Apparent Public IP address 0.0.0.0

[sheridan...@gmail.com]

When I connect to a Openvpn servers I am getting connected but the status shows "apparent public ip address 0.0.0.0. I connect and then get a message

"After connecting to  x.x.x.x_tcp_443, the Internet does not appear to be reachable."

However I can reach the Internet. I have set a manual DNS server on my Yosemite Mac and services such as https://www.dnsleaktest.com/ confirm the use of only my DNS's. The public IP address is confirmed as correct as well. Occasionaly Tunnelblick 3.7.3 (build 4880) reports the correct public address.

[Tunnelblick developer]

After you have connected the VPN, wait a few seconds and then try loading https://tunnelblick.net/ipinfo in a browser. (That's the URL Tunnelblick uses to check the IP address.)

If that works, there could be some kind of timing problem in the way that Tunnelblick is checking the IP address. Try changing the delay before the IP address check is made with the following Terminal command:

defaults  write  net.tunnelblick.tunnelblick  delayBeforeIPAddressCheckAfterConnection  -float  10.0

which changes the delay from 5 seconds (the default) to 10 seconds. If that work, you can try to lower it -- the minimum value is 0.1 seconds and the maximum is 180 seconds.

The reason for the delay is that OpenVPN usually (depending on your OpenVPN configuration) tells Tunnelblick that the VPN is "connected" before it is fully in place with all routing commands finished. The default delay of 5 seconds is usually long enough for everything to finish. Another approach would be to put a check in the "Set DNS after routes are set" checkbox in Tunnelblick's Advanced settings window. (Select the configuration(s) that you want the do that for before putting a check in the checkbox.)

[sheridan...@gmail.com]

When I use tunnelblicks IP checker I get the value

153.213.226.84,12549,205.233.73.116

The first value is my public IP but I cannot identify the 2 other numbers. The port I should be using is 1483 and 
my DNSs are different.

[Tunnelblick developer]

The response from ipinfo was fine, so go ahead and try changing delayBeforeIPAddressCheckAfterConnection.

The first number is, as you say, the public IP address for the request for ipinfo as seen by the tunnelblick.net server.

The second is the port for the request for ipinfo. That is, tunnelblick.net will send its response to the browser's request for ipinfo to 153.213.226.84 port 12549. The port has nothing to do with the port which OpenVPN is using. It is a randomly-chosen port used specifically for that one request to tunnelblick.net. Each time you access ipinfo you will probably get a different port #. (This is all handled by macOS; Tunnelblick makes its request to tunnelblick.net the same way.)

The third number is the current IP address of the tunnelblick.net server. It is used to check for DNS problems. If access using "tunnelblick.net" fails but access using the IP address succeeds, then the routing is OK but there is a problem with DNS resolution.

[sheridan...@gmail.com]

I have tried setting the Tunnelblick client to  "set DNS after route set" but I occasionnaly get public ip 0.0.0.0. I do not like the setting of the default OS setting as you requested because it may harm the operation of future updates or behaviors.

The VPN appears to operate correctly but I cannot understand why it doesn't recover or at least update if it is a timing problem. If this issue occurs because of a timing problem I would expect it to recover say after 10 minutes or so after initial connection but it doesn't.

Thx

[Tunnelblick developer]

You can safely change the "defaults" setting. It is not an OS setting, it is a Tunnelblick setting. It affects only Tunnelblick, and the setting I posted earlier can be reversed by copy/pasting the following into Terminal (followed by the "return" or "enter" key):

defaults delete net.tunnelblick.tunnelblick delayBeforeIPAddressCheckAfterConnection

Tunnelblick checks the IP address only when you connect. It does not keep trying, so it will not ever "recover" from a failure checking the IP address.