No connection to VPN network after most recent Beta update

[Kevin K]

I updated Tunnelblick to 3.4beta22 (and it still says this is the latest version, despite the website saying beta24 is the newest). I got this update yesterday and I am now unable to transfer any data over my VPN network. I can connect just fine, and I see the TAP interface is connected and has the proper IP. However, I cannot connect to anything on the VPN network, I don't even get a ping response. Everything was working fine prior to this update, I'm not sure what change is causing me problems...

[jkbull...gmail.com]

1. 3.4beta24 was released this morning. Updates to it won't happen until later.

2. PLEASE READ THIS BEFORE YOU POST TO THE GROUP.

[Kevin K]

*Tunnelblick: OS X 10.9.2; Tunnelblick 3.4beta22 (build 3789); prior version 3.3.2 (build 3518.3792); Admin user

"Sanitized" configuration file for /Users/Kevin/Library/Application Support/Tunnelblick/Configurations/home.tblk:

client

dev tap

proto tcp-client

tls-client

remote <redacted>

port 443

resolv-retry infinite

nobind

persist-key

persist-tun

ca ca.crt

cert kevin.crt

key kevin.key

ns-cert-type server

comp-lzo

keepalive 10 120

verb 3

================================================================================

There are no unusual files in home.tblk

================================================================================

Configuration preferences:

useDNS = 1

-openvpnVersion = 

-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 1

-lastConnectionSucceeded = 1

-tunnelDownSoundName = None

-tunnelUpSoundName = None

================================================================================

Wildcard preferences:

-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 1

================================================================================

Program preferences:

notOKToCheckThatIPAddressDidNotChangeAfterConnection = 1

askedUserIfOKToCheckThatIPAddressDidNotChangeAfterConnection = 1

tunnelblickVersionHistory = (

    "3.4beta22 (build 3789)",

    "3.3.2 (build 3518.3792)",

    "3.4beta22 (build 3789)",

    "3.4beta20 (build 3727)",

    "3.4beta18 (build 3704)",

    "3.4beta16 (build 3679)",

    "3.4beta14 (build 3649)",

    "3.3.0 (build 3518)",

    "3.3beta54 (build 3415)"

)

showConnectedDurations = 1

connectionWindowDisplayCriteria = showWhenConnecting

maxLogDisplaySize = 102400

lastConnectedDisplayName = home

installationUID = 90EDE79D-D77A-4B8A-A4F4-0B966146D29D

keyboardShortcutIndex = 1

updateCheckAutomatically = 1

updateSendProfileInfo = 1

NSWindow Frame ConnectingWindow = 645 631 389 187 0 0 1680 1028 

NSWindow Frame SUStatusFrame = 648 675 384 129 0 0 1680 1028 

detailsWindowFrameVersion = 3518.3792

detailsWindowFrame = {{460, 421}, {760, 468}}

detailsWindowLeftFrame = {{0, 0}, {135, 350}}

leftNavSelectedDisplayName = home

haveDealtWithSparkle1dot5b6 = 1

haveDealtWithOldTunTapPreferences = 1

SUEnableAutomaticChecks = 1

SUFeedURL = https://www.tunnelblick.net/appcast-b.rss

SUSendProfileInfo = 1

SULastCheckTime = 2014-04-18 17:09:51 +0000

SULastProfileSubmissionDate = 2014-04-14 18:43:34 +0000

SUHasLaunchedBefore = 1

WebKitDefaultFontSize = 11

WebKitStandardFont = Lucida Grande

================================================================================

Tunnelblick Log:

2014-04-18 10:21:59 *Tunnelblick: OS X 10.9.2; Tunnelblick 3.4beta22 (build 3789); prior version 3.3.2 (build 3518.3792)

2014-04-18 10:21:59 *Tunnelblick: Attempting connection with home using shadow copy; Set nameserver = 1; monitoring connection

2014-04-18 10:21:59 *Tunnelblick: openvpnstart start home.tblk 1337 1 0 1 0 370 -ptADGNWradsgnw 2.2.1

2014-04-18 10:22:00 *Tunnelblick: openvpnstart log:

     Loading tap-signed.kext

     

     OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):

     

          /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.2.1/openvpn

          --daemon

          --log

          /Library/Application Support/Tunnelblick/Logs/-SUsers-SKevin-SLibrary-SApplication Support-STunnelblick-SConfigurations-Shome.tblk-SContents-SResources-Sconfig.ovpn.1_0_1_0_370.1337.openvpn.log

          --cd

          /Library/Application Support/Tunnelblick/Users/Kevin/home.tblk/Contents/Resources

          --config

          /Library/Application Support/Tunnelblick/Users/Kevin/home.tblk/Contents/Resources/config.ovpn

          --cd

          /Library/Application Support/Tunnelblick/Users/Kevin/home.tblk/Contents/Resources

          --management

          127.0.0.1

          1337

          --management-query-passwords

          --management-hold

          --script-security

          2

          --up

          /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -a -f -ptADGNWradsgnw

          --down

          /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -a -f -ptADGNWradsgnw

2014-04-18 10:21:59 *Tunnelblick: openvpnstart starting OpenVPN

2014-04-18 10:22:00 *Tunnelblick: Established communication with OpenVPN

2014-04-18 10:22:00 OpenVPN 2.2.1 i386-apple-darwin10.8.0 [SSL] [LZO2] [PKCS11] [eurephia] built on Apr  8 2014

2014-04-18 10:22:00 MANAGEMENT: TCP Socket listening on 127.0.0.1:1337

2014-04-18 10:22:00 Need hold release from management interface, waiting...

2014-04-18 10:22:00 MANAGEMENT: Client connected from 127.0.0.1:1337

2014-04-18 10:22:00 MANAGEMENT: CMD 'pid'

2014-04-18 10:22:00 MANAGEMENT: CMD 'state on'

2014-04-18 10:22:00 MANAGEMENT: CMD 'state'

2014-04-18 10:22:00 MANAGEMENT: CMD 'bytecount 1'

2014-04-18 10:22:00 MANAGEMENT: CMD 'hold release'

2014-04-18 10:22:00 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2014-04-18 10:22:00 LZO compression initialized

2014-04-18 10:22:00 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]

2014-04-18 10:22:00 Socket Buffers: R=[131072->65536] S=[131072->65536]

2014-04-18 10:22:00 MANAGEMENT: >STATE:1397841720,RESOLVE,,,

2014-04-18 10:22:00 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]

2014-04-18 10:22:00 Local Options hash (VER=V4): '31fdf004'

2014-04-18 10:22:00 Expected Remote Options hash (VER=V4): '3e6d1056'

2014-04-18 10:22:00 Attempting to establish TCP connection with <redacted>:443 [nonblock]

2014-04-18 10:22:00 MANAGEMENT: >STATE:1397841720,TCP_CONNECT,,,

2014-04-18 10:22:01 TCP connection established with <redacted>:443

2014-04-18 10:22:01 TCPv4_CLIENT link local: [undef]

2014-04-18 10:22:01 TCPv4_CLIENT link remote: <redacted>:443

2014-04-18 10:22:01 MANAGEMENT: >STATE:1397841721,WAIT,,,

2014-04-18 10:22:01 MANAGEMENT: >STATE:1397841721,AUTH,,,

2014-04-18 10:22:01 TLS: Initial packet from <redacted>:443, sid=2e95a1e4 a561f76a

2014-04-18 10:22:01 VERIFY OK: depth=1, /C=US/ST=AZ/L=Phoenix/O=Transmatrix/CN=Transmatrix/emailAddress=<redacted>

2014-04-18 10:22:01 VERIFY OK: nsCertType=SERVER

2014-04-18 10:22:01 VERIFY OK: depth=0, /C=US/ST=AZ/O=Transmatrix/CN=server/emailAddress=<redacted>

2014-04-18 10:22:02 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key

2014-04-18 10:22:02 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

2014-04-18 10:22:02 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key

2014-04-18 10:22:02 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

2014-04-18 10:22:02 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA

2014-04-18 10:22:02 [server] Peer Connection Initiated with <redacted>:443

2014-04-18 10:22:03 MANAGEMENT: >STATE:1397841723,GET_CONFIG,,,

2014-04-18 10:22:04 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

2014-04-18 10:22:05 PUSH: Received control message: 'PUSH_REPLY,route-gateway 192.168.85.1,ping 10,ping-restart 120,ifconfig 192.168.85.5 255.255.255.0'

2014-04-18 10:22:05 OPTIONS IMPORT: timers and/or timeouts modified

2014-04-18 10:22:05 OPTIONS IMPORT: --ifconfig/up options modified

2014-04-18 10:22:05 OPTIONS IMPORT: route-related options modified

2014-04-18 10:22:05 TUN/TAP device /dev/tap0 opened

2014-04-18 10:22:05 MANAGEMENT: >STATE:1397841725,ASSIGN_IP,,192.168.85.5,

2014-04-18 10:22:05 /sbin/ifconfig tap0 delete

                                        ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address

2014-04-18 10:22:05 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure

2014-04-18 10:22:05 /sbin/ifconfig tap0 192.168.85.5 netmask 255.255.255.0 mtu 1500 up

2014-04-18 10:22:05 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -a -f -ptADGNWradsgnw tap0 1500 1576 192.168.85.5 255.255.255.0 init

                                        **********************************************

                                        Start of output from client.up.tunnelblick.sh

                                        Configuring tap DNS via DHCP asynchronously

                                        End of output from client.up.tunnelblick.sh

                                        **********************************************

2014-04-18 10:22:07 Initialization Sequence Completed

2014-04-18 10:22:07 MANAGEMENT: >STATE:1397841727,CONNECTED,SUCCESS,192.168.85.5,68.0.179.5

2014-04-18 10:22:07 *Tunnelblick: No 'connected.sh' script to execute

                                        Sleeping for 0 seconds to wait for DHCP to finish setup.

                                        Sleeping for 1 seconds to wait for DHCP to finish setup.

                                        Sleeping for 2 seconds to wait for DHCP to finish setup.

                                        Sleeping for 3 seconds to wait for DHCP to finish setup.

                                        Sleeping for 4 seconds to wait for DHCP to finish setup.

                                        WARNING: No DNS information received from OpenVPN (DHCP), so no network/DNS configuration changes need to be made.

                                        Will NOT monitor for other network configuration changes.

2014-04-18 10:22:34 *Tunnelblick: Disconnecting; VPN Details… window disconnect button pressed

2014-04-18 10:22:34 *Tunnelblick: Disconnecting using 'kill'

2014-04-18 10:22:34 event_wait : Interrupted system call (code=4)

2014-04-18 10:22:34 TCP/UDP: Closing socket

2014-04-18 10:22:34 Closing TUN/TAP interface

2014-04-18 10:22:34 /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -a -f -ptADGNWradsgnw tap0 1500 1576 192.168.85.5 255.255.255.0 init

                                        **********************************************

                                        Start of output from client.down.tunnelblick.sh

                                        WARNING: No saved Tunnelblick DNS configuration found; not doing anything.

                                        End of output from client.down.tunnelblick.sh

                                        **********************************************

2014-04-18 10:22:35 SIGTERM[hard,] received, process exiting

2014-04-18 10:22:35 MANAGEMENT: >STATE:1397841755,EXITING,SIGTERM,,

2014-04-18 10:22:35 *Tunnelblick: No 'post-disconnect.sh' script to execute

2014-04-18 10:22:35 *Tunnelblick: Expected disconnection occurred.

================================================================================

Console Log:

2014-04-18 10:09:29 Tunnelblick[1588] DEBUG: Updater: systemVersion 10.9.2 satisfies minimumSystemVersion 10.4.0

2014-04-18 10:09:29 Tunnelblick[1588] DEBUG: Updater: systemVersion 10.9.2 satisfies minimumSystemVersion 10.4.0

2014-04-18 10:09:51 Tunnelblick[1588] DEBUG: Updater: systemVersion 10.9.2 satisfies minimumSystemVersion 10.4.0

2014-04-18 10:09:51 Tunnelblick[1588] DEBUG: Updater: systemVersion 10.9.2 satisfies minimumSystemVersion 10.4.0

================================================================================

Non-Apple kexts that are loaded:

Index Refs Address            Size       Wired      Name (Version) <Linked Against>

  101    1 0xffffff7f81ccb000 0xa000     0xa000     com.avatron.AVExVideo (1.7) <78 5 4 3>

  112    0 0xffffff7f80b7e000 0x5000     0x5000     com.Cycling74.driver.Soundflower (1.6.2) <111 5 4 3>

  114    0 0xffffff7f80b28000 0x5000     0x5000     com.techsmith.TACC (1.0.2) <5 4 3>

  115    0 0xffffff7f81cd5000 0x5000     0x5000     com.avatron.AVExFramebuffer (1.7) <101 78 5 4 3>

  131    3 0xffffff7f82634000 0x45000    0x45000    org.virtualbox.kext.VBoxDrv (4.3.6) <7 5 4 3 1>

  132    0 0xffffff7f82679000 0x8000     0x8000     org.virtualbox.kext.VBoxUSB (4.3.6) <131 44 36 7 5 4 3 1>

  133    0 0xffffff7f82681000 0x5000     0x5000     org.virtualbox.kext.VBoxNetFlt (4.3.6) <131 7 5 4 3 1>

  135    0 0xffffff7f82686000 0x6000     0x6000     org.virtualbox.kext.VBoxNetAdp (4.3.6) <131 5 4 1>

[jkbull...gmail.com]

One quick thing to try is to set the configuration to connect using OpenVPN 2.3.2 (instead of the default, 2.2.1).

The real problem seems to be shown here, though:

                                        Sleeping for 0 seconds to wait for DHCP to finish setup.

                                        Sleeping for 1 seconds to wait for DHCP to finish setup.

                                        Sleeping for 2 seconds to wait for DHCP to finish setup.

                                        Sleeping for 3 seconds to wait for DHCP to finish setup.

                                        Sleeping for 4 seconds to wait for DHCP to finish setup.

                                        WARNING: No DNS information received from OpenVPN (DHCP), so no network/DNS configuration changes need to be made.

Tunnelblick waited 10 seconds to get DHCP info via the TAP interface but never got it.

If the newer OpenVPN doesn't help, try each of the other "Set DNS/WINS" settings.

2014-04-18 10:22:00 Attempting to establish TCP connection with 68.0.179.5:443 [nonblock]

2014-04-18 10:22:00 MANAGEMENT: >STATE:1397841720,TCP_CONNECT,,,

2014-04-18 10:22:01 TCP connection established with 68.0.179.5:443

2014-04-18 10:22:01 TCPv4_CLIENT link local: [undef]

2014-04-18 10:22:01 TCPv4_CLIENT link remote: 68.0.179.5:443

2014-04-18 10:22:01 MANAGEMENT: >STATE:1397841721,WAIT,,,

2014-04-18 10:22:01 MANAGEMENT: >STATE:1397841721,AUTH,,,

2014-04-18 10:22:01 TLS: Initial packet from 68.0.179.5:443, sid=2e95a1e4 a561f76a

2014-04-18 10:22:01 VERIFY OK: depth=1, /C=US/ST=AZ/L=Phoenix/O=Transmatrix/CN=Transmatrix/emailAddress=<redacted>

2014-04-18 10:22:01 VERIFY OK: nsCertType=SERVER

2014-04-18 10:22:01 VERIFY OK: depth=0, /C=US/ST=AZ/O=Transmatrix/CN=server/emailAddress=<redacted>

2014-04-18 10:22:02 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key

2014-04-18 10:22:02 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

2014-04-18 10:22:02 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key

2014-04-18 10:22:02 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

2014-04-18 10:22:02 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA

2014-04-18 10:22:02 [server] Peer Connection Initiated with 68.0.179.5:443

[Kevin K]

I'd already tried the other versions of OpenVPN, still didn't work.

I'm not sure what would have changed, and it's getting assigned an IP address so isn't DHCP working?

[Kevin K]

I've found the problem. It was due to firewall rules. However, I don't know why this would have worked before and not now... Anyway, I appreciate the help troubleshooting.

[Kevin K]

Although, I just re-applied the firewall rules and it's all working again. I don't know what the crap happened, but apparently all I needed to do was restart the OpenVPN server... super weird.