Sec504 Tunnelblick Instructions for Mac OS X 10.4-10.8

Installing Tunnelblick on Mac OS X 10.4-10.8


To install and configure Tunnelblick, do the following:
  1. Go to https://labs.sans.org. From the "Downloads for Various Operating Systems" table, click on the link for "Tunnelblick 3.3.2" in the row for "Mac OS X 10.4-10.8" and download the file.

  2. Run the downloaded "Tunnelblick_3.3.2.dmg" install file. Double-click on the "Tunnelblick" icon. If you get a window with a warning that "Tunnelblick is an application that has been downloaded from the Internet", click "Open". When prompted for your password, enter it so the application can be installed. On the "Installation succeeded" window, click "Quit".

  3. Using Safari, download your user specific OpenVPN configuration file (unique link provided via email). The URL is provided in the email you received that had the subject "SEC504 Virtual Lab Access". The URL is in the "User Authentication" section of the message. Right-click on the OpenVPN configuration file link and select "Download Linked File As..." Save the file to your Desktop.

  4. Run "Tunnelblick". This being the first time it is run, the "Welcome to Tunnelblick" window will appear. Click the "I have configuration files" button.

  5. On the "Which Type of Configuration Do You Have" window, click the "OpenVPN Configuration(s)" button.

  6. Two new windows appear. The first is the "An Empty Tunnelblick VPN Configuration Has Been Created" window. Leave it alone for now. The second is a Finder window titled "Empty Tunnelblick VPN Configuration". Drag the OpenVPN configuration file that you saved on your Desktop to this folder. If the configuration file currently has a ".ovpn.txt" suffix, change it to just ".ovpn". When prompted "Are you sure you want to change the extension ... ", click "Use .ovpn".

  7. Close the "Empty Tunnelblick VPN Configuration" Finder window. Find the "Empty Tunnelblick VPN Configuration" folder on the Desktop and rename it based on the class and give it a ".tblk" extension (eg: Sec504.tblk). When prompted "Are you sure you want to add the extension ... ", click "Add". Click "Done" in the "An Empty Tunnelblick VPN Configuration Has Been Created" window.

  8. Double-click on the new "folder" that has the Tunnelblick icon. On the resulting "Install Configuration For All Users?" window, click "Only Me". When prompted to enter your password, enter your Mac acount password.

  9. On the "Tunnelblick VPN Configuration Installation" window, click "OK".

Starting Tunnelblick on Mac OS X 10.4-10.8

  1. Run "Tunnelblick. If you just finished the installation process, it is already running.

  2. Click on the "Tunnelblick" icon in the Menubar and select the appropriate "Connect ..." entry.

  3. On the "Tunnelblick: Passphrase Required" window, enter your VPN password (see email for info) and click "OK".

  4. If a "Warning" window pops up saying that the computer's pubic IP address didn't change, click "OK".

  5. To verify that the Tunnelblick connection was established, run "ifconfig" in a Terminal and look for the tap0 interface which should have a "10.10.7[6-9].x" IP address.

  6. After you see the interface, try pinging the following IP address: 10.10.0.1. This device should be pingable. Do NOT, repeat do NOT try scanning or attacking this device. This is NOT one of the Sec504 targets. You will be told what the target range is.


Common Configuration Issues

For a list of common configuration issues that we have seen, please refer to Common Configuration Issues