Tunnelblick free software for OpenVPN on OS X and macOS We need translators for several languages…
Home Downloads Support Documents Issues Source Contribute Contact

On This Page
    Release Downloads
    Verifying Downloads
    User Contributions
    Download Integrity

Release Downloads

To be notified of new releases, use Tunnelblick's built-in update mechanism or subscribe to the Tunnelblick Announce Mailing List.

Beta versions are suitable for most users. See Stable vs. Beta for details.

Beta Tunnelblick 3.7.2beta03 (build 4840, OS X 10.7.5+, Intel-64 only) released 2017-06-21 Release Notes
SHA1: bbf0c18db89761e36bafc9ec339953824d3c0e2a MD5: 18b2273d8024cac1d7668bb891585df0
SHA256: b489b3c94e5d3c689cac6d4e52e829efb18e19f0e5c0d6271b76a2e68f333064
 
Stable Tunnelblick 3.7.1b (build 4813, OS X 10.7.5+, Intel-64 only) released 2017-06-21 Release Notes
SHA1: d8355dd8a167369beb192d7ee3a87e008eafb9b0 MD5: 6db7e74b81d8daef84f9a4011a1afe00
SHA256: 60419937cb72ebe59d40e13a80c4e5c31231a7c5fb8f3affbcbc95b9b41295b1
 
Uninstaller Please read Uninstalling Tunnelblick before using Tunnelblick Uninstaller
  Tunnelblick Uninstaller 1.8 (build 4405, OS X 10.4+) released 2015-09-30 Release Notes
  SHA1: c9d094ae2be444d4f63e5d00a45f829ea887a829 MD5: 7b35e3ffd1361a96692c82f37c372d81
  SHA256: 464ac00596509e0d1c9acfeba902f19a4f8b17bbe2574ebb7edefb6a46ed4f2a
 
Older See the Deprecated Downloads page. Includes versions for OS X 10.4 - 10.7.4.

Verifying Downloads

You should verify all downloads. Even though https:, the .dmg format, and the application's OS X digital signature provide some protection, they can be circumvented. Comparing the SHA256, SHA1, and MD5 hashes of your downloaded file with the official published ones will provide additional assurance that the download is legitimate and has not been modified.

To compute the hashes of a file you've downloaded, type the following into /Applications/Utilities/Terminal:

          shasum -a 256 path-to-the-file
          openssl sha1 path-to-the-file
          openssl md5 path-to-the-file

Then compare the computed hashes with the values shown near the link for the downloaded file.

For additional assurance that the hashes on this site have not been compromised, the hashes are also available in the description of each "Release" on Tunnelblick's GitHub site, which is hosted and administered separately from this site.


User Contributions

These downloads have been contributed by users and usually help deal with special circumstances. They are not endorsed or checked by the Tunnelblick project, and you use them at your own risk. To contribute a download, send it to the developers or post it on the Tunnelblick Discussion Group.

Before using these scripts, please read Tunnelblick and VPNs: Privacy and Security. (Actually, *everyone* using a VPN should read that!)

Note: these scripts are executed as root. Instructions for using scripts.

  Scripts to Unload Cisco Tun Kext: user-contributed-001-pre-post.zip
  SHA1: d3b09a2284de2862be7d55059581a85698930b28 MD5: f6f484864697607ee5c7206a5b056b12
  Contributed by "petiepooo".
These scripts unload the Cisco AnyConnect tun kext before a Tunnelblick connection is started, and reload the Cisco tun kext after a Tunnelblick connection is stopped. (The Cisco kext interferes with Tunnelblick's operation of tun connections.)
 
  Scripts to Mount/Unmount a Volume: user-contributed-002-mount-unmount-volume.zip
  SHA1: eb69727620fa8c46633d9ccf9f86c4b258fea7e6 MD5: 5b3b04bea43403b2a709aaa4c92d7473
  Contributed by John Griffis.
These scripts mount a volume after a configuration is connected and unmount it when the configuration is disconnected. Scripts must be edited before use (in any plain-text editor) to specify details of the volume to be connected. For a note about connecting to a CIFS account, see this discussion.
 
  Scripts to Monitor Connection Time and Bandwidth Use: user-contributed-003-monitor-uptime-and-bandwidth.zip
  SHA1: 384b370967e722eacb2f3a782e8c326d87174003 MD5: 2c23ed5c31a1238843fb5ea36fd5dd74
  Contributed by "vkapovit".
  These scripts provide a mechanism for the user to be alerted when the VPN has been up for more than 20 minutes or when bandwidth has exceeded 100MB. See this discussion for details. Requires Growl.
Includes compiled binaries; use at your own risk.
 
  Scripts to Launch and Kill a Program: user-contributed-004-launch-kill-program.zip
  SHA1: 977aa7cc55f3e191b50057fe766c426af01808eb MD5: beccc55286b398fe0a8bcb798e25a883
  Contributed by "anonymous".
  These scripts cause a program to be launched when a VPN is connected and then killed when the VPN is disconnected. It can be used with a torrent program, for example, so that the program is only active when the VPN is connected.
Note that there may be a short time after the VPN has been disconnected before the program is killed.
 

Download Integrity

In June 2015 there was much discussion (and outrage) about SourceForge providing downloads that contain unwanted or malicious software; SourceForge has changed their policies to help avoid this. Tunnelblick binaries were hosted on SourceForge from the fall of 2013, when Google Code stopped hosting new binaries, until 2015-07-17, when they were moved from SourceForge to GitHub.

Tunnelblick protects against unwanted software insertions by publishing the SHA1 and MD5 hashes for each of our downloads. You should verify the hashes of all Tunnelblick downloads by following the instructions above.

Additional safeguards automatically protect updates performed by Tunnelblick's built-in update mechanism:

  • Updates are controlled by tunnelblick.net and all update data is transported via https:
  • Update downloads contain digital signatures to verify they have not been modified. (This is in addition to the OS X digital signature of the Tunnelblick application itself.) See Digital Signatures.
  Deutsch     Français     中文(简体)     Русский     Español     日本語     …