(Gert replied to me privately because I (in error) sent privately to him. I have his permission to share his reply with the group, and am including my response.)
On Thu, Dec 10, 2015 at 9:24 AM, Gert Doering <g...@greenie.muc.de> wrote: > Mmmh. Seems I will have to figure out how .tblk works, and how to generate > these on a unix box... in which case I can just give the users exactly > this. Right now I generate .ovpn which inline key/ca/cert, which can be > used across all platforms - but I'm willing to adapt :-) In the simplest case, a .tblk is just a folder containing a config file and all files associated with the config. When a folder has a name that ends in ".tblk" on a Mac, it is a "package" and to the user it looks like a single file (but to programs it is still just a folder). When a user double-clicks on a .tblk, Tunnelblick installs the configuration. (The install process involves copying the config and files to a "safe" place and securing them.) So you'd just create a folder, put the files in it, name it ending in .tblk, make a .zip of it, and send it to your users. A .tblk can have other .tblks inside it, so you can have your user double-click a single .tblk that installs several different configurations. A .tblk can also have an Info.plist (a standard kind of XML file on OS X) that has lots of powerful options, including options that make the .tblk "updatable". (Updates are checked for periodically, using the same mechanism that Tunnelblick uses to update itself.) The full documentation for .tblks is at https://tunnelblick.net/cPkgs.html > May I ask, for the sake of simplicity on the generating side, to accept > new "foo.tblk" files that contain the *same* openvpn.conf config, as > "update ca/key/cert material" instead of "new config"? > > (This way, on the generating side, we'd always just generate "the bundle > for the user". Initial install or "we change something in our servers > and need to change the config" would need admin intervention, "upgrade > user key and cert" would not...) Great idea, thanks! ------------------------------------------------------------------------------ _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
