Errors Loading Kexts (Device Drivers) on macOS High Sierra (10.13)
If you see the following on macOS High Sierra:
Tunnelblick was not able to load a device driver (kext) that is needed to connect...
there are two likely reasons:
You may have encountered a new security feature ("Secure Kernel Extension Loading") which restricts the loading of kexts. This new feature is problematic because it makes life difficult for developers and users and it is easily bypassed by malware (here's another description).
This new feature requires a user to manually approve the loading of kexts by programs, even if they are signed with an Apple-approved special "kext signing identity". If the user does not manually approve the loading of the kext when asked, the user can (within some period of time) go to System Preferences : Security : General and approve the specific kext. Tunnelblick's kexts are signed by an Apple-approved "kext signing identity" with the name "Jonathan K. Bullard", so that is the name that appears when the user is asked to approve loading a Tunnelblick kext.
If you are using a "tap" VPN, you probably cannot avoid this problem, but if you are using a "tun" VPN, you can avoid this problem by making sure your configuration file does not include a "dev-type tun" option (it should include a "dev tun" option). The "dev-type tun" option causes OpenVPN to use a "tun" device, which requires a kext to be loaded. If a "dev-type tun" option is not present, OpenVPN will use a "utun" device, which is built into macOS 10.6.8 and higher and does not require a kext to be loaded.
If you are not running on macOS Sierra, or if you approved the loading of the kext on High Sierra, please see Errors Loading Kexts (Device Drivers).