Tunnelblick Deployment

Eigger
Contributor III

I would like to ask if anyone here deployed Tunelblick before. Is there a way to repackage it with the .ovpn already included using Composer and build it as .pkg?

13 REPLIES 13

hodgesji
Contributor

I have been working on this myself lately. I was successful using Composer to take a snapshot, install Tunnelblick, and adding the openVPN configuration as a shared configuration.

I'm circling back around on this now, because I'm looking to get a silent installation and connection of a configuration for onboarding Macs. Looking at their documentation for "Deployed" version of tunnelblick: https://tunnelblick.net/cCusDeployed.html#additional-menu-commands-and-programs

PaulHazelden
Valued Contributor

I used Composer to grab the install and initial set up of an account with the settings. This I can push or use in Self Service. It is a DMG as the user accounts need to have some data in them. I found that the users Documents folder is the best place to put the config files.
The only snag I hit is, on first run it asks for an admin username and password. I got round this with the MakeMeAnAdmin script. A tweak here and there to it, now it lasts for 5 mins not 30, and its message to the users looks like it is only authorising TunnelBlick install.
By the way, TunnelBlick does not work if the user account is hidden or has an ID below 500. I am guessing it cant find the config files properly.

jlombardo
Contributor

Anyone have any success here? I add the invisible .config folder but the client (AWS Client VPN) still asks for the OVPN config file before it becomes accessible

leonwun
Contributor

We're using Tunnelblick as well. I worked on this for days but did not find a way to completely silent-install an ovpn file - Tunnelblick always at least asks "all users" or "this user". I managed to install Tunnelblick + ovpn by first installing Tunnelblick and then downloading and opening the .ovpn file via script with the logged in users uid.

KyleEricson
Valued Contributor II

Did anyone figure this out?

Read My Blog: https://www.ericsontech.com

d_arhipov
New Contributor II

Looks like I've managed to deploy Tunnelblick with config without prompting user. I used Composer to put .tblk config file in /Library/Application Support/Tunnelblick/Shared folder and added a postinstall script:

#!/bin/sh
dLoadURL="https://tunnelblick.net/release/Latest_Tunnelblick_Stable.dmg"
pathToDmg="/private/tmp/Tunnelblick.dmg"
echo "Downloading Tunnelblick"
curl --connect-timeout 300 --http1.1 -o "$pathToDmg" -L "$dLoadURL"
xattr -d com.apple.quarantine /private/tmp/Tunnelblick.dmg
hdiutil attach -mountpoint /Volumes/Tunnelblick /private/tmp/Tunnelblick.dmg
sleep 2
mkdir -p "/var/root/Library/Application Support/Tunnelblick"
/Volumes/Tunnelblick/Tunnelblick.app/Contents/Resources/installer 2
sleep 2
hdiutil unmount /Volumes/Tunnelblick
sleep 2
rm /private/tmp/Tunnelblick.dmg
echo "All done"
exit 0

Postinstall Script not working.

--------------------------------------------------------------------------------
Downloading Tunnelblick
/dev/disk4          	GUID_partition_scheme          	
/dev/disk4s1        	Apple_HFS                      	/Volumes/Tunnelblick
"/Volumes/Tunnelblick" unmounted successfully.
All done
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100   286  100   286    0     0    262      0  0:00:01  0:00:01 --:--:--   262

  0     0    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--     0
100   639  100   639    0     0    403      0  0:00:01  0:00:01 --:--:-- 33631

 43 17.2M   43 7700k    0     0  3091k      0  0:00:05  0:00:02  0:00:03 3091k
100 17.2M  100 17.2M    0     0  5482k      0  0:00:03  0:00:03 --:--:-- 13.2M
xattr: /private/tmp/Tunnelblick.dmg: No such xattr: com.apple.quarantine
mkdir: /var/root/Library/Application Support/Tunnelblick: Permission denied

d_arhipov
New Contributor II

Hi,

Are you running this script as root? 

Thanks - this works perfectly and is just what I was looking for!

Hi,

Would you kindly please provide more details on how you proceed with the configuration file?

We are facing a similar problem. Installing Tunnelblick is fine, but when it comes to the configuration, we always have to type the user password.

Thank you in advance for your help.

Hi,

I'm not sure what details may be helpful, but for starters here is what our package looks like in Composer app

Screenshot 2022-06-29 at 17.37.28.png

 

The package also contains a postinstall script, that I shared earlier. And that's... pretty much it =)

@d_arhipovI'm currently trying to run through this as well but running into some trouble.

From my understanding this is the postinstall script 

#!/bin/sh
dLoadURL="https://tunnelblick.net/release/Latest_Tunnelblick_Stable.dmg"
pathToDmg="/private/tmp/Tunnelblick.dmg"
echo "Downloading Tunnelblick"
curl --connect-timeout 300 --http1.1 -o "$pathToDmg" -L "$dLoadURL"
xattr -d com.apple.quarantine /private/tmp/Tunnelblick.dmg
hdiutil attach -mountpoint /Volumes/Tunnelblick /private/tmp/Tunnelblick.dmg
sleep 2
mkdir -p "/var/root/Library/Application Support/Tunnelblick"
/Volumes/Tunnelblick/Tunnelblick.app/Contents/Resources/installer 2
sleep 2
hdiutil unmount /Volumes/Tunnelblick
sleep 2
rm /private/tmp/Tunnelblick.dmg
echo "All done"
exit 0

 So where did you get the config.tblk file to build it? what's in there just the Tunnelblick app or is it configured with what would normally be your oVPN file and how is that done? 

 

Loic
New Contributor III

Hi everyone

Just so you know, the download URL for the latest version of Tunnelblick seems to have changed recently
You now have to use:

https://tunnelblick.net/iprelease/Latest_Tunnelblick_Stable.dmg