Preferences Related to Usernames, Passwords, and Passphrases The username is saved in account "username", the password is saved in account "password", and the passphrase is saved in account "privateKey". Each is saved as a separate Keychain item named "Tunnelblick-Auth-XYZ" where "XYZ" is the name of the configuration. Tunnelblick stores the username, password, and/or passphrase for each configuration in the user's login Keychain as an "application" password. Note that Tunnelblick allows users to paste the username, password, or passphrase they needn't type them. Tunnelblick in turn asks the user for them, and offers the option of saving them in the macOS Keychain so they can be retrieved later by Tunnelblick without asking the user for them. OpenVPN asks Tunnelblick for these items as needed. OpenVPN setups often use the -auth-user-pass option in client configurations to specify that a username and password are required to connect the VPN, and a passphrase may be required to unlock a private key. Tunnelblick and Usernames, Passwords, and Passphrases When combined with the "old" method of updating configurations (see below), this allows a single update to contain updates for all configurations. "EnclosingConfiguration.tblk" is used as a container for the folder structure that contains the actual VPN configurations. For details, see Nested Configurations.įor example,the following single Tunnelblick VPN Configuration sets up six configurations contained in three folders: Tunnelblick can include one level of configurations within a configuration, and configurations can be contained in folders and subfolders to any depth. Nested Configurations and Configurations in Folders However, configurations or changes which are not security sensitive may be installed by a standard user (without authorization by a computer administrator) if a computer administrator has previously un-checked the "Require computer administrator authorization to install all configurations" checkbox on the "Preferences" panel of Tunnelblick's "VPN Details" window.įor details, see Standard Users Installing or Replacing Configurations. Non-administrator Installations and Updates of VPN Configurationsįor security reasons, by default Tunnelblick requires a computer administrator's authorization to install or update VPN configurations. For details, see Automatically Install Configurations and Forced Preferences. Tunnelblick can install "forced" preferences (settings that cannot be modified by a standard user) at the same time that Tunnelblick itself is installed, using the same computer administrator authorization. Automatic Installation of Forced Preferences when Tunnelblick is Installed Tunnelblick can install Tunnelblick VPN configurations at the same time that Tunnelblick itself is installed, using the same computer administrator authorization. Non-administrator Installations and Updates of VPN Configurations Automatic Installation of Configurations when Tunnelblick is InstalledĪutomatic Installation of Forced Preferences when Tunnelblick is Installed
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |