Errors Loading Kexts (Device Drivers) on macOS High Sierra (10.13) and higher
Tunnelblick may try to load a kext to control the VPN tunnel.
Note: If you are using a "tun" VPN, you can avoid needing to load a kext by doing the following:
The "dev-type tun" option causes OpenVPN to use a "tun" device, which requires a kext to be loaded. If a "dev-type tun" option is not present and a "dev tun" option is present, OpenVPN will use the "utun" device which is built into macOS and does not require a kext to be loaded.
If you are using a "tap" VPN, Tunnelblick must load a kext for your VPN to operate.
If you see the following on macOS High Sierra and higher:
Tunnelblick was not able to load a device driver (kext) that is needed to connect...
You may have encountered a new security feature in High Sierra and higher which restricts the loading of kexts (system extensions).
If the following does not help, please see Errors Loading Kexts (Device Drivers).
In some situations when you try to connect to a VPN, High Sierra and higher blocks Tunnelblick from loading a system extension. macOS pops up a window that looks like this:
(Tunnelblick's kexts are signed by "Jonathan K. Bullard", so that's what would appear in the blocked-by-red area of the window.)
The user then has 30 minutes to allow the new system extension to be loaded. As the window notes, that can be done on the "Security & Privacy" pane of "System Preferences". (The window doesn't say it, but it can only be done on the "General" tab of that pane.) Here is a screenshot:
(The "System software developer" in the blocked-by-red area will be "Jonathan K. Bullard" for Tunnelblick kexts.)
If the user doesn't grant approval within 30 minutes, the ability to approve the kext disappears and will only reappear after trying to connect the VPN again. When that happens, the original window does not appear (it is only shown once) but the ability to approve the kext reappears in "System Preferences" for 30 more minutes.
If the above does not help, please see Errors Loading Kexts (Device Drivers).