuration, Tunnelblick no longer automatically loads the tunnelblick tun kernel extension (kext). In this situation, OpenVPN will use the UTUN device driver built into OS X.
- Runs on OS X 10.4 through 10.10 ("Tiger", "Leopard", "Snow Leopard", "Lion", "Mountain Lion", "Mavericks", and "Yosemite").
- Better Reliability:
- Fixes many (most? all?) problems. Please report problems to the Tunnelblick Discussion Group.
- Worse Localization:
- Sorry, but 3.3.0 does not have complete localization.
- To help with localization, please email jkbullard at gmail for instructions.
New in Tunnelblick 3.4 Beta 38 (Oct 2, 2014)
- SECURITY UPDATE: Fixes several security vulnerabilities.
- Includes only OpenVPN 2.3.4. (OpenVPN 2.2.1 is no longer included.)
- Adds a 'Set DNS after routes have been set up' checkbox to the 'Advanced' settings window.
- Secures all configurations (shared, private, and shadow) when Tunnelblick is installed.
- Removes a message that the 'Place icon next to Spotlight icon' checkbox is not available on OS X 10.9 ('Mavericks') and higher.
- Includes better logging when a forced preference overrides a user-specified preference.
- Includes preparation for localizing configuration names and Deployed menu commands and Welcome windows.
- Fixes a problem installing configurations that have both .ovpn and .conf files.
- Fixes a problem that causes graphic artifacts to appear in the list of configurations in the VPN Details window.
- Fixes several problems involving rebranded and "Deployed" versions of Tunnelblick.
New in Tunnelblick 3.4 Beta 36 (Sep 2, 2014)
- Fixes a problem on OS X 10.9.5 ('Mavericks') and 10.10 ('Yosemite') that causes spurious warnings that 'This version has been tampered with'.
- Re-enables the 'Place icon next to Spotlight icon' checkbox on OS X 10.9 ('Mavericks') and higher.
New in Tunnelblick 3.3.4 (Aug 8, 2014)
- Includes OpenSSL library version 1.0.1h, which fixes several security vulnerabilities (see OpenSSL Security Advisory 05 Jun 2014).
New in Tunnelblick 3.4 Beta 34 (Aug 8, 2014)
- SECURITY UPDATE: Updates Tunnelblick's embedded OpenSSL to version 1.0.1i from version 1.0.1h. See https://www.openssl.org/news/secadv_20140806.txt and https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenSSL1.0.1i for details.
- Includes better handling of computer sleep/wake and fast user switching.
- Holding down the 'Option' key while triple-clicking the Tunnelblick icon opens the 'VPN Details...' window centered on the display.
- Includes a new key, 'TBKeepExistingFilesList', for updatable configurations.
- Fixes a problem which caused the Info.plist in certain Tunnelblick VPN Configurations to be ignored while installing the Configuration.
- Fixes a problem that caused Tunnelblick to not recognize a semicolon (';') character as the start of a comment in an OpenVPN configuration file.
- Fixes a problem that mistakenly allowed Tunnelblick to run and generate errors if it was in /Applications but its name was not Tunnelblick.app.
- Fixes several problems with updatable configurations.
New in Tunnelblick 3.4 Beta 32 (Jul 18, 2014)
- Adds the ability to have Tunnelblick VPN Configurations updated the same way that Tunnelblick is updated. See Updatable Configurations for details.
- Uses launchd instead of login items to control the launch of Tunnelblick when the user logs in.
- Fixes a problem installing configurations with 'TBPreference...' or 'TBAlwaysSetPreference' Info.plist entries.
- Fixes a problem installing configurations that that are inside Contents/Resources folders.
- Fixes a problem installing configurations when logged in as a 'standard' user (i.e., a non-administrator).
- Fixes a problem on OS X 10.9 and higher which caused Tunnelblick to try to access login items that were on network volumes.
- Fixes a problem which caused Tunnelblick to launch at login if the user had last quit Tunnelblick via Command-Q instead of using the 'Quit Tunnelblick' menu command.
- Fixes a minor memory leak.
New in Tunnelblick 3.4 Beta 30 (Jul 9, 2014)
- Adds a condensed copy of the configuration file (without comments or empty lines) to the diagnostic info.
- Includes preparation for updatable .tblk configurations.
- Includes LZO version 2.08.
- Changes many warning dialogs so they do not block other Tunnelblick operations.
- Includes a new 'Inhibit automatic update checking and IP Address checking' checkbox on the 'Preferences' page. Checking it disables all Internet activity by the Tunnelblick program itself (but not by OpenVPN), overriding any other settings that allow such activity. The checkbox is unchecked by default.
- Disables the 'Reset the primary interface after disconnecting' checkbox if 'Set DNS/WINS' is not set to 'Set nameserver'.
- Includes changes to avoid compiler warnings on Xcode 5 and 6.
- Fixes a problem with OpenVPN mis-identifying an x86_64 build as an i386 build. (Thanks to Harold Molina-Bulla.)
- Fixes a problem with names of OpenVPN folders.
- Fixes a misleading message in the installer log.
- Fixes several problems with Unicode characters.
- INCLUDES MAJOR ENHANCEMENTS TO INSTALLING CONFIGURATIONS:
- Installs OpenVPN configuration files ('.ovpn' or '.conf' files) when they are double-clicked.
- Installs OpenVPN configuration files automatically if they are in a 'auto-install' or '.auto-install' folder when Tunnelblick is installed.
- Multiple OpenVPN configuration files may be included in a Tunnelblick VPN Configuration ('.tblk'); when the .tblk is installed, each of the OpenVPN configurations will be installed as a separate configuration.
- Adds an 'Apply to all' checkbox when installing configurations.
- Allows non-printable characters (such as Unicode characters) anywhere in an OpenVPN configuration file.
- Does more extensive checking of OpenVPN configuration files:
- They must have correct paths (relative or absolute) to key, certificate, and other files.
- They must not contain 'Windows only' options.
- They must not contain options reserved for use by Tunnelblick.
New in Tunnelblick 3.4 Beta 28 (Jun 13, 2014)
- Includes OpenSSL library version 1.0.1h, which fixes several security vulnerabilities (see OpenSSL Security Advisory 05 Jun 2014).
- Includes (some) preparation for OS X 10.10 ('Yosemite').
- Fixes a problem that crashes Tunnelblick if the 'VPN Details…' window is displayed when there no configurations.
- Fixes a problem that caused a failure to update the connection status and statistics.
- Fixes problems flushing the DNS cache on OS X 10.5 and 10.10 ('Leopard' and 'Yosemite').
- Fixes problems resetting the primary interface.
- Fixes problems installing or deleting configurations that contain locked files or folders.
- Fixes problems that caused the notification window to fail to appear when the pointer hovers over the Tunnelblick icon on OS X 10.5 ('Leopard').
- Fixes a problem that caused delays and invalid Console log messages on OS X 10.9 and 10.10 ('Mavericks' and 'Yosemite').
- Fixes a problem when a .tblk contains an up.sh or down.sh script.
- Fixes several minor cosmetic problems, including the mislabeling of the 'Copy Diagnostic Info to Clipboard' button on OS X 10.4 and 10.5 ('Tiger' and 'Leopard').
New in Tunnelblick 3.4 Beta 26 (May 3, 2014)
- Replaces OpenVPN version 2.3.3 with version 2.3.4. Tunnelblick now contains OpenVPN versions 2.2.1, 2.3.2, and 2.3.4.
- Quits Tunnelblick faster.
- Warns about OpenVPN options that are not allowed on OS X because they are allowed only on Windows.
- Excludes the value of the 'installationUID' preference from the diagnostic info.
- Includes better OpenVPN version detection.
- Includes better handling of invalid preferences.
- Includes additional error logging.
- Fixes problems with NUL characters in configuration files.
- Fixes a problem that caused some 'Connect' button presses to be ignored.
- Fixes a problem that caused some settings to be ignored.
- Fixes a problem that caused spurious Console log entries about unknown preferences.
- Fixes a problem with the position of the help button on Preferences panel.
- Fixes a problem deleting old logs.
- Fixes a problem with permissions on non-.tblk folders in Deploy.
- Fixes a non-reachable double-free.
- Fixes a minor memory leak.
New in Tunnelblick 3.4 Beta 24 (Apr 18, 2014)
- Includes OpenVPN 2.3.3 (as well as 2.2.1 and 2.3.2).
- Adds additional security checking of programs that Tunnelblick runs as root.
- Moves the 'Copy Diagnostic Info to Clipboard' to the main part of the 'VPN Details…' window.
- Adds a 'quit' command for AppleScript which terminates Tunnelblick properly so it is not launched at the next login.
- When 'sanitizing' a configuration file for 'Examine OpenVPN Configuration File' and 'Copy Diagnostic Info to Clipboard', Tunnelblick strips lines that appear between lines that contain '-----BEGIN' and '-----END' (even in comments). (This strips certificates and keys created by Open Access.)
- On OS X 10.6.8 and higher when using OpenVPN 2.3.3 and higher in a TUN configuration, Tunnelblick no longer automatically loads the tunnelblick tun kernel extension (kext). In this situation, OpenVPN will use the UTUN device driver built into OS X.
- Warns user if the system clock is not set correctly.
- Checks Tunnelblick preference files for errors.
- Changes words for 'In:' and 'Out:' in Russian.
- Adds additional information to a warning message about LSSharedFileListItemResolve returning an error.
- Fixes a problem that caused the initial notification window to remain visible even when the pointer moved away from the Tunnelblick icon.
- Fixes a problem that could cause loss of embedded certificates and/or keys when editing a configuration file.
- Fixes problems that sometimes caused the 'Load tun' and 'Load tap' settings to be ignored.
- Fixes a problem which sometimes displayed an incomplete window title for the 'VPN Details…' window in languages other than English.
- Fixes a problem which sometimes caused a crash.
- Fixes a small memory leak.
New in Tunnelblick 3.3.2 (Apr 9, 2014)
- Includes OpenSSL library version 1.0.1g, which does not have the "heartbeat" vulnerability.
New in Tunnelblick 3.4 Beta 22 (Apr 9, 2014)
- Includes OpenSSL library version 1.0.1g, which does not have the "heartbeat" vulnerability.
- Shows a notification window for the most recently connected configuration upon mouseover of the Tunnelblick icon even if no configuration has been connected since Tunnelblick was launched.
- On OS X 10.9 ('Mavericks'), forces the Tunnelblick icon to be in the standard status icon position (to the left of other icons at the time Tunnelblick is launched). This is a temporary limitation until a bug in OS X is fixed.
- Allows non-ASCII characters (such as accented characters) in token names, passphrases, usernames, and passwords. (Available only in OpenVPN 2.3 and higher.)
- Includes version 1.11 of pkcs11-helper.
- Can use kill() to send SIGTERM to OpenVPN processes.
- Reorders options to OpenVPN that are required by Tunnelblick so they cannot be overridden by entries in the configuration file.
- Sets the 'IV_GUI_VER' environment variable when starting OpenVPN.
- Adds a list of any unusual files in a .tblk to the diagnostic info.
- Includes additional information in the Tunnelblick log if a script fails.
- Displays 'OpenVPN is a registered trademark of OpenVPN Technologies, Inc.' on the Info panel.
- Adds an entry to the Console Log if there are options in the configuration file that will be ignored because they are used by Tunnelblick or are incompatible with Tunnelblick.
- Fixes problems prepending new search domains and a new domain name to search domains. MANY THANKS TO ANDREW DAUGHERITY FOR FINDING AND FIXING THIS BUG.
- Fixes a problem that caused some scripts to fail.
- Fixes a problem selecting the default OpenVPN version for one or more configurations.
- Fixes a cosmetic error in the output of 'Copy Diagnostic Info to Clipboard'.
- Fixes a problem with 'Connect when computer starts' configurations that have a name that contains '-S'.
New in Tunnelblick 3.4 Beta 20 (Jan 17, 2014)
- Replaces embedded OpenSSL 1.0.1e with 1.0.1f (see OpenSSL Vulnerabilities).
- Checks and corrects ownership/permissions of launchd .plist files when Tunnelblick launches.
- Adds a list of loaded non-Apple kexts to the 'Diagnostic Info'.
- Adds detailed logging if the 'DB-ALL' preference is set.
- Inhibits use of the default 'openvpn' domain if the per-configuration '-doNotUseDefaultDomain' preference is set.
- Fixes a problem that caused the Tunnelblick icon to show the connection status incorrectly.
- Fixes two problems that caused settings to change without the user requesting the change.
- Fixes a problem with the Tunnelblick icon disappearing for five seconds after the computer wakes from sleep if Tunnelblick is not set to check for an apparent public IP address change.
- Fixes a problem using Tunnelblick after the 'Examine OpenVPN Configuration' command is used.
- Fixes a problem that caused the incorrect display of the 'Do not show on Tunnelblick menu' checkbox.
- Fixes a problem with repeated unexpected disconnection sounds when waking from sleep and there is no Internet access and 'Check if the apparent public IP address changed after connecting' is not enabled.
- Fixes a problem recognizing OpenVPN processes that were running when Tunnelblick was launched.
- Fixes a problem starting more than one configuration 'when computer starts'.
- Fixes a problem disconnecting with the disconnect menu command or notification window disconnect button.
- Fixes a problem disconnecting configurations set to start when the computer starts.
- Fixes problems when Tunnelblick is launched when more than one configuration is already connecting or connected.
- Fixes a problem that caused the 'VPN Details…' window to move to the center of the screen when the 'VPN Details…' menu command is clicked.
- Fixes a problem reconnecting after computer sleep if 'Check if apparent public IP address changes after connecting' is not checked.
- Fixes several minor memory leaks.
New in Tunnelblick 3.4 Beta 18 (Dec 19, 2013)
- Includes a new status icon (the icon in the menu bar) more in keeping with recent OS X aesthetics and which includes Retina images. (The old icon may be selected as the 'Tunnelblick 3.3 icon' on the Appearance panel of the 'VPN Details…' window.)
- Allows selection of the display on which notification windows will be shown if multiple displays are available.
- Adds a 'Run MTU maximum size test after connecting' checkbox to the 'While Connected' tab of the 'Advanced' window.
- Adds a button to obtain additional information when the user is asked if Tunnelblick should check for apparent public IP address changes. Clicking the button displays the new "Privacy and Security" wiki page.
- Adds a symlink named 'default' to the Contents/Resources/openvpn' folder. The link points to the default OpenVPN binary, which is the lowest version of OpenVPN included in that copy of Tunnelblick. (Useful for scripts: they needn't search the 'openvpn' folder to find an OpenVPN binary.)
- Fixes a problem converting some OpenVPN configurations to Tunnelblick VPN Configurations.
- Changes to Tunnelblick's handling of computer sleep:
- Adds a 'Disconnect when computer goes to sleep' checkbox on the 'Advanced' settings window; it is checked by default.
- Before reconnecting any configurations after the computer wakes up from sleep, Tunnelblick waits for an Internet connection if checking that the IP address changed is allowed; or waits for a timeout period (the default is five seconds) if it is not.
New in Tunnelblick 3.4 Beta 16 (Nov 23, 2013)
- Adds the 'Include anonymous profile information' checkbox to the Preferences panel.
- Adds the 'Keep connected' checkbox to the Settings tab of Configurations panel. This will attempt to reconnect a configuration if OpenVPN crashes.
- Allows the 'Place next to Spotlight icon' checkbox (on the Appearance panel) to be checked on OS X 10.9 ("Mavericks") with multiple displays if 'Displays have separate spaces' is unchecked in the Mission Control preferences. (Otherwise the checkbox may not be checked on Mavericks with multiple displays.)
- Allows a 'preferences.plist' file in auto-install or .auto-install folders. Tunnelblick references specified in the file are set as specified when Tunnelblick is installed. (See https://code.google.com/p/tunnelblick/wiki/cPkgs#Automatic_Installation for details.)
- Checks for apparent IP address changes asynchronously.
- Sets timer tolerances on Mavericks for lower power use.
- Adds Tunnelblick settings and specific configuration settings to the info generated by 'Copy Diagnostic Info to Clipboard'.
- Complains about OpenVPN options that cause writing to a file that is not specified with an absolute path.
- Does not allow files larger than 10MB to be in Tunnelblick VPN Configurations.
- Complains about files whose paths contain prohibited characters.
- Increases the number of status windows allowed on the screen from 64 to 4096.
- Fixes a problem with connection restarts (caused, for example, by the OpenVPN --ping-restart option) by not starting OpenVPN with the -up-restart option. The -up-restart option can be added to the configuration file if it is needed. Note: The OpenVPN configuration must not contain the 'persist-tun' option or restarts will still fail. (The OpenVPN documentation seems to be incorrect with respect to these two options.)
- Fixes a problem that sometimes caused a crash when a configuration is deleted or Tunnelblick is started with no configurations.
- Fixes a problem that sometimes caused a crash when an OpenVPN configuration file contains UTF-8 characters.
- Fixes a problem that sometimes caused a crash during the installation of a Tunnelblick VPN Configuration if a file is empty.
- Fixes a problem that sometimes caused a hang during a disconnection which encountered certain errors.
- Fixes problems that sometimes caused Tunnelblick to refuse to install Tunnelblick VPN Configurations containing certain OpenVPN configuration file constructs or that contain files in subfolders.
- Fixes a problem that caused Tunnelblick to sometimes ignore OpenVPN configurations.
- Fixes a problem that caused unpredictable behavior if a free port could not be found for managing OpenVPN.
- Fixes a problem that caused an unnecessary warning in the system log about an unknown preference.
New in Tunnelblick 3.4 Beta 14 (Oct 28, 2013)
- Implements 'Examine OpenVPN Configuration File' for Shared and Deployed configurations.
- On OS X 10.6 ('Snow Leopard') and higher, allows the user to select multiple configurations in the VPN Details… window and then change settings for all of the selected configurations. (A confirmation dialog prevents inadvertent changes.) The only setting that cannot be changed this way is the 'Connect' setting.
- Adds per-configuration 'OpenVPN version' selection to the VPN Details… window and removes 'OpenVPN version' selection from the Preferences panel.
- Adds a per-configuration 'Check that the apparent IP address changed after connecting' checkbox to the Advanced settings window.
- Replaces the 'Use Tunnelblick tun/tap drivers' checkbox on the Advanced settings window with pop-up buttons (one for tun and one for tap) that allow the user to always use the driver, never use the driver, or have Tunnelblick decide whether to use the driver based on the configuration file.
- Adds a button on the Utilities panel that opens a web page with instructions for uninstalling Tunnelblick.
- Moves 'Show configuration on Tunnelblick menu' to the Advanced settings window.
- Fixes a problem when installing a Tunnelblick VPN Configuration that includes CR-LF sequences in the OpenVPN configuration file.
- Fixes a problem with the appearance of the bottom of the configuration list in the VPN Details… window.
- Fixes a memory leak that would occur only under very unusual conditions.
New in Tunnelblick 3.4 Beta 12 (Oct 22, 2013)
- Logs more information if a sound is not found.
- Fixes a problem on OS X 10.5 and 10.6 ('Leopard' and 'Snow Leopard') that caused incorrect 'invalid signature' warnings.
- Fixes a problem on OS X 10.9 ('Mavericks') that caused Tunnelblick to crash when launched on some systems.
- Fixes a problem on OS X 10.8 and 10.9 ('Mountain Lion' and 'Mavericks') with 'Copy Diagnostic Info to Clipboard'.
- Fixes a problem that causes the log to 'freeze' under certain circumstances.
- Fixes a problem when user-supplied scripts output a lot of text to stdout or stderr.
- Fixes an error in the Italian (IT) localization.
New in Tunnelblick 3.4 Beta 10 (Oct 7, 2013)
- Includes additional security checking when Tunnelblick is launched:
- Verifies the digital signature of the Sparkle framework.
- Verifies that kexts and digital signatures are secured.
- Verifies that everything in the application is writable only by root.
- Checks that the system folders used by Tunnelblick are secure.
- Includes better error checking and reporting when installing a Tunnelblick VPN Configuration.
- Option-click (Alt-click) on most configuration settings checkboxes allows the choice of changing the setting for the selected configuration or for all configurations.
- Includes a new per-configuration preference, '-openvpnVersion' which can contain an OpenVPN version string (for example, '2.3.2'). A value of '-' will use the latest version of OpenVPN. If set, it will override the application-wide 'openvpnVersion' preference. (This preference cannot yet be set by the GUI.)
- Includes the ability to use an asterisk ("*") in front of the name of a connection-specific preference to indicate that all configurations should use that preference by default. (A specific preference for a configuration will override this default.)
- Includes a new TBAlwaysSetPreference key to Info.plist of a .tblk. It is used like TBPreference, but it causes the preference to be set 'always' -- it is reset each time the configuration is connected and when Tunnelblick starts up.
- Recovers more gracefully from OpenVPN crashes.
- Includes better help on the 'Advanced' settings page.
- Fixes a problem that caused settings on the 'While Connected' tab of the 'Advanced' window to be ignored.
- Fixes a problem with the release of a DHCP lease on a TAP connection when using the 'Set name server' DNS/WINS setting.
- Fixes a problem that did not allow .crl files in a Tunnelblick VPN Configuration (.tblk).
- Fixes several problems that caused failures when installing a Tunnelblick VPN Configuration.
New in Tunnelblick 3.4 Beta 8 (Sep 7, 2013)
- Fixes a problem that caused update checks to fail.
New in Tunnelblick 3.4 Beta 6 (Sep 7, 2013)
- Fixes a crash when accessing checkboxes on the 'Advanced' window.
- Uses digitally signed tun and tap kexts on OS X 10.9 ('Mavericks').
- Recovers more gracefully from some crashes.
- Fixes a typo in the ES (Spanish) translation.
- Fixes a problem that sometimes caused a spurious entry in the Console Log.
- Fixes a small memory leak.
New in Tunnelblick 3.4 Beta 4 (Sep 2, 2013)
- Uses https: for update checks and loading all update information. (Updates are still protected by being digitally signed; this is an additional level of security.)
- Uses https: for IP address checks that use a domain name in the URL to test DNS. Tunnelblick continues to use http: for IP address checks that use an IP address in the URL, which is done if the first IP address check (using a domain name in the URL) fails. This is done because https: requires a domain name, not an IP address. There is no information sent out that is encrypted, and the received data for this request is discarded, so encryption is not necessary, anyway.
- Adds a 'Check for updates to beta versions' checkbox in the 'Updates' section of the 'Preferences' panel, which controls the new 'updateCheckBetas' preference. If checked, Tunnelblick will check for new beta versions of Tunnelblick that are available for update, otherwise, Tunnelblick will check for new stable versions. Checked by default when running a beta version, unchecked by default when running a stable version. Note: This feature may be used to revert to the latest stable version from a later beta version: if this is un-checked in a beta version, Tunnelblick will offer to install the latest stable version, which may be a 'downgrade' from the beta version to an earlier stable version.
- Uses new URLs when checking for updates:'https://www.tunnelblick.net/appcast-s.rss' to check for new stable versions, and 'https://www.tunnelblick.net/appcast-b.rss' to check for new beta versions.
- The URL of customized or Deployed versions of Tunnelblick that contain a non-standard update feed URL have '-s' or '-b' appended to the last component of the URL before the extension (e.g. 'http://aaa/bbb/ccc.ddd' becomes 'http://aaa/bbb/ccc-s.ddd' or 'http://aaa/bbb/ccc-b.ddd' to check for stable and beta versions, respectively).
- Updates several Dutch (NL) translations; a Italian (IT) translation, and a Chinese (simplified) translation.
- Fixes spacing problems on the 'Preferences' tab that occur when there is only one version of OpenPVN included in Tunnelblick.
New in Tunnelblick 3.4 Beta 2 (Aug 8, 2013)
- Removed some extra debug logging.
- Includes a stack trace in the error message sent to the Console Log when a fatal error occurs on OS X 10.6 and higher.
- Fixes a problem installing Tunnelblick VPN Configurations that include .cer, .cert, .der, .p12, .p7b, .p7c, or .pfx files.
- Fixes problems that cause Tunnelblick to crash or hang if there were no configurations and the 'VPN Details…' menu command was clicked.
- Fixes problems when there are no configurations.
- Fixes problems that can lead to a Tunnelblick crash or hang under an unusual OS X error condition.
- Fixes problems that cause Tunnelblick to crash or hang if many changes to the configurations are made very quickly.
- Fixes a problem that caused the 'Welcome to Tunnelblick' window to appear more than once when multiple changes to the configurations are made very quickly.
- Fixes a problem that caused the status window to fail to appear when the pointer is over the Tunnelblick icon after checking or un-checking the 'Place Tunnelblick icon next to Spotlight icon' checkbox in the 'Appearances' panel.
- Fixes a problem on OS X 10.9 ('Mavericks') that caused Tunnelblick to always launch after login even if it had quit before logging out.
- Fixes a problem on OS X 10.9 ('Mavericks') that sometimes caused the Tunnelblick icon to disappear from the status bar on a computer with multiple displays.
- Fixes a problem displaying the hex code for invalid characters in files.
- Fixes a typo in message sent to the Console Log about 'login intems' (changed to 'login items').
New in Tunnelblick 3.3 (Jul 23, 2013)
- Triple-clicking the Tunnelblick icon opens the VPN Details… window, as does relaunching Tunnelblick from a Dock icon or double-clicking the application in a Finder window.
- On OS X 10.6 ('Snow Leopard') and higher, Tunnelblick now displays configurations in a way that is similar to the 'List View' in a Finder window: contents of folders can be hidden or exposed by clicking on a disclosure triangle next to the folder name. This may be disabled (and the old way of displaying configurations used) by setting the 'doNotShowOutlineViewOfConfigurations' preference to 'TRUE'.
- Adds complete Finnish and Slovak localization and partial Ukrainian and Chinese (traditional) localization
- Offers to convert OpenVPN configurations to Tunnelblick VPN Configurations. OpenVPN configurations that are NOT converted are NOT AVAILABLE for connection.
- Adds a new 'Check apparent IP address after connecting' checkbox to the 'Preferences' panel. There is no default; the user is asked if this should be done the first time Tunnelblick is launched.
- Adds a checkbox to 'Route all traffic through the VPN' on the Advanced settings window. This adds the 'redirect-gateway def1' option to the arguments to OpenVPN. Note that even if is NOT checked, the configuration file may include the option, or the server may push the option.) Default is not checked.
- Adds the 'Reconnect when computer wakes up from sleep (if connected when computer went to sleep)' checkbox to the 'Advanced' settings panel. Checked by default.
- Adds a checkbox to 'Reset the primary interface after disconnecting' on the Advanced settings window. This can fix problems caused by configurations that do not restore DNS or routing properly. The reset is done via an 'ifconfig down' followed by an 'ifconfig up' on the primary interface after the configuration is disconnected. Default is not checked.
- Adds a new checkbox on the 'Advanced' settings page that tells Tunnelblick to add the domain name provided by OpenVPN to the start of the list of search domains. This checkbox is unchecked by default, and is disabled and unchecked unless the DNS/WINS setting is set to 'Set nameserver'. Adding the domain name does not take place if the search domains are manually set.
- Adds the 'Revert Configuration…' menu command to revert a private configuration to it's last secured (shadow) version.
- Adds a 'Show when disconnected' checkbox to the 'Notification window' section of the Appearance preferences tab of the 'VPN Details…' window. This is checked by default.
- Adds the ability to edit a configuration name by clicking on it and editing it directly.
- Adds the ability to always use the latest version of OpenVPN.
- Configurations can now share credentials (usernames/passwords and pass phrases) so that the credentials need not be entered separately for each configuration. (This may be set on the 'Advanced' settings window's 'VPN Credentials' tab.)
- Changes the 'Copy Log to Clipboard' button to the 'Copy Diagnostic Info to Clipboard' button. The info copied to the clipboard includes the configuration file contents, the log contents, and recent Console log output from Tunnelblick and OpenVPN.
- Allows the Info.plist of a Tunnelblick VPN Configuration to be located either in the .tblk folder directly, or in its "Contents" subfolder.
- Allows the replacement of a Tunnelblick VPN Configuration that has an Info.plist even if it does not have a CFBundleIdentifier entry.
- Enhances security by digitally signing Sparkle.framework (signed versions only).
- Enhances security by making all of the application's contents owned by root.
- Enhances security by securing the easy-rsa folder and it's contents.
- Includes OpenVPN 2.3.2 and 2.2.1, OpenSSL 1.0.1e, and LZO 2.06.
- Fixes a bug that caused notification windows to appear in Mission Control on Lion even though they were closed.
- Adds the ability to have a 'route-pre-down.tunnelblick.sh' script that is run before closing a connection. Tunnelblick's 'Set Nameserver' setting uses this to release a TAP device's DHCP lease. This feature (and the DHCP lease release) is available only when using OpenVPN 2.3alpha1 or later and only in Tunnelblick VPN Configurations.
- Adds two AppleScript nouns for configurations: 'bytesIn' and 'bytesOut' report bytes in or out through a client connection since Tunnelblick was launched.
- Does not try to connect if the OpenVPN log file could not be created.
- Adds more specific error messages when files with unrecognized extensions or folders are in a .tblk that is being installed.
- Does not allow Unicode characters in usernames, passwords, and private keys (OpenVPN does not accept them).
- Includes more debugging information when OpenVPN starts or fails to start.
- Warns the user when trying to install a Tunnelblick VPN Configuration (.tblk) into a Deployed version of Tunnelblick that does not allow shared and/or private configurations.
- Defaults to use the oldest version of OpenVPN available, instead of the newest version.
- Adds 'Speak' to list of connect/disconnect sounds. If selected, connections and unexpected disconnections will be announced with the system default voice.
- Adds the 'Check apparent IP address after connecting' checkbox to the 'Preferences' panel. There is no default; the user is asked whether to do this the first time the user launches Tunnelblick.
- Adds the 'Reconnect when computer wakes up from sleep (if connected when computer went to sleep)' checkbox to the 'Advanced' settings panel. The default is to reconnect.
- Adds the 'Revert Configuration…' menu command to revert a private configuration to it's last secured (shadow) version.
- When requesting a computer administrator username/password for installation, Tunnelblick also shows that it will convert OpenVPN configurations to Tunnelblick VPN Configurations if the user has requested the conversion.
- Adds a subcommand to openvpnstart to revert a configuration to when it was last secured.
- Does not warn about Tunnelblick being unsigned if Debug build.
- Accepts multiple 'dhcp-option DOMAIN-SEARCH ' options in the configuration file or 'pushed' by the VPN server. If present and search domains were not manually set, they are prepended to any search domains that came from DHCP.
- Displays clearer error messages when a menu icon set is not found.
- Displays an error dialog window when a fatal error occurs or if an internal error occurs while trying to check the security of a configuration.
- No longer checks for unsigned updates.
- Adds the contents of /etc/resolv.conf to the Tunnelblick log before and after making network configuration changes.
- Inhibits flush of DNS cache on OS X 10.7 or 10.8 if Hands Off is running.
- Changes to the maximum log size now take effect immediately.
- Clarified entry made in Console log when Tunnelblick is shut down because of a Command-Q typed by the user.
- Keeps a history of Tunnelblick versions that were launched, and displays the most recently used prior version in the log.
- Adds the 'doNotLaunchOnLogin' preference, which causes Tunnelblick to not launch when the user next logs in, even if Tunnelblick was running when the user logged out. This preference cannot be set in the GUI; to set it type the following into Terminal 'defaults write net.tunnelblick.tunnelblick doNotLaunchOnLogin -bool yes'. To restore normal behavior, type 'defaults write net.tunnelblick.tunnelblick doNotLaunchOnLogin -bool yes'.
- Fixes a problem that caused configurations in submenus not to be sorted properly.
- Fixes problems indenting configuration subfolders properly in the VPN Details… window.
- Fixes a problem in the log display of the command line used to start OpenVPN (cosmetic problem).
- Fixes a problem causing loss of contents in the log display if the log contains invalid characters.
- Fixes a problem that caused the Info panel to display an incorrect OpenVPN version if no OpenVPN version was chosen on the Preferences panel.
- Fixes problems with the log display if the display gets very large.
- Fixes an invalid link in Sparkle (which implements updates) FR_CA localization.
- Fixes problems installing from a disk image.
- Fixes a problem that disabled the keyboard shortcut (hotkey) until the VPN Details… window was opened.
- Fixes a problem displaying a shortened log on OS X 10.4 ('Tiger').
- Fixes a problem that caused Tunnelblick to not create a shadow configuration file when installing a .tblk.
- Fixes a problem that caused the download statistics shown in the status/notification window to be incorrect.
- Fixes problems in Tunnelblick's patches to easy-rsa.
- Fixes a problem that sometimes left horizontal lines on the list of configurations when the list was scrolled up and down.
- Fixes a problem if a configuration was Deployed and needed to be secured.
- Fixes a problem that caused the help button on the 'While Connected' tab of the 'Advanced' settings window to do nothing.
- Fixes several problems running Tunnelblick on OS X 10.4 ('Tiger').
- Fixes a problem that sometimes caused Tunnelblick installations to fail.
- Fixes a problem that caused the Tunnelblick icon to not respond to clicks properly after a sleep/wake cycle.
- Fixes a problem that caused the Tunnelblick icon to disappear when an aborted logout takes place.
- Fixes a problem that caused reverting a configuration to its last secure shadow copy to fail.
- Fixes a problem that caused a spurious warning if Tunnelblick was Quit by Activity Monitor or reinstallation.
- Fixes warnings about unknown preferences.
- Fixes a problem that caused fatal errors in the down script if a '-useDownRootPlugin'preference was set for the configuration but no 'user nobody' or 'group nobody' options were in the configuration file.
- Fixes a problem that allowed the user to resize the VPN Details… window when a panel other than 'Configurations' is being displayed on OS X 10.7 ('Lion') and higher.
- Fixes a problem that didn't repair invalid ownership of /Library/Application Support/Tunnelblick/Users if the ownership was modified by the user.
- Fixes a problem when the installer fails when trying to connect an unsecured configuration. (This would only happen if something is drastically wrong with the system, such as incorrect ownership or permissions on /Library).
- Fixes a potential security issue when installing .tblks.
- Fixes a problem that could cause double-freeing of memory.
- Fixes a problem that sometimes caused an incorrect display of the settings of a Tunnelblick VPN Configuration that had been replaced.
- Fixes a problem that caused an unnecessary dialog window to appear when canceling the installation of a Tunnelblick VPN Configuration.
- Fixes a problem that caused overwritten or truncated text in the status window, the 'Advanced' window, and the Log tab of the 'VPN Details…' window in some languages.
- Fixes a problem in status window that displays the 'In:' and 'Out:' text incorrectly in languages other than English.
- Enhances installation of Tunnelblick VPN Configurations with improved error detection and correction:
- The user can now replace an existing configuration with a new one.
- Tunnelblick now complains about files referenced in the OpenVPN configuration file that do not exist or are accessed via a path instead of just a filename.
- Tunnelblick now removes CR characters from script files.
- TBReplaceIdentical, TBSharePackage, and TBUninstall in an .tblk outer Info.plist will override corresponding entries in nested .tblks.
- Detects rich text files and files with illegal characters.
- Adds a 'Utilities' tab to the VPN Details… window. It includes buttons to:
- Launch a customized version of OpenVPN's 'easy-rsa' in Terminal. 'easy-rsa' is a collection of command-line scripts for creating certificates and keys.
- Copy the Console Log to the Clipboard.
- Quit all OpenVPN processes.
- Includes several changes with respect to notification windows:
- Notification windows display the total amount of data uploaded and downloaded and recent up and down transfer rates for client connections.
- When the pointer (mouse) is over the Tunnelblick icon in the menu bar, the notification windows for all configurations that have been active since Tunnelblick was launched are displayed. (This may be changed on the 'Appearances' panel of the 'VPN Details…' window.)
- Notification windows do not fade away if the pointer is over any notification window (or the Tunnelblick icon, as described above).
- Notification windows now have separate 'Connect' and 'Disconnect' buttons.
- New security enhancements allow install and launch of a 'Deployed' version of Tunnelblick only if:
- It is a 'rebranded' version of Tunnelblick (source code modified to use a different name); and
- If Info.plist does not have 'tunnelblick.net' in the 'updateFeedURL' forced preference (or in SUFeedURL if there is no 'updateFeedURL' forced preference); and
- If Info.plist does not have 'net.tunnelblick' in the CFBundleIdentifier; and
- If all copies of the program include the Deploy folder. Even updates must include the Deploy folder. (Updates did not previously require the Deploy folder because it would be restored from backups maintained by the program. The program no longer maintains such backups.)
New in Tunnelblick 3.3 Beta 56 (Jul 22, 2013)
- Complete Catalan, Czech, Finnish, French, Hungarian, Italian, Japanese, Korean, Norwegian, Dutch, Portuguese, Russian, Slovak, Swedish, and Chinese (simplified) localization.
- Allows the replacement of a Tunnelblick VPN Configuration that has an Info.plist even if it does not have a CFBundleIdentifier entry.
- Detects rich text files and files with illegal characters when installing a Tunnelblick VPN Configuration or converting an OpenVPN configuration.
- Allows the Info.plist of a Tunnelblick VPN Configuration to be located either in the .tblk folder directly, or in its "Contents" subfolder.
- Fixes a problem that sometimes caused an incorrect display of the settings of a Tunnelblick VPN Configuration that had been replaced.
- Fixes a problem that caused an unnecessary dialog window to appear when canceling the installation of a Tunnelblick VPN Configuration.
- Fixes a problem that sometimes caused no configuration to be selected the first time a freshly-installed Tunnelblick is launched.
- Fixes a problem that sometimes caused an invalid OpenVPN version to select the default version of OpenVPN, instead of the latest version.
- Fixes a problem that caused overwritten or truncated text in the status window, the 'Advanced' window, and the Log tab of the 'VPN Details…' window in some languages.
- Fixes a problem in status window that displays the 'In:' and 'Out:' text incorrectly in languages other than English.
- Fixes a problem that caused the 'Remove Credentials' submenu to be too narrow to fit localized text, and updates the Japanese localization with better translations.
New in Tunnelblick 3.3 Beta 54 (Jun 26, 2013)
- Includes complete German, Spanish, and Polish localization.
- Includes OpenVPN version 2.3.2.
- Adds the ability to edit a configuration name by clicking on it and editing it directly (OS X 10.6 and higher only).
- Adds the ability to always use the latest OpenVPN version that is available.
- Adds a confirmation dialog if user has no Tunnelblick VPN Configurations and does not want to convert OpenVPN configurations to Tunnelblick VPN Configurations.
- Fixes a problem that caused openvpn and down-root.so binaries to not be digitally signed.
- Fixes a problem disconnecting configurations using the down-root plugin if killall is allowed.
- Fixes a problem with up & down scripts failing when /etc/resolv.conf is empty except for comments.
- Fixes a problem that displayed the wrong version of VPN that would be used if the requested version is not available.
- Fixes a problem using WiFi after disconnecting if 'Reset the primary interface after disconnecting' is checked.
- Fixes a problem converting an OpenVPN configuration that contains an inline key/cert/etc.
- Fixes a problem that failed to keep a configuration selected after it was renamed.
- Fixes a problem verifying digital signatures of Deployed versions of Tunnelblick.
- Fixes a problem that could cause double-freeing of memory.
- Fixes a problem that could cause the the status window to show incorrect statistics.
- Fixes a problem that could cause credits on Info panel to appear in an incorrect font.
New in Tunnelblick 3.3 Beta 52 (May 21, 2013)
- Fixes a problem that caused Tunnelblick to be unable to install a Tunnelblick VPN Configuration (".tblk") that has a path component that starts with a dot (".").
- Fixes a problem on OS X 10.4 ("Tiger") that caused the copyright date in the startup screen to be displayed incorrectly.
- Fixes a extraneous warning about Info.plist options that do not exist being ignored when installing or converting to a .tblk.
- Fixes a minor memory leak.
- Fixes problems converting an OpenVPN configuration file that:
- Uses files with extensions that Tunnelblick does not know how to secure properly; or
- Does not end with a linefeed; or
- Has 'inline options; or
- Has a path component that starts with a dot (".").
New in Tunnelblick 3.2.9 (May 15, 2013)
- Preparation for updating to Tunnelblick 3.3.
- Only this and later versions will be able to update to Tunnelblick 3.3 when it becomes available as a stable release.
New in Tunnelblick 3.3 Beta 50 (May 12, 2013)
- Saves and restores the configuration selected in the configuration list in the 'VPN Details…' window.
- Saves and restores folder expansion states in the configuration list in the 'VPN Details…' window.
- Fixes a problem converting OpenVPN configuration files that have backslashes in paths.
- Fixes a problem converting OpenVPN configuration files that have multiple OpenVPN options using the same file or files with the same name.
- Fixes a problem converting OpenVPN configuration files that have script file names that do not have a '.sh' extension.
- Fixes a problem displaying line numbers in OpenVPN configuration files in the log when converting OpenVPN configurations.
- Fixes a problem that caused Deployed versions to ignore forced preferences.
New in Tunnelblick 3.3 Beta 48 (May 8, 2013)
- Allows the 'skipWarningAboutNoSignature' preference to be forced. This preference inhibits warnings about the application not being digitally signed.
- Adds additional DNS information to the Tunnelblick log.
- Adds a 'Copy Console Log to Clipboard' button to the Utilities panel.
- When installing Tunnelblick VPN Configurations (.tblks) that include nested .tblks inside them, TBReplaceIdentical, TBSharePackage, and TBUninstall in the outer Info.plist will override corresponding entries in the nested .tblks.
- No longer restores the 'Setup:' DNS key in scutil if it isn't needed (some OS X 10.7 setups, and all OS X below 10.7).
- Fixes a security issue when installing Tunnelblick VPN Configurations (.tblks).
- Fixes a problem in the build of OpenVPN 2.3.1 that caused it to reject the 'keysize' option.
- Fixes a problem that caused failures when using auto-install and .auto-install folders to install Tunnelblick VPN Configurations when Tunnelblick is installed.
- Fixes a problem that caused 'pre-connect', 'connected.sh', 'reconnecting.sh', and 'post-disconnect.sh' scripts in shared configurations to not be executed.
- Fixes a problem when the installer fails when trying to connect an unsecured configuration. (This would only happen if something is drastically wrong with the system, such as incorrect ownership or permissions on /Library).
- Allows install and launch of a 'Deployed' version of Tunnelblick:
- If it is a 'rebranded' version of Tunnelblick (source code modified to use a different name); and
- If Info.plist does not have 'tunnelblick.net' in the 'updateFeedURL' forced preference (or in SUFeedURL if there is no 'updateFeedURL' forced preference); and
- If Info.plist does not have 'net.tunnelblick' in the CFBundleIdentifier; and
- All copies of the program include the Deploy folder. (Even updates must include the Deploy folder. Udpates did not previously require the Deploy folder because it would be restored from backups maintained by the program. The program no longer maintains backups.)
New in Tunnelblick 3.3 Beta 46 (Apr 23, 2013)
- Security: Digitally signs Tunnelblick's copies of OpenVPN.
- Includes a 64-bit Intel version of OpenVPN 2.3.1.
New in Tunnelblick 3.3 Beta 45 (Apr 20, 2013)
- This is an experimental build of Tunnelblick which contains three versions of OpenVPN, for debugging the problem reported at https://groups.google.com/d/msg/tunnelblick-discuss/kWE4ZW6TznA/wSDHrrJhjMkJ and in other threads.
New in Tunnelblick 3.3 Beta 44 (Apr 16, 2013)
- Fixes a problem when converting an OpenVPN configuration with the 'auth-user-pass' option to a Tunnelblick VPN Configuration.
- Fixes a problem updating the configurations display when a configuration is added or deleted.
New in Tunnelblick 3.3 Beta 42 (Apr 15, 2013)
- Fixes a problem that caused DHCP over tap connections to fail.
- Fixes a problem that caused the failure to install a 'Tunnelblick VPN Configuration'.
- Fixes a problem that caused fatal errors in the down script if a '-useDownRootPlugin'preference was set for the configuration but 'user nobody' and 'group nobody' were not used.
- Fixes a problem that caused warnings about obsolete preferences.
- Fixes a problem that caused the Console log to not be included on the Clipboard when the 'Copy Diagnostic Info to the Clipboard' button is used by a user who is not an administrator.
- Diagnostic information now includes the user's status as a 'standard' or 'admin' user.
New in Tunnelblick 3.3 Beta 40 (Apr 11, 2013)
- Fixes a problem with Tunnelblick's new 64-bit OpenVPN 2.2.1 by only including the 32-bit versions of OpenVPN.
New in Tunnelblick 3.3 Beta 38 (Apr 10, 2013)
- On OS X 10.6 ('Snow Leopard') and higher, Tunnelblick now displays configurations in a way that is similar to the 'List View' in a Finder window: contents of folders can be hidden or exposed by clicking on a disclosure triangle next to the folder name. This may be disabled (and the old way of displaying configurations used) by setting the 'doNotShowOutlineViewOfConfigurations' preference to 'TRUE'.
- Replaces OpenVPN version 2.3alpha1 with version 2.3.1, and runs OpenVPN, OpenSSL, and LZO in 64-bit mode when it is available (Intel only) -- many thanks to HAROLD MOLINA-BULLA.
- Changes the 'Copy Log to Clipboard' button to the 'Copy Diagnostic Info to Clipboard' button. The info copied to the clipboard includes the configuration file contents, the log contents, and recent Console log output from Tunnelblick and OpenVPN. (Configuration file contents have inline data removed so as to not disclose private keys.)
- Keeps a history of Tunnelblick versions that were launched, and displays the most recently used prior version in the log.
- Adds a checkbox to 'Route all traffic through the VPN' on the Advanced settings window. This adds the 'redirect-gateway def1' option to the arguments to OpenVPN. Note that even if is NOT checked, the configuration file may include the option, or the server may push the option.) Default is not checked.
- Adds a checkbox to 'Reset the primary interface after disconnecting' on the Advanced settings window. The reset is done via an 'ifconfig down' followed by an 'ifconfig up' on the primary interface after the configuration is disconnected. Default is not checked.
- Adds the 'doNotLaunchOnLogin' preference, which causes Tunnelblick to not launch when the user next logs in, even if Tunnelblick was running when the user logged out. This preference cannot be set in the GUI; to set it type the following into Terminal 'defaults write net.tunnelblick.tunnelblick doNotLaunchOnLogin -bool yes'. To restore normal behavior, type 'defaults write net.tunnelblick.tunnelblick doNotLaunchOnLogin -bool yes'.
- Allows Tunnelblick.app to have any name (but it still must be installed into /Applications).
- Updates LZO to version 2.06.
- Updates the help displays.
- Changes to the maximum log size now take effect immediately.
- Clarified entry made in Console log when Tunnelblick is shut down because of a Command-Q typed by the user.
- Fixes a problem that didn't repair invalid ownership of /Library/Application Support/Tunnelblick/Users if the ownership was modified by the user.
- Fixes a problem that sometimes caused the last part of the log to be hidden.
- Fixes a problem that caused failures when converting a shared Tunnelblick VPN Configurations to be private.
- Fixes a problem that allowed the user to resize the VPN Details… window when a panel other than 'Configurations' is being displayed on OS X 10.7 ('Lion') and higher.
- Enhances installation of Tunnelblick VPN Configurations with improved error detection and correction:
- The user can now replace an existing configuration with a new one.
- Tunnelblick now complains about files referenced in the OpenVPN configuration file that do not exist or are accessed via a path instead of just a filename.
- Tunnelblick now removes CR characters from script files.
New in Tunnelblick 3.3 Beta 36 (Mar 28, 2013)
- Removes uninstaller from disk image.
New in Tunnelblick 3.3 Beta 34 (Mar 28, 2013)
- Security update: Replaces OpenSSL 1.0.1c with 1.0.1e. (See http://www.openssl.org/news/secadv_20130204.txt and http://www.openssl.org/source/exp/CHANGES).
- Accepts multiple "dhcp-option DOMAIN-SEARCH " options in the configuration file or "pushed" by the VPN server. If present and search domains were not manually set, they are prepended to any search domains that came from DHCP.
- Adds an Uninstaller to the Tunnelblick disk image. Double-click to uninstall /Applications/Tunnelblick, or drop a Tunnelblick application onto a copy of the Uninstaller on your boot drive.
- Removes the 'Suggestion or Bug Report' menu item. (Only 4 suggestions or bug reports were made among several hundred submissions.)
- Displays dialog when a fatal error occurs.
- Clearer error messages when a menu icon set is not found.
- No longer checks for unsigned updates.
- Adds the contents of /etc/resolv.conf to the Tunnelblick log before and after making network configuration changes.
- Adds Erwann Thoraval in the credits for French translations on the Info panel for all languages.
- Fixes problems indenting configuration subfolders properly in the VPN Details… window.
- Fixes misspelling of 'Disconnect' in status window.
- Fixes bug that caused the Info panel to display an incorrect OpenVPN version if no OpenVPN version was chosen on the Preferences panel.
- Fixes bug that caused the Tunnelblick icon to not respond to clicks properly after a sleep/wake cycle.
- Fixes bug that caused the Tunnelblick icon to disappear when an aborted logout takes place.
- Fixes bug that caused reverting a configuration to its last secure shadow copy to fail.
- Fixes bug that caused a spurious warning if Tunnelblick was Quit by Activity Monitor or reinstallation.
- Fixes warnings about unknown preferences.
- Complains with an error dialog window if an internal error occurs while trying to check the security of a configuration.
New in Tunnelblick 3.3 Beta 32 (Jan 7, 2013)
- Fixes several security issues.
- Fixes a problem that disabled all choices in the 'Connect' menu on the 'Settings' tab of the 'Configurations' panel of the 'VPN Details…' window.
- Fixes a delay when disconnecting if only one configuration is connected.
- Fixes a problem that did not connect a configuration automatically after updating a shadow configuration.
- Fixes problems that caused some scripts in Tunnelblick VPN Configurations to not be executed.
New in Tunnelblick 3.3 Beta 30 (Dec 27, 2012)
- Updates the easy-rsa programs to fix bugs in the Tunnelblick patches.
- Secures the easy-rsa folder and its contents.
- Warns the user when trying to install a Tunnelblick VPN Configuration (.tblk) into a Deployed version of Tunnelblick that does not allow shared and/or private configurations.
- Fixes bugs in Sparkle Updater's isDeployed and hasDeployBackups detection
- Fixes a bug that caused a log message to show permissions as decimal instead of octal.
- Fixes a bug that caused installer to fail if /Library/Application Support/Deploy subfolder was not secure."
- Fixes bug that caused failures in conversion of an OpenVPN configuration file to a Tunnelblick VPN Configuration (.tblk) if the configuration file does not use separate key, certificate, script, etc. files.
New in Tunnelblick 3.3 Beta 28 (Oct 23, 2012)
- Configurations can share credentials (usernames/passwords and pass phrases) so that the credentials need not be entered separately for each configuration. (This may be set on the 'Advanced' settings window's 'VPN Credentials' tab.)
- Triple-clicking the Tunnelblick icon opens the VPN Details… window, as does relaunching Tunnelblick from a Dock icon or double-clicking the application in a Finder window.
- Adds 'Speak' to list of connect/disconnect sounds. If selected, connections and unexpected disconnections will be announced with the system default voice.
- Defaults to use the oldest version of OpenVPN available, instead of the newest version.
- Adds the 'Check apparent IP address after connecting' checkbox to the 'Preferences' panel. There is no default; the user is asked whether to do this the first time the user launches Tunnelblick.
- Adds the 'Reconnect when computer wakes up from sleep (if connected when computer went to sleep)' checkbox to the 'Advanced' settings panel. The default is to reconnect.
- Adds the 'Revert Configuration…' menu command to revert a private configuration to it's last secured (shadow) version.
- When requesting a computer administrator username/password for installation, Tunnelblick also shows that it will convert OpenVPN configurations to Tunnelblick VPN Configurations if the user has requested the conversion.
- Adds a subcommand to openvpnstart to revert a configuration to when it was last secured.
- Does not warn about Tunnelblick being unsigned if Debug build.
- Fixes a problem that sometimes left horizontal lines on the list of configurations when the list was scrolled up and down.
- Fixes a problem if a configuration was Deployed and needed to be secured.
- Fixes a problem that caused the help button on the 'While Connected' tab of the 'Advanced' settings window to do nothing.
- Fixes several problems running Tunnelblick on OS X 10.4 ('Tiger').
- Inhibits flush of DNS cache on OS X 10.7 or 10.8 if Hands Off is running. (This was included in 3.3beta26.)
- Fixes a bug that sometimes caused Tunnelblick installations to fail.
New in Tunnelblick 3.3 Beta 26 (Oct 13, 2012)
- Installs, and should be used, only if no Deployed versions of Tunnelblick have previously been installed. (This restriction will probably be removed in later releases.)
- Installs even if there are OpenVPN configurations (.ovpn and .conf files).
- Offers to convert OpenVPN configurations to Tunnelblick VPN Configurations. OpenVPN configurations that are NOT converted are NOT AVAILABLE for connection.
- Recognizes files with '.cert' extensions as certificate files.
- When installing a Tunnelblick VPN Configuration, automatically removes path prefixes from configuration file entries that accept paths or commands.
- Adds a 'Show when disconnected' checkbox to the 'Notification window' section of the Appearance preferences tab of the 'VPN Details…' window. This is checked by default.
- Checks Tunnelblick's digital signature, and warns the user if it is missing or invalid.
- Fixes a problem that caused configurations in submenus not to be sorted properly.
- Changes the status/notification window's single Connect/Disconnect button to two separate buttons.
- Adds more specific error messages when files with unrecognized extensions or folders are in a Tunnelblick VPN Configuration (.tblk) that is being installed.
- Removes the 'keyboardShortcutKeyCode' and 'keyboardShortcutModifiers' preferences.
- Fixes problems installing from a disk image.
- Fixes a problem that disabled the keyboard shortcut (hotkey) until the VPN Details… window was opened.
- Fixes a problem causing the Tunnelblick icon to become invisible when changing settings on the 'Appearance' panel.
- Fixes a problem displaying a shortened log on OS X 10.4 ('Tiger').
- Fixes a problem that caused Tunnelblick to not create a shadow configuration file when installing a Tunnelblick VPN Configuration (.tblk).
- Fixes a problem that caused the download statistics shown in the status/notification window to be incorrect.
New in Tunnelblick 3.3 Beta 24 (Sep 13, 2012)
- Fixes problems installing from disk image.
New in Tunnelblick 3.3 Beta 22 (Sep 13, 2012)
- Installs, and should be used, only if:
- All private configurations are Tunnelblick VPN Configurations (.tblk files);
- It is not a Deployed version; and
- No Deployed versions of Tunnelblick have previously been installed.
- Will install to, and may only be run from, /Applications.
- Fixes security issues raised by Tunnelblick Issue 212.
New in Tunnelblick 3.3 Beta 21a (Sep 13, 2012)
- Prevents the display of notification windows for configurations that are disconnected if the 'doNotShowDisconnectedNotificationWindows' preference is true.
- Fixes incorrect display of VPN traffic statistics.
- Restores support for PowerPC processors and OS X 10.4 ("Tiger")
- Prepares for update to 3.3beta22
- New 'Welcome window' feature:
- If a 'Welcome' folder exists as a subfolder of Deploy and contains an 'index.html' file, that file will be displayed as a welcome screen when Tunnelblick is launched.
- Otherwise, if a 'welcomeURL' preference exists and is being forced, that URL will be displayed as a welcome screen when Tunnelblick is launched.
- If a 'welcomeWidth' and/or 'welcomeHeight' preference exists, its numeric value will be used for the width or height of the HTML display area of the welcome screen (otherwise, the area will be 500 pixels square).
- If a 'doNotShowWelcomeDoNotShowAgainCheckbox' preference exists and is true, a 'Do not show this again' checkbox will appear in the welcome window.
- If a 'skipWelcomeScreen' preference exists and is true, the welcome screen will not be shown.
New in Tunnelblick 3.3 Beta 20 (Aug 30, 2012)
- After installing this version, Tunnelblick can only be updated by a computer administrator.
- Attempts IP address check five seconds after a VPN connection is made, with a thirty second timeout. This makes it less likely that the 'No DNS' message will appear when DNS is working properly.
- Shows '(Deployed)' in the Info panel for Deployed versions of Tunnelblick.
- Refuses to install a signed version of Tunnelblick over a Deployed version unless the signed version has its own Deploy folder.
- Adds additional check for valid URL for updates and logs error instead of silently failing to check for updates.
- Fixes several problems caused by digital signatures.
- Fixes a problem in the standard down script for TAP connections.
- Fixes a problem that caused DNS cache flushes to fail silently.
- Fixes a problem with route-pre-down scripts if 'user nobody' and 'group nobody' are specified and openvpn-down-root.so is used.
- Changes to Sparkle Updater to prepare for later releases
New in Tunnelblick 3.2.8 (Aug 11, 2012)
- Fixes several problems caused by digital signatures.
New in Tunnelblick 3.2.7 (Aug 6, 2012)
- SECURITY UPDATE: Includes OpenSSL 1.0.0j, the latest security update to the 1.0.0 branch of OpenSSL.
- Tunnelblick 3.2 has reverted to using the OpenSSL 1.0.0 branch (from the 1.0.1 branch) because of problems with OpenSSL 1.0.1b on some PowerPC computers.
- Fixes a problem when a Tunnelblick VPN Configuration (.tblk) is not a folder.
- Fixes crashes of the Tunnelblick UI under two separate sets of complex circumstances.
New in Tunnelblick 3.3 Beta 18 (Aug 4, 2012)
- Fixes several problems on Mountain Lion and temporarily adds extra logging to help diagnose problems.
- Restores the default 'Set nameserver' DNS/WINS setting to restart when 'SearchDomain' is changed.
- Adds a new checkbox on the 'Advanced' settings page that tells Tunnelblick to add the domain name provided by OpenVPN to the start of the list of search domains. This checkbox is disabled and unchecked unless the DNS/WINS setting is set to 'Set nameserver'. Adding the domain name does not take place if the search domains are manually set.
- Checks that the computer's apparent public IP address changes when connected to a VPN. This can help diagnose connection and DNS problems. (Tunnelblick asks for permission to do this the first time it is launched for each user on a computer.)
- Fixes a crash of the Tunnelblick UI in certain complex circumstances.
New in Tunnelblick 3.3 Beta 16 (Jul 27, 2012)
- Fixes a problem that stops updates from being installed.
New in Tunnelblick 3.3 Beta 14 (Jul 27, 2012)
- Fixes problems with DNS on OS X 10.8 ("Mountain Lion") when using the default DNS/WINS setting of 'Set nameserver'.
New in Tunnelblick 3.3 Beta 12 (Jul 25, 2012)
- Reverts to OpenVPN 2.3-alpha1 to fix problems with the build of OpenVPN 2.3_alpha2.
- Fixes problems causing long delays when logging out or sleeping, restarting, or shutting down the computer.
- Fixes a problem causing the Tunnelblick icon to disappear.
New in Tunnelblick 3.3 Beta 10 (Jul 20, 2012)
- Fixes a problem disabling network connection monitoring.
- Fixes a problem with OpenVPN version 2.3alpha2 being 'unknown' and disabling scripts.
- Fixes a problem implementing preferences having to do with what to do when there are changes to the network settings.
New in Tunnelblick 3.3 Beta 08 (Jul 19, 2012)
- SECURITY UPDATE: Updates OpenSSL to 1.0.1c (OpenSSL's advisory)
- Tunnelblick is now digitally signed by an Apple 'identified developer', so that it may be installed with the default settings for Gatekeeper on OS X 10.8 ("Mountain Lion").
- Updates to and uses OpenVPN version 2.3alpha2 by default. OpenVPN version 2.2.1 can be used instead by selecting it in the 'Preferences' panel of the 'VPN Details…' window.
- Fixes a problem that caused configurations to connect and disconnect repeatedly on OS X 10.8 ("Mountain Lion").
- Fixes a problem that caused a warning on the console log that the 'SUSkippedVersion' preference was unknown.
New in Tunnelblick 3.3 Beta 06 (May 8, 2012)
- Enhances security by digitally signing Sparkle.framework (signed versions only).
- Fixes a problem installing or launching Tunnelblick when a .tblk exists but is not a folder (i.e., not an OS X package).
- Fixes problems on OS X 10.4 ('Tiger').
- Fixes a problem that sometimes caused updates to unsigned versions of Tunnelblick instead of to signed versions.
- Note: this was not caused by a problem in Tunnelblick itself -- it was caused by a misconfiguration on the tunnelblick.net website (the website used to check for updates). The misconfiguration was fixed on 2012-05-05 at 23:54 +04:00.
New in Tunnelblick 3.2.6 (May 3, 2012)
- Fixes a crash on OS X 10.4 ("Tiger") or PowerPC.
New in Tunnelblick 3.2.5 (Apr 30, 2012)
- Fixes a problem with the digital signatures of updates in 3.2.4.
New in Tunnelblick 3.3 Beta 04 (Apr 28, 2012)
- SECURITY UPDATE: Replaces OpenSSL 1.0.1 with 1.0.1b.
- Enhances security by making all of the application's contents owned by root.
- Fixes bug when on OS X 10.4 ("Tiger") that used an unavailable method.
- Fixes invalid links in Sparkle (which implements updates) FR_CA localization.
- Fixes Issue 205 (notification windows overlapping each other).
- Fixes some compiler warnings from Xcode 4.
New in Tunnelblick 3.2.4 (Apr 28, 2012)
- SECURITY UPDATE: Replaces OpenSSL 1.0.0g with 1.0.1b.
- Fixes a problem with 'While connected' actions not always being saved in the 'Advanced' settings window.
- Disconnects a configuration if a Tunnelblick VPN Configuration script returns a non-zero (mod 256) result.
- Logs explanations of why a disconnection occurred.
- Logs Tunnelblick VPN Configuration script execution and result codes.
- Logs unknown 'foreign_option's found by the standard up script.
- Fixes a problem when there are no icon sets.
- Fixes bugs in OpenVPN's easy-rsa scripts that cause errors when the path to easy-rsa contains whitespace.
- Fixes several compiler warnings detected by Xcode 4.
New in Tunnelblick 3.3 Beta 02 (Mar 17, 2012)
- Includes Several changes have been made concerning notification windows:
- Notification windows display the total amount of data uploaded and downloaded and recent up and down transfer rates for client connections.
- When the pointer (mouse) is over the Tunnelblick icon in the menu bar, the notification windows for all configurations that have been active since Tunnelblick was launched are displayed. (This may be changed on the 'Appearances' panel of the 'VPN Details…' window.)
- Notification windows do not fade away if the cursor is over any notification window (or the Tunnelblick icon, as described above).
- Notification windows for disconnected configurations have a 'Connect' button.
- Fixes a bug that caused notification windows to appear in Mission Control on Lion even though they were closed.
- Adds Openvpn 2.3alpha1, removes OpenVPN 2.1.4.
- Adds a 'Utilities' tab to the VPN Details… window. It includes:
- A 'Terminate all OpenVPN processes' button.
- A 'Run easy-rsa in Terminal' button.
- Click the '?' button on the tab for more information about these features.
- Adds the ability to have a 'route-pre-down.tunnelblick.sh' script that is run before closing a connection. Tunnelblick's 'Set Nameserver' scripts use this to release a TAP device's DHCP lease. This feature (and the DHCP lease release) is available only when using OpenVPN 2.3alpha1 and only in Tunnelblick VPN Configurations.
- Includes a customized version of OpenVPN's 'easy-rsa' 2.0 command-line scripts for creating certificates and keys.
- Adds two AppleScript nouns for configurations: 'bytesIn' and 'bytesOut' report bytes in or out through a client connection since Tunnelblick was launched.
- Adds a 'Suggestion or Bug Report…' menu item to beta versions of Tunnelblick unless the 'doNotShowSuggestionOrBugReportMenuItem' preference is true.
- Includes OpenSSL 1.0.1.
- Does not try to connect if the OpenVPN log file could not be created.
- Does not allow Unicode characters in usernames, passwords, and private keys (OpenVPN does not accept them).
- Includes more debugging information when OpenVPN starts or fails to start.
- Includes enhancements to the Tunnelblick build/clean process (see r1965 for details).
- Includes preparations for Mountain Lion.
- Disconnects a configuration if a Tunnelblick VPN Configuration script returns a non-zero (mod 256) result.
- Logs explanations of why a disconnection occurred.
- Logs Tunnelblick VPN Configuration script execution and result codes.
- Logs unknown 'foreign_option's found by the standard up script.
- Fixes a bug in log display of the command line used to start OpenVPN (cosmetic problem).
- Fixes a bug causing loss of contents in the log display if the log contains invalid characters.
- Fixes problems with the log display if the display gets large.
- Fixes a problem with 'While connected' actions not always being saved in the 'Advanced' settings window.
- Fixes a problem when there are no icon sets.
- Fixes several compiler warnings detected by Xcode 4.
New in Tunnelblick 3.2.3 (Jan 27, 2012)
- Fixes a security vulnerability in OpenSSL by updating to OpenSSL version 1.0.0g. See http://www.openssl.org/news/secadv_20120118.txt for details.
- Fixes a bug that sometimes caused repeated restarts of a connection when the search domain changed after the connection was established.
- "Deployed" versions that update from the Tunnelblick website always update to unsigned versions to avoid problems with the OS X Keychain.
- Fixes some French localization.
- At launch, if Tunnelblick is updating from the official Tunnelblick site and has an invalid digital signature (for example, the program is a Deployed version or has been modified in some other way by the user), an update to an unsigned version of Tunnelblick will be offered immediately -- even if the user has turned off automatic updates -- unless the "updateCheckAutomatically" preference is being forced to false or the user is not an administrator and the "onlyAdminCanUpdate' preference is false or not present.
New in Tunnelblick 3.2.2 (Jan 9, 2012)
- Fixes six OpenSSL security flaws by updating OpenSSL from 1.0.0e to 1.0.0f. See http://www.openssl.org/news/secadv_20120104.txt for details.
- Fixes a problem that caused a restart of the connection as a result of a DHCP renewal.
- Fixes failure to ask what should be done when the user enters an incorrect private key (passphrase).
New in Tunnelblick 3.2.1 (Dec 30, 2011)
- Fixes a problem preventing installation or updates for some users on OS X 10.4.
- Fixes problems connecting (loading tun/tap kexts) for some users.
New in Tunnelblick 3.2 (Dec 20, 2011)
- Fixes a security vulnerability found in Tunnelblick 3.2beta36. (See 2011-12-19 Tunnelblick Vulnerability FAQ for details.)
- Includes complete Japanese localization by Yoshihisa Kawamoto.
- Fixes a memory leak and a problem that caused a failure to localize tabs in the "Advanced" settings window.
New in Tunnelblick 3.2 Beta 36 (Dec 20, 2011)
- Includes additional Japanese localization by Yoshihisa Kawamoto.
- Adds more control over what Tunnelblick does when a network setting changes. Controls are located on the "While Connected" tab of the Advanced configuration settings. (These controls may not be modified if the per-configuration 'CONFIGURATIONNAME-leasewatchOptions' preference is present. That preference is now deprecated.)
- Includes fixes to format of Czech localization of credits.
- Includes additional log entry if ExecuteAuthorized fails.
- When installing and securing Tunnelblick, logs a warning but continues to install if the private configurations folder is not present. (Previously, the installation was abandoned if the private configurations folder was not present.)
New in Tunnelblick 3.2 Beta 34 (Nov 28, 2011)
- Includes a Hungarian translation by Marcell Szabo, and a Czech translation by Petr Šrajer.
- Includes the latest Tuntap release (version 20111101) for Snow Leopard and higher (Tunnelblick uses version 19990913 for Tiger and Leopard). This should fix the "kernel: Failed to add membership to all-hosts multicast address on interface" error in Lion.
- Fixes a bug in the build process that causes an extra copy of a tun/tap kext to be stored inside each tun/tap kext when a build has already been done.
- For an "Unsigned Release" build, " Unsigned" is appended to CFBundleShortVersionString (the marketing version string). Similarly, for a "Debug" build, " Debug" is appended.
- Fixes problems updating Tunnelblick caused by digital signatures on Deployed versions. When installing updates on a non-customized version of Tunnelblick (i.e., the Info.plist SUFeedURL entry is "http://tunnelblick.net/appcast.rss"):
- If the "updateSigned" preference is set, the application will be updated with a signed version;
- Otherwise, if the "updateUnsigned" preference is set, the application will be updated with an unsigned version;
- Otherwise, versions before 3.2beta34 are updated with signed versions; versions 3.2beta34 and higher are updated with signed versions only if they are themselves signed, otherwise they are updated with unsigned versions.
- "Signed" does not refer to the update itself, which is always digitally signed for authenticity. It refers to the Tunnelblick.app application being signed so that the updated version can use Keychain items without OS X prompting the user for permission.
- See Tunnelblick and Digital Signatures for more details.
New in Tunnelblick 3.2 Beta 32 (Oct 12, 2011)
- Includes OpenSSL version 1.0.0e.
- Complete Polish localization by Magdelena Zajac and Łukasz M.
- Improved French localization by Olivier Borowski.
- Removes extra logging by Tuntap kexts introduced in 3.2beta30.
- Does not allow a configuration to be renamed or made private or made shared unless the configuration is disconnected.
- Fixes a problem with configurations set to connect 'when computer starts'.
- Fixes a problem not accepting digits in domain names pushed by the VPN server. Now accepts A-Z, a-z, 0-9, '-', and '.' in domain names. Does NOT accept internationalized domain names.
New in Tunnelblick 3.2 Beta 28 (Aug 1, 2011)
- Johan Nilsson and Tim Malmström have provided Swedish localization.
- Prevents kernel panics on OS X 10.7 "Lion" by reverting to OpenVPN 2.1.4.
- Tunnelblick can now be updated even if its name is not Tunnelblick.app.
- A splash window with status information appears while Tunnelblick is starting up. It will not be displayed if 'Display window while Tunnelblick is starting up' is unchecked on the 'Appearance' panel of the 'VPN Details…' window. (Controlled by the 'doNotShowSplashWindow' preference.)
- You can now select and copy the version information in the Info panel.
- Fixes bug that caused a failure to display an error message and a many-second delay when user tries to set a non-.tblk to start when the computer starts.
New in Tunnelblick 3.2 Beta 26 (Jul 21, 2011)
- Aleix Dorca has provided a complete Catalan localization.
- Emma Segev and Tjalling Soldatt have provided complete Dutch localization.
- Peter K. O'Connor has provided complete Chinese (simplified) localization.
- Dennis Ukhanov, Eugene Trufanov, Nail Gilmanov, & Victor Ptichkin have provided complete Russian localization.
- Changes the 'Show/Hide Configuration on Tunnelblick Menu' menu command to be the 'Show on menu' checkbox on the 'Settings' tab.
- Un-rebrands the license description unless the 'doNotUnrebrandLicenseDescription' preference is set.
- Fixes bugs when menu icon sets are not available.
- Fixes bugs when updating Tunnelblick while a connection is active.
- Fixes console warning about unrecognized preference.
New in Tunnelblick 3.2 Beta 24 (Jul 15, 2011)
- Complete German localization by Marcus Schneider.
- Complete French localization by Jeremy Sherman.
- Complete Korean localization by Kyoungmin Kim.
- Complete Norwegian localization by Jon Luberth.
- Complete Portuguese localization by Denis Volpato Martins.
- Includes OpenVPN version 2.2.1.
- Now loads sounds each time the Configurations panel is displayed, so any sounds added by the user can be used immediately.
- Adds protection against race conditions in sleeping and quitting.
- The credits and license description on the Info panel are now localized.
- Fixes a bug that didn't update 'Settings' tab items properly when a different configuration was selected in the 'Configurations' panel.
- Fixes a bug that caused several items to appear in English instead of the preferred language, even if a preferred language translation of the item was available.
- Fixes a bug that caused the 'Advanced' window to pop up in front of any other application's window when the notification window appears.
- Fixes a bug that caused the 'Glass' sound to be used when a tunnel is established and the 'Basso' sound to be used when a tunnel was torn down if the preference for the sound was set to 'None'
- Fixes a bug that caused the 'Advanced' window to pop up in front of any other application's window when the notification window appears.
- Fixes a bug that ignored the Enter and Escape keys when entering a VPN username/password or passphrase.
- Fixes a bug that caused the 'Glass' sound to be used when a tunnel is established and the 'Basso' sound to be used when a tunnel was torn down if the preference for the sound was set to 'None'
- Fixes a bug that caused problems and failed to properly warn the user that a private configuration cannot be set to start when the computer starts.
- Fixes several small memory leaks.
- Fixes a possible race condition when quitting Tunnelblick.
New in Tunnelblick 3.2 Beta 18 (Jun 28, 2011)
- Changes to the sound settings now take effect immediately.
- Shows a splash screen during installation.
- Cascades status windows when multiple status windows are being displayed simultaneously.
- Fixes a problem that displayed incorrect sound 'on connect' and sound 'on unexpected disconnect' selections when no selections have been made. (Should have displayed 'None' for each, but displayed 'Glass' and 'Basso'.)
- Includes several other small changes and bug fixes.
New in Tunnelblick 3.2 Beta 14 (May 18, 2011)
- Fixes a crash on startup on OS X 10.4 ("Tiger") and 10.5 ("Leopard").
- Fixes a typo in the help page for the "Appearance" preferences.
New in Tunnelblick 3.1.7 (Apr 4, 2011)
- Fixes problems causing tun/tap kexts to be loaded even though preferences specify that the kext(s) are not to be loaded.
- Fixes a problem with installing some Tunnelblick VPN Configurations (.tblk).
New in Tunnelblick 3.1.3 (Jan 28, 2011)
- A bug causing a security vulnerability exists in Tunnelblick versions 3.1, 3.1.1, and 3.1.2. It allows an unprivileged user to erase the contents of any file, including important system files, on any Mac OS X system with a vulnerable version of Tunnelblick installed. As far as is known as of 2011-01-27, the bug cannot be used to take control of the system or obtain root access. All users of Tunnelblick are advised to update to the latest version. For more information including instructions for updating
New in Tunnelblick 3.1.2 (Dec 27, 2010)
- Removes the 'warns the user when certain unexpected disconnections occur' feature added in version 3.1.1 because it caused Tunnelblick to hang under certain conditions of sleep/wake cycles and/or screensavers. This feature will return in more robust form in a future beta release.
New in Tunnelblick 3.1.1 (Dec 20, 2010)
- Fixes a problem with the left navigation sometimes not being displayed properly when the Details… window does not have left navigation but adding a configuration changes it to have left navigation.
- Fixes a problem installing Tunnelblick VPN Configurations (.tblk packages) that have a CFBundleIdentifier containing upper-case letters.
- Fixes a problem when a .tblk that is being installed has a path which includes a component which includes the string '.tblk'
- Fixes a problem checking permissions on configuration file when user's home folder is not the usual /Users/username folder -- for example, when it is on a network volume ( Issue 163 ).
- Fixes a problem with the Tunnelblick icon not displaying correctly for multiple simultaneous connections. Now the icon is a closed tunnel if all configurations that the user expects to be closed are in fact closed, is an open tunnel if all configurations that the user expects to be open are in fact open; otherwise the icon is an animation -- neither open nor closed.
- Fixes a problem trying to set a configuration that is in a subfolder to connect at system start.
- Fixes openvpnstart crashes when certain errors occurred. (Tunnelblick itself did not crash.)
- Fixes problems when using 'shadow' configuration files.
- Warns the user when certain unexpected disconnections occur.
- Adds a message to the OpenVPN log displayed in the Details… window when Tunnelblick obtains a VPN passphrase or username/password from the Keychain.
- Waits to go to sleep until all OpenVPN processes have terminated, unless the 'doNotPutOffSleepUntilOpenVPNsTerminate' boolean preference is set true.
- Changes Tunnelblick icon animation and open tunnel icon to show yellow beyond the tunnel, brightening the icon subtly. To use the old icon animation, set the 'menuIconSet' preference to the string 'TunnelBlick-black-white.TBMenuIcons'. Many thanks to Wes Plate for this new icon set.
- Fixes the inability to display the build number when the Tunnelblick version number that has a period in the build number (as do these 3.1.1 builds).
- Fixes a typographical error in an error message referring to a known problem in OpenVPN 2.1 -- the error message incorrectly referred to OpenVPN 2.2.
New in Tunnelblick 3.1 (Dec 6, 2010)
- Only the version and build numbers were updated.
New in Tunnelblick 3.1 Beta 24 (Dec 4, 2010)
- Updates to use OpenSSL 1.0.0c, which fixes several security vulnerabilities.
- Searches for the icon set folder in Tunnelblick.app/Contents/Resources/Deploy and then in /Library/Application Support/Tunnelblick/Shared before defaulting to the version in Tunnelblick.app/Contents/Resources.
- Fixes bug that caused an unneeded folder (dmgFiles) to be built into Tunnelblick.app/Contents/Resources.
New in Tunnelblick 3.1 Beta22 (Dec 2, 2010)
- Includes OpenVPN 2.1.4 and OpenSSL 1.0.0b.
- Adds a note to the OpenVPN log (in the Details… window) when the computer goes to sleep or wakes up and a connection is terminated/restarted.
- Fixes a problem modifying 'Set nameserver' on other-than-the-first connection.
- Fixes an OpenVPN problem with special case route targets ('remote_host').
New in Tunnelblick 3.1 Beta 08 (Jul 12, 2010)
- IMPORTANT NOTE FOR THOSE USING "WHEN COMPUTER STARTS" WITH EARLIER BETA VERSIONS: When you update to Tunnelblick 3.1beta08 or above from 3.1beta02 - 3.1beta06, Tunnelblick will not recognize any running "when computer starts" configurations. Five to ten seconds after you start Tunnelblick, they will be identified as unknown OpenVPN processes and you will be given the choice to leave them alone or disconnect them. You should chose to disconnect them in this dialog and then manually connect them in Tunnelblick. (You do not need to do this immediately, but you will not be able to control them with Tunnelblick. The dialog will appear each time you start Tunnelblick if these connections are still active.) This need only be done once, and is not necessary if there are no "when computer starts" configurations that are connected at the time you update.
- Benji Greig has created an updated Tunnelblick icon that looks great in Coverflow. He has also created a distinctive icon for Tunnelblick VPN Configurations, and a new background image for the Disk Image. Thanks, Benji!
- Log processing and display have been rewritten:
- OpenVPN log files are kept in /tmp/tunnelblick/logs using filenames encoded with the configuration file path, the management port number, and the arguments to openvpnstart when the connection was created.
- Script log files are kept in the same directory, using filenames encoded with the configuration file path.
- Log files are created each time a connection is made. 'Pipes' are no longer used for the script files, and the OpenVPN management interface is not used to process log data.
- When displaying the log, the entries are merged such that script log entries follow OpenVPN log entries that have the same date/time.
- The log display now shows the most recent 10000 entries. Earlier entries are not displayed, but they are available in the log files stored in /tmp/tunnelblick/logs.
- Formatting of the log display is improved."
- The DNS cache is flushed after a tunnel is established and after it is torn down. This is enabled by default but may be disabled by the per-connection "-doNotFlushCache" preference.
- Tunnelblick VPN Configurations (.tblk packages) may now be shadow copied
- Configurations (.conf, .ovpn, and .tblk) may be stored in subfolders. Note that .tblk configurations are installed at the top level of the shared or private folder; they must then be moved to a subfolder if that is desired.
- Sets share/private button to 'Share configuration' when it is disabled.
- Fixes bug that caused 'Ignoring change of Network Primary Service' message to be displayed when no change occurred.
- Fixes bug that caused unload of tun/tap kext at exactly the right time while a restart was taking place if the user disconnected a different configuration that used the same tun/tap kext.
- Fixes bug that caused .conf configuration files to be ignored.
- Fixes bug that caused failure to connect if "Monitor connection" was checked and the standard up script was used.
- Fixes bug that caused restarts to fail if a different configuration was disconnected at exactly the right (or wrong!) time.
- Fixes bug that didn't clean up when installation of a .tblk package failed.
- Fixes bug that caused 'Set nameserver' script (i.e., 'leasewatch') to be run when it is not necessary.
- Fixes bug that caused launch of leasewatch script (when 'Set nameserver' is checked) to fail if automatically connecting when computer starts
- Fixes bug which causes format errors in the log display if a script generates log entries which don't have a "*" after the date/time. (Inserts a "*" in such entries in the log display.)
New in Tunnelblick 3.1 Beta 04 (May 28, 2010)
- Creates pipes for script output to OpenVPN log window on demand instead of when Tunnelblick launches
- Deletes logs for 'when computer starts' connections when they are disconnected
- Doesn't un-check 'Connect automatically' if administrator permission to change from 'when Tunnelblick launches' to 'when computer starts' is cancelled, so connect 'when Tunnelblick launches' will remain in effect
- Allows cancel out of dialog asking if 'openvpn-down-root.so' should be used
- Marks start and end of OpenVPN log entries from before Tunnelblick was launched
- Displays a notice if then OpenVPN log entries from before Tunnelblick was launched are more than 10,000,000 bytes long.
- Includes path of openvpnstart to be used in Console log messages that a configuration will 'connect when computer starts'
- Reinforces security of openvpnstart -- it now verifies it is protected before doing any operations
- Reformats dates in OpenVPN log entries from before Tunnelblick was launched to YYYY-MM-DD HH:MM:SS
- A DHCP renew which restores the original DNS and/or WINS information no longer causes the connection to restart. This new behavior can reversed be by setting Tunnelblick the boolean preferences '-doNotRestoreOnDnsReset' and/or '-doNotRestoreOnWinsReset' to TRUE.
- Modified the up, down, and leasewatch scripts:
- client.up.osx.s and client.nomonitor.up.osx.sh are replaced by client.up.tunnelblick.sh
- client.down.osx.s and client.nomonitor.down.osx.sh are replaced by client.down.tunnelblick.sh
- The up and down scripts may be called with optional arguments (before the standard OpenVPN-supplied arguments) that are prefixed by a '-'. The arguments are:
- -m to monitor the network configuration (reflects the 'Monitor connection' checkbox);
- -w to cause restoration of expected WINS configuration if it changes to the pre-VPN configuration (via DHCP renewal, for example); and
- -d to cause restoration of expected DNS configuration if it changes to the pre-VPN configuration (via DHCP renewal, for example).
- The -w and -d options are specified if the boolean Tunnelblick preferences '-doNotRestoreOnDnsReset' and/or '-doNotRestoreOnWinsReset' are TRUE.
- The up script saves, and leasewatch and the down script access, additional parameters (the state of the optional arguments, network primary service ID, and logfile path) in the System Configuration database as /Network/OpenVPN/...
- The up script saves the pre-VPN WINS (SMB) configuration in the System Configuration database as /Network/OpenVPN/OldSMB
- The down script ignores the optional arguments (accessing any it needs via the System Configuration database)
- leasewatch behavior has changed, although a Tunnelblick preference restores the old behavior. It used to restart the connection if the DNS or WINS configuration changed from the post-VPN-creation configuration (which reflects 'pushed' values from the OpenVPN server). This caused a restart of the connection when a DHCP renewal changed the settings to the pre-VPN configuration. This situation is now detected, and the DNS and/or WINS configurations are restored to the post-VPN-creation configuration instead of restarting the connection. This new behavior may be inhibited (forcing the old behavior to restart the connection) by setting the boolean Tunnelblick preferences '-doNotRestoreOnDnsReset' and/or '-doNotRestoreOnWinsReset' to FALSE.
- Tunnelblick itself has been modified to use the new scripts, but only if the old scripts are not present. That means that an automated build process, for example, which replaces client.up.osx.sh with a customized version, will continue to work, because Tunnelblick will see the old script, and use that instead of using the new script (even if the new script is present).
- The openvpnstart 'bitMask' argument has additional bits that specify options to send to the scripts (as described above)
- openvpnstart puts a warning in the OpenVPN log (in the Details… window) if the path to the up or down script is very long, which could result in OpenVPN sending incomplete arguments to the scripts. (OpenVPN truncates the command line it uses to start the scripts to 255 characters.)"
- Warnings from the openvpnstart program are now included in the OpenVPN log displayed in the 'Details…' window
- Fixes bug that caused load of tap devices to fail when connecting
- Fixes bug that sometimes caused log file contents not to display
- Fixes bug that caused output from leasewatch ('Monitor connection' checkbox checked) to be stored in a /tmp file instead of displayed in the OpenVPN Log on the Details... window for Tunnelblick VPN Configurations (.tblk packages)
- Fixes bug with 'connect on computer start' causing Tunnelblick to ask, in error, to flip the value of the checkbox
- Fixes bug with 'when Tunnelblick launched' and 'when computer starts' radio buttons
New in Tunnelblick 3.0 (Mar 3, 2010)
- Fixes incorrect display of 'Automatically Check for Updates' preference on first run after some updates.
- Out of beta!
New in Tunnelblick 3.0 Beta 28 (Feb 24, 2010)
- Wildcards for forced preferences (see the Deploying Tunnelblick wiki).
- Displays configuration name in title of OpenVPN Log window.
- Inserts full command line used for starting OpenVPN into the OpenVPN Log window.
- Full German localization. Many thanks to Markus Markus Schneider.
New in Tunnelblick 3.0 Beta 26 (Feb 10, 2010)
- Now uses OpenVPN version 2.1.1.
- Adds Chinese localization (both simplified and traditional). Many thanks to Aming Lau.
- Installation has been simplified: The Tunnelblick disk image gives instructions to "Double-click to begin" in several languages. Double-clicking starts a small installer. The installer detects installs/reinstalls/upgrades/downgrades and puts the current copy of Tunnelblick.app in the Trash before replacing it, then offers to launch the new version. Warns about other copies of Tunnelblick running during an install and offers to stop them. (Simply copying Tunnelblick.app to /Applications or elsewhere on the hard drive still works, too.)
- The "Welcome to Tunnelblick" window now gives the user much more information, and offers the options of creating and editing a sample configuration file or opening the Configurations folder in Finder.
- Uses Sparkle Updater version 1.5b6 for better security. Updates must be signed with 2048-bit DSA signatures. Updating behavior is now controlled by Tunnelblick preferences, which may be forced. Deployers note: many of these preferences should be forced for security reasons in a deployed environment.
- Tunnelblick now explains why it is asking for an administrator username/password in authentication dialogs.
- Tunnelblick's OpenVPN Log window now includes detailed information about why a connection was restarted by leasewatch (when the 'Monitor connection' checkbox is checked).
- The program's menu has been streamlined.
- Connection timers are now displayed by default (unless the 'showConnectedDurations' preference is FALSE).
- Fixes problem editing configuration files on Tiger and Leopard by allowing non-admin users (without an administrator username/password) to unprotect the configuration file before invoking TextEdit. This ability can be disabled with the 'onlyAdminsCanUnprotectConfigurationFiles' preference. On Snow Leopard (which automatically unprotects files when they are modified), warns user that an administrator username/password will be required to connect if the configuration file is modified. Note: The 'Edit Configuration' button may be still disabled with a per-configuration preference.
- Enhancements: Displays command line used to launch 'openvpnstart' in the OpenVPN Log window. Detects and gives a detailed error message if a configuration file is identical to the sample provided by Tunnelblick. Creates a "Launch Tunnelblick" link in the Configurations folder. Localizes paths that are displayed to the user -- for example, in French (FR), 'Library' becomes 'Bibliothèque'. Detects, complains, and quits if not running on OS X 10.4 ("Tiger") or above. Added Quick Start Guide to disk image.
- Bug fixes: Fixes bug that caused crashes when started automatically on login on some versions of Leopard and Snow Leopard. Fixes bug that didn't localize the title for the OpenVPN Log window. Fixes bug that displayed 'monitoring connection' when 'Set nameserver' is not checked. Fixes bug opening wrong copy of sample configuration file in TextEdit. Fixes bug that tries to to create Configurations folder when not necessary. Fixes bug that tried to create configuration file in Deploy. Fixes typo in dialog for remote home folders. Fixes sporadic failure to detect multiple simultaneous connections.
- Known Issues: See the Known Issues wiki.
New in Tunnelblick 3.0 Beta 24 (Dec 13, 2009)
- New 'Monitor connection' checkbox in the OpenVPN Log window (defaults to checked). When checked, Tunnelblick monitors connection interfaces as it has since 3.0b18. When unchecked, Tunnelblick ignores connection interface changes, as version 3.0b10 did. This allows more users to use the latest version (some users couldn't because of repeated restarts caused by Tunnelblick detecting connection interface changes). Please note that OpenVPN itself restarts connections under certain circumstances. New scripts are used when 'Monitor connection' is not checked and 'Set DNS' is checked: client.nomonitor.up.osx.sh and client.nomonitor.down.osx.sh.
- New 'Options' submenu has entries to change commonly used preferences, check for updates, and view the 'About…' window.
- Tun/tap kernel extensions are loaded when Tunnelblick launches and unloaded when Tunnelblick quits.
- Configuration and other files are now located in ~/Library/Application Support/Tunnelblick/Configurations to conform to OS X standards. The ~/Library/openvpn folder is moved to this new location automatically during the first launch of Tunnelblick after updating to 3.0b24, and is replaced by a symbolic link to the new location. For details see http://groups.google.com/group/tunnelblick-discuss/t/d8f000d1e854b39d.
- Adds Català (Catalan) localization, thanks to Aleix Dorca.
- Additional Español (Spanish) and Deutsch (German) localization, thanks to Diego Rivera and Markus Schneider, respectively.
- Adds OS X version information to the start of the OpenVPN Log.
- Adds configuration, 'Set nameserver', and 'Monitor connection' status to the OpenVPN Log before attempting to make a connection.
- Adds new Deployment features:
- Always restores the Resources/Deploy folder from a backup if it does not exist and a backup does. An entry is put in the Console Log, but no other user notification is made. (This happens after an auto-update without the Deploy folder.)
- Monitors Resources/Deploy (if it exists) for changes to configuration files.
- If Deploy contains only *.conf, *.oven, *.up.sh, *.down.sh, and forced-preferences.plist files, then the ~/Library/openvpn folder will be used for all other files (including other scripts).
- If 'Set nameserver' is checked and 'Monitor connection' is checked, then if Deploy/CONFIGNAME.up.sh exists, it will be used instead of Resources/client.up.osx.sh, and if Deploy/CONFIGNAME.down.sh exists, it will be used instead of Resources/client.down.osx.sh.
- If 'Set nameserver' is checked and 'Monitor connection' is not checked, then if Deploy/CONFIGNAME.nomonitor.up.sh exists, it will be used instead of Resources/client.nomonitor.up.osx.sh, and if Deploy/CONFIGNAME.nomonitor.down.sh exists, it will be used instead of Resources/client.nomonitor.down.osx.sh.
- If 'Set nameserver' is checked, then if the 'CONFIGNAME-useDownRootPlugin' preference is true, then Resources/openvpn-down-root.so will be used as a plugin for OpenVPN.
- Sets owner to root:wheel and permissions to 600 for .cer, .crt, .der, .key, .p12, .p7b, .p7c, .pem, and .pfx files in the Deploy folder.
- Adds new per-configuration preferences:
- 'CONFIGNAMEdisableEditConfiguration' is a boolean. If set, disables the 'Edit configuration' button. If cleared (the default), enables the button.
- 'CONFIGNAME-notMonitoringConnection' is a boolean. If present, its value reflects/is used for the 'Monitor connection' checkbox. Default is set.
- 'CONFIGNAME-useDownRootPlugin' is a boolean. If set, causes the 'openvpn-down-root.so' plugin to be loaded. If cleared (the default), the plugin is not loaded.
- Closing a connection, putting the computer to sleep, or quitting Tunnelblick may be delayed a few seconds while Tunnelblick waits for OpenVPN processes to terminate.
- Bug fixes: Fixes bug that sometimes caused authentication failures with usernames or passwords longer than 12 characters. Fixes bug that sometimes caused the 'Retry' button to be interpreted as 'Cancel' in the Authentication Failed dialog. Fixes bug that caused a connection attempt to fail with a 'script failed: could not execute external program' error if 'Set nameserver' is checked and there is a space character in the name of Tunnelblick.app or in the path to it. Fixes bug that caused 'Get Info' of Tunnelblick.app to show incorrect copyright information. Fixes bug that often caused loss of last few lines of OpenVPN Log before disconnecting. Fixes bug that sometimes caused problems restoring connections when awakening from sleep. Fixes bug that sometimes caused the Sparkle updater window to not appear on Snow Leopard. Fixes inconsistent logging of ownership/permissions repairs. Fixes bug that caused Tunnelblick to check for updates at launch even though preference to do so was cleared, not set. Fixes bug that ignored forced-preferences.plist when there was no configuration files in Deploy. Fixes bug with configuration files that are actually symbolic links. Fixes bug that didn't verify that ownership/permissions on Deploy contents copied correctly to backup. Complains with specific message in Console log if a configuration file needs repair but is locked. Fixes problems when a configuration file is a link.
New in Tunnelblick 3.0 Beta 22 (Nov 2, 2009)
- Includes OpenVPN version 2.1_rc20, which fixes problems with the "redirect-gateway" option.
- Includes the 32/64-bit version of tuntap, which fixes problems running Tunnelblick on Snow Leopard under the 64-bit kernel. Thanks to the tuntap project, to Mohammad A. Haque for Xcode help, and to Jean-Philippe Jung for testing.
- Stores username in Keychain instead of preferences.
- Stores shadow copies of configuration files in /Library/Application Support/Tunnelblick/Users/username instead of /Library/Tunnelblick/username.
- Bug fixes: Fixes bugs that interfere with storage or retrieval of usernames and passwords. Adds new configs to OpenVPN Log window when it has been opened but is currently closed. Clears "Automatically launch Tunnelblick upon login" for error exits. Clean exit if 'running from .dmg' error. Fixes several memory and CF leaks. Fixes bug that caused attempt to kill openvpn process that had already been killed. Fixes potential problem detecting locked configuration files during shadow copying. Installer detects and reports errors making ownership and permission modifications.
- Enhancement: Creates openvpn-down-root.so and puts a copy of it in Tunnelblick.app/Contents/Resources, allowing use of OpenVPN 'user' and 'group' options by adding a line to the configuration file. See the Using Tunnelblick wiki for details.
- Deployment enhancements: Several changes have been made which make it easy to create a customized version of Tunnelblick that can easily be deployed to multiple clients or installed once for all users of a computer. Configuration, key, and certificate files and up/down scripts can be put into a Deploy folder within Tunnelblick.app, and Tunnelblick will use them instead of using files in ~/Library/openvpn. These files are read-only, and, combined with read-only preference overrides, can create a tamper-proof application. Such deployed applications may be updated via the automatic update mechanism without losing the configuration information. Detailed information is available in the Deploying Tunnelblick wiki.
- Other enhancements: Clarifies language in a few places. Adds a specific error message if unrecoverable error. Warns if all config files removed and gives a choice of quitting or installing and editing a sample config file. Warns if zero-length passphrase, username, or password. Adds Tunnelblick icon and the configuration name to all applicable dialog windows. Puts dialogs on top of other windows.
New in Tunnelblick 3.0 Beta 20 (Oct 10, 2009)
- Fixes issues with "Set nameserver" on Snow Leopard.
- Inhibits console message that tun and tap are already loaded.
- Sends details of some error messages to the OpenVPN log window instead of the Console log.
- Prefixes all non-OpenVPN messages in the log window with "*Tunnelblick:".
New in Tunnelblick 3.0 Beta 18 (Sep 23, 2009)
- Implements different behavior when configuration files change: when a configuration file is added, all connections are maintained. When a configuration file is deleted, only the corresponding connection is disconnected (and an alert window is displayed). In either case, the menu and Log window reflect the change immediately without restarting Tunnelblick. Changes to a configuration file's contents or metadata are ignored (but will be used the next time a connection is attempted).
- Works with home folders on network volumes and/or when the home folder is not permitted to have files owned by root. This is implemented transparently with "shadow" copies of configuration files. It is automatic if the config file is on a network volume or if Tunnelblick's "useShadowConfigurationFiles" preference is set.
- Moves "Set nameserver" checkbox to avoid inadvertent changes.
- Fixes issues when DNS is set manually, when 'dhcp-option DOMAIN ...' is pushed to the client, and when --remote-random is used under certain circumstances.
- Fixes misleading language in window that requests a username/password for the VPN.
- Fixes a bug which caused OpenVPN Log window to stay on top of all other windows if it was opened within 3 seconds of starting Tunnelblick.
- Fixes a bug which caused config file changes to be ignored under certain circumstances.
- Fixes a bug which interferes with saving a username/password combination or a passphrase to the Keychain when there is more than one simultaneous connection.
- Fixes a bug which causes a (quitable) infinite loop if an error occurred while changing ownerships and/or permissions.
- Fixes a bug which sometimes causes non-English text of buttons or checkboxes to be truncated or clipped.
- Makes changes to ownership and permissions of parts of Tunnelblick.app for better security.
- Adds support for WINS configurations from the server when using the standard up/down scripts (i.e., when the "Set nameserver" checkbox is checked).
- Warns about multiple simultaneous connections, with a checkbox to suppress such warnings.
- Displays duration times only for connected tunnels.
- Updated to UKKQueue 0.5 and LZO 2.03
- Adds Spanish localization (thanks to Diego Rivera).
New in Tunnelblick 3.0 Beta 16 (Aug 24, 2009)
- Upgraded to OpenVPN version 2.1_rc19
- Additional French translations (contributed by Oliver Hill)
- An entry is appended to the OpenVPN Log window if OpenVPN returns with an error code. (This typically happens when there is an error in the configuration file.)
New in Tunnelblick 3.0 Beta 14 (Aug 11, 2009)
- Fixed issues where DNS settings were not saved properly, and when DHCP is renewed.
- Added support for PKCS#11 and Security Tokens, e.g. Aladdin eToken.
- Additional Korean and German translations.
- Animation improvements, including the ability to have "icon sets". Note: the user interface for this feature is not included yet.
- Fixed issue with "Set nameserver" and "Auto connect on launch" checkboxes being cleared on quit if the "OpenVPN Log" window was never displayed.
- Fixed issue which caused disconnects when any file in ~/Library/openvpn was accessed (for example, by backup software). (Note that changing, adding, or deleting any configuration files will close all open connections).
- Fixed issue with failed authentication: now handled gracefully: allows cancel or retry. If credentials are stored in the KeyChain, also allows retry with new credentials (by deleting the old credentials before the retry).
- Fixed issue with multiple connections with same username; separate passwords are now kept for each username.
- Fixed issue in dialog about configuration files - the correct path is now shown: "~/Library" instead of "/Library".
- Command-C, Command-X, Command-V (copy, cut, paste) and Command-A, Command-M, Command-W, and Command-Q (select all, minimize to the Dock, close window, and quit Tunnelblick) now work properly from the "OpenVPN Log" window.
- Fixed issue which caused invalid dates/times to appear in the OpenVPN Log.
- Shows connection duration in "OpenVPN Log" window's tabs.
- Fixed issue which caused the "OpenVPN Log" window to remain underneath other windows when the "Details..." menu item is clicked.
- Added date/time and Tunnelblick and OpenVPN version info at the beginning of the OpenVPN Log and whenever it is cleared.
- Saves and restores "OpenVPN Log" window size and position.
- Internationalized date/time displayed in the OpenVPN Log, including seconds.
- Fixed bug which caused Japanese localization to fail.
- Displays tab for the left-most established connection when the "OpenVPN Log" window is first displayed. If no established connection exists, displays the left-most tab.
- Added the "Using Tunnelblick.html" document to the installation disk image.
- Added preference, "doNotMonitorConfigurationFolder" (default = False) to disable monitoring of the configuration folder for changes to the configuration files.
- Added preference, "placeIconInStandardPositionInStatusBar" (default = False) to have the Tunnelblick icon placed normally in the Status Bar -- to the left of other items (contributed by Raal Goff and Michael Schloh von Bennewitz).
- Added an "About" window that displays a link to the website, Tunnelblick version and build numbers, and the OpenVPN version number, which is dynamically extracted from the openvpn program (and thus always reports the version of OpenVPN which is actually being used).
- Fixed issue which caused Tunnelblick to pass the "script-security 2" arguments to OpenVPN even if a version of OpenVPN which doesn't support that argument is being used.
- openvpnstart enhancements:
- The "Set nameserver" argument is now optional and defaults to 0 (NO).
- Optional argument skips passing the "script-security 2" arguments to OpenVPN.
- Improved error checking and reporting.
- Displays usage instructions if invoked with no arguments.
- Fixed program crashes caused by improper syntax.
- "killall" command shows # of openvpn processes killed if non-zero.
New in Tunnelblick 3.0 Beta 12 (Aug 5, 2009)
- Fixed issues where DNS settings were not saved properly, and when DHCP is renewed (contributed by Diego Rivera)
- Added support for PKCS#11 and Security Tokens, e.g. Aladdin eToken (contributed by Xaver Loppenstedt)
- Additional Korean and German translations (contributed by Markus Schneider and Kyoungmin Kim)
- Animation improvements, including the ability to have "icon sets" (contributed by Raal Goff). Note: the user interface for this feature is not included yet
- Fixed issue with "Set nameserver" and "Auto connect on launch" checkboxes being cleared on quit if the "OpenVPN Log" window was never displayed
- Fixed issue which caused disconnects when any file in ~/Library/openvpn was accessed (for example, by backup software). (Note that changing, adding, or deleting any configuration files will close all open connections)
- Fixed issue which didn't allow configuration files with owners other than root and/or permissions other than 0744 if the user gives permission. This makes possible home folders on NTFS or FAT volumes.
- Fixed issue with failed authentication: now handled gracefully: allows cancel or retry. If credentials are stored in the KeyChain, also allows retry with new credentials (by deleting the old credentials before the retry)
- Fixed issue with multiple connections with same username; separate passwords are now kept for each username
- Fixed issue in dialog about configuration files - the correct path is now shown: "~/Library" instead of "/Library"
- Command-C, Command-X, Command-V (copy, cut, paste) and Command-A, Command-M, Command-W, and Command-Q (select all, minimize to the Dock, close window, and quit Tunnelblick) now work properly from the "OpenVPN Log" window
- Fixed issue which caused invalid dates/times to appear in the OpenVPN Log
- Shows connection duration in "OpenVPN Log" window's tabs
- Fixed issue which caused the "OpenVPN Log" window to remain underneath other windows when the "Details..." menu item is clicked
- Added date/time and Tunnelblick and OpenVPN version info at the beginning of the OpenVPN Log and whenever it is cleared
- Saves and restores "OpenVPN Log" window size and position
- Internationalized date/time displayed in the OpenVPN Log, including seconds
- Fixed bug which caused Japanese localization to fail
- Displays tab for the left-most established connection when the "OpenVPN Log" window is first displayed. If no established connection exists, displays the left-most tab
- Added the "Using Tunnelblick.html" document to the installation disk image
- Added preference, "doNotMonitorConfigurationFolder" (default = False) to disable monitoring of the configuration folder for changes to the configuration files
- Added preference, "placeIconInStandardPositionInStatusBar" (default = False) to have the Tunnelblick icon placed normally in the Status Bar -- to the left of other items (contributed by Raal Goff and Michael Schloh von Bennewitz)
- Added an "About" window that displays a link to the website, Tunnelblick version and build numbers, and the OpenVPN version number, which is dynamically extracted from the openvpn program (and thus always reports the version of OpenVPN which is actually being used).
- Fixed issue which caused Tunnelblick to pass the "script-security 2" arguments to OpenVPN even if a version of OpenVPN which doesn't support that argument is being used
- openvpnstart enhancements:
- The "Set nameserver" argument is now optional and defaults to 0 (NO)
- Optional argument skips test of the security of the configuration file. It defaults to 0 (NO), so the test IS performed
- Optional argument skips passing the "script-security 2" arguments to OpenVPN.
- Improved error checking and reporting
- Displays usage instructions if invoked with no arguments
- Fixed program crashes caused by improper syntax
- "killall" command shows # of openvpn processes killed if non-zero
New in Tunnelblick 3.0 Beta 10 (Nov 21, 2008)
- Fix linking problem that resulted in lzo compression not working on PowerPC.
- Prevent user from launching tunnelblick directly from the dmg.
- Remove experimental status from 'Set Nameserver' and make it the default.
- Upgrade to OpenVPN 2.1_rc15.
- Let buffered openvpn log messages appear in the GUI log.
- Possible fix for the crash if password is mistyped when using username/password authentication.
- Add version number to plist file.
- Don't restart connections on NetworkDidChange notification. fixes issue where existing connections would be reset when starting multiple simultaneous vpn connections.
- Always use --script-security 2 so users are allowed to supply custom up/down scripts. needed for OpenVPN 2.1.
- Add missing example config file.
- Properly escape special chars in username or password/passphrase before passing them over to the management interface. fixes issue where the password/passphrase was not accepted when it contained backslashes or " chars.
- Use NSStatusWindowLevel for notification windows. fixes issue that Tunnelblick icon remained visible in spaces or fullscreen mode of some apps.
- Increase robustness when killing openvpn children by explicitly sending the SIGTERM to the process id instead of just sending "signal SIGTERM" over the management socket.
- Kill all openvpn processes on quit. fixes a rare condition where openvpn processes would be left over on Tunnelblick quit.
- Add German, French, Japanese, Korean and Norwegian translations.
New in Tunnelblick 3.0 Beta 9 (Jul 25, 2008)
- Fixed the crash on Leopard
- Fixes the slow shutdown issue
- Updated to the new tun/tap drivers
- Auto-Update Capability using Sparkle
New in Tunnelblick 3.0 Beta 6 (May 5, 2008)
- fixes hanging on Quit in Leopard
- updated to new tun/tap driver that will build correctly on leopard (the old one worked fine when built under tiger)
- fixes lzo problem for powerpc users
- updated third_party build system to correctly build universal binaries and to use 10.4u SDK when run under Leopard
New in Tunnelblick 3.0b5 (Oct 27, 2007)
- fix for auto-connect amnesia issue
- fixed crash when user clicks on cancel in authorization window
- added feature: menu updates in realtime when new configs appear in Library/openvpn
- fixed bug in new animation code where the menu icon would not correctly represent the actual connection state when the animation was interrupted
- fix for spaces in passphrases
- single command build process using a Makefile that will build the Tunnelblick Xcode project as well as all dependencies like lzo, openpvn and tuntap.