tunnelblick icon Tunnelblick free software for OpenVPN on macOS We need translators for several languages…

Highlighted Articles
  News
  Installing Tunnelblick
  Uninstalling Tunnelblick
  Setting up Configurations
  Using Tunnelblick
  Getting VPN Service
  Common Problems
  Configuring OpenVPN
  Release Notes
  Thanks
  FAQ

Discussion Group
  Read Before You Post

Using Custom OpenVPN Binaries

Although the Tunnelblick application includes several OpenVPN binaries, Tunnelblick also has the ability to use OpenVPN binaries that are not included in Tunnelblick.

How To Use Your Own OpenVPN Binary in Tunnelblick

1) You need an OpenVPN binary. If your configurations use the "down-root" plugin, you need a binary of that, too.

The files must have exactly the following names: "openvpn" and "openvpn-down-root.so".

2) Create a folder named "Openvpn" on your Desktop or some other convenient place.

3) In that folder, create a subfolder named "openvpn-VVV-NNN-SSS", where

  • VVV is the version of OpenVPN (such as "2.4.8", or "2.5_git_57623b4")
  • NNN is the name of the SSL library built into OpenVPN ("openssl", "libressl", "mbedtls", or "boringssl")
  • SSS is the version of the SSL library (such as "1.0.2u" or "1.1.1d")

Note that:

  • The subfolder name should not contain hyphen characters ("-") other than the three hyphens separating the versions and names.
  • The subfolder name should not contain spaces, but underscore characters ("_") will be shown as spaces when Tunnelblick displays the OpenVPN version.
  • SSL library names will be shown "nicely" when Tunnelblick displays them.
  • Additional text may be added at the end of the subfolder name to describe it more fully.

So "openvpn-2.5_git_57623b4-openssl-1.0.2u_Without_scramble_patch" will be displayed as "OpenVPN 2.5 git 57623b4 OpenSSL 1.0.2u Without scramble patch"

4) Move or copy your "openvpn" binary into the subfolder (and the "openvpn-down-root.so" binary, if needed).

5) Create similarly-named subfolders for each OpenVPN binary you wish to use and copy the binaries into them.

6) Optional:

  • Set ownership of the "Openvpn" folder and all of its contents to root:wheel.
  • Set permissions of the "Openvpn" folder and its subfolders to 0755.
  • Set permissions on each "openvpn" binary to 0755.
  • Set permissions on each "openvpn-down-root.so" binary to 0744.

7) Move or copy the "Openvpn" folder to /Library/Application Support/Tunnelblick. (You will be asked by Finder for a computer administrator's authorization.)

8) Quit Tunnelblick (if it is running) and launch it. If you did not set the ownership and permissions in step 6 above (or you set them incorrectly), Tunnelblick will ask for administrator authorization to secure Tunnelblick and will then set the ownership and permissions for you.

You're done! You can specify which OpenVPN/SSL combination to use for each configuration in the "Settings" tab of Tunnelblick's "VPN Details" window. Note that changes made there are applied to all of the configurations selected on the left side of the window.