Tunnelblick Deployment

Contributor III

I would like to ask if anyone here deployed Tunelblick before. Is there a way to repackage it with the .ovpn already included using Composer and build it as .pkg?



I have been working on this myself lately. I was successful using Composer to take a snapshot, install Tunnelblick, and adding the openVPN configuration as a shared configuration.

I'm circling back around on this now, because I'm looking to get a silent installation and connection of a configuration for onboarding Macs. Looking at their documentation for "Deployed" version of tunnelblick: https://tunnelblick.net/cCusDeployed.html#additional-menu-commands-and-programs

Contributor III

I used Composer to grab the install and initial set up of an account with the settings. This I can push or use in Self Service. It is a DMG as the user accounts need to have some data in them. I found that the users Documents folder is the best place to put the config files.
The only snag I hit is, on first run it asks for an admin username and password. I got round this with the MakeMeAnAdmin script. A tweak here and there to it, now it lasts for 5 mins not 30, and its message to the users looks like it is only authorising TunnelBlick install.
By the way, TunnelBlick does not work if the user account is hidden or has an ID below 500. I am guessing it cant find the config files properly.

New Contributor III

Anyone have any success here? I add the invisible .config folder but the client (AWS Client VPN) still asks for the OVPN config file before it becomes accessible


We're using Tunnelblick as well. I worked on this for days but did not find a way to completely silent-install an ovpn file - Tunnelblick always at least asks "all users" or "this user". I managed to install Tunnelblick + ovpn by first installing Tunnelblick and then downloading and opening the .ovpn file via script with the logged in users uid.

Valued Contributor

Did anyone figure this out?

New Contributor

Looks like I've managed to deploy Tunnelblick with config without prompting user. I used Composer to put .tblk config file in /Library/Application Support/Tunnelblick/Shared folder and added a postinstall script:

echo "Downloading Tunnelblick"
curl --connect-timeout 300 --http1.1 -o "$pathToDmg" -L "$dLoadURL"
xattr -d com.apple.quarantine /private/tmp/Tunnelblick.dmg
hdiutil attach -mountpoint /Volumes/Tunnelblick /private/tmp/Tunnelblick.dmg
sleep 2
mkdir -p "/var/root/Library/Application Support/Tunnelblick"
/Volumes/Tunnelblick/Tunnelblick.app/Contents/Resources/installer 2
sleep 2
hdiutil unmount /Volumes/Tunnelblick
sleep 2
rm /private/tmp/Tunnelblick.dmg
echo "All done"
exit 0

Postinstall Script not working.

Downloading Tunnelblick
/dev/disk4          	GUID_partition_scheme          	
/dev/disk4s1        	Apple_HFS                      	/Volumes/Tunnelblick
"/Volumes/Tunnelblick" unmounted successfully.
All done
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100   286  100   286    0     0    262      0  0:00:01  0:00:01 --:--:--   262

  0     0    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--     0
100   639  100   639    0     0    403      0  0:00:01  0:00:01 --:--:-- 33631

 43 17.2M   43 7700k    0     0  3091k      0  0:00:05  0:00:02  0:00:03 3091k
100 17.2M  100 17.2M    0     0  5482k      0  0:00:03  0:00:03 --:--:-- 13.2M
xattr: /private/tmp/Tunnelblick.dmg: No such xattr: com.apple.quarantine
mkdir: /var/root/Library/Application Support/Tunnelblick: Permission denied


Are you running this script as root?