VPN doesn't connect and switches between "Authorizing" and "Waiting for server response"

[Tunnelblick developer]

Tunnelblick 4.0.0beta15 changes the default versions of OpenVPN and OpenSSL used to connect, from OpenVPN 2.5 to OpenVPN 2.6, and from OpenSSL 1.1.1w to OpenSSL 3.0.

The newer versions can cause problems if your VPN configuration is very old, or if the VPN server you use has a very old setup.

Here's one problem that can happen: your VPN doesn't connect and the status switches back and forth between "Authorizing" and "Waiting for server response".

If that happens, examine the log. If you see the following error (it will be highlighted in red):

     OpenSSL: error:0A00014D:SSL routines::legacy sigalg disallowed or unsupported:

Try changing the version of OpenVPN/SSL to OpenVPN 2.6.9 - OpenSSL 1.1.1w.

If that works and the VPN connects, contact whoever gave you your VPN configuration files. They use an out-of-date signature algorithm that is no longer supported by modern versions of OpenSSL.

At some point Tunnelblick will no longer include OpenSSL 1.1.1w. It is no longer supported by OpenSSL, and does not receive security updates, so you should get your configurations set up to be compatible with newer versions.

[Duncan Houston]

Thanks. I had issues similar to this, where it flicks rapidly between "Authorizing" and I think it was "Waiting for server response". I didn't see red in the log, and have since reverted back to beta13, which is working again.

When I get the time I will try what's suggested.

[Tunnelblick developer]

Another error message (from a different conversation) which indicates similar problems with legacy signatures or encryption is:

     OpenSSL: error:0308010C:digital envelope routines::unsupported:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()