If you’re a casual OpenVPN user, you’ll probably use a GUI to manage your connections when acting as a “Road Warrior”. If you’re a PowerBook / PPC-based Apple user, then Tunnelblick to the rescue.
I use an IPCop firewall with the Zerina plugin, which wraps the OpenVPN management in an (relatively) easy to use GUI within IPCop. So create your Road Warrior users, assign a password, and the new GUI will let you download cert and OpenVPN .conf file to hand to your Road Warrior user (don’t email the freakin’ thing, if you go to all that trouble to be secure!).
So, all’s well so far. Que the Intel based MacBook and MacBook Pro. I’d previously used the easy installer from Tunnelblick on my G4 PowerBook, and within a minute or 2, I was up and running. Not so with my new MacBook (yes, I paid the extra for the cool black!). So if you’ve read this far, you’re probably keenly aware that it’s not as simple on the Intel-based Macs.
The problem lies not within the Tunnelblick software but, rather, the TUN/TAP devices it ships with. Some kind soul, by the name of Matt Mead has come to the rescue. He’s taken the open source TUN/TAP drivers from Mattias Nissler, and compiled them under Intel/i386 architecture. Read his blog post. Cheers Matt!
What he hasn’t got around to doing just yet is fixing up the installer (that, too, gets shipped with Tunnelblick), so here’s how I manage to get Tunnelblick up and running:
- Download, and extract, the binaries from Matt’s blog post. If you get stuck here, don’t read on 😉
- Because the installer is broken, you’ll have to manually extract the kernel extensions, and manually install them
- First, right-click (or a two-fingered tap on your trackpad if you’ve configured it like so!) on
tap_kext.pkg, and choose to “Show Package Contents”. Browse to the
Contentsfolder, and then double click
Archive.pax.gzto extract it. It’ll create an
Archivefolder. In there go in to the
System/…) and copy the
/Library/Extensionsfolder on your system. You’ll probably be asked to “Authenticate” yourself.
- Do the same for
- Before we manually register them, we need to fix up file permissions. In a Terminal window (as an Administrator, obviously), change ownership by
sudo chown -R root:wheel /Library/Extensions/tun.kext /Library/Extensions/tap.kext, and then change permissions by
sudo chmod -R go-w /Library/Extensions/tap.kext /Library/Extensions/tun.kextWhen asked for a password at the command prompt, you simply enter your own login password again (assuming you are an administrator).
- Now, we’ve to register them (think
regsvr32from Windows). Do so by typing
sudo kextload /Library/Extensions/tun.kextin a Terminal window
- That’s the hard part over! Now we go ahead with the rest of the Tunnelblick install. When you’ve mounted the
.dmgTunnelblick download, you’ll notice a
Packagesfolder. Don’t run the
Tunnelblick-Complete.mpkginstaller! In the
Packagesfolder, run the
Tunnelblick.pkginstallers (because you’ve already manually installed modified versions of the other two installers).
- One restart later, and you should have a Tunnelblick sitting pretty beside your Sherlock icon now. You’ll still need to copy a working config/certificate file into your
~/Library/openvpn(as per regular Tunnelblick instructions), but at least it now runs!
Hopefully that’ll save you a couple of minutes Googling!