Tunnelblick "Keep Connected" doesn't work after upgrade to Yosemite

[earl...@yahoo.ca]

I was previously using OSX Mavericks and Tunnelblick 3.4.4 (build 4055.4236).

I have "Keep Connected" selected, and it worked as expected, automatically restoring the VPN link after the laptop woke from sleep, or moved from one WiFi network to another.

This was a very useful feature, but after upgrading to Yosemite, this no longer happens.

What can I do to restore this functionality ?

Earl

[jkbull...gmail.com]

First, please upgrade to the latest beta version of Tunnelblick (you can do that on the "Preferences" panel by checking "Check for updates to beta versions" and then clicking the "Check Now" button.

Then please follow the instructions at Read Before You Post to get the info needed to diagnose problems.

Let's work on the sleep/wake problem first, so be sure to connect, then sleep, then wake, then get the "diagnostic info".

Here is a more detailed answer to your question and what goes on in three different situations:

By default, Tunnelblick will disconnect the VPN when the computer goes to sleep, and reconnect the VPN when the computer wakes up from sleep. That can be changed on "Connecting & Disconnecting" tab of the "Advanced" settings page. It does this using the full disconnect/connect procedure by stopping OpenVPN and then starting it again, just as if you had clicked the "Disconnect" button and then the "Connect" button.

Moving to a different WiFi network is a bit different because it doesn't fully disconnect then reconnect. Instead (by default), it tells the existing, running OpenVPN to "restart" the connection. What is done when the WiFi network is changed is specified on the "While Connected" tab of the "Advanced" settings page". It isn't triggered by a change of the WiFi network per se, it is triggered by a change of one or more network settings.

So although they both "disconnect, then reconnect", there is a big difference in how they do it. That can cause problems when moving to a different WiFi network because sometimes OpenVPN isn't set up to "restart" properly. (Thinking about that, perhaps an additional option should be provided -- to disconnect/connect as is done with wake/sleep.)

"Keep Connected" has an entirely different function, nothing to do with sleep/wake or changing networks. It is (supposed to) reconnect if/when OpenVPN crashes (which should never happen). It does that by the same disconnect, then reconnect procedure as for wake/sleep.

Noticing that I have actually written "which should never happen" in the preceding paragraph, I can see why it is confusing. I should probably rename the checkbox and move it to some less prominent place.

So: thanks for making me think about a couple of ways to improve Tunnelblick.

Now let's get Tunnelblick working properly for you on Yosemite.

[earl...@yahoo.ca]

On Thursday, April 2, 2015 at 4:20:16 AM UTC-7, jkbull...gmail.com wrote:

First, please upgrade to the latest beta version of Tunnelblick (you can do that on the "Preferences" panel by checking "Check for updates to beta versions" and then clicking the "Check Now" button.

I appreciate the quick response. I found some time to update to the latest beta version [Tunnelblick 3.5beta10 (build 4262)] and have been using it for a little while.

At a glance, this version seems to restore the sought functionality on Yosemite.

So far I've only experimented at home, but I can connect, close the lid of the Macbook, later open it and have the connection restored, I have verified that this works if the lid is closed for a relatively short time (a few minutes) or a long time (a few hours). I can also turn off WiFi, then turn WiFi back on and have the connection restored.

The remaining experiments that cover my main workflows:

• Sleep, then wake with a different WiFi network that has a firewall rule that blocks VPN connectivity. I expect the VPN to remain disconnected, but restored should the WiFi network or firewall rule change.
  
• Sleep, then wake with a different WiFi network that allows VPN connectivity. I expect the VPN connection to be restored.
  

I'll report back when I've had a chance to try these scenarios.

Earl

[jkbull...gmail.com]

Thanks for the update; I'm glad the latest beta works for you (so far).

To clarify what I posted earlier, and put it in a different way:

(A) The default sleep/wake behavior is:

• When the computer is going to sleep, Tunnelblick disconnects each existing VPN and remembers which one(s) it disconnected. It does this as if you had clicked the "Disconnect" button. This can fail if your OpenVPN configuration requires notifying the VPN server of the disconnect and the VPN server doesn't acknowledge that notification before OS X stops Tunnelblick, but such situations are rare and Tunnelblick tries to recover properly when the computer wakes up.
  
  
• When the computer wakes up, Tunnelblick connects each of the configurations that had been connected when the computer went to sleep. It does this as if you had clicked the "Connect" button. (It's a bit more complicated because Tunnelblick waits until a network connection becomes available before trying to connect.)
  

You can change this behavior using two checkboxes (one controls the on-sleep action, the other the on-wake action) in the "Advanced" settings window.

(B) The behavior if you (without sleeping the computer) move from one WiFi network to another or switch from WiFi to Ethernet or vice-versa is different. That is detected as a change in the system's network configuration, and by default causes Tunnelblick to send OpenVPN a command to restart the connection. Because the restart doesn't involve a full disconnect/reconnect, it can fail for certain OpenVPN configurations. (I consider such configurations to be misconfigurations, because OpenVPN can trigger such restarts all by itself under certain conditions.) The default behavior can be changed on the "While Connected" tab of the "Advanced" settings window.