"Connect: When computer starts" greyed out on beta, even on shared profiles.

[icet...@gmail.com]

Greetings,

I have a OpenVPN profile that is set to be shared, and was installed as part of a .tblk folder. I can use "Connect: When Tunnelblick launches" fine, but the "When computer starts" option is grayed out. I am on OSX 10.11.3

[jkbull...gmail.com]

The configuration probably requires a username/password (have a "auth-user-pass" option in the OpenVPN configuration file) or have a username/password or passphrase saved in the Keychain.

Such configurations cannot be started when the computer starts because when the computer starts nobody is logged in to provide the credentials or give access to the Keychain.

[jkbull...gmail.com]

Fixing the language:

The configuration probably requires a username/password (has a "auth-user-pass" option in the OpenVPN configuration file) or has a username/password or passphrase saved in the Keychain.

Such configurations cannot be started when the computer starts because when the computer starts nobody is logged in to provide the credentials or give access to the Keychain.

[jkbull...gmail.com]

I just remembered: the latest Tunnelblick beta allows the OpenVPN option to save a username/password in a file. The Tunnelblick installation of such a configuration hasn't been tested at all, so there may be problems installing a .tblk that has such an extra file, but you could put it in manually if that's the case. The file should be  named with a ".key" extension so it's permissions are set properly.

[Matthías Páll Gissurarson]

Ah yes, that is the case here. Is there no way to have tunnelblick prompt for keychain access in this case?

[Matthías Páll Gissurarson]

What is the format of such a file, if I were to create it manually?

[jkbull...gmail.com]

You should consult the OpenVPN docs for it, but I think it works as follows:

The file is a plain text file that contains the username, a LF character (0x0A), the password, and another LF. It should have a ".key" extension and should go in xxxx.tblk/Contents/Resources. 

You reference it in the OpenVPN configuration file using

auth-user-pass NAME_OF_FILE.key

If Tunnelblick won't let you install a .tblk with such a file (or complains about the filename in the auth-user-pass line of the configuration, you can try to do it manually. Do that by creating a .tblk configuration without the file (and including "auth-user-pass" without a filename) and install that as a private configuration.

Then go in manually to add the file into the Contents/Resources folder of the installed .tblk. (Private configurations are in /Users/YOUR_USERNAME/Application Support/Tunnelblick/Configurations.) Then add the filename to the "auth-user-pass" line in the OpenVPN configuration file.

Please report your results here, to help others with the same problem.

[Matthías Páll Gissurarson]

After reading up on it, I added a "vpn.key" file to the folder in the format

username
password

and substituted all occurrences of "auth-user-pass" with "auth-user-pass vpn.key", then I threw out all the old configurations and added them again.

This seems to have worked, and I can now select the "when computer starts" option.

On Saturday, March 5, 2016 at 5:16:22 PM UTC+1, jkbull...gmail.com wrote:

[Matthías Páll Gissurarson]

However, I put it in the top level of the .tblk folder, i.e. not in "xxx.tblk/Content/Resources"

[jkbull...gmail.com]

Thanks for reporting your success.

The vpn.key file can be in the top level of a .tblk that you have Tunnelblick install (as can all the other files). When Tunnelblick installs a .tblk, it rearranges the files so the .tblk is a valid OS X "package" by putting everything in xxx.tblk/Contents/Resources. So if you modify the installed file directly (not recommended), you would put the file there. But, as you said, if you are installing a .tblk by double-clicking it, then you can just put it in the main folder of the .tblk.