A. MacOS Version
In general keep your MacOS fully updated and as a rule of thumb, if your MacOS is 4 years old or newer you are probably fine. Tunnelblick has been pretty good at supporting older versions.
B. Download Tunnelblick from our approved version
Download our approved Disk Image (.dmg) file
C. Open the Tunnelblick Disk Image (.DMG)
Double click the disk image you downloaded and inside is the Tunnelblick Installer App. Double click the installer icon.
D. Installation
The installer will ask for your local Mac OS password a few times and ask a few questions:
B. Assign or Replace an Owner on a VPN Connection
On the ISF main page, click on the VPN Management link on the left navigation
column.
You will see a list of available client connections (by number). If
this is a new connection, find a connection where the Owner field is
blank. If you are replacing a connection, delete the current
information in the Owner field. Enter BOTH name of the person and the
type of machine they will be using. For example:
Jane Doe Lenovo
or
John Smith Dell Home Desktop
Click the Change Owner button.
This is a crucial step. If that machine is stolen or compromised, we
can revoke that one connection and everyone can continue to work. If
we are unsure which connection was compromised, we will have to revoke
ALL of them immediately (potentially cutting people off
mid-connection) and then re-issue certificates to everyone.
(Table of Contents)
C. Revoke/Replace the certificates/keys
ALWAYS Revoke/Replace, even if this is just replacing the same
connection (say due to re-installing the OS of a laptop). The
certificates have a 3 year life time and Revoking/Replacing resets
that clock every time. Even on a new install, Revoke/Replace as you
often don't know how old the initial certificates are. Additionally,
Revoke/Replace locks out any stray certificates, which is always a
good thing.
Underneath the zip download link click the "Set Password" or
"Change Password" (depending if the connection has a password or
not):
You then have two options. You can create the password for the user and then tell them. NOTE! They cannot change it once it is assigned, only an ISF Firewall Admin can initiate a password request.
Or you can cut-and-paste the link provided and email the user (or
put it in their browser if you are on a remote session with the
final end user). They will need the PIN, do not send the PIN and
the link in a email. If you email the link, then text or voice
call them with the PIN. They can then fill out the password form
themselves. This is the preferred method as their password is then
private.
If that is successful then they will be given a download link for the certificate bundle and can follow the directions in the Unzip
section below.
You've completed the installation and configuration of Tunnelblick
To connect, look for the Tunnelblick icon in the top right corner of your desktop, near the clock. You can click on it and choose to connect to the VPN you just named (whatever you put in for '1mycompany')