Mountain Lion and Tunnelblick - Playing Nice Together

One of the things that requires some tweaking after the installation of Mac OS X (Mountain Lion) is Tunnelblick, a free and open-source GUI for openVPN.  I use Tunnelblick for work and play so it's pretty important that it be working correctly. After Mountain Lion installed, Tunnelblick no longer worked on either of my VPNs.  Scanning the forums, blogs, and support sites, I found several solutions, none of which worked on their own (for me), but instead required combining the solutions to get things to work.

First, you're going to need to de-install your existing copy of Tunnelblick but, before you do, open a finder window, or cd from the command line, into "~/Library/Application Support/Tunnelblick".

Copy all of your current configuration files to someplace safe in the event you don't need new configuration files for your VPN.  Personally, I use BolehVPN and   I generated new key files as part of this process.  My work VPN files are going to require some tweaking too but, either way, it's always nice to have back-ups so you don't have to start-over from scratch creating your configs.

I used a sweet little program called AppZapper to remove Tunnelblick - it thoroughly cleans out all files associated with the app - hence the reason why you want to back-up your config files.

Once you've removed Tunnelblick, download the beta version of the software.  The current release is versioned at 3.2.6(2891.3007) and was built on May 3, 2012.  This version does not work with Mountain Lion.

You want to download and install Tunnelblick 3.3.  The Beta release version changed four iterations in 24-hours so don't worry about which rev your getting -- this has worked for me since beta release 12.

Once you're down with the install, you can either download new key files (certificates, keys, and configs with the opvn extension) or you can see if your current configurations will work with the beta.

Once I installed the new key files, I found that I could connect to my VPN provider successfully, but I couldn't do anything after that point.

If this is the case for you, which you can confirm by loading a website by it's IP address instead of the URL... As a matter of routine, it's good to memorize (or at least write-down) this IP address: 74.125.53.100 which is the IP address for google.com.

If you can get Google to load by IP and not by name, (google.com), in the URL bar, then you need to tweak your nameserver settings for your VPN configuration.

Click on the Tunnelblick icon in your menu bar and then click on "VPN Details" at the bottom of the drop down.  This will open a dialog box with your available VPN configurations on the left in a scrolling text box and, on the right, a two-tab  panel for your Logs and Settings.

If your connection failed, scroll through the information under the Log tab and you should see something that looks like this:

[codesyntax lang="text" lines="no"]

2012-07-27 08:51:06 *Tunnelblick process-network-changes: SearchDomains changed from

* *                     to *                    <array> { *                    0 : openvpn *                    } *                    pre-VPN was *

[/codesyntax]

This information shows you that you've no search domains selected for the new VPN connection because normally you should see IP address in these containers.  Unless you do everything by IP address, you're going to be dead in the water...so....

Click on your VPN listing and then click on the Settings tab.

By default, your DNS/WNS configuration has the setting "Set nameserver".  You want to change this setting to "Set nameserver (3.0b10)".

Click back to the Log tab and attempt your connection.  You should be able to successfully resolve DNS/WNS at this point however, if for some reason this doesn't work, then go back to the Settings tab and try the other nameserver options in the drop down.

Finally, something else you may wish to check is your DNS server settings for your OS.  Open System Preferences -> Network -> Advanced... for your internet connection.   Click on the DNS tab and look a your nameservers listed in the box on the left side.

If you're using your ISP's router IP as your DNS server, you're probably going to have a bad time.  I use Google's nameservers but there are other free nameservers available too, such as OpenDNS.  Whatever you decide to use, enter the nameserver IP address in this block after removing the IP for your ISP or network router.

Google's DNS nameserver IPs are: 8.8.8.8 and 8.8.4.4.

That's it!  Hope this helps!