Feature request: Select Named Credentials in Username/Password dialog
38 views
Skip to first unread message
surely....@gmail.com
May 19, 2017, 5:45:36 AM5/19/17
to tunnelblick-discuss
The Tunnelblick in-app help (Very helpful, once I found it - I first looked on the website for help, and the docs there are extremely detailed but don't even mention named credentials!) explains credentials groups like this:
The concept behind this is fantastic. In practice, however, this requires manually opening the advanced settings for each of the 32 configurations to set the credential group - which is only marginally faster than copying and pasting the username and password 32 times! (Though it would certainly be useful if the credentials change later - at least they only have to be changed once.)
In my case - and this is probably the case for many users who have a VPN provider with multiple configs for different server locations - I'll probably only ever use a few of the 32 configs. But I don't know now which ones I'll use, and I don't want to have to go into the settings every time I use a new one.
A good solution to this might be to rework the "Username/Password" dialog so that it has a pop-up menu at the top with options like this:
- Use Credentials for VPN A
- Use Credentials for VPN B
- Use Separate Credentials...
If I choose an existing credentials group, the Username/Password entry fields get disabled or hidden. If I choose "Use Separate Credentials," then the Username/Password fields work normally.
This way, I basically assign each config to a credentials group only at the point at which I use the config for the first time.
(You could even add one more menu option, "New Credentials Group...", which saves the entered username and password to a new named group!)
For example, ten configurations for VPN service provider A can be set to use the "VPN A" credentials, and twenty-three configurations for VPN service provider B can be set to use "VPN B" credentials. The user then only needs to enter the "VPN A" credentials once and save them to the Keychain, and enter the "VPN B" credentials once and save them to the Keychain, instead of needing to enter the credentials for each of the thirty-two configurations and save each of them to the Keychain.
The concept behind this is fantastic. In practice, however, this requires manually opening the advanced settings for each of the 32 configurations to set the credential group - which is only marginally faster than copying and pasting the username and password 32 times! (Though it would certainly be useful if the credentials change later - at least they only have to be changed once.)
In my case - and this is probably the case for many users who have a VPN provider with multiple configs for different server locations - I'll probably only ever use a few of the 32 configs. But I don't know now which ones I'll use, and I don't want to have to go into the settings every time I use a new one.
A good solution to this might be to rework the "Username/Password" dialog so that it has a pop-up menu at the top with options like this:
- Use Credentials for VPN A
- Use Credentials for VPN B
- Use Separate Credentials...
If I choose an existing credentials group, the Username/Password entry fields get disabled or hidden. If I choose "Use Separate Credentials," then the Username/Password fields work normally.
This way, I basically assign each config to a credentials group only at the point at which I use the config for the first time.
(You could even add one more menu option, "New Credentials Group...", which saves the entered username and password to a new named group!)
Tunnelblick developer
May 19, 2017, 6:22:22 AM5/19/17
to tunnelblick-discuss
Thanks for your detailed suggestion. However, you don't need to do anything 32 times (for your example).
Here's a way to have 32 configurations share credentials without doing anything 32 times:
- Open the "VPN Details" window.
- Select the 32 configurations in the list on the left of the "Configurations" tab, using shift-click and/or command-click. *
- Open the "Advanced" window and go to the "VPN Credentials" tab.
- Type the name of the credentials (for example, "CREDS") in the textbox, and click the "Add Credentials" button.
- Click the drop-down box and select "This configuration uses CREDS credentials".
- Close the "Advanced" and/or "VPN Details" windows if you wish.
- Connect using one of the configurations.
- When asked for the username/password, enter them and check one or both "Save in Keychain" checkboxes.
That's it; you're done. If you try to connect using any of the 32 configurations, they will use the CREDS username/password that you saved in the Keychain.
The "trick" here is to use Tunnelblick's ability to change settings on more than one configuration at a time (for most settings): Tunnelblick will apply settings changes to all configurations that are selected in the list on the left side of the "Configurations" tab of the "VPN Details" window.
I apologize that the ability to change settings for multiple configurations all at once isn't explained well (if at all?) in the documentation; I would welcome a suggestion as to where -- and how -- to explain it. (It isn't specific to named credentials, and I don't want to repeat this in the description of each setting!)
* Select multiple configurations using macOS-standard methods: click one configuration and then shift-click another to select both plus the ones in between and command-click to toggle whether a single configuration is selected or not.)
Reply all
Reply to author
Forward
0 new messages