josh256 Posted April 14, 2008 Share Posted April 14, 2008 *EDIT* Everyone needing a solid openvpn 2/2.1 client check out Viscosity. It costs $9 but it's very slick (30-day trial available). It also works with DHCP w/o issue and finally delivers a feature to disable time machine over VPN [cries tears of joy] http://viscosityvpn.com/ Original 10.5.2 thread: As TunnelBlick currently doesn't work for me I'm using OpenVPN from the CLI and it *is working*. I should note I'm using newer OpenVPN2 and tun/tap drivers than is currently supplied w/ TunnelBlick. Since these updated versions work I'm going to try manually updating TunnelBlick w/ the current OpenVPN2 binary and TUN/TAP drivers and see if that also works as the TunnelBlick interface is very useful.. Of course, manual install of openvpn and drivers as well as CLI openvpn usage is best suited for CLI-savvy folks. ***EDIT: Turns out the newer openvpn2 binary and updated tun/tap drivers can be quickly patched into Tunnelblick (see end of post for instructions) - I now have Tunnelblick working/stable*** ***EDIT: At the request of a few folks I've posted the latest drivers/binary in this thread as well as to the DD forum: Tunnleblick_binaries.zip http://www.dd-wrt.com/phpBB2/viewtopic.php?p=178231#178231 *** ***EDIT: 10.5.5 Quick DHCP fix: try changing your up script to do a manual ip address vs. dhcp... change: ipconfig set tap0 DHCP to: ipconfig set tap0 MANUAL 192.168.1.xxx 255.255.255.0 (assuming your destination network is on the 192.168.1.x subnet) *** INSTRUCTIONS: 1) Install Tun/Tap drivers (version: 01/21/2008) http://www-user.rhrk.uni-kl.de/~nissler/tuntap/ 2) Install Xcode 3.0 Tools http://developer.apple.com/tools/download/ 3) Install Macports v1.6 http://www.macports.org/ 4) Install OpenVPN2 (and dependencies) via Mac Ports bash-3.2# cd /opt/local/bin bash-3.2# sudo ./port selfupdate MacPorts base version 1.600 installed Downloaded MacPorts base version 1.600 The MacPorts installation is not outdated and so was not updated selfupdate done! bash-3.2# sudo ./port search openvpn openvpn net/openvpn 1.6.0 easy-to-use, robust, and highly configurable VPN openvpn2 net/openvpn2 2.0.9 easy-to-use, robust, and highly configurable VPN bash-3.2# sudo ./port install openvpn2 ---> Fetching lzo2 ---> Attempting to fetch lzo-2.02.tar.gz from http://www.oberhumer.com/opensource/lzo/download/ ---> Verifying checksum(s) for lzo2 ---> Extracting lzo2 ---> Configuring lzo2 ---> Building lzo2 with target all ---> Staging lzo2 into destroot ---> Installing lzo2 2.02_2+darwin_9 ---> Activating lzo2 2.02_2+darwin_9 ---> Cleaning lzo2 ---> Fetching zlib ---> Attempting to fetch zlib-1.2.3.tar.bz2 from http://www.zlib.net/ ---> Verifying checksum(s) for zlib ---> Extracting zlib ---> Applying patches to zlib ---> Configuring zlib ---> Building zlib with target all ---> Staging zlib into destroot ---> Installing zlib 1.2.3_1 ---> Activating zlib 1.2.3_1 ---> Cleaning zlib ---> Fetching openssl ---> Attempting to fetch openssl-0.9.8g.tar.gz from http://www.openssl.org/source/ ---> Verifying checksum(s) for openssl ---> Extracting openssl ---> Applying patches to openssl ---> Configuring openssl ---> Building openssl with target all ---> Staging openssl into destroot ---> Installing openssl 0.9.8g_0 ---> Activating openssl 0.9.8g_0 ---> Cleaning openssl ---> Fetching openvpn2 ---> Attempting to fetch openvpn-2.0.9.tar.gz from http://www.openvpn.net/release/ ---> Verifying checksum(s) for openvpn2 ---> Extracting openvpn2 ---> Configuring openvpn2 ---> Building openvpn2 with target all ---> Staging openvpn2 into destroot ---> Installing openvpn2 2.0.9_1 ---> Activating openvpn2 2.0.9_1 ---> Cleaning openvpn2 5) Reboot and verify tunnel drivers loaded bash-3.2# kextstat -l|grep foo 110 0 0x52d8e000 0x6000 0x5000 foo.tap (1.0) <7 6 5 2> 109 0 0x52d85000 0x6000 0x5000 foo.tun (1.0) <7 6 5 2> 6) Execute OpenVPN MacBookPro:~ Joshua$ sudo /opt/local/sbin/openvpn2 --cd /Users/Joshua/Library/openvpn --config /Users/Joshua/Library/openvpn/simple.conf Mon Apr 14 18:35:34 2008 OpenVPN 2.0.9 i686-apple-darwin9.2.2 [sSL] [LZO] built on Apr 14 2008 Mon Apr 14 18:35:34 2008 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Mon Apr 14 18:35:34 2008 WARNING: file 'static.key' is group or others accessible Mon Apr 14 18:35:34 2008 LZO compression initialized Mon Apr 14 18:35:34 2008 gw 192.168.0.1 Mon Apr 14 18:35:34 2008 TUN/TAP device /dev/tap0 opened Mon Apr 14 18:35:34 2008 ./simple.up tap0 1500 1579 init add net 99.99.99.99: gateway 192.168.0.1 delete net 0.0.0.0: gateway 192.168.0.1 route: writing to routing socket: Network is unreachable add net 0.0.0.0: gateway 192.168.1.1: Network is unreachable Mon Apr 14 18:35:34 2008 Attempting to establish TCP connection with 99.99.99.99:443 Mon Apr 14 18:35:35 2008 TCP connection established with 99.99.99.99:443 Mon Apr 14 18:35:35 2008 TCPv4_CLIENT link local: [undef] Mon Apr 14 18:35:35 2008 TCPv4_CLIENT link remote: 99.99.99.99:443 Mon Apr 14 18:35:36 2008 Peer Connection Initiated with 99.99.99.99:443 Mon Apr 14 18:35:37 2008 Initialization Sequence Completed *** EDIT: 7) (Optional) To update Tunnelblick w/ the latest openvpn2 binary and tun/tap drivers: bash-3.2# sudo -s bash-3.2# cd /Applications/Tunnelblick.app/Contents/Resources/ bash-3.2# mv tap.kext tap.kext.orig bash-3.2# mv tun.kext tun.kext.orig bash-3.2# mv openvpn openvpn.orig bash-3.2# cp -R /Library/Extensions/tap.kext ./ bash-3.2# cp -R /Library/Extensions/tun.kext ./ bash-3.2# cp -R /opt/local/sbin/openvpn2 ./openvpn *** Josh Link to comment Share on other sites More sharing options...
ipguy Posted April 15, 2008 Share Posted April 15, 2008 As TunnelBlick currently doesn't work for me I'm using OpenVPN from the CLI and it *is working*. I should note I'm using newer OpenVPN2 and tun/tap drivers than is currently supplied w/ TunnelBlick. Since these updated versions work I'm going to try manually updating TunnelBlick w/ the current OpenVPN2 binary and TUN/TAP drivers and see if that also works as the TunnelBlick interface is very useful.. Of course, manual install of openvpn and drivers as well as CLI openvpn usage is best suited for CLI-savvy folks.INSTRUCTIONS: Josh what added features are avaialbe as opposed to using the built in vpn tools that come with leopard ? Link to comment Share on other sites More sharing options...
josh256 Posted April 15, 2008 Author Share Posted April 15, 2008 what added features are avaialbe as opposed to using the built in vpn tools that come with leopard ? Good question dude. To access my home office I actually use the built in PPTP client often as OpenVPN isn't the only VPN supported by my router (DD-WRT VPN load rc24v6.1 provides both PPTP and OpenVPN support simultaneously). I also use the Cisco VPN client (on Leopard) to access my corporate office from home.. Leopard's PPTP: PPTP's control channel is over TCP however the tunnel is a separate GRE based connection (GRE is neither UDP/TCP and will respectively not pass through 99% of enterprise firewalls). OSX has a sexy PPTP client making it the best option for remote access from hotspot/hotel/etc however this client will fail to connect from within most enterprise networks to external VPN servers/routers. EG. the built in client will work fine from starbucks but when I'm on my employer's network the GRE tunnel will be blocked and the VPN connection will ultimately fail. 3rd Party VPN - OpenVPN (as per my post above): OpenVPN on the other hand can tunnel everything over SSL and can even traverse http proxies if necessary.. Tunnelblick aims to provide a GUI for OpenVPN that parallels the simplicity of Leo's built in client. From a ease-of-use standpoint it still has a ways to go.. functionally, and for the time being, TunnelBlick currently does not assign DHCP correctly and [in my case] kernel panics if you attempt a dynamic/static assignment w/ an up/down script.. *EDIT: I manually updated TunnelBlick's openvpn binary as well as tun/tap drivers and its working great now* 3rd Party VPN - Cisco, etc: If you need to remote access into an enterprise VPN concentrator such as that provided by Cisco (VPN3000, ASA, PIX, etc) you may require a more functional IPSec client to meet baseline requirements.. EG. the built in client simply wont work. Interestingly the iPhone v2.0 beta has Cisco VPN support so it's not too far fetched to hope/pray for native Leopard Cisco IPSec support some day. Link to comment Share on other sites More sharing options...
cqrity Posted May 7, 2008 Share Posted May 7, 2008 Hello, Would you be able to provide the binary files nesessary to patch tunnelblick so that someone doesn't have install the source code to compile openvpn2? Thanks a lot Link to comment Share on other sites More sharing options...
agentbillo Posted May 14, 2008 Share Posted May 14, 2008 Awesome post, Josh, thanks. I had most of it figured out, but was missing a few key things. -Bill Link to comment Share on other sites More sharing options...
josh256 Posted May 26, 2008 Author Share Posted May 26, 2008 I have posted my compiled binary and updated tun/tap drivers Link to comment Share on other sites More sharing options...
pmcarrion Posted June 6, 2008 Share Posted June 6, 2008 Could you please upload the updated tunnelblick application? not just the binaries that need to be replaced. Thanks! Link to comment Share on other sites More sharing options...
Steve Shippa Posted June 10, 2008 Share Posted June 10, 2008 Do you have a copy of the source code for tunnelblick? With the main website down for ~8 months, I didn't grab a copy before it crashed. Thanks. Link to comment Share on other sites More sharing options...
macgirl Posted June 11, 2008 Share Posted June 11, 2008 Please google it, is not so hard: http://www.tunnelblick.net/ Is not down, sources and SVN is available. For me tunnelblick worked right away, I installed the server on a FreeBSD. I use also the VPN pptp provided by Mac OS. Link to comment Share on other sites More sharing options...
Steve Shippa Posted June 11, 2008 Share Posted June 11, 2008 Let me clarify, the site is not down but according to the tunnelblick website: "12/06/2007: I'm sorry for the ongoing problems with Tunnelblick under Leopard. I will find time to fix this soon. Additionally, someone apparently launched a denial of service attack against the subversion repository and the database got corrupted while defending it. I will have to restore that as well." If you try to download the code via subversion, the database errors still happen, it's been this way for months. While you can still download 3.0b6, it's not working consistently with Leopard, especially release 10.5.3. I want to incorporate the changes suggested in this forum into a completely updated installer for rollout to many users. -Steve Link to comment Share on other sites More sharing options...
picard13 Posted July 9, 2008 Share Posted July 9, 2008 Thanks for posting your binaries.... but looks if I was missing a more recent version of openssl... I only have a "standard" leopard 10.5.4 and this has libssl.0.9.7 but the openvpn2 binary inside your archive is linked against libssl-0.9.8 Link to comment Share on other sites More sharing options...
picard13 Posted July 10, 2008 Share Posted July 10, 2008 .... well, compiled it myself without pulling a new openssl lib, and Tunnelblick_binaries_10.5.4.zip is what I have and what works for me on a standard a 10.5.4 install without ports. Please use the same procedure as above to patch your version of Tunnelblick ! Link to comment Share on other sites More sharing options...
aprodigy Posted July 11, 2008 Share Posted July 11, 2008 thanks a lot picard13! you've been saving some spare time of mine... ps: this forum should be cleaned up again... sorry for being off for so long... Link to comment Share on other sites More sharing options...
josh256 Posted November 18, 2008 Author Share Posted November 18, 2008 Update: http://viscosityvpn.com/ Link to comment Share on other sites More sharing options...
Recommended Posts