Not Routing Web Traffic :: OSX 10.10.3 and Tunnelblick 3.5.0 Build 4265

dasa...@gmail.com

unread,

Jun 3, 2015, 7:39:09 AM6/3/15

to tunnelbli...@googlegroups.com

This is a new problem since upgrading to OSX 10.10.

What I can do from the client:

SSH to servers on the remote end
Ping servers using both IPs and fully qualified hostnames on the remote end (both internally to the network and externally to the internet - can ping www.google.com)

What I can't do:

Port 80 / Web Browser traffic doesn't work. The DNS lookup works fine but then it hangs indefinitely. This is true for both internal and external servers.

Any suggestions? I've been using Tunnelblick for years and have had very little issues in the past.

::::

*Tunnelblick: OS X 10.10.3; Tunnelblick 3.5.0 (build 4265); Admin user

Configuration Synology

"Sanitized" condensed configuration file for /Users/my-username/Library/Application Support/Tunnelblick/Configurations/Synology.tblk:

dev tun

tls-client

remote my-ip 1194

redirect-gateway

dhcp-option DNS 8.8.8.8

dhcp-option DNS 8.8.4.4

pull

proto udp

script-security 2

ca ca.crt

comp-lzo

reneg-sec 0

auth-user-pass

================================================================================

"Sanitized" full configuration file

dev tun

tls-client

remote My-IP 1194

# The "float" tells OpenVPN to accept authenticated packets from any address,

# not only the address which was specified in the --remote option.

# This is useful when you are connecting to a peer which holds a dynamic address

# such as a dial-in user or DHCP client.

# (Please refer to the manual of OpenVPN for more information.)

#float

# If redirect-gateway is enabled, the client will redirect it's

# default network gateway through the VPN.

# It means the VPN connection will firstly connect to the VPN Server

# and then to the internet.

# (Please refer to the manual of OpenVPN for more information.)

redirect-gateway

# dhcp-option DNS: To set primary domain name server address.

# Repeat this option to set secondary DNS server addresses.

dhcp-option DNS 8.8.8.8

dhcp-option DNS 8.8.4.4

pull

# If you want to connect by Server's IPv6 address, you should use

# "proto udp6" in UDP mode or "proto tcp6-client" in TCP mode

proto udp

script-security 2

ca ca.crt

comp-lzo

reneg-sec 0

auth-user-pass

================================================================================

There are no unusual files in Synology.tblk

================================================================================

Configuration preferences:

useDNS = 1

-routeAllTrafficThroughVpn = 1

-useRouteUpInsteadOfUp = 1

-keychainHasPrivateKey = 0

-lastConnectionSucceeded = 1

================================================================================

Wildcard preferences:

================================================================================

Program preferences:

launchAtNextLogin = 1

notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0

askedUserIfOKToCheckThatIPAddressDidNotChangeAfterConnection = 1

tunnelblickVersionHistory = (

"3.5.0 (build 4265)"

)

lastLaunchTime = 454942600.504302

connectionWindowDisplayCriteria = showWhenConnecting

maxLogDisplaySize = 102400

lastConnectedDisplayName = Synology

installationUID (not shown)

keyboardShortcutIndex = 1

updateCheckAutomatically = 1

updateSendProfileInfo = 1

NSWindow Frame SettingsSheetWindow = 293 350 829 424 0 0 1440 877

NSWindow Frame ConnectingWindow = 558 389 412 297 0 0 1440 877

detailsWindowFrameVersion = 4265

detailsWindowFrame = {{223, 213}, {896, 467}}

detailsWindowLeftFrame = {{0, 0}, {161, 350}}

leftNavSelectedDisplayName = Synology

haveDealtWithSparkle1dot5b6 = 1

haveDealtWithOldTunTapPreferences = 1

haveDealtWithOldLoginItem = 1

SUEnableAutomaticChecks = 1

SUFeedURL = https://www.tunnelblick.net/appcast-s.rss

SUScheduledCheckInterval = 86400

SUSendProfileInfo = 1

SULastCheckTime = 2015-06-02 12:56:40 +0000

SULastProfileSubmissionDate = 2015-06-01 15:38:42 +0000

SUHasLaunchedBefore = 1

WebKitDefaultFontSize = 16

WebKitStandardFont = Times

================================================================================

Tunnelblick Log:

2015-06-03 07:24:49 OpenVPN 2.3.6 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Apr 3 2015

2015-06-03 07:24:49 library versions: OpenSSL 1.0.1m 19 Mar 2015, LZO 2.08

2015-06-03 07:24:48 *Tunnelblick: OS X 10.10.3; Tunnelblick 3.5.0 (build 4265)

2015-06-03 07:24:48 *Tunnelblick: Attempting connection with Synology using shadow copy; Set nameserver = 1; monitoring connection

2015-06-03 07:24:48 *Tunnelblick: openvpnstart start Synology.tblk 1337 1 0 1 0 49968 -ptADGNWradsgnw 2.3.6

2015-06-03 07:24:50 *Tunnelblick: openvpnstart log:

OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):

/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.6/openvpn

--daemon

--log

/Library/Application Support/Tunnelblick/Logs/-SUsers-Smy-username-SLibrary-SApplication Support-STunnelblick-SConfigurations-SSynology.tblk-SContents-SResources-Sconfig.ovpn.1_0_1_0_49968.1337.openvpn.log

--cd

/Library/Application Support/Tunnelblick/Users/my-username/Synology.tblk/Contents/Resources

--config

/Library/Application Support/Tunnelblick/Users/my-username/Synology.tblk/Contents/Resources/config.ovpn

--cd

/Library/Application Support/Tunnelblick/Users/my-username/Synology.tblk/Contents/Resources

--management

127.0.0.1

1337

--management-query-passwords

--management-hold

--redirect-gateway

def1

--script-security

2

--route-up

/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -d -f -m -w -ptADGNWradsgnw

--down

/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -d -f -m -w -ptADGNWradsgnw

2015-06-03 07:24:48 *Tunnelblick: openvpnstart starting OpenVPN

2015-06-03 07:24:50 *Tunnelblick: Established communication with OpenVPN

2015-06-03 07:24:56 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

2015-06-03 07:24:56 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2015-06-03 07:24:56 UDPv4 link local (bound): [undef]

2015-06-03 07:24:56 UDPv4 link remote: [AF_INET]MY-IP:1194

2015-06-03 07:24:56 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

2015-06-03 07:24:57 [synology.com] Peer Connection Initiated with [AF_INET]MY-IP:1194

2015-06-03 07:25:00 Opened utun device utun0

2015-06-03 07:25:00 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0

2015-06-03 07:25:00 /sbin/ifconfig utun0 delete

ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address

2015-06-03 07:25:00 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure

2015-06-03 07:25:00 /sbin/ifconfig utun0 10.139.0.6 10.139.0.5 mtu 1500 netmask 255.255.255.255 up

add net MY-IP: gateway 172.16.1.1

add net 0.0.0.0: gateway 10.139.0.5

add net 128.0.0.0: gateway 10.139.0.5

add net 192.168.0.0: gateway 10.139.0.5

add net 10.139.0.0: gateway 10.139.0.5

add net 10.139.0.1: gateway 10.139.0.5

**********************************************

Start of output from client.up.tunnelblick.sh

Retrieved from OpenVPN: name server(s) [ 8.8.8.8 8.8.4.4 ], search domain(s) [ ] and SMB server(s) [ ] and using default domain name [ openvpn ]

Not aggregating ServerAddresses because running on OS X 10.6 or higher

Setting search domains to 'openvpn' because running under OS X 10.6 or higher and the search domains were not set manually and 'Prepend domain name to search domains' was not selected

Saved the DNS and SMB configurations so they can be restored

Changed DNS ServerAddresses setting from '172.16.1.1' to '8.8.8.8 8.8.4.4'

Changed DNS SearchDomains setting from '' to 'openvpn'

Changed DNS DomainName setting from '' to 'openvpn'

Did not change SMB NetBIOSName setting of ''

Did not change SMB Workgroup setting of ''

Did not change SMB WINSAddresses setting of ''

DNS servers '8.8.8.8 8.8.4.4' will be used for DNS queries when the VPN is active

The DNS servers include only free public DNS servers known to Tunnelblick.

Flushed the DNS cache via dscacheutil

Flushed the DNS cache via discoveryutil udnsflushcaches

Flushed the DNS cache via discoveryutil mdnsflushcache

No matching processes were found

mDNSResponder not running. Not notifying it that the DNS cache was flushed

Setting up to monitor system configuration with process-network-changes

End of output from client.up.tunnelblick.sh

**********************************************

2015-06-03 07:25:03 Initialization Sequence Completed

2015-06-03 07:25:04 *Tunnelblick: No 'connected.sh' script to execute

2015-06-03 07:25:08 *Tunnelblick process-network-changes: A system configuration change was ignored

2015-06-03 07:25:26 *Tunnelblick: This computer's apparent public IP address changed from 75.93.50.141 before connection to MY-IP after connection

2015-06-03 07:25:55 *Tunnelblick: Disconnecting; VPN Details… window disconnect button pressed

2015-06-03 07:25:55 *Tunnelblick: Disconnecting using 'kill'

2015-06-03 07:25:55 event_wait : Interrupted system call (code=4)

delete net 10.139.0.1: gateway 10.139.0.5

delete net 10.139.0.0: gateway 10.139.0.5

delete net 192.168.0.0: gateway 10.139.0.5

delete net MY-IP: gateway 172.16.1.1

delete net 0.0.0.0: gateway 10.139.0.5

delete net 128.0.0.0: gateway 10.139.0.5

2015-06-03 07:25:55 /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -d -f -m -w -ptADGNWradsgnw utun0 1500 1542 10.139.0.6 10.139.0.5 init

**********************************************

Start of output from client.down.tunnelblick.sh

Cancelled monitoring of system configuration changes

Restored the DNS and SMB configurations

Flushed the DNS cache via dscacheutil

Flushed the DNS cache via discoveryutil udnsflushcaches

Flushed the DNS cache via discoveryutil mdnsflushcache

No matching processes were found

mDNSResponder not running. Not notifying it that the DNS cache was flushed

End of output from client.down.tunnelblick.sh

**********************************************

2015-06-03 07:25:55 SIGTERM[hard,] received, process exiting

2015-06-03 07:25:57 *Tunnelblick: No 'post-disconnect.sh' script to execute

2015-06-03 07:25:57 *Tunnelblick: Expected disconnection occurred.

================================================================================

ifconfig output:

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384

options=3<RXCSUM,TXCSUM>

inet6 ::1 prefixlen 128

inet 127.0.0.1 netmask 0xff000000

inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1

nd6 options=1<PERFORMNUD>

gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280

stf0: flags=0<> mtu 1280

en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

ether 80:e6:50:01:c3:6e

inet6 fe80::82e6:50ff:fe01:c36e%en0 prefixlen 64 scopeid 0x4

inet 172.16.1.10 netmask 0xffffff00 broadcast 172.16.1.255

nd6 options=1<PERFORMNUD>

media: autoselect

status: active

en1: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500

options=60<TSO4,TSO6>

ether 72:00:04:88:2c:60

media: autoselect <full-duplex>

status: inactive

en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500

options=60<TSO4,TSO6>

ether 72:00:04:88:2c:61

media: autoselect <full-duplex>

status: inactive

bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

options=63<RXCSUM,TXCSUM,TSO4,TSO6>

ether 82:e6:50:10:52:00

Configuration:

id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0

maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200

root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0

ipfilter disabled flags 0x2

member: en1 flags=3<LEARNING,DISCOVER>

ifmaxaddr 0 port 5 priority 0 path cost 0

member: en2 flags=3<LEARNING,DISCOVER>

ifmaxaddr 0 port 6 priority 0 path cost 0

nd6 options=1<PERFORMNUD>

media: <unknown type>

status: inactive

p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304

ether 02:e6:50:01:c3:6e

media: autoselect

status: inactive

awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1452

ether b6:f4:42:f6:c9:5d

inet6 fe80::b4f4:42ff:fef6:c95d%awdl0 prefixlen 64 scopeid 0x9

nd6 options=1<PERFORMNUD>

media: autoselect

status: active

vnic0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500

options=3<RXCSUM,TXCSUM>

ether 00:1c:42:00:00:08

inet 10.211.55.2 netmask 0xffffff00 broadcast 10.211.55.255

media: autoselect

status: active

vnic1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500

options=3<RXCSUM,TXCSUM>

ether 00:1c:42:00:00:09

inet 10.37.129.2 netmask 0xffffff00 broadcast 10.37.129.255

media: autoselect

status: active

================================================================================

Console Log:

2015-06-03 07:06:21 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.100000 seconds...

2015-06-03 07:06:21 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.200000 seconds...

2015-06-03 07:06:22 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.400000 seconds...

2015-06-03 07:06:22 tunnelblickd[3391] Status = 0 from tunnelblick-helper command 'compareShadowCopy Synology'

2015-06-03 07:06:22 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.100000 seconds...

2015-06-03 07:06:22 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.200000 seconds...

2015-06-03 07:06:22 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.400000 seconds...

2015-06-03 07:06:23 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.800000 seconds...

2015-06-03 07:06:23 tunnelblickd[3391] Status = 0 from tunnelblick-helper command 'start Synology.tblk 1337 1 0 1 0 49968 -ptADGNWradsgnw 2.3.6'

2015-06-03 07:06:27 Tunnelblick[2063] Can't find Keychain item to delete for service = 'Tunnelblick-Auth-Synology' account = 'username' because it does not exist

2015-06-03 07:06:27 Tunnelblick[2063] Can't find Keychain item to delete for service = 'Tunnelblick-Auth-Synology' account = 'password' because it does not exist

2015-06-03 07:06:34 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.100000 seconds...

2015-06-03 07:06:35 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.200000 seconds...

2015-06-03 07:06:35 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.400000 seconds...

2015-06-03 07:06:35 tunnelblickd[3391] Status = 0 from tunnelblick-helper command 'connected Synology.tblk 1'

2015-06-03 07:09:56 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.100000 seconds...

2015-06-03 07:09:56 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.200000 seconds...

2015-06-03 07:09:57 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.400000 seconds...

2015-06-03 07:09:57 tunnelblickd[3575] Status = 0 from tunnelblick-helper command 'kill 3396'

2015-06-03 07:09:58 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.100000 seconds...

2015-06-03 07:09:58 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.200000 seconds...

2015-06-03 07:09:58 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.400000 seconds...

2015-06-03 07:09:58 tunnelblickd[3575] Status = 0 from tunnelblick-helper command 'postDisconnect Synology.tblk 1'

2015-06-03 07:15:50 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.100000 seconds...

2015-06-03 07:15:50 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.200000 seconds...

2015-06-03 07:15:50 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.400000 seconds...

2015-06-03 07:15:50 tunnelblickd[3690] Status = 0 from tunnelblick-helper command 'compareShadowCopy Synology'

2015-06-03 07:15:51 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.100000 seconds...

2015-06-03 07:15:51 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.200000 seconds...

2015-06-03 07:15:51 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.400000 seconds...

2015-06-03 07:15:51 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.800000 seconds...

2015-06-03 07:15:51 tunnelblickd[3690] Status = 0 from tunnelblick-helper command 'start Synology.tblk 1337 1 0 1 0 49968 -ptADGNWradsgnw 2.3.6'

2015-06-03 07:15:55 Tunnelblick[2063] Can't find Keychain item to delete for service = 'Tunnelblick-Auth-Synology' account = 'username' because it does not exist

2015-06-03 07:15:55 Tunnelblick[2063] Can't find Keychain item to delete for service = 'Tunnelblick-Auth-Synology' account = 'password' because it does not exist

2015-06-03 07:16:03 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.100000 seconds...

2015-06-03 07:16:03 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.200000 seconds...

2015-06-03 07:16:03 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.400000 seconds...

2015-06-03 07:16:03 tunnelblickd[3690] Status = 0 from tunnelblick-helper command 'connected Synology.tblk 1'

2015-06-03 07:16:46 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.100000 seconds...

2015-06-03 07:16:46 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.200000 seconds...

2015-06-03 07:16:46 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.400000 seconds...

2015-06-03 07:16:46 tunnelblickd[3853] Status = 0 from tunnelblick-helper command 'kill 3695'

2015-06-03 07:16:47 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.100000 seconds...

2015-06-03 07:16:47 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.200000 seconds...

2015-06-03 07:16:47 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.400000 seconds...

2015-06-03 07:16:47 tunnelblickd[3853] Status = 0 from tunnelblick-helper command 'postDisconnect Synology.tblk 1'

2015-06-03 07:24:48 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.100000 seconds...

2015-06-03 07:24:48 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.200000 seconds...

2015-06-03 07:24:48 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.400000 seconds...

2015-06-03 07:24:48 tunnelblickd[3988] Status = 0 from tunnelblick-helper command 'compareShadowCopy Synology'

2015-06-03 07:24:48 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.100000 seconds...

2015-06-03 07:24:48 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.200000 seconds...

2015-06-03 07:24:49 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.400000 seconds...

2015-06-03 07:24:49 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.800000 seconds...

2015-06-03 07:24:49 tunnelblickd[3988] Status = 0 from tunnelblick-helper command 'start Synology.tblk 1337 1 0 1 0 49968 -ptADGNWradsgnw 2.3.6'

2015-06-03 07:24:56 Tunnelblick[2063] Can't find Keychain item to delete for service = 'Tunnelblick-Auth-Synology' account = 'username' because it does not exist

2015-06-03 07:24:56 Tunnelblick[2063] Can't find Keychain item to delete for service = 'Tunnelblick-Auth-Synology' account = 'password' because it does not exist

2015-06-03 07:25:03 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.100000 seconds...

2015-06-03 07:25:03 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.200000 seconds...

2015-06-03 07:25:04 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.400000 seconds...

2015-06-03 07:25:04 tunnelblickd[3988] Status = 0 from tunnelblick-helper command 'connected Synology.tblk 1'

2015-06-03 07:25:55 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.100000 seconds...

2015-06-03 07:25:55 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.200000 seconds...

2015-06-03 07:25:55 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.400000 seconds...

2015-06-03 07:25:55 tunnelblickd[4140] Status = 0 from tunnelblick-helper command 'kill 3993'

2015-06-03 07:25:56 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.100000 seconds...

2015-06-03 07:25:56 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.200000 seconds...

2015-06-03 07:25:56 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.400000 seconds...

2015-06-03 07:25:56 tunnelblickd[4140] Status = 0 from tunnelblick-helper command 'postDisconnect Synology.tblk 1'

2015-06-03 07:26:03 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.100000 seconds...

2015-06-03 07:26:03 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.200000 seconds...

2015-06-03 07:26:04 Tunnelblick[2063] runTunnelblickd: no data available from tunnelblickd socket; sleeping 0.400000 seconds...

2015-06-03 07:26:04 tunnelblickd[4140] Status = 0 from tunnelblick-helper command 'printSanitizedConfigurationFile Synology.tblk 0'

================================================================================

Non-Apple kexts that are loaded:

Index Refs Address Size Wired Name (Version) <Linked Against>

151 0 0xffffff7f82eb2000 0x6000 0x6000 com.parallels.kext.usbconnect (10.2.0 28956) <37 7 5 4 3 1>

152 1 0xffffff7f82eb8000 0x4e000 0x4e000 com.parallels.kext.hypervisor (10.2.0 28956) <12 11 7 5 4 3 1>

153 0 0xffffff7f82f8b000 0xd000 0xd000 com.parallels.kext.netbridge (10.2.0 28956) <152 5 4 3 1>

154 0 0xffffff7f82f06000 0x4000 0x4000 com.parallels.kext.vnic (10.2.0 28956) <39 5 4 3 1>

jkbull...gmail.com

unread,

Jun 3, 2015, 7:59:02 AM6/3/15

to tunnelbli...@googlegroups.com, dasa...@gmail.com, dasa...@gmail.com

I assume you were using Tunnelblick 3.5.0 on an earlier OS X successfully; if not there could be a problem because 3.5.0 may use a different version of OpenVPN.

It probably won't help, but change the configuration line

redirect-gateway

to

redirect-gateway def1

(There was an issue in some version of OpenVPN that caused the omission of "def1" to cause problems. I think it was fixed, but maybe there has been a reversion.)

The log entry

2015-06-03 07:25:26 *Tunnelblick: This computer's apparent public IP address changed from 75.93.50.141 before connection to MY-IP after connection

indicates that Tunnelblick was able to access "https://www.tunnelblick.net/ipinfo" successfully after the VPN was connected. Is it possible that the browsers are using a proxy? (It uses "https", so it is using port 443; it isn't testing port 80. That could be a clue, too. Do https: connections from browsers work?)

I know this doesn't look like a DNS problem, but note that "ping" and many other commands use a different DNS resolution mechanism that the rest of OS X (including browsers). (OS X does not use "/etc/resolv.conf".)

dasa...@gmail.com

unread,

Jun 3, 2015, 8:44:09 AM6/3/15

to tunnelbli...@googlegroups.com, dasa...@gmail.com

Thank you for the suggestions, thought this didn't solve the problem. I changed the redirect-gateway directive and that didn't help. I also tried HTTPS connections and those didn't work either. I thought about the Proxy settings as well (see screenshot below):

I also tried direct connections from a terminal window - here's the results when I'm not connected to the VPN (works fine):

And here is when I'm connected to the VPN (doesn't work - hangs indefinitely):

dasa...@gmail.com

unread,

Jun 7, 2015, 10:57:50 AM6/7/15

to tunnelbli...@googlegroups.com, dasa...@gmail.com

Does anyone else have any other thoughts on this thread? I would appreciate the help.

Thanks!

Dave

On Wednesday, June 3, 2015 at 8:44:09 AM UTC-4, dasa...@gmail.com wrote:

Thank you for the suggestions, though this didn't solve the problem. I changed the redirect-gateway directive and that didn't help. I also tried HTTPS connections and those didn't work either. I thought about the Proxy settings as well (see screenshot below):

...

asmagi...@gmail.com

unread,

Jun 9, 2015, 9:39:03 PM6/9/15

to tunnelbli...@googlegroups.com, dasa...@gmail.com

I'm having a similar problem as well, but with a wrinkle...

I am running my own VPN server and depending upon which configuration file I connect with, the VPN acts in different ways:

If I connect with the "Private Only" configuration, then all Tunnelblick/OpenVPN adds is routes for the private network -- public traffic on the client still uses the local public interface.

If I connect with the "Full VPN" configuration, then all traffic is supposed to use the VPN tunnel.

Since upgrading to Yosemite, if I select the Private Only configuration, everything works as expected, and there is no problem. If I select the "Full VPN" configuration, however, only then do I have problems with Safari, etc. SSH and the like work fine from the command line, but OS X apps mostly don't.

I use the identical "Full VPN" configuration file on my iPad or iPhone with an OpenVPN client, then it works fine, so I know it's not the configuration file (though I'll post it if anyone thinks it necessary). This same configuration file also worked fine under 10.8 and 10.9.

I know I'm connected, even with the Full VPN configuration because I can ssh into hosts on the private network...

Don't know if this will add anything to identifying the specific problem, but I figured I'd post it just in case.

--

A-Ron

jkbull...gmail.com

unread,

Jun 9, 2015, 10:14:30 PM6/9/15

to tunnelbli...@googlegroups.com, asmagi...@gmail.com, dasa...@gmail.com, asmagi...@gmail.com

Could this have something to do with IPv6?

Try changing the "Configure IPv6" setting on the TCP/IP tab of the Advanced Network System Configuration from "Automatically' to "Link-local only" or maybe "Manually" and leave everything blank.

...

dasa...@gmail.com

unread,

Jun 10, 2015, 11:22:29 AM6/10/15

to tunnelbli...@googlegroups.com, asmagi...@gmail.com, dasa...@gmail.com

I am running my server on a Synology NAS. I had restarted the process multiple times to ensure it wasn't an issue on that end after a recent upgrade. I recently rebooted my NAS and all is working perfectly now.

@A-Ron :: do you have your firewall enabled on your client?

...

asmagi...@gmail.com

unread,

Jun 11, 2015, 2:53:29 PM6/11/15

to tunnelbli...@googlegroups.com, asmagi...@gmail.com, dasa...@gmail.com

Switching IPv6 to link-local and then clicking apply seems to make things work for a while, then it will stop maybe 10 or so minutes later and OS X applications stop accessing the internet again. Going into network settings and switching from link-local to manual and then applying (without quitting the tunnel) brings things back for a bit again... basically if I toggle between them I can eek out some access, but nothing that sticks.

...

dasa...@gmail.com

unread,

Jun 15, 2015, 1:14:08 PM6/15/15

to tunnelbli...@googlegroups.com, asmagi...@gmail.com

Strange that it would work and then stop. I disabled IPv6 to reduce any issues that might pop up. But I'm back to no longer routing traffic. I upgraded to the latest version of Tunnelblick and it reverted back to not routing traffic. Same issue as before. I bounced my server and it didn't help this time.

Let me know if anyone has any ideas...

Thanks!

...

asmagi...@gmail.com

unread,

Jun 18, 2015, 5:29:19 PM6/18/15

to tunnelbli...@googlegroups.com, asmagi...@gmail.com, dasa...@gmail.com

I have tried both with Little Snitch installed and with it completely uninstalled... completely uninstalled it would take longer before the connection would hang in OS X apps only, but it did still happen.

At present, I have removed Tunnelblick and am trying out homebrew's openvpn with the same config files... it seems to be working fine, though I have to manually add the VPN's dns server to the network settings for my wireless adapter if I want to access private resources by name (even though this is published by the server and gets properly set under iOS with the same config)

So far, taking Tunnelblick out of the equation works, but brings back the very reasons I wanted to use it in the first place -- having to change DNS entries, and having to use sudo or su everytime I connect or disconnect.

Guess it's time to look closer at the support scripts TB has and see if something about my setup isn't liked, because I'd really prefer to keep using the gui...

...

jkbull...gmail.com

unread,

Jun 18, 2015, 5:49:56 PM6/18/15

to tunnelbli...@googlegroups.com, asmagi...@gmail.com, asmagi...@gmail.com, dasa...@gmail.com

Look carefully at the Tunnelblick log for clues about what is going on. (You haven't posted the diagnostic info.)

Pay particular attention to the outputs from client.up.tunnelblick.sh and client.down.tunnelblick.sh, which are set off in the log by a row of asterisks.

Also look for anything in the log at the time the VPN starts misbehaving. For example, are the network settings changing and Tunnelblick is trying to restore them and having trouble restoring them? You have a lot of control over what Tunnelblick does when there are such changes; see the "While Connected" tab of the "Advanced" settings window.

dasa...@gmail.com

unread,

Jun 19, 2015, 7:39:36 AM6/19/15

to tunnelbli...@googlegroups.com, asmagi...@gmail.com, dasa...@gmail.com

I've determined the root cause of my issues. When using my Clear Network (Wi-Fi Hotspot) I am experiencing the issues I've been documenting. But when I switch over to an AT&T hotspot everything works perfectly. I checked the settings in the Clear Network Hotspot (IP Conflicts, Firewall, Routing, etc.) and I'm not seeing anything obvious. I would prefer to use that hotspot since my current location rarely works with AT&T.

Any suggestions?

...

jkbull...gmail.com

unread,

Jun 19, 2015, 7:52:56 AM6/19/15

to tunnelbli...@googlegroups.com, dasa...@gmail.com, dasa...@gmail.com

Post the diagnostic info per Read Before You Post.

If Clear Networks is blocking VPN traffic, and if you control the OpenVPN server, you might consider using the Tunnelblick openvpn_xorpatch obfuscation technique.

On Friday, June 19, 2015 at 7:39:36 AM UTC-4, <> wrote:

I've determined the root cause of my issues. When using my Clear Network (Wi-Fi Hotspot) I am experiencing the issues I've been documenting. But when I switch over to an AT&T hotspot everything works perfectly. I checked the settings in the Clear Network Hotspot (IP Conflicts, Firewall, Routing, etc.) and I'm not seeing anything obvious. I would prefer to use that hotspot since my current location rarely works with AT&T.

Any suggestions?

On Monday, June 15, 2015 at 1:14:08 PM UTC-4,<> wrote:

Strange that it would work and then stop. I disabled IPv6 to reduce any issues that might pop up. But I'm back to no longer routing traffic. I upgraded to the latest version of Tunnelblick and it reverted back to not routing traffic. Same issue as before. I bounced my server and it didn't help this time.

Let me know if anyone has any ideas...

Thanks!

On Thursday, June 11, 2015 at 2:53:29 PM UTC-4,<> wrote:

Switching IPv6 to link-local and then clicking apply seems to make things work for a while, then it will stop maybe 10 or so minutes later and OS X applications stop accessing the internet again. Going into network settings and switching from link-local to manual and then applying (without quitting the tunnel) brings things back for a bit again... basically if I toggle between them I can eek out some access, but nothing that sticks.

...

dasa...@gmail.com

unread,

Jun 19, 2015, 8:28:49 AM6/19/15

to tunnelbli...@googlegroups.com, dasa...@gmail.com

Thanks for the response. I provided all of the details in my original post. Please see below. I've also included some additional details...

When I'm NOT connected through the VPN - I can ping servers, trace route works, and port 80 works great.

::::

MB-Pro-15-2014:~ das$ traceroute www.google.com

traceroute: Warning: www.google.com has multiple addresses; using 173.194.121.52

traceroute to www.google.com (173.194.121.52), 64 hops max, 52 byte packets

1 10.0.1.1 (10.0.1.1) 3.726 ms 2.281 ms 2.244 ms

2 * * *

3 10.41.193.169 (10.41.193.169) 126.057 ms 204.054 ms 144.880 ms

4 66-233-236-161.wsh.clearwire-wmx.net (66.233.236.161) 90.192 ms 199.105 ms 89.975 ms

5 66-233-236-130.wsh.clearwire-wmx.net (66.233.236.130) 145.109 ms 204.323 ms 145.110 ms

6 72.14.219.133 (72.14.219.133) 359.915 ms 144.599 ms 442.971 ms

7 216.239.46.250 (216.239.46.250) 141.979 ms 209.702 ms 355.015 ms

8 72.14.233.97 (72.14.233.97) 144.926 ms 89.534 ms 274.928 ms

9 iad23s26-in-f20.1e100.net (173.194.121.52) 140.003 ms 89.683 ms 219.993 ms

::::

MB-Pro-15-2014:~ das$ telnet www.google.com 80

Trying 173.194.121.51...

Connected to www.google.com.

Escape character is '^]'.

GET /

HTTP/1.0 200 OK

Date: Fri, 19 Jun 2015 12:23:20 GMT

Expires: -1

Cache-Control: private, max-age=0

Content-Type: text/html; charset=ISO-8859-1

Set-Cookie: PREF=ID=86e0bba015af213f:FF=0:TM=1434716600:LM=1434716600:S=6b7gdiacHNV8OQU2; expires=Sun, 18-Jun-2017 12:23:20 GMT; path=/; domain=.google.com

Set-Cookie: NID=68=XcWPr5Zq90rdnyj41IuqaFnRkGSTyeKN758enpdQe1WWRdNhAL5Bw4RpF2_PAvutao57V9t6Q-e9zHVFzOa1Br8plHHKGEicURY3kHlBd5RN3ewaJY8gQM1xEDZcsS34; expires=Sat, 19-Dec-2015 12:23:20 GMT; path=/; domain=.google.com; HttpOnly

P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."

Server: gws

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Alternate-Protocol: 80:quic,p=0

Accept-Ranges: none

Vary: Accept-Encoding

<!doctype html><html itemscope="" ...........

::::

When I'm connected to the VPN. Traceroute still works but port 80 doesn't work.

MB-Pro-15-2014:~ das$ traceroute www.google.com

traceroute: Warning: www.google.com has multiple addresses; using 173.194.121.49

traceroute to www.google.com (173.194.121.49), 64 hops max, 52 byte packets

1 10.139.0.1 (10.139.0.1) 199.059 ms 164.479 ms 120.923 ms

2 192.168.0.1 (192.168.0.1) 275.452 ms 198.108 ms 105.838 ms

3 MY.IP (MY.IP) 193.953 ms 178.689 ms 90.843 ms

4 xe-0-2-0-32767-sur01.gaithersburg.md.bad.comcast.net (68.85.80.109) 189.840 ms 175.800 ms 243.924 ms

5 ae-31-0-ar01.whitemarsh.md.bad.comcast.net (68.85.114.109) 174.938 ms 139.996 ms

ae-31-0-ar01.capitolhghts.md.bad.comcast.net (68.85.114.105) 134.598 ms

6 ae-0-0-ar01.capitolhghts.md.bad.comcast.net (68.85.67.201) 114.819 ms

he-0-1-0-0-cr02.ashburn.va.ibone.comcast.net (68.86.90.57) 295.144 ms

ae-0-0-ar01.capitolhghts.md.bad.comcast.net (68.85.67.201) 169.917 ms

7 he-0-14-0-0-pe04.ashburn.va.ibone.comcast.net (68.86.88.110) 139.621 ms

he-0-1-0-7-cr02.ashburn.va.ibone.comcast.net (68.86.91.101) 165.005 ms

he-0-1-0-0-cr02.ashburn.va.ibone.comcast.net (68.86.90.57) 161.857 ms

8 as36040-2-c.ashburn.va.ibone.comcast.net (75.149.229.86) 124.883 ms 189.736 ms 134.848 ms

9 209.85.242.142 (209.85.242.142) 175.054 ms

as36040-2-c.ashburn.va.ibone.comcast.net (75.149.229.86) 174.175 ms 164.203 ms

10 209.85.242.142 (209.85.242.142) 80.068 ms

72.14.233.97 (72.14.233.97) 78.996 ms

209.85.242.142 (209.85.242.142) 219.532 ms

11 iad23s26-in-f17.1e100.net (173.194.121.49) 89.198 ms

72.14.233.97 (72.14.233.97) 166.661 ms 212.168 ms

And here is port 80 to Google hanging indefinitely...

MB-Pro-15-2014:~ das$ telnet www.google.com 80

Trying 173.194.121.51...

Connected to www.google.com.

Escape character is '^]'.

GET /

======