Authorizing/Reconnecting Loop

55 views

Skip to first unread message

Gary Kessler

unread,

Jun 17, 2025, 12:52:56 PMJun 17

to tunnelblick-discuss

Hello.

I updated from Tunnelblick 6.01 to 8.0, and now I get the Authorizing/Reconnecting Loop.

Below is my log file. For some reason the attachment option does not show up in this window.

Please help!

Thanks,

Gary

*Tunnelblick: macOS 15.5 (24F74); Tunnelblick 6.0 (build 6160); prior version 8.0 (build 6300); Admin user

git commit 7a9fcf29ae3c5e2bc43627a065ea6f190a97d51c

The Tunnelblick.app process is not being translated (arm64)

System Integrity Protection is enabled

Model: Mac16,13

================================================================================

Configuration garyk

"Sanitized" condensed configuration file for /Users/garyk/Library/Application Support/Tunnelblick/Configurations/garyk.tblk:

client

dev tun

proto udp

remote 65.78.53.248 12753

resolv-retry infinite

nobind

persist-key

persist-tun

ca ca.crt

cert client.crt

key client.key

cipher AES-128-CBC

comp-lzo

verb 5

================================================================================

Files in garyk.tblk:

Contents/Resources/cli….crt

Contents/Resources/ca.crt

Contents/Resources/config.ovpn

Contents/Resources/cli….key

================================================================================

Configuration preferences:

-doNotReconnectOnFastUserSwitch = 1

-doNotReconnectOnWakeFromSleep = 1

-routeAllTrafficThroughVpn = 0

-credentialsGroup =

-openvpnVersion = -

-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0

-keepConnected = 1

-doNotDisconnectOnSleep = 0

-enableIpv6OnTap = 0

-loggingLevel = 3

-lastConnectionSucceeded = 0

================================================================================

Wildcard preferences:

-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0

================================================================================

Program preferences:

launchAtNextLogin = 1

tunnelblickVersionHistory = (

"6.0 (build 6160)",

"8.0 (build 6300)",

"3.8.8b (build 5777)",

"4.0.0 (build 5970)",

"3.8.8g (build 5779.3)",

"3.8.8d (build 5779)",

"3.8.8c (build 5778)",

"3.8.8b (build 5777)",

"3.8.8a (build 5776)",

"3.8.7a (build 5770)"

)

statusDisplayNumber = 0

lastLaunchTime = 771870572.458403

lastLanguageAtLaunchWasRTL = 0

connectionWindowDisplayCriteria = showWhenConnecting

maxLogDisplaySize = 102400

lastConnectedDisplayName = garyk

keyboardShortcutIndex = 1

updateCheckAutomatically = 1

NSWindow Frame SettingsSheetWindow = 881 440 829 548 0 0 1710 1068

NSWindow Frame ConnectingWindow = 660 653 389 217 0 0 1710 1068

NSWindow Frame SUStatusFrame = 655 714 400 135 0 0 1710 1068

NSWindow Frame SUUpdateAlert = 545 521 620 392 0 0 1710 1068

detailsWindowFrameVersion = 6160

detailsWindowFrame = {{395, 424}, {920, 522}}

detailsWindowLeftFrame = {{0, 0}, {167, 402}}

detailsWindowViewIndex = 0

detailsWindowConfigurationsTabIdentifier = settings

leftNavSelectedDisplayName = garyk

AdvancedWindowTabIdentifier = connectingAndDisconnecting

haveDealtWithOldTunTapPreferences = 1

haveDealtWithAlwaysShowLoginWindow = 1

haveDealtWithOldLoginItem = 1

haveDealtWithAfterDisconnect = 1

SUEnableAutomaticChecks = 1

SUScheduledCheckInterval = 86400

SULastCheckTime = 2025-06-17 16:29:33 +0000

SUHasLaunchedBefore = 1

================================================================================

Forced preferences:

(None)

================================================================================

Deployed forced preferences:

(None)

================================================================================

Tunnelblick Kext Policy Data:

================================================================================

Tunnelblick Log:

2025-06-17 12:35:44.592036 *Tunnelblick: macOS 15.5 (24F74); Tunnelblick 6.0 (build 6160); prior version 8.0 (build 6300)

2025-06-17 12:35:45.093459 *Tunnelblick: Attempting connection with garyk using shadow copy; Set nameserver = 0x00000301; monitoring connection

2025-06-17 12:35:45.093781 *Tunnelblick: openvpnstart start garyk.tblk 56797 0x00000301 0 1 0 0x0210c130 -ptADGNWradsgnw 2.6.13-openssl-3.0.16 <password>

2025-06-17 12:35:45.121929 *Tunnelblick: openvpnstart starting OpenVPN

2025-06-17 12:35:45.506000 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.

2025-06-17 12:35:45.509270 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations.

2025-06-17 12:35:45.509563 OpenVPN 2.6.13 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD]

2025-06-17 12:35:45.509626 library versions: OpenSSL 3.0.16 11 Feb 2025, LZO 2.10

2025-06-17 12:35:45.512229 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:56797

2025-06-17 12:35:45.512314 Need hold release from management interface, waiting...

2025-06-17 12:35:46.360417 *Tunnelblick: openvpnstart log:

OpenVPN started successfully.

Command used to start OpenVPN (one argument per displayed line):

/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.6.13-openssl-3.0.16/openvpn

--daemon

--log-append /Library/Application Support/Tunnelblick/Logs/-SUsers-Sgaryk-SLibrary-SApplication Support-STunnelblick-SConfigurations-Sgaryk.tblk-SContents-SResources-Sconfig.ovpn.769_0_1_0_34652464.56797.openvpn.log

--cd /Library/Application Support/Tunnelblick/Users/garyk/garyk.tblk/Contents/Resources

--machine-readable-output

--setenv IV_GUI_VER "net.tunnelblick.tunnelblick 6160 6.0 (build 6160)"

--verb 3

--config /Library/Application Support/Tunnelblick/Users/garyk/garyk.tblk/Contents/Resources/config.ovpn

--setenv TUNNELBLICK_CONFIG_FOLDER /Library/Application Support/Tunnelblick/Users/garyk/garyk.tblk/Contents/Resources

--verb 3

--cd /Library/Application Support/Tunnelblick/Users/garyk/garyk.tblk/Contents/Resources

--management 127.0.0.1 56797 /Library/Application Support/Tunnelblick/Mips/garyk.tblk.mip

--setenv IV_SSO webauth,crtext

--management-query-passwords

--management-hold

--script-security 2

--route-up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw

--down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw

2025-06-17 12:35:46.368239 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:49328

2025-06-17 12:35:46.390757 MANAGEMENT: CMD 'pid'

2025-06-17 12:35:46.390859 MANAGEMENT: CMD 'auth-retry interact'

2025-06-17 12:35:46.390916 MANAGEMENT: CMD 'state on'

2025-06-17 12:35:46.390955 MANAGEMENT: CMD 'state'

2025-06-17 12:35:46.391020 MANAGEMENT: CMD 'bytecount 1'

2025-06-17 12:35:46.396262 *Tunnelblick: Established communication with OpenVPN

2025-06-17 12:35:46.396962 *Tunnelblick: >INFO:OpenVPN Management Interface Version 5 -- type 'help' for more info

2025-06-17 12:35:46.397571 MANAGEMENT: CMD 'hold release'

2025-06-17 12:35:46.397922 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

2025-06-17 12:35:46.397959 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2025-06-17 12:35:46.413678 TCP/UDP: Preserving recently used remote address: [AF_INET]65.78.53.248:12753

2025-06-17 12:35:46.413864 Socket Buffers: R=[786896->786896] S=[9216->9216]

2025-06-17 12:35:46.413901 UDPv4 link local: (not bound)

2025-06-17 12:35:46.413924 UDPv4 link remote: [AF_INET]65.78.53.248:12753

2025-06-17 12:35:46.414010 MANAGEMENT: >STATE:1750178146,WAIT,,,,,,

2025-06-17 12:35:46.452802 MANAGEMENT: >STATE:1750178146,AUTH,,,,,,

2025-06-17 12:35:46.452916 TLS: Initial packet from [AF_INET]65.78.53.248:12753, sid=ef918556 acbe3b63

2025-06-17 12:35:46.571271 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=netgear CA, emailAddress=ma...@netgear.com

2025-06-17 12:35:46.571834 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=server, emailAddress=ma...@netgear.com

2025-06-17 12:35:46.721704 Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, peer certificate: 1024 bits RSA, signature: RSA-SHA256, peer temporary key: 1024 bits DH

2025-06-17 12:35:46.721827 [server] Peer Connection Initiated with [AF_INET]65.78.53.248:12753

2025-06-17 12:35:46.721865 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1

2025-06-17 12:35:46.721971 TLS: tls_multi_process: initial untrusted session promoted to trusted

2025-06-17 12:35:47.840571 MANAGEMENT: >STATE:1750178147,GET_CONFIG,,,,,,

2025-06-17 12:35:47.840781 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

2025-06-17 12:35:47.886434 PUSH: Received control message: 'PUSH_REPLY,route 10.0.1.0 255.255.255.0,route-gateway 192.168.2.1,topology subnet,ping 10,ping-restart 120,ifconfig 192.168.2.2 255.255.255.0'

2025-06-17 12:35:47.886632 OPTIONS IMPORT: --ifconfig/up options modified

2025-06-17 12:35:47.886661 OPTIONS IMPORT: route options modified

2025-06-17 12:35:47.886678 OPTIONS IMPORT: route-related options modified

2025-06-17 12:35:47.886707 OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher ('AES-128-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305') if you want to connect to this server.

2025-06-17 12:35:47.886725 ERROR: Failed to apply push options

2025-06-17 12:35:47.886740 Failed to open tun/tap interface

2025-06-17 12:35:47.887008 SIGUSR1[soft,process-push-msg-failed] received, process restarting

2025-06-17 12:35:47.887035 MANAGEMENT: >STATE:1750178147,RECONNECTING,process-push-msg-failed,,,,,

2025-06-17 12:35:47.888137 *Tunnelblick: Delaying HOLD release for 1.000 seconds

2025-06-17 12:35:48.891248 MANAGEMENT: CMD 'hold release'

2025-06-17 12:35:48.891403 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

2025-06-17 12:35:48.891432 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2025-06-17 12:35:48.891779 TCP/UDP: Preserving recently used remote address: [AF_INET]65.78.53.248:12753

2025-06-17 12:35:48.891854 Socket Buffers: R=[786896->786896] S=[9216->9216]

2025-06-17 12:35:48.891872 UDPv4 link local: (not bound)

2025-06-17 12:35:48.891885 UDPv4 link remote: [AF_INET]65.78.53.248:12753

2025-06-17 12:35:48.891929 MANAGEMENT: >STATE:1750178148,WAIT,,,,,,

2025-06-17 12:35:49.003893 MANAGEMENT: >STATE:1750178149,AUTH,,,,,,

2025-06-17 12:35:49.003959 TLS: Initial packet from [AF_INET]65.78.53.248:12753, sid=5f7a920b 7301401f

2025-06-17 12:35:49.188520 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=netgear CA, emailAddress=ma...@netgear.com

2025-06-17 12:35:49.188711 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=server, emailAddress=ma...@netgear.com

2025-06-17 12:35:49.344106 Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, peer certificate: 1024 bits RSA, signature: RSA-SHA256, peer temporary key: 1024 bits DH

2025-06-17 12:35:49.344175 [server] Peer Connection Initiated with [AF_INET]65.78.53.248:12753

2025-06-17 12:35:49.344205 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1

2025-06-17 12:35:49.344286 TLS: tls_multi_process: initial untrusted session promoted to trusted

2025-06-17 12:35:50.577432 MANAGEMENT: >STATE:1750178150,GET_CONFIG,,,,,,

2025-06-17 12:35:50.577611 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

2025-06-17 12:35:50.626305 PUSH: Received control message: 'PUSH_REPLY,route 10.0.1.0 255.255.255.0,route-gateway 192.168.2.1,topology subnet,ping 10,ping-restart 120,ifconfig 192.168.2.3 255.255.255.0'

2025-06-17 12:35:50.626429 OPTIONS IMPORT: --ifconfig/up options modified

2025-06-17 12:35:50.626458 OPTIONS IMPORT: route options modified

2025-06-17 12:35:50.626474 OPTIONS IMPORT: route-related options modified

2025-06-17 12:35:50.626492 OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher ('AES-128-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305') if you want to connect to this server.

2025-06-17 12:35:50.626505 ERROR: Failed to apply push options

2025-06-17 12:35:50.626516 Failed to open tun/tap interface

2025-06-17 12:35:50.626785 SIGUSR1[soft,process-push-msg-failed] received, process restarting

2025-06-17 12:35:50.626817 MANAGEMENT: >STATE:1750178150,RECONNECTING,process-push-msg-failed,,,,,

2025-06-17 12:35:50.627985 *Tunnelblick: Delaying HOLD release for 1.000 seconds

2025-06-17 12:35:51.630575 MANAGEMENT: CMD 'hold release'

2025-06-17 12:35:51.630688 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

2025-06-17 12:35:51.630709 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2025-06-17 12:35:51.631016 TCP/UDP: Preserving recently used remote address: [AF_INET]65.78.53.248:12753

2025-06-17 12:35:51.631091 Socket Buffers: R=[786896->786896] S=[9216->9216]

2025-06-17 12:35:51.631111 UDPv4 link local: (not bound)

2025-06-17 12:35:51.631127 UDPv4 link remote: [AF_INET]65.78.53.248:12753

2025-06-17 12:35:51.631174 MANAGEMENT: >STATE:1750178151,WAIT,,,,,,

2025-06-17 12:35:51.670491 MANAGEMENT: >STATE:1750178151,AUTH,,,,,,

2025-06-17 12:35:51.670570 TLS: Initial packet from [AF_INET]65.78.53.248:12753, sid=72f98721 e9f79fba

2025-06-17 12:35:51.789912 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=netgear CA, emailAddress=ma...@netgear.com

2025-06-17 12:35:51.790265 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=server, emailAddress=ma...@netgear.com

2025-06-17 12:35:51.943318 Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, peer certificate: 1024 bits RSA, signature: RSA-SHA256, peer temporary key: 1024 bits DH

2025-06-17 12:35:51.943428 [server] Peer Connection Initiated with [AF_INET]65.78.53.248:12753

2025-06-17 12:35:51.943457 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1

2025-06-17 12:35:51.943555 TLS: tls_multi_process: initial untrusted session promoted to trusted

2025-06-17 12:35:53.232911 MANAGEMENT: >STATE:1750178153,GET_CONFIG,,,,,,

2025-06-17 12:35:53.233023 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

2025-06-17 12:35:53.273770 PUSH: Received control message: 'PUSH_REPLY,route 10.0.1.0 255.255.255.0,route-gateway 192.168.2.1,topology subnet,ping 10,ping-restart 120,ifconfig 192.168.2.4 255.255.255.0'

2025-06-17 12:35:53.273882 OPTIONS IMPORT: --ifconfig/up options modified

2025-06-17 12:35:53.273901 OPTIONS IMPORT: route options modified

2025-06-17 12:35:53.273913 OPTIONS IMPORT: route-related options modified

2025-06-17 12:35:53.273928 OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher ('AES-128-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305') if you want to connect to this server.

2025-06-17 12:35:53.273940 ERROR: Failed to apply push options

2025-06-17 12:35:53.273951 Failed to open tun/tap interface

2025-06-17 12:35:53.274246 SIGUSR1[soft,process-push-msg-failed] received, process restarting

2025-06-17 12:35:53.274269 MANAGEMENT: >STATE:1750178153,RECONNECTING,process-push-msg-failed,,,,,

2025-06-17 12:35:53.275468 *Tunnelblick: Delaying HOLD release for 1.000 seconds

2025-06-17 12:35:54.277859 MANAGEMENT: CMD 'hold release'

2025-06-17 12:35:54.277973 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

2025-06-17 12:35:54.277997 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2025-06-17 12:35:54.278295 TCP/UDP: Preserving recently used remote address: [AF_INET]65.78.53.248:12753

2025-06-17 12:35:54.278366 Socket Buffers: R=[786896->786896] S=[9216->9216]

2025-06-17 12:35:54.278389 UDPv4 link local: (not bound)

2025-06-17 12:35:54.278406 UDPv4 link remote: [AF_INET]65.78.53.248:12753

2025-06-17 12:35:54.278452 MANAGEMENT: >STATE:1750178154,WAIT,,,,,,

2025-06-17 12:35:54.320824 MANAGEMENT: >STATE:1750178154,AUTH,,,,,,

2025-06-17 12:35:54.320879 TLS: Initial packet from [AF_INET]65.78.53.248:12753, sid=84c382f5 5d9f0c51

2025-06-17 12:35:54.441638 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=netgear CA, emailAddress=ma...@netgear.com

2025-06-17 12:35:54.441990 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=server, emailAddress=ma...@netgear.com

2025-06-17 12:35:54.593547 Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, peer certificate: 1024 bits RSA, signature: RSA-SHA256, peer temporary key: 1024 bits DH

2025-06-17 12:35:54.593647 [server] Peer Connection Initiated with [AF_INET]65.78.53.248:12753

2025-06-17 12:35:54.593677 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1

2025-06-17 12:35:54.593773 TLS: tls_multi_process: initial untrusted session promoted to trusted

2025-06-17 12:35:55.675161 MANAGEMENT: >STATE:1750178155,GET_CONFIG,,,,,,

2025-06-17 12:35:55.675327 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

2025-06-17 12:35:55.718520 PUSH: Received control message: 'PUSH_REPLY,route 10.0.1.0 255.255.255.0,route-gateway 192.168.2.1,topology subnet,ping 10,ping-restart 120,ifconfig 192.168.2.5 255.255.255.0'

2025-06-17 12:35:55.718614 OPTIONS IMPORT: --ifconfig/up options modified

2025-06-17 12:35:55.718630 OPTIONS IMPORT: route options modified

2025-06-17 12:35:55.718635 OPTIONS IMPORT: route-related options modified

2025-06-17 12:35:55.718648 OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher ('AES-128-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305') if you want to connect to this server.

2025-06-17 12:35:55.718657 ERROR: Failed to apply push options

2025-06-17 12:35:55.718661 Failed to open tun/tap interface

2025-06-17 12:35:55.718847 SIGUSR1[soft,process-push-msg-failed] received, process restarting

2025-06-17 12:35:55.718884 MANAGEMENT: >STATE:1750178155,RECONNECTING,process-push-msg-failed,,,,,

2025-06-17 12:35:55.719838 *Tunnelblick: Delaying HOLD release for 1.000 seconds

2025-06-17 12:35:56.722537 MANAGEMENT: CMD 'hold release'

2025-06-17 12:35:56.722644 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

2025-06-17 12:35:56.722669 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2025-06-17 12:35:56.722819 TCP/UDP: Preserving recently used remote address: [AF_INET]65.78.53.248:12753

2025-06-17 12:35:56.722903 Socket Buffers: R=[786896->786896] S=[9216->9216]

2025-06-17 12:35:56.722923 UDPv4 link local: (not bound)

2025-06-17 12:35:56.722933 UDPv4 link remote: [AF_INET]65.78.53.248:12753

2025-06-17 12:35:56.722960 MANAGEMENT: >STATE:1750178156,WAIT,,,,,,

2025-06-17 12:35:56.767192 MANAGEMENT: >STATE:1750178156,AUTH,,,,,,

2025-06-17 12:35:56.767264 TLS: Initial packet from [AF_INET]65.78.53.248:12753, sid=7fce2ff3 59298cb0

2025-06-17 12:35:56.881279 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=netgear CA, emailAddress=ma...@netgear.com

2025-06-17 12:35:56.881469 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=server, emailAddress=ma...@netgear.com

2025-06-17 12:35:57.052083 Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, peer certificate: 1024 bits RSA, signature: RSA-SHA256, peer temporary key: 1024 bits DH

2025-06-17 12:35:57.052170 [server] Peer Connection Initiated with [AF_INET]65.78.53.248:12753

2025-06-17 12:35:57.052191 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1

2025-06-17 12:35:57.052256 TLS: tls_multi_process: initial untrusted session promoted to trusted

2025-06-17 12:35:58.102991 MANAGEMENT: >STATE:1750178158,GET_CONFIG,,,,,,

2025-06-17 12:35:58.103121 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

2025-06-17 12:35:58.146004 PUSH: Received control message: 'PUSH_REPLY,route 10.0.1.0 255.255.255.0,route-gateway 192.168.2.1,topology subnet,ping 10,ping-restart 120,ifconfig 192.168.2.6 255.255.255.0'

2025-06-17 12:35:58.146130 OPTIONS IMPORT: --ifconfig/up options modified

2025-06-17 12:35:58.146156 OPTIONS IMPORT: route options modified

2025-06-17 12:35:58.146171 OPTIONS IMPORT: route-related options modified

2025-06-17 12:35:58.146189 OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher ('AES-128-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305') if you want to connect to this server.

2025-06-17 12:35:58.146200 ERROR: Failed to apply push options

2025-06-17 12:35:58.146211 Failed to open tun/tap interface

2025-06-17 12:35:58.146486 SIGUSR1[soft,process-push-msg-failed] received, process restarting

2025-06-17 12:35:58.146517 MANAGEMENT: >STATE:1750178158,RECONNECTING,process-push-msg-failed,,,,,

2025-06-17 12:35:58.147732 *Tunnelblick: Delaying HOLD release for 2.000 seconds

2025-06-17 12:36:00.150835 MANAGEMENT: CMD 'hold release'

2025-06-17 12:36:00.150948 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

2025-06-17 12:36:00.150976 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2025-06-17 12:36:00.151154 TCP/UDP: Preserving recently used remote address: [AF_INET]65.78.53.248:12753

2025-06-17 12:36:00.151235 Socket Buffers: R=[786896->786896] S=[9216->9216]

2025-06-17 12:36:00.151262 UDPv4 link local: (not bound)

2025-06-17 12:36:00.151276 UDPv4 link remote: [AF_INET]65.78.53.248:12753

2025-06-17 12:36:00.151307 MANAGEMENT: >STATE:1750178160,WAIT,,,,,,

2025-06-17 12:36:00.192725 MANAGEMENT: >STATE:1750178160,AUTH,,,,,,

2025-06-17 12:36:00.192807 TLS: Initial packet from [AF_INET]65.78.53.248:12753, sid=50673313 cb87bbf7

2025-06-17 12:36:00.310517 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=netgear CA, emailAddress=ma...@netgear.com

2025-06-17 12:36:00.310708 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=server, emailAddress=ma...@netgear.com

2025-06-17 12:36:00.460811 Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, peer certificate: 1024 bits RSA, signature: RSA-SHA256, peer temporary key: 1024 bits DH

2025-06-17 12:36:00.460903 [server] Peer Connection Initiated with [AF_INET]65.78.53.248:12753

2025-06-17 12:36:00.460934 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1

2025-06-17 12:36:00.461000 TLS: tls_multi_process: initial untrusted session promoted to trusted

2025-06-17 12:36:01.614758 MANAGEMENT: >STATE:1750178161,GET_CONFIG,,,,,,

2025-06-17 12:36:01.614871 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

2025-06-17 12:36:01.662849 PUSH: Received control message: 'PUSH_REPLY,route 10.0.1.0 255.255.255.0,route-gateway 192.168.2.1,topology subnet,ping 10,ping-restart 120,ifconfig 192.168.2.7 255.255.255.0'

2025-06-17 12:36:01.662982 OPTIONS IMPORT: --ifconfig/up options modified

2025-06-17 12:36:01.663010 OPTIONS IMPORT: route options modified

2025-06-17 12:36:01.663022 OPTIONS IMPORT: route-related options modified

2025-06-17 12:36:01.663033 OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher ('AES-128-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305') if you want to connect to this server.

2025-06-17 12:36:01.663042 ERROR: Failed to apply push options

2025-06-17 12:36:01.663048 Failed to open tun/tap interface

2025-06-17 12:36:01.663238 SIGUSR1[soft,process-push-msg-failed] received, process restarting

2025-06-17 12:36:01.663275 MANAGEMENT: >STATE:1750178161,RECONNECTING,process-push-msg-failed,,,,,

2025-06-17 12:36:01.669321 *Tunnelblick: Delaying HOLD release for 4.000 seconds

2025-06-17 12:36:05.671666 MANAGEMENT: CMD 'hold release'

2025-06-17 12:36:05.671796 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

2025-06-17 12:36:05.671820 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2025-06-17 12:36:05.672059 TCP/UDP: Preserving recently used remote address: [AF_INET]65.78.53.248:12753

2025-06-17 12:36:05.672136 Socket Buffers: R=[786896->786896] S=[9216->9216]

2025-06-17 12:36:05.672157 UDPv4 link local: (not bound)

2025-06-17 12:36:05.672173 UDPv4 link remote: [AF_INET]65.78.53.248:12753

2025-06-17 12:36:05.672219 MANAGEMENT: >STATE:1750178165,WAIT,,,,,,

2025-06-17 12:36:05.722887 MANAGEMENT: >STATE:1750178165,AUTH,,,,,,

2025-06-17 12:36:05.722986 TLS: Initial packet from [AF_INET]65.78.53.248:12753, sid=99f9e49d 0a405395

2025-06-17 12:36:05.845321 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=netgear CA, emailAddress=ma...@netgear.com

2025-06-17 12:36:05.845706 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=server, emailAddress=ma...@netgear.com

2025-06-17 12:36:05.994927 Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, peer certificate: 1024 bits RSA, signature: RSA-SHA256, peer temporary key: 1024 bits DH

2025-06-17 12:36:05.995032 [server] Peer Connection Initiated with [AF_INET]65.78.53.248:12753

2025-06-17 12:36:05.995063 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1

2025-06-17 12:36:05.995142 TLS: tls_multi_process: initial untrusted session promoted to trusted

2025-06-17 12:36:07.297746 MANAGEMENT: >STATE:1750178167,GET_CONFIG,,,,,,

2025-06-17 12:36:07.297879 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

2025-06-17 12:36:07.353935 PUSH: Received control message: 'PUSH_REPLY,route 10.0.1.0 255.255.255.0,route-gateway 192.168.2.1,topology subnet,ping 10,ping-restart 120,ifconfig 192.168.2.8 255.255.255.0'

2025-06-17 12:36:07.354052 OPTIONS IMPORT: --ifconfig/up options modified

2025-06-17 12:36:07.354072 OPTIONS IMPORT: route options modified

2025-06-17 12:36:07.354080 OPTIONS IMPORT: route-related options modified

2025-06-17 12:36:07.354089 OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher ('AES-128-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305') if you want to connect to this server.

2025-06-17 12:36:07.354095 ERROR: Failed to apply push options

2025-06-17 12:36:07.354101 Failed to open tun/tap interface

2025-06-17 12:36:07.354275 SIGUSR1[soft,process-push-msg-failed] received, process restarting

2025-06-17 12:36:07.354294 MANAGEMENT: >STATE:1750178167,RECONNECTING,process-push-msg-failed,,,,,

2025-06-17 12:36:07.359648 *Tunnelblick: Delaying HOLD release for 8.000 seconds

2025-06-17 12:36:15.361216 MANAGEMENT: CMD 'hold release'

2025-06-17 12:36:15.361390 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

2025-06-17 12:36:15.361419 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2025-06-17 12:36:15.361648 TCP/UDP: Preserving recently used remote address: [AF_INET]65.78.53.248:12753

2025-06-17 12:36:15.361724 Socket Buffers: R=[786896->786896] S=[9216->9216]

2025-06-17 12:36:15.361747 UDPv4 link local: (not bound)

2025-06-17 12:36:15.361791 UDPv4 link remote: [AF_INET]65.78.53.248:12753

2025-06-17 12:36:15.361842 MANAGEMENT: >STATE:1750178175,WAIT,,,,,,

2025-06-17 12:36:15.404539 MANAGEMENT: >STATE:1750178175,AUTH,,,,,,

2025-06-17 12:36:15.404645 TLS: Initial packet from [AF_INET]65.78.53.248:12753, sid=4e945ebf e795989d

2025-06-17 12:36:15.523296 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=netgear CA, emailAddress=ma...@netgear.com

2025-06-17 12:36:15.523649 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=server, emailAddress=ma...@netgear.com

2025-06-17 12:36:15.676581 Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, peer certificate: 1024 bits RSA, signature: RSA-SHA256, peer temporary key: 1024 bits DH

2025-06-17 12:36:15.676674 [server] Peer Connection Initiated with [AF_INET]65.78.53.248:12753

2025-06-17 12:36:15.676703 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1

2025-06-17 12:36:15.676791 TLS: tls_multi_process: initial untrusted session promoted to trusted

2025-06-17 12:36:16.753163 MANAGEMENT: >STATE:1750178176,GET_CONFIG,,,,,,

2025-06-17 12:36:16.753298 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

2025-06-17 12:36:16.799553 PUSH: Received control message: 'PUSH_REPLY,route 10.0.1.0 255.255.255.0,route-gateway 192.168.2.1,topology subnet,ping 10,ping-restart 120,ifconfig 192.168.2.9 255.255.255.0'

2025-06-17 12:36:16.799699 OPTIONS IMPORT: --ifconfig/up options modified

2025-06-17 12:36:16.799724 OPTIONS IMPORT: route options modified

2025-06-17 12:36:16.799738 OPTIONS IMPORT: route-related options modified

2025-06-17 12:36:16.799756 OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher ('AES-128-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305') if you want to connect to this server.

2025-06-17 12:36:16.799768 ERROR: Failed to apply push options

2025-06-17 12:36:16.799778 Failed to open tun/tap interface

2025-06-17 12:36:16.800037 SIGUSR1[soft,process-push-msg-failed] received, process restarting

2025-06-17 12:36:16.800061 MANAGEMENT: >STATE:1750178176,RECONNECTING,process-push-msg-failed,,,,,

2025-06-17 12:36:16.801193 *Tunnelblick: Delaying HOLD release for 16.000 seconds

2025-06-17 12:36:32.804212 MANAGEMENT: CMD 'hold release'

2025-06-17 12:36:32.804348 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

2025-06-17 12:36:32.804369 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2025-06-17 12:36:32.804596 TCP/UDP: Preserving recently used remote address: [AF_INET]65.78.53.248:12753

2025-06-17 12:36:32.804660 Socket Buffers: R=[786896->786896] S=[9216->9216]

2025-06-17 12:36:32.804678 UDPv4 link local: (not bound)

2025-06-17 12:36:32.804695 UDPv4 link remote: [AF_INET]65.78.53.248:12753

2025-06-17 12:36:32.804741 MANAGEMENT: >STATE:1750178192,WAIT,,,,,,

2025-06-17 12:36:32.848497 MANAGEMENT: >STATE:1750178192,AUTH,,,,,,

2025-06-17 12:36:32.848591 TLS: Initial packet from [AF_INET]65.78.53.248:12753, sid=f999a0ac e37c9575

2025-06-17 12:36:32.963442 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=netgear CA, emailAddress=ma...@netgear.com

2025-06-17 12:36:32.963844 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=server, emailAddress=ma...@netgear.com

2025-06-17 12:36:33.142746 Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, peer certificate: 1024 bits RSA, signature: RSA-SHA256, peer temporary key: 1024 bits DH

2025-06-17 12:36:33.142851 [server] Peer Connection Initiated with [AF_INET]65.78.53.248:12753

2025-06-17 12:36:33.142869 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1

2025-06-17 12:36:33.142936 TLS: tls_multi_process: initial untrusted session promoted to trusted

2025-06-17 12:36:34.222227 MANAGEMENT: >STATE:1750178194,GET_CONFIG,,,,,,

2025-06-17 12:36:34.222349 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

2025-06-17 12:36:34.262300 PUSH: Received control message: 'PUSH_REPLY,route 10.0.1.0 255.255.255.0,route-gateway 192.168.2.1,topology subnet,ping 10,ping-restart 120,ifconfig 192.168.2.10 255.255.255.0'

2025-06-17 12:36:34.262492 OPTIONS IMPORT: --ifconfig/up options modified

2025-06-17 12:36:34.262520 OPTIONS IMPORT: route options modified

2025-06-17 12:36:34.262532 OPTIONS IMPORT: route-related options modified

2025-06-17 12:36:34.262550 OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher ('AES-128-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305') if you want to connect to this server.

2025-06-17 12:36:34.262562 ERROR: Failed to apply push options

2025-06-17 12:36:34.262573 Failed to open tun/tap interface

2025-06-17 12:36:34.262832 SIGUSR1[soft,process-push-msg-failed] received, process restarting

2025-06-17 12:36:34.262859 MANAGEMENT: >STATE:1750178194,RECONNECTING,process-push-msg-failed,,,,,

2025-06-17 12:36:34.264010 *Tunnelblick: Delaying HOLD release for 32.000 seconds

2025-06-17 12:37:06.266619 MANAGEMENT: CMD 'hold release'

2025-06-17 12:37:06.266775 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

2025-06-17 12:37:06.266805 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2025-06-17 12:37:06.267037 TCP/UDP: Preserving recently used remote address: [AF_INET]65.78.53.248:12753

2025-06-17 12:37:06.267120 Socket Buffers: R=[786896->786896] S=[9216->9216]

2025-06-17 12:37:06.267144 UDPv4 link local: (not bound)

2025-06-17 12:37:06.267165 UDPv4 link remote: [AF_INET]65.78.53.248:12753

2025-06-17 12:37:06.267217 MANAGEMENT: >STATE:1750178226,WAIT,,,,,,

2025-06-17 12:37:06.312621 MANAGEMENT: >STATE:1750178226,AUTH,,,,,,

2025-06-17 12:37:06.312725 TLS: Initial packet from [AF_INET]65.78.53.248:12753, sid=b09abc85 582dc390

2025-06-17 12:37:06.429045 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=netgear CA, emailAddress=ma...@netgear.com

2025-06-17 12:37:06.429439 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=server, emailAddress=ma...@netgear.com

2025-06-17 12:37:06.585059 Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, peer certificate: 1024 bits RSA, signature: RSA-SHA256, peer temporary key: 1024 bits DH

2025-06-17 12:37:06.585179 [server] Peer Connection Initiated with [AF_INET]65.78.53.248:12753

2025-06-17 12:37:06.585216 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1

2025-06-17 12:37:06.585309 TLS: tls_multi_process: initial untrusted session promoted to trusted

2025-06-17 12:37:07.797077 MANAGEMENT: >STATE:1750178227,GET_CONFIG,,,,,,

2025-06-17 12:37:07.797250 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

2025-06-17 12:37:07.841387 PUSH: Received control message: 'PUSH_REPLY,route 10.0.1.0 255.255.255.0,route-gateway 192.168.2.1,topology subnet,ping 10,ping-restart 120,ifconfig 192.168.2.11 255.255.255.0'

2025-06-17 12:37:07.841545 OPTIONS IMPORT: --ifconfig/up options modified

2025-06-17 12:37:07.841576 OPTIONS IMPORT: route options modified

2025-06-17 12:37:07.841594 OPTIONS IMPORT: route-related options modified

2025-06-17 12:37:07.841616 OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher ('AES-128-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305') if you want to connect to this server.

2025-06-17 12:37:07.841635 ERROR: Failed to apply push options

2025-06-17 12:37:07.841649 Failed to open tun/tap interface

2025-06-17 12:37:07.841918 SIGUSR1[soft,process-push-msg-failed] received, process restarting

2025-06-17 12:37:07.841950 MANAGEMENT: >STATE:1750178227,RECONNECTING,process-push-msg-failed,,,,,

2025-06-17 12:37:07.843034 *Tunnelblick: Delaying HOLD release for 64.000 seconds

2025-06-17 12:37:24.794952 *Tunnelblick: Disconnecting; VPN Details… window disconnect button pressed

2025-06-17 12:37:25.113394 *Tunnelblick: Disconnecting using 'kill'

2025-06-17 12:37:25.286040 SIGTERM[hard,init_instance] received, process exiting

2025-06-17 12:37:25.286105 MANAGEMENT: >STATE:1750178245,EXITING,init_instance,,,,,

2025-06-17 12:37:25.796725 *Tunnelblick: Expected disconnection occurred.

================================================================================

Installer log:

2025-06-17 12:24:26.189904: Tunnelblick installer getuid() = 501; geteuid() = 0; getgid() = 20; getegid() = 20

currentDirectoryPath = '/'; 1 arguments:

0x0003

2025-06-17 12:24:26.194380: Determined username 'garyk' from getuid(): 501

2025-06-17 12:24:26.197576: renamex_np() tests succeeded for /Applications

2025-06-17 12:24:26.200718: renamex_np() tests succeeded for /Library/Application Support/Tunnelblick

2025-06-17 12:24:26.204218: renamex_np() tests succeeded for /Users/garyk/Library/Application Support/Tunnelblick/Configurations

2025-06-17 12:24:26.261640: Moved /Applications/Tunnelblick.app to the Trash

2025-06-17 12:24:26.966071: Copied /Volumes/Tunnelblick/Tunnelblick.app to /Applications/Tunnelblick.app

2025-06-17 12:24:27.040359: Changed ownership of /Applications/Tunnelblick.app and its contents from 501:20 to 0:0

2025-06-17 12:24:27.116058: Removed any 'com.apple.quarantine' extended attributes from '/Applications/Tunnelblick.app'

2025-06-17 12:24:27.232762: Need to replace and/or reload 'tunnelblickd':

daemonHashesMatch = NO

plistHashesMatch = NO

activePlistMatches = NO

2025-06-17 12:24:27.233471: Replaced /Library/LaunchDaemons/net.tunnelblick.tunnelblick.tunnelblickd.plist

2025-06-17 12:24:27.449999: Used launchctl to load tunnelblickd

2025-06-17 12:24:27.454938: Tunnelblick installer succeeded

================================================================================

Down log:

17:00:13 *Tunnelblick: **********************************************

17:00:13 *Tunnelblick: Start of output from client.down.tunnelblick.sh

17:00:14 *Tunnelblick: WARNING: Not restoring network settings because no saved Tunnelblick DNS information was found.

17:00:14 *Tunnelblick: Flushed the DNS cache with dscacheutil -flushcache

17:00:14 *Tunnelblick: Notified mDNSResponder that the DNS cache was flushed

17:00:14 *Tunnelblick: End of output from client.down.tunnelblick.sh

17:00:14 *Tunnelblick: **********************************************

================================================================================

Previous down log:

16:43:16 *Tunnelblick: **********************************************

16:43:16 *Tunnelblick: Start of output from client.down.tunnelblick.sh

16:43:17 *Tunnelblick: WARNING: Not restoring network settings because no saved Tunnelblick DNS information was found.

16:43:17 *Tunnelblick: Flushed the DNS cache with dscacheutil -flushcache

16:43:17 *Tunnelblick: Notified mDNSResponder that the DNS cache was flushed

16:43:17 *Tunnelblick: End of output from client.down.tunnelblick.sh

16:43:17 *Tunnelblick: **********************************************

================================================================================

Network services:

An asterisk (*) denotes that a network service is disabled.

Thunderbolt Bridge

Wi-Fi

Wi-Fi Power (en0): On

================================================================================

ifconfig output:

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384

options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>

inet 127.0.0.1 netmask 0xff000000

inet6 ::1 prefixlen 128

inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1

nd6 options=201<PERFORMNUD,DAD>

gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280

stf0: flags=0<> mtu 1280

anpi0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

options=400<CHANNEL_IO>

ether 1e:c4:cc:4e:77:16

media: none

status: inactive

anpi1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

options=400<CHANNEL_IO>

ether 1e:c4:cc:4e:77:17

media: none

status: inactive

en3: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

options=400<CHANNEL_IO>

ether 1e:c4:cc:4e:77:f6

nd6 options=201<PERFORMNUD,DAD>

media: none

status: inactive

en4: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

options=400<CHANNEL_IO>

ether 1e:c4:cc:4e:77:f7

nd6 options=201<PERFORMNUD,DAD>

media: none

status: inactive

en1: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500

options=460<TSO4,TSO6,CHANNEL_IO>

ether 36:cd:c9:a1:9a:00

media: autoselect <full-duplex>

status: inactive

en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500

options=460<TSO4,TSO6,CHANNEL_IO>

ether 36:cd:c9:a1:9a:04

media: autoselect <full-duplex>

status: inactive

ap1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

options=6460<TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>

ether 3e:a2:da:c3:5f:ee

nd6 options=201<PERFORMNUD,DAD>

media: autoselect (none)

status: inactive

en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

options=6460<TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>

ether 4e:e8:63:8a:a8:37

inet6 fe80::40:28d4:8516:96bc%en0 prefixlen 64 secured scopeid 0xb

inet6 2601:14e:100:5480:1cf0:199c:4b3f:440 prefixlen 64 autoconf secured

inet6 2601:14e:100:5480:6d5f:8334:c152:2f7e prefixlen 64 autoconf temporary

inet6 2601:14e:100:5480::25e0 prefixlen 64 dynamic

inet 10.0.0.214 netmask 0xffffff00 broadcast 10.0.0.255

nd6 options=201<PERFORMNUD,DAD>

media: autoselect

status: active

bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

options=63<RXCSUM,TXCSUM,TSO4,TSO6>

ether 36:cd:c9:a1:9a:00

Configuration:

id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0

maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200

root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0

ipfilter disabled flags 0x0

member: en1 flags=3<LEARNING,DISCOVER>

ifmaxaddr 0 port 8 priority 0 path cost 0

member: en2 flags=3<LEARNING,DISCOVER>

ifmaxaddr 0 port 9 priority 0 path cost 0

nd6 options=201<PERFORMNUD,DAD>

media: <unknown type>

status: inactive

awdl0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

options=6460<TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>

ether 22:8c:62:06:da:84

inet6 fe80::208c:62ff:fe06:da84%awdl0 prefixlen 64 scopeid 0xd

nd6 options=201<PERFORMNUD,DAD>

media: autoselect

status: active

llw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

options=400<CHANNEL_IO>

ether 22:8c:62:06:da:84

inet6 fe80::208c:62ff:fe06:da84%llw0 prefixlen 64 scopeid 0xe

nd6 options=201<PERFORMNUD,DAD>

media: autoselect (none)

utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500

inet6 fe80::ca5b:7f7b:e57e:a50f%utun0 prefixlen 64 scopeid 0xf

nd6 options=201<PERFORMNUD,DAD>

utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380

inet6 fe80::1472:3d3b:43a7:945%utun1 prefixlen 64 scopeid 0x10

nd6 options=201<PERFORMNUD,DAD>

utun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000

inet6 fe80::e096:70cf:5011:db3f%utun2 prefixlen 64 scopeid 0x11

nd6 options=201<PERFORMNUD,DAD>

utun3: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1000

inet6 fe80::ce81:b1c:bd2c:69e%utun3 prefixlen 64 scopeid 0x12

nd6 options=201<PERFORMNUD,DAD>

================================================================================

Non-Apple kexts that are loaded:

Index Refs Address Size Wired Name (Version) UUID <Linked Against>

================================================================================

Quit Log:

2025-06-17 12:27:42.962596 applicationShouldTerminate: termination because of restart; delayed until 'shutdownTunnelblick' finishes)

2025-06-17 12:27:43.101963 shutDownTunnelblick: started.

2025-06-17 12:27:43.272524 shutDownTunnelblick: Starting cleanup.

2025-06-17 12:27:43.283997 cleanup: Entering cleanup

2025-06-17 12:27:43.286702 synchronized user defaults

2025-06-17 12:27:43.628060 Set up flag files for shutting down the computer and expecting all configurations to be disconnected

2025-06-17 12:27:43.629160 doDisconnectionsForShuttingDownComputer: Set 'expect disconnect 1 ALL'

2025-06-17 12:27:43.629644 Started disconnecting all configurations

2025-06-17 12:27:43.630128 Skipping cleanup because computer is shutting down or restarting

2025-06-17 12:27:43.630401 shutDownTunnelblick: Cleanup finished.

2025-06-17 12:27:43.630749 Finished shutting down Tunnelblick; allowing termination

================================================================================

Traces Log:

================================================================================

Console Log:

Gary Kessler

unread,

Jun 17, 2025, 4:48:42 PMJun 17

to tunnelbli...@googlegroups.com

Hi all,

I figured it out myself, so no need to work on this.

Best,

Gary

From: tunnelbli...@googlegroups.com <tunnelbli...@googlegroups.com> on behalf of Gary Kessler <gar...@gmail.com>
Sent: Tuesday, June 17, 2025 12:48:37 PM
To: tunnelblick-discuss <tunnelbli...@googlegroups.com>
Subject: [tunnelblick-discuss] Authorizing/Reconnecting Loop

--
You received this message because you are subscribed to the Google Groups "tunnelblick-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tunnelblick-dis...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/tunnelblick-discuss/cdddbdd5-b877-43ef-9dee-e1f8bf579d7bn%40googlegroups.com.

Tunnelblick Developer

unread,

Jun 18, 2025, 8:29:38 AMJun 18

to tunnelblick-discuss

Please explain what you did to fix it. That may help others with similar problems.

Gary Kessler

unread,

Jun 18, 2025, 11:34:44 AMJun 18

to tunnelbli...@googlegroups.com

I had to do 2 things.

1) I had to install the Tunnelblick system extension by Jonathan Bullard.

2) I had to select OpenVPN version 2.4.12 - OpenSSL v1.1.1w (the 2.5.xx might have worked too.)

But after all this and reading about the upcoming TUN/TAP not being supported by Apple in the future on MacOS, I switched to the OpenVPN Connect app, which seems to work better for me.

Best,

Gary

To view this discussion visit https://groups.google.com/d/msgid/tunnelblick-discuss/bdd2223b-4ec8-4c2d-aa43-7823b9bd10b0n%40googlegroups.com.

Tunnelblick Developer

unread,

Jun 19, 2025, 8:16:27 AMJun 19

to tunnelblick-discuss

Thanks for explaining.

Selecting OpenVPN version 2.4.12 - OpenSSL v1.1.1w. Your VPN setup is not compatible with modern versions of OpenSSL, so using a modern version causes the reconnect loop. The older version of OpenSSL, 1.1.1w, which is no longer supported and no longer receiving security updates, avoids the problem. This problem first appeared when Tunnelblick 4.0 started using OpenSSL 3 as a default, and is discussed in OpenVPN 4.

Installing the Tunnelblick system extension. That wasn't necessary. You have a "tun" configuration, so Tunnelblick's system extensions are not necessary. In attempting to fix the problem, you must have set Tunnelblick to always load the tun extension, which will, well, cause it to always load the extension, which requires installing a Tunnelblick system extension signed by Jonathan Bullard (that's me – Apple doesn't allow it to be signed as "Tunnelblick"). See Installing System Extensions for details.

Reply all

Reply to author

Forward

0 new messages