Tunnelblick doesn't use the existence of an item in the Keychain to determine whether or not to ask for the username/password/private key. Instead, it uses a "preference" (macOS "default") that tells it an item is saved. (I made that poor design decision years ago. It has never changed because it works and there is always something more urgent to work on. Fixing it to test directly if an item was present in the Keychain would be a good project for a pull request.)
So, if items (username, password, private key) are saved in the Keychain, "
Duplicate connection" also creates a preference (macOS "default") indicating that for each item. It is a per-connection preference:
If you create the preferences appropriately, the prompt will not appear.
The preferences are named
- -keychainHasUsername
- -keychainHasUsernameAndPassword
- -keychainHasPrivateKey
The configuration name must be prepended to the preference name. For a configuration named FOO, the preference name would be "FOO-keychainHasUsernameAndPassword".
You can set these preferences using the macOS "defaults" command.
For the example above, if the username is saved in the Keychain but not the password is not:
defaults write net.tunnelblick.tunnelblick "FOO-keychainHasUsername" -bool yes
If both the username and password are saved in the Keychain:
defaults write net.tunnelblick.tunnelblick "FOO-keychainHasUsernameAndPassword" -bool yes
If the private key is saved in the Keychain:
defaults write net.tunnelblick.tunnelblick "FOO-keychainHasPrivateKey" -bool yes
Note that if Tunnelblick is running and you add a configuration outside of Tunnelblick (which is what you are doing when you create a duplicate configuration yourself), you need to tell Tunnelblick you have added the configuration. You can do that with the following command:
osascript -e "tell application \"/Applications/Tunnelblick.app\"" -e "added or removed configurations" -e "end tell"