Tunnelblick System Extension/Kernel Extension

Patriron
New Contributor

Hello dear forum,

We are using Tunnelblick to establish a VPN tunnel. We distribute Tunnelblick directly when setting up the device per policy.
For the newer Macs (from M1, AppleSilicon) it is necessary to install the Tun & Tap extensions for Tunnelblick.
This requires to restart the Mac in recovery mode and to change the security policy in the Startup Security Utility (see screenshot in the attachment).

Since this requires admin privileges and I only create a hidden admin user via pre-stage, if I do this manually, it shows me here that there is no admin user.

My question is therefore, whether it is possible to change the security policy via configuration profile or script to via Jamf to reduced security without that a manual intervention is required.
Preferably the Tun&Tap extensions should also be approved automatically.
I had already created a configuration profile, but this did not lead to the desired success (see attachment).

Tunnelblick uses the following Tun&Tap extensions:
- tunnelblick-tap.kext
- tunnelblick-tun.kext

I would be glad about some help.

 

Screenshot 2022-10-20 at 16.11.01.png

 

Configuration profile jamfConfiguration profile jamf

 

This is, what I want to choose in Startup Security UtilityThis is, what I want to choose in Startup Security Utility

1 ACCEPTED SOLUTION

sdagley
Esteemed Contributor II

@Patriron There is no mechanism to install a kernel extension on an Apple Silicon Mac without requiring manual intervention. If you want to avoid that hassle you should investigate an alternate VPN tool that doesn't require a kext.

View solution in original post

1 REPLY 1

sdagley
Esteemed Contributor II

@Patriron There is no mechanism to install a kernel extension on an Apple Silicon Mac without requiring manual intervention. If you want to avoid that hassle you should investigate an alternate VPN tool that doesn't require a kext.