tunnelblick icon Tunnelblick free software for OpenVPN on macOS We need translators for several languages…

Highlighted Articles
  News
  Installing Tunnelblick
  Uninstalling Tunnelblick
  Setting up Configurations
  Using Tunnelblick
  Getting VPN Service
  Common Problems
  Configuring OpenVPN
  Release Notes
  Thanks
  FAQ

Discussion Group
  Read Before You Post

Using Tunnelblick

On This Page
    Starting Tunnelblick
    Quitting Tunnelblick
    Automatically Starting Tunnelblick Upon Login
    Normal Tunnelblick Operation
    The "VPN Details" Window
        Configurations
        Appearance
        Preferences
        Utilities
        Info
    Keyboard Shortcuts
    Using More than One VPN Configuration
    Connecting to More than One VPN Simultaneously
    Command-Line Interface

Starting Tunnelblick

To launch Tunnelblick, double-click Tunnelblick in the Applications folder.

Tunnelblick will automatically be launched the next time you log in if you do not quit Tunnelblick before you log out, shut down, or restart your computer.

Tunnelblick requires few computer resources when no VPN is connected, so most people leave it running all the time.

Quitting Tunnelblick

To quit Tunnelblick, click on the Tunnelblick icon in the menu bar at the top of your screen, then click "Quit Tunnelblick". You can also type quit Tunnelblick by typing Command-Q when a Tunnelblick window is at the front of the display.

  • When you quit Tunnelblick, all open connections will be closed except those for configurations which are set to automatically connect "when the computer starts".

Automatically Starting Tunnelblick Upon Login

Tunnelblick is a menu bar item, not an application. If Tunnelblick is running when you log out, shut down, or restart your computer, Tunnelblick will automatically launch the next time you log in. If you do not want Tunnelblick to launch automatically the next time you log in, quit Tunnelblick before you log out, shut down, or restart.

Tunnelblick will also be launched automatically if any VPNs are active when you log in, or if it has disabled network access.

(Don't confuse the automatic launch of Tunnelblick upon login with the "automatically connect on launch” option, which causes a connection to be established whenever Tunnelblick is launched.)

Normal Tunnelblick Operation

Once Tunnelblick has been launched, you control it from the Tunnelblick icon in the menu bar at the top of your screen. The Tunnelblick icon is usually placed near the Spotlight icon.

When no VPN connection is active, the icon is dim:

dimmed Tunnelblick icon in the menu bar

When a VPN is connected, the icon is dark:

darkened Tunnelblick icon in the menu bar

If you click on the icon, you'll see a drop down menu similar to the following:

menu popped down from the Tunnelblick icon in the menu bar showing the following items: 'no active connections', 'vpn details', 'connect home', 'connect office', 'quit Tunnelblick'

There will be a "Connect” menu item for each available VPN configuration; configurations in subfolders appear on submenus. Click on a "Connect" item to establish the corresponding VPN connection. While the connection is being established, a dash will appear in the menu item and the Tunnelblick icon will darken and lighten repeatedly.

Depending on your setup, you may be asked for a passphrase and/or username/password. You can save your passphrase, username, or password in Apple's Keychain by checking the appropriate checkbox.

The connection will be active until you disconnect it or log out.

Putting your computer to sleep will close the connection; when the computer wakes up Tunnelblick will attempt to reestablish the connection. (This behavior may be modified using Tunnelblick's "Advanced" settings window.)

Use "Disconnect” from the drop-down menu to close the VPN connection.

Use "Quit” to close all open connections and quit the program and prevent Tunnelblick from starting itself at your next login at your computer.

Note: Tunnelblick will not automatically disconnect a configuration that is set up to automatically connect "when the computer starts". The connection will remain open until your computer shuts down or you specifically disconnect it.


The "VPN Details" Window

When the Tunnelblick menu is displayed, if you click on "VPN Details” a window similar to the following will appear:

window with list of configurations on the left and the Tunnelblick log on the right

This window has five panels: Configurations, Appearance, Preferences, Utilities, and Info. Select a panel by clicking on its button in the toolbar at the top of the window. The "Configurations" panel is shown above.

Configurations

The Configurations panel has an entry for each configuration on the left side. Tabs with the log and settings for the configuration selected on the left side are displayed on the right side. You may adjust the relative sizes of the left and right side by dragging the small dot between the two sides.

Note: The username and password of a computer administrator are required for most changes to configurations.

At the bottom of the list of configurations on the left side of the window there are three small buttons:

  • The "+" button guides you through the process of adding a new configuration.

  • The "-" button deletes the selected configuration.

  • The "gear" button pops down a list of other actions to take using the selected configuration:

menu popped down from 'gear' icon showing the following items: 'rename configuration', 'duplicate configuration', 'make configuration shared', 'make configuration private', 'revert configuration', 'do not show on Tunnelblick menu', 'edit OpenVPN configuration file', 'show OpenVPN log in Finder', 'delete configuration's credentials in Keychain'

"Connect" and "Disconnect" buttons connect or disconnect the configuration selected on the left side of the window. Another button allows you to copy diagnostic info to the Clipboard so you may paste it into an email or other document to get help troubleshooting a problem, and a help button displays detailed help.

The "Log" tab (shown above) displays the log for the configuration.

window with list of configurations on the left and Tunnelblick settings on the right

The "Settings" tab (shown above) allows you to see and modify several settings for the configuration

"Connect” specifies when the configuration should be connected:

  • "Manually" specifies that you will connect the configuration manually.
  • "When Tunnelblick launches" specifies that the configuration is to be connected when Tunnelblick is launched.
  • "When computer starts" specifies that the configuration to be connected when the computer starts. You can only choose "when the computer starts" for shared configurations or "Deployed" configurations.

"Set DNS/WINS" specifies how to handle DNS and WINS settings when the VPN is active:

  • Set nameserver” is the default. It causes scripts to be run before a connection is opened and after the connection is closed. The scripts set up DNS and WINS as required by the VPN and restore DNS and WINS information when the VPN is disconnected.
  • "Do not set nameserver" does not change DNS or WINS settings;
  • "Set nameserver (3.1) manipulates DNS settings the way that Tunnelblick 3.1 does;
  • "Set nameserver (3.0b10) manipulates DNS settings the way that Tunnelblick 3.0b10 does; and
  • "Set nameserver (alternate 1)" manipulates DNS settings in a different way that is more compatible with some configurations.

"Monitor network settings" causes network settings to be monitored for changes. It is available only when "Set nameserver" or "Set nameserver 3.1" is selected. When a change is detected, the connection will be disconnected and reconnected. Other actions and actions for changes to specific network settings can be specified on the "While Connected" tab of the "Advanced" settings window.

"Route all IPv4 traffic through the VPN" causes Tunnelblick to start OpenVPN with the "--redirect-gateway def1" option.

"Disable IPv6 (tun only)" disables IPv6 on all network interfaces while the configuration is connected.

"Check if the apparent public IP address changed after connecting" checks the IP address before and after connecting. This can be used to detect some DNS problems.

"Reset the primary interface after disconnecting" will restore network connectivity after disconnecting from some configurations which are badly written.

Additional settings may be examined and modified by clicking the "Advanced" button.


Appearance

The "Appearance" panel of the "VPN Details" window allows you to modify Tunnelblick's appearance:

Tunnelblick appearance panel


Preferences

The "Preferences" panel of the "VPN Details" window allows you to modify Tunnelblick's behavior, check for updates, and reset disabled warnings:

Tunnelblick preferences panel


Utilities

The "Utilities" panel of the "VPN Details" window has buttons to perform several tasks related to Tunnelblick or OpenVPN:

Tunnelblick utilities panel


Info

The "Info" panel of the "VPN Details" window displays information about the Tunnelblick program and the people who have contributed to it:

Tunnelblick info panel

(Note: the credits scroll to reveal additional contributors; not all contributors are displayed in the above screenshot.)


Keyboard Shortcuts

You may use the standard keyboard shortcuts in the "VPN Details" window:

Shortcut Action
Command-C Copy
Command-X Cut
Command-V Paste
Command-A Select all the text in the log
Command-M Minimize the window to the dock
Command-W Close the window
Command-Q Quit Tunnelblick

Using More than One VPN Configuration

You can have any number of configurations installed; each of the configurations will be available in the drop down menu and in the "Details” window.


Connecting to More than One VPN Simultaneously

Tunnelblick can maintain multiple simultaneous open connections to different VPNs.

However, this is for experts only:

  • If you use "Set nameserver” (which uses standard scripts to save/change/restore DNS/WINS data) with one or more connections your DNS settings may not be saved and restored properly and DNS might or might not work. It depends on the order in what DNS settings you want to use and which connections are opened and closed. Connections may close and be reopened because of communications errors over which you have no control, which can cause unpredictable results. Not recommended.
  • If you don't use "Set nameserver”, and your customized configuration files are suitably written to work together with custom scripts, things can work. But if you don't handle the DNS and routing settings properly, lots of things could go wrong. So this isn't recommended either unless you really know what you're doing and have a NEED to connect to multiple VPNs simultaneously.
  • VPN administrators might not be happy that you are connecting their networks together. Most VPN client software limits you to a single connection, probably for that reason.

Command-Line Interface

Tunnelblick has support for AppleScript, allowing you to list configurations and connect or disconnect them via AppleScript or the command line.