Tunnelblick для windows 10
To be notified of new releases, use Tunnelblick’s built-in update mechanism or subscribe to the Tunnelblick Announce Mailing List.
Beta versions are suitable for many users. See Stable vs. Beta for details.
As a Free Software project, Tunnelblick puts its users first. There are no ads, no affiliate marketers, no tracking — we don’t even keep logs of your IP address or other information. We just supply open technology for fast, easy, private, and secure control of VPNs.
| Beta | Tunnelblick 3.8.6beta01 (build 5680, macOS 10.10+, (mixed Intel-64, M1), notarized) released 2021-04-11 Release Notes SHA1: 018eda600146a5850110f8c4b4a3d01edd111b31 MD5: d6c11d37181f5fe9039e15b79e291874 SHA256: d92e82642568984b6084e330fe10911b262cadb2105e639f62f098c400f275b7 GnuPG v2 signature |
| Stable | Tunnelblick 3.8.5 (build 5670, macOS 10.10+, (mixed Intel-64, M1), notarized) released 2021-04-11 Release Notes SHA1: f4678e62d5366eb223b88422f46dfd06d1da2f04 MD5: ec450aa8cbb382328ebe28d01ae016a4 SHA256: 1c7f4f441b472bfa841686dd981802caafa658b9a284e2b4c62d6918cd115bef GnuPG v2 signature |
| Older | See the Deprecated Downloads page. Includes versions for OS X 10.4 — 10.7.4. |
| Uninstaller | The Tunnelblick Uninstaller has been replaced by an «Uninstall» button on the «Utilities» panel of Tunnelblick’s «VPN Details» window as of Tunnelblick 3.8.5beta02. |
| Please read Uninstalling Tunnelblick before using Tunnelblick Uninstaller. | |
| Tunnelblick Uninstaller 1.12 (build 5090, macOS and OS X 10.7.5+, Intel-64 only, works on M1 using Rosetta) released 2018-06-26 Release Notes SHA1: c4503360e032877e1ab0c2742872250c646ba983 MD5: 0b8c3f0898ca88f4bbe90fe61271d7ab SHA256: 62b528da3212fd78146c6bcf03d88f4f8653845068b61f4f62029a3af791ef42 GnuPG v2 signature |
Verifying Downloads
You should verify all downloads. Even though https:, the .dmg format, and the application’s macOS digital signature provide some protection, they can be circumvented.
Verifying Hashes
Comparing the SHA256, SHA1, and MD5 hashes of your downloaded file with the official published ones will provide additional assurance that the download is legitimate and has not been modified. You can compare the hashes with programs included with macOS without the need to install additional software.
To compute the hashes of a file you’ve downloaded, type the following into /Applications/Utilities/Terminal:
shasum -a 256 path-to-the-file
openssl sha1 path-to-the-file
openssl md5 path-to-the-file
Then compare the computed hashes with the values shown near the link for the downloaded file.
(Don’t type ‘path-to-the-file‘ — type the path to the file, that is, the sequence of folders that contain the file plus the file name (e.g. /Users/janedoe/Desktop/Tunnelblick_3.7.2a_build_4851.dmg). An easy way to get it into Terminal is to drag/drop the file anywhere in the Terminal window. The pointer will turn into a green and white plus sign («+») to indicate the path will be dropped. So you would type ‘ shasum -a 256 ‘ — with a space after the «256» — and then drag/drop the disk image file anywhere in the Terminal window.)
For additional assurance that the hashes displayed on this site have not been compromised, the hashes are also available in the description of each «Release» on Tunnelblick’s GitHub site, which is hosted and administered separately from this site.
Verifying GnuPG Signatures
Recent Tunnelblick disk images are also signed with GnuPG version 2.
To prepare for verifying signatures, you should download and install GnuPG 2.2.3 or higher, and then add the Tunnelblick Security GnuPG public key (key ID 6BB9367E, fingerprint 76DF 975A 1C56 4277 4FB0 9868 FF5F D80E 6BB9 367E) to your trusted GnuPG keyring by typing the following into /Applications/Utilities/Terminal:
gpg —import TunnelblickSecurityPublicKey.asc .
To verify the signature of a file, download the corresponding signature file and then type the following into /Applications/Utilities/Terminal:
gpg —verify path-to-the-signature-file path-to-the-disk-image-file
The result should be similar to the following:
gpg: Signature made Sat Dec 16 19:17:03 2017 EST
gpg: using RSA key B4D96F0D6A58E335A0F4923A2FF3A2B2DC6FD12C
gpg: Good signature from «Tunnelblick Security » [ultimate]
User Contributions
These downloads have been contributed by users and usually help deal with special circumstances. They are not endorsed or checked by the Tunnelblick project, and you use them at your own risk. To contribute a download, send it to the developers or post it on the Tunnelblick Discussion Group.
Before using these scripts, please read Tunnelblick and VPNs: Privacy and Security. (Actually, everyone using a VPN should read that!)
Note: these scripts are executed as root. Instructions for using scripts.
| Scripts to Unload Cisco Tun Kext: user-contributed-001-pre-post.zip |
| SHA1: d3b09a2284de2862be7d55059581a85698930b28 MD5: f6f484864697607ee5c7206a5b056b12 |
| Contributed by «petiepooo». These scripts unload the Cisco AnyConnect tun kext before a Tunnelblick connection is started, and reload the Cisco tun kext after a Tunnelblick connection is stopped. (The Cisco kext interferes with Tunnelblick’s operation of tun connections.) |
| Scripts to Mount/Unmount a Volume: user-contributed-002-mount-unmount-volume.zip |
| SHA1: eb69727620fa8c46633d9ccf9f86c4b258fea7e6 MD5: 5b3b04bea43403b2a709aaa4c92d7473 |
| Contributed by John Griffis. These scripts mount a volume after a configuration is connected and unmount it when the configuration is disconnected. Scripts must be edited before use (in any plain-text editor) to specify details of the volume to be connected. For a note about connecting to a CIFS account, see this discussion. |
| Scripts to Monitor Connection Time and Bandwidth Use: user-contributed-003-monitor-uptime-and-bandwidth.zip |
| SHA1: 384b370967e722eacb2f3a782e8c326d87174003 MD5: 2c23ed5c31a1238843fb5ea36fd5dd74 |
| Contributed by «vkapovit». |
| These scripts provide a mechanism for the user to be alerted when the VPN has been up for more than 20 minutes or when bandwidth has exceeded 100MB. See this discussion for details. Requires Growl. Includes compiled binaries; use at your own risk. |
| Scripts to Launch and Kill a Program: user-contributed-004-launch-kill-program.zip |
| SHA1: 977aa7cc55f3e191b50057fe766c426af01808eb MD5: beccc55286b398fe0a8bcb798e25a883 |
| Contributed by «anonymous». |
| These scripts cause a program to be launched when a VPN is connected and then killed when the VPN is disconnected. It can be used with a torrent program, for example, so that the program is only active when the VPN is connected. Note that there may be a short time after the VPN has been disconnected before the program is killed. |
Download Integrity
In June 2015 there was much discussion (and outrage) about SourceForge providing downloads that contain unwanted or malicious software; SourceForge has changed their policies to help avoid this. Tunnelblick binaries were hosted on SourceForge from the fall of 2013, when Google Code stopped hosting new binaries, until 2015-07-17, when they were moved from SourceForge to GitHub.
Tunnelblick protects against unwanted software insertions by publishing the SHA1 and MD5 hashes for each of our downloads. You should verify the hashes of all Tunnelblick downloads by following the instructions above.
Additional safeguards automatically protect updates performed by Tunnelblick’s built-in update mechanism:
- Updates are controlled by tunnelblick.net and all update data is transported via https:
- Update downloads contain digital signatures to verify they have not been modified. (This is in addition to the macOS digital signature of the Tunnelblick application itself.) See Digital Signatures.
Downloading and Installing on macOS Mojave and Higher
When you install any application, including Tunnelblick, after it has been downloaded normally, macOS Mojave and higher send information to Apple (they «phone home»). macOS Catalina and higher also «phone home» each time you launch any application, including Tunnelblick.
These behaviors are considered by some to be a violation of privacy.
You can avoid these behaviors, but you will be disabling security checks which macOS would normally do on a downloaded program, including checks that the program is correctly notarized and has been found to not contain malware.
To avoid having macOS Mojave and higher «phone home» when you install Tunnelblick, you can do the following to download Tunnelblick to your Desktop:
- Open the Terminal application located in /Applications/Utilities.
- Type (or copy/paste) » curl —output
/Desktop/Tunnelblick.dmg —location » into Terminal without the quotation marks (the space after » —location » is important).
This will download the file to your Desktop without the flag that indicates the file was downloaded from the Internet. When that flag is present, macOS Mojave and higher «phone home» when the downloaded file is double-clicked to install it; when the flag is not present, macOS Mojave doesn’t.
To avoid having macOS Catalina and higher «phone home» when you launch Tunnelblick (or other applications), see How to run apps in private.
Tunnelblick Launches at Startup (Login)
Some users find that Tunnelblick runs when they don’t expect it to or they don’t want it to.
That is probably because Tunnelblick does not use the standard macOS «Open at Login» («Login Items») mechanism to control its behavior. (See Why and How Tunnelblick Doesn’t Use Login Items below.)
Instead, Tunnelblick is launched at login:
- If it was running when you last logged out; or
- If it detects a VPN either connected or in the process of connecting; or
- If it had previously disabled all network access.
- If you quit Tunnelblick after using it, it should not launch when you next login or start your computer.
- If you leave Tunnelblick running, it will launch when you next login.
If this is not the behavior you are experiencing, please see Troubleshooting below or ask for help on the Tunnelblick Discussion Group.
To Stop Tunnelblick from Launching on Login
You cannot stop Tunnelblick from launching on login if it detects an active VPN on login or if it had previously disabled network access unless you uninstall Tunnelblick (see Why and How Tunnelblick Doesn’t Use Login Items below for why).
However, you can stop Tunnelblick from launching at login solely because it was running when you last logged out. To do that, copy/paste the following in /Applications/Utilities/Terminal, then press the enter/return key on the keyboard:
To restore Tunnelblick’s normal behavior, copy/paste the following, then press the enter/return key on the keyboard:
Troubleshooting
First, check to make sure you don’t have a Tunnelblick «Login Item».
- Go to System Preferences : Users & Groups, select the user on the list on the left side of the window, then click on «Login Items» tab on the right side of the window.
- If you see Tunnelblick, click to select it, then click the minus sign («-«) at the bottom of the list on the left side of the window.
(Note that the checkbox next to the application name is for «hiding» the application after it launches — it is not for making the application launch at login.)
Second, check that you do not have an active VPN:
- Launch /Applications/Utilities/Activity Monitor.
- Click «View», then «All Processes».
- Click on the «Process Name» header to sort the list by process name.
If you see a process named «tunnelblick-helper», that indicates that a VPN is being connected. If you see a process named «openvpn», it means that a VPN is being connected or is connected.
If you don’t have Tunnelblick login items, and you don’t have a process named «tunnelblick-helper» or «openvpn», ask for help on the Tunnelblick Discussion Group. Please include the output of the following Terminal commands in your post (you can copy/paste; it all goes on one line):
Why and How Tunnelblick does not Use Login Items
Tunnelblick doesn’t use «Login Items» because we think it is important that users are shown an indication that a VPN is active when they log in (if one is active, of course). The indication is that Tunnelblick launches, and that it displays a connecting or connected icon. A VPN may be active because a VPN configuration is set up to connect when the computer starts, or because a different user logs into the computer while another user has connected to a VPN, or because of a crash of Tunnelblick or one of its components, or for some other reason.
Login items also don’t allow Tunnelblick to launch at login if it had previously disabled all network access. That’s important so it can ask the user if network access should be reenabled.
To ensure that is done, the Tunnelblick installer sets up macOS to run a very short script once each time a user logs in. The script decides whether or not to launch Tunnelblick, does so if necessary, and then quits. The script has little impact on the time to startup or login (on a five-year-old MacBook Pro the script uses 0.293 seconds of CPU time and very little I/O).
Another reason Tunnelblick doesn’t use «Login Items» is that most users don’t have Tunnelblick in the Dock (where it is easy to make it a Login Item by clicking «Options» : «Open at Login»). Instead, they leave Tunnelblick running all the time to make it easy to connect a VPN. When there is no active VPN, Tunnelblick uses few computer resources.
