Connection fails when set to "When Computer Starts"

[Derek]

Hi - 

In most use cases I'm able to connect without issue.  However, if I try to connect when the computer starts, the connection fails.  The log shows that I'm unable to resolve the hostname of my VPN server.  Is Tunnelblick coming up too soon, before networking has been fully initialized, or is there something else I need to do?  The DNS servers I use before I connect to my VPN server are able to resolve this hostname without issue when I query them manually.

Thanks,

Derek

[jkbull...gmail.com]

That sounds plausible. There isn't any preference you could set which would cause a delay, unfortunately, so you can't easily test your theory. (And I can't reproduce the problem to test it myself.)

It would be helpful to have the diagnostic info from a connect/disconnect cycle done manually (i.e., not when the computer starts) -- please follow the instructions at Read Before You Post.

One thing you could do as a test would be to set your DNS servers manually (in System Preferences / Network) to, say, Google Public DNS (8.8.8.8, 8.8.4.4). That would rule out certain types of problems.

After you've done that (and assuming it fails in the same way), I could build a test version of Tunnelblick which includes a 30-second delay before launching OpenVPN. If that works, then we can figure out how to make that delay customizable or if we need to add logic to wait until the Internet is reachable before starting OpenVPN.

[Derek Dally]

Hi - 

Thanks for your response.  I'm unable to consistently reproduce the issue now.  It's possible that there may have been intermittent issues with the WiFi at the time and that the additional delay resulted in the connection failure.  Now, I briefly get the "Network accounts are unavailable" message (which I'd think is just while it's connecting), but it eventually goes away, and I'm able to get in.  I'll keep an eye on it and see if I can get it to happen again.

Is there any way I can get Tunnelblick to output some more information about current connection state as it's trying to reach out to the VPN server?

Thanks,

Derek

[jkbull...gmail.com]

It's really OpenVPN that does all that. You can change the "verb" level to 4 or 5 perhaps. The default is 3. See the OpenVPN 2.3 Man Page.
.

On Tuesday, January 13, 2015 at 2:44:46 PM UTC-5, Derek Dally wrote:

Hi - 

Thanks for your response.  I'm unable to consistently reproduce the issue now.  It's possible that there may have been intermittent issues with the WiFi at the time and that the additional delay resulted in the connection failure.  Now, I briefly get the "Network accounts are unavailable" message (which I'd think is just while it's connecting), but it eventually goes away, and I'm able to get in.  I'll keep an eye on it and see if I can get it to happen again.

Is there any way I can get Tunnelblick to output some more information about current connection state as it's trying to reach out to the VPN server?

Thanks,

Derek

[marek....@gmail.com]

Hi, I have the same (?) issue. Manual connection works fine, automatic on system start does not. I found a crashreport for openvpn in log folder, maybe it can help to solve this. https://www.dropbox.com/s/yu32cebu5d5aawm/openvpn_2015-02-22-201304_hammer.crash?dl=0

I use last stable version (3.4.3).

client

dev tun

proto udp

remote <server> 5222

resolv-retry infinite

nobind

persist-key

persist-tun

ca ca.crt

cert <cert>.crt

key <cert>.key

cipher BF-CBC

comp-lzo

verb 3

Thanks,

Marek

Dne pondělí 12. ledna 2015 23:08:14 UTC+1 Derek napsal(a):

[jkbull...gmail.com]

Thank you for the crash report.

This seems to be a bug in OpenVPN which shows up if/when the Internet connection isn't full ready when Tunnelblick starts OpenVPN.

Perhaps Tunnelblick can do something to avoid that – either by starting OpenVPN only after a time delay, or after the Internet is available (probably by testing access to tunnelblick.net). I'll look into that and report back to this thread.

[jkbull...gmail.com]

I have committed changes to the Tunnelblick source code so that, when trying to connect a configuration when the computer starts, Tunnelblick waits until the Internet is reachable before starting OpenVPN.

Although I haven't been able to reproduce the crash behavior, I am hopeful that this will prevent such crashes.

The reachability test tries to contact the server used to update the program itself (www.tunnelblick.net) to determine whether the Internet is reachable or not. If the server is not reachable within 30 seconds of the computer starting up, Tunnelblick assumes that it is a problem with the server itself and starts OpenVPN anyway

I have created a "snapshot" (pre-release version of Tunnelblick) that includes this change. Email me privately at my Gmail address, jkbullard, to get a link to download the snapshot.