I have a large (~100) number of configurations which I am trying to migrate from one Mac to another. I made a copy of the keychain file from the old Mac, and loaded it on the new Mac, and copied all the Tunnelblick items into my login keychain on the new Mac. On the new Mac, I am allowing Tunnelblick (version 3.6.5) to install the VPN config files (I am not trying to manually copy them from the old Mac).
When I try to connect, it doesn't get the credentials from the keychain, it asks me to manually enter the user name and password, which I would have to do for a hundred different configurations. Once I have manually entered and stored the credentials, I see the following in the connection log:
2016-08-28 11:40:14 *Tunnelblick: Established communication with OpenVPN
2016-08-28 11:40:14 *Tunnelblick: Obtained VPN username and password from the Keychain2016-08-28 11:40:14 OpenVPN 2.3.11 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Jul 18 2016
However, before I have re-entered the password for a configuration, the connection log looks like this (if I choose to cancel instead of typing in the login info):
2016-08-28 11:37:24 *Tunnelblick: Established communication with OpenVPN
2016-08-28 11:37:24 OpenVPN 2.3.11 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Jul 18 2016
2016-08-28 11:37:24 library versions: OpenSSL 1.0.2h 3 May 2016, LZO 2.09
2016-08-28 11:37:24 MANAGEMENT: TCP Socket listening on [AF_INET]
127.0.0.1:13372016-08-28 11:37:24 Need hold release from management interface, waiting...
2016-08-28 11:37:24 MANAGEMENT: Client connected from [AF_INET]
127.0.0.1:13372016-08-28 11:37:24 MANAGEMENT: CMD 'pid'
2016-08-28 11:37:24 MANAGEMENT: CMD 'state on'
2016-08-28 11:37:24 MANAGEMENT: CMD 'state'
2016-08-28 11:37:24 MANAGEMENT: CMD 'bytecount 1'
2016-08-28 11:37:24 MANAGEMENT: CMD 'hold release'
2016-08-28 11:37:24 *Tunnelblick: openvpnstart starting OpenVPN
2016-08-28 11:37:29 *Tunnelblick: Disconnecting; user cancelled authorization
What I can't tell from the second log entry is whether Tunnelblick tried to get the credentials from the keychain and failed (ie, I did something wrong migrating my keys), or whether it didn't even try looking in the keychain at all, because it thinks this is a new configuration for which I have not previously stored credentials. There isn't anything I see in the log that says anything about interacting with the keychain.
Does anybody know if Tunnelblick automatically looks in the keychain all the time, or does there have to be some flag set for each configuration that tells it to look in the keychain... and if there is flag that has to be set, can I do it manually so I don't have to re-enter my credentials a hundred times?
Thanks!