Only version 4.0.0beta01 works here on macOS 15.7

39 views
Skip to first unread message

Thomas L.

unread,
Oct 5, 2025, 11:40:20 AMOct 5
to tunnelblick-discuss
I don't know what the problem is. I stuck in version 4.0 beta 1. With all newer versions I get an endless loop of authorization... connection... disconnect and reconnect.

Tunnelblick Developer

unread,
Oct 5, 2025, 2:46:13 PMOct 5
to tunnelblick-discuss

It’s difficult to know with certainty without the diagnostic information that we request you post along with your problem. But my guess is that your configuration requires the use of an earlier version of OpenSSL or OpenVPN or both. Newer versions of Tunnelblick default to using newer versions of openVPN/OpenSSL, but you can choose an earlier version in the settings.


See Tunnelblick 4, which also applies to newer versions of Tunnelblick such as Tunnelblick 6 and 8, which also use even newer versions of OpenVPN/OpenSSL.)

Thomas L.

unread,
Oct 14, 2025, 4:22:16 PM (13 days ago) Oct 14
to tunnelblick-discuss
OK, here more details:

MacBook Air M3, 16 GB
macOS 15.7.1

I have tried different Versions of Tunnelblick:

Tunnelblick_3.8.7a_build_5770 -> Works!
Tunnelblick_4.0.0beta01_build_5810 -> Works!
Tunnelblick_4.0.1_build_5971 -> Don't work
Tunnelblick_6.0_build_6160 -> Don't work
Tunnelblick_8.1beta03_build_6340 -> Don't work

It seems the problem starts with 4.0.1
In the log file of 4.0.1 I see this error:
2025-10-14 22:18:03.140033 Error: negotiated cipher not allowed - AES-256-CBC not in AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
2025-10-14 22:18:03.140039 OPTIONS ERROR: failed to import crypto options

Tunnelblick Developer

unread,
Oct 14, 2025, 4:50:25 PM (13 days ago) Oct 14
to tunnelblick-discuss
That's the problem I described earlier, and discussed in Tunnelblick 4. Your VPN setup apparently uses obsolete and/or insecure encryption, which newer versions of OpenVPN/OpenSSL do not allow. (It's also possible that it tries to use newer encryption but is misconfigured and older versions of OpenVPN/OpenSSL are ignoring the misconfiguration.)

You should have whoever set up your VPN modify it to use modern encryption or fix the misconfiguration.

In the meantime, you can try using Tunnelblick 8.1beta03 (build 6340) with the older versions of OpenVPN/OpenSSL which are included in it.

At some point Tunnelblick will stop including the older versions, though, so get your VPN setup modified or fixed sooner rather than later.

Best regards,

Jon Bullard



Reply all
Reply to author
Forward
0 new messages