I have one locally in the office and one server at home. Both worked until a week ago, now the one at home works but the one at the office does not give me any connection to internet or even being able to do dns lookups.
Roughly a week ago the electricity was cut at the office and the ip address changed, not sure how this would affect anything though, should be totally irrelevant since I am able to connect to the server.
I´ve tried to downgrade and upgrade the Tunnelblick client to a few other versions but it changed nothing. Removed and reinstalled the openvpn server also (with apt-get). Here is the connection log to the office server, very greatful for some input that may point me in the right direction.
But my feeling is that its not the culprit, especially since it occurs in the log when accessing my home openvpn server and that one works just fine.
############################################################################################
*Tunnelblick: OS X 10.10.5; Tunnelblick 3.6.0a (build 4543.4546); prior version 3.5.8 (build 4270.4530); Admin user
Configuration kammis
"Sanitized" condensed configuration file for /Users/gesias/Library/Application Support/Tunnelblick/Configurations/kammis.tblk:
client
dev tun
proto udp
remote 81.250.X.X 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ns-cert-type server
comp-lzo
verb 3
<ca>
[Security-related line(s) omitted]
</ca>
<cert>
[Security-related line(s) omitted]
</cert>
<key>
[Security-related line(s) omitted]
</key>
================================================================================
Non-Apple kexts that are loaded:
Index Refs Address Size Wired Name (Version) <Linked Against>
117 0 0xffffff7f80cfa000 0xf000 0xf000 com.displaylink.driver.DisplayLinkDriver (2.4) <84 5 4 3>
139 3 0xffffff7f831f6000 0x57000 0x57000 org.virtualbox.kext.VBoxDrv (4.3.20) <7 5 4 3 1>
140 0 0xffffff7f8324d000 0x8000 0x8000 org.virtualbox.kext.VBoxUSB (4.3.20) <139 92 39 7 5 4 3 1>
141 0 0xffffff7f83255000 0x5000 0x5000 org.virtualbox.kext.VBoxNetFlt (4.3.20) <139 7 5 4 3 1>
145 0 0xffffff7f8325a000 0x6000 0x6000 org.virtualbox.kext.VBoxNetAdp (4.3.20) <139 5 4 1>
================================================================================
There are no unusual files in kammis.tblk
================================================================================
Configuration preferences:
useDNS = 1
-useDownRootPlugin = 1
-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
-lastConnectionSucceeded = 1
================================================================================
Wildcard preferences:
-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
================================================================================
Program preferences:
launchAtNextLogin = 1
notOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
askedUserIfOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
tunnelblickVersionHistory = (
"3.6.0a (build 4543.4546)",
"3.5.8 (build 4270.4530)",
"3.6.1beta02 (build 4544)",
"3.6.0a (build 4543.4546)",
"3.5.8 (build 4270.4530)",
"3.5.7 (build 4270.4517)",
"3.5.5 (build 4270.4461)",
"3.5.4 (build 4270.4395)"
)
statusDisplayNumber = 0
lastLaunchTime = 481202971.8589
connectionWindowDisplayCriteria = showWhenConnecting
maxLogDisplaySize = 102400
lastConnectedDisplayName = kammis
keyboardShortcutIndex = 1
updateCheckAutomatically = 1
updateSendProfileInfo = 1
NSWindow Frame ConnectingWindow = -1155 472 389 187 -1920 -180 1920 1057
detailsWindowFrameVersion = 4270.4530
detailsWindowFrame = {{-1418, 262}, {912, 467}}
detailsWindowLeftFrame = {{0, 0}, {162, 350}}
detailsWindowViewIndex = 4
detailsWindowConfigurationsTabIdentifier = log
leftNavSelectedDisplayName = kammis
AdvancedWindowTabIdentifier = sounds
haveDealtWithSparkle1dot5b6 = 1
haveDealtWithOldTunTapPreferences = 1
haveDealtWithOldLoginItem = 1
SUEnableAutomaticChecks = 1
SUScheduledCheckInterval = 86400
SUSendProfileInfo = 1
SULastCheckTime = 2016-04-01 11:29:31 +0000
SULastProfileSubmissionDate = 2016-03-30 14:13:05 +0000
SUHasLaunchedBefore = 1
WebKitDefaultFontSize = 11
WebKitStandardFont = .Helvetica Neue DeskInterface
================================================================================
Tunnelblick Log:
2016-04-01 13:32:49 *Tunnelblick: OS X 10.10.5; Tunnelblick 3.6.0a (build 4543.4546); prior version 3.5.8 (build 4270.4530)
2016-04-01 13:32:49 *Tunnelblick: Attempting connection with kammis using shadow copy; Set nameserver = 3; monitoring connection
2016-04-01 13:32:49 *Tunnelblick: openvpnstart start kammis.tblk 1337 3 0 1 0 1065264 -ptADGNWradsgnw 2.3.10
2016-04-01 13:32:49 OpenVPN 2.3.10 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Mar 19 2016
2016-04-01 13:32:49 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.09
2016-04-01 13:32:49 MANAGEMENT: TCP Socket listening on [AF_INET]
127.0.0.1:13372016-04-01 13:32:49 Need hold release from management interface, waiting...
2016-04-01 13:32:49 *Tunnelblick: openvpnstart starting OpenVPN
2016-04-01 13:32:50 *Tunnelblick: openvpnstart log:
Warning: Tunnelblick is using 'openvpn-down-root.so', so the route-pre-down script will not be used. You can override this by providing a custom route-pre-down script (which may be a copy of Tunnelblick's standard route-pre-down script) in a Tunnelblick VPN Configuration. However, that script will not be executed as root unless the 'user' and 'group' options are removed from the OpenVPN configuration file. If the 'user' and 'group' options are removed, then you don't need to use a custom route-pre-down script.OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.10/openvpn
--daemon
--log
/Library/Application Support/Tunnelblick/Logs/-SUsers-Sgesias-SLibrary-SApplication Support-STunnelblick-SConfigurations-Skammis.tblk-SContents-SResources-Sconfig.ovpn.3_0_1_0_1065264.1337.openvpn.log
--cd
/Library/Application Support/Tunnelblick/Users/gesias/kammis.tblk/Contents/Resources
--verb
3
--config
/Library/Application Support/Tunnelblick/Users/gesias/kammis.tblk/Contents/Resources/config.ovpn
--cd
/Library/Application Support/Tunnelblick/Users/gesias/kammis.tblk/Contents/Resources
--management
127.0.0.1
1337
--management-query-passwords
--management-hold
--script-security
2
--up
--plugin
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.10/openvpn-down-root.so
2016-04-01 13:32:50 *Tunnelblick: Established communication with OpenVPN
2016-04-01 13:32:50 MANAGEMENT: Client connected from [AF_INET]
127.0.0.1:13372016-04-01 13:32:50 MANAGEMENT: CMD 'pid'
2016-04-01 13:32:50 MANAGEMENT: CMD 'state on'
2016-04-01 13:32:50 MANAGEMENT: CMD 'state'
2016-04-01 13:32:50 MANAGEMENT: CMD 'bytecount 1'
2016-04-01 13:32:50 MANAGEMENT: CMD 'hold release'
2016-04-01 13:32:50 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2016-04-01 13:32:50 PLUGIN_INIT: POST /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.10/openvpn-down-root.so '[/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.10/openvpn-down-root.so] [/Applications/Tunnelblick.app/Contents/Resources/
client.down.tunnelblick.sh] [-9] [-d] [-f] [-m] [-w] [-ptADGNWradsgnw]' intercepted=PLUGIN_UP|PLUGIN_DOWN
2016-04-01 13:32:50 Socket Buffers: R=[196724->196724] S=[9216->9216]
2016-04-01 13:32:50 MANAGEMENT: >STATE:1459510370,RESOLVE,,,
2016-04-01 13:32:50 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
2016-04-01 13:32:50 UDPv4 link local: [undef]
2016-04-01 13:32:50 UDPv4 link remote: [AF_INET]81.250.X.X:1194
2016-04-01 13:32:50 MANAGEMENT: >STATE:1459510370,WAIT,,,
2016-04-01 13:32:50 MANAGEMENT: >STATE:1459510370,AUTH,,,
2016-04-01 13:32:50 TLS: Initial packet from [AF_INET]81.250.X.X:1194, sid=6d258b6a 636b5f18
2016-04-01 13:32:50 VERIFY OK: depth=1, C=SE, ST=ST, L=Stockholm, O=COMPANY, OU=COMPANY, CN=COMPANY CA, name=server, emailAddress=
ges...@company.com2016-04-01 13:32:50 VERIFY OK: nsCertType=SERVER
2016-04-01 13:32:50 VERIFY OK: depth=0, C=SE, ST=ST, L=Stockholm, O=COMPANY, OU=COMPANY, CN=server, name=server, emailAddress=
ges...@company.com2016-04-01 13:32:50 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
2016-04-01 13:32:50 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2016-04-01 13:32:50 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
2016-04-01 13:32:50 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2016-04-01 13:32:50 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
2016-04-01 13:32:50 [server] Peer Connection Initiated with [AF_INET]81.250.X.X:1194
2016-04-01 13:32:51 MANAGEMENT: >STATE:1459510371,GET_CONFIG,,,
2016-04-01 13:32:52 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2016-04-01 13:32:52 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
2016-04-01 13:32:52 OPTIONS IMPORT: timers and/or timeouts modified
2016-04-01 13:32:52 OPTIONS IMPORT: --ifconfig/up options modified
2016-04-01 13:32:52 OPTIONS IMPORT: route options modified
2016-04-01 13:32:52 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2016-04-01 13:32:52 Opened utun device utun0
2016-04-01 13:32:52 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
2016-04-01 13:32:52 MANAGEMENT: >STATE:1459510372,ASSIGN_IP,,10.8.0.6,
2016-04-01 13:32:52 /sbin/ifconfig utun0 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2016-04-01 13:32:52 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2016-04-01 13:32:52 /sbin/ifconfig utun0 10.8.0.6 10.8.0.5 mtu 1500 netmask 255.255.255.255 up
2016-04-01 13:32:52 /Applications/Tunnelblick.app/Contents/Resources/
client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw utun0 1500 1542 10.8.0.6 10.8.0.5 init
**********************************************
Disabled IPv6 for 'SAMSUNG_Android'
Disabled IPv6 for 'Bluetooth DUN'
Disabled IPv6 for 'Ethernet'
Disabled IPv6 for 'FireWire'
Disabled IPv6 for 'Wi-Fi'
Disabled IPv6 for 'SAMSUNG Modem'
Disabled IPv6 for 'Bluetooth PAN'
Disabled IPv6 for 'USB Ethernet'
Disabled IPv6 for 'HUAWEI Mobile'
Retrieved from OpenVPN: name server(s) [ 208.67.222.222 208.67.220.220 ], search domain(s) [ ] and SMB server(s) [ ] and using default domain name [ openvpn ]
Not aggregating ServerAddresses because running on OS X 10.6 or higher
Setting search domains to 'openvpn' because running under OS X 10.6 or higher and the search domains were not set manually and 'Prepend domain name to search domains' was not selected
Saved the DNS and SMB configurations so they can be restored
Changed DNS ServerAddresses setting from '193.150.193.150 83.255.245.11' to '208.67.222.222 208.67.220.220'
Changed DNS SearchDomains setting from '' to 'openvpn'
Changed DNS DomainName setting from 'home' to 'openvpn'
Did not change SMB NetBIOSName setting of ''
Did not change SMB Workgroup setting of ''
Did not change SMB WINSAddresses setting of ''
DNS servers '208.67.222.222 208.67.220.220' will be used for DNS queries when the VPN is active
The DNS servers include only free public DNS servers known to Tunnelblick.
Flushed the DNS cache via dscacheutil
/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
Notified mDNSResponder that the DNS cache was flushed
Setting up to monitor system configuration with process-network-changes
**********************************************
2016-04-01 13:32:57 *Tunnelblick: No 'connected.sh' script to execute
2016-04-01 13:32:57 /sbin/route add -net 81.250.X.X 192.168.0.1 255.255.255.255
route: writing to routing socket: File exists
2016-04-01 13:32:57 /sbin/route add -net 0.0.0.0 10.8.0.5 128.0.0.0
2016-04-01 13:32:57 /sbin/route add -net 128.0.0.0 10.8.0.5 128.0.0.0
2016-04-01 13:32:57 MANAGEMENT: >STATE:1459510377,ADD_ROUTES,,,
2016-04-01 13:32:57 /sbin/route add -net 10.8.0.1 10.8.0.5 255.255.255.255
2016-04-01 13:32:57 GID set to nogroup
2016-04-01 13:32:57 UID set to nobody
2016-04-01 13:32:57 Initialization Sequence Completed
2016-04-01 13:32:57 MANAGEMENT: >STATE:1459510377,CONNECTED,SUCCESS,10.8.0.6,81.250.X.X
2016-04-01 13:33:02 *Tunnelblick process-network-changes: A system configuration change was ignored
================================================================================
"Sanitized" full configuration file
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
;proto tcp
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
#remote 192.168.0.16 1194
remote 81.250.X.X 1194
;remote my-server-2 1194
# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.
;remote-random
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Downgrade privileges after initialization (non-Windows only)
user nobody
group nogroup
# Try to preserve some state across restarts.
persist-key
persist-tun
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings
# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
# ca ca.crt
# cert client.crt
# key client.key
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
ns-cert-type server
# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher x
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
# Set log file verbosity.
verb 3
# Silence repeating messages
;mute 20
<ca>
[Security-related line(s) omitted]
</ca>
<cert>
[Security-related line(s) omitted]
</cert>
<key>
[Security-related line(s) omitted]
</key>
================================================================================
ifconfig output:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=1<PERFORMNUD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=b<RXCSUM,TXCSUM,VLAN_HWTAGGING>
ether c8:bc:c8:a3:8b:f2
inet 192.168.0.11 netmask 0xffffff00 broadcast 192.168.0.255
nd6 options=1<PERFORMNUD>
media: autoselect (1000baseT <full-duplex,flow-control>)
status: active
en1: flags=8823<UP,BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500
ether c8:bc:c8:e1:f1:09
nd6 options=1<PERFORMNUD>
media: autoselect (<unknown type>)
status: inactive
fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078
lladdr dc:2b:61:ff:fe:e6:54:7e
nd6 options=1<PERFORMNUD>
media: autoselect <full-duplex>
status: inactive
p2p0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 2304
ether 0a:bc:c8:e1:f1:09
media: autoselect
status: inactive
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 10.8.0.6 --> 10.8.0.5 netmask 0xffffffff
================================================================================