Public IP not changing?
89 views
Skip to first unread message
Jas
Sep 14, 2017, 1:14:29 AM9/14/17
to tunnelblick-discuss
I am new to tunnelblick. It worked like a charm in terms of connecting to my VPN at home. I can access all of my home-lan servers, NAS etc.
I configured to route all IPv4 traffic through this VPN. As you can see from the screenshot:
However, when browsing webpages, my public IP does not change to my home IP. It does not seem to be routing any traffic via the VPN other than the ones in my Lan's IP range (10.0.0.x).
Any ideas why?
I am on MacOS Sierra, Tunnelblick 3.7.2 (build 4850).
Thanks,
Jas
Jas
Tunnelblick developer
Sep 14, 2017, 6:40:09 AM9/14/17
to tunnelblick-discuss
Please follow the instructions at Read Before You Post to get the info needed to diagnose problems and then post that info.
Jas
Sep 17, 2017, 5:25:56 PM9/17/17
to tunnelblick-discuss
Hi thanks for the that link.
I tried to follow the instructions. One problem is once TunnelBlick is connected, the DNS Server settings is changed to 10.0.0.1 with search Domians: openvpn.
I do get the warning saying public ip does not change.
Please see the logs below.
*Tunnelblick: OS X 10.12.6; Tunnelblick 3.7.2 (build 4850); prior version 3.7.1b (build 4813); Admin user
git commit 824d63c81283c33b80390863a026b1929b55b20a
Configuration home
"Sanitized" condensed configuration file for /Library/Application Support/Tunnelblick/Shared/home.tblk:
client
dev tap
proto udp
remote chace.mynetgear.com 12974
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
cipher AES-128-CBC
comp-lzo
verb 5
script-security 2
up dhcp-client-request.sh
================================================================================
Non-Apple kexts that are loaded:
Index Refs Address Size Wired Name (Version) UUID <Linked Against>
147 0 0xffffff7f8335b000 0x16000 0x16000 com.eset.kext.esets-mac (640.16.80f01) 79864745-541C-34D1-A70D-75CC082D7DBA <146 145 126 49 47 41 16 5 4 3 1>
148 0 0xffffff7f83371000 0xe000 0xe000 com.eset.kext.esets-pfw (640.16.80f01) 03D3FBCA-465A-3BA9-9874-D1A32F683E88 <5 4 1>
149 0 0xffffff7f8337f000 0x13000 0x13000 com.eset.kext.esets-kac (640.16.80f01) 9C407A56-BEBD-39A3-89DD-8B446D2FA0EB <5 4 3 1>
216 0 0xffffff7f834c4000 0x7000 0x7000 net.tunnelblick.tap (4850.3) 7CADB84E-01B1-3CD4-8FE3-CA4D2BE6C67E <7 5 4 1>
================================================================================
Unusual files in home.tblk:
Contents/Resources/dhcp-client-request.sh
================================================================================
Configuration preferences:
-resetPrimaryInterfaceAfterDisconnect = 0
-routeAllTrafficThroughVpn = 1
-useRouteUpInsteadOfUp = 1
-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
-lastConnectionSucceeded = 1
================================================================================
Wildcard preferences:
================================================================================
Program preferences:
launchAtNextLogin = 1
notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
askedUserIfOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
tunnelblickVersionHistory = (
"3.7.2 (build 4850)",
"3.7.1b (build 4813)",
"3.7.1a (build 4812)"
)
statusDisplayNumber = 0
lastLaunchTime = 527376091.251534
lastLanguageAtLaunchWasRTL = 0
connectionWindowDisplayCriteria = showWhenConnecting
maxLogDisplaySize = 102400
lastConnectedDisplayName = home
keyboardShortcutIndex = 1
updateCheckAutomatically = 1
updateSendProfileInfo = 1
NSWindow Frame ConnectingWindow = 767 652 389 187 0 0 1920 1057
NSWindow Frame SUUpdateAlert = 2570 498 620 392 1920 0 1920 1057
detailsWindowFrameVersion = 4850
detailsWindowFrame = {{279, 453}, {920, 468}}
detailsWindowLeftFrame = {{0, 0}, {165, 350}}
detailsWindowViewIndex = 0
detailsWindowConfigurationsTabIdentifier = log
leftNavSelectedDisplayName = home
AdvancedWindowTabIdentifier = connectingAndDisconnecting
haveDealtWithSparkle1dot5b6 = 1
haveDealtWithOldTunTapPreferences = 1
haveDealtWithOldLoginItem = 1
SUEnableAutomaticChecks = 1
SUScheduledCheckInterval = 86400
SUSendProfileInfo = 1
SULastCheckTime = 2017-09-17 21:21:32 +0000
SULastProfileSubmissionDate = 2017-09-13 04:34:05 +0000
SUHasLaunchedBefore = 1
WebKitDefaultFontSize = 16
WebKitStandardFont = Times
================================================================================
Tunnelblick Log:
*Tunnelblick: OS X 10.12.6; Tunnelblick 3.7.2 (build 4850); prior version 3.7.1b (build 4813)
2017-09-18 09:22:57 *Tunnelblick: Attempting connection with home; Set nameserver = 769; monitoring connection
2017-09-18 09:22:57 *Tunnelblick: openvpnstart start home.tblk 1337 769 0 3 0 1098610 -ptADGNWradsgnw 2.3.17-openssl-1.0.2k
2017-09-18 09:22:57 *Tunnelblick: openvpnstart log:
Loading tap-signed.kext
OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.17-openssl-1.0.2k/openvpn
--daemon
--log
/Library/Application Support/Tunnelblick/Logs/-SLibrary-SApplication Support-STunnelblick-SShared-Shome.tblk-SContents-SResources-Sconfig.ovpn.769_0_3_0_1098610.1337.openvpn.log
--cd
/Library/Application Support/Tunnelblick/Shared/home.tblk/Contents/Resources
--verb
3
--config
/Library/Application Support/Tunnelblick/Shared/home.tblk/Contents/Resources/config.ovpn
--verb
3
--cd
/Library/Application Support/Tunnelblick/Shared/home.tblk/Contents/Resources
--management
127.0.0.1
1337
--management-query-passwords
--management-hold
--redirect-gateway
def1
--script-security
2
--route-up
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -a -d -f -m -w -ptADGNWradsgnw
--down
/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -a -d -f -m -w -ptADGNWradsgnw
--route-pre-down
/Applications/Tunnelblick.app/Contents/Resources/client.route-pre-down.tunnelblick.sh -9 -a -d -f -m -w -ptADGNWradsgnw
2017-09-18 09:22:57 *Tunnelblick: Established communication with OpenVPN
2017-09-18 09:22:57 OpenVPN 2.3.17 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Aug 17 2017
2017-09-18 09:22:57 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09
2017-09-18 09:22:57 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337
2017-09-18 09:22:57 Need hold release from management interface, waiting...
2017-09-18 09:22:57 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337
2017-09-18 09:22:57 MANAGEMENT: CMD 'pid'
2017-09-18 09:22:57 MANAGEMENT: CMD 'state on'
2017-09-18 09:22:57 MANAGEMENT: CMD 'state'
2017-09-18 09:22:57 MANAGEMENT: CMD 'bytecount 1'
2017-09-18 09:22:57 MANAGEMENT: CMD 'hold release'
2017-09-18 09:22:57 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2017-09-18 09:22:57 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2017-09-18 09:22:57 Socket Buffers: R=[196724->196724] S=[9216->9216]
2017-09-18 09:22:57 MANAGEMENT: >STATE:1505683377,RESOLVE,,,
2017-09-18 09:22:57 UDPv4 link local: [undef]
2017-09-18 09:22:57 UDPv4 link remote: [AF_INET]125.237.51.13:12974
2017-09-18 09:22:57 MANAGEMENT: >STATE:1505683377,WAIT,,,
2017-09-18 09:22:57 MANAGEMENT: >STATE:1505683377,AUTH,,,
2017-09-18 09:22:57 TLS: Initial packet from [AF_INET]125.237.51.13:12974, sid=ebc24425 6a2ab2bc
2017-09-18 09:22:57 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=netgear CA, name=EasyRSA, emailAddress=mail@netgear
2017-09-18 09:22:57 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=server, name=EasyRSA, emailAddress=mail@netgear
2017-09-18 09:22:57 *Tunnelblick: openvpnstart starting OpenVPN
2017-09-18 09:22:58 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
2017-09-18 09:22:58 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2017-09-18 09:22:58 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
2017-09-18 09:22:58 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2017-09-18 09:22:58 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
2017-09-18 09:22:58 [server] Peer Connection Initiated with [AF_INET]125.237.51.13:12974
2017-09-18 09:22:59 MANAGEMENT: >STATE:1505683379,GET_CONFIG,,,
2017-09-18 09:23:00 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2017-09-18 09:23:00 PUSH: Received control message: 'PUSH_REPLY,ping 10,ping-restart 120,route-delay 10,route 10.0.0.0 255.255.255.0 10.0.0.1'
2017-09-18 09:23:00 OPTIONS IMPORT: timers and/or timeouts modified
2017-09-18 09:23:00 OPTIONS IMPORT: route options modified
2017-09-18 09:23:00 OPTIONS IMPORT: route-related options modified
2017-09-18 09:23:00 TUN/TAP device /dev/tap0 opened
2017-09-18 09:23:00 dhcp-client-request.sh tap0 1500 1590 init
2017-09-18 09:23:10 NOTE: unable to redirect default gateway -- VPN gateway parameter (--route-gateway or --ifconfig) is missing
2017-09-18 09:23:10 MANAGEMENT: >STATE:1505683390,ADD_ROUTES,,,
2017-09-18 09:23:10 /sbin/route add -net 10.0.0.0 10.0.0.1 255.255.255.0
route: writing to routing socket: File exists
**********************************************
Start of output from client.up.tunnelblick.sh
Did 'ipconfig set "tap0" DHCP'
Configuring tap DNS via DHCP asynchronously
End of output from client.up.tunnelblick.sh
**********************************************
2017-09-18 09:23:12 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2017-09-18 09:23:12 Initialization Sequence Completed
2017-09-18 09:23:12 MANAGEMENT: >STATE:1505683392,CONNECTED,SUCCESS,,125.237.51.13
2017-09-18 09:23:12 *Tunnelblick: No 'connected.sh' script to execute
Sleeping for 0 seconds to wait for DHCP to finish setup.
Retrieved from DHCP/BOOTP packet: name server(s) [ 10.0.0.1 ], search domain(s) [ ] and SMB server(s) [ ] and using default domain name [ openvpn ]
Not aggregating ServerAddresses because running on OS X 10.6 or higher
Setting search domains to 'openvpn' because running under OS X 10.6 or higher and the search domains were not set manually (or are allowed to be changed) and 'Prepend domain name to search domains' was not selected
Saved the DNS and SMB configurations so they can be restored
Changed DNS ServerAddresses setting from '172.16.1.25 172.16.1.26 192.100.118.208' to '10.0.0.1'
Changed DNS SearchDomains setting from '' to 'openvpn'
Changed DNS DomainName setting from 'FINZOFFICE' to 'openvpn'
Did not change SMB NetBIOSName setting of ''
Did not change SMB Workgroup setting of ''
Did not change SMB WINSAddresses setting of ''
DNS servers '10.0.0.1' will be used for DNS queries when the VPN is active
NOTE: The DNS servers do not include any free public DNS servers known to Tunnelblick. This may cause DNS queries to fail or be intercepted or falsified even if they are directed through the VPN. Specify only known public DNS servers or DNS servers located on the VPN network to avoid such problems.
Flushed the DNS cache via dscacheutil
/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
Notified mDNSResponder that the DNS cache was flushed
Setting up to monitor system configuration with process-network-changes
2017-09-18 09:23:17 *Tunnelblick: This computer's apparent public IP address (219.88.73.141) was unchanged after the connection was made
2017-09-18 09:23:21 *Tunnelblick process-network-changes: A system configuration change was ignored
================================================================================
"Sanitized" full configuration file
client
dev tap
proto udp
remote chace.mynetgear.com 12974
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
cipher AES-128-CBC
comp-lzo
verb 5
script-security 2
up dhcp-client-request.sh
================================================================================
ifconfig output:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8823<UP,BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500
ether 34:36:3b:cd:a5:a4
nd6 options=201<PERFORMNUD,DAD>
media: autoselect (<unknown type>)
status: inactive
en1: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
options=60<TSO4,TSO6>
ether 72:00:08:49:85:00
media: autoselect <full-duplex>
status: inactive
en2: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
options=60<TSO4,TSO6>
ether 72:00:08:49:85:01
media: autoselect <full-duplex>
status: inactive
p2p0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 2304
ether 06:36:3b:cd:a5:a4
media: autoselect
status: inactive
awdl0: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> mtu 1484
ether ee:ef:4f:42:e5:e2
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: inactive
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=63<RXCSUM,TXCSUM,TSO4,TSO6>
ether 72:00:08:49:85:00
Configuration:
id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
ipfilter disabled flags 0x2
member: en1 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 5 priority 0 path cost 0
member: en2 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 6 priority 0 path cost 0
nd6 options=201<PERFORMNUD,DAD>
media: <unknown type>
status: inactive
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
inet6 fe80::1c75:27ad:7498:179%utun0 prefixlen 64 scopeid 0xa
nd6 options=201<PERFORMNUD,DAD>
en3: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=10b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV>
ether ac:87:a3:10:d1:6e
inet6 fe80::18ee:ef27:ba15:36e8%en3 prefixlen 64 secured scopeid 0xc
inet 172.16.194.23 netmask 0xffffff00 broadcast 172.16.194.255
nd6 options=201<PERFORMNUD,DAD>
media: autoselect (1000baseT <full-duplex>)
status: active
tap0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether ee:39:6c:69:64:fe
inet 10.0.0.51 netmask 0xffffff00 broadcast 10.0.0.255
media: autoselect
status: active
open (pid 18157)
================================================================================
Console Log:
2017-09-18 09:07:17 ksinstall[17601] 2017-09-18 09:07:17.899 ksinstall[17601/0xa6f3f1c0] [lvl=2] -[KeystoneInstallTool main] Google Software Update installer started.
2017-09-18 09:07:17 ksinstall[17601] 2017-09-18 09:07:17.913 ksinstall[17601/0xa6f3f1c0] [lvl=2] -[KeystoneInstallTool main] Google Software Update installer starting Installation.
2017-09-18 09:07:18 ksinstall[17601] 2017-09-18 09:07:18.137 ksinstall[17601/0xa6f3f1c0] [lvl=2] -[KeystoneInstallTool main] Google Software Update installer ran successfully.
2017-09-18 09:14:12 Tunnelblick[17674] Tunnelblick: OS X 10.12.6; Tunnelblick 3.7.2 (build 4850)
2017-09-18 09:14:15 Tunnelblick[17674] Sparkle: ===== Tunnelblick =====
2017-09-18 09:14:15 Tunnelblick[17674] Sparkle: Verified appcast signature
2017-09-18 09:21:27 Tunnelblick[17674] applicationShouldTerminate: termination for unknown reason, probably Command-Q; delayed until 'shutdownTunnelblick' finishes
2017-09-18 09:21:28 Tunnelblick[17674] Finished shutting down Tunnelblick; allowing termination
2017-09-18 09:21:30 Tunnelblick[18133] Tunnelblick: OS X 10.12.6; Tunnelblick 3.7.2 (build 4850)
2017-09-18 09:21:32 Tunnelblick[18133] Sparkle: ===== Tunnelblick =====
2017-09-18 09:21:32 Tunnelblick[18133] Sparkle: Verified appcast signature
Tunnelblick developer
Sep 17, 2017, 6:04:50 PM9/17/17
to tunnelblick-discuss
Please see my comments below.
On Sunday, September 17, 2017 at 5:25:56 PM UTC-4, Jas wrote:
"Sanitized" condensed configuration file for /Library/Application Support/Tunnelblick/Shared/home.tblk:clientdev tapproto udpremote chace.mynetgear.com 12974resolv-retry infinitenobindpersist-keypersist-tunca ca.crtcert client.crtkey client.keycipher AES-128-CBCcomp-lzoverb 5script-security 2up dhcp-client-request.sh
Three problems:
- The "up" will be ignored. If you want to use that script as an "up" script, rename it to "up.tunnelblick.sh". Please see Using Scripts for details.
- "persist-tun" can cause problems if/when network errors make OpenVPN try to reconnect.
- "script-security 2" is not needed in the configuration file; Tunnelblick will automatically supply it if it is needed.
Non-Apple kexts that are loaded:Index Refs Address Size Wired Name (Version) UUID <Linked Against>147 0 0xffffff7f8335b000 0x16000 0x16000 com.eset.kext.esets-mac (640.16.80f01) 79864745-541C-34D1-A70D-75CC082D7DBA <146 145 126 49 47 41 16 5 4 3 1>148 0 0xffffff7f83371000 0xe000 0xe000 com.eset.kext.esets-pfw (640.16.80f01) 03D3FBCA-465A-3BA9-9874-D1A32F683E88 <5 4 1>149 0 0xffffff7f8337f000 0x13000 0x13000 com.eset.kext.esets-kac (640.16.80f01) 9C407A56-BEBD-39A3-89DD-8B446D2FA0EB <5 4 3 1>216 0 0xffffff7f834c4000 0x7000 0x7000 net.tunnelblick.tap (4850.3) 7CADB84E-01B1-3CD4-8FE3-CA4D2BE6C67E <7 5 4 1>
Antivirus kext is probably intercepting all network packets; this may be causing all sorts of problems.
================================================================================Unusual files in home.tblk:Contents/Resources/dhcp-client-request.sh================================================================================
See my earlier comment.
2017-09-18 09:23:10 NOTE: unable to redirect default gateway -- VPN gateway parameter (--route-gateway or --ifconfig) is missing
So OpenVPN didn't do the additional routing commands to implement "Route all IPv4 traffic through the VPN". (Tunnelblick tells OpenVPN to do that by specifying the "redirect-gateway def1" option to OpenVPN.)
This seems to be a problem, too. I don't know why it happened.
Jas
Sep 17, 2017, 8:23:17 PM9/17/17
to tunnelblick-discuss
Thanks for the fast reply!
Following your diagnosis, I made the following changes.
1. Renamed the dhcp-client-request.sh to up.tunnelblick.sh and updated the client.conf to reference the new file name.
2. Removed persist-tun
3. Removed script-security 2
4. Killed eset anti-virus processes
I do not know what to do with this line from your comments: "So OpenVPN didn't do the additional routing commands to implement "Route all IPv4 traffic through the VPN". (Tunnelblick tells OpenVPN to do that by specifying the "redirect-gateway def1" option to OpenVPN.)
". Do I need to add a new script or new config line? I thought the tick for the option should do that.
I installed the new conf, cleared the logs, reconnected, but still the same problem.
Please see the latest logs below. Many thanks for your support.
Also note the up.tunnelblick.sh just has one line: "/usr/sbin/ipconfig set tap0 dhcp"
*Tunnelblick: OS X 10.12.6; Tunnelblick 3.7.2 (build 4850); prior version 3.7.1b (build 4813)
2017-09-18 12:21:13 *Tunnelblick: Attempting connection with chace.mynetgear.com using shadow copy; Set nameserver = 769; monitoring connection
2017-09-18 12:21:13 *Tunnelblick: openvpnstart start chace.mynetgear.com.tblk 1337 769 0 1 0 1065842 -ptADGNWradsgnw 2.3.17-openssl-1.0.2k
2017-09-18 12:21:13 *Tunnelblick: openvpnstart log:
Loading tap-signed.kext
OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.17-openssl-1.0.2k/openvpn
--daemon
--log
/Library/Application Support/Tunnelblick/Logs/-SUsers-Sjason.wang-SLibrary-SApplication Support-STunnelblick-SConfigurations-Schace.mynetgear.com.tblk-SContents-SResources-Sconfig.ovpn.769_0_1_0_1065842.1337.openvpn.log
--cd
/Library/Application Support/Tunnelblick/Users/jason.wang/chace.mynetgear.com.tblk/Contents/Resources
--verb
3
--config
/Library/Application Support/Tunnelblick/Users/jason.wang/chace.mynetgear.com.tblk/Contents/Resources/config.ovpn
--verb
3
--cd
/Library/Application Support/Tunnelblick/Users/jason.wang/chace.mynetgear.com.tblk/Contents/Resources
--management
127.0.0.1
1337
--management-query-passwords
--management-hold
--redirect-gateway
def1
--script-security
2
--up
"/Library/Application Support/Tunnelblick/Users/jason.wang/chace.mynetgear.com.tblk/Contents/Resources/up.tunnelblick.sh" -9 -a -d -f -m -w -ptADGNWradsgnw
--down
/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -a -d -f -m -w -ptADGNWradsgnw
--route-pre-down
/Applications/Tunnelblick.app/Contents/Resources/client.route-pre-down.tunnelblick.sh -9 -a -d -f -m -w -ptADGNWradsgnw
2017-09-18 12:21:13 *Tunnelblick: Established communication with OpenVPN
2017-09-18 12:21:13 Multiple --up scripts defined. The previously configured script is overridden.
2017-09-18 12:21:13 OpenVPN 2.3.17 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Aug 17 2017
2017-09-18 12:21:13 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09
2017-09-18 12:21:13 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337
2017-09-18 12:21:13 Need hold release from management interface, waiting...
2017-09-18 12:21:13 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337
2017-09-18 12:21:13 MANAGEMENT: CMD 'pid'
2017-09-18 12:21:13 MANAGEMENT: CMD 'state on'
2017-09-18 12:21:13 MANAGEMENT: CMD 'state'
2017-09-18 12:21:13 MANAGEMENT: CMD 'bytecount 1'
2017-09-18 12:21:13 MANAGEMENT: CMD 'hold release'
2017-09-18 12:21:13 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2017-09-18 12:21:13 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2017-09-18 12:21:13 Socket Buffers: R=[196724->196724] S=[9216->9216]
2017-09-18 12:21:13 MANAGEMENT: >STATE:1505694073,RESOLVE,,,
2017-09-18 12:21:13 *Tunnelblick: openvpnstart starting OpenVPN
2017-09-18 12:21:16 UDPv4 link local: [undef]
2017-09-18 12:21:16 UDPv4 link remote: [AF_INET]125.237.51.13:12974
2017-09-18 12:21:16 MANAGEMENT: >STATE:1505694076,WAIT,,,
2017-09-18 12:21:16 MANAGEMENT: >STATE:1505694076,AUTH,,,
2017-09-18 12:21:16 TLS: Initial packet from [AF_INET]125.237.51.13:12974, sid=6525bf93 757244b9
2017-09-18 12:21:16 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=netgear CA, name=EasyRSA, emailAddress=mail@netgear
2017-09-18 12:21:16 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=server, name=EasyRSA, emailAddress=mail@netgear
2017-09-18 12:21:16 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
2017-09-18 12:21:16 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2017-09-18 12:21:16 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
2017-09-18 12:21:16 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2017-09-18 12:21:16 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
2017-09-18 12:21:16 [server] Peer Connection Initiated with [AF_INET]125.237.51.13:12974
2017-09-18 12:21:17 MANAGEMENT: >STATE:1505694077,GET_CONFIG,,,
2017-09-18 12:21:18 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2017-09-18 12:21:18 PUSH: Received control message: 'PUSH_REPLY,ping 10,ping-restart 120,route-delay 10,route 10.0.0.0 255.255.255.0 10.0.0.1'
2017-09-18 12:21:18 OPTIONS IMPORT: timers and/or timeouts modified
2017-09-18 12:21:18 OPTIONS IMPORT: route options modified
2017-09-18 12:21:18 OPTIONS IMPORT: route-related options modified
2017-09-18 12:21:18 TUN/TAP device /dev/tap0 opened
2017-09-18 12:21:18 /Library/Application Support/Tunnelblick/Users/jason.wang/chace.mynetgear.com.tblk/Contents/Resources/up.tunnelblick.sh -9 -a -d -f -m -w -ptADGNWradsgnw tap0 1500 1590 init
2017-09-18 12:21:28 NOTE: unable to redirect default gateway -- VPN gateway parameter (--route-gateway or --ifconfig) is missing
2017-09-18 12:21:28 MANAGEMENT: >STATE:1505694088,ADD_ROUTES,,,
2017-09-18 12:21:28 /sbin/route add -net 10.0.0.0 10.0.0.1 255.255.255.0
2017-09-18 12:21:28 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2017-09-18 12:21:28 Initialization Sequence Completed
2017-09-18 12:21:28 MANAGEMENT: >STATE:1505694088,CONNECTED,SUCCESS,,125.237.xxx.xxx
2017-09-18 12:21:29 *Tunnelblick: No 'connected.sh' script to execute
2017-09-18 12:21:34 *Tunnelblick: This computer's apparent public IP address (xxx.xxx.xxx.xxx) was unchanged after the connection was made
Thanks!
Jason Wang
Sep 17, 2017, 9:04:26 PM9/17/17
to tunnelbli...@googlegroups.com
Hi there,
Finally got it working. It turned out the server side had "home network only" setting tick checked!
After that change, I did have to manually change the DNS server to 10.0.0.1. Now all is working well.
Appreciate your help.
Thanks.
--
You received this message because you are subscribed to a topic in the Google Groups "tunnelblick-discuss" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/tunnelblick-discuss/U18Os0PbrSw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to tunnelblick-discuss+unsub...@googlegroups.com.
Visit this group at https://groups.google.com/group/tunnelblick-discuss.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages