Configuration without certificates

518 views
Skip to first unread message

Jiří Janka

unread,
May 31, 2017, 6:37:23 AM5/31/17
to tunnelblick-discuss
Hi team,

please, it is possible make connection with tunnelblick without certificates, only with username and password. By documentation of OpenVPN it is possible and for example between two MikroTik routers is it also possible make OVPN tunnel with only user and password auth. This problem cost me a lot of time, but without success. Thank you very much for your answer! Nice day!

Tunnelblick developer

unread,
May 31, 2017, 6:49:31 AM5/31/17
to tunnelblick-discuss
Tunnelblick uses OpenVPN to create the VPN, so you should be able to create a VPN with only username/password auth.

I am confused: What place does Tunnelblick have in a VPN between two routers? Tunnelblick does not run on routers, it runs on macOS.

However, you should be able to use certificates. You can create your own certificates. You do not need to get them from some central authority like you must do with SSL certificates for a website. See


for details on how to do that.

(To get started with easy-rsa, launch Tunnelblick, view the "VPN Details" window, click the large "Utilities" button at the top of the window, and click "Open easy-rsa in Terminal". From there you can start using the easy-rsa command detailed in the above article.

Jiří Janka

unread,
May 31, 2017, 7:16:38 AM5/31/17
to tunnelblick-discuss
Thank you very much for your answer!

Tunnel between two MikroTik router was mentioned only for example. 

Yes, using certificates if absolutely better solution, but i have some reasons to use OVPN without certificates. Can i ask you for working configuring example for authorisation only with user/password for tunnelblick?

Thank you very much!

  

Dne středa 31. května 2017 12:49:31 UTC+2 Tunnelblick developer napsal(a):

Tunnelblick developer

unread,
May 31, 2017, 7:18:40 AM5/31/17
to tunnelblick-discuss
I'm sorry, we don't provide OpenVPN configurations.

Jiří Janka

unread,
May 31, 2017, 8:00:28 AM5/31/17
to tunnelblick-discuss
I consult this. I don't need configuration, i ask you for only example, how make tunnelblick configuration for work only user/password auth. Thanks!

Dne středa 31. května 2017 13:18:40 UTC+2 Tunnelblick developer napsal(a):

Tunnelblick developer

unread,
May 31, 2017, 8:04:20 AM5/31/17
to tunnelblick-discuss
  1. Make an OpenVPN configuration that does what you want.
  2. Install it in Tunnelblick by dragging the OpenVPN configuration file and dropping it onto the Tunnelblick icon in the menu bar.

Jiří Janka

unread,
May 31, 2017, 8:23:51 AM5/31/17
to tunnelblick-discuss
When i make it, i got this...

*Tunnelblick: OS X 10.12.5; Tunnelblick 3.7.1a (build 4812); prior version 3.7.0 (build 4790)

2017-05-31 14:22:35 *Tunnelblick: Attempting connection with exapmle using shadow copy; Set nameserver = 771; monitoring connection

2017-05-31 14:22:35 *Tunnelblick: openvpnstart start exapmle.tblk 1337 771 0 1 0 1065264 -ptADGNWradsgnw 2.3.16-openssl-1.0.2k

2017-05-31 14:22:35 *Tunnelblick: 


Could not start OpenVPN (openvpnstart returned with status #251)


Contents of the openvpnstart log:

*Tunnelblick: openvpnstart log:

     Warning: Tunnelblick is using 'openvpn-down-root.so', so the route-pre-down script will not be used. You can override this by providing a custom route-pre-down script (which may be a copy of Tunnelblick's standard route-pre-down script) in a Tunnelblick VPN Configuration. However, that script will not be executed as root unless the 'user' and 'group' options are removed from the OpenVPN configuration file. If the 'user' and 'group' options are removed, then you don't need to use a custom route-pre-down script.OpenVPN returned with status 1, errno = 0:

          Undefined error: 0

     

     Command used to start OpenVPN (one argument per displayed line):

     

          /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.16-openssl-1.0.2k/openvpn

          --daemon

          --log

          /Library/Application Support/Tunnelblick/Logs/-SUsers-Sjanky-SLibrary-SApplication Support-STunnelblick-SConfigurations-Sexapmle.tblk-SContents-SResources-Sconfig.ovpn.771_0_1_0_1065264.1337.openvpn.log

          --cd

          /Library/Application Support/Tunnelblick/Users/janky/exapmle.tblk/Contents/Resources

          --verb

          3

          --config

          /Library/Application Support/Tunnelblick/Users/janky/exapmle.tblk/Contents/Resources/config.ovpn

          --verb

          3

          --cd

          /Library/Application Support/Tunnelblick/Users/janky/exapmle.tblk/Contents/Resources

          --management

          127.0.0.1

          1337

          --management-query-passwords

          --management-hold

          --script-security

          2

          --up

          /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw

          --plugin

          /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.16-openssl-1.0.2k/openvpn-down-root.so

          /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw

     

     Contents of the OpenVPN log:

     

          Options error: You must define CA file (--ca) or CA path (--capath)

          Use --help for more information.

          

     More details may be in the Console Log's "All Messages"


Dne středa 31. května 2017 14:04:20 UTC+2 Tunnelblick developer napsal(a):

Tunnelblick developer

unread,
May 31, 2017, 8:31:14 AM5/31/17
to tunnelblick-discuss
Options error: You must define CA file (--ca) or CA path (--capath)

Again, this is from OpenVPN. Nothing to do with Tunnelblick.

I have no idea what the earlier

         Undefined error: 0

is, but it occurred while creating the diagnostic info, so it doesn't affect your VPN.

Reply all
Reply to author
Forward
0 new messages