Tunnelblick doesn't connect #254 - Disk Utility NOT working
792 views
Skip to first unread message
ctrab...@gmail.com
Aug 21, 2013, 11:31:51 AM8/21/13
to tunnelbli...@googlegroups.com
Hej guys,
Tunnelblick stopped working for me when i upgraded it - changing back to an older version (3.3) won't help either.
Failure notice says
2013-08-21 17:25:44 *Tunnelblick: OS X 10.5.8; Tunnelblick 3.4beta04 (build 3555); prior version 3.4beta02 (build 3550)
2013-08-21 17:25:44 *Tunnelblick: Attempting connection with otto using shadow copy; Set nameserver = 1; monitoring connection
2013-08-21 17:25:44 *Tunnelblick: openvpnstart start otto.tblk 1337 1 0 1 0 305 -atADGNWradsgnw
2013-08-21 17:25:44 *Tunnelblick:
Could not start OpenVPN (openvpnstart returned with status #254)
Contents of the openvpnstart log:
*Tunnelblick: openvpnstart log:
/Library is writable by other (permissions = 0777)
pathIsNotSecure: pathComponentIsNotSecure(/Library, 00)
/Library/Application Support/Tunnelblick/Users/xxx/otto.tblk is not secured
I already tried running Disk Utility for the permission change, but it didn't help. I have no idea how to get it back to working. Do you have any idea what else I could try?
Happy for any help!
Greets!
Tunnelblick stopped working for me when i upgraded it - changing back to an older version (3.3) won't help either.
Failure notice says
2013-08-21 17:25:44 *Tunnelblick: OS X 10.5.8; Tunnelblick 3.4beta04 (build 3555); prior version 3.4beta02 (build 3550)
2013-08-21 17:25:44 *Tunnelblick: Attempting connection with otto using shadow copy; Set nameserver = 1; monitoring connection
2013-08-21 17:25:44 *Tunnelblick: openvpnstart start otto.tblk 1337 1 0 1 0 305 -atADGNWradsgnw
2013-08-21 17:25:44 *Tunnelblick:
Could not start OpenVPN (openvpnstart returned with status #254)
Contents of the openvpnstart log:
*Tunnelblick: openvpnstart log:
/Library is writable by other (permissions = 0777)
pathIsNotSecure: pathComponentIsNotSecure(/Library, 00)
/Library/Application Support/Tunnelblick/Users/xxx/otto.tblk is not secured
I already tried running Disk Utility for the permission change, but it didn't help. I have no idea how to get it back to working. Do you have any idea what else I could try?
Happy for any help!
Greets!
jkbull...gmail.com
Aug 21, 2013, 11:52:27 AM8/21/13
to tunnelbli...@googlegroups.com, ctrab...@gmail.com
All Tunnelblick versions 3.3beta22 and higher do additional checking that the boot volume folders used by Tunnelblick are secure, so if you don't correct the problem you will have to revert to Tunnelblick 3.3beta21b (or lower), available on the Security Risk Downloads page.
You can try to set the permissions manually, by typing the following commands in Terminal:
sudo chown 0:0 /Librarysudo chmod 755 /Library
(This must be done while logged in as a computer administrator, not a "standard" user, and Terminal will ask for the login password after the first command.)
Then try again to connect.
Note that if the permissions for /Library are not correct, it is possible that other system folders also have incorrect owners and/or permissions, so a similar problem could occur. For example, if ownership/permissions for the /Applications folder are incorrect, Tunnelblick may refuse to install or secure itself.
ctrab...@gmail.com
Aug 21, 2013, 5:02:13 PM8/21/13
to tunnelbli...@googlegroups.com, ctrab...@gmail.com
Setting it manually actually worked! Cheers for you help!
j...@leda.coop
Aug 28, 2013, 4:53:23 PM8/28/13
to tunnelbli...@googlegroups.com, ctrab...@gmail.com
Yes, exactly the same problem. Tunnelblick 3.3.0 (build 3518) - OpenVPN 2.2.1
System Version: Mac OS X 10.5.8 (9L31a)
disk utility didn't fix and the manual described above does.
I'll run disk utility again and see if it 'breaks' Tunnelblick. I will report if it does.
thanks for the tips.
jkbull...gmail.com
Sep 1, 2013, 10:38:32 PM9/1/13
to tunnelbli...@googlegroups.com, ctrab...@gmail.com, j...@leda.coop
Disk Utility doesn't work properly on OS X 10.5 ("Leopard") and lower (e.g., 10.4 "Tiger") -- it does not restore the correct ownership/permissions of three system folders. It works on 10.6 ("Snow Leopard") and higher, though.
Tunnelblick "uses" three system folders, and recent versions require that those system folders be "secure". These folders are:
/Applications/Library/Library/Application Support
Tunnelblick considers the standard ownership and permissions that OS X sets up for these folders to be secure. However, there are apparently several third-party installers that modify the standard ownership or permissions incorrectly. The system they have been run on have incorrect (looser) permissions on these important system folders.
The ownership/permissions issue is a bit complicated because different versions of OS X use different ownership/permissions for the three folders that Tunnelblick uses. And different versions of Disk Utility that come with different versions of OS X vary as to their ability to repair problems.
I have tried Disk Utility's "Repair Permissions" on OS X 10.4 through 10.9.
Notes:
- It is possible that my 10.4 and 10.5 systems do not have the standard ownership/permissions.
- It is possible that ACLs also need to be dealt with.
- It is possible that your ownership/permissions are so wrong that Disk Utility cannot operate properly.
- It is possible that if the ownership/permissions on your system have been modified your system may have been compromised and may not be secure -- it may have been "rooted".
Here are my results (YMMV):
On OS X 10.6, 10.7, 10.8, and 10.9, Disk Utility fixes all the problems that Tunnelblick might complain about. 10.6 has different owner:group and permissions than the other three versions of OS X, all of which have the same ownership:group and permissions.
On OS X 10.5, Disk Utility did not fix any bad ownership/permissions issues.
My 10.5 system has owner:group and permissions as follows:root:admin rwxrwxr_x /Applicationsroot:admin rwxrwxr_t /Libraryroot:wheel rwxr_xr_x /Library/Application Support
To get these permissions, use the following commands:sudo chown root:admin /Applicationssudo chmod 775 /Applicationssudo chown root:admin /Librarysudo chmod 775 /Librarysudo chmod +t /Librarysudo chown root:wheel /Library/Application\ Supportsudo chmod 755 /Library/Application\ Support
On OS X 10.4, bad ownership/permissions on /Library are not repaired, although they are repaired on /Applications and /Library/Application Support.
My 10.4 system has owner:group of root:admin and permissions of drwxrwxr-t for /Library.
To get these permissions, use the following commands:sudo chown root:admin /Librarysudo chmod 775 /Library
sudo chmod +t /Library
jkbull...gmail.com
Sep 2, 2013, 7:51:36 AM9/2/13
to tunnelbli...@googlegroups.com, ctrab...@gmail.com, j...@leda.coop, Justin Case
To be complete, here are the ownerships/permissions I see on OS X 10.6 through 10.9:
On OS X 10.6, Disk Utility repaired ownership/permissions to the following:
root:admin rwxrwxr-x /Applicationsroot:admin rwxrwxr-t /Libraryroot:wheel rwxrwxr-x /Library/Application Support
To get these permissions, use the following commands:sudo chown root:admin /Applicationssudo chmod 775 /Applicationssudo chown root:admin /Librarysudo chmod 775 /Librarysudo chmod +t /Librarysudo chown root:wheel /Library/Application\ Support
sudo chmod 775 /Library/Application\ Support
On OS X 10.7 through 10.9, Disk Utility repaired ownership/permissions to the following:
root:admin rwxrwxr-x /Applicationsroot:wheel rwxr-xr-x /Libraryroot:admin rwxr-xr-x /Library/Application Support
To get these permissions, use the following commands:sudo chown root:admin /Applicationssudo chmod 775 /Applications
sudo chown root:wheel /Librarysudo chmod 755 /Librarysudo chown root:admin /Library/Application\ Support
Reply all
Reply to author
Forward
0 new messages