After High Sierra upgrade, TB connection connects fine but can't access internet at all
166 views
Skip to first unread message
tim....@powerdms.com
Nov 4, 2017, 3:25:09 PM11/4/17
to tunnelblick-discuss
After upgrading to High Sierra, I can't reach the internet when connected to TB. Nothing changed on my TB server or config file. It was working for about 4 months without issues prior to the upgrade last week. It's not a DNS issue as I cannot ping any IP outside of my own laptop. (8.8.8.8, 8.8.4.4, etc, etc.)
*Tunnelblick: OS X 10.13.0; Tunnelblick 3.7.4 (build 4900); prior version 3.7.3 (build 4880); Admin usergit commit 0f68fae3cabe6b2ebdc9fbb3054232074c03bbfb
Configuration aws-abroad
"Sanitized" condensed configuration file for /Users/tim.welch/Library/Application Support/Tunnelblick/Configurations/aws-abroad.tblk:
clientdev tunproto udpremote xx.xx.xx.xxx 1194ca ca.crtcert client.crtkey client.keytls-version-min 1.2tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256cipher AES-256-CBCauth SHA512resolv-retry infiniteauth-retry nonenobindpersist-keypersist-tunns-cert-type servercomp-lzoverb 3tls-clienttls-auth pfs.key
================================================================================
Non-Apple kexts that are loaded:
Index Refs Address Size Wired Name (Version) UUID <Linked Against> 17 0 0xffffff7f80db7000 0x8000 0x8000 com.sophos.driver.devctrl (9.6.52) ABA41073-2B8F-32AD-AD5A-0EBCBA0F1367 <16 5 4 3 1> 157 0 0xffffff7f81035000 0x5000 0x5000 com.nomachine.driver.nxau (4.1.b2) 78172556-B6A4-3112-BA41-E79D18108476 <125 5 4 3 1> 164 1 0xffffff7f80d92000 0xa000 0xa000 com.avatron.AVExVideo (3.0.1) 1A7B1451-0513-3B06-8249-4E02201818C1 <101 5 4 3> 165 0 0xffffff7f80d7e000 0x7000 0x7000 com.kairos.driver.DuetDisplay (2) ACE0314B-69A7-3100-9155-3B4B6C96B2EC <101 5 4 3> 166 0 0xffffff7f80d44000 0xf000 0xf000 com.displaylink.driver.DisplayLinkDriver (2.6.0 (75598)) B942FE95-AE28-32F5-8559-50853E8706E9 <101 5 4 3> 172 0 0xffffff7f80d9c000 0x13000 0x13000 com.avatron.AVExFramebuffer (3.0.1) AC18A499-5BD2-3F0C-9B18-369173DA02D2 <164 101 5 4 3> 178 3 0xffffff7f85de5000 0x62000 0x62000 org.virtualbox.kext.VBoxDrv (5.1.26) CA8F56A8-A15B-3073-B9CA-ADD472FC1D70 <7 5 4 3 1> 180 0 0xffffff7f85e47000 0x8000 0x8000 org.virtualbox.kext.VBoxUSB (5.1.26) C048C075-8B99-3011-B3F2-6101527DCC99 <179 178 51 7 5 4 3 1> 181 0 0xffffff7f85e4f000 0x5000 0x5000 org.virtualbox.kext.VBoxNetFlt (5.1.26) 8AD9BBDD-D127-388B-8A89-753712CB6139 <178 7 5 4 3 1> 182 0 0xffffff7f85e54000 0x6000 0x6000 org.virtualbox.kext.VBoxNetAdp (5.1.26) 7C5C9A71-09FA-3D56-B1D4-BA6111810E67 <178 5 4 1> 183 0 0xffffff7f80c17000 0x8000 0x8000 com.sophos.kext.oas (9.6.53) E7883FE6-B498-37ED-BDBB-9BC0EC59DCDE <5 4 1> 184 0 0xffffff7f80ec7000 0x7000 0x7000 com.sophos.nke.swi (9.6.52) B9C6AF49-49A7-3666-97EE-FFA2E2E387FD <4 1>
================================================================================
There are no unusual files in aws-abroad.tblk
================================================================================
Configuration preferences:
useDNS = 1-resetPrimaryInterfaceAfterDisconnect = 1-routeAllTrafficThroughVpn = 1-useRouteUpInsteadOfUp = 1-openvpnVersion = 2.4.4-openssl-1.0.2m-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0-keepConnected = 1-lastConnectionSucceeded = 1
================================================================================
Wildcard preferences:
-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
================================================================================
Program preferences:
launchAtNextLogin = 1notOKToCheckThatIPAddressDidNotChangeAfterConnection = 1tunnelblickVersionHistory = ( "3.7.4 (build 4900)", "3.7.3 (build 4880)", "3.7.2a (build 4851)", "3.7.1b (build 4813)")lastLaunchTime = 531513640.15993lastLanguageAtLaunchWasRTL = 0connectionWindowDisplayCriteria = showWhenConnectingmaxLogDisplaySize = 102400lastConnectedDisplayName = aws-abroadkeyboardShortcutIndex = 1updateCheckAutomatically = 1NSWindow Frame ConnectingWindow = 645 630 389 187 0 0 1680 1027 NSWindow Frame SUStatusFrame = 1049 834 400 129 0 0 1680 1027 NSWindow Frame SUUpdateAlert = 530 476 620 392 0 0 1680 1027 detailsWindowFrameVersion = 4900detailsWindowFrame = {{380, 419}, {920, 468}}detailsWindowLeftFrame = {{0, 0}, {165, 350}}detailsWindowViewIndex = 0detailsWindowConfigurationsTabIdentifier = settingsleftNavSelectedDisplayName = aws-abroadAdvancedWindowTabIdentifier = soundshaveDealtWithOldTunTapPreferences = 1haveDealtWithOldLoginItem = 1SUEnableAutomaticChecks = 1SUScheduledCheckInterval = 86400SUSendProfileInfo = 0SULastCheckTime = 2017-11-04 18:40:41 +0000SUHasLaunchedBefore = 1WebKitDefaultFontSize = 16WebKitStandardFont = TimesaskedUserIfOKToCheckThatIPAddressDidNotChangeAfterConnection = 1haveDealtWithSparkle1dot5b6 = 1updateSendProfileInfo = 0
================================================================================
Tunnelblick Log:
*Tunnelblick: OS X 10.13.0; Tunnelblick 3.7.4 (build 4900); prior version 3.7.3 (build 4880)2017-11-04 20:19:19 *Tunnelblick: Attempting connection with aws-abroad using shadow copy; Set nameserver = 769; monitoring connection2017-11-04 20:19:19 *Tunnelblick: openvpnstart start aws-abroad.tblk 1337 769 0 1 0 1165104 -ptADGNWradsgnw 2.4.4-openssl-1.0.2m2017-11-04 20:19:19 *Tunnelblick: openvpnstart log: OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line): /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.4.4-openssl-1.0.2m/openvpn --daemon --log /Library/Application Support/Tunnelblick/Logs/-SUsers-Stim.welch-SLibrary-SApplication Support-STunnelblick-SConfigurations-Saws--abroad.tblk-SContents-SResources-Sconfig.ovpn.769_0_1_0_1165104.1337.openvpn.log --cd /Library/Application Support/Tunnelblick/Users/tim.welch/aws-abroad.tblk/Contents/Resources --setenv IV_GUI_VER "net.tunnelblick.tunnelblick 4900 3.7.4 (build 4900)" --verb 3 --config /Library/Application Support/Tunnelblick/Users/tim.welch/aws-abroad.tblk/Contents/Resources/config.ovpn --verb 3 --cd /Library/Application Support/Tunnelblick/Users/tim.welch/aws-abroad.tblk/Contents/Resources --management 127.0.0.1 1337 --management-query-passwords --management-hold --redirect-gateway def1 --script-security 2 --route-up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -o -r -w -ptADGNWradsgnw --down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -o -r -w -ptADGNWradsgnw
2017-11-04 20:19:19 *Tunnelblick: openvpnstart starting OpenVPN2017-11-04 20:19:19 *Tunnelblick: Established communication with OpenVPN2017-11-04 20:19:19 OpenVPN 2.4.4 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Nov 2 20172017-11-04 20:19:19 library versions: OpenSSL 1.0.2m 2 Nov 2017, LZO 2.102017-11-04 20:19:19 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:13372017-11-04 20:19:19 Need hold release from management interface, waiting...2017-11-04 20:19:19 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:13372017-11-04 20:19:19 MANAGEMENT: CMD 'pid'2017-11-04 20:19:19 MANAGEMENT: CMD 'state on'2017-11-04 20:19:19 MANAGEMENT: CMD 'state'2017-11-04 20:19:19 MANAGEMENT: CMD 'bytecount 1'2017-11-04 20:19:19 MANAGEMENT: CMD 'hold release'2017-11-04 20:19:19 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.2017-11-04 20:19:19 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts2017-11-04 20:19:19 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication2017-11-04 20:19:19 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication2017-11-04 20:19:19 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xx.xx.xxx:11942017-11-04 20:19:19 Socket Buffers: R=[196724->196724] S=[9216->9216]2017-11-04 20:19:19 UDP link local: (not bound)2017-11-04 20:19:19 UDP link remote: [AF_INET]xx.xx.xx.xxx:11942017-11-04 20:19:19 MANAGEMENT: >STATE:1509823159,WAIT,,,,,,2017-11-04 20:19:19 MANAGEMENT: >STATE:1509823159,AUTH,,,,,,2017-11-04 20:19:19 TLS: Initial packet from [AF_INET]xx.xx.xx.xxx:1194, sid=cbe5e084 fce401042017-11-04 20:19:20 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=EasyRSA, emailAddress=m...@myhost.mydomain2017-11-04 20:19:20 VERIFY OK: nsCertType=SERVER2017-11-04 20:19:20 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=server, name=EasyRSA, emailAddress=m...@myhost.mydomain2017-11-04 20:19:20 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES128-GCM-SHA256, 2048 bit RSA2017-11-04 20:19:20 [server] Peer Connection Initiated with [AF_INET]xx.xx.xx.xxx:11942017-11-04 20:19:21 MANAGEMENT: >STATE:1509823161,GET_CONFIG,,,,,,2017-11-04 20:19:21 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)2017-11-04 20:19:21 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 1,cipher AES-256-GCM'2017-11-04 20:19:21 OPTIONS IMPORT: timers and/or timeouts modified2017-11-04 20:19:21 OPTIONS IMPORT: --ifconfig/up options modified2017-11-04 20:19:21 OPTIONS IMPORT: route options modified2017-11-04 20:19:21 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified2017-11-04 20:19:21 OPTIONS IMPORT: peer-id set2017-11-04 20:19:21 OPTIONS IMPORT: adjusting link_mtu to 16252017-11-04 20:19:21 OPTIONS IMPORT: data channel crypto options modified2017-11-04 20:19:21 Data Channel: using negotiated cipher 'AES-256-GCM'2017-11-04 20:19:21 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key2017-11-04 20:19:21 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key2017-11-04 20:19:21 Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16)2017-11-04 20:19:21 Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16)2017-11-04 20:19:21 Opened utun device utun22017-11-04 20:19:21 do_ifconfig, tt->did_ifconfig_ipv6_setup=02017-11-04 20:19:21 MANAGEMENT: >STATE:1509823161,ASSIGN_IP,,10.8.0.6,,,,2017-11-04 20:19:21 /sbin/ifconfig utun2 delete ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address2017-11-04 20:19:21 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure2017-11-04 20:19:21 /sbin/ifconfig utun2 10.8.0.6 10.8.0.5 mtu 1500 netmask 255.255.255.255 up2017-11-04 20:19:21 /sbin/route add -net xx.xx.xx.xxx 192.168.1.1 255.255.255.255 add net xx.xx.xx.xxx: gateway 192.168.1.12017-11-04 20:19:21 /sbin/route add -net 0.0.0.0 10.8.0.5 128.0.0.0 add net 0.0.0.0: gateway 10.8.0.52017-11-04 20:19:21 /sbin/route add -net 128.0.0.0 10.8.0.5 128.0.0.0 add net 128.0.0.0: gateway 10.8.0.52017-11-04 20:19:21 MANAGEMENT: >STATE:1509823161,ADD_ROUTES,,,,,,2017-11-04 20:19:21 /sbin/route add -net 10.8.0.1 10.8.0.5 255.255.255.255 add net 10.8.0.1: gateway 10.8.0.5 ********************************************** Start of output from client.up.tunnelblick.sh Disabled IPv6 for 'iPad USB' Retrieved from OpenVPN: name server(s) [ 8.8.8.8 8.8.4.4 ], search domain(s) [ ] and SMB server(s) [ ] and using default domain name [ openvpn ] Not aggregating ServerAddresses because running on OS X 10.6 or higher Setting search domains to 'openvpn' because running under OS X 10.6 or higher and the search domains were not set manually (or are allowed to be changed) and 'Prepend domain name to search domains' was not selected Saved the DNS and SMB configurations so they can be restored Changed DNS ServerAddresses setting from '192.168.1.1' to '8.8.8.8 8.8.4.4' Changed DNS SearchDomains setting from '' to 'openvpn' Changed DNS DomainName setting from 'home' to 'openvpn' Did not change SMB NetBIOSName setting of '' Did not change SMB Workgroup setting of 'HQ' Did not change SMB WINSAddresses setting of '' DNS servers '8.8.8.8 8.8.4.4' will be used for DNS queries when the VPN is active The DNS servers include only free public DNS servers known to Tunnelblick. Flushed the DNS cache via dscacheutil /usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil Notified mDNSResponder that the DNS cache was flushed Setting up to monitor system configuration with process-network-changes End of output from client.up.tunnelblick.sh **********************************************2017-11-04 20:19:25 *Tunnelblick: No 'connected.sh' script to execute2017-11-04 20:19:25 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this2017-11-04 20:19:25 Initialization Sequence Completed2017-11-04 20:19:25 MANAGEMENT: >STATE:1509823165,CONNECTED,SUCCESS,10.8.0.6,xx.xx.xx.xxx,1194,,
================================================================================
"Sanitized" full configuration file
clientdev tunproto udpremote xx.xx.xx.xxx 1194 ca ca.crtcert client.crtkey client.keytls-version-min 1.2tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256cipher AES-256-CBCauth SHA512resolv-retry infiniteauth-retry nonenobindpersist-keypersist-tunns-cert-type servercomp-lzoverb 3tls-clienttls-auth pfs.key
================================================================================
ifconfig output:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP> inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 nd6 options=201<PERFORMNUD,DAD>gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280stf0: flags=0<> mtu 1280XHC20: flags=0<> mtu 0XHC0: flags=0<> mtu 0XHC1: flags=0<> mtu 0en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 ether 78:4f:43:5f:80:75 inet 192.168.1.35 netmask 0xffffff00 broadcast 192.168.1.255 media: autoselect status: activep2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304 ether 0a:4f:43:5f:80:75 media: autoselect status: inactiveen3: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 options=60<TSO4,TSO6> ether 12:00:04:61:73:01 media: autoselect <full-duplex> status: inactiveen1: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 options=60<TSO4,TSO6> ether 12:00:04:61:73:00 media: autoselect <full-duplex> status: inactiveen4: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 options=60<TSO4,TSO6> ether 12:00:04:61:73:05 media: autoselect <full-duplex> status: inactiveen2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 options=60<TSO4,TSO6> ether 12:00:04:61:73:04 media: autoselect <full-duplex> status: inactiveawdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1484 ether 4a:dd:66:4b:7b:f3 inet6 fe80::48dd:66ff:fe4b:7bf3%awdl0 prefixlen 64 scopeid 0xe nd6 options=201<PERFORMNUD,DAD> media: autoselect status: activebridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=63<RXCSUM,TXCSUM,TSO4,TSO6> ether 12:00:04:61:73:00 Configuration: id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0 maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200 root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0 ipfilter disabled flags 0x2 member: en1 flags=3<LEARNING,DISCOVER> ifmaxaddr 0 port 11 priority 0 path cost 0 member: en2 flags=3<LEARNING,DISCOVER> ifmaxaddr 0 port 13 priority 0 path cost 0 member: en3 flags=3<LEARNING,DISCOVER> ifmaxaddr 0 port 10 priority 0 path cost 0 member: en4 flags=3<LEARNING,DISCOVER> ifmaxaddr 0 port 12 priority 0 path cost 0 media: <unknown type> status: inactiveutun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000 options=6403<RXCSUM,TXCSUM,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM> inet6 fe80::36a3:da06:36e8:d272%utun0 prefixlen 64 scopeid 0x10 nd6 options=201<PERFORMNUD,DAD>utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380 options=6403<RXCSUM,TXCSUM,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM> inet6 fe80::4ebc:4ca8:d836:2d68%utun1 prefixlen 64 scopeid 0x11 nd6 options=201<PERFORMNUD,DAD>en5: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 ether ac:de:48:00:11:22 inet6 fe80::aede:48ff:fe00:1122%en5 prefixlen 64 scopeid 0x7 nd6 options=281<PERFORMNUD,INSECURE,DAD> media: autoselect status: activeutun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500 options=6403<RXCSUM,TXCSUM,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM> inet 10.8.0.6 --> 10.8.0.5 netmask 0xffffffff
================================================================================
Console Log:
2017-11-04 19:39:57 Tunnelblick[3870] Tunnelblick: OS X 10.13.0; Tunnelblick 3.7.3 (build 4880)2017-11-04 19:39:58 Tunnelblick[3870] Sparkle: ===== Tunnelblick =====2017-11-04 19:39:58 Tunnelblick[3870] Sparkle: Verified appcast signature2017-11-04 19:40:11 Tunnelblick[3870] Sparkle: Extracting using '/usr/bin/ditto' '-x' '-k' '-' < '/Users/tim.welch/Library/Caches/net.tunnelblick.tunnelblick/org.sparkle-project.Sparkle/Tunnelblick 4900/Tunnelblick_3.7.4_build_4900.zip' '/Users/tim.welch/Library/Caches/net.tunnelblick.tunnelblick/org.sparkle-project.Sparkle/Tunnelblick 4900'2017-11-04 19:40:20 Tunnelblick[3870] updater:willInstallUpdate: Starting cleanup.2017-11-04 19:40:20 Tunnelblick[3870] updater:willInstallUpdate: Cleanup finished.2017-11-04 19:40:20 Tunnelblick[3870] applicationShouldTerminate: termination because of Quit; delayed until 'shutdownTunnelblick' finishes2017-11-04 19:40:20 Tunnelblick[3870] pthread_mutex_trylock( &cleanupMutex ) failed; status = 16, errno = 92017-11-04 19:40:20 Tunnelblick[3870] pthread_mutex_trylock( &cleanupMutex ) failed is normal and expected when Tunnelblick is updated2017-11-04 19:40:20 Tunnelblick[3870] Finished shutting down Tunnelblick; allowing termination2017-11-04 19:40:26 Tunnelblick[3905] Tunnelblick: OS X 10.13.0; Tunnelblick 3.7.4 (build 4900)2017-11-04 19:40:26 Tunnelblick[3905] Need to replace and/or reload 'tunnelblickd': daemonHashesMatch = NO plistHashesMatch = YES activePlistMatches = YES2017-11-04 19:40:35 Tunnelblick[3905] The user agreed to the terms and conditions version 12017-11-04 19:40:39 Tunnelblick[3905] Tunnelblick needs to: • Complete the update2017-11-04 19:40:39 Tunnelblick[3905] Beginning installation or repair2017-11-04 19:40:39 Tunnelblick[3905] Installation or repair succeeded; Log: Tunnelblick installer started 2017-11-04 19:40:39. 1 arguments: 0x0101 Replaced /Library/LaunchDaemons/net.tunnelblick.tunnelblick.tunnelblickd.plist Used launchctl to load tunnelblickd Tunnelblick installer finished without error2017-11-04 19:40:41 Tunnelblick[3905] Sparkle: ===== Tunnelblick =====2017-11-04 19:40:41 Tunnelblick[3905] Sparkle: Verified appcast signature2017-11-04 19:49:23 Tunnelblick[3905] currentIPInfo(Name): IP address info could not be fetched within 35.1 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={NSUnderlyingError=0x60800025ac40 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "The request timed out." UserInfo={NSErrorFailingURLStringKey=https://tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://tunnelblick.net/ipinfo, _kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4, NSLocalizedDescription=The request timed out.}}, NSErrorFailingURLStringKey=https://tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://tunnelblick.net/ipinfo, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-2102, NSLocalizedDescription=The request timed out.}'; the response was '(null)'2017-11-04 19:49:58 Tunnelblick[3905] currentIPInfo(Address): IP address info could not be fetched within 35.0 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={NSUnderlyingError=0x604000251c40 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "The request timed out." UserInfo={NSErrorFailingURLStringKey=http://205.233.73.116/ipinfo, NSErrorFailingURLKey=http://205.233.73.116/ipinfo, _kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4, NSLocalizedDescription=The request timed out.}}, NSErrorFailingURLStringKey=http://205.233.73.116/ipinfo, NSErrorFailingURLKey=http://205.233.73.116/ipinfo, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-2102, NSLocalizedDescription=The request timed out.}'; the response was '(null)'2017-11-04 19:59:29 Tunnelblick[3905] currentIPInfo(Name): IP address info could not be fetched within 34.4 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={NSUnderlyingError=0x60400024fc30 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "The request timed out." UserInfo={NSErrorFailingURLStringKey=https://tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://tunnelblick.net/ipinfo, _kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4, NSLocalizedDescription=The request timed out.}}, NSErrorFailingURLStringKey=https://tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://tunnelblick.net/ipinfo, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-2102, NSLocalizedDescription=The request timed out.}'; the response was '(null)'
Tunnelblick developer
Nov 4, 2017, 3:28:31 PM11/4/17
to tunnelblick-discuss
It looks like either a routing issue or a problem with the OpenVPN server.
tim....@powerdms.com
Nov 5, 2017, 8:12:32 AM11/5/17
to tunnelblick-discuss
Any way you could help me debug? Let us assume this is not an issue with the OpenVPN server to start off with, because as i said, I upgraded to High Sierra and it stopped working. The day before it was working. My OpenVPN server running in AWS has not changed since August 8, 2017. It seems to be much more likely a High Sierra issue than a server issue.
What should I look for on my macbook as a possible culprit?
[root@ip-172-31-9-67 openvpn]# pwd/etc/openvpn[root@ip-172-31-9-67 openvpn]# ls -latrtotal 1916drwxr-xr-x 78 root root 4096 Aug 8 13:22 ..drwxr-xr-x 2 root root 4096 Aug 8 13:31 keys-rw-r--r-- 1 root root 536 Aug 8 13:32 server.confdrwxr-xr-x 3 root root 4096 Aug 8 13:32 .-rw------- 1 root root 1932245 Nov 4 19:46 openvpn.log-rw------- 1 root root 109 Nov 5 13:00 ipp.txt-rw------- 1 root root 232 Nov 5 13:09 openvpn-status.log[root@ip-172-31-9-67 openvpn]#
[root@ip-172-31-9-67 openvpn]# cat /var/log/yum.logAug 08 13:18:04 Updated: 32:bind-libs-9.8.2-0.62.rc1.56.amzn1.x86_64Aug 08 13:18:04 Updated: 32:bind-utils-9.8.2-0.62.rc1.56.amzn1.x86_64Aug 08 13:18:04 Updated: aws-cfn-bootstrap-1.4-20.12.amzn1.noarchAug 08 13:22:10 Installed: lzo-2.08-1.5.amzn1.x86_64Aug 08 13:22:10 Installed: pkcs11-helper-1.11-3.7.amzn1.x86_64Aug 08 13:22:10 Installed: openvpn-2.4.3-1.19.amzn1.x86_64Aug 08 13:24:15 Installed: easy-rsa-2.2.2-1.el6.noarch[root@ip-172-31-9-67 openvpn]#tim....@powerdms.com
Nov 5, 2017, 9:13:13 AM11/5/17
to tunnelblick-discuss
Wow, actually it WAS the server! I did a bunch of digging on my OSX, and could not for the life of me find any issues with the routing. So I looked at the server and it was rebooted (AWS outage or some such) at some point. And when it was rebooted, the iptable_nat did not get put back into the modules list, along with /proc/sys/net/ipv4/ip_forward setting was back to 0.
After making those settings, everything worked again. I made sure to make those changes permanent / persist reboots from here on out. It was very odd that the server was rebooted at the same day that I upgraded to High Sierra.
Thanks for the help, much appreciated!
Reply all
Reply to author
Forward
0 new messages