There is a site that has published tests of 29 VPN providers software showing that 23 consistently leak the users IP address; private internet access is one of them; the website and the testing has been done and published on wilders security forum by a well respected member; please could PIA come and look into this and reply because all paying customers of PIA need to know if their real IP.
Highlighted Articles Frequently Asked Questions On This Page What is Tunnelblick?. Explanation 1: Tunnelblick is a program that can be used to securely connect a Mac running macOS (OS X) to a remote network or the Internet, bypassing untrusted networks, censorship, and eavesdropping. It does this by creating a 'Virtual Private Network', or to a VPN server using a program named 'OpenVPN', which is included within the Tunnelblick application. When you connect through a VPN, your computer sends all network traffic through a 'tunnel' to the VPN server, which then passes on your network traffic to a local network or the Internet. It is as if you were connecting to the network or Internet through the VPN server instead of your computer. All traffic between your computer and the VPN server is encrypted.
VPNs are primarily used two ways, or sometimes both ways simultaneously: - To securely connect a computer to the Internet, even though it may be connecting through an untrusted network (a wireless network at a hotel or airport, for example); and - To securely connect a computer to a company's internal network or some part of it (a branch office, for example). Please see for important information before you use Tunnelblick to attempt to make yourself anonymous on the Internet. In addition to Tunnelblick, you need access to a VPN server. Your company may provide one, or you can obtain VPN service from any of several VPN service providers, or you can use another one of your computers or a router to act as a VPN server. See for details.
Explanation 2: Tunnelblick is a ready-to-use Graphic User Interface (GUI) for OpenVPN on macOS (OS X). It provides easy-to-use control of OpenVPN server and/or client connections. It runs on macOS (OS X) only - it does not run on iOS (iPhone, iPad, etc.). It comes as a ready-to-use application with all necessary binaries and drivers (including OpenVPN and tun/tap) included. No additional installation is necessary — just add your configuration and encryption information. Tunnelblick is free software made available under the and may be distributed only in accordance with the terms of that license. Where is the documentation?
The Tunnelblick disk image includes a link to the. There is also help available in Tunnelblick's windows by clicking on the question-mark ('?'
) button and by hovering the pointer over most buttons. What versions of macOS (OS X) does Tunnelblick work on? Of Tunnelblick run as 64-bit programs on Intel processors on macOS (OS X) 10.7.5 and higher. Works on macOS (OS X) 10.4 through 10.10. That version is a Universal 32-bit application, so it runs as an application in 32-bit mode on both Intel and PowerPC Macs under 32-bit and 64-bit kernels.
It includes 32/64-bit versions of tun.kext and tap.kext. Tiger, Leopard, and Snow Leopard's 32-bit kernel use the 32-bit tun/tap, and Snow Leopard's 64-bit kernel, and Lion and higher, use the 64-bit tun/tap. What else do I need? You need a VPN server to connect to. It could be a server at your company or at a VPN service provider, or it could be a VPN that you have set up yourself at home. See for details. What else you need depends on your situation:.
If you have a 'deployed' version of Tunnelblick (usually from a company or VPN service provider), you may not need anything else — everything is usually included in the customized version of the Tunnelblick application that is distributed. Otherwise, you need either a 'configuration file' or enough information about the VPN to edit the sample configuration file that Tunnelblick will offer to install. You will probably also need certificate and key files for encryption. Your company or VPN service provider should provide them. How do I know the VPN is working?
Tunnelblick indicates that the VPN is connected by showing the 'open' tunnel in your menu bar (usually near the Spotlight icon). But whether all IPv4 traffic will be directed through the VPN depends on the OpenVPN options when the VPN was established. If the 'redirect-gateways' option appears in the OpenVPN configuration file or in options pushed by the server and accepted by the client, or Tunnelblick's 'Route all IPv4 traffic through the VPN' is checked, then all IPv4 traffic should go through the VPN. An easy way to check if web traffic is going through the VPN is to put enable 'Check if the apparent public IP address changed after connecting' for the configuration. If the IP address doesn't change, then check 'Route all IPv4 traffic through the VPN'. Both of these checkboxes are on the 'Settings' tab of Tunnelblick's 'VPN Details' window.
(Be sure to select all configurations that you want to change before making a change.) What if the Internet doesn't work after I make a connection? How do I verify a download?
Where can I get old versions of Tunnelblick? Binaries for all available modern versions of Tunnelblick are available on the page. Binaries for all available older versions of Tunnelblick are available on the page. You can build Tunnelblick from the source code on. What is a 'deployed' version of Tunnelblick?
A 'deployed' version of Tunnelblick is a customized version of the program, which includes everything you need to connect to a VPN: the program itself, configuration file(s), and key and certificate files for encryption. If you download Tunnelblick from, it is not a deployed version.
You must also have configuration, key, and certificate files, which should be provided to you by your company or your VPN service provider. See for detailed information about deployed versions of Tunnelblick. How do I install Tunnelblick?
Download the latest disk image. Double-click it and a window will open with the Tunnelblick icon and the words 'Double-click to begin'.
Double-click the Tunnelblick icon to begin installation. Reinstalls, upgrades, and downgrades will be recognized and the old version of the program is moved to the Trash before installing the new version. I have installed Tunnelblick - Now what?
Start Tunnelblick by double-clicking it in Applications. It will step you through the process of setting up configuration files. When Tunnelblick is running, it will display the Tunnelblick icon in the status bar at the top of the screen on the right. Usually, the icon is located immediately between the time display and the Spotlight icon. Click on the Tunnelblick icon to reveal the Tunnelblick menu, then click on a configuration to connect using it, or click on 'VPN Details' for a window with details for each configuration. How do I uninstall Tunnelblick? How do I revert to an earlier version of Tunnelblick?
Just install the earlier version. How do I update Tunnelblick? Each time Tunnelblick is launched, it checks for updates automatically (if that was specified when Tunnelblick was installed) and displays a notice that an update is available. (It also checks every week if it is running for more than a week.) If automatic checking for updates is not enabled, there are three ways to update Tunnelblick manually: Whichever method you chose, you will need an administrator username/password the first time a new copy of Tunnelblick is run. All configurations and preferences will be used by the new version (even if it is a 'deployed' version).
You can update to the latest version of Tunnelblick by clicking 'Check for Updates Now' in the 'Preferences' panel of Tunnelblick's 'VPN Details' window'. If an update is available, you will be guided through the update process. If you install an update, your old version will be moved to the Trash. If you don't see an 'Options.'
Menu selection, you are using a very old version of Tunnelblick. You'll need to download the version you wish to use (stable or beta) and follow the ' instructions above. Why does Tunnelblick need root privileges? Tunnelblick needs root privileges the first time it is run for two reasons:. It modifies ownership and privileges on parts of the Tunnelblick application itself to make it secure; and. It installs a system 'daemon' so it can start OpenVPN as root and perform other operations which require root access, such as loading tun/tap kexts.
OpenVPN needs root privileges because it needs to modify network settings when configuring network devices, changing routes, and adding and removing nameservers. Because we don't want you to enter your computer administrator password every time you start a VPN connection, Tunnelblick comes with the 'openvpnstart' setuid root binary that allows you to do exactly one thing: start a VPN connection with super user rights. Tunnelblick also needs root privileges to secure configuration files.
The first time a configuration is used, or if it has been modified, Tunnelblick asks for an administrator username/password so it can change the file's ownership to root before making a connection using that configuration file. Why does Tunnelblick change the ownership of the configuration files to root? This is a security issue. OpenVPN configuration files allow you to specify up/down scripts which will be executed with root privileges every time a VPN connection is started or stopped. If the configuration files were owned by the local user, anyone could execute arbitrary code as root by inserting an 'up' directive to the configuration file and pointing it to a (malicious) shell script.
Therefore, when a configuration file is first used, Tunnelblick asks for a computer administrator's username and password and uses them to change the ownership of the configuration file to root, so it is protected against unnoticed and possibly malicious changes. If new configuration files are added, Tunnelblick will ask for a computer administrator's username and password to change the ownership of the new file to root before the first use of each new configuration file. Why are routes not restored when closing my VPN connection? You are probably using the 'user' or 'group' directive in your OpenVPN client configuration file. If you use it, the OpenVPN process will drop privileges after startup which is additional security measure. However, OpenVPN needs root privileges for restoring the route back to their original state.
In short: don't use it. Tunnelblick contains the 'openvpn-down-root.so' plugin for OpenVPN. Together with a per-configuration preference, this allows the use of 'user' and 'group' but it does not allow OpenVPN to restore the routes. See for details on how to do this.
Why are some checkboxes or buttons dimmed and disabled? Under certain circumstances, checkboxes or buttons may be disabled and will appear dimmed — nothing happens when you click on them. Buttons and checkboxes are disabled when they cannot be used. Examples (from the VPN Details window): - 'Monitor connection' is disabled unless 'Set nameserver' is selected, because 'Set nameserver' is required in order to monitor the connection.
'Share configuration' is disabled when the configuration is not a Tunnelblick VPN Configuration because only Tunnelblick VPN Configurations may be shared. 'Disconnect' is disabled when a configuration is not connected, and 'Connect' is disabled when it is already connected. 'when computer starts' is disabled unless a configuration is shared or Deployed, because only shared or Deployed configurations may be automatically connected when the computer starts. 'when Tunnelblick launches' and 'when computer starts' are disabled unless 'automatically connect' is checked, because they areonly have meaning when it is checked. 'automatically connect', 'Set nameserver', 'Monitor connection', 'Share configuration', and 'Make configuration private' are disabled when 'when computer starts' is selected.
This is because you cannot directly modify them without administrator approval. To modify them, select 'when Tunnelblick launches' (which will require an administrator username and password), change the settings to be the way you want, then select 'when computer starts' (which will again require administrator approval). Why are some checkboxes or buttons missing?. You are using an older version of Tunnelblick which doesn't implement that checkbox or button; or.
You are using a 'deployed' version of Tunnelblick, and the deployer has specified that that checkbox or button should not be available; or. The button has a different label because it is being used for different purpose. Examples:. There is one button which displays 'Edit configuration' or 'Examine configuration' depending on whether you can edit (modify) the configuration, or only examine it.
To edit a configuration, you must have write permissions on the folder which contains the configuration, and must be able to write to the configuration file. Non-administrator users of 'Deployed' versions of Tunnelblick may be prevented from editing configurations by the deployer. Shared configurations may not be edited directly — make the configuration private, edit it, and then share it to have this effect. There is one button which displays either 'Make configuration private' or 'Share configuration'. If the configuration is already being shared, it shows 'Make configuration private'. Otherwise, the button shows 'Share configuration'. Note that if the configuration is part of a 'Deployed' version of Tunnelblick, or is not a Tunnelblick VPN Configuration, the button will be disabled (dimmed) because it cannot be shared.
What versions of OpenVPN does Tunnelblick include? Tunnelblick contains multiple versions of OpenVPN. You can select the version of OpenVPN and the encryption software (OpenSSL or LibreSSL) to use on the 'Settings' tab of the 'Configurations' panel of Tunnelblick's 'VPN Details' window. Where can I go if my question is not answered here?
Take a look at the documents available in the and at the. If you don't find an answer, try the.
I installed the public beta release of OS X El Capitan on my Mid-2012 MacBook(i7,2.9ghz,8gb RAM,240GB SSD). I have my VPN connected and something funny is going on. The internet works fine on chrome but wont work on anything else. A webpage loads fine on chrome, but when I try the same webpage on safari or firefox, it just hangs. I've tried it for multiple sites and let it sit for 10 minutes but still wouldn't load. Everything on chrome works perfectly. Other internet related tasks do not work as well.
Facetime calls, itunes (Apple Music), App Store don't load. However I have a network attached storage drive that works and can browse/play all my files. When I disconnect the VPN everything works perfectly. Actually I think El Capitan fixed the wifi. I've never had it this stable on Yosemite. It's been perfect for the past day and half since I installed El Capitan.
It it just when the VPN is connected for some reason only google chrome will work. Has anyone had an issue similar to this.
I've restarted the computer, reset wifi settings but still the same. First of, apple as been letting the whole vpn built in thing go to hell for a long time now even before ell capitan, i could barely use it anymore in yosemite. What im doing now is i use tunnelblick its actualy realy easy 2 use if u take the time to read all the option and understand it. Most good vpn provider will provide with an openvpn file to add ur vpn account to tunelblick like that u can use ur vpn acount until apple gets is act together and fix/keep up to date the built in vpn thing wich in all honesty realy suck and lack modern feature like,automaticly connect to a vpn when the computer is started and reconect it automaticly if disconsted. Does Viscosity & Tunnelblick feature most of the things the PIA application does?
I'm wondering if this has been fixed in the latest public beta or not. Currently I use: IPv6 Leak Protection VPN Kill Switch AES 256 SHA256 RSA-4096 It would be nice to have those options in a third party app. I tried the PIA application on the last PB but had no luck, set up VPN through OS X but was unimpressed with the lack of options. I've since uninstalled the PB from my second internal drive. Have not tested it on the newest PB.
Any word on functionality with the latest PB? Does Viscosity & Tunnelblick feature most of the things the PIA application does? I'm wondering if this has been fixed in the latest public beta or not. Currently I use: IPv6 Leak Protection VPN Kill Switch AES 256 SHA256 RSA-4096 It would be nice to have those options in a third party app.
I tried the PIA application on the last PB but had no luck, set up VPN through OS X but was unimpressed with the lack of options. I've since uninstalled the PB from my second internal drive. Have not tested it on the newest PB. Any word on functionality with the latest PB? I installed the public beta release of OS X El Capitan on my Mid-2012 MacBook(i7,2.9ghz,8gb RAM,240GB SSD). I have my VPN connected and something funny is going on. The internet works fine on chrome but wont work on anything else.
A webpage loads fine on chrome, but when I try the same webpage on safari or firefox, it just hangs. I've tried it for multiple sites and let it sit for 10 minutes but still wouldn't load. Everything on chrome works perfectly. Other internet related tasks do not work as well.
Facetime calls, itunes (Apple Music), App Store don't load. However I have a network attached storage drive that works and can browse/play all my files. When I disconnect the VPN everything works perfectly. Actually I think El Capitan fixed the wifi. I've never had it this stable on Yosemite.
It's been perfect for the past day and half since I installed El Capitan. It it just when the VPN is connected for some reason only google chrome will work.
Has anyone had an issue similar to this. I've restarted the computer, reset wifi settings but still the same.
I installed the public beta release of OS X El Capitan on my Mid-2012 MacBook(i7,2.9ghz,8gb RAM,240GB SSD). I have my VPN connected and something funny is going on. The internet works fine on chrome but wont work on anything else.
A webpage loads fine on chrome, but when I try the same webpage on safari or firefox, it just hangs. I've tried it for multiple sites and let it sit for 10 minutes but still wouldn't load. Everything on chrome works perfectly. Other internet related tasks do not work as well. Facetime calls, itunes (Apple Music), App Store don't load.
However I have a network attached storage drive that works and can browse/play all my files. When I disconnect the VPN everything works perfectly. Actually I think El Capitan fixed the wifi. I've never had it this stable on Yosemite. It's been perfect for the past day and half since I installed El Capitan.
It it just when the VPN is connected for some reason only google chrome will work. Has anyone had an issue similar to this. I've restarted the computer, reset wifi settings but still the same. Click to expand.Exactly the same deal here: VPN works with the Chrome browser, but neither Firefox nor Safari. Very strange.
Also noticed that connecting to any PIA servers that are setup for port forwarding (I use the Canadian servers for that) don't show the Port Number in the tooltip when the server is connected. So, the server works (in Chrome and other apps besides Safari and Firefox) but there's no way to see what the open port is, for port forwarding in apps that can use it (Such as Bit Torrent). Again, very weird. Click to expand.Flawlessly?
Way way better, yes! I can actually use Firefox and Safarai. BUT, tunnelblick offers no way to see the 'open port' that is associated with several of the PIA servers. The port, when connected to those servers under all previous OS's would show the server IP, followed by the port.
And that port is required for port forwarding by apps (or users, like myself) who need it for special cases, such as direct connects in torrent clients. Close though, and way handier than having to use only Chrome.