Fixing Tunnelblick disconnecting in OS X 10.10 Yosemite

If you have just upgraded to Yosemite, you might have run into issues with Tunnelblick. First, it will connect properly, then disconnect immediately after.

To fix this, open the Tunnelblick connection settings, click “Advanced settings” and uncheck “Flush DNS cache after connecting or disconnecting”.

Screen Shot 2014-10-18 at 9.07.16 PM

10 comments on “Fixing Tunnelblick disconnecting in OS X 10.10 Yosemite

  1. This sounds like exactly the solution I need, but I can’t find Tunnelblick’s connection settings! Can you explain where they are? Thanks!

  2. Nope. Doesn’t work for me. I use a smartcard, so I know I don’t even get to the connection-stage – because I haven’t given it my PIN yet. So, I see Tunnelblick do ‘connecting…’, and then it stops. ‘Disconnected’. I tried all the fiddling I could muster with nameserver related settings. Didn’t work. The smartcard is detected perfectly by other software, BTW.

    • For smart card uses, I just start up openvpn manually. Not sure if there is a way to get tunnelblick to prompt for the pin ? Thats how I came to this website as I was looking to see how to do that.

      I open up shell prompt, and manually start it. I have a safenet eToken

      as root

      sh-3.2# /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.6/openvpn –show-pkcs-11-ids /usr/local/lib/libeTPkcs11.dylib

      You should then see something like

      Options error: Unrecognized option or missing parameter(s) in [CMD-LINE]:1: show-pkcs-11-ids (2.3.6)
      Use –help for more information.
      sh-3.2# /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.6/openvpn –show-pkcs11-ids /usr/local/lib/libeTPkcs11.dylib

      The following objects are available for use.
      Each object shown below may be used as parameter to
      –pkcs11-id option please remember to use single quote mark.

      Certificate
      DN: C=CA, ST=ON, L=Cambridge, O=Sentex PKI CA, CN=cnnamehere, emailAddress=mike@sentex.ca
      Serial: 02
      Serialized id: SafeNet\x2C\x20Inc\x2E/eToken/008481a7/cnnamehere/123456A5

      Then add to your config as stated above with the full ID that you got above

      pkcs11-providers /usr/local/lib/libeTPkcs11.dylib
      pkcs11-id ‘SafeNet….’

      If you use the tunnelblick editor, careful about the ending quote as it tries to be “helpful” and put in the wrong type of end quote. It should be the single quote next to your enter key…

  3. After searching for a while, this immediately fixed my connection problems. Thank you!

    Here is the connection reset string to help anyone else via SEO:
    Oct 02 08:16:23: [default-server] Inactivity timeout (–ping-restart), restarting
    Oct 02 08:16:23: SIGUSR1[soft,ping-restart] received, process restarting

Leave a Reply

Your email address will not be published. Required fields are marked *

To create code blocks or other preformatted text, indent by four spaces:

    This will be displayed in a monospaced font. The first four 
    spaces will be stripped off, but all other whitespace
    will be preserved.
    
    Markdown is turned off in code blocks:
     [This is not a link](http://example.com)

To create not a block, but an inline code span, use backticks:

Here is some inline `code`.

For more help see http://daringfireball.net/projects/markdown/syntax