macOS cannot connect to OpenVPN using Shimo - Kext error
I am trying to connect to a VPN network using a OpenVPN profile I have imported to Shimo, but it fails showing this message.
Shimo could not load its tun/tap kernel extensions, which are required by the used VPN protocol. Maybe you have some other VPN software running, which uses similar kernel extensions?
Could not load kernel extension with identifier: net.sf.tuntaposx.tun
- I had another vpn app installed which I removed using AppCleaner and restarted my laptop.
- The .ovpn file is correct for sure because it is used by another pc and it connects successfully.
- Shimo is connecting successfully to other VPN networks such as PPTP.
- I have also manually created another profile using username/password instead of the stored certifications to connect to that OpenVPN and the outcome is the same.
Debugging
- For debugging I run
kextstat | grep -e tun -e tap
before Shimo started and there are no results. - I run it again after Shimo started, again no results.
- And I run it again after error message is shown and this is the result.
194 0 0xffffff7f83db6000 0x7000 0x7000 net.sf.tuntaposx.tap (1.0) 3D2DEB8A-5419-3CFC-A44F-AE197B319324 <7 5 4 1>
- After that I execute
sudo kextunload -b net.sf.tuntaposx.tap
and the kext is unloaded successfully. - Then again when I try to connect the same error message is shown and the kext is loaded again.
I am using:
- Shimo 4.1.5.1
- macOS High Sierra 10.13.6
Note
I have found also some guides indicating that I should execute sudo rm -fr /Library/Extensions/tap.kext
and sudo rm -fr /Library/Extensions/tun.kext
and reinstall Shimo, but I fear this could cause more problems.
Any thoughts? (Thanks for your time)
UPDATE
I have now installed Tunnelblick and imported the same .ovpn file and it connects successfully.
After contacting their support they responded with the following which solved the problem.
When this happens open the System Preferences and go to the Security & Privacy settings panel. On the General tab, at the bottom right corner, there should be a message, saying that the use of system software was blocked with an Allow button next to it. After clicking on allow, there should be a dialogue to allow the use of software signed by Fabian Jaeger. If you don't see such a message do this alternatively:
- Go to this page: http://tuntaposx.sourceforge.net/download.xhtml and download the tun/tap kernel extensions
- Install the package, you have to quit Shimo and other VPN clients you might be using before doing so
- Go to this folder: /Library/Extensions
- There locate the tun.kext and tap.kext file and copy them
- Go to your Applications folder, find Shimo, right-click on it and select Show content package
- Go to the folder Contents/Ressources/tuntap
- Paste the previously copied files inside the tuntap folder and override the existing ones there
- Reboot your Mac and try to connect again with Shimo
For what it's worth. I had this issue on Mojave, and in the end, rebooting simply made it work without reinstalling tuntap.