The Tunnelblick application contains the Tunnelblick GUI, OpenVPN, and OpenSSL, so no other installations are needed except for VPN configurations. Perhaps this is leaving the additional entries.Downloading Tunnelblick and Verifying the Download What may possibly be relevant is that on this test Mac I have installed and removed Tunnelblick a few times. If I compare this with the Sophos KEXTs you will see my concern. Team ID: Z2SG5H3HC8 Bundle ID: Īs you can see only the first and last lines have a Team ID included. When I run this script on a Mac with Tunnelblick installed it lists the results like this. Note: Even on a freshly formatted/installed Mac has a number of third-party KEXTs as standard as these are provided by Apple, e.g. I have run this on a Mac and found the details for all the KEXT. If you go to this web page - there is a script which does the hard work for you of finding both the Team ID and individual KEXT identifiers so that you can add them to your MDM system. However I get the impression that not all of the Tunnelblick KEXTs are being properly labelled with that Team ID. It turns out that the Team ID for Tunnelblick is - Z2SG5H3HC8. To do this you need to add either or both the 'Team ID' and the individual KEXT identifier to the Configuration Profile.Įach developer has their own unique Team ID. This is done by pushing a Configuration Profile via an MDM server to the client Mac. In a corporate environment it is possible to 'whitelist' these KEXTs so that individual users do not need to worry about remembering to do this. This requires third-party KEXTs to be approved by the user of a Mac before they are loaded, as such this impacts Tunnelblick which uses KEXTs for TUN and TAP interfaces. High Sierra 10.13.4 introduces a new security feature for loading Kernel Extensions called 'Secure Kernel Extension Loading' - SKEL.
0 kommentar(er)
