On This Page
Release Downloads
Verifying Downloads
User Contributions
Download Integrity
Downloading and Installing on macOS Mojave and Higher

Release Downloads

To be notified of new releases, use Tunnelblick's built-in update mechanism or subscribe to the Tunnelblick Announce Mailing List.

Beta versions are suitable for many users. See Stable vs. Beta for details.

As a Free Software project, Tunnelblick puts its users first. There are no ads, no affiliate marketers, no tracking — we don't even keep logs of your IP address or other information. We just supply open technology for fast, easy, private, and secure control of VPNs.

Verifying Downloads

You should verify all downloads. Even though https:, the .dmg format, and the application's macOS digital signature provide some protection, they can be circumvented.

Verifying Hashes

Comparing the SHA256, SHA1, and MD5 hashes of your downloaded file with the official published ones will provide additional assurance that the download is legitimate and has not been modified. You can compare the hashes with programs included with macOS without the need to install additional software.

To compute the hashes of a file you've downloaded, type the following into /Applications/Utilities/Terminal:

shasum -a 256path-to-the-file
openssl sha1path-to-the-file
openssl md5path-to-the-file

Then compare the computed hashes with the values shown near the link for the downloaded file.

(Don't type 'path-to-the-file' — type the path to the file, that is, the sequence of folders that contain the file plus the file name (e.g. /Users/janedoe/Desktop/Tunnelblick_3.7.2a_build_4851.dmg). An easy way to get it into Terminal is to drag/drop the file anywhere in the Terminal window. The pointer will turn into a green and white plus sign ('+') to indicate the path will be dropped. So you would type 'shasum -a 256 ' — with a space after the '256' — and then drag/drop the disk image file anywhere in the Terminal window.)

For additional assurance that the hashes displayed on this site have not been compromised, the hashes are also available in the description of each 'Release' on Tunnelblick's GitHub site, which is hosted and administered separately from this site.

Verifying GnuPG Signatures

Recent Tunnelblick disk images are also signed with GnuPG version 2.

To prepare for verifying signatures, you should download and install GnuPG 2.2.3 or higher, and then add the Tunnelblick Security GnuPG public key (key ID 6BB9367E, fingerprint 76DF 975A 1C56 4277 4FB0 9868 FF5F D80E 6BB9 367E) to your trusted GnuPG keyring by typing the following into /Applications/Utilities/Terminal:

gpg --import TunnelblickSecurityPublicKey.asc.

To verify the signature of a file, download the corresponding signature file and then type the following into /Applications/Utilities/Terminal:

gpg --verify path-to-the-signature-filepath-to-the-disk-image-file

The result should be similar to the following:

gpg: Signature made Sat Dec 16 19:17:03 2017 EST
gpg: using RSA key B4D96F0D6A58E335A0F4923A2FF3A2B2DC6FD12C
gpg: Good signature from 'Tunnelblick Security <tunnelblicksecurity@protonmail.com>' [ultimate]

User Contributions

These downloads have been contributed by users and usually help deal with special circumstances. They are not endorsed or checked by the Tunnelblick project, and you use them at your own risk. To contribute a download, send it to the developers or post it on the Tunnelblick Discussion Group.

Before using these scripts, please read Tunnelblick and VPNs: Privacy and Security. (Actually, everyone using a VPN should read that!)

Note: these scripts are executed as root.Instructions for using scripts.

Download Integrity

In June 2015 there was much discussion (and outrage) about SourceForge providing downloads that contain unwanted or malicious software; SourceForge has changed their policies to help avoid this. Tunnelblick binaries were hosted on SourceForge from the fall of 2013, when Google Code stopped hosting new binaries, until 2015-07-17, when they were moved from SourceForge to GitHub.

Tunnelblick protects against unwanted software insertions by publishing the SHA1 and MD5 hashes for each of our downloads. You should verify the hashes of all Tunnelblick downloads by following the instructions above.

Additional safeguards automatically protect updates performed by Tunnelblick's built-in update mechanism:

• Updates are controlled by tunnelblick.net and all update data is transported via https:
• Update downloads contain digital signatures to verify they have not been modified. (This is in addition to the macOS digital signature of the Tunnelblick application itself.) See Digital Signatures.

Downloading and Installing on macOS Mojave and Higher

When you install any application, including Tunnelblick, after it has been downloaded normally, macOS Mojave and higher send information to Apple (they 'phone home'). macOS Catalina and higher also 'phone home' each time you launch any application, including Tunnelblick.

These behaviors are considered by some to be a violation of privacy.

You can avoid these behaviors, but you will be disabling security checks which macOS would normally do on a downloaded program, including checks that the program is correctly notarized and has been found to not contain malware.

To avoid having macOS Mojave and higher 'phone home' when you install Tunnelblick, you can do the following to download Tunnelblick to your Desktop:

1. Open the Terminal application located in /Applications/Utilities.
2. Type (or copy/paste) 'curl --output ~/Desktop/Tunnelblick.dmg --location ' into Terminal without the quotation marks (the space after '--location' is important).
3. In your browser, instead of clicking on the link to download Tunnelblick, Control-click the link and select 'Copy Link' (Safari), 'Copy Link Location' (Firefox), or 'Copy Link Address' (Chrome).
4. Click in the Terminal window to select it for input, then Paste (Command-V). A URL starting with https://tunnelblick.net/release/ should appear after the '.dmg '.
5. Press the enter/return key on the keyboard.
6. You will see two or more progress bars showing the timing of downloads [1].
7. Verify the download.
8. Double-click the downloaded Tunnelblick disk image file on your Desktop to open the Tunnelblick disk image, then double-click the Tunnelblick icon in the window that appears to install Tunnelblick.

This will download the file to your Desktop without the flag that indicates the file was downloaded from the Internet. When that flag is present, macOS Mojave and higher 'phone home' when the downloaded file is double-clicked to install it; when the flag is not present, macOS Mojave doesn't.

To avoid having macOS Catalina and higher 'phone home' when you launch Tunnelblick (or other applications), see How to run apps in private.

[1] Tunnelblick downloads are redirected from the tunnelblick.net website to GitHub, which may redirect them further. Typically one or more tiny downloads (a few hundred bytes each) provide information about the redirection, and the final larger download is the desired file.

On This Page
Release Downloads
Verifying Downloads
User Contributions
Download Integrity
Downloading and Installing on macOS Mojave and Higher

Release Downloads

To be notified of new releases, use Tunnelblick's built-in update mechanism or subscribe to the Tunnelblick Announce Mailing List.

Beta versions are suitable for many users. See Stable vs. Beta for details.

As a Free Software project, Tunnelblick puts its users first. There are no ads, no affiliate marketers, no tracking — we don't even keep logs of your IP address or other information. We just supply open technology for fast, easy, private, and secure control of VPNs.

Verifying Downloads

You should verify all downloads. Even though https:, the .dmg format, and the application's macOS digital signature provide some protection, they can be circumvented.

Verifying Hashes

Comparing the SHA256, SHA1, and MD5 hashes of your downloaded file with the official published ones will provide additional assurance that the download is legitimate and has not been modified. You can compare the hashes with programs included with macOS without the need to install additional software.

To compute the hashes of a file you've downloaded, type the following into /Applications/Utilities/Terminal:

shasum -a 256path-to-the-file
openssl sha1path-to-the-file
openssl md5path-to-the-file

Then compare the computed hashes with the values shown near the link for the downloaded file.

(Don't type 'path-to-the-file' — type the path to the file, that is, the sequence of folders that contain the file plus the file name (e.g. /Users/janedoe/Desktop/Tunnelblick_3.7.2a_build_4851.dmg). An easy way to get it into Terminal is to drag/drop the file anywhere in the Terminal window. The pointer will turn into a green and white plus sign ('+') to indicate the path will be dropped. So you would type 'shasum -a 256 ' — with a space after the '256' — and then drag/drop the disk image file anywhere in the Terminal window.)

For additional assurance that the hashes displayed on this site have not been compromised, the hashes are also available in the description of each 'Release' on Tunnelblick's GitHub site, which is hosted and administered separately from this site.

Verifying GnuPG Signatures

Recent Tunnelblick disk images are also signed with GnuPG version 2.

To prepare for verifying signatures, you should download and install GnuPG 2.2.3 or higher, and then add the Tunnelblick Security GnuPG public key (key ID 6BB9367E, fingerprint 76DF 975A 1C56 4277 4FB0 9868 FF5F D80E 6BB9 367E) to your trusted GnuPG keyring by typing the following into /Applications/Utilities/Terminal:

gpg --import TunnelblickSecurityPublicKey.asc.

To verify the signature of a file, download the corresponding signature file and then type the following into /Applications/Utilities/Terminal:

gpg --verify path-to-the-signature-filepath-to-the-disk-image-file

The result should be similar to the following:

gpg: Signature made Sat Dec 16 19:17:03 2017 EST
gpg: using RSA key B4D96F0D6A58E335A0F4923A2FF3A2B2DC6FD12C
gpg: Good signature from 'Tunnelblick Security <tunnelblicksecurity@protonmail.com>' [ultimate]

User Contributions

These downloads have been contributed by users and usually help deal with special circumstances. They are not endorsed or checked by the Tunnelblick project, and you use them at your own risk. To contribute a download, send it to the developers or post it on the Tunnelblick Discussion Group.

Before using these scripts, please read Tunnelblick and VPNs: Privacy and Security. (Actually, everyone using a VPN should read that!)

Note: these scripts are executed as root.Instructions for using scripts.

Download Integrity

In June 2015 there was much discussion (and outrage) about SourceForge providing downloads that contain unwanted or malicious software; SourceForge has changed their policies to help avoid this. Tunnelblick binaries were hosted on SourceForge from the fall of 2013, when Google Code stopped hosting new binaries, until 2015-07-17, when they were moved from SourceForge to GitHub.

Tunnelblick protects against unwanted software insertions by publishing the SHA1 and MD5 hashes for each of our downloads. You should verify the hashes of all Tunnelblick downloads by following the instructions above.

Additional safeguards automatically protect updates performed by Tunnelblick's built-in update mechanism:

• Updates are controlled by tunnelblick.net and all update data is transported via https:
• Update downloads contain digital signatures to verify they have not been modified. (This is in addition to the macOS digital signature of the Tunnelblick application itself.) See Digital Signatures.

Downloading and Installing on macOS Mojave and Higher

When you install any application, including Tunnelblick, after it has been downloaded normally, macOS Mojave and higher send information to Apple (they 'phone home'). macOS Catalina and higher also 'phone home' each time you launch any application, including Tunnelblick.

These behaviors are considered by some to be a violation of privacy.

You can avoid these behaviors, but you will be disabling security checks which macOS would normally do on a downloaded program, including checks that the program is correctly notarized and has been found to not contain malware.

To avoid having macOS Mojave and higher 'phone home' when you install Tunnelblick, you can do the following to download Tunnelblick to your Desktop:

1. Open the Terminal application located in /Applications/Utilities.
2. Type (or copy/paste) 'curl --output ~/Desktop/Tunnelblick.dmg --location ' into Terminal without the quotation marks (the space after '--location' is important).
3. In your browser, instead of clicking on the link to download Tunnelblick, Control-click the link and select 'Copy Link' (Safari), 'Copy Link Location' (Firefox), or 'Copy Link Address' (Chrome).
4. Click in the Terminal window to select it for input, then Paste (Command-V). A URL starting with https://tunnelblick.net/release/ should appear after the '.dmg '.
5. Press the enter/return key on the keyboard.
6. You will see two or more progress bars showing the timing of downloads [1].
7. Verify the download.
8. Double-click the downloaded Tunnelblick disk image file on your Desktop to open the Tunnelblick disk image, then double-click the Tunnelblick icon in the window that appears to install Tunnelblick.

This will download the file to your Desktop without the flag that indicates the file was downloaded from the Internet. When that flag is present, macOS Mojave and higher 'phone home' when the downloaded file is double-clicked to install it; when the flag is not present, macOS Mojave doesn't.

To avoid having macOS Catalina and higher 'phone home' when you launch Tunnelblick (or other applications), see How to run apps in private.

[1] Tunnelblick downloads are redirected from the tunnelblick.net website to GitHub, which may redirect them further. Typically one or more tiny downloads (a few hundred bytes each) provide information about the redirection, and the final larger download is the desired file.