Unable to connect, waiting for password

calle...@gmail.com

unread,

Mar 24, 2016, 6:00:00 AM3/24/16

to tunnelblick-discuss

I'm unable to connect to a new VPN server. I've only downloaded the .ovpn from a OpenVPN Access Server and added it to tunnelblick. When connecting the status window stops on "waiting for password" in yellow letters. But I don't get a prompt asking me for username or password.

Log:

*Tunnelblick: OS X 10.11.4; Tunnelblick 3.6.0a (build 4543.4546); prior version 3.5.8 (build 4270.4530); Admin user

Configuration cintmicro

"Sanitized" condensed configuration file for /Users/user/Library/Application Support/Tunnelblick/Configurations/cintmicro.tblk:

[Security-related line(s) omitted]

setenv FORWARD_COMPATIBLE 1

client

server-poll-timeout 4

nobind

remote 1.2.3.4 1194 udp

remote 1.2.3.4 443 tcp

remote 1.2.3.4 1194 udp

dev tun

dev-type tun

ns-cert-type server

reneg-sec 604800

sndbuf 100000

rcvbuf 100000

auth-user-pass

comp-lzo no

verb 3

setenv PUSH_PEER_INFO

<ca>

[Security-related line(s) omitted]

</ca>

<cert>

[Security-related line(s) omitted]

</cert>

<key>

[Security-related line(s) omitted]

</key>

key-direction 1

<tls-auth>

[Security-related line(s) omitted]

</tls-auth>

[Security-related line(s) omitted]

================================================================================

Non-Apple kexts that are loaded:

Index Refs Address Size Wired Name (Version) UUID <Linked Against>

140 3 0xffffff7f83338000 0x5f000 0x5f000 org.virtualbox.kext.VBoxDrv (5.0.8) 4BAF2E4A-7E22-3FF6-A33D-D27E06A66063 <7 5 4 3 1>

143 0 0xffffff7f83397000 0x8000 0x8000 org.virtualbox.kext.VBoxUSB (5.0.8) EDF4969A-F9C3-300B-8761-6CF418BDB18A <142 140 39 7 5 4 3 1>

145 0 0xffffff7f833a2000 0x5000 0x5000 org.virtualbox.kext.VBoxNetFlt (5.0.8) C6B1C271-9745-370F-B78F-6417347A31DD <140 7 5 4 3 1>

146 0 0xffffff7f833a7000 0x6000 0x6000 org.virtualbox.kext.VBoxNetAdp (5.0.8) 83FE53D6-61A2-35DF-A478-4ECB46F50CB9 <140 5 4 1>

================================================================================

There are no unusual files in cintmicro.tblk

================================================================================

Configuration preferences:

-keychainHasPrivateKey = 0

-keychainHasUsernameAndPassword = 0

-keychainHasUsername = 0

-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0

-lastConnectionSucceeded = 0

================================================================================

Wildcard preferences:

-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 1

================================================================================

Program preferences:

launchAtNextLogin = 1

notOKToCheckThatIPAddressDidNotChangeAfterConnection = 1

askedUserIfOKToCheckThatIPAddressDidNotChangeAfterConnection = 1

tunnelblickVersionHistory = (

"3.6.0a (build 4543.4546)",

"3.5.8 (build 4270.4530)",

"3.5.7 (build 4270.4517)",

"3.5.6 (build 4270.4505)",

"3.5.5 (build 4270.4461)",

"3.5.4 (build 4270.4395)",

"3.5.3 (build 4270.4371)",

"3.5.2 (build 4270.4346)",

"3.5.0 (build 4265)",

"3.4.4 (build 4055.4236)"

)

statusDisplayNumber = 0

lastLaunchTime = 480504438.39116

showConnectedDurations = 1

connectionWindowDisplayCriteria = showWhenConnecting

maxLogDisplaySize = 102400

lastConnectedDisplayName = VPN3

keyboardShortcutIndex = 1

updateCheckAutomatically = 1

updateSendProfileInfo = 1

NSWindow Frame ConnectingWindow = 525 518 389 187 0 0 1440 877

NSWindow Frame SUStatusFrame = 709 684 384 129 0 0 1440 877

NSWindow Frame ListingWindow = 2492 72 1086 791 1920 0 1920 1177

detailsWindowFrameVersion = 4543.4546

detailsWindowFrame = {{287, 138}, {920, 468}}

detailsWindowLeftFrame = {{0, 0}, {165, 350}}

detailsWindowViewIndex = 0

detailsWindowConfigurationsTabIdentifier = log

leftNavSelectedDisplayName = cintmicro

AdvancedWindowTabIdentifier = vpnCredentials

haveDealtWithSparkle1dot5b6 = 1

haveDealtWithOldTunTapPreferences = 1

haveDealtWithOldLoginItem = 1

SUEnableAutomaticChecks = 1

SUFeedURL = https://www.tunnelblick.net/appcast-s.rss

SUScheduledCheckInterval = 86400

SUSendProfileInfo = 1

SULastCheckTime = 2016-03-24 09:27:18 +0000

SULastProfileSubmissionDate = 2016-03-17 11:12:30 +0000

SUHasLaunchedBefore = 1

WebKitDefaultFontSize = 11

WebKitStandardFont = .SF NS Text

================================================================================

Tunnelblick Log:

2016-03-24 10:42:40 OpenVPN 2.3.10 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Mar 19 2016

2016-03-24 10:42:40 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.09

2016-03-24 10:42:40 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337

2016-03-24 10:42:40 Need hold release from management interface, waiting...

2016-03-24 10:42:40 *Tunnelblick: OS X 10.11.4; Tunnelblick 3.6.0a (build 4543.4546); prior version 3.5.8 (build 4270.4530)

2016-03-24 10:42:40 *Tunnelblick: Attempting connection with cintmicro using shadow copy; Set nameserver = 1; monitoring connection

2016-03-24 10:42:40 *Tunnelblick: openvpnstart start cintmicro.tblk 1337 1 0 1 0 1065265 -ptADGNWradsgnw 2.3.10

2016-03-24 10:42:41 *Tunnelblick: openvpnstart log:

Loading tun-signed.kext

OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):

/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.10/openvpn

--daemon

--log

/Library/Application Support/Tunnelblick/Logs/-SUsers-Suser-SLibrary-SApplication Support-STunnelblick-SConfigurations-Scintmicro.tblk-SContents-SResources-Sconfig.ovpn.1_0_1_0_1065265.1337.openvpn.log

--cd

/Library/Application Support/Tunnelblick/Users/user/cintmicro.tblk/Contents/Resources

--verb

3

--config

/Library/Application Support/Tunnelblick/Users/user/cintmicro.tblk/Contents/Resources/config.ovpn

--cd

/Library/Application Support/Tunnelblick/Users/user/cintmicro.tblk/Contents/Resources

--management

127.0.0.1

1337

--management-query-passwords

--management-hold

--script-security

2

--up

/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw

--down

/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw

2016-03-24 10:42:40 *Tunnelblick: openvpnstart starting OpenVPN

2016-03-24 10:42:41 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337

2016-03-24 10:42:41 MANAGEMENT: CMD 'pid'

2016-03-24 10:42:41 MANAGEMENT: CMD 'state on'

2016-03-24 10:42:41 MANAGEMENT: CMD 'state'

2016-03-24 10:42:41 MANAGEMENT: CMD 'bytecount 1'

2016-03-24 10:42:41 MANAGEMENT: CMD 'hold release'

2016-03-24 10:42:41 *Tunnelblick: Established communication with OpenVPN

2016-03-24 10:42:41 *Tunnelblick: Obtained VPN username and password from the Keychain

2016-03-24 10:42:41 MANAGEMENT: CMD 'username "Auth" ""'

2016-03-24 10:42:41 MANAGEMENT: CMD 'password [...]'

2016-03-24 10:44:34 *Tunnelblick: Disconnecting; VPN Details… window disconnect button pressed

2016-03-24 10:44:34 *Tunnelblick: No 'pre-disconnect.sh' script to execute

2016-03-24 10:44:34 *Tunnelblick: Disconnecting using 'kill'

2016-03-24 10:44:34 MANAGEMENT: Client disconnected

2016-03-24 10:44:34 ERROR: could not read Auth username/password/ok/string from management interface

2016-03-24 10:44:34 Exiting due to fatal error

2016-03-24 10:44:36 *Tunnelblick: No 'post-disconnect.sh' script to execute

2016-03-24 10:44:36 *Tunnelblick: Expected disconnection occurred.

================================================================================

"Sanitized" full configuration file

# Automatically generated OpenVPN client config file

# Generated on Thu Mar 24 09:01:25 2016 by openvpnas2

# Note: this config file contains inline private keys

# and therefore should be kept confidential!

# Note: this configuration is user-locked to the username below

# OVPN_ACCESS_SERVER_USERNAME=calle

# Define the profile name of this particular configuration file

# OVPN_ACCESS_SERVER_PROFILE=ca...@1.2.3.4

# OVPN_ACCESS_SERVER_CLI_PREF_ALLOW_WEB_IMPORT=True

# OVPN_ACCESS_SERVER_CLI_PREF_BASIC_CLIENT=False

# OVPN_ACCESS_SERVER_CLI_PREF_ENABLE_CONNECT=True

# OVPN_ACCESS_SERVER_CLI_PREF_ENABLE_XD_PROXY=True

# OVPN_ACCESS_SERVER_WSHOST=1.2.3.4:443

# OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_START

# -----BEGIN CERTIFICATE-----

[Security-related line(s) omitted]

# -----END CERTIFICATE-----

# OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_STOP

# OVPN_ACCESS_SERVER_IS_OPENVPN_WEB_CA=1

# OVPN_ACCESS_SERVER_ORGANIZATION=OpenVPN Technologies, Inc.

setenv FORWARD_COMPATIBLE 1

client

server-poll-timeout 4

nobind

remote 1.2.3.4 1194 udp

remote 1.2.3.4 443 tcp

remote 1.2.3.4 1194 udp

dev tun

dev-type tun

ns-cert-type server

reneg-sec 604800

sndbuf 100000

rcvbuf 100000

auth-user-pass

# NOTE: LZO commands are pushed by the Access Server at connect time.

# NOTE: The below line doesn't disable LZO.

comp-lzo no

verb 3

setenv PUSH_PEER_INFO

<ca>

[Security-related line(s) omitted]

</ca>

<cert>

[Security-related line(s) omitted]

</cert>

<key>

[Security-related line(s) omitted]

</key>

key-direction 1

<tls-auth>

[Security-related line(s) omitted]

</tls-auth>

## -----BEGIN RSA SIGNATURE-----

[Security-related line(s) omitted]

## -----END RSA SIGNATURE-----

## -----BEGIN CERTIFICATE-----

[Security-related line(s) omitted]

## -----END CERTIFICATE-----

## -----BEGIN CERTIFICATE-----

[Security-related line(s) omitted]

## -----END CERTIFICATE-----

================================================================================

ifconfig output:

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384

options=3<RXCSUM,TXCSUM>

inet6 ::1 prefixlen 128

inet 127.0.0.1 netmask 0xff000000

inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1

inet 127.94.0.2 netmask 0xff000000

inet 127.94.0.1 netmask 0xff000000

nd6 options=1<PERFORMNUD>

gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280

stf0: flags=0<> mtu 1280

en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

ether b8:e8:56:3e:1f:76

inet6 fe80::bae8:56ff:fe3e:1f76%en0 prefixlen 64 scopeid 0x4

inet 172.27.27.178 netmask 0xffffff00 broadcast 172.27.27.255

nd6 options=1<PERFORMNUD>

media: autoselect

status: active

en1: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500

options=60<TSO4,TSO6>

ether 72:00:00:76:a2:20

media: autoselect <full-duplex>

status: inactive

en2: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500

options=60<TSO4,TSO6>

ether 72:00:00:76:a2:21

media: autoselect <full-duplex>

status: inactive

p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304

ether 0a:e8:56:3e:1f:76

media: autoselect

status: inactive

awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1484

ether 1e:7c:5e:08:ff:35

inet6 fe80::1c7c:5eff:fe08:ff35%awdl0 prefixlen 64 scopeid 0x8

nd6 options=1<PERFORMNUD>

media: autoselect

status: active

bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

options=63<RXCSUM,TXCSUM,TSO4,TSO6>

ether ba:e8:56:e3:87:00

Configuration:

id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0

maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200

root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0

ipfilter disabled flags 0x2

member: en1 flags=3<LEARNING,DISCOVER>

ifmaxaddr 0 port 5 priority 0 path cost 0

member: en2 flags=3<LEARNING,DISCOVER>

ifmaxaddr 0 port 6 priority 0 path cost 0

nd6 options=1<PERFORMNUD>

media: <unknown type>

status: inactive

================================================================================

Console Log:

2016-03-24 08:55:57 Tunnelblick[746] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-VPN3' account = 'username'

2016-03-24 08:55:57 Tunnelblick[746] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-VPN3' account = 'password'

2016-03-24 08:56:02 Tunnelblick[746] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-VPN3' account = 'username'

2016-03-24 08:56:02 Tunnelblick[746] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-VPN3' account = 'password'

2016-03-24 10:01:29 Tunnelblick[746] Converting/Installing /Users/user/Downloads/client(13).ovpn: Converted OpenVPN configuration

2016-03-24 10:01:34 Tunnelblick[746] localNameFromDisplayName: 'client(13)' is not a known displayName

2016-03-24 10:01:34 Tunnelblick[746] Beginning installation or repair

2016-03-24 10:01:34 authexec[46045] executing /Applications/Tunnelblick.app/Contents/Resources/installer

2016-03-24 10:01:34 Tunnelblick[746] Installation or repair succeeded; Log:

Tunnelblick installer started 2016-03-24 10:01:34. 3 arguments: 0x0001

/Users/user/Library/Application Support/Tunnelblick/Configurations/client(13).tblk

/private/var/folders/mv/fps9dl4d70dbxtykh03bcscc0000gp/T/Tunnelblick-EGq6NJ/client(13).tblk

Copied /private/var/folders/mv/fps9dl4d70dbxtykh03bcscc0000gp/T/Tunnelblick-EGq6NJ/client(13).tblk

to /Users/user/Library/Application Support/Tunnelblick/Configurations/client(13).tblk.temp

Renamed /Users/user/Library/Application Support/Tunnelblick/Configurations/client(13).tblk.temp

to /Users/user/Library/Application Support/Tunnelblick/Configurations/client(13).tblk

Changed ownership of /Users/user/Library/Application Support/Tunnelblick/Configurations/client(13).tblk and its contents from 502:20 to 502:80

Copied /Users/user/Library/Application Support/Tunnelblick/Configurations/client(13).tblk

to /Library/Application Support/Tunnelblick/Users/user/client(13).tblk.temp

Renamed /Library/Application Support/Tunnelblick/Users/user/client(13).tblk.temp

to /Library/Application Support/Tunnelblick/Users/user/client(13).tblk

Changed ownership of /Library/Application Support/Tunnelblick/Users/user/client(13).tblk and its contents from 502:80 to 0:0

Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/user/client(13).tblk

Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/user/client(13).tblk/Contents

Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/user/client(13).tblk/Contents/Resources

Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/user/client(13).tblk/Contents/Resources/config.ovpn

Created secure (shadow) copy of client(13).tblk

Tunnelblick installer finished without error

2016-03-24 10:01:54 Tunnelblick[746] localNameFromDisplayName: 'CINTMICROSERVICES' is not a known displayName

2016-03-24 10:01:54 Tunnelblick[746] Beginning installation or repair

2016-03-24 10:01:54 authexec[46777] executing /Applications/Tunnelblick.app/Contents/Resources/installer

2016-03-24 10:01:54 Tunnelblick[746] Installation or repair succeeded; Log:

Tunnelblick installer started 2016-03-24 10:01:54. 3 arguments: 0x1001

/Users/user/Library/Application Support/Tunnelblick/Configurations/CINTMICROSERVICES.tblk

/Users/user/Library/Application Support/Tunnelblick/Configurations/client(13).tblk

Copied /Users/user/Library/Application Support/Tunnelblick/Configurations/client(13).tblk

to /Users/user/Library/Application Support/Tunnelblick/Configurations/CINTMICROSERVICES.tblk.temp

Deleted /Users/user/Library/Application Support/Tunnelblick/Configurations/client(13).tblk

Renamed /Users/user/Library/Application Support/Tunnelblick/Configurations/CINTMICROSERVICES.tblk.temp

to /Users/user/Library/Application Support/Tunnelblick/Configurations/CINTMICROSERVICES.tblk

Copied /Users/user/Library/Application Support/Tunnelblick/Configurations/CINTMICROSERVICES.tblk

to /Library/Application Support/Tunnelblick/Users/user/CINTMICROSERVICES.tblk.temp

Renamed /Library/Application Support/Tunnelblick/Users/user/CINTMICROSERVICES.tblk.temp

to /Library/Application Support/Tunnelblick/Users/user/CINTMICROSERVICES.tblk

Changed ownership of /Library/Application Support/Tunnelblick/Users/user/CINTMICROSERVICES.tblk and its contents from 502:80 to 0:0

Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/user/CINTMICROSERVICES.tblk

Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/user/CINTMICROSERVICES.tblk/Contents

Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/user/CINTMICROSERVICES.tblk/Contents/Resources

Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/user/CINTMICROSERVICES.tblk/Contents/Resources/config.ovpn

Created secure (shadow) copy of CINTMICROSERVICES.tblk

Deleted /Library/Application Support/Tunnelblick/Users/user/client(13).tblk

Deleted secure (shadow) copy of client(13).tblk

Tunnelblick installer finished without error

2016-03-24 10:01:59 Tunnelblick[746] Can't retrieve Keychain item for service = 'Tunnelblick-Auth-CINTMICROSERVICES' account = 'username' because it does not exist

2016-03-24 10:01:59 Tunnelblick[746] Can't retrieve Keychain item for service = 'Tunnelblick-Auth-CINTMICROSERVICES' account = 'password' because it does not exist

2016-03-24 10:02:38 Tunnelblick[746] Can't retrieve Keychain item for service = 'Tunnelblick-Auth-CINTMICROSERVICES' account = 'username' because it does not exist

2016-03-24 10:02:38 Tunnelblick[746] Can't retrieve Keychain item for service = 'Tunnelblick-Auth-CINTMICROSERVICES' account = 'password' because it does not exist

2016-03-24 10:04:24 Tunnelblick[746] applicationShouldTerminate: termination for unknown reason, probably Command-Q; delayed until 'shutdownTunnelblick' finishes

2016-03-24 10:04:25 Tunnelblick[746] Finished shutting down Tunnelblick; allowing termination

2016-03-24 10:04:27 Tunnelblick[52305] Tunnelblick: OS X 10.11.4; Tunnelblick 3.6.0a (build 4543.4546)

2016-03-24 10:04:28 Tunnelblick[52305] Set program update feedURL to https://www.tunnelblick.net/appcast-s.rss

2016-03-24 10:04:39 Tunnelblick[52305] Can't retrieve Keychain item for service = 'Tunnelblick-Auth-CINTMICROSERVICES' account = 'username' because it does not exist

2016-03-24 10:04:39 Tunnelblick[52305] Can't retrieve Keychain item for service = 'Tunnelblick-Auth-CINTMICROSERVICES' account = 'password' because it does not exist

2016-03-24 10:11:44 Tunnelblick[52305] localNameFromDisplayName: 'cintmicro' is not a known displayName

2016-03-24 10:11:44 Tunnelblick[52305] Beginning installation or repair

2016-03-24 10:11:44 authexec[67570] executing /Applications/Tunnelblick.app/Contents/Resources/installer

2016-03-24 10:11:44 Tunnelblick[52305] Installation or repair succeeded; Log:

Tunnelblick installer started 2016-03-24 10:11:44. 3 arguments: 0x1001

/Users/user/Library/Application Support/Tunnelblick/Configurations/cintmicro.tblk

/Users/user/Library/Application Support/Tunnelblick/Configurations/CINTMICROSERVICES.tblk

Copied /Users/user/Library/Application Support/Tunnelblick/Configurations/CINTMICROSERVICES.tblk

to /Users/user/Library/Application Support/Tunnelblick/Configurations/cintmicro.tblk.temp

Deleted /Users/user/Library/Application Support/Tunnelblick/Configurations/CINTMICROSERVICES.tblk

Renamed /Users/user/Library/Application Support/Tunnelblick/Configurations/cintmicro.tblk.temp

to /Users/user/Library/Application Support/Tunnelblick/Configurations/cintmicro.tblk

Copied /Users/user/Library/Application Support/Tunnelblick/Configurations/cintmicro.tblk

to /Library/Application Support/Tunnelblick/Users/user/cintmicro.tblk.temp

Renamed /Library/Application Support/Tunnelblick/Users/user/cintmicro.tblk.temp

to /Library/Application Support/Tunnelblick/Users/user/cintmicro.tblk

Changed ownership of /Library/Application Support/Tunnelblick/Users/user/cintmicro.tblk and its contents from 502:80 to 0:0

Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/user/cintmicro.tblk

Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/user/cintmicro.tblk/Contents

Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/user/cintmicro.tblk/Contents/Resources

Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/user/cintmicro.tblk/Contents/Resources/config.ovpn

Created secure (shadow) copy of cintmicro.tblk

Deleted /Library/Application Support/Tunnelblick/Users/user/CINTMICROSERVICES.tblk

Deleted secure (shadow) copy of CINTMICROSERVICES.tblk

Tunnelblick installer finished without error

2016-03-24 10:11:51 Tunnelblick[52305] Can't retrieve Keychain item for service = 'Tunnelblick-Auth-cintmicro' account = 'username' because it does not exist

2016-03-24 10:11:51 Tunnelblick[52305] Can't retrieve Keychain item for service = 'Tunnelblick-Auth-cintmicro' account = 'password' because it does not exist

2016-03-24 10:15:21 Tunnelblick[52305] Can't retrieve Keychain item for service = 'Tunnelblick-Auth-cintmicro' account = 'username' because it does not exist

2016-03-24 10:15:21 Tunnelblick[52305] Can't retrieve Keychain item for service = 'Tunnelblick-Auth-cintmicro' account = 'password' because it does not exist

2016-03-24 10:18:14 Tunnelblick[52305] setShutdownVariables: invoked, but have already set them

2016-03-24 10:18:14 Tunnelblick[52305] applicationShouldTerminate: termination because of shutdown; delayed until 'shutdownTunnelblick' finishes

2016-03-24 10:18:14 Tunnelblick[52305] Finished shutting down Tunnelblick; allowing termination

2016-03-24 10:27:17 Tunnelblick[420] Tunnelblick: OS X 10.11.4; Tunnelblick 3.6.0a (build 4543.4546)

2016-03-24 10:27:18 Tunnelblick[420] Set program update feedURL to https://www.tunnelblick.net/appcast-s.rss

2016-03-24 10:27:28 Tunnelblick[420] Can't retrieve Keychain item for service = 'Tunnelblick-Auth-cintmicro' account = 'username' because it does not exist

2016-03-24 10:27:28 Tunnelblick[420] Can't retrieve Keychain item for service = 'Tunnelblick-Auth-cintmicro' account = 'password' because it does not exist

2016-03-24 10:42:41 Tunnelblick[420] Can't retrieve Keychain item for service = 'Tunnelblick-Auth-cintmicro' account = 'username' because it does not exist

2016-03-24 10:42:41 Tunnelblick[420] Can't retrieve Keychain item for service = 'Tunnelblick-Auth-cintmicro' account = 'password' because it does not exist

jkbull...gmail.com

unread,

Mar 24, 2016, 6:29:36 AM3/24/16

to tunnelblick-discuss, calle...@gmail.com

So you have a new version of OS X, a new version of Tunnelblick, and a new VPN server. That's a lot of things to change all at once.

First, see if you can connect to any of your old VPN servers.

If you can, that points to a problem with the new server or the configuration file.
If you can't, please try Tunnelblick 3.5.8 from the Deprecated Downloads page. (You can just install it and it will replace Tunnelblick 3.6.0a.) If that doesn't work, it points to a problem in your 10.11.4 installation. Try downloading and installing the 10.11.4 Combo Updater.

The only potential problem I noticed in the configuration file is that you probably don't want to have "dev-type tun". It tells OpenVPN to use Tunnelblick's "tun" device driver instead of the built-in OS X "utun" driver. It's unlikely to be the problem, but it is easy to remove the line, or prefix it with a "#" character so it will be ignored.

calle...@gmail.com

unread,

Mar 24, 2016, 7:08:33 AM3/24/16

to tunnelblick-discuss, calle...@gmail.com

I can connect to my other VPN servers. They all have my credentials stored though. I deleted my credentials from one of my VPN configurations, and it asks for my credentials as it should.

I'll check if I can spot any differences between the configurations for my other VPN servers and this config.

calle...@gmail.com

unread,

Mar 24, 2016, 7:28:05 AM3/24/16

to tunnelblick-discuss, calle...@gmail.com

I couldn't find any differences. So I removed the profile and downloaded it from the server again and imported it. It worked! Then I renamed the profile. Got the same problem. Renamed it back to the original name. It worked again. So the issue seems to be related to renaming the profile.

calle...@gmail.com

unread,

Mar 24, 2016, 7:33:03 AM3/24/16

to tunnelblick-discuss, calle...@gmail.com

I tried renaming one of my old profiles, and got the same behaviour there as well ("waiting for password", but once renamed back to the previous name it worked again).

jkbull...gmail.com

unread,

Mar 24, 2016, 8:12:27 AM3/24/16

to tunnelblick-discuss, calle...@gmail.com

Thanks! I can reproduce this, so I will investigate, fix it, and report back here.

Until that's done, you can "repair" a renamed configuration with the following three commands typed into Terminal:

defaults delete net.tunnelblick.tunnelblick XXXXXX-keychainHasPrivateKey
defaults delete net.tunnelblick.tunnelblick XXXXXX-keychainHasUsername
defaults delete net.tunnelblick.tunnelblick XXXXXX-keychainHasUsernameAndPassword

where XXXXXX is the configuration name after the rename.

Thanks again for reporting this and for your investigation, too.

jkbull...gmail.com

unread,

Mar 24, 2016, 7:54:59 PM3/24/16

to tunnelblick-discuss, calle...@gmail.com

I have found the problems that caused this (two separate problems, and I found another problem while I was testing!). I have committed a fix to the source code; the fix will be included in the next stable and beta releases.

On Thursday, March 24, 2016 at 8:12:27 AM UTC-4, jkbull...gmail.com wrote:

Thanks! I can reproduce this, so I will investigate, fix it, and report back here.

<snip>

calle...@gmail.com

unread,

Mar 25, 2016, 9:48:58 AM3/25/16

to tunnelblick-discuss, calle...@gmail.com

Awesome, thanks!

n9yty

unread,

Mar 28, 2016, 9:27:46 AM3/28/16

to tunnelblick-discuss, calle...@gmail.com

On Thursday, March 24, 2016 at 7:12:27 AM UTC-5, jkbull...gmail.com wrote:

Thanks! I can reproduce this, so I will investigate, fix it, and report back here.

Until that's done, you can "repair" a renamed configuration with the following three commands typed into Terminal:

Thanks for finding, confirming, and fixing the bug. Is this fix a one-time permanent? It affected all my users I upgraded. The need to manually reinstall all their configurations becuase of the required script was bad enough {sigh}, but then this kicked them out for the weekend as I coculdn't get to them to fix them. The joys of remote computing. :) Anyway, I will try to find a way to get them to try this, although some are not even minimally adept at such things. A quick release that they could update to would be much appreciated. :)

And, is every future release going to require a configuration re-install? :( This was the first release that I ever saw that happen with in my recollection. But that isn't what it used to be either. :)

-Steve

jkbull...gmail.com

unread,

Mar 28, 2016, 10:55:19 AM3/28/16

to tunnelblick-discuss, calle...@gmail.com, steve...@gmail.com

Requiring the reinstallation of configurations for the new release was not by design, it was a consequence of a bug. I certainly hope future releases will not require them and will do my best to avoid that.

There are three problems with Tunnelblick 3.6.0a. To avoid all three, you can have users revert back to Tunnelblick 3.5.8 (and not do anything about their configurations or anything else) and then install 3.6.1 when it becomes available -- it will include fixes for all three problems.

Problem #1 -- the subject of this thread -- is that when Tunnelblick 3.6.0a renames a configuration, it creates "unusual" (correct but unnecessary and not otherwise seen) settings for the new configuration. That combined with a bug in the code that acts on those settings caused the problem that was reported in this thread: OpenVPN was waiting for a password but Tunnelblick wasn't presenting the user an opportunity to enter the password.

The workaround for problem #1 is to copy/paste the following commands into Terminal:

defaults delete net.tunnelblick.tunnelblick XXXXXX-keychainHasPrivateKey
defaults delete net.tunnelblick.tunnelblick XXXXXX-keychainHasUsername
defaults delete net.tunnelblick.tunnelblick XXXXXX-keychainHasUsernameAndPassword

where XXXXXX is the configuration name after the rename.

Problem #2 was discussed by streich7 in this other thread (although the first two posts in that thread are about problem #3). The problem is that configurations that contain certain Unicode (non-ASCII) character sequences do not install correctly. The installation process cuts off the last few characters of the OpenVPN configuration file. Because the installed file is malformed, the only solution is to re-install. If you are reinstalling with Tunnelblick 3.6.0a, you can add padding at the end of the configuration file, the padding (or some of it) will be removed and the configuration will work properly. The padding could be empty lines, or a long comment. I think this is a rare situation and I think Tunnelblick 3.5.8 has the same problem (but I have not confirmed that).

The workaround for problem #2 is to add padding to the end of the OpenVPN configuration file and re-install the configuration.

Problem #3 is that when you try to connect a configuration which contains CR-LF line endings (standard for Windows), Tunnelblick says "Tunnelblick could not find a 'tun' or 'tap' option in the OpenVPN configuration file". That's the problem Octopon described in his post (the first post) in the same thread as problem #2.

The workaround for problem #3 is to re-install the configuration(s).

When Tunnelblick 3.6.1 comes out (later this week, I expect), it will include fixes for all three problems. (The third problem will be fixed so that Tunnelblick will work properly with OpenVPN configuration files that use either CR-LF or LF line endings, as it has in the past.)

jkbull...gmail.com

unread,

Mar 28, 2016, 3:43:26 PM3/28/16

to tunnelblick-discuss, calle...@gmail.com, steve...@gmail.com

Hmmm. Trying to fix problem #3 proved to be a problem in itself.

I don't think problem #3 exists. I was able to do the following with configuration files that contained CR-LF line endings:

Use them with 3.6.0a if they were installed previously
Install them by double-clicking (or drag/drop to Tunnelblick in /Applications) and then use them
Install them by including them in an auto-install folder in the same folder that the Tunnelblick.app program is being installed from and then use them.

So I think I was wrong about it being a problem.

Looking at your comment, Steve:

On Thursday, March 24, 2016 at 7:12:27 AM UTC-5, jkbull...gmail.com wrote:
Is this fix a one-time permanent? It affected all my users I upgraded. The need to manually reinstall all their configurations becuase of the required script

I don't understand why you had to have your users reinstall unless they had the Unicode characters problem. Is that the problem they had?

What is "the required script"? Do you mean you wrote a script for your users that ran the "defaults" commands? That's only required after renaming or duplicating a configuration.

spart...@gmail.com

unread,

Apr 7, 2016, 12:48:39 PM4/7/16

to tunnelblick-discuss, calle...@gmail.com, steve...@gmail.com

I am a new TB user, d/l-ed 3.6.1 and immediately found this same issue. So.. it's not fixed.

jkbull...gmail.com

unread,

Apr 7, 2016, 1:04:57 PM4/7/16

to tunnelblick-discuss, calle...@gmail.com, steve...@gmail.com, spart...@gmail.com

@spart...@gmail.com - Thanks for your report.

I'm not clear on what you mean by "this same issue" -- there are two issues described in this thread (#1 and #2; as my later post says, #3 isn't a problem).

As far as I know, both problems (#1 and #2) were fixed in 3.6.1. Are you having some other problem?

If you are having a problem, please describe it in as much detail as you can -- I can't fix problems unless I understand what they are!

And please include the "diagnostic info" (see Before You Post). If the problem is that you can't launch Tunnelblick, for example, obviously you can't do that, but for almost all other situations, the diagnostic info is invaluable.

jkbull...gmail.com

unread,

Apr 8, 2016, 11:57:21 AM4/8/16

to tunnelblick-discuss, calle...@gmail.com, steve...@gmail.com, spart...@gmail.com

Tunnelblick 3.6.2beta06 should fix the problems described in this thread.

Reply all

Reply to author

Forward