Mac Renewal Old Password Problem

From Witopiawiki

Jump to: navigation, search

If you're using our personalVPN™ service on a Macintosh and have renewed your account by re-ordering (see: Renewing your personalVPN™), you may encounter this problem when you first try to use your new configuration: you start tunnelblick and are told you are using the wrong passphrase. You are given no opportunity to enter the correct passphrase.

Here's how one user put it: 

  I just renewed my service. Deleted the appropriate files in my User
  folder.  Installed all the packages provided.  Restarted. Clicked
  "connect" under the Tunnelblick icon.

  All I get is a window telling me that I am using the incorrect
  pass-phrase and to try again; no option is provided for entering the
  new pass-phrase I created when I renewed.  And the little window
  keeps reappearing; the only way to get it to stop is to quit
  Tunnelblick.

If you're pretty comfortable with the somewhat heftier parts of your Mac, proceed, but if you're at all worried, do a backup and get a Mac wizard to help.

The theory is that your mac is remembering the password for your old key, and supplying it when openvpn asks for the "password to unlock the key for openvpn-XXX".

To fix this, we'll delete the old password, and the mac will ask you for a new password when you next run tunnelblick.

The mac stores these keys in a keychain, and on Tiger you can see them by going to Applications>Utilities>Keychain Access. Once you do, you'll get a screen like this:

Image:Keychain small.jpg

I've expanded on the "nrh" keychain (yours will have your name, not "nrh") and opened up the hierarchy of "passwords" and chosen "application", which means: passwords that are for applications.

If you do the same, you probably have only one "OpenVPN" application password. If you double click on it, you'll see something like this:


Image:Keychain attributes.jpg

If you want to see the password, you can click on the "show password" box. It will probably ask you for your login password and will then display the password. You might want to do this, and write down the password, because the next step is to delete this password entry.

If you really have this problem, the password shown will be the password you used with your old certificate. This is the heart of the problem -- the mac isn't realizing that the old password isn't working with the new key.

So now close this window, go back to the main pane (labeled "Keychain Access" above) and delete the openvpn key by highlighting the OpenVPN key and choosing menu item "Edit>Delete". Quit out of keychain assistant, saving if it asks you to save.

Now if you start tunnelblick again, it won't find a key in the keychain, and should ask you for the key. Put in your new password, and optionally tell it to save it in the keychain, and things should work.

Retrieved from "http://wiki.witopia.net/wiki/Mac_Renewal_Old_Password_Problem"
Personal tools