tunnelblick icon Tunnelblick free software for OpenVPN on macOS We need translators for several languages…

Highlighted Articles
  News
  Installing Tunnelblick
  Uninstalling Tunnelblick
  Setting up Configurations
  Using Tunnelblick
  Getting VPN Service
  Common Problems
  Configuring OpenVPN
  Release Notes
  Thanks
  FAQ

Discussion Group
  Read Before You Post

Tunnelblick on macOS Big Sur


Important: See The Future of Tun and Tap VPNs on macOS for information about changes to future versions of macOS.


If you are using macOS Big Sur, you should use the latest version of Tunnelblick. You should allow Tunnelblick to automatically check for updates on the "Preferences" panel of Tunnelblick's "VPN Details" window.


The following is the current status of issues that have been seen using Tunnelblick on macOS Big Sur.

To report an issue, please follow the instructions at Tunnelblick Issues.


If your VPN requires a Tun or Tap system extension, you must install Tunnelblick's Tun and Tap system extensions before connecting.

If your VPN requires the Tun system extension, you can – and should – modify your OpenVPN configuration file so the system extension will not be required.


WON'T FIX: Sidecar does not work when a VPN is connected using Tunnelblick's default for a configuration.

(This issue is not specific to Big Sur. It is present in all versions of Sidecar.)

Sidecar does not work if IPv6 is disabled. By default, Tunnelblick disables IPv6 while a VPN is connected. This is done to prevent information leaks in common VPN setups (see A Glance through the VPN Looking Glass: IPv6 Leakage and DNS Hijacking in Commercial VPN clients).

To fix this problem:

  1. Verify with your VPN service provider that no information is leaked if IPv6 traffic is allowed. If you cannot confirm that, you should not proceed and you will not be able to use Sidecar when your VPN is connected.
  2. Launch Tunnelblick.
  3. Click the Tunnelblick icon in the menu bar and then click "VPN Details".
  4. Click on the large "Configurations" button at the top of the window.
  5. Select the configuration(s) you wish to modify.
  6. Remove the check from "Disable IPv6 unless the server is accessed via IPv6".