name resolving problem in MAC OSX - connection problem

168 views

Skip to first unread message

pirosk...@gmail.com

unread,

Feb 8, 2016, 11:24:27 AM2/8/16

to tunnelblick-discuss, Bölcs András

Hi Everybody! I would like to ask your help.

I use Tunnelblick (build 4270.4461) on OSX (OS X El Capitan, 10.11.2).

My problem is, after I connect to the client from outside (example from a cafeteria, from other network), I cannot connect to our shared NAS winchester which is shared in inside network (LAN). If I connect from the inter network (LAN) - directly, at my home- without Tunnelblick, I can use NAS without any problem. I attach the log file, the error messages and my config file from my notebook.

Thanks your help!

ifconfig

https://drive.google.com/file/d/0Bzi8LzZZSvPbQTlFREFkYXprbEE/view?usp=sharing

tunnelblick log file

https://drive.google.com/file/d/0Bzi8LzZZSvPbNmpzdnJTUFEtZUU/view?usp=sharing

jkbull...gmail.com

unread,

Feb 8, 2016, 11:34:49 AM2/8/16

to tunnelblick-discuss, bol...@gmail.com, pirosk...@gmail.com

First, please update to Tunnelblick 3.6beta20, which has better diagnostic and logging capabilities.

Then please follow the instructions at Read Before You Post to get the information needed to diagnose problems.

For your situation, please get the diagnostic information after connecting/disconnecting from both a network that works and from a network that doesn't.

And please clarify: is it correct that you have an OpenVPN server on a LAN at home, and when you connect to it when at home (that is, from the LAN that includes the OpenVPN server) you can access the Internet and everything on that LAN, but when you connect from another network (for example, an Internet cafe), you can access the Internet but cannot access servers on your home LAN.

pirosk...@gmail.com

unread,

Feb 16, 2016, 3:25:27 PM2/16/16

to tunnelblick-discuss, bol...@gmail.com, pirosk...@gmail.com

Hello

the same problem.

I paste the Log.

*Tunnelblick: OS X 10.11.2; Tunnelblick 3.6beta20 (build 4505); prior version 3.5.5 (build 4270.4461); Admin user

Configuration client

"Sanitized" condensed configuration file for /Library/Application Support/Tunnelblick/Shared/client.tblk:

client

dev tun

proto udp

remote bytheway.no-ip.info 1194

float

comp-lzo adaptive

keepalive 15 60

auth-user-pass

ns-cert-type server

<ca>

[Security-related line(s) omitted]

</ca>

<cert>

[Security-related line(s) omitted]

</cert>

<key>

[Security-related line(s) omitted]

</key>

resolv-retry infinite

nobind

================================================================================

Non-Apple kexts that are loaded:

Index Refs Address Size Wired Name (Version) UUID <Linked Against>

================================================================================

There are no unusual files in client.tblk

================================================================================

Configuration preferences:

-useRouteUpInsteadOfUp = 0

-keychainHasUsernameAndPassword = 1

-loadTun =

-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0

-lastConnectionSucceeded = 1

================================================================================

Wildcard preferences:

================================================================================

Program preferences:

launchAtNextLogin = 1

notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0

askedUserIfOKToCheckThatIPAddressDidNotChangeAfterConnection = 1

tunnelblickVersionHistory = (

"3.6beta20 (build 4505)",

"3.5.5 (build 4270.4461)"

)

statusDisplayNumber = 0

lastLaunchTime = 476810794.147361

connectionWindowDisplayCriteria = showWhenConnecting

maxLogDisplaySize = 102400

lastConnectedDisplayName = client

installationUID (not shown)

keyboardShortcutIndex = 1

updateCheckAutomatically = 1

updateCheckBetas = 1

updateSendProfileInfo = 1

NSWindow Frame SettingsSheetWindow = 317 353 829 524 0 0 1440 877

NSWindow Frame ConnectingWindow = 525 518 389 187 0 0 1440 877

detailsWindowFrameVersion = 4505

detailsWindowFrame = {{282, 409}, {920, 468}}

detailsWindowLeftFrame = {{0, 0}, {165, 350}}

detailsWindowViewIndex = 0

detailsWindowConfigurationsTabIdentifier = settings

leftNavSelectedDisplayName = client

AdvancedWindowTabIdentifier = connectingAndDisconnecting

haveDealtWithSparkle1dot5b6 = 1

haveDealtWithOldTunTapPreferences = 1

haveDealtWithOldLoginItem = 1

SUEnableAutomaticChecks = 1

SUFeedURL = https://www.tunnelblick.net/appcast-b.rss

SUScheduledCheckInterval = 86400

SUSendProfileInfo = 1

SULastCheckTime = 2016-02-15 10:16:24 +0000

SULastProfileSubmissionDate = 2016-02-08 16:05:57 +0000

SUHasLaunchedBefore = 1

WebKitDefaultFontSize = 11

WebKitStandardFont = .SF NS Text

================================================================================

Tunnelblick Log:

2016-02-16 21:06:48 *Tunnelblick: OS X 10.11.2; Tunnelblick 3.6beta20 (build 4505); prior version 3.5.5 (build 4270.4461)

2016-02-16 21:06:48 *Tunnelblick: Attempting connection with client; Set nameserver = 1; monitoring connection

2016-02-16 21:06:48 *Tunnelblick: openvpnstart start client.tblk 1337 1 0 3 0 540976 -ptADGNWradsgnw 2.3.10

2016-02-16 21:06:48 *Tunnelblick: openvpnstart log:

OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):

/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.10/openvpn

--daemon

--log

/Library/Application Support/Tunnelblick/Logs/-SLibrary-SApplication Support-STunnelblick-SShared-Sclient.tblk-SContents-SResources-Sconfig.ovpn.1_0_3_0_540976.1337.openvpn.log

--cd

/Library/Application Support/Tunnelblick/Shared/client.tblk/Contents/Resources

--verb

--config

/Library/Application Support/Tunnelblick/Shared/client.tblk/Contents/Resources/config.ovpn

--cd

/Library/Application Support/Tunnelblick/Shared/client.tblk/Contents/Resources

--management

127.0.0.1

1337

--management-query-passwords

--management-hold

--script-security

--up

/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw

--down

/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw

2016-02-16 21:06:48 OpenVPN 2.3.10 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Feb 1 2016

2016-02-16 21:06:48 library versions: OpenSSL 1.0.2f 28 Jan 2016, LZO 2.09

2016-02-16 21:06:48 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337

2016-02-16 21:06:48 Need hold release from management interface, waiting...

2016-02-16 21:06:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337

2016-02-16 21:06:48 MANAGEMENT: CMD 'pid'

2016-02-16 21:06:48 MANAGEMENT: CMD 'state on'

2016-02-16 21:06:48 MANAGEMENT: CMD 'state'

2016-02-16 21:06:48 MANAGEMENT: CMD 'bytecount 1'

2016-02-16 21:06:48 MANAGEMENT: CMD 'hold release'

2016-02-16 21:06:48 *Tunnelblick: Established communication with OpenVPN

2016-02-16 21:06:48 *Tunnelblick: Obtained VPN username and password from the Keychain

2016-02-16 21:06:48 MANAGEMENT: CMD 'username "Auth" "vpiros"'

2016-02-16 21:06:48 MANAGEMENT: CMD 'password [...]'

2016-02-16 21:06:48 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2016-02-16 21:06:48 Socket Buffers: R=[196724->196724] S=[9216->9216]

2016-02-16 21:06:48 MANAGEMENT: >STATE:1455653208,RESOLVE,,,

2016-02-16 21:06:48 UDPv4 link local: [undef]

2016-02-16 21:06:48 UDPv4 link remote: [AF_INET]80.98.112.111:1194

2016-02-16 21:06:48 MANAGEMENT: >STATE:1455653208,WAIT,,,

2016-02-16 21:06:48 *Tunnelblick: openvpnstart starting OpenVPN

2016-02-16 21:06:50 MANAGEMENT: >STATE:1455653210,AUTH,,,

2016-02-16 21:06:50 TLS: Initial packet from [AF_INET]80.98.112.111:1194, sid=146b8167 92a1f510

2016-02-16 21:06:50 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

2016-02-16 21:06:50 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-N18U, emailAddress=m...@myhost.mydomain

2016-02-16 21:06:50 VERIFY OK: nsCertType=SERVER

2016-02-16 21:06:50 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-N18U, emailAddress=m...@myhost.mydomain

2016-02-16 21:06:52 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key

2016-02-16 21:06:52 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

2016-02-16 21:06:52 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key

2016-02-16 21:06:52 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

2016-02-16 21:06:52 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA

2016-02-16 21:06:52 [RT-N18U] Peer Connection Initiated with [AF_INET]80.98.112.111:1194

2016-02-16 21:06:53 MANAGEMENT: >STATE:1455653213,GET_CONFIG,,,

2016-02-16 21:06:54 SENT CONTROL [RT-N18U]: 'PUSH_REQUEST' (status=1)

2016-02-16 21:06:54 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,dhcp-option DNS 192.168.1.1,route 10.8.0.1,topology net30,ping 15,ping-restart 60,ifconfig 10.8.0.6 10.8.0.5'

2016-02-16 21:06:54 OPTIONS IMPORT: timers and/or timeouts modified

2016-02-16 21:06:54 OPTIONS IMPORT: --ifconfig/up options modified

2016-02-16 21:06:54 OPTIONS IMPORT: route options modified

2016-02-16 21:06:54 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

2016-02-16 21:06:54 Opening utun (connect(AF_SYS_CONTROL)): Resource busy

2016-02-16 21:06:54 Opened utun device utun1

2016-02-16 21:06:54 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0

2016-02-16 21:06:54 MANAGEMENT: >STATE:1455653214,ASSIGN_IP,,10.8.0.6,

2016-02-16 21:06:54 /sbin/ifconfig utun1 delete

ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address

2016-02-16 21:06:54 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure

2016-02-16 21:06:54 /sbin/ifconfig utun1 10.8.0.6 10.8.0.5 mtu 1500 netmask 255.255.255.255 up

2016-02-16 21:06:54 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw utun1 1500 1542 10.8.0.6 10.8.0.5 init

**********************************************

Start of output from client.up.tunnelblick.sh

Disabled IPv6 for 'Android'

Disabled IPv6 for 'Wi-Fi'

Disabled IPv6 for 'iPhone USB'

Disabled IPv6 for 'Bluetooth PAN'

Disabled IPv6 for 'Thunderbolt Bridge'

Retrieved from OpenVPN: name server(s) [ 192.168.1.1 ], search domain(s) [ ] and SMB server(s) [ ] and using default domain name [ openvpn ]

Not aggregating ServerAddresses because running on OS X 10.6 or higher

Setting search domains to 'openvpn' because running under OS X 10.6 or higher and the search domains were not set manually and 'Prepend domain name to search domains' was not selected

Saved the DNS and SMB configurations so they can be restored

Changed DNS ServerAddresses setting from '192.168.43.1' to '192.168.1.1'

Changed DNS SearchDomains setting from '' to 'openvpn'

Changed DNS DomainName setting from '' to 'openvpn'

Did not change SMB NetBIOSName setting of ''

Did not change SMB Workgroup setting of 'WORKGROUP'

Did not change SMB WINSAddresses setting of '192.168.1.1'

DNS servers '192.168.1.1' will be used for DNS queries when the VPN is active

NOTE: The DNS servers do not include any free public DNS servers known to Tunnelblick. This may cause DNS queries to fail or be intercepted or falsified even if they are directed through the VPN. Specify only known public DNS servers or DNS servers located on the VPN network to avoid such problems.

Flushed the DNS cache via dscacheutil

/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil

Notified mDNSResponder that the DNS cache was flushed

Setting up to monitor system configuration with process-network-changes

End of output from client.up.tunnelblick.sh

**********************************************

2016-02-16 21:06:58 *Tunnelblick: No 'connected.sh' script to execute

2016-02-16 21:06:58 MANAGEMENT: >STATE:1455653218,ADD_ROUTES,,,

2016-02-16 21:06:58 /sbin/route add -net 192.168.1.0 10.8.0.5 255.255.255.0

add net 192.168.1.0: gateway 10.8.0.5

2016-02-16 21:06:58 /sbin/route add -net 10.8.0.1 10.8.0.5 255.255.255.255

add net 10.8.0.1: gateway 10.8.0.5

2016-02-16 21:06:58 Initialization Sequence Completed

2016-02-16 21:06:58 MANAGEMENT: >STATE:1455653218,CONNECTED,SUCCESS,10.8.0.6,80.98.112.111

2016-02-16 21:07:03 *Tunnelblick process-network-changes: A system configuration change was ignored

2016-02-16 21:07:03 *Tunnelblick: This computer's apparent public IP address (94.44.255.137) was unchanged after the connection was made

2016-02-16 21:19:59 *Tunnelblick: Disconnecting; VPN Details… window disconnect button pressed

2016-02-16 21:19:59 *Tunnelblick: No 'pre-disconnect.sh' script to execute

2016-02-16 21:19:59 *Tunnelblick: Disconnecting using 'kill'

2016-02-16 21:19:59 event_wait : Interrupted system call (code=4)

2016-02-16 21:19:59 /sbin/route delete -net 10.8.0.1 10.8.0.5 255.255.255.255

delete net 10.8.0.1: gateway 10.8.0.5

2016-02-16 21:19:59 /sbin/route delete -net 192.168.1.0 10.8.0.5 255.255.255.0

delete net 192.168.1.0: gateway 10.8.0.5

2016-02-16 21:19:59 Closing TUN/TAP interface

2016-02-16 21:19:59 /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw utun1 1500 1542 10.8.0.6 10.8.0.5 init

**********************************************

Start of output from client.down.tunnelblick.sh

Cancelled monitoring of system configuration changes

Restored the DNS and SMB configurations

Re-enabled IPv6 (automatic) for 'Android'

Re-enabled IPv6 (automatic) for 'Wi-Fi'

Re-enabled IPv6 (automatic) for 'iPhone USB'

Re-enabled IPv6 (automatic) for 'Bluetooth PAN'

Re-enabled IPv6 (automatic) for 'Thunderbolt Bridge'

Flushed the DNS cache via dscacheutil

/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil

Notified mDNSResponder that the DNS cache was flushed

End of output from client.down.tunnelblick.sh

**********************************************

2016-02-16 21:20:00 SIGTERM[hard,] received, process exiting

2016-02-16 21:20:00 MANAGEMENT: >STATE:1455654024,EXITING,SIGTERM,,

2016-02-16 21:20:00 *Tunnelblick: No 'post-disconnect.sh' script to execute

2016-02-16 21:20:00 *Tunnelblick: Expected disconnection occurred.

================================================================================

"Sanitized" full configuration file

client

dev tun

proto udp

remote bytheway.no-ip.info 1194

float

comp-lzo adaptive

keepalive 15 60

auth-user-pass

ns-cert-type server

<ca>

[Security-related line(s) omitted]

</ca>

<cert>

[Security-related line(s) omitted]

</cert>

<key>

[Security-related line(s) omitted]

</key>

resolv-retry infinite

nobind

================================================================================

ifconfig output:

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384

options=3<RXCSUM,TXCSUM>

inet6 ::1 prefixlen 128

inet 127.0.0.1 netmask 0xff000000

inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1

nd6 options=1<PERFORMNUD>

gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280

stf0: flags=0<> mtu 1280

en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

ether 54:26:96:cf:bc:ad

inet 192.168.43.144 netmask 0xffffff00 broadcast 192.168.43.255

inet6 fe80::5626:96ff:fecf:bcad%en0 prefixlen 64 scopeid 0x4

nd6 options=1<PERFORMNUD>

media: autoselect

status: active

en1: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500

options=60<TSO4,TSO6>

ether 32:00:14:5f:d2:00

media: autoselect <full-duplex>

status: inactive

en2: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500

options=60<TSO4,TSO6>

ether 32:00:14:5f:d2:01

media: autoselect <full-duplex>

status: inactive

p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304

ether 06:26:96:cf:bc:ad

media: autoselect

status: inactive

awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1484

ether be:a4:f5:9c:31:26

inet6 fe80::bca4:f5ff:fe9c:3126%awdl0 prefixlen 64 scopeid 0x8

nd6 options=1<PERFORMNUD>

media: autoselect

status: active

bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

options=63<RXCSUM,TXCSUM,TSO4,TSO6>

ether 56:26:96:fc:66:00

Configuration:

id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0

maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200

root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0

ipfilter disabled flags 0x2

member: en1 flags=3<LEARNING,DISCOVER>

ifmaxaddr 0 port 5 priority 0 path cost 0

member: en2 flags=3<LEARNING,DISCOVER>

ifmaxaddr 0 port 6 priority 0 path cost 0

nd6 options=1<PERFORMNUD>

media: <unknown type>

status: inactive

utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380

inet6 fe80::8c37:2ea2:b964:51cd%utun0 prefixlen 64 scopeid 0xa

inet6 fdc1:cc05:ec9:e147:8c37:2ea2:b964:51cd prefixlen 64

nd6 options=1<PERFORMNUD>

================================================================================

Console Log:

2016-02-16 21:06:48 Tunnelblick[348] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-client' account = 'username'

2016-02-16 21:06:48 Tunnelblick[348] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-client' account = 'password'

Reply all

Reply to author

Forward

0 new messages