"Configuration has been modified"?

[John Cabasal]

Hi there,

A couple of users in our organization have been prompted this error recently:  

"The ______ configuration has been modified since it was last secured.  Do you wish to secure the modified configuration or revert to the last secured configuration?"

 (screenshot below)

They mentioned that the notification is triggered during an automatic lock whereby Tunnelblick is then disconnected.  

Both users are on macOS Big Sur and have the client version 3.8.4a installed.

Please advise!

Thank you,

John

 

[Tunnelblick developer]

Tunnelblick keeps two copies of each "private" configuration:

• A "user's" copy that can be modified by the user, even if the user is a "standard" user and not an administrator; and
  
  
• A "secured" copy that has been approved for use by a computer administrator.

The message is saying that the "user's" copy is different from the "secured" copy.

If the user clicks "Cancel", or clickd "Secure the Configuration" and then cancels when asked for a computer administrator's username/password, the user will see the same message the next time they try to connect. (Or the next time they start Tunnelblick if the VPN is set to connect when they launch Tunnelblick.) That's because the two configurations are still different until they are reverted (the "secured" copy is copied over the "user's" copy), or the configuration is secured (the "user's copy is copied over the "secured" copy – which can only be done by a computer administrator).

The message will appear each time they try to connect the VPN until either the configuration is reverted or is secured.

One complication, which does not apply directly to the situation you describe but is related: If a computer administrator has un-checked the ""Require administrator authorization to install all configurations" box on the "Preferences" panel of Tunnelblick's "VPN Details" window, then Tunnelblick will allow a standard user to install or or re-install with modifications configurations that are "safe". See Standard Users Installing or Replacing Configurations for details.

[John Cabasal]

Understood, thank you for your quick response.  What's unclear is why the user copy is being modified.  What is the path to both the user and secured copies?

--
You received this message because you are subscribed to a topic in the Google Groups "tunnelblick-discuss" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/tunnelblick-discuss/kyYdc5g3LHU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to tunnelblick-dis...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/tunnelblick-discuss/c8d97f57-3bc3-444c-aaf3-756ffac9c4edn%40googlegroups.com.

[Tunnelblick developer]

Yes, why the user copy is being modified is a good question. The user can open the copy's OpenVPN configuration file in TextEdit by selecting the configuration in the list on the "Configurations" panel of Tunnelblick's "VPN Details" window and then clicking the little "gear" icon at the bottom of the list and clicking "Edit OpenVPN Configuration File…".

For a configuration named "AAAA":

• The user copy is at /Users/USERNAME/Library/Application Support/Tunnelblick/Configurations/AAAA.tblk.
  
  
• The secure copy is at /Library/Application Support/Tunnelblick/Users/USERNAME/AAAA.tblk.

Each AAAA.tblk is a macOS "package": a special kind of structured directory. You can examine it in Finder by right-clicking and then clicking "Show Package Contents". The actual OpenVPN configuration file is AAAA.tblk/Contents/Resources.

Note that if anything inside of the .tblk is modified, Tunnelblick will consider the configuration to have been modified.