New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TunnelBlick 4.0.0 - asking for passphrase with openssl 3.0.13 but no passphrase is required #791
Comments
I had the same issue I had to downgrade to 3.8 version to fix this issue I tried to enter empty passphrase but not working |
Thanks, @davidef, for reporting the problem and including the Diagnostic Info. I don't see how a passphrase could be required; it's probably a bug in Tunnelblick, or in OpenVPN's interface with OpenSSL 3. |
@Amr3zzat, thanks for reporting the problem. Did you try Tunnelblick 4 using OpenVPN 2.6.9 with OpenSSL 1.1.1w? |
@jkbullard as wrote above with OpenVPN 2.6.9 with OpenSSL 1.1.1w it works. The issue is only with openssl 3.0.13 |
@Amr3zzat - Please post the Diagnostic Info with the Tunnelblick 4 using OpenVPN 2.6.9 with OpenSSL 3.0.13 (which will fail). |
@Amr3zzat - You can follow the instructions at Before You Post About a Problem. |
@jkbullard My log for the issue is already attached to the first post. In the passphrase popup we can only cancel it to continue as no passphrase is needed and empty is not accepted. |
Everyone with this problem: If you could post the Diagnostic Info after enabling extra logging, that would be very helpful. To enable extra logging for this problem, please copy/paste the following into /Applications/Utilities/Terminal:
Then try to connect, disconnect, and get the Diagnostic Info again. You can then disable the extra logging by copy/pasting:
|
There is a relevant comment on the Tunnelblick Discussion Group by Andrew. Here is a copy for those who do not want to use Google websites:
|
@jkbullard Thank you for the feedback we inlined the certificate and private key as it now works. I think it will be helpful to include the p12 legacy ciphers note by Andrew also here: https://tunnelblick.net/cTunnelblick4.html |
It was actually Andrew who provided the critical comment! |
@jkbullard Thanks for your feedback When I switched to 2.6.9 with openssl 1.1.1w, It connects fine |
@Amr3zzat - You're welcome. But it's important that you – and everyone else unable to use the version of OpenVPN/OpenSSL that Tunnelblick chooses by default – update your VPN setup; see Tunnelblick 4 for details. |
If you want to use the latest version of OpenSSL but don't have a p12, convert it using this:
To verify that your p12 is a problem, this should output "Error outputting keys and certificates":
and:
should output:
After converting it should output:
|
Describe the bug
After updating to 4.0.0 we are unable to connect with openvpn 2.6.9 with openssl 3.0.13 because tunnelblick is asking for a not required passphrase. Switching to openvpn 2.6.9 with openssl 1.1.1w (in tunnelblick 4.0.0) it connect fine.
Is passphrase now mandatory with openssl ?
Expected behavior
No passphrase is requested.
tunnelblick.txt
The text was updated successfully, but these errors were encountered: