Wrong architecture logged by OpenVPN

[Andrew Daugherity]

I see in the VPN log:

2024-02-28 12:04:20.649220 *Tunnelblick: macOS 14.3.1 (23D60); Tunnelblick 4.0.0beta16 (build 5960); prior version 4.0.0beta13 (build 5930)

2024-02-28 12:04:21.121732 *Tunnelblick: Attempting connection with adaugherity using shadow copy; Set nameserver = 0x00000301; monitoring connection

2024-02-28 12:04:21.122109 *Tunnelblick: openvpnstart start adaugherity.tblk 62958 0x00000301 0 1 0 0x0210c1b0 -ptADGNWradsgnw 2.6.9-openssl-3.0.13 <password>

2024-02-28 12:04:21.144556 *Tunnelblick: openvpnstart starting OpenVPN

2024-02-28 12:04:21.683234 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations. 

2024-02-28 12:04:21.683863 OpenVPN 2.6.9 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD]

2024-02-28 12:04:21.683891 library versions: OpenSSL 3.0.13 30 Jan 2024, LZO 2.10

However I am running on an M2 Mac (arm64).  This appears to only be a cosmetic issue, since in Activity Monitor the openvpn process has Kind=Apple (not Intel).

I wonder if something in the build process is recording this "x86_64-apple-darwin" string in all architectures of the fat binary?  For comparison, I installed OpenVPN from homebrew and it reports "aarch64-apple-darwin23.2.0", although that one is only built for the native architecture.

Tunnelblick bundled OpenVPN:

% /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.6.9-openssl-3.0.13/openvpn --version
OpenVPN 2.6.9 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD]
library versions: OpenSSL 3.0.13 30 Jan 2024, LZO 2.10

[...]

% file /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.6.9-openssl-3.0.13/openvpn
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.6.9-openssl-3.0.13/openvpn: Mach-O universal binary with 2 architectures: [x86_64:Mach-O 64-bit executable x86_64] [arm64]
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.6.9-openssl-3.0.13/openvpn (for architecture x86_64):    Mach-O 64-bit executable x86_64

/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.6.9-openssl-3.0.13/openvpn (for architecture arm64):    Mach-O 64-bit executable arm64

(all bundled versions of OpenVPN are similar)

Homebrew OpenVPN:

% /opt/homebrew/sbin/openvpn --version
OpenVPN 2.6.9 aarch64-apple-darwin23.2.0 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD]
library versions: OpenSSL 3.2.1 30 Jan 2024, LZO 2.10

[...]

% file /opt/homebrew/sbin/openvpn
/opt/homebrew/sbin/openvpn: Mach-O 64-bit executable arm64

Again, this is just a logging issue -- the actual binary is a universal binary and it runs as arm64, but logs x86_64.

[Tunnelblick developer]

Thanks for reporting this. It is odd, but correct!

The "x86_64-apple-darwin" logged by OpenVPN is the "host"; that is, the architecture of the machine on which the binary of OpenVPN was built. So even if the binary is an arm64 binary, if it is built on x86_64, that is what will be listed by OpenVPN's --version option.

The line:

     OpenVPN 2.6.9 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD]

describes the way that OpenVPN was built. The line above, for example, says that OpenVPN was built on an x86 machine, with SSL, LZO, LZ4, etc. enabled. (OpenVPN can be built with or without SSL, LZO, LZ4, etc. The particular features that it is built with are specified at the time it is built.)

Although we currently build Tunnelblick on an M1 Mac, we build as if we were running on an x86_64 using the arch command. (We do that because the old version of PKCS-11 that we include in Tunnelblick cannot be built on arm64, although it can be built to run on arm64.)