Re: help me please.. can't connect to my vpn server properly

[Tunnelblick developer]

The problem you described is a problem with DNS. Usually a VPN server will send the VPN client one or more DNS server addresses. Those DNS addresses are to be used for DNS lookups while the VPN is active. However, your VPN server did not send any DNS address. Because of that, your original DNS servers will be used while the VPN is active. Your original DNS servers are specified as "'168.126.63.1 8.8.8.8". That means that 168.126.63.1 will be used as a DNS server. 8.8.8.8 (Google DNS) will be used only if 168.126.63.1 does not respond (in 30 or 60 seconds).

One cause of the problem you are seeing is if 168.126.63.1 works only from within your ISPs network and you are accessing it from outside of that network.

I don't know how you specified that your computer should use DNS servers of "168.126.63.1 8.8.8.8", but try specifying "8.8.8.8 168.126.64.1" instead. That will use Google's DNS.

An alternative that might work would be to (1) Add the following line to your client.ovpn file and then reinstall it by dragging/dropping the client.ovpn file to the Tunnelblick icon in the menu/status bar while Tunnelblick is running.

dhcp-option DNS 8.8.8.8

On Friday, April 28, 2017 at 4:19:15 AM UTC-4, mnjihw wrote:

Note that no DNS information was "pushed" by the server:

2017-04-28 15:20:36 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0 vpn_gateway 500,redirect-gateway def1,route 10.8.0.1,topology net30,ping 15,ping-restart 60,ifconfig 10.8.0.6 10.8.0.5'2017-04-28 15:20:36 OPTIONS IMPORT: timers and/or timeouts modified

 

 

The DNS servers that will be used are shown by:

                                        DNS servers '168.126.63.1 8.8.8.8' will be used for DNS queries when the VPN is active

 

                                        NOTE: The DNS servers include one or more free public DNS servers known to Tunnelblick and one or more DNS servers not known to Tunnelblick. If used, the DNS servers not known to Tunnelblick may cause DNS queries to fail or be intercepted or falsified even if they are directed through the VPN. Specify only known public DNS servers or DNS servers located on the VPN network to avoid such problems.

This shows that there is a DNS problem:

 

2017-04-28 13:24:28 Tunnelblick[1391] currentIPInfo(Name): IP address info could not be fetched within 35.0 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1001 "요청한 시간이 초과되었습니다." UserInfo={NSUnderlyingError=0x608000844ec0 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "요청한 시간이 초과되었습니다." UserInfo={NSErrorFailingURLStringKey=https://www.tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://www.tunnelblick.net/ipinfo, _kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4, NSLocalizedDescription=요청한 시간이 초과되었습니다.}}, NSErrorFailingURLStringKey=https://www.tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://www.tunnelblick.net/ipinfo, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-2102, NSLocalizedDescription=요청한 시간이 초과되었습니다.}'; the response was '(null)'

[Tunnelblick developer]

The problem is that 168.126.63.1 does not work when you are connected through the VPN. If you have that IP address first in the list of DNS servers, then it will be used.

8.8.8.8 is a Google DNS server and almost always works, even from a VPN.

The other issues (temporary disconnect and the replay error) are problems with your ASUS router and/or connection. Contact ASUS for help with them.

On Friday, April 28, 2017 at 7:37:24 AM UTC-4, mnjihw wrote:

umm.............................

It works for now.. How did you do that?

I cannot thank you enough...

What exactly does 8.8.8.8 do? 

But It gets temporarily disconnected occasionally when I send message with a messenger called kakaotalk.

And sometimes when I access certain webpage, its loading time is unusually slow...

I googled and found that 8.8.4.4 is an alternate DNS server IP.

If this problem resulted from my not having added an alternate DNS IP, how can I add the second DNS IP?

-------------------------------------

Oh, I found this error log just now

"2017-04-28 19:54:03 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3608 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings"

It was logged about 20 lines and these are the same text..

What's wrong? I can't understand this error.

-------------------------------------------
2017년 4월 28일 금요일 오후 7시 43분 27초 UTC+9, Tunnelblick developer 님의 말: