Problem authentication during connection

[Francesco]

Hi,

I have a macbook pro with el capitan. Tunnelblick works fine for one hour more or less, but after he starts to check an authentication process, the tunnelblick window shows "waiting for password" in yellow. The strange thing is that the connection remains active in vpn and no messages appear on the log.

Do you have any suggestions?

thanks

bye

[jkbull...gmail.com]

Please follow the instructions at Read Before You Post to get the info needed to diagnose problems and then post that info here.

[Francesco]

[Francesco]

I have another problem.

I checked “Reset the Primary interface after disconnecting” but when I disconnect tunnelblick the previous interface is not resetted and I need to close and re-open the wireless connection to work on internet normally.

Il giorno giovedì 24 marzo 2016 15:18:54 UTC+1, Francesco ha scritto:

*Tunnelblick: OS X 10.11.3; Tunnelblick 3.6.1beta02 (build 4544); Admin user

Configuration NETHERLANDS-UDP

"Sanitized" condensed configuration file for /Users/xxx/Library/Application Support/Tunnelblick/Configurations/NETHERLANDS-UDP.tblk:

client

dev tun

proto udp

remote xxx 53

persist-key

persist-tun

ca ca.crt

tls-auth Wdc.key 1

cipher AES-256-CBC

comp-lzo

verb 1

mute 20

route-method exe

route-delay 2

route 0.0.0.0 0.0.0.0

auth-user-pass

auth-retry interact

explicit-exit-notify 2

ifconfig-nowarn

auth-nocache

================================================================================

Non-Apple kexts that are loaded:

Index Refs Address            Size       Wired      Name (Version) UUID <Linked Against>

================================================================================

There are no unusual files in NETHERLANDS-UDP.tblk

================================================================================

Configuration preferences:

-resetPrimaryInterfaceAfterDisconnect = 1

-routeAllTrafficThroughVpn = 0

-keychainHasUsernameAndPassword = 1

-lastConnectionSucceeded = 1

================================================================================

Wildcard preferences:

================================================================================

Program preferences:

launchAtNextLogin = 1

notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0

askedUserIfOKToCheckThatIPAddressDidNotChangeAfterConnection = 1

tunnelblickVersionHistory = (

    "3.6.1beta02 (build 4544)"

)

lastLaunchTime = 480516777.801237

connectionWindowDisplayCriteria = showWhenConnecting

maxLogDisplaySize = 102400

lastConnectedDisplayName = NETHERLANDS-UDP

keyboardShortcutIndex = 1

updateCheckAutomatically = 1

updateSendProfileInfo = 1

NSWindow Frame ConnectingWindow = 445 457 389 187 0 0 1280 777 

detailsWindowFrameVersion = 4544

detailsWindowFrame = {{180, 247}, {920, 468}}

detailsWindowLeftFrame = {{0, 0}, {165, 350}}

detailsWindowViewIndex = 0

detailsWindowConfigurationsTabIdentifier = log

leftNavSelectedDisplayName = NETHERLANDS-UDP

AdvancedWindowTabIdentifier = whileConnected

haveDealtWithSparkle1dot5b6 = 1

haveDealtWithOldTunTapPreferences = 1

haveDealtWithOldLoginItem = 1

SUEnableAutomaticChecks = 1

SUFeedURL = https://www.tunnelblick.net/appcast-b.rss

SUScheduledCheckInterval = 86400

SUSendProfileInfo = 1

SULastCheckTime = 2016-03-24 12:52:57 +0000

SULastProfileSubmissionDate = 2016-03-24 12:49:04 +0000

SUHasLaunchedBefore = 1

WebKitDefaultFontSize = 16

WebKitStandardFont = Times

================================================================================

Tunnelblick Log:

2016-03-24 14:12:02 *Tunnelblick: OS X 10.11.3; Tunnelblick 3.6.1beta02 (build 4544)

2016-03-24 14:12:02 *Tunnelblick: Attempting connection with NETHERLANDS-UDP using shadow copy; Set nameserver = 1; monitoring connection

2016-03-24 14:12:02 *Tunnelblick: openvpnstart start NETHERLANDS-UDP.tblk 1337 1 0 1 0 1066288 -ptADGNWradsgnw 2.3.10

2016-03-24 14:12:02 *Tunnelblick: openvpnstart starting OpenVPN

2016-03-24 14:12:03 *Tunnelblick: openvpnstart log:

     OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):

     

          /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.10/openvpn

          --daemon

          --log

          /Library/Application Support/Tunnelblick/Logs/-SUsers-Sxxx-SLibrary-SApplication Support-STunnelblick-SConfigurations-SNETHERLANDS--UDP.tblk-SContents-SResources-Sconfig.ovpn.1_0_1_0_1066288.1337.openvpn.log

          --cd

          /Library/Application Support/Tunnelblick/Users/xxx/NETHERLANDS-UDP.tblk/Contents/Resources

          --verb

          3

          --config

          /Library/Application Support/Tunnelblick/Users/xxx/NETHERLANDS-UDP.tblk/Contents/Resources/config.ovpn

          --cd

          /Library/Application Support/Tunnelblick/Users/xxx/NETHERLANDS-UDP.tblk/Contents/Resources

          --management

          127.0.0.1

          1337

          --management-query-passwords

          --management-hold

          --script-security

          2

          --up

          /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -r -w -ptADGNWradsgnw

          --down

          /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -r -w -ptADGNWradsgnw

2016-03-24 14:12:03 *Tunnelblick: Established communication with OpenVPN

2016-03-24 14:12:03 *Tunnelblick: Obtained VPN username and password from the Keychain

2016-03-24 14:12:03 OpenVPN 2.3.10 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Mar 18 2016

2016-03-24 14:12:03 library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.09

2016-03-24 14:12:03 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

2016-03-24 14:12:03 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2016-03-24 14:12:03 Control Channel Authentication: using 'Wdc.key' as a OpenVPN static key file

2016-03-24 14:12:03 UDPv4 link local (bound): [undef]

2016-03-24 14:12:03 UDPv4 link remote: [AF_INET]xxx:53

2016-03-24 14:12:05 [PureVPN] Peer Connection Initiated with [AF_INET]xxx:53

2016-03-24 14:12:08 Opened utun device utun0

2016-03-24 14:12:08 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0

2016-03-24 14:12:08 /sbin/ifconfig utun0 delete

                                        ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address

2016-03-24 14:12:08 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure

2016-03-24 14:12:08 /sbin/ifconfig utun0 xxx xxx netmask 255.255.255.224 mtu 1500 up

                                        add net xxx: gateway xxx

2016-03-24 14:12:08 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -r -w -ptADGNWradsgnw utun0 1500 1558 xxx 255.255.255.224 init

                                        **********************************************

                                        Start of output from client.up.tunnelblick.sh

                                        Retrieved from OpenVPN: name server(s) [ xxx 8.8.4.4 ], search domain(s) [  ] and SMB server(s) [  ] and using default domain name [ openvpn ]

                                        Not aggregating ServerAddresses because running on OS X 10.6 or higher

                                        Setting search domains to 'openvpn' because running under OS X 10.6 or higher and the search domains were not set manually and 'Prepend domain name to search domains' was not selected

                                        Saved the DNS and SMB configurations so they can be restored

                                        Changed DNS ServerAddresses setting from '192.168.1.254' to 'xxx 8.8.4.4'

                                        Changed DNS SearchDomains setting from '' to 'openvpn'

                                        Changed DNS DomainName setting from 'lan' to 'openvpn'

                                        Did not change SMB NetBIOSName setting of ''

                                        Did not change SMB Workgroup setting of ''

                                        Did not change SMB WINSAddresses setting of ''

                                        DNS servers 'xxx 8.8.4.4' will be used for DNS queries when the VPN is active

                                        NOTE: The DNS servers include one or more free public DNS servers known to Tunnelblick and one or more DNS servers not known to Tunnelblick. If used, the DNS servers not known to Tunnelblick may cause DNS queries to fail or be intercepted or falsified even if they are directed through the VPN. Specify only known public DNS servers or DNS servers located on the VPN network to avoid such problems.

                                        Flushed the DNS cache via dscacheutil

                                        /usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil

                                        Notified mDNSResponder that the DNS cache was flushed

                                        Setting up to monitor system configuration with process-network-changes

                                        End of output from client.up.tunnelblick.sh

                                        **********************************************

                                        add net xxx: gateway 192.168.1.254

                                        add net 0.0.0.0: gateway xxx

                                        add net 128.0.0.0: gateway xxx

                                        route: writing to routing socket: File exists

                                        add net 0.0.0.0: gateway xxx: File exists

2016-03-24 14:12:14 *Tunnelblick: No 'connected.sh' script to execute

2016-03-24 14:12:14 Initialization Sequence Completed

2016-03-24 14:12:16 *Tunnelblick process-network-changes: A system configuration change was ignored

2016-03-24 14:12:22 *Tunnelblick: This computer's apparent public IP address changed from xxx before connection to xxx after connection

2016-03-24 15:12:05 *Tunnelblick: Obtained VPN username and password from the Keychain

================================================================================

"Sanitized" full configuration file

client

dev tun

proto udp

remote nl1-ovpn-udp.purevpn.net 53

persist-key

persist-tun

ca ca.crt

tls-auth Wdc.key 1

cipher AES-256-CBC

comp-lzo

verb 1

mute 20

route-method exe

route-delay 2

route 0.0.0.0 0.0.0.0

auth-user-pass

auth-retry interact

explicit-exit-notify 2

ifconfig-nowarn

auth-nocache 

================================================================================

ifconfig output:

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384

options=3<RXCSUM,TXCSUM>

inet6 ::1 prefixlen 128 

inet 127.0.0.1 netmask 0xff000000 

inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 

nd6 options=1<PERFORMNUD>

gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280

stf0: flags=0<> mtu 1280

en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

options=10b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV>

ether a8:20:66:33:3c:1a 

nd6 options=1<PERFORMNUD>

media: autoselect (none)

status: inactive

en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

ether 5c:96:9d:7c:18:25 

inet6 fe80::5e96:9dff:fe7c:1825%en1 prefixlen 64 scopeid 0x5 

inet 192.168.1.73 netmask 0xffffff00 broadcast 192.168.1.255

nd6 options=1<PERFORMNUD>

media: autoselect

status: active

en2: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500

options=60<TSO4,TSO6>

ether d2:00:19:3d:fe:60 

media: autoselect <full-duplex>

status: inactive

fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078

lladdr a8:20:66:ff:fe:93:df:e6 

media: autoselect <full-duplex>

status: inactive

p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304

ether 0e:96:9d:7c:18:25 

media: autoselect

status: inactive

awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1484

ether a6:10:29:d9:38:be 

inet6 fe80::a410:29ff:fed9:38be%awdl0 prefixlen 64 scopeid 0x9 

nd6 options=1<PERFORMNUD>

media: autoselect

status: active

bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

options=63<RXCSUM,TXCSUM,TSO4,TSO6>

ether aa:20:66:33:d9:00 

Configuration:

id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0

maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200

root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0

ipfilter disabled flags 0x2

member: en2 flags=3<LEARNING,DISCOVER>

       ifmaxaddr 0 port 6 priority 0 path cost 0

media: <unknown type>

status: inactive

utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500

inet xxx --> xxx netmask 0xffffffe0 

================================================================================

Console Log:

2016-03-24 13:48:27 Tunnelblick[368] Tunnelblick: OS X 10.11.3; Tunnelblick 3.6.1beta02 (build 4544)

2016-03-24 13:49:03 Tunnelblick[368] Set program update feedURL to https://www.tunnelblick.net/appcast-b.rss

2016-03-24 13:49:28 Tunnelblick[368] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-NETHERLANDS-UDP' account = 'username'

2016-03-24 13:49:28 Tunnelblick[368] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-NETHERLANDS-UDP' account = 'password'

2016-03-24 13:50:11 Tunnelblick[368] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-NETHERLANDS-UDP' account = 'username'

2016-03-24 13:50:11 Tunnelblick[368] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-NETHERLANDS-UDP' account = 'password'

2016-03-24 13:52:53 Tunnelblick[368] applicationShouldTerminate: termination because of Quit; delayed until 'shutdownTunnelblick' finishes

2016-03-24 13:52:54 Tunnelblick[368] Finished shutting down Tunnelblick; allowing termination

2016-03-24 13:52:56 Tunnelblick[461] Tunnelblick: OS X 10.11.3; Tunnelblick 3.6.1beta02 (build 4544)

2016-03-24 13:52:57 Tunnelblick[461] Set program update feedURL to https://www.tunnelblick.net/appcast-b.rss

2016-03-24 13:54:51 Tunnelblick[461] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-NETHERLANDS-UDP' account = 'username'

2016-03-24 13:54:51 Tunnelblick[461] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-NETHERLANDS-UDP' account = 'password'

2016-03-24 14:08:59 kernel[0] PM response took 2584 ms (461, Tunnelblick)

2016-03-24 14:12:03 Tunnelblick[461] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-NETHERLANDS-UDP' account = 'username'

2016-03-24 14:12:03 Tunnelblick[461] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-NETHERLANDS-UDP' account = 'password'

2016-03-24 15:12:05 Tunnelblick[461] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-NETHERLANDS-UDP' account = 'username'

2016-03-24 15:12:05 Tunnelblick[461] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-NETHERLANDS-UDP' account = 'password'

[jkbull...gmail.com]

You need to contact your VPN service provider. That is the organization which gave you your configuration files, and perhaps a username and password, and to which you are probably paying a fee for VPN service. For more information, please see  Getting VPN Service.

Tunnelblick is just the free software that many VPN service providers recommend or supply to their customers. We do not provide VPN service, just software.

Also: the "diagnostic info" you posted does not show the either the original problem (because you didn't wait until the problem happened as described in the instructions) or the second problem (because you didn't do a complete connect/disconnect cycle as described in the instructions).

[Francesco]

I payd already and with a old version it's works very well. And also viscosity works fine. So the problem is not my provider vpn but absolutely tunnelblick. About the info posted, I wait the problem but was impossible to disconnect, when I have the authentication problem I have to quit tunnelblick

[jkbull...gmail.com]

You didn't pay us (and neither does your VPN service provider).

That's one reason why for problems like this most VPN service providers figure out what is going on and provide me with the info to fix any problems in Tunnelblick that they find.

Another reason is that most of the time the problem is not with Tunnelblick, it's with the user or the user's setup. I admit that apparently isn't the your situation.

If you want me to look into fixing it (I would like to do that – I like to fix bugs in Tunnelblick), please provide the full diagnostic info per the instructions at Read Before You Post.

[Francesco]

I have already a vpn service with purevpn, I know that tunnelblick is free...