Tunnelblick Connected - No Internet
156 views
Skip to first unread message
msinca
Aug 12, 2017, 6:13:35 PM8/12/17
to tunnelblick-discuss
Hi All,
I've read a bunch of the info on the FAQ and in this newsgroup and I appear to have a similar problem with my Mac not connecting.
Setup
Server - Tomato Router with OpenVPN Server
Client - Macbook Pro w/ MacOS Sierra
I can successfully connect to the OpenVPN Server using my Windows Machine using the Windows OpenVPN GUI client. Everything works just fine.
However, I am having problems getting everything to work to the same server using my Mac via Tunnelblick. I'm including the Diagnostic Information at the end of this post.
Tunnelblick appears to connect but then I keep getting the dreaded "write to TUN/TAP : Input/output error (code=5)". My IP address doesn't change and it won't seem to get a new IP (via DHCP) from the Tomato Router after connecting (even if I manually try to Renew the Lease). If I am connecting via my Verizon hotspot (via iPhone), it appears that only IPv6 traffic can get through since all I have is an IPv6 address after trying to connect.
I've confirmed that I don't have any static DNS routes set on my Mac. My log and Diagnostic files are below.
NOTE: You may wonder why my port is set to 443. The location where I'm connecting from only allows traffic on certain browsing ports so I have to use 80 or 443.
I've tried the following to no avail:
- Set nameserver (3.1)
- Set nameserver (3.0b10)
- Set nameserver (alternate)
Thanks very much for any advice/help you could offer.
Regards,
Mike
*Tunnelblick: OS X 10.12.6; Tunnelblick 3.7.1b (build 4813); prior version 3.6.9 (build 4685); Admin user
git commit ea4b9e30939b4dfd3b69a71f62e91625fa8dd97f
Configuration mgopenvpn-tomato
"Sanitized" condensed configuration file for /Library/Application Support/Tunnelblick/Shared/mgopenvpn-tomato.tblk:
remote xxxx.xxxxx.com
port 443
dev tap
secret staticvpn.key
proto udp
comp-lzo
route-gateway 10.10.10.1
redirect-gateway def1
float
route-method exe
route-delay 2
================================================================================
Non-Apple kexts that are loaded:
Index Refs Address Size Wired Name (Version) UUID <Linked Against>
147 0 0xffffff7f80b31000 0x5000 0x5000 com.Cycling74.driver.Soundflower (2) 2D779840-7439-31E5-8A66-D786C3F47B75 <82 5 4 3>
177 0 0xffffff7f85675000 0x7000 0x7000 com.parallels.kext.usbconnect (12.2.0 41591) 64693D1A-CF7A-310E-AE6A-DBD625BD2390 <39 7 5 4 3 1>
178 1 0xffffff7f8567c000 0x35000 0x35000 com.parallels.kext.hypervisor (12.2.0 41591) C6FDE564-0AF9-361B-9DA7-F0613D8CFE12 <7 5 4 3 1>
179 0 0xffffff7f856b1000 0xf000 0xf000 com.parallels.kext.netbridge (12.2.0 41591) 973101AE-C7B0-3861-832C-2A398409967B <178 5 4 3 1>
180 0 0xffffff7f856c0000 0x4000 0x4000 com.parallels.kext.vnic (12.2.0 41591) 762275CF-1B85-3A61-AC12-3500675F7E9A <5 4 3 1>
================================================================================
There are no unusual files in mgopenvpn-tomato.tblk
================================================================================
Configuration preferences:
useDNS = 1
-notMonitoringConnection = 0
-resetPrimaryInterfaceAfterDisconnect = 0
-routeAllTrafficThroughVpn = 1
-useRouteUpInsteadOfUp = 1
-openvpnVersion =
-loggingLevel = 3
-lastConnectionSucceeded = 1
================================================================================
Wildcard preferences:
================================================================================
Program preferences:
inhibitOutboundTunneblickTraffic = 1
launchAtNextLogin = 1
notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
askedUserIfOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
tunnelblickVersionHistory = (
"3.7.1b (build 4813)",
"3.6.9 (build 4685)"
)
lastLaunchTime = 524268071.703075
lastLanguageAtLaunchWasRTL = 0
connectionWindowDisplayCriteria = showWhenConnecting
maxLogDisplaySize = 102400
lastConnectedDisplayName = mgopenvpn-tomato
keyboardShortcutIndex = 1
updateCheckAutomatically = 0
updateSendProfileInfo = 0
NSWindow Frame ConnectingWindow = 1525 942 389 187 0 0 3440 1417
NSWindow Frame SUUpdateAlert = 1410 788 620 392 0 0 3440 1417
detailsWindowFrameVersion = 4813
detailsWindowFrame = {{1731, 738}, {920, 468}}
detailsWindowLeftFrame = {{0, 0}, {165, 350}}
detailsWindowViewIndex = 0
detailsWindowConfigurationsTabIdentifier = settings
leftNavSelectedDisplayName = mgopenvpn-tomato
AdvancedWindowTabIdentifier = connectingAndDisconnecting
haveDealtWithSparkle1dot5b6 = 1
haveDealtWithOldTunTapPreferences = 1
haveDealtWithOldLoginItem = 1
SUEnableAutomaticChecks = 0
SUFeedURL = https://www.tunnelblick.net/appcast-s.rss
SUScheduledCheckInterval = 86400
SUSendProfileInfo = 0
SULastCheckTime = 2017-08-11 21:19:05 +0000
SUHasLaunchedBefore = 1
WebKitDefaultFontSize = 16
WebKitStandardFont = Times
================================================================================
Tunnelblick Log:
*Tunnelblick: OS X 10.12.6; Tunnelblick 3.7.1b (build 4813); prior version 3.6.9 (build 4685)
2017-08-12 15:01:33 *Tunnelblick: Attempting connection with mgopenvpn-tomato; Set nameserver = 769; monitoring connection
2017-08-12 15:01:33 *Tunnelblick: openvpnstart start mgopenvpn-tomato.tblk 1337 769 0 3 0 1098610 -ptADGNWradsgnw 2.3.17-openssl-1.0.2k
2017-08-12 15:01:33 *Tunnelblick: openvpnstart starting OpenVPN
2017-08-12 15:01:34 *Tunnelblick: openvpnstart log:
Loading tap-signed.kext
OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.17-openssl-1.0.2k/openvpn
--daemon
--log
/Library/Application Support/Tunnelblick/Logs/-SLibrary-SApplication Support-STunnelblick-SShared-Smgopenvpn--tomato.tblk-SContents-SResources-Sconfig.ovpn.769_0_3_0_1098610.1337.openvpn.log
--cd
/Library/Application Support/Tunnelblick/Shared/mgopenvpn-tomato.tblk/Contents/Resources
--verb
3
--config
/Library/Application Support/Tunnelblick/Shared/mgopenvpn-tomato.tblk/Contents/Resources/config.ovpn
--verb
3
--cd
/Library/Application Support/Tunnelblick/Shared/mgopenvpn-tomato.tblk/Contents/Resources
--management
127.0.0.1
1337
--management-query-passwords
--management-hold
--redirect-gateway
def1
--script-security
2
--route-up
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -a -d -f -m -w -ptADGNWradsgnw
--down
/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -a -d -f -m -w -ptADGNWradsgnw
--route-pre-down
/Applications/Tunnelblick.app/Contents/Resources/client.route-pre-down.tunnelblick.sh -9 -a -d -f -m -w -ptADGNWradsgnw
2017-08-12 15:01:34 OpenVPN 2.3.17 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Jun 21 2017
2017-08-12 15:01:34 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09
2017-08-12 15:01:34 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337
2017-08-12 15:01:34 Need hold release from management interface, waiting...
2017-08-12 15:01:34 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337
2017-08-12 15:01:35 *Tunnelblick: Established communication with OpenVPN
2017-08-12 15:01:35 MANAGEMENT: CMD 'pid'
2017-08-12 15:01:35 MANAGEMENT: CMD 'state on'
2017-08-12 15:01:35 MANAGEMENT: CMD 'state'
2017-08-12 15:01:35 MANAGEMENT: CMD 'bytecount 1'
2017-08-12 15:01:35 MANAGEMENT: CMD 'hold release'
2017-08-12 15:01:35 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2017-08-12 15:01:35 Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
2017-08-12 15:01:35 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
2017-08-12 15:01:35 Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2017-08-12 15:01:35 Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
2017-08-12 15:01:35 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
2017-08-12 15:01:35 Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2017-08-12 15:01:35 Socket Buffers: R=[196724->196724] S=[9216->9216]
2017-08-12 15:01:35 MANAGEMENT: >STATE:1502575295,RESOLVE,,,
2017-08-12 15:01:35 TUN/TAP device /dev/tap0 opened
2017-08-12 15:01:35 UDPv4 link local (bound): [undef]
2017-08-12 15:01:35 UDPv4 link remote: [AF_INET]76.XXX.XXX.XXX:443
2017-08-12 15:01:45 Peer Connection Initiated with [AF_INET]76.XXX.XXX.XXX:443
2017-08-12 15:01:49 /sbin/route add -net 76.XXX.XXX.XXX 192.168.2.1 255.255.255.255
add net 76.XXX.XXX.XXX: gateway 192.168.2.1
2017-08-12 15:01:49 /sbin/route add -net 0.0.0.0 10.10.10.1 128.0.0.0
add net 0.0.0.0: gateway 10.10.10.1
2017-08-12 15:01:49 /sbin/route add -net 128.0.0.0 10.10.10.1 128.0.0.0
add net 128.0.0.0: gateway 10.10.10.1
**********************************************
Start of output from client.up.tunnelblick.sh
NOTE: No network configuration changes need to be made.
WARNING: Will NOT monitor for other network configuration changes.
DNS servers '192.168.2.1' will be used for DNS queries when the VPN is active
NOTE: The DNS servers do not include any free public DNS servers known to Tunnelblick. This may cause DNS queries to fail or be intercepted or falsified even if they are directed through the VPN. Specify only known public DNS servers or DNS servers located on the VPN network to avoid such problems.
Flushed the DNS cache via dscacheutil
/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
Notified mDNSResponder that the DNS cache was flushed
End of output from client.up.tunnelblick.sh
**********************************************
2017-08-12 15:01:51 *Tunnelblick: No 'connected.sh' script to execute
2017-08-12 15:01:51 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2017-08-12 15:01:51 Initialization Sequence Completed
2017-08-12 15:01:51 MANAGEMENT: >STATE:1502575311,CONNECTED,SUCCESS,,76.XXX.XXX.XXX
2017-08-12 15:01:51 write to TUN/TAP : Input/output error (code=5)
2017-08-12 15:01:51 write to TUN/TAP : Input/output error (code=5)
2017-08-12 15:01:52 write to TUN/TAP : Input/output error (code=5)
2017-08-12 15:01:58 write to TUN/TAP : Input/output error (code=5)
2017-08-12 15:01:59 write to TUN/TAP : Input/output error (code=5)
2017-08-12 15:02:00 write to TUN/TAP : Input/output error (code=5)
2017-08-12 15:02:06 *Tunnelblick: Disconnecting; VPN Details… window disconnect button pressed
2017-08-12 15:02:06 *Tunnelblick: No 'pre-disconnect.sh' script to execute
2017-08-12 15:02:06 *Tunnelblick: Disconnecting using 'kill'
2017-08-12 15:02:06 event_wait : Interrupted system call (code=4)
2017-08-12 15:02:06 /Applications/Tunnelblick.app/Contents/Resources/client.route-pre-down.tunnelblick.sh -9 -a -d -f -m -w -ptADGNWradsgnw tap0 1500 1577 init
**********************************************
Start of output from client.route-pre-down.tunnelblick.sh
WARNING: No saved Tunnelblick DNS configuration found; not doing anything.
End of output from client.route-pre-down.tunnelblick.sh
**********************************************
2017-08-12 15:02:07 /sbin/route delete -net 76.XXX.XXX.XXX 192.168.2.1 255.255.255.255
delete net 76.XXX.XXX.XXX: gateway 192.168.2.1
2017-08-12 15:02:07 /sbin/route delete -net 0.0.0.0 10.10.10.1 128.0.0.0
delete net 0.0.0.0: gateway 10.10.10.1
2017-08-12 15:02:07 /sbin/route delete -net 128.0.0.0 10.10.10.1 128.0.0.0
delete net 128.0.0.0: gateway 10.10.10.1
2017-08-12 15:02:07 Closing TUN/TAP interface
2017-08-12 15:02:07 /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -a -d -f -m -w -ptADGNWradsgnw tap0 1500 1577 init
**********************************************
Start of output from client.down.tunnelblick.sh
WARNING: Not restoring DNS settings because no saved Tunnelblick DNS information was found.
Flushed the DNS cache via dscacheutil
/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
Notified mDNSResponder that the DNS cache was flushed
End of output from client.down.tunnelblick.sh
**********************************************
2017-08-12 15:02:08 SIGTERM[hard,] received, process exiting
2017-08-12 15:02:08 MANAGEMENT: >STATE:1502575328,EXITING,SIGTERM,,
2017-08-12 15:02:09 *Tunnelblick: No 'post-disconnect.sh' script to execute
2017-08-12 15:02:09 *Tunnelblick: Expected disconnection occurred.
================================================================================
"Sanitized" full configuration file
remote xxxx.xxxxx.com
port 443
dev tap
secret staticvpn.key
proto udp
comp-lzo
route-gateway 10.10.10.1
redirect-gateway def1
float
route-method exe
route-delay 2
================================================================================
ifconfig output:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en9: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=b<RXCSUM,TXCSUM,VLAN_HWTAGGING>
ether 00:50:b6:89:f5:de
nd6 options=201<PERFORMNUD,DAD>
media: autoselect (<unknown type>)
status: inactive
en5: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether ac:de:48:00:11:22
inet6 fe80::aede:48ff:fe00:1122%en5 prefixlen 64 scopeid 0x5
nd6 options=281<PERFORMNUD,INSECURE,DAD>
media: autoselect
status: active
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 78:4f:43:58:6c:19
inet6 fe80::10f4:b6ba:538c:4f22%en0 prefixlen 64 secured scopeid 0x6
inet 192.168.2.184 netmask 0xffffff00 broadcast 192.168.2.255
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
en2: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
options=60<TSO4,TSO6>
ether 56:00:3c:fa:15:04
media: autoselect <full-duplex>
status: inactive
en4: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
options=60<TSO4,TSO6>
ether 56:00:3c:fa:15:05
media: autoselect <full-duplex>
status: inactive
fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078
lladdr 00:50:b6:10:00:01:04:e4
nd6 options=201<PERFORMNUD,DAD>
media: autoselect <full-duplex>
status: inactive
en1: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
options=60<TSO4,TSO6>
ether 56:00:3c:fa:15:00
media: autoselect <full-duplex>
status: inactive
en3: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
options=60<TSO4,TSO6>
ether 56:00:3c:fa:15:01
media: autoselect <full-duplex>
status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether 0a:4f:43:58:6c:19
media: autoselect
status: inactive
awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1484
ether fe:b3:46:ef:ab:fc
inet6 fe80::fcb3:46ff:feef:abfc%awdl0 prefixlen 64 scopeid 0xd
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=63<RXCSUM,TXCSUM,TSO4,TSO6>
ether 56:00:3c:fa:15:00
Configuration:
id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
ipfilter disabled flags 0x2
member: en1 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 10 priority 0 path cost 0
member: en2 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 7 priority 0 path cost 0
member: en3 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 11 priority 0 path cost 0
member: en4 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 8 priority 0 path cost 0
nd6 options=201<PERFORMNUD,DAD>
media: <unknown type>
status: inactive
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
inet6 fe80::1c8a:9952:9e0f:3c2f%utun0 prefixlen 64 scopeid 0xf
inet6 fdd3:ece7:7372:dd92:1c8a:9952:9e0f:3c2f prefixlen 64
nd6 options=201<PERFORMNUD,DAD>
utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
inet6 fe80::d25a:302:d945:1f64%utun1 prefixlen 64 scopeid 0x10
nd6 options=201<PERFORMNUD,DAD>
utun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
inet6 fe80::6dc:1f86:90a0:76f7%utun2 prefixlen 64 scopeid 0x11
nd6 options=201<PERFORMNUD,DAD>
vnic0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=3<RXCSUM,TXCSUM>
ether 00:1c:42:00:00:08
inet 10.211.55.2 netmask 0xffffff00 broadcast 10.211.55.255
media: autoselect
status: active
vnic1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=3<RXCSUM,TXCSUM>
ether 00:1c:42:00:00:09
inet 10.37.129.2 netmask 0xffffff00 broadcast 10.37.129.255
media: autoselect
status: active
================================================================================
Console Log:
2017-08-12 14:38:08 Tunnelblick[1453] applicationShouldTerminate: termination because of Quit; delayed until 'shutdownTunnelblick' finishes
2017-08-12 14:38:08 Tunnelblick[1453] Finished shutting down Tunnelblick; allowing termination
2017-08-12 14:38:11 Tunnelblick[9758] Tunnelblick: OS X 10.12.6; Tunnelblick 3.7.1b (build 4813)
2017-08-12 14:41:53 Tunnelblick[9758] BUG in libdispatch client: kevent[EVFILT_MACHPORT] monitored resource vanished before the source cancel handler was invoked
2017-08-12 15:01:07 Tunnelblick[9758] applicationShouldTerminate: termination because of Quit; delayed until 'shutdownTunnelblick' finishes
2017-08-12 15:01:07 Tunnelblick[9758] Finished shutting down Tunnelblick; allowing termination
2017-08-12 15:01:11 Tunnelblick[10406] Tunnelblick: OS X 10.12.6; Tunnelblick 3.7.1b (build 4813)
2017-08-12 15:01:42 Tunnelblick[10406] BUG in libdispatch client: kevent[EVFILT_MACHPORT] monitored resource vanished before the source cancel handler was invoked
Reply all
Reply to author
Forward
0 new messages