Highlighted Articles |
Using Tunnelblick as a VPN ServerNote: Although Tunnelblick can be used to control an OpenVPN server, it is most useful when there will be only one type of user of the server. There are programs specifically written for controlling OpenVPN servers which allow you to control individual users of the server and contain many server-specific functions that are not included in Tunnelblick. All versions of Tunnelblick allow the use of OpenVPN as a server:
To start OpenVPN (either a client or server) when the computer starts:
Whenever you quit Tunnelblick (or you log out, which causes Tunnelblick to quit), Tunnelblick will leave "when computer starts" configurations connected, but close all other configurations that are connected. VPN Username/PasswordIf an OpenVPN configuration requires a username/password, usually it includes "auth-user-pass" without a parameter, which directs OpenVPN to ask Tunnelblick for a username and password. Tunnelblick then either asks the user for them using a dialog box, or retrieves them from the currently-logged-in-user's Keychain (if the user had previously asked Tunnelblick to save them in the Keychain). That doesn't work for "when computer starts" configurations because no user is logged in. There's no way to display a dialog, and there is no Keychain available. However, you can change the OpenVPN configuration file so it will work. Change "auth-user-pass" to "auth-user-pass abc.key", and include a plain-text "abc.key" file which contains the username on the first line and the password on the second line. In that situation OpenVPN obtains the username and password directly from the file, which works even if no user is logged in. Put the "abc.key" file and the modified OpenVPN configuration file in a folder along with any other files that are needed for the configuration. Rename the folder to be XXX.tblk (where XXX is the name you want for the VPN) and then drag/drop it onto the Tunnelblick icon in the menu bar to install it. Tunnelblick copies the folder and secures the abc.key file, so you should securely delete the folder so the username/password cannot be accessed by others. (You can choose any name for the "abc" part, but to ensure that the file is not visible to other users, it must have an extension of ".key".) Tip: To edit the configuration file, the configuration must first be disconnected and made private. Then, after editing, make the configuration shared and connect it so that it will be secured. |