Permissions issues with tunnelblick/openvpn - can anyone help?
Hello.
I need to use openvpn to access my work subnet. I figured I'd try going the GUI route, but it hasn't worked for me so far. I'm hoping someone here can help me.
I downloaded Tunnelblick 3.0 RC2 (which contains the Tunnelblick app, openvpn, and the tun/tap kernel extensions). I ensured that a working openvpn.conf, certificate, and private key were available in ~/Library/openvpn.
I then tried to connect using Tunnelblick. This simply doesn't work for me. The kernel extension doesn't get loaded, and openvpn fails with:
Cannot allocate TUN/TAP dev dynamically
which almost always happens when openvpn is not run with root permissions.
I can confirm that, under the Resources subdirectory of Tunnelblick.app, there is a file called openvpnstart that is owned by root and has the setuid bit set. The [tun|tap].kext directories are also owned by root. Other than that, all the other files in the Tunnelblick tree (including openvpn) are owned by my non-privileged user account.
I confirmed that I could load the kernel extension and connect using openvpn when I did both of those tasks manually (by cd'ing to the Resources subdirectory under Tunnelblick.app, and then using sudo, kextload, and the appropriate options to the openvpn binary).
In my mind, this clearly signals a permissions problem, but I don't know why other people wouldn't have seen the same problem (Tunnelblick seems to work for everybody else).
Any ideas? I e-mailed the Tunnelblick people, but so far they haven't responded.
iBook G4 Mac OS X (10.4.6)
I need to use openvpn to access my work subnet. I figured I'd try going the GUI route, but it hasn't worked for me so far. I'm hoping someone here can help me.
I downloaded Tunnelblick 3.0 RC2 (which contains the Tunnelblick app, openvpn, and the tun/tap kernel extensions). I ensured that a working openvpn.conf, certificate, and private key were available in ~/Library/openvpn.
I then tried to connect using Tunnelblick. This simply doesn't work for me. The kernel extension doesn't get loaded, and openvpn fails with:
Cannot allocate TUN/TAP dev dynamically
which almost always happens when openvpn is not run with root permissions.
I can confirm that, under the Resources subdirectory of Tunnelblick.app, there is a file called openvpnstart that is owned by root and has the setuid bit set. The [tun|tap].kext directories are also owned by root. Other than that, all the other files in the Tunnelblick tree (including openvpn) are owned by my non-privileged user account.
I confirmed that I could load the kernel extension and connect using openvpn when I did both of those tasks manually (by cd'ing to the Resources subdirectory under Tunnelblick.app, and then using sudo, kextload, and the appropriate options to the openvpn binary).
In my mind, this clearly signals a permissions problem, but I don't know why other people wouldn't have seen the same problem (Tunnelblick seems to work for everybody else).
Any ideas? I e-mailed the Tunnelblick people, but so far they haven't responded.
iBook G4 Mac OS X (10.4.6)
iBook, Mac OS X (10.4.2)