Hi thanks for the that link.
I tried to follow the instructions. One problem is once TunnelBlick is connected, the DNS Server settings is changed to 10.0.0.1 with search Domians: openvpn.
*Tunnelblick: OS X 10.12.6; Tunnelblick 3.7.2 (build 4850); prior version 3.7.1b (build 4813); Admin user
git commit 824d63c81283c33b80390863a026b1929b55b20a
Configuration home
"Sanitized" condensed configuration file for /Library/Application Support/Tunnelblick/Shared/home.tblk:
client
dev tap
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
cipher AES-128-CBC
comp-lzo
verb 5
script-security 2
up dhcp-client-request.sh
================================================================================
Non-Apple kexts that are loaded:
Index Refs Address Size Wired Name (Version) UUID <Linked Against>
147 0 0xffffff7f8335b000 0x16000 0x16000 com.eset.kext.esets-mac (640.16.80f01) 79864745-541C-34D1-A70D-75CC082D7DBA <146 145 126 49 47 41 16 5 4 3 1>
148 0 0xffffff7f83371000 0xe000 0xe000 com.eset.kext.esets-pfw (640.16.80f01) 03D3FBCA-465A-3BA9-9874-D1A32F683E88 <5 4 1>
149 0 0xffffff7f8337f000 0x13000 0x13000 com.eset.kext.esets-kac (640.16.80f01) 9C407A56-BEBD-39A3-89DD-8B446D2FA0EB <5 4 3 1>
216 0 0xffffff7f834c4000 0x7000 0x7000 net.tunnelblick.tap (4850.3) 7CADB84E-01B1-3CD4-8FE3-CA4D2BE6C67E <7 5 4 1>
================================================================================
Unusual files in home.tblk:
Contents/Resources/dhcp-client-request.sh
================================================================================
Configuration preferences:
-resetPrimaryInterfaceAfterDisconnect = 0
-routeAllTrafficThroughVpn = 1
-useRouteUpInsteadOfUp = 1
-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
-lastConnectionSucceeded = 1
================================================================================
Wildcard preferences:
================================================================================
Program preferences:
launchAtNextLogin = 1
notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
askedUserIfOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
tunnelblickVersionHistory = (
"3.7.2 (build 4850)",
"3.7.1b (build 4813)",
"3.7.1a (build 4812)"
)
statusDisplayNumber = 0
lastLaunchTime = 527376091.251534
lastLanguageAtLaunchWasRTL = 0
connectionWindowDisplayCriteria = showWhenConnecting
maxLogDisplaySize = 102400
lastConnectedDisplayName = home
keyboardShortcutIndex = 1
updateCheckAutomatically = 1
updateSendProfileInfo = 1
NSWindow Frame ConnectingWindow = 767 652 389 187 0 0 1920 1057
NSWindow Frame SUUpdateAlert = 2570 498 620 392 1920 0 1920 1057
detailsWindowFrameVersion = 4850
detailsWindowFrame = {{279, 453}, {920, 468}}
detailsWindowLeftFrame = {{0, 0}, {165, 350}}
detailsWindowViewIndex = 0
detailsWindowConfigurationsTabIdentifier = log
leftNavSelectedDisplayName = home
AdvancedWindowTabIdentifier = connectingAndDisconnecting
haveDealtWithSparkle1dot5b6 = 1
haveDealtWithOldTunTapPreferences = 1
haveDealtWithOldLoginItem = 1
SUEnableAutomaticChecks = 1
SUScheduledCheckInterval = 86400
SUSendProfileInfo = 1
SULastCheckTime = 2017-09-17 21:21:32 +0000
SULastProfileSubmissionDate = 2017-09-13 04:34:05 +0000
SUHasLaunchedBefore = 1
WebKitDefaultFontSize = 16
WebKitStandardFont = Times
================================================================================
Tunnelblick Log:
*Tunnelblick: OS X 10.12.6; Tunnelblick 3.7.2 (build 4850); prior version 3.7.1b (build 4813)
2017-09-18 09:22:57 *Tunnelblick: Attempting connection with home; Set nameserver = 769; monitoring connection
2017-09-18 09:22:57 *Tunnelblick: openvpnstart start home.tblk 1337 769 0 3 0 1098610 -ptADGNWradsgnw 2.3.17-openssl-1.0.2k
2017-09-18 09:22:57 *Tunnelblick: openvpnstart log:
Loading tap-signed.kext
OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.17-openssl-1.0.2k/openvpn
--daemon
--log
/Library/Application Support/Tunnelblick/Logs/-SLibrary-SApplication Support-STunnelblick-SShared-Shome.tblk-SContents-SResources-Sconfig.ovpn.769_0_3_0_1098610.1337.openvpn.log
--cd
/Library/Application Support/Tunnelblick/Shared/home.tblk/Contents/Resources
--verb
3
--config
/Library/Application Support/Tunnelblick/Shared/home.tblk/Contents/Resources/config.ovpn
--verb
3
--cd
/Library/Application Support/Tunnelblick/Shared/home.tblk/Contents/Resources
--management
127.0.0.1
1337
--management-query-passwords
--management-hold
--redirect-gateway
def1
--script-security
2
--route-up
--down
--route-pre-down
2017-09-18 09:22:57 *Tunnelblick: Established communication with OpenVPN
2017-09-18 09:22:57 OpenVPN 2.3.17 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Aug 17 2017
2017-09-18 09:22:57 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09
2017-09-18 09:22:57 MANAGEMENT: TCP Socket listening on [AF_INET]
127.0.0.1:13372017-09-18 09:22:57 Need hold release from management interface, waiting...
2017-09-18 09:22:57 MANAGEMENT: Client connected from [AF_INET]
127.0.0.1:13372017-09-18 09:22:57 MANAGEMENT: CMD 'pid'
2017-09-18 09:22:57 MANAGEMENT: CMD 'state on'
2017-09-18 09:22:57 MANAGEMENT: CMD 'state'
2017-09-18 09:22:57 MANAGEMENT: CMD 'bytecount 1'
2017-09-18 09:22:57 MANAGEMENT: CMD 'hold release'
2017-09-18 09:22:57 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2017-09-18 09:22:57 Socket Buffers: R=[196724->196724] S=[9216->9216]
2017-09-18 09:22:57 MANAGEMENT: >STATE:1505683377,RESOLVE,,,
2017-09-18 09:22:57 UDPv4 link local: [undef]
2017-09-18 09:22:57 MANAGEMENT: >STATE:1505683377,WAIT,,,
2017-09-18 09:22:57 MANAGEMENT: >STATE:1505683377,AUTH,,,
2017-09-18 09:22:57 TLS: Initial packet from [AF_INET]
125.237.51.13:12974, sid=ebc24425 6a2ab2bc
2017-09-18 09:22:57 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=netgear CA, name=EasyRSA, emailAddress=mail@netgear
2017-09-18 09:22:57 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=server, name=EasyRSA, emailAddress=mail@netgear
2017-09-18 09:22:57 *Tunnelblick: openvpnstart starting OpenVPN
2017-09-18 09:22:58 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
2017-09-18 09:22:58 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2017-09-18 09:22:58 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
2017-09-18 09:22:58 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2017-09-18 09:22:58 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
2017-09-18 09:22:59 MANAGEMENT: >STATE:1505683379,GET_CONFIG,,,
2017-09-18 09:23:00 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2017-09-18 09:23:00 PUSH: Received control message: 'PUSH_REPLY,ping 10,ping-restart 120,route-delay 10,route 10.0.0.0 255.255.255.0 10.0.0.1'
2017-09-18 09:23:00 OPTIONS IMPORT: timers and/or timeouts modified
2017-09-18 09:23:00 OPTIONS IMPORT: route options modified
2017-09-18 09:23:00 OPTIONS IMPORT: route-related options modified
2017-09-18 09:23:00 TUN/TAP device /dev/tap0 opened
2017-09-18 09:23:00 dhcp-client-request.sh tap0 1500 1590 init
2017-09-18 09:23:10 NOTE: unable to redirect default gateway -- VPN gateway parameter (--route-gateway or --ifconfig) is missing
2017-09-18 09:23:10 MANAGEMENT: >STATE:1505683390,ADD_ROUTES,,,
2017-09-18 09:23:10 /sbin/route add -net 10.0.0.0 10.0.0.1 255.255.255.0
route: writing to routing socket: File exists
**********************************************
Did 'ipconfig set "tap0" DHCP'
Configuring tap DNS via DHCP asynchronously
**********************************************
2017-09-18 09:23:12 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2017-09-18 09:23:12 Initialization Sequence Completed
2017-09-18 09:23:12 MANAGEMENT: >STATE:1505683392,CONNECTED,SUCCESS,,125.237.51.13
2017-09-18 09:23:12 *Tunnelblick: No 'connected.sh' script to execute
Sleeping for 0 seconds to wait for DHCP to finish setup.
Retrieved from DHCP/BOOTP packet: name server(s) [ 10.0.0.1 ], search domain(s) [ ] and SMB server(s) [ ] and using default domain name [ openvpn ]
Not aggregating ServerAddresses because running on OS X 10.6 or higher
Setting search domains to 'openvpn' because running under OS X 10.6 or higher and the search domains were not set manually (or are allowed to be changed) and 'Prepend domain name to search domains' was not selected
Saved the DNS and SMB configurations so they can be restored
Changed DNS ServerAddresses setting from '172.16.1.25 172.16.1.26 192.100.118.208' to '10.0.0.1'
Changed DNS SearchDomains setting from '' to 'openvpn'
Changed DNS DomainName setting from 'FINZOFFICE' to 'openvpn'
Did not change SMB NetBIOSName setting of ''
Did not change SMB Workgroup setting of ''
Did not change SMB WINSAddresses setting of ''
DNS servers '10.0.0.1' will be used for DNS queries when the VPN is active
NOTE: The DNS servers do not include any free public DNS servers known to Tunnelblick. This may cause DNS queries to fail or be intercepted or falsified even if they are directed through the VPN. Specify only known public DNS servers or DNS servers located on the VPN network to avoid such problems.
Flushed the DNS cache via dscacheutil
/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
Notified mDNSResponder that the DNS cache was flushed
Setting up to monitor system configuration with process-network-changes
2017-09-18 09:23:17 *Tunnelblick: This computer's apparent public IP address (219.88.73.141) was unchanged after the connection was made
2017-09-18 09:23:21 *Tunnelblick process-network-changes: A system configuration change was ignored
================================================================================
"Sanitized" full configuration file
client
dev tap
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
cipher AES-128-CBC
comp-lzo
verb 5
script-security 2
up dhcp-client-request.sh
================================================================================
ifconfig output:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8823<UP,BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500
ether 34:36:3b:cd:a5:a4
nd6 options=201<PERFORMNUD,DAD>
media: autoselect (<unknown type>)
status: inactive
en1: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
options=60<TSO4,TSO6>
ether 72:00:08:49:85:00
media: autoselect <full-duplex>
status: inactive
en2: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
options=60<TSO4,TSO6>
ether 72:00:08:49:85:01
media: autoselect <full-duplex>
status: inactive
p2p0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 2304
ether 06:36:3b:cd:a5:a4
media: autoselect
status: inactive
awdl0: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> mtu 1484
ether ee:ef:4f:42:e5:e2
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: inactive
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=63<RXCSUM,TXCSUM,TSO4,TSO6>
ether 72:00:08:49:85:00
Configuration:
id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
ipfilter disabled flags 0x2
member: en1 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 5 priority 0 path cost 0
member: en2 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 6 priority 0 path cost 0
nd6 options=201<PERFORMNUD,DAD>
media: <unknown type>
status: inactive
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
inet6 fe80::1c75:27ad:7498:179%utun0 prefixlen 64 scopeid 0xa
nd6 options=201<PERFORMNUD,DAD>
en3: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=10b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV>
ether ac:87:a3:10:d1:6e
inet6 fe80::18ee:ef27:ba15:36e8%en3 prefixlen 64 secured scopeid 0xc
inet 172.16.194.23 netmask 0xffffff00 broadcast 172.16.194.255
nd6 options=201<PERFORMNUD,DAD>
media: autoselect (1000baseT <full-duplex>)
status: active
tap0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether ee:39:6c:69:64:fe
inet 10.0.0.51 netmask 0xffffff00 broadcast 10.0.0.255
media: autoselect
status: active
open (pid 18157)
================================================================================
Console Log:
2017-09-18 09:07:17 ksinstall[17601] 2017-09-18 09:07:17.899 ksinstall[17601/0xa6f3f1c0] [lvl=2] -[KeystoneInstallTool main] Google Software Update installer started.
2017-09-18 09:07:17 ksinstall[17601] 2017-09-18 09:07:17.913 ksinstall[17601/0xa6f3f1c0] [lvl=2] -[KeystoneInstallTool main] Google Software Update installer starting Installation.
2017-09-18 09:07:18 ksinstall[17601] 2017-09-18 09:07:18.137 ksinstall[17601/0xa6f3f1c0] [lvl=2] -[KeystoneInstallTool main] Google Software Update installer ran successfully.
2017-09-18 09:14:12 Tunnelblick[17674] Tunnelblick: OS X 10.12.6; Tunnelblick 3.7.2 (build 4850)
2017-09-18 09:14:15 Tunnelblick[17674] Sparkle: ===== Tunnelblick =====
2017-09-18 09:14:15 Tunnelblick[17674] Sparkle: Verified appcast signature
2017-09-18 09:21:27 Tunnelblick[17674] applicationShouldTerminate: termination for unknown reason, probably Command-Q; delayed until 'shutdownTunnelblick' finishes
2017-09-18 09:21:28 Tunnelblick[17674] Finished shutting down Tunnelblick; allowing termination
2017-09-18 09:21:30 Tunnelblick[18133] Tunnelblick: OS X 10.12.6; Tunnelblick 3.7.2 (build 4850)
2017-09-18 09:21:32 Tunnelblick[18133] Sparkle: ===== Tunnelblick =====
2017-09-18 09:21:32 Tunnelblick[18133] Sparkle: Verified appcast signature