Tunnelblick OpenVpn Custom Header

1,423 views
Skip to first unread message

kikik...@gmail.com

unread,
Jul 4, 2015, 8:31:42 AM7/4/15
to tunnelbli...@googlegroups.com
http-proxy-option EXT1 Host: xx.xx.xx.xx/
http-proxy-option EXT2 X-Online-Host:xx.xx.xx.xx/

Adding the following code to the opevpn config file will gives an error "Bad http-proxy-option or missing parameter EXT1" since EXT is not supported in openvpn out of the box.

Someone had created a patch a long time a go
http://nwxsn.blog.com/2012/09/13/tunnelblick-3-3-beta-with-custom-header-openvpn/ enabling custom headers
http://nwxsn.blog.com/2012/10/28/openvpn-2-2-1-with-header-mod-for-mac-os/

When I copy the patched openvpn to .app/Contents/Resources/openvpn I get a code signing error that tunnelblick has been modified and it doesn't launch. The older version of tunnelblick with no code signing shown in the above link doesn't work with yosemite.

My question is  How can I get custom headers to work in Yosemite? All other platforms (android has plenty, windows has nvmdvpn and finchvpn, iOS has guizmovpn in cydia ) have there header patched version of openvpn.

A request, may someone kindly compile the latest beta including the patched openvpn from here http://nwxsn.blog.com/files/2012/10/openvpn-2.2.1.zip_.avi (the file has a wrong extension just rename to .zip) Source http://nwxsn.blog.com/download/
or patch the latest openvpn. Here's the patch http://sourceforge.net/p/openvpn/mailman/message/31561156/

Thanks.






jkbull...gmail.com

unread,
Jul 4, 2015, 8:57:47 AM7/4/15
to tunnelbli...@googlegroups.com, kikik...@gmail.com, kikik...@gmail.com
It is not too difficult to build Tunnelblick from source code. Detailed instructions on how to do so are included in the source, in a file named "Building Tunnelblick from Source Code.rtf".

After building from the source (build an "Unsigned Release" version), copy the kexts from a current Tunnelblick binary; some are signed and are needed by Yosemite.

(Note: If you are using Yosemite with a "TUN" connection, you don't need signed kexts; OpenVPN will default to using the built-into-OS-X "utun" device instead of the "tun" device provided by the tun kexts.)

My understanding is that the patch (or a patch with similar or identical functionality) was accepted into the master OpenVPN source code and will be included in OpenVPN 2.4. Tunnelblick usually incorporates new versions of OpenVPN within a few days of the official release by OpenVPN.

kikik...@gmail.com

unread,
Jul 4, 2015, 10:16:16 AM7/4/15
to tunnelbli...@googlegroups.com, kikik...@gmail.com
Thank you for your timely reply. This is too difficult for me. Will just have to wait till 2.4.

Or if someone with the knowledge could patch openvpn to support custom headers. From there I could use Viscosity since it supports replacing openvpn binary without throwing errors. For now I'm left with no choice but to install parallels, then windows then use nmvdvpn or finchvpn  and finally share the connection with OS X. Please save me from this trouble. Arrggh.

r...@theinfluencerproject.com

unread,
Apr 18, 2017, 6:34:56 AM4/18/17
to tunnelblick-discuss
Same here bro.. Already Sierra. :(

Tunnelblick developer

unread,
Apr 18, 2017, 6:45:26 AM4/18/17
to tunnelblick-discuss
Chris Gachibi said "Will just have to wait till 2.4", which implies that EXT1 is supported in OpenVPN 2.4. Recent versions of Tunnelblick include OpenVPN 2.4, so try using it -- select OpenVPN 2.4.whatever in the Tunnelblick "Settings" tab.

r...@theinfluencerproject.com

unread,
Apr 18, 2017, 7:02:26 AM4/18/17
to tunnelblick-discuss
Hey man.. Well I ran it and I got this error:

Could not start OpenVPN (openvpnstart returned with status #251)


Contents of the openvpnstart log:

*Tunnelblick: openvpnstart log:

     OpenVPN returned with status 1, errno = 0:

          Undefined error: 0

     

     Command used to start OpenVPN (one argument per displayed line):

     

          /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.14-openssl-1.0.2k/openvpn

          --daemon

          --log

          /Library/Application Support/Tunnelblick/Logs/-SUsers-Sramalturas-SLibrary-SApplication Support-STunnelblick-SConfigurations-SPremium--SG4.tblk-SContents-SResources-Sconfig.ovpn.769_0_1_0_1065264.1337.openvpn.log

          --cd

          /Library/Application Support/Tunnelblick/Users/ramalturas/Premium-SG4.tblk/Contents/Resources

          --verb

          3

          --config

          /Library/Application Support/Tunnelblick/Users/ramalturas/Premium-SG4.tblk/Contents/Resources/config.ovpn

          --verb

          3

          --cd

          /Library/Application Support/Tunnelblick/Users/ramalturas/Premium-SG4.tblk/Contents/Resources

          --management

          127.0.0.1

          1337

          --management-query-passwords

          --management-hold

          --script-security

          2

          --up

          /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw

          --down

          /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw

     

     Contents of the OpenVPN log:

     

          Options error: Bad http-proxy-option or missing parameter: 'CUSTOM-HEADER'

          Use --help for more information.

Tunnelblick developer

unread,
Apr 18, 2017, 7:07:53 AM4/18/17
to tunnelblick-discuss
You were using OpenVPN 2.3.14, not OpenVPN 2.4.

Open Tunnelblick's "VPN Details" window, click to select your configuration, and in the Settings" tab, select OpenVPN 2.4, with either OpenSSL or LibreSSL (your choice).

r...@theinfluencerproject.com

unread,
Apr 18, 2017, 7:16:08 AM4/18/17
to tunnelblick-discuss
Thanks man. Now it's working.. Appreciate it bro.. Thank you!

andam...@gmail.com

unread,
Oct 28, 2018, 9:56:42 AM10/28/18
to tunnelblick-discuss
could you please make video and explain  me please.....
Reply all
Reply to author
Forward
0 new messages