tunnelblick icon Tunnelblick free software for OpenVPN on OS X and macOS We need translators for several languages…
Home Downloads Support Documents Issues Source Contribute Contact

Highlighted Articles
  Installing Tunnelblick
  Uninstalling Tunnelblick
  Setting up Configurations
  Using Tunnelblick
  Getting VPN Service
  Common Problems
  Configuring OpenVPN
  Release Notes
  Thanks
  FAQ

Discussion Group
  Read Before You Post

Errors Loading Kexts (Device Drivers)

If you see the following:

Tunnelblick was not able to load a device driver (kext) that is needed to connect...

There are two likely reasons:


(1) If you are using macOS High Sierra or higher, you may not have allowed Tunnelblick to load the kext. See Errors Loading Kexts (Device Drivers) on macOS High Sierra (10.13) and higher;


(2) There may be incompatible kexts already loaded. Recent versions of Tunnelblick try to be "good citizens" by loading kexts only when needed, and unloading them when they are no longer needed. However, some other VPN clients (CiscoAnyConnect SSL VPN, for example) load their own, incompatible kexts when the computer is started and leave them loaded, whether or not a VPN connection is in use. (Some non-VPN software also loads incompatible kexts — for example, Pogoplug loads a "com.pogoplug.xcetun" tun kext which interferes with Tunnelblick's tun kext.)

To find out if this is what is causing the problem, use the "kextstat" command in a Terminal window. It will list all of the loaded kexts. Usually the tun and/or tap kexts show up at or near the end of the list. Common tun/taps are:

  • net.tunnelblick.tun and net.tunnelblick.tap: These are the kexts used by current versions of Tunnelblick. When needed, the appropriate one (tun or tap) is loaded when a connection is requested, and unloaded when it is disconnected. Since macOS 10.6.8, "tun" connections do not need to have a kext loaded unless they include a "dev-type tun" OpenVPN option. Tunnelblick uses customized versions of the kexts from tuntaposx, modified to have a Tunnelblick bundle ID and version. Which version Tunnelblick uses depends on the version of macOS being used.
  • foo.tun and foo.tap: These are kexts for obsolete Cisco and Tunnelblick VPN clients (and some others), loaded when a very version of Tunnelblick is launched (and unloaded when the computer restarts). If Tunnelblick detects them, it will offer to unload them before connecting.
  • com.cisco.cscotun: This is CiscoAnyConnect SSL VPN kext. Cisco's installer causes it to be loaded when the computer starts.
  • com.viscosityvpn.Viscosity.tun and com.viscosityvpn.Viscosity.tap: These are kexts used by the Viscosity VPN client.
  • com.pogoplug.xcetun: This kext is associated with Pogoplug.
  • anchorfree.tun: This kext is associated withHotSpot Shield VPN.
  • net.sf.tuntaposx.tap and net.sf.tuntaposx.tun: These are from tuntaposx.
    But any non-Apple kext with "tun" or "tap" in its name is likely to be causing the problem.

To unload kexts and allow Tunnelblick to load its own kexts, use the 'kextunload" Terminal command to unload each loaded tun and tap kext individually. For example, to unload com.viscosityvpn.Viscosity.tun, type the following:

sudo kextunload -b com.viscosityvpn.Viscosity.tun

(The "sudo" is necessary because this command modifies the loading of a device driver. You will be asked for your administrator password, which will not appear (even as asterisks) when you type it.)

If you find that restarting your computer reloads the kext you might need to find where it is being loaded from. Common locations are

  • /Users/your username/Library/LaunchDaemons
  • /Users/your username/Library/LaunchAgents
  • /Library/LaunchDaemons
  • /Library/LaunchAgents
  • /System/Library/LaunchDaemons
  • /System/Library/LaunchAgents

There are a user-contributed scripts on the Downloads page that will automatically unload the Cisco kext when Tunnelblick makes a connection, and reload the Cisco kext when the connection is disconnected.

  Deutsch     Français     中文(简体)     Русский     Español     日本語     …