2015-06-16 12:29:43 *Tunnelblick: Attempting connection with home; Set nameserver = 1; monitoring connection
2015-06-16 12:29:43 *Tunnelblick: openvpnstart start home.tblk 1337 1 0 3 0 16688 -ptADGNWradsgnw 2.3.6
2015-06-16 12:29:44 *Tunnelblick: openvpnstart log:
OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.6/openvpn
--daemon
--log
/Library/Application Support/Tunnelblick/Logs/-SLibrary-SApplication Support-STunnelblick-SShared-Shome.tblk-SContents-SResources-Sconfig.ovpn.1_0_3_0_16688.1337.openvpn.log
--cd
/Library/Application Support/Tunnelblick/Shared/home.tblk/Contents/Resources
--config
/Library/Application Support/Tunnelblick/Shared/home.tblk/Contents/Resources/config.ovpn
--cd
/Library/Application Support/Tunnelblick/Shared/home.tblk/Contents/Resources
--management
127.0.0.1
1337
--management-query-passwords
--management-hold
--script-security
2
--up
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -d -f -m -w -ptADGNWradsgnw
--down
/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -d -f -m -w -ptADGNWradsgnw
2015-06-16 12:29:43 OpenVPN 2.3.6 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Jun 12 2015
2015-06-16 12:29:43 library versions: OpenSSL 1.0.1o 12 Jun 2015, LZO 2.08
2015-06-16 12:29:43 *Tunnelblick: openvpnstart starting OpenVPN
2015-06-16 12:29:44 *Tunnelblick: Established communication with OpenVPN
2015-06-16 12:29:44 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2015-06-16 12:29:44 Control Channel Authentication: tls-auth using INLINE static key file
2015-06-16 12:29:44 UDPv4 link local: [undef]
2015-06-16 12:29:44 UDPv4 link remote: [AF_INET]my-ext-ip:1194
2015-06-16 12:29:45 TLS_ERROR: BIO read tls_read_plaintext error: error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small
2015-06-16 12:29:45 TLS Error: TLS object -> incoming plaintext read error
2015-06-16 12:29:45 TLS Error: TLS handshake failed
2015-06-16 12:29:45 SIGUSR1[soft,tls-error] received, process restarting
2015-06-16 12:29:45 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2015-06-16 12:29:45 Control Channel Authentication: tls-auth using INLINE static key file
2015-06-16 12:29:45 UDPv4 link local: [undef]
2015-06-16 12:29:45 UDPv4 link remote: [AF_INET]my-ext-ip:1194
2015-06-16 12:29:45 TLS_ERROR: BIO read tls_read_plaintext error: error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small
2015-06-16 12:29:45 TLS Error: TLS object -> incoming plaintext read error
2015-06-16 12:29:45 TLS Error: TLS handshake failed
2015-06-16 12:29:45 SIGUSR1[soft,tls-error] received, process restarting
2015-06-16 12:29:45 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2015-06-16 12:29:45 Control Channel Authentication: tls-auth using INLINE static key file
2015-06-16 12:29:45 UDPv4 link local: [undef]
2015-06-16 12:29:45 UDPv4 link remote: [AF_INET]my-ext-ip:1194
2015-06-16 12:29:45 TLS_ERROR: BIO read tls_read_plaintext error: error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small
2015-06-16 12:29:45 TLS Error: TLS object -> incoming plaintext read error
2015-06-16 12:29:45 TLS Error: TLS handshake failed
2015-06-16 12:29:45 SIGUSR1[soft,tls-error] received, process restarting
2015-06-16 12:29:45 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2015-06-16 12:29:45 Control Channel Authentication: tls-auth using INLINE static key file
2015-06-16 12:29:45 UDPv4 link local: [undef]
2015-06-16 12:29:45 UDPv4 link remote: [AF_INET]my-ext-ip:1194
2015-06-16 12:29:45 TLS_ERROR: BIO read tls_read_plaintext error: error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small
2015-06-16 12:29:45 TLS Error: TLS object -> incoming plaintext read error
2015-06-16 12:29:45 TLS Error: TLS handshake failed
2015-06-16 12:29:45 SIGUSR1[soft,tls-error] received, process restarting
2015-06-16 12:29:45 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2015-06-16 12:29:45 Control Channel Authentication: tls-auth using INLINE static key file
2015-06-16 12:29:45 UDPv4 link local: [undef]
2015-06-16 12:29:45 UDPv4 link remote: [AF_INET]my-ext-ip:1194
2015-06-16 12:29:45 TLS_ERROR: BIO read tls_read_plaintext error: error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small
2015-06-16 12:29:45 TLS Error: TLS object -> incoming plaintext read error
2015-06-16 12:29:45 TLS Error: TLS handshake failed
2015-06-16 12:29:45 SIGUSR1[soft,tls-error] received, process restarting
2015-06-16 12:29:45 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2015-06-16 12:29:45 Control Channel Authentication: tls-auth using INLINE static key file
2015-06-16 12:29:45 UDPv4 link local: [undef]
…. and etc
--
You received this message because you are subscribed to the Google Groups "tunnelblick-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tunnelblick-dis...@googlegroups.com.
Visit this group at http://groups.google.com/group/tunnelblick-discuss.
For more options, visit https://groups.google.com/d/optout.
From looking at:It appears that the latest Merlin firmware uses OpenSSL 1.0.2c ("LogJam" was fixed in 1.0.2b).Also the change log in https://github.com/RMerl/asuswrt-merlin/blob/master/release/src/router/openssl/CHANGEScontains the line: "*) Reject DH handshakes with parameters shorter than 768 bits." as the last item of the changes made on June 11.- Randy
See Setting up your own Certificate Authority (CA) and generating certificates and keys for an OpenVPN server and multiple clients, which is in the "HOWTO" article in the OpenVPN documentation.Note that Tunnelblick includes the "easy-rsa" programs (version 2 and 3) used in the HOWTO. To get to them, go to the "Utilities" panel of Tunnelblick's "VPN Details…" window, and click the "Open easy-rsa in Terminal" button.