Having problem getting the tun device to work.

759 views
Skip to first unread message

bmmcwhirt

unread,
Jan 5, 2011, 1:59:38 AM1/5/11
to tunnelblick-discuss
I have installed tunelblick but for some reason it will only connect
with 'dev tap' even though the openVPN at my office is 'dev tun'

This is the error log on the client:
---
2011-01-05 01:44:10 *Tunnelblick: OS X 10.6.5; Tunnelblick 3.1.2
(build 2190.2258); OpenVPN 2.1.4
2011-01-05 01:44:20 *Tunnelblick: Attempting connection with config;
Set nameserver = 1; monitoring connection
2011-01-05 01:44:20 *Tunnelblick: /Applications/Tunnelblick.app/
Contents/Resources/openvpnstart start config.ovpn 1337 1 0 0 0 49
2011-01-05 01:44:25 *Tunnelblick: openvpnstart status #247: /
Applications/Tunnelblick.app/Contents/Resources/tun.kext failed to
load - (libkern/kext) kext (kmod) start/stop routine failed; check the
system/kernel logs for errors or try kextutil(8).
/Applications/Tunnelblick.app/Contents/Resources/tun.kext failed to
load - (libkern/kext) kext (kmod) start/stop routine failed; check the
system/kernel logs for errors or try kextutil(8).
/Applications/Tunnelblick.app/Contents/Resources/tun.kext failed to
load - (libkern/kext) kext (kmod) start/stop routine failed; check the
system/kernel logs for errors or try kextutil(8).
/Applications/Tunnelblick.app/Contents/Resources/tun.kext failed to
load - (libkern/kext) kext (kmod) start/stop routine failed; check the
system/kernel logs for errors or try kextutil(8).
/Applications/Tunnelblick.app/Contents/Resources/tun.kext failed to
load - (libkern/kext) kext (kmod) start/stop routine failed; check the
system/kernel logs for errors or try kextutil(8).
Error: Unable to load net.tunnelblick.tun and/or net.tunnelblick.tap
kexts in 5 tries. Status = 71
---

Here is my client config

---
client

;dev tap
dev tun

;proto tcp
proto udp

remote ???.???.???.??? 1194

resolv-retry infinite

nobind

# Downgrade privileges after initialization (non-Windows only)
;user nobody
;group nobody

# Try to preserve some state across restarts.
persist-key
persist-tun

;mute-replay-warnings

ca /Users/me/.keys/ca.crt
cert /Users/me/.keys/client.crt
key /Users/me/.keys/client.key

comp-lzo

# Set log file verbosity.
verb 3
---

Tunelblick 3.1.2
OS X 10.6.5

mbp:~ me$ kextstat |grep tun
140 0 0xaaa14000 0x6000 0x5000 foo.tun (1.0) <12 11 9 7 4
1>

Any help/advice would be greatly appreciated.

jkbull...gmail.com

unread,
Jan 5, 2011, 6:13:47 AM1/5/11
to tunnelbli...@googlegroups.com
Thanks for posting the log and your config, and the kextstat output -- everything that's needed!

The problem is indicated here:
2011-01-05 01:44:25 *Tunnelblick: openvpnstart status #247: /Applications/Tunnelblick.app/Contents/Resources/tun.kext failed toload - (libkern/kext) kext (kmod) start/stop routine failed; check the system/kernel logs for errors or try kextutil(8).

Tunnelblick was not able to load the tun kext, because it was unable to unload the "foo.tun" kext, which conflicts with it.

Type in the following command in Terminal: 

sudo kextunload -b foo.tun 

(Note: sudo requires your administrator password.) 

Then do the kextstat command again; foo.tun should not be listed anymore and you should be able to connect.

If this happens again after you restart your system (whenever that is), then there is some software that is loading foo.tun whenever you restart your system, so you might want to look into that.

jkbull...gmail.com

unread,
Jan 5, 2011, 6:47:38 AM1/5/11
to tunnelbli...@googlegroups.com
Tunnelblick always tries to unload foo.tun or foo.tap as needed to connect, so perhaps some program (VPN software, or perhaps OpenVPN itself?) is using foo.tun when you are trying to connect.

bmmcwhirt

unread,
Jan 5, 2011, 8:26:42 AM1/5/11
to tunnelblick-discuss
Ok, it appears I have a problem then.

Miredo blocks foo.tun from being unloaded.

---
mbp:~ iceberg$ sudo kextunload -b foo.tun
Password:
(kernel) Kext foo.tun did not stop (return code 0x5).
(kernel) Kext foo.tun can't unload - module stop returned 0xdc008017.
Failed to unload foo.tun - (libkern/kext) kext (kmod) start/stop
routine failed.
---

I disable it and I and can unload. The problem is that my ISP does not
use ipv6 yet so I have to use miredo. Without it there is no way to
even reach the openVPN server. Everything but out main webserver is
pure ipv6, so is there anything I can try to get these two to work
together?

jkbull...gmail.com

unread,
Jan 5, 2011, 8:40:22 AM1/5/11
to tunnelbli...@googlegroups.com
I'm not familiar with miredo, but I gather it gives you ipv6 support.

You can try a couple of things:

(1) Try setting Tunnelblick's "-doNotLoadTunKext" preference to TRUE. Note: this is a per-configuration preference, so for your configuration file (named "config.ovpn"), you would type the following into Terminal:

defaults write com.openvpn.tunnelblick config-doNotLoadTunKext -bool yes

(2) Try Tunnelblick version 3.0b10, which doesn't use the new, 64-bit-compatible tun/tap kexts. You can download it from the "Deprecated Versions" section of http://code.google.com/p/tunnelblick/wiki/DownloadsEntry?tm=2

bmmcwhirt

unread,
Jan 5, 2011, 9:24:09 AM1/5/11
to tunnelblick-discuss
Thanks, I will try that when I go home this evening. I did test
connecting to my home openVPN from work which is pure ipv4 and I
connect fine.

However in my server config at the house I am pushing my home 10.2.2.0
network with the following

push route 10.2.2.0 255.255.255.0

However I am not able to hit any of the addresses in that subnet.
This may be a question better suited for the openvpn list but I
thought I would ask here while I was here.

jkbull...gmail.com

unread,
Jan 5, 2011, 9:34:09 AM1/5/11
to tunnelbli...@googlegroups.com
Take a look at the client's log to see if it is getting the "pushed" option and if it is processing it.

You might want to play around with the different "Set nameserver" settings and see if one of them works. "Set nameserver" must be selected in the client (at work) for the OpenVPN client to process the "push" directives.

Beyond that, I can't help with the (apparent) routing problem -- I don't know enough about setups like that.

bmmcwhirt

unread,
Jan 5, 2011, 10:01:28 AM1/5/11
to tunnelblick-discuss
Ok, thanks I will hit the docs some more to see if I can figure out
what I don't have set up for all the routing issues. It looks like
tunelblick gets the push notice but none of the routes get set.
Reply all
Reply to author
Forward
0 new messages