Licence: BSD License
Version 3.1 | Release Date: 2010-12-05 | Download
No changes specified
Version 3.0b24 | Release Date: 2009-12-12 | Download

* New 'Monitor connection' checkbox in the OpenVPN Log window (defaults to checked). When checked, Tunnelblick monitors connection interfaces as it has since 3.0b18. When unchecked, Tunnelblick ignores connection interface changes, as version 3.0b10 did. This allows more users to use the latest version (some users couldn't because of repeated restarts caused by Tunnelblick detecting connection interface changes). Please note that OpenVPN itself restarts connections under certain circumstances. New scripts are used when 'Monitor connection' is not checked and 'Set DNS' is checked: client.nomonitor.up.osx.sh and client.nomonitor.down.osx.sh.
* New 'Options' submenu has entries to change commonly used preferences, check for updates, and view the 'About…' window.
* Tun/tap kernel extensions are loaded when Tunnelblick launches and unloaded when Tunnelblick quits.
* Configuration and other files are now located in ~/Library/Application Support/Tunnelblick/Configurations to conform to OS X standards. The ~/Library/openvpn folder is moved to this new location automatically during the first launch of Tunnelblick after updating to 3.0b24, and is replaced by a symbolic link to the new location. For details see http://groups.google.com/group/tunnelblick-discuss/t/d8f000d1e854b39d.
* Adds Català (Catalan) localization, thanks to Aleix Dorca.
* Additional Español (Spanish) and Deutsch (German) localization, thanks to Diego Rivera and Markus Schneider, respectively.
* Adds OS X version information to the start of the OpenVPN Log.
* Adds configuration, 'Set nameserver', and 'Monitor connection' status to the OpenVPN Log before attempting to make a connection.
* Adds new Deployment features:
o Always restores the Resources/Deploy folder from a backup if it does not exist and a backup does. An entry is put in the Console Log, but no other user notification is made. (This happens after an auto-update without the Deploy folder.)
o Monitors Resources/Deploy (if it exists) for changes to configuration files.
o If Deploy contains only *.conf, *.oven, *.up.sh, *.down.sh, and forced-preferences.plist files, then the ~/Library/openvpn folder will be used for all other files (including other scripts).
o If 'Set nameserver' is checked and 'Monitor connection' is checked, then if Deploy/CONFIGNAME.up.sh exists, it will be used instead of Resources/client.up.osx.sh, and if Deploy/CONFIGNAME.down.sh exists, it will be used instead of Resources/client.down.osx.sh.
o If 'Set nameserver' is checked and 'Monitor connection' is not checked, then if Deploy/CONFIGNAME.nomonitor.up.sh exists, it will be used instead of Resources/client.nomonitor.up.osx.sh, and if Deploy/CONFIGNAME.nomonitor.down.sh exists, it will be used instead of Resources/client.nomonitor.down.osx.sh.
o If 'Set nameserver' is checked, then if the 'CONFIGNAME-useDownRootPlugin' preference is true, then Resources/openvpn-down-root.so will be used as a plugin for OpenVPN.
o Sets owner to root:wheel and permissions to 600 for .cer, .crt, .der, .key, .p12, .p7b, .p7c, .pem, and .pfx files in the Deploy folder.
* Adds new per-configuration preferences:
o 'CONFIGNAMEdisableEditConfiguration' is a boolean. If set, disables the 'Edit configuration' button. If cleared (the default), enables the button.
o 'CONFIGNAME-notMonitoringConnection' is a boolean. If present, its value reflects/is used for the 'Monitor connection' checkbox. Default is set.
o 'CONFIGNAME-useDownRootPlugin' is a boolean. If set, causes the 'openvpn-down-root.so' plugin to be loaded. If cleared (the default), the plugin is not loaded.
* Closing a connection, putting the computer to sleep, or quitting Tunnelblick may be delayed a few seconds while Tunnelblick waits for OpenVPN processes to terminate.
* Bug fixes: Fixes bug that sometimes caused authentication failures with usernames or passwords longer than 12 characters. Fixes bug that sometimes caused the 'Retry' button to be interpreted as 'Cancel' in the Authentication Failed dialog. Fixes bug that caused a connection attempt to fail with a 'script failed: could not execute external program' error if 'Set nameserver' is checked and there is a space character in the name of Tunnelblick.app or in the path to it. Fixes bug that caused 'Get Info' of Tunnelblick.app to show incorrect copyright information. Fixes bug that often caused loss of last few lines of OpenVPN Log before disconnecting. Fixes bug that sometimes caused problems restoring connections when awakening from sleep. Fixes bug that sometimes caused the Sparkle updater window to not appear on Snow Leopard. Fixes inconsistent logging of ownership/permissions repairs. Fixes bug that caused Tunnelblick to check for updates at launch even though preference to do so was cleared, not set. Fixes bug that ignored forced-preferences.plist when there was no configuration files in Deploy. Fixes bug with configuration files that are actually symbolic links. Fixes bug that didn't verify that ownership/permissions on Deploy contents copied correctly to backup. Complains with specific message in Console log if a configuration file needs repair but is locked. Fixes problems when a configuration file is a link.

Known Issues:

* The standard scripts that "Set nameserver" uses handle DNS for most common setups. You must use custom scripts to do anything else. See the "Using Tunnelblick" wiki for details.
* Localization is not complete.

Version 3.0b22 | Release Date: 2009-11-01 | Download

Includes OpenVPN version 2.1_rc20, which fixes problems with the "redirect-gateway" option.
Includes the 32/64-bit version of tuntap, which fixes problems running Tunnelblick on Snow Leopard under the 64-bit kernel. Thanks to the tuntap project, to Mohammad A. Haque for Xcode help, and to Jean-Philippe Jung for testing.
Stores username in Keychain instead of preferences.
Stores shadow copies of configuration files in /Library/Application Support/Tunnelblick/Users/username instead of /Library/Tunnelblick/username.
Bug fixes: Fixes bugs that interfere with storage or retrieval of usernames and passwords. Adds new configs to OpenVPN Log window when it has been opened but is currently closed. Clears "Automatically launch Tunnelblick upon login" for error exits. Clean exit if 'running from .dmg' error. Fixes several memory and CF leaks. Fixes bug that caused attempt to kill openvpn process that had already been killed. Fixes potential problem detecting locked configuration files during shadow copying. Installer detects and reports errors making ownership and permission modifications.
Enhancement: Creates openvpn-down-root.so and puts a copy of it in Tunnelblick.app/Contents/Resources, allowing use of OpenVPN 'user' and 'group' options by adding a line to the configuration file. See the Using Tunnelblick wiki for details.
Deployment enhancements: Several changes have been made which make it easy to create a customized version of Tunnelblick that can easily be deployed to multiple clients or installed once for all users of a computer. Configuration, key, and certificate files and up/down scripts can be put into a Deploy folder within Tunnelblick.app, and Tunnelblick will use them instead of using files in ~/Library/openvpn. These files are read-only, and, combined with read-only preference overrides, can create a tamper-proof application. Such deployed applications may be updated via the automatic update mechanism without losing the configuration information. Detailed information is available in the Deploying Tunnelblick wiki.
Other enhancements: Clarifies language in a few places. Adds a specific error message if unrecoverable error. Warns if all config files removed and gives a choice of quitting or installing and editing a sample config file. Warns if zero-length passphrase, username, or password. Adds Tunnelblick icon and the configuration name to all applicable dialog windows. Puts dialogs on top of other windows.
Known Issues:

The standard scripts that "Set nameserver" uses handle DNS for most common setups. You must use custom scripts to do anything else. See the "Using Tunnelblick" wiki for details.
Localization is not complete.

Version 3.0b16 | Release Date: 2009-08-22 | Download
  • Upgraded to OpenVPN version 2.1_rc19
  • Additional French translations (contributed by Oliver Hill)
  • An entry is appended to the OpenVPN Log window if OpenVPN returns with an error code. (This typically happens when there is an error in the configuration file.)

Known Issues:

* Home folders cannot reside on remote volumes (AFS, NFS, etc.)
* Japanese and Norwegian localization is not complete.
* The standard scripts that "Set nameserver" uses handle DNS for the most common DHCP setups. You must use custom scripts to do anything else. The standard scripts:
o Do not support multiple simultaneous connections
o Do not support multiple nameservers for multiple domains (e.g., local nameserver and remote nameserver simultaneously)
o Do not remove manual DNS entries (i.e., the manual nameserver will continue to be used even when the tunnel is open even if the OpenVPN "redirect-gateway" option is specified)

Version 3.0b14 | Release Date: 2009-08-10 | Download
No changes specified
Version 3.0b10 | Release Date: 2008-11-19 | Download

* fix linking problem that resulted in lzo compression not working on PowerPC
* prevent user from launching tunnelblick directly from the dmg
* remove experimental status from 'Set Nameserver' and make it the default
* upgrade to OpenVPN 2.1_rc15
* let buffered openvpn log messages appear in the GUI log
* possible fix for the crash if password is mistyped when using username/password authentication
* add version number to plist file
* don't restart connections on NetworkDidChange notification. fixes issue where existing connections would be reset when starting multiple simultaneous vpn connections.
* always use --script-security 2 so users are allowed to supply custom up/down scripts. needed for OpenVPN 2.1
* add missing example config file
* properly escape special chars in username or password/passphrase before passing them over to the management interface. fixes issue where the password/passphrase was not accepted when it contained backslashes or " chars.
* use NSStatusWindowLevel for notification windows. fixes issue that Tunnelblick icon remained visible in spaces or fullscreen mode of some apps.
* increase robustness when killing openvpn children by explicitly sending the SIGTERM to the process id instead of just sending "signal SIGTERM" over the management socket
* kill all openvpn processes on quit. fixes a rare condition where openvpn processes would be left over on Tunnelblick quit
* Add German, French, Japanese, Korean and Norwegian translations

Version 3.0b9 | Release Date: 2008-07-23 | Download
  • Fixed the crash on Leopard
  • Fixes the slow shutdown issue
  • Updated to the new tun/tap drivers
  • Auto-Update Capability using Sparkle
Version 3.0b6 | Release Date: 2007-10-28 | Download

Correctional update for version b5. Changes in detail:

* fixes hanging on Quit in Leopard
* updated to new tun/tap driver that will build correctly on leopard (the old one worked fine when built under tiger)
* fixes lzo problem for powerpc users
* updated third_party build system to correctly build universal binaries and to use 10.4u SDK when run under Leopard

Version 3.0_rc3 | Release Date: 2006-08-11 | Download

08/03/2006: Released Tunnelblick 3.0rc3. The Up/Down scripts to set the nameserver are now optional. You can enable them for each individual connection in the Details Panel.

Version 3.0_rc2 | Release Date: 2006-07-11 | Download
No changes specified