*EDIT*
Everyone needing a solid openvpn 2/2.1 client check out Viscosity. It costs $9 but it's very slick (30-day trial available). It also works with DHCP w/o issue and finally delivers a feature to disable time machine over VPN [cries tears of joy]
http://viscosityvpn.com/


Original 10.5.2 thread:
As TunnelBlick currently doesn't work for me I'm using OpenVPN from the CLI and it *is working*. I should note I'm using newer OpenVPN2 and tun/tap drivers than is currently supplied w/ TunnelBlick. Since these updated versions work I'm going to try manually updating TunnelBlick w/ the current OpenVPN2 binary and TUN/TAP drivers and see if that also works as the TunnelBlick interface is very useful.. Of course, manual install of openvpn and drivers as well as CLI openvpn usage is best suited for CLI-savvy folks.

***EDIT: Turns out the newer openvpn2 binary and updated tun/tap drivers can be quickly patched into Tunnelblick (see end of post for instructions) - I now have Tunnelblick working/stable***

***EDIT: At the request of a few folks I've posted the latest drivers/binary in this thread as well as to the DD forum:
Click to view attachment
http://www.dd-wrt.com/phpBB2/viewtopic.php?p=178231#178231 ***

***EDIT: 10.5.5 Quick DHCP fix:
try changing your up script to do a manual ip address vs. dhcp...
change: ipconfig set tap0 DHCP
to: ipconfig set tap0 MANUAL 192.168.1.xxx 255.255.255.0
(assuming your destination network is on the 192.168.1.x subnet) ***

INSTRUCTIONS:

1) Install Tun/Tap drivers (version: 01/21/2008)
http://www-user.rhrk.uni-kl.de/~nissler/tuntap/


2) Install Xcode 3.0 Tools
http://developer.apple.com/tools/download/


3) Install Macports v1.6
http://www.macports.org/


4) Install OpenVPN2 (and dependencies) via Mac Ports

bash-3.2# cd /opt/local/bin
bash-3.2# sudo ./port selfupdate

MacPorts base version 1.600 installed

Downloaded MacPorts base version 1.600

The MacPorts installation is not outdated and so was not updated
selfupdate done!

bash-3.2# sudo ./port search openvpn
openvpn net/openvpn 1.6.0 easy-to-use, robust, and highly configurable VPN
openvpn2 net/openvpn2 2.0.9 easy-to-use, robust, and highly configurable VPN

bash-3.2# sudo ./port install openvpn2
---> Fetching lzo2
---> Attempting to fetch lzo-2.02.tar.gz from http://www.oberhumer.com/opensource/lzo/download/
---> Verifying checksum(s) for lzo2
---> Extracting lzo2
---> Configuring lzo2
---> Building lzo2 with target all
---> Staging lzo2 into destroot
---> Installing lzo2 2.02_2+darwin_9
---> Activating lzo2 2.02_2+darwin_9
---> Cleaning lzo2
---> Fetching zlib
---> Attempting to fetch zlib-1.2.3.tar.bz2 from http://www.zlib.net/
---> Verifying checksum(s) for zlib
---> Extracting zlib
---> Applying patches to zlib
---> Configuring zlib
---> Building zlib with target all
---> Staging zlib into destroot
---> Installing zlib 1.2.3_1
---> Activating zlib 1.2.3_1
---> Cleaning zlib
---> Fetching openssl
---> Attempting to fetch openssl-0.9.8g.tar.gz from http://www.openssl.org/source/
---> Verifying checksum(s) for openssl
---> Extracting openssl
---> Applying patches to openssl
---> Configuring openssl
---> Building openssl with target all
---> Staging openssl into destroot
---> Installing openssl 0.9.8g_0
---> Activating openssl 0.9.8g_0
---> Cleaning openssl
---> Fetching openvpn2
---> Attempting to fetch openvpn-2.0.9.tar.gz from http://www.openvpn.net/release/
---> Verifying checksum(s) for openvpn2
---> Extracting openvpn2
---> Configuring openvpn2
---> Building openvpn2 with target all
---> Staging openvpn2 into destroot
---> Installing openvpn2 2.0.9_1
---> Activating openvpn2 2.0.9_1
---> Cleaning openvpn2


5) Reboot and verify tunnel drivers loaded

bash-3.2# kextstat -l|grep foo
110 0 0x52d8e000 0x6000 0x5000 foo.tap (1.0) <7 6 5 2>
109 0 0x52d85000 0x6000 0x5000 foo.tun (1.0) <7 6 5 2>

6) Execute OpenVPN

MacBookPro:~ Joshua$ sudo /opt/local/sbin/openvpn2 --cd /Users/Joshua/Library/openvpn --config /Users/Joshua/Library/openvpn/simple.conf

Mon Apr 14 18:35:34 2008 OpenVPN 2.0.9 i686-apple-darwin9.2.2 [SSL] [LZO] built on Apr 14 2008
Mon Apr 14 18:35:34 2008 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Mon Apr 14 18:35:34 2008 WARNING: file 'static.key' is group or others accessible
Mon Apr 14 18:35:34 2008 LZO compression initialized
Mon Apr 14 18:35:34 2008 gw 192.168.0.1
Mon Apr 14 18:35:34 2008 TUN/TAP device /dev/tap0 opened
Mon Apr 14 18:35:34 2008 ./simple.up tap0 1500 1579 init
add net 99.99.99.99: gateway 192.168.0.1
delete net 0.0.0.0: gateway 192.168.0.1
route: writing to routing socket: Network is unreachable
add net 0.0.0.0: gateway 192.168.1.1: Network is unreachable
Mon Apr 14 18:35:34 2008 Attempting to establish TCP connection with 99.99.99.99:443
Mon Apr 14 18:35:35 2008 TCP connection established with 99.99.99.99:443
Mon Apr 14 18:35:35 2008 TCPv4_CLIENT link local: [undef]
Mon Apr 14 18:35:35 2008 TCPv4_CLIENT link remote: 99.99.99.99:443
Mon Apr 14 18:35:36 2008 Peer Connection Initiated with 99.99.99.99:443
Mon Apr 14 18:35:37 2008 Initialization Sequence Completed

*** EDIT:
7) (Optional) To update Tunnelblick w/ the latest openvpn2 binary and tun/tap drivers:

bash-3.2# sudo -s
bash-3.2# cd /Applications/Tunnelblick.app/Contents/Resources/
bash-3.2# mv tap.kext tap.kext.orig
bash-3.2# mv tun.kext tun.kext.orig
bash-3.2# mv openvpn openvpn.orig
bash-3.2# cp -R /Library/Extensions/tap.kext ./
bash-3.2# cp -R /Library/Extensions/tun.kext ./
bash-3.2# cp -R /opt/local/sbin/openvpn2 ./openvpn
***

Josh

what added features are avaialbe as opposed to using the built in vpn tools that come with leopard ?

Good question dude. To access my home office I actually use the built in PPTP client often as OpenVPN isn't the only VPN supported by my router (DD-WRT VPN load rc24v6.1 provides both PPTP and OpenVPN support simultaneously). I also use the Cisco VPN client (on Leopard) to access my corporate office from home..

Leopard's PPTP:
PPTP's control channel is over TCP however the tunnel is a separate GRE based connection (GRE is neither UDP/TCP and will respectively not pass through 99% of enterprise firewalls). OSX has a sexy PPTP client making it the best option for remote access from hotspot/hotel/etc however this client will fail to connect from within most enterprise networks to external VPN servers/routers. EG. the built in client will work fine from starbucks but when I'm on my employer's network the GRE tunnel will be blocked and the VPN connection will ultimately fail.

3rd Party VPN - OpenVPN (as per my post above):
OpenVPN on the other hand can tunnel everything over SSL and can even traverse http proxies if necessary.. Tunnelblick aims to provide a GUI for OpenVPN that parallels the simplicity of Leo's built in client. From a ease-of-use standpoint it still has a ways to go.. functionally, and for the time being, TunnelBlick currently does not assign DHCP correctly and [in my case] kernel panics if you attempt a dynamic/static assignment w/ an up/down script..
*EDIT: I manually updated TunnelBlick's openvpn binary as well as tun/tap drivers and its working great now*

3rd Party VPN - Cisco, etc:
If you need to remote access into an enterprise VPN concentrator such as that provided by Cisco (VPN3000, ASA, PIX, etc) you may require a more functional IPSec client to meet baseline requirements.. EG. the built in client simply wont work. Interestingly the iPhone v2.0 beta has Cisco VPN support so it's not too far fetched to hope/pray for native Leopard Cisco IPSec support some day.

Hello,
Would you be able to provide the binary files nesessary to patch tunnelblick so that someone doesn't have install the source code to compile openvpn2?
Thanks a lot

Awesome post, Josh, thanks. I had most of it figured out, but was missing a few key things.

-Bill

I have posted my compiled binary and updated tun/tap drivers

Could you please upload the updated tunnelblick application? not just the binaries that need to be replaced.
Thanks!

Do you have a copy of the source code for tunnelblick? With the main website down for ~8 months, I didn't grab a copy before it crashed. Thanks.

Please google it, is not so hard: http://www.tunnelblick.net/ Is not down, sources and SVN is available.

For me tunnelblick worked right away, I installed the server on a FreeBSD. I use also the VPN pptp provided by Mac OS.

Let me clarify, the site is not down but according to the tunnelblick website:

"12/06/2007: I'm sorry for the ongoing problems with Tunnelblick under Leopard. I will find time to fix this soon. Additionally, someone apparently launched a denial of service attack against the subversion repository and the database got corrupted while defending it. I will have to restore that as well."

If you try to download the code via subversion, the database errors still happen, it's been this way for months.

While you can still download 3.0b6, it's not working consistently with Leopard, especially release 10.5.3. I want to incorporate the changes suggested in this forum into a completely updated installer for rollout to many users.

-Steve

Thanks for posting your binaries.... but looks if I was missing a more recent version of openssl...
I only have a "standard" leopard 10.5.4 and this has libssl.0.9.7 but the openvpn2 binary inside your archive
is linked against libssl-0.9.8

.... well, compiled it myself without pulling a new openssl lib, and Click to view attachment is what I have and what works for me on a standard a 10.5.4 install without ports. Please use the same procedure as above to patch your version of Tunnelblick !

thanks a lot picard13! you've been saving some spare time of mine...

ps: this forum should be cleaned up again... sorry for being off for so long...

Update: http://viscosityvpn.com/