Tunnelblick is moving ~/Library/openvpn to ~/Library/Application Support/Tunnelblick/Configurations

Skip to first unread message


Dec 6, 2009, 11:14:54 PM12/6/09
to tunnelblick-discuss
Sometime in the next week or so, a commit to the Tunnelblick source
code will be made which moves the folder that contains configuration
files (and, often, other files) from ~/Library/openvpn to ~/Library/
Application Support/Tunnelblick/Configurations. This is being done to
be compatible with OS X standards and conventions.

This post is a FAQ about this change.

Tunnelblick will do this automatically and transparently. Everything
should just work. Each time Tunnelblick is started, it will check to
see if this move has been made. If not, it will move the folder and
then create a symbolic link (alias) from the old location to the new
location. The new version of Tunnelblick will then use the new
location. Old versions of Tunnelblick will use the alias to access the
files in the new location. The move will be done the first time an
updated Tunnelblick is run, when it secures itself after asking for
the username and password of someone who can administer the computer.

*** Will earlier versions of Tunnelblick still work after the folder
is moved?
Yes. Earlier versions will work with configuration (and other) files
in the new location because the symbolic link (alias) will cause
references to ~/Library/openvpn to result in references to the new

*** Will the standard up/down scripts (used when "Set nameserver" is
checked) still work?

*** Will customized up/down scripts still work?
Yes. The symbolic link (alias) will cause any references to ~/Library/
openvpn to result in references to the new folder.

*** Will customized install scripts still work?
Yes. The symbolic link (alias) will cause any references to ~/Library/
openvpn to result in references to the new folder.

*** Will following the old instructions to place configuration files
in ~/Library/openvpn still work?
Yes. If the new Tunnelblick has already been run, putting files in ~/
Library/openvpn will (because of the symbolic link) cause them to
actually be placed in the new location. If the new Tunnelblick has NOT
been run, the first time it is run the ~/Library/openvpn folder (and
its newly-placed configuration files) will be moved and an alias
created as described above.

*** Will this work on Tiger? Leopard? Snow Leopard? 64-bit Snow
Yes. Yes. Yes. Yes.

*** Will this work with remote home directories?
Yes, as long as the filesystem on which the home directory resides
supports symbolic links. The new version will work without symbolic
links, but old versions of Tunnelblick will no longer work without
them, and custom scripts may not work without them.

*** Will this work if /Library/openvpn doesn't exist (common for
deployed versions)?
Yes. If there's nothing to move, nothing will be done. ~/Library/
Application Support/Tunnelblick/Configurations and the symbolic link
will not be created.

*** Does this affect deployed versions?
Yes and no. Yes, because the move will be done (if ~/Library/openvpn
exists). No, because the move will not affect the way deployed
versions of Tunnelblick operate.

*** Can I delete the symbolic link (alias) ~/Library/openvpn?
Yes, but there is no reason to delete it except "tidyness" -- it takes
up almost no disk space. You can delete it if and when you are sure
you will not downgrade Tunnelblick and you have no custom scripts
which use the old location. If you delete it and at some point in the
future find that you need it, you can use the Finder to recreate it
(it is just an alias).

*** What about ownership and permissions?
The folder ~/Library/Application Support/Tunnelblick and the symbolic
link (alias) ~/Library/openvpn will each be owned by the current user
and have permissions of 755. The folder ~/Library/Application Support/
Tunnelblick/Configurations and its contents will have the ownership
and permissions of the original ~/Library/openvpn folder and its

*** Are there ANY circumstances where this move is a problem?
Yes. The following very unusual circumstances are a problem:

IF ~/Library/openvpn is a not either a folder or a link to ~/Library/
Application Support/Tunnelblick/Configurations;
~/Library/openvpn is a link to ~/Library/Application Support/
Tunnelblick/Configurations, but that folder does not exist;
both ~/Library/openvpn and ~/Library/Application Support/Tunnelblick/
Configurations exist and are folders;
~/Library/Application Support/Tunnelblick exists but is not a folder
or a link to a folder;
~/Library/Application Support/Tunnelblick/Configurations exists but is
not a folder or a link to a folder;

THEN a corresponding error message will be entered in the Console Log
and Tunnelblick will display an error dialog and then terminate. The
easiest way to recover from this is to set up the ~/Library/openvpn
folder up manually and make sure ~/Library/Application Support/
Tunnelblick/Configurations does not exist; the move will be done the
next time you run Tunnelblick.

Comments? Questions?


Dec 7, 2009, 7:18:02 AM12/7/09
to tunnelblick-discuss
Change: The move will only happen if ~/Library/Application Support/
Tunnelblick does not exist. An error message will be displayed if it
and ~/Library/openvpn both exist. After the move has been made, that
folder and ~/Library/Application Support/Tunnelblick/Configurations
must each exist and be a folder or a link to a folder. (If no move
has been made -- because ~/Library/openvpn does not exist -- then the
folders need not exist.)

Clarification: Any problems encountered performing the move and
creating the symbolic link will also be reported to the user via the
Console Log and an error dialog, the same way problems with the
initial setup is reported.


Dec 10, 2009, 10:53:57 AM12/10/09
to tunnelblick-discuss
This has been committed to the trunk as r298.
Reply all
Reply to author
0 new messages