Problem importing config with .pkcs12 starting with Tunnelblick version 3.6
198 views
Skip to first unread message
freema...@gmail.com
Sep 3, 2016, 10:47:25 AM9/3/16
to tunnelblick-discuss
We have been using an OpenVPN config that uses a pkcs12 file. Our Mac users using Tunnelblick had no issues importing and using the config with Tunnelblick prior to version 3.6. Ever since version 3.6 they receive an error when they try to import the config. They get a message saying "Failed to copy..." when it's trying to copy that pkcs12 file to the "/public/var/folders/..." location.
The strange thing is that if we install Tunnelblick version 3.5.10, we can import the config file successfully. Then upgrade Tunnelblick to the new version and everything still works fine. The problem comes when we have to present them with an updated pkcs12 config. They have to uninstall the current version, revert back to 3.5.10 to import the config and then update Tunnelblick again.
I have verified that it seems to be the issue of copying the pkcs12 file by commenting out that line in the config and trying to import that with the current version of Tunnelblick. It successfully imports. But as soon as you add that line back, it fails to import.
Tunnelblick developer
Sep 3, 2016, 11:46:27 AM9/3/16
to tunnelblick-discuss, freema...@gmail.com
Thanks for reporting this. The behavior you describe: 3.5.10 imports OK but 3.6 doesn't, sounds like a bug importing .p12 files.
It would be helpful to have the Console Log output from a failed import, in case I have trouble reproducing this problem. I don't have any pkcs12 files, so that could be a problem.
It would be helpful to have the Console Log output from a failed import, in case I have trouble reproducing this problem. I don't have any pkcs12 files, so that could be a problem.
Tunnelblick developer
Sep 3, 2016, 12:14:34 PM9/3/16
to tunnelblick-discuss, freema...@gmail.com
I can't reproduce the problem, using Tunnelblick 3.6.7beta02 on OS X 10.11.6, either replacing an existing configuration or installing a new one, shared or private.
What are the ownership and permissions of the .p12 file?
If you can send a .zip of a "sanitized" configuration (to my Gmail address, "jkbullard") that shows the problem, that is probably the only way I can fix it. (Please make sure Tunnelblick 3.6.7beta02 fails to install the "sanitized" configuration before sending it to me.)
By "sanitized", I mean you should X out the argument to any "remote" options, and replace the .p12 file or other files that contain private information with identically-named files with garbage information. Since I don't need to "connect" the configuration, just install it, those changes won't matter.
On Saturday, September 3, 2016 at 10:47:25 AM UTC-4, <> wrote:
Tunnelblick developer
Sep 4, 2016, 9:11:26 AM9/4/16
to tunnelblick-discuss, freema...@gmail.com
The problem was resolved by using a ".p12" extension instead of a ".pkcs12" extension.
There is a bug in Tunnelblick's handling of unknown extensions. (It treats them as plain-text ".key" files.) I will put fixing that on my list, but it is a relatively low priority, I'm afraid.
Tunnelblick developer
Sep 9, 2016, 7:44:45 PM9/9/16
to tunnelblick-discuss, freema...@gmail.com
Tunnelblick 3.6.7beta04 (released a few minutes ago) fixes this problem.
Reply all
Reply to author
Forward
0 new messages