username and password

[dave...@gmail.com]

Hi guys! Sorry for the probably stupid question but Tunnelblick is asking me a username and password to connect.. where do I find (or create) them? Thanks!! 

[Tunnelblick developer]

If you mean a username/password to install Tunnelblick or configurations, or make certain other changes, that username/password is the username/password of an admin user on your computer.

If you mean a username/password to connect to a VPN:

You need to contact your VPN service provider. That is the organization which gave you your configuration files, and perhaps a username and password, and to which you are probably paying a fee for VPN service. For more information, please see  Getting VPN Service.

Tunnelblick is just the free software that many VPN service providers recommend or supply to their customers. We do not provide VPN service, just software.

[xasth...@gmail.com]

Please forgive me if it is not the right hub, but i have a issue with user / password too like Dave

I deploy tunnelblick over munki for macs with sierra. From last update, and in the first start after this update b (where version 3.7.1a was ready) my users become a quest for Admin Password.

They call me from Home and we have no vpn connection, we musst connect over another tools and then i muss give admin password and all ist right like forever. I have this issue 3 or 4 times, but i hope that not my 100 users together call me about that, because are to many passwords and remote connections, etc. I dont want to stay in an old version, about security. Thanks

[Tunnelblick developer]

Tunnelblick requires the computer admin username/password when Tunnelblick is updated. Tunnelblick has always done that, and I do not expect that to ever change. It is a security precaution and prevents "escalation of privilege" attacks. It is also a way for users to control their own computer -- it prevents unauthorized changes to Tunnelblick.

If you don't want that behavior, disable Tunnelblick's checking for updates and distribute updates yourself using Munki.

[xasth...@gmail.com]

Hello, thank you for your answer.

I disable the Tunnelblick´s checking for updates and distribute updates over Munki as you recomend me. But after a neu -Munki distributed- Update i have the same Problem. This security option ist very good if the user is the same administrator, but is not too confortable if user isnt sudoers and want to use his new Tunnelblick version mit VPN working from home at night and he dont have admin rights. There is a "dont check administrator after update" option necesary. Is only my humble opinion. Thanks

[Tunnelblick developer]

If I understand you correctly, you would like your users to update Tunnelblick without a computer admin username/password.

As I wrote earlier, I don't expect to add that to Tunnelblick.

Although you haven't provided logs, I am guessing that Munki (or your Munki configuration for Tunnelblick) does not update the version of "tunnelblickd" that is being used by the system.

That is tricky to do because although tunnelblickd is contained within Tunnelblick, and is thus updated when you update Tunnelblick, the OS uses a cached copy of the old tunnelblickd. Tunnelblick uses the "tunnelblickd-hash.txt" and "tunnelblickd-launchctl-plist-hash.txt" files that are located in /Library/Application Support/Tunnelblick to detect that situation. When Tunnelblick loads tunnelblickd, it sets the two files to contain the hashes of the tunnelblickd binary and the .plist that are used to load it. When Tunnelblick launches, it checks that the hashes are as expected. If not, it means that Tunnelblick was updated and has a new tunnelblickd binary, so it unloads the old tunnelblickd and reloads the new one. That is what is requiring the admin username/password.

[b...@macmule.com]

Hi there,

As Munki installs items as root, we can unload unload the old tunnelblickd etc as needed.

Do you happen to have a list of operations that are followed?

For example, post install we could:

• Unload the old tunnelblickd
  
• Delete the old tunnelblickd
• Copy the new tunnelblickd to the correct location
• Replace the "tunnelblickd-hash.txt" and "tunnelblickd-launchctl-plist-hash.txt" files that are located in /Library/Application Support/Tunnelblick with the updated ones

Which should then resolve this issue, correct?

[Tunnelblick developer]

I don't have a list, but your list of operations is correct as far as I know, except that you also need to reload tunnelblickd at the end.

You could try to read the code in installer.m but it would probably be easier to just try it out. If it fails, there should be some indication of what isn't being set up properly -- reply here and I'll try to help.

[Ben Toms]

ok, appears we were missing the postinstall that most people use, which seems to resolve this.

#!/bin/sh
# based on forum discussion:
# https://groups.google.com/forum/#!topic/tunnelblick-discuss/UYeR7vv_rXM
# setup folders and secure Tunnelblick app
/Applications/Tunnelblick.app/Contents/Resources/installer 5
# secure configurations
/Applications/Tunnelblick.app/Contents/Resources/installer 16

--
You received this message because you are subscribed to a topic in the Google Groups "tunnelblick-discuss" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/tunnelblick-discuss/ek2y6ywHj8s/unsubscribe.
To unsubscribe from this group and all its topics, send an email to tunnelblick-discuss+unsub...@googlegroups.com.
Visit this group at https://groups.google.com/group/tunnelblick-discuss.
For more options, visit https://groups.google.com/d/optout.

--

Regards,

Ben