4

I'd like to run a script on my Mac whenever OpenVPN connects. I've checked the config on my Mac and I don't see a place for scripts anywhere. I'm running the most recent Tunnelblick (3.7.0).

Where can I set scripts on Tunnelblick for Mac?

Improve this question

2 Answers 2

Reset to default
6

This answer is a little late, but there are actually hooks within Tunnelblick that you can use simply by putting properly named scripts in certain directories.

The documentation for this is not all that much fun to read (or put into practice), so here's a summary*:

  1. Create pre-connect.sh, post-tun-tap-load.sh, connected.sh, reconnecting.sh and/or post-disconnect.sh as is your need.
  2. As root, put these files in /Library/Application Support/Tunnelblick/Shared/<gateway>.tblk/Contents/Resources, where <gateway>.tblk is a directory named after an OpenVPN configuration you've imported into Tunnelblick previously.
  3. Change ownership and ACLs:

    bash$ sudo chown root:wheel reconnecting.sh bash$ sudo chmod 700 reconnecting.sh

*Note that the directories I refer to might be different on your setup--I'm running macOS 10.12.6, and these steps assume you've already imported OpenVPN configurations into Tunnelblick.

Improve this answer
2
  • Thanks, it works for me too with adjustments. Tunnelblick 3.8.1 build 5400, macOS Mojave 10.14.6. I post my complete setup in other answer.
    – AndreaT
    Commented Oct 23, 2019 at 12:18
  • As a heads up, depending on your setup, your configuration files may also reside in ~/Library/Application Support/Tunnelblick/Configurations/.
    – Etheryte
    Commented Sep 8, 2020 at 10:15
1

Based on the other (great) answer to this question, i wrote this based on Tunnelblick 3.8.1 build 5400 and macOS Mojave 10.14.6 with a simple example.

  1. Open terminal.

  2. sudo -s

  3. cd /Users/<user>/Library/Application Support/Tunnelblick/Configurations/<profile>.tblk/Contents/Resources

    where <user> is your username on mac and <profile> is a VPN profile configuration you've imported into Tunnelblick

    Complete path is something like

    /Users/andrea/Library/Application Support/Tunnelblick/Configurations/vpncorporate.tblk/Contents/Resources


  1. connected.sh

    nano connected.sh

    Paste following lines e.g. if you want to add routing rule when connected

    #!/bin/sh

route add -host 172.16.10.7/32 -gateway 192.168.0.244

    Reference: route man page


  1. post-disconnect.sh

    nano post-disconnect.sh

    Paste following lines e.g. if you want to delete previous added rule

    #!/bin/sh

route delete -host 172.16.10.7/32 -gateway 192.168.0.244

    Reference: route man page


  1. Set the right permission

    chmod 700 connected.sh
chmod 700 post-disconnect.sh

    In my case 

    -rwx------  1 root            admin    63 23 Ott 11:47 connected.sh
-rwx------  1 root            admin    66 23 Ott 13:43 post-disconnect.sh


A more useful and complex example about connected.sh and post-disconnect.sh may be the follow

The idea is to get default gateway and route through that for specific IP.

  1. connected.sh

    #!/bin/sh

DEFAULTGATEWAY="$(netstat -nar | sed -n -e '/^default/p' | head -1 | awk '{print $2}')"

route add -host 172.16.10.7/32 -gateway $DEFAULTGATEWAY

  2. post-disconnect.sh

    #!/bin/sh

route delete -host 172.16.10.7/32
Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .