Well, in the end I went the quick route:
I created two files inside /Users/<user>/Library/Application Support/Tunnelblick/Configurations/MyConfFile.tblk/Contents/Resources called connected.sh and post-disconnect.sh (remember to do chmod u,g+x to both files to make them executable).
The connected.sh script runs after the connection has been fully established, and its contents are:
#!/bin/bash
/usr/sbin/networksetup -setwebproxy Wi-Fi 192.168.15.201 3128 off # These two are optional if you
/usr/sbin/networksetup -setsecurewebproxy Wi-Fi 192.168.15.201 3128 off # already have a proxy IP set
/usr/sbin/networksetup -setwebproxystate Wi-Fi on # Turn on the proxy/usr/sbin/networksetup -setsecurewebproxystate Wi-Fi on # Turn on the HTTPS proxy
The post-disconnect.sh script runs after the connection has been fully closed, and its contents are:
#!/bin/bash
/usr/sbin/networksetup -setwebproxystate Wi-Fi off
/usr/sbin/networksetup -setsecurewebproxystate Wi-Fi off
I used the post-disconnect.sh script to avoid disabling the proxy on reconnects.
CAVEATS:
1. It only works for Wi-Fi, and if your Wi-Fi is called exactly like that when using the command networksetup -listallnetworkservices
2. It doesn't save the previous Proxy settings if they exist, and it doesn't delete the Proxy IP address/port on disconnect
As I said, it's very crude but works for me. Perhaps someone else can do better scripts (for example, set the correct Interface and save previous Proxy settings).
Thanks for your time and for the excellent piece of software :)