"write to TUN/TAP : Input/output error (code=5)" when "route-gateway 192.168.1.1"
1,307 views
Skip to first unread message
skydre...@gmail.com
Oct 12, 2015, 12:19:29 PM10/12/15
to tunnelblick-discuss
I want to redirect all traffic to vpn, so my server conf ovpn including push "route-gateway 192.168.1.1" and "redirect-gateway def1" option.
When the vpn is connected, "write to TUN/TAP : Input/output error (code=5)" message keep coming and i can't connect to internet or 192.168.1.1.
I tested on Windows and there is no problem, so I think this is OS X/TunnelBlick problem.
When without "route-gateway 192.168.1.1":
Server conf ovpn:
# Automatically generated configuration
daemon
topology subnet
server-bridge
push "route 0.0.0.0 255.255.255.255 net_gateway"
proto tcp-server
rcvbuf 0
sndbuf 0
port 1194
dev tap21
comp-lzo adaptive
keepalive 15 60
verb 3
duplicate-cn
tls-auth static.key
ca ca.crt
dh dh.pem
cert server.crt
key server.key
status-version 2
status status
# Custom Configuration
Tunnelblick log:2015-10-12 23:33:26 *Tunnelblick: OS X 10.10.5; Tunnelblick 3.5.4 (build 4270.4395)
2015-10-12 23:33:28 *Tunnelblick: Attempting connection with client1 using shadow copy; Set nameserver = 1; monitoring connection
2015-10-12 23:33:28 *Tunnelblick: openvpnstart start client1.tblk 1337 1 0 1 0 16754 -ptADGNWradsgnw 2.3.6
2015-10-12 23:33:29 *Tunnelblick: openvpnstart log:
Loading tap-signed.kext
OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.6/openvpn
--daemon
--log
/Library/Application Support/Tunnelblick/Logs/-SUsers-S(Info Removed)-SLibrary-SApplication Support-STunnelblick-SConfigurations-Sclient1.tblk-SContents-SResources-Sconfig.ovpn.1_0_1_0_16754.1337.openvpn.log
--cd
/Library/Application Support/Tunnelblick/Users/(Info Removed)/client1.tblk/Contents/Resources
--config
/Library/Application Support/Tunnelblick/Users/(Info Removed)/client1.tblk/Contents/Resources/config.ovpn
--cd
/Library/Application Support/Tunnelblick/Users/(Info Removed)/client1.tblk/Contents/Resources
--management
127.0.0.1
1337
--management-query-passwords
--management-hold
--script-security
2
--up
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -a -d -f -m -w -ptADGNWradsgnw
--down
/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -a -d -f -m -w -ptADGNWradsgnw
--route-pre-down
/Applications/Tunnelblick.app/Contents/Resources/client.route-pre-down.tunnelblick.sh -a -d -f -m -w -ptADGNWradsgnw
2015-10-12 23:33:28 OpenVPN 2.3.6 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Sep 19 2015
2015-10-12 23:33:28 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08
2015-10-12 23:33:28 *Tunnelblick: openvpnstart starting OpenVPN
2015-10-12 23:33:29 *Tunnelblick: Established communication with OpenVPN
2015-10-12 23:33:29 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2015-10-12 23:33:29 Control Channel Authentication: tls-auth using INLINE static key file
2015-10-12 23:33:30 Attempting to establish TCP connection with [AF_INET](Info Removed) [nonblock]
2015-10-12 23:33:31 TCP connection established with [AF_INET](Info Removed):1194
2015-10-12 23:33:31 TCPv4_CLIENT link local: [undef]
2015-10-12 23:33:31 TCPv4_CLIENT link remote: [AF_INET](Info Removed):1194
2015-10-12 23:33:33 [RT-AC68U] Peer Connection Initiated with [AF_INET](Info Removed):1194
2015-10-12 23:33:36 TUN/TAP device /dev/tap0 opened
2015-10-12 23:33:36 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -a -d -f -m -w -ptADGNWradsgnw tap0 1500 1576 init
**********************************************
Start of output from client.up.tunnelblick.sh
Configuring tap DNS via DHCP asynchronously
End of output from client.up.tunnelblick.sh
**********************************************
add net 0.0.0.0: gateway (Info Removed)
2015-10-12 23:33:38 Initialization Sequence Completed
Sleeping for 3 seconds to wait for DHCP to finish setup.
Retrieved from DHCP/BOOTP packet: name server(s) [ 192.168.1.1 ], search domain(s) [ ] and SMB server(s) [ ] and using default domain name [ openvpn ]
Not aggregating ServerAddresses because running on OS X 10.6 or higher
Setting search domains to 'openvpn' because running under OS X 10.6 or higher and the search domains were not set manually and 'Prepend domain name to search domains' was not selected
Saved the DNS and SMB configurations so they can be restored
Changed DNS ServerAddresses setting from '(Info Removed) (Info Removed)' to '192.168.1.1'
Changed DNS SearchDomains setting from '' to 'openvpn'
Changed DNS DomainName setting from '' to 'openvpn'
Did not change SMB NetBIOSName setting of ''
Did not change SMB Workgroup setting of ''
Did not change SMB WINSAddresses setting of '0.0.0.0'
DNS servers '192.168.1.1' will be used for DNS queries when the VPN is active
The DNS servers do not include any free public DNS servers known to Tunnelblick. This may cause DNS queries to fail or be intercepted or falsified even if they are directed through the VPN. Specify only known public DNS servers or DNS servers located on the VPN network to avoid such problems.
Flushed the DNS cache via dscacheutil
/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
Notified mDNSResponder that the DNS cache was flushed
Setting up to monitor system configuration with process-network-changes
2015-10-12 23:33:38 *Tunnelblick: No 'connected.sh' script to execute
Sleeping for 0 seconds to wait for DHCP to finish setup.
Sleeping for 1 seconds to wait for DHCP to finish setup.
Sleeping for 2 seconds to wait for DHCP to finish setup.
2015-10-12 23:33:44 *Tunnelblick: This computer's apparent public IP address ((Info Removed)) was unchanged after the connection was made
2015-10-12 23:33:53 *Tunnelblick process-network-changes: A system configuration change was ignored
When with "route-gateway 192.168.1.1":
Server conf ovpn:# Automatically generated configuration
daemon
topology subnet
server-bridge
push "route 0.0.0.0 255.255.255.255 net_gateway"
proto tcp-server
rcvbuf 0
sndbuf 0
port 1194
dev tap21
comp-lzo adaptive
keepalive 15 60
verb 3
duplicate-cn
push "route-gateway 192.168.1.1"
push "redirect-gateway def1"
tls-auth static.key
ca ca.crt
dh dh.pem
cert server.crt
key server.key
status-version 2
status status
# Custom Configuration
Tunnelblick log:2015-10-12 23:49:34 *Tunnelblick: OS X 10.10.5; Tunnelblick 3.5.4 (build 4270.4395)
2015-10-12 23:49:36 *Tunnelblick: Attempting connection with client1 using shadow copy; Set nameserver = 1; monitoring connection
2015-10-12 23:49:36 *Tunnelblick: openvpnstart start client1.tblk 1337 1 0 1 0 16754 -ptADGNWradsgnw 2.3.6
2015-10-12 23:49:36 OpenVPN 2.3.6 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Sep 19 2015
2015-10-12 23:49:36 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08
2015-10-12 23:49:36 *Tunnelblick: openvpnstart starting OpenVPN
2015-10-12 23:49:37 *Tunnelblick: openvpnstart log:
Loading tap-signed.kext
OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.6/openvpn
--daemon
--log
/Library/Application Support/Tunnelblick/Logs/-SUsers-S(Info Removed)-SLibrary-SApplication Support-STunnelblick-SConfigurations-Sclient1.tblk-SContents-SResources-Sconfig.ovpn.1_0_1_0_16754.1337.openvpn.log
--cd
/Library/Application Support/Tunnelblick/Users/(Info Removed)/client1.tblk/Contents/Resources
--config
/Library/Application Support/Tunnelblick/Users/(Info Removed)/client1.tblk/Contents/Resources/config.ovpn
--cd
/Library/Application Support/Tunnelblick/Users/(Info Removed)/client1.tblk/Contents/Resources
--management
127.0.0.1
1337
--management-query-passwords
--management-hold
--script-security
2
--up
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -a -d -f -m -w -ptADGNWradsgnw
--down
/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -a -d -f -m -w -ptADGNWradsgnw
--route-pre-down
/Applications/Tunnelblick.app/Contents/Resources/client.route-pre-down.tunnelblick.sh -a -d -f -m -w -ptADGNWradsgnw
2015-10-12 23:49:37 *Tunnelblick: Established communication with OpenVPN
2015-10-12 23:49:37 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2015-10-12 23:49:37 Control Channel Authentication: tls-auth using INLINE static key file
2015-10-12 23:49:37 Attempting to establish TCP connection with [AF_INET](Info Removed):1194 [nonblock]
2015-10-12 23:49:38 TCP connection established with [AF_INET](Info Removed):1194
2015-10-12 23:49:38 TCPv4_CLIENT link local: [undef]
2015-10-12 23:49:38 TCPv4_CLIENT link remote: [AF_INET](Info Removed):1194
2015-10-12 23:49:39 [RT-AC68U] Peer Connection Initiated with [AF_INET](Info Removed):1194
2015-10-12 23:49:42 TUN/TAP device /dev/tap0 opened
2015-10-12 23:49:42 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -a -d -f -m -w -ptADGNWradsgnw tap0 1500 1576 init
**********************************************
Start of output from client.up.tunnelblick.sh
No network configuration changes need to be made.
Will NOT monitor for other network configuration changes.
DNS servers '(Info Removed) (Info Removed)' will be used for DNS queries when the VPN is active
The DNS servers do not include any free public DNS servers known to Tunnelblick. This may cause DNS queries to fail or be intercepted or falsified even if they are directed through the VPN. Specify only known public DNS servers or DNS servers located on the VPN network to avoid such problems.
Flushed the DNS cache via dscacheutil
/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
Notified mDNSResponder that the DNS cache was flushed
End of output from client.up.tunnelblick.sh
**********************************************
add net (Info Removed): gateway (Info Removed)
add net 0.0.0.0: gateway 192.168.1.1
add net 128.0.0.0: gateway 192.168.1.1
add net 0.0.0.0: gateway (Info Removed)
2015-10-12 23:49:44 *Tunnelblick: No 'connected.sh' script to execute
2015-10-12 23:49:44 Initialization Sequence Completed
2015-10-12 23:49:44 write to TUN/TAP : Input/output error (code=5)
2015-10-12 23:49:44 write to TUN/TAP : Input/output error (code=5)
2015-10-12 23:49:44 write to TUN/TAP : Input/output error (code=5)
2015-10-12 23:49:46 write to TUN/TAP : Input/output error (code=5)
2015-10-12 23:49:47 write to TUN/TAP : Input/output error (code=5)
2015-10-12 23:49:50 write to TUN/TAP : Input/output error (code=5)
2015-10-12 23:49:51 write to TUN/TAP : Input/output error (code=5)
2015-10-12 23:49:54 write to TUN/TAP : Input/output error (code=5)
2015-10-12 23:49:55 write to TUN/TAP : Input/output error (code=5)
2015-10-12 23:49:57 write to TUN/TAP : Input/output error (code=5)
2015-10-12 23:49:59 write to TUN/TAP : Input/output error (code=5)
2015-10-12 23:50:02 write to TUN/TAP : Input/output error (code=5)
2015-10-12 23:50:04 write to TUN/TAP : Input/output error (code=5)
2015-10-12 23:50:05 write to TUN/TAP : Input/output error (code=5)
2015-10-12 23:50:08 write to TUN/TAP : Input/output error (code=5)
2015-10-12 23:50:09 write to TUN/TAP : Input/output error (code=5)
2015-10-12 23:50:12 write to TUN/TAP : Input/output error (code=5)
2015-10-12 23:50:13 write to TUN/TAP : Input/output error (code=5)
2015-10-12 23:50:14 write to TUN/TAP : Input/output error (code=5)
2015-10-12 23:50:14 write to TUN/TAP : Input/output error (code=5)
2015-10-12 23:50:16 write to TUN/TAP : Input/output error (code=5)
2015-10-12 23:50:17 write to TUN/TAP : Input/output error (code=5)
2015-10-12 23:50:20 write to TUN/TAP : Input/output error (code=5)
2015-10-12 23:50:20 write to TUN/TAP : Input/output error (code=5)
2015-10-12 23:50:21 write to TUN/TAP : Input/output error (code=5)
2015-10-12 23:50:24 write to TUN/TAP : Input/output error (code=5)
2015-10-12 23:50:24 *Tunnelblick: After 30.0 seconds, gave up trying to fetch IP address information using the ipInfo host's name after connecting.
2015-10-12 23:50:25 write to TUN/TAP : Input/output error (code=5)
2015-10-12 23:50:27 write to TUN/TAP : Input/output error (code=5)
2015-10-12 23:50:29 write to TUN/TAP : Input/output error (code=5)
2015-10-12 23:50:29 write to TUN/TAP : Input/output error (code=5)
Client conf ovpn:
client
dev tap
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap
proto tcp-client
remote (Info Removed) 1194
float
comp-lzo adaptive
keepalive 15 60
ns-cert-type server
<ca>
-----BEGIN CERTIFICATE-----
(Info Removed)
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
(Info Removed)
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
(Info Removed)
-----END PRIVATE KEY-----
</key>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
(Info Removed)
-----END OpenVPN Static key V1-----
</tls-auth>
resolv-retry infinite
nobind
jkbull...gmail.com
Oct 12, 2015, 9:54:41 PM10/12/15
to tunnelblick-discuss, skydre...@gmail.com
OpenVPN on OS X has problems with route-gateway, so try removing that. Leave the "redirect-gateway def1".
(Tunnelblick's "Route all IPv4 traffic through the VPN" option tells OpenVPN to use "redirect-gateway def1", so it is the same as putting it in the client configuration or pushing it from the server.)
skydre...@gmail.com
Oct 13, 2015, 2:20:07 AM10/13/15
to tunnelblick-discuss, skydre...@gmail.com
But, the main different between two logs start from client.up.tunnelblick.sh get involved, is it openvpn or tunnelblick problem?
Full log:
jkbull...gmail.com於 2015年10月13日星期二 UTC+8上午9時54分41秒寫道:
If it is openvpn problem, is there any attempt to fix it?
Also, I tried leave the "redirect-gateway def1" and remove "route-gateway 192.168.1.1", but following message appears and I can't redirect all traffic to vpn.
2015-10-13 14:12:16 NOTE: unable to redirect default gateway -- VPN gateway parameter (--route-gateway or --ifconfig) is missing
2015-10-13 14:12:04 *Tunnelblick: OS X 10.10.5; Tunnelblick 3.5.4 (build 4270.4395)
2015-10-13 14:12:09 *Tunnelblick: Attempting connection with client1 using shadow copy; Set nameserver = 1; monitoring connection
2015-10-13 14:12:09 *Tunnelblick: openvpnstart start client1.tblk 1337 1 0 1 0 16754 -ptADGNWradsgnw 2.3.6
2015-10-13 14:12:11 *Tunnelblick: openvpnstart log:
Loading tap-signed.kext
OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.6/openvpn
--daemon
--log
/Library/Application Support/Tunnelblick/Logs/-SUsers-S(Info Removed)-SLibrary-SApplication Support-STunnelblick-SConfigurations-Sclient1.tblk-SContents-SResources-Sconfig.ovpn.1_0_1_0_16754.1337.openvpn.log
--cd
/Library/Application Support/Tunnelblick/Users/(Info Removed)/client1.tblk/Contents/Resources
--config
/Library/Application Support/Tunnelblick/Users/(Info Removed)/client1.tblk/Contents/Resources/config.ovpn
--cd
/Library/Application Support/Tunnelblick/Users/(Info Removed)/client1.tblk/Contents/Resources
--management
127.0.0.1
1337
--management-query-passwords
--management-hold
--script-security
2
--up
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -a -d -f -m -w -ptADGNWradsgnw
--down
/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -a -d -f -m -w -ptADGNWradsgnw
--route-pre-down
/Applications/Tunnelblick.app/Contents/Resources/client.route-pre-down.tunnelblick.sh -a -d -f -m -w -ptADGNWradsgnw
2015-10-13 14:12:09 *Tunnelblick: openvpnstart starting OpenVPN
2015-10-13 14:12:10 OpenVPN 2.3.6 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Sep 19 2015
2015-10-13 14:12:10 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08
2015-10-13 14:12:11 *Tunnelblick: Established communication with OpenVPN
2015-10-13 14:12:11 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2015-10-13 14:12:11 Control Channel Authentication: tls-auth using INLINE static key file
2015-10-13 14:12:11 Attempting to establish TCP connection with [AF_INET](Info Removed):1194 [nonblock]
2015-10-13 14:12:12 TCP connection established with [AF_INET](Info Removed):1194
2015-10-13 14:12:12 TCPv4_CLIENT link local: [undef]
2015-10-13 14:12:12 TCPv4_CLIENT link remote: [AF_INET](Info Removed):1194
2015-10-13 14:12:12 [RT-AC68U] Peer Connection Initiated with [AF_INET](Info Removed):1194
2015-10-13 14:12:14 TUN/TAP device /dev/tap0 opened
2015-10-13 14:12:14 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -a -d -f -m -w -ptADGNWradsgnw tap0 1500 1576 init
**********************************************
Start of output from client.up.tunnelblick.sh
Configuring tap DNS via DHCP asynchronously
End of output from client.up.tunnelblick.sh
**********************************************
2015-10-13 14:12:16 NOTE: unable to redirect default gateway -- VPN gateway parameter (--route-gateway or --ifconfig) is missing
add net 0.0.0.0: gateway (Info Removed)
2015-10-13 14:12:16 Initialization Sequence Completed
Sleeping for 0 seconds to wait for DHCP to finish setup.
Sleeping for 1 seconds to wait for DHCP to finish setup.
Sleeping for 2 seconds to wait for DHCP to finish setup.
Retrieved from DHCP/BOOTP packet: name server(s) [ 192.168.1.1 ], search domain(s) [ ] and SMB server(s) [ ] and using default domain name [ openvpn ]
Not aggregating ServerAddresses because running on OS X 10.6 or higher
Setting search domains to 'openvpn' because running under OS X 10.6 or higher and the search domains were not set manually and 'Prepend domain name to search domains' was not selected
Saved the DNS and SMB configurations so they can be restored
Changed DNS ServerAddresses setting from '(Info Removed) (Info Removed)' to '192.168.1.1'
Changed DNS SearchDomains setting from '' to 'openvpn'
Changed DNS DomainName setting from '' to 'openvpn'
Did not change SMB NetBIOSName setting of ''
Did not change SMB Workgroup setting of ''
Did not change SMB WINSAddresses setting of ''
DNS servers '192.168.1.1' will be used for DNS queries when the VPN is active
The DNS servers do not include any free public DNS servers known to Tunnelblick. This may cause DNS queries to fail or be intercepted or falsified even if they are directed through the VPN. Specify only known public DNS servers or DNS servers located on the VPN network to avoid such problems.
Flushed the DNS cache via dscacheutil
/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
Notified mDNSResponder that the DNS cache was flushed
Setting up to monitor system configuration with process-network-changes
2015-10-13 14:12:17 *Tunnelblick: No 'connected.sh' script to execute
2015-10-13 14:12:22 *Tunnelblick: This computer's apparent public IP address ((Info Removed)) was unchanged after the connection was made
2015-10-13 14:12:29 *Tunnelblick process-network-changes: A system configuration change was ignoredjkbull...gmail.com於 2015年10月13日星期二 UTC+8上午9時54分41秒寫道:
GdCondor GdCondor
Apr 30, 2021, 4:11:26 PM4/30/21
to tunnelblick-discuss
Hello,
I found your old thread but I got the exact same problem. Did you find a solution?
Thanks!
Florian
Tunnelblick developer
Apr 30, 2021, 10:13:13 PM4/30/21
to tunnelblick-discuss
GdCondor - This thread is more than five years old.
Please create a new thread and post the diagnostic info obtained by following the instructions at Read Before You Post.
Reply all
Reply to author
Forward
0 new messages