Unable to get past router, novice needs help.
115 views
Skip to first unread message
Aslag
Mar 17, 2017, 9:19:37 PM3/17/17
to tunnelblick-discuss
I'm very new to this but I'm trying to set up a VPN on my ASUS RT-AC66U router (newest firmware) and my Macbook running OSX 10.11.6 for several days now and I'm stuck.
I'm fortunate to be able to connect to a public wifi from my home for testing purposes.
After installing Tunnelblick and the configuration file generated by the router on my Macbook I got this "Warning After connect client, DNS does not appear to be working. This may mean that your VPN is not configured correctly."
I was only able to connect to my router over the public wifi, could not connect to any websites.
I was on the phone to ASUS tech support as they had helped me set VPN on the router earlier but they were unwilling to help me with this.
I changed the DNS servers on my Macbook to (8.8.8.8. 8.8.4.4, 208.67.222.222, 208.67.220.220) as suggested on the Tunnellblick troubleshooting web page. After the server change I can connect remotely to my router and the Tunnelblick log states my IP address changed but that's all I can do, I still can't connect to any other website. I am however able to connect to websites using IP addresses.
I added redirect-gateway to the .oven file but it didn't make a difference.
I originally started with Tunnelblick version 3.7.0 but uninstalled and now using 3.7.1beta01. I've changed various VPN settings on my router but still unable to get beyond the router.
I assume it's still a setting in the VPN set up on my router.
Any suggestions?
Thanks
Aslag
I'm fortunate to be able to connect to a public wifi from my home for testing purposes.
After installing Tunnelblick and the configuration file generated by the router on my Macbook I got this "Warning After connect client, DNS does not appear to be working. This may mean that your VPN is not configured correctly."
I was only able to connect to my router over the public wifi, could not connect to any websites.
I was on the phone to ASUS tech support as they had helped me set VPN on the router earlier but they were unwilling to help me with this.
I changed the DNS servers on my Macbook to (8.8.8.8. 8.8.4.4, 208.67.222.222, 208.67.220.220) as suggested on the Tunnellblick troubleshooting web page. After the server change I can connect remotely to my router and the Tunnelblick log states my IP address changed but that's all I can do, I still can't connect to any other website. I am however able to connect to websites using IP addresses.
I added redirect-gateway to the .oven file but it didn't make a difference.
I originally started with Tunnelblick version 3.7.0 but uninstalled and now using 3.7.1beta01. I've changed various VPN settings on my router but still unable to get beyond the router.
I assume it's still a setting in the VPN set up on my router.
Any suggestions?
Thanks
Aslag
Tunnelblick developer
Mar 17, 2017, 9:29:47 PM3/17/17
to tunnelblick-discuss
Please follow the instructions at Read Before You Post to get the info needed to diagnose problems and then post that info.
Message has been deleted
wswen...@gmail.com
Mar 18, 2017, 1:45:16 PM3/18/17
to tunnelblick-discuss
Diagnostic log
*Tunnelblick: OS X 10.11.6; Tunnelblick 3.7.1beta01 (build 4800); Admin user
git commit 844a29ce2d4edda7d77bf96279e84b42a80bec57
Configuration macbook
"Sanitized" condensed configuration file for /Users/Macbook/Library/Application Support/Tunnelblick/Configurations/macbook.tblk:
client
dev tun
proto udp
remote xxxx.asuscomm.com 1194
float
comp-lzo adaptive
keepalive 15 60
auth-user-pass
ns-cert-type server
<ca>
[Security-related line(s) omitted]
</ca>
<cert>
[Security-related line(s) omitted]
</cert>
<key>
[Security-related line(s) omitted]
</key>
resolv-retry infinite
nobind
================================================================================
Non-Apple kexts that are loaded:
Index Refs Address Size Wired Name (Version) UUID <Linked Against>
120 0 0xffffff7f80a7b000 0x5b000 0x5b000 com.paragon-software.kext.VDMounter (526.1) DEA8787E-5CCC-31F8-9730-B5E58A4C15D1 <16 5 4 3 1>
================================================================================
There are no unusual files in macbook.tblk
================================================================================
Configuration preferences:
-keychainHasUsernameAndPassword = 1
-loggingLevel = 3
-lastConnectionSucceeded = 1
================================================================================
Wildcard preferences:
================================================================================
Program preferences:
placeIconInStandardPositionInStatusBar = 1
launchAtNextLogin = 1
notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
askedUserIfOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
tunnelblickVersionHistory = (
"3.7.1beta01 (build 4800)"
)
lastLaunchTime = 511551202.271212
lastLanguageAtLaunchWasRTL = 0
connectionWindowDisplayCriteria = showWhenConnecting
maxLogDisplaySize = 102400
lastConnectedDisplayName = macbook
keyboardShortcutIndex = 1
updateCheckAutomatically = 1
updateSendProfileInfo = 1
NSWindow Frame ConnectingWindow = 424 442 389 187 0 0 1280 777
detailsWindowFrameVersion = 4800
detailsWindowFrame = {{59, 165}, {920, 468}}
detailsWindowLeftFrame = {{0, 0}, {165, 350}}
detailsWindowViewIndex = 0
detailsWindowConfigurationsTabIdentifier = log
leftNavSelectedDisplayName = macbook
AdvancedWindowTabIdentifier = vpnCredentials
haveDealtWithSparkle1dot5b6 = 1
haveDealtWithOldTunTapPreferences = 1
haveDealtWithOldLoginItem = 1
SUEnableAutomaticChecks = 1
SUScheduledCheckInterval = 86400
SUSendProfileInfo = 1
SULastCheckTime = 2017-03-18 17:33:21 +0000
SULastProfileSubmissionDate = 2017-03-17 22:39:56 +0000
SUHasLaunchedBefore = 1
WebKitDefaultFontSize = 16
WebKitStandardFont = Times
================================================================================
Tunnelblick Log:
*Tunnelblick: OS X 10.11.6; Tunnelblick 3.7.1beta01 (build 4800)
2017-03-18 10:34:17 *Tunnelblick: Attempting connection with macbook using shadow copy; Set nameserver = 769; monitoring connection
2017-03-18 10:34:17 *Tunnelblick: openvpnstart start macbook.tblk 1337 769 0 1 0 1065264 -ptADGNWradsgnw 2.3.14-openssl-1.0.2k
2017-03-18 10:34:17 *Tunnelblick: openvpnstart log:
OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.14-openssl-1.0.2k/openvpn
--daemon
--log
/Library/Application Support/Tunnelblick/Logs/-SUsers-SMacbook-SLibrary-SApplication Support-STunnelblick-SConfigurations-Smacbook.tblk-SContents-SResources-Sconfig.ovpn.769_0_1_0_1065264.1337.openvpn.log
--cd
/Library/Application Support/Tunnelblick/Users/Macbook/macbook.tblk/Contents/Resources
--verb
3
--config
/Library/Application Support/Tunnelblick/Users/Macbook/macbook.tblk/Contents/Resources/config.ovpn
--verb
3
--cd
/Library/Application Support/Tunnelblick/Users/Macbook/macbook.tblk/Contents/Resources
--management
127.0.0.1
1337
--management-query-passwords
--management-hold
--script-security
2
--up
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
--down
/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
2017-03-18 10:34:17 *Tunnelblick: Established communication with OpenVPN
2017-03-18 10:34:17 OpenVPN 2.3.14 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Jan 30 2017
2017-03-18 10:34:17 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09
2017-03-18 10:34:17 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337
2017-03-18 10:34:17 Need hold release from management interface, waiting...
2017-03-18 10:34:17 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337
2017-03-18 10:34:17 MANAGEMENT: CMD 'pid'
2017-03-18 10:34:17 MANAGEMENT: CMD 'state on'
2017-03-18 10:34:17 MANAGEMENT: CMD 'state'
2017-03-18 10:34:17 MANAGEMENT: CMD 'bytecount 1'
2017-03-18 10:34:17 MANAGEMENT: CMD 'hold release'
2017-03-18 10:34:17 *Tunnelblick: Obtained VPN username and password from the Keychain
2017-03-18 10:34:17 MANAGEMENT: CMD 'username "Auth" "macbook"'
2017-03-18 10:34:17 MANAGEMENT: CMD 'password [...]'
2017-03-18 10:34:17 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2017-03-18 10:34:17 Socket Buffers: R=[196724->196724] S=[9216->9216]
2017-03-18 10:34:17 MANAGEMENT: >STATE:1489858457,RESOLVE,,,
2017-03-18 10:34:17 UDPv4 link local: [undef]
2017-03-18 10:34:17 UDPv4 link remote: [AF_INET]98.237.238.53:1194
2017-03-18 10:34:17 MANAGEMENT: >STATE:1489858457,WAIT,,,
2017-03-18 10:34:17 MANAGEMENT: >STATE:1489858457,AUTH,,,
2017-03-18 10:34:17 TLS: Initial packet from [AF_INET]98.237.238.53:1194, sid=ed894a0b 18d0b050
2017-03-18 10:34:17 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2017-03-18 10:34:17 *Tunnelblick: openvpnstart starting OpenVPN
2017-03-18 10:34:18 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U, emailAddress=m...@myhost.mydomain
2017-03-18 10:34:18 VERIFY OK: nsCertType=SERVER
2017-03-18 10:34:18 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U, emailAddress=m...@myhost.mydomain
2017-03-18 10:34:18 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
2017-03-18 10:34:18 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
2017-03-18 10:34:18 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2017-03-18 10:34:18 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
2017-03-18 10:34:18 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
2017-03-18 10:34:18 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2017-03-18 10:34:18 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
2017-03-18 10:34:18 [RT-AC68U] Peer Connection Initiated with [AF_INET]98.237.238.53:1194
2017-03-18 10:34:19 MANAGEMENT: >STATE:1489858459,GET_CONFIG,,,
2017-03-18 10:34:20 SENT CONTROL [RT-AC68U]: 'PUSH_REQUEST' (status=1)
2017-03-18 10:34:20 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0 vpn_gateway 500,redirect-gateway def1,route 10.8.0.1,topology net30,ping 15,ping-restart 60,ifconfig 10.8.0.6 10.8.0.5'
2017-03-18 10:34:20 OPTIONS IMPORT: timers and/or timeouts modified
2017-03-18 10:34:20 OPTIONS IMPORT: --ifconfig/up options modified
2017-03-18 10:34:20 OPTIONS IMPORT: route options modified
2017-03-18 10:34:20 Opened utun device utun0
2017-03-18 10:34:20 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
2017-03-18 10:34:20 MANAGEMENT: >STATE:1489858460,ASSIGN_IP,,10.8.0.6,
2017-03-18 10:34:20 /sbin/ifconfig utun0 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2017-03-18 10:34:20 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2017-03-18 10:34:20 /sbin/ifconfig utun0 10.8.0.6 10.8.0.5 mtu 1500 netmask 255.255.255.255 up
2017-03-18 10:34:20 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw utun0 1500 1542 10.8.0.6 10.8.0.5 init
**********************************************
Start of output from client.up.tunnelblick.sh
NOTE: No network configuration changes need to be made.
WARNING: Will NOT monitor for other network configuration changes.
WARNING: Will NOT disable IPv6 settings.
DNS servers '8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220' were set manually
DNS servers '8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220' will be used for DNS queries when the VPN is active
The DNS servers include only free public DNS servers known to Tunnelblick.
Flushed the DNS cache via dscacheutil
/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
Notified mDNSResponder that the DNS cache was flushed
End of output from client.up.tunnelblick.sh
**********************************************
2017-03-18 10:34:22 *Tunnelblick: No 'connected.sh' script to execute
2017-03-18 10:34:22 /sbin/route add -net 98.237.238.53 10.224.0.1 255.255.255.255
add net 98.237.238.53: gateway 10.224.0.1
2017-03-18 10:34:22 /sbin/route add -net 0.0.0.0 10.8.0.5 128.0.0.0
add net 0.0.0.0: gateway 10.8.0.5
2017-03-18 10:34:22 /sbin/route add -net 128.0.0.0 10.8.0.5 128.0.0.0
add net 128.0.0.0: gateway 10.8.0.5
2017-03-18 10:34:22 MANAGEMENT: >STATE:1489858462,ADD_ROUTES,,,
2017-03-18 10:34:22 /sbin/route add -net 192.168.1.0 10.8.0.5 255.255.255.0
add net 192.168.1.0: gateway 10.8.0.5
2017-03-18 10:34:22 /sbin/route add -net 10.8.0.1 10.8.0.5 255.255.255.255
add net 10.8.0.1: gateway 10.8.0.5
2017-03-18 10:34:22 Initialization Sequence Completed
2017-03-18 10:34:22 MANAGEMENT: >STATE:1489858462,CONNECTED,SUCCESS,10.8.0.6,98.237.238.53
2017-03-18 10:34:45 *Tunnelblick: This computer's apparent public IP address changed from 73.109.62.245 before connection to xx.xxx.238.53 after connection
2017-03-18 10:35:02 *Tunnelblick: Disconnecting; 'Disconnect' (toggle) menu command invoked
2017-03-18 10:35:02 *Tunnelblick: No 'pre-disconnect.sh' script to execute
2017-03-18 10:35:02 *Tunnelblick: Disconnecting using 'kill'
2017-03-18 10:35:02 event_wait : Interrupted system call (code=4)
2017-03-18 10:35:02 /sbin/route delete -net 10.8.0.1 10.8.0.5 255.255.255.255
delete net 10.8.0.1: gateway 10.8.0.5
2017-03-18 10:35:02 /sbin/route delete -net 192.168.1.0 10.8.0.5 255.255.255.0
delete net 192.168.1.0: gateway 10.8.0.5
2017-03-18 10:35:02 /sbin/route delete -net 98.237.238.53 10.224.0.1 255.255.255.255
delete net 98.237.238.53: gateway 10.224.0.1
2017-03-18 10:35:02 /sbin/route delete -net 0.0.0.0 10.8.0.5 128.0.0.0
delete net 0.0.0.0: gateway 10.8.0.5
2017-03-18 10:35:02 /sbin/route delete -net 128.0.0.0 10.8.0.5 128.0.0.0
delete net 128.0.0.0: gateway 10.8.0.5
2017-03-18 10:35:02 Closing TUN/TAP interface
2017-03-18 10:35:02 /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw utun0 1500 1542 10.8.0.6 10.8.0.5 init
**********************************************
Start of output from client.down.tunnelblick.sh
WARNING: Not restoring DNS settings because no saved Tunnelblick DNS information was found.
Flushed the DNS cache via dscacheutil
/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
Notified mDNSResponder that the DNS cache was flushed
End of output from client.down.tunnelblick.sh
**********************************************
2017-03-18 10:35:03 SIGTERM[hard,] received, process exiting
2017-03-18 10:35:03 MANAGEMENT: >STATE:1489858503,EXITING,SIGTERM,,
2017-03-18 10:35:04 *Tunnelblick: No 'post-disconnect.sh' script to execute
2017-03-18 10:35:04 *Tunnelblick: Expected disconnection occurred.
================================================================================
"Sanitized" full configuration file
client
dev tun
proto udp
remote xxxx.asuscomm.com 1194
float
comp-lzo adaptive
keepalive 15 60
auth-user-pass
ns-cert-type server
<ca>
[Security-related line(s) omitted]
</ca>
<cert>
[Security-related line(s) omitted]
</cert>
<key>
[Security-related line(s) omitted]
</key>
resolv-retry infinite
nobind
================================================================================
ifconfig output:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=1<PERFORMNUD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=27<RXCSUM,TXCSUM,VLAN_MTU,TSO4>
ether e8:06:88:b9:58:8a
nd6 options=1<PERFORMNUD>
media: autoselect
status: inactive
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 58:b0:35:88:f1:23
inet6 fe80::5ab0:35ff:fe88:f123%en1 prefixlen 64 scopeid 0x5
inet 10.243.164.197 netmask 0xffe00000 broadcast 10.255.255.255
nd6 options=1<PERFORMNUD>
media: autoselect
status: active
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether 0a:b0:35:88:f1:23
media: autoselect
status: inactive
================================================================================
Console Log:
2017-03-18 10:33:18 Tunnelblick[371] Tunnelblick: OS X 10.11.6; Tunnelblick 3.7.1beta01 (build 4800)
2017-03-18 10:33:21 Tunnelblick[371] Sparkle: ===== Tunnelblick =====
2017-03-18 10:33:21 Tunnelblick[371] Sparkle: Verified appcast signature
2017-03-18 10:34:17 Tunnelblick[371] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-macbook' account = 'username'
2017-03-18 10:34:17 Tunnelblick[371] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-macbook' account = 'password'
*Tunnelblick: OS X 10.11.6; Tunnelblick 3.7.1beta01 (build 4800); Admin user
git commit 844a29ce2d4edda7d77bf96279e84b42a80bec57
Configuration macbook
"Sanitized" condensed configuration file for /Users/Macbook/Library/Application Support/Tunnelblick/Configurations/macbook.tblk:
client
dev tun
proto udp
remote xxxx.asuscomm.com 1194
float
comp-lzo adaptive
keepalive 15 60
auth-user-pass
ns-cert-type server
<ca>
[Security-related line(s) omitted]
</ca>
<cert>
[Security-related line(s) omitted]
</cert>
<key>
[Security-related line(s) omitted]
</key>
resolv-retry infinite
nobind
================================================================================
Non-Apple kexts that are loaded:
Index Refs Address Size Wired Name (Version) UUID <Linked Against>
120 0 0xffffff7f80a7b000 0x5b000 0x5b000 com.paragon-software.kext.VDMounter (526.1) DEA8787E-5CCC-31F8-9730-B5E58A4C15D1 <16 5 4 3 1>
================================================================================
There are no unusual files in macbook.tblk
================================================================================
Configuration preferences:
-keychainHasUsernameAndPassword = 1
-loggingLevel = 3
-lastConnectionSucceeded = 1
================================================================================
Wildcard preferences:
================================================================================
Program preferences:
placeIconInStandardPositionInStatusBar = 1
launchAtNextLogin = 1
notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
askedUserIfOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
tunnelblickVersionHistory = (
"3.7.1beta01 (build 4800)"
)
lastLaunchTime = 511551202.271212
lastLanguageAtLaunchWasRTL = 0
connectionWindowDisplayCriteria = showWhenConnecting
maxLogDisplaySize = 102400
lastConnectedDisplayName = macbook
keyboardShortcutIndex = 1
updateCheckAutomatically = 1
updateSendProfileInfo = 1
NSWindow Frame ConnectingWindow = 424 442 389 187 0 0 1280 777
detailsWindowFrameVersion = 4800
detailsWindowFrame = {{59, 165}, {920, 468}}
detailsWindowLeftFrame = {{0, 0}, {165, 350}}
detailsWindowViewIndex = 0
detailsWindowConfigurationsTabIdentifier = log
leftNavSelectedDisplayName = macbook
AdvancedWindowTabIdentifier = vpnCredentials
haveDealtWithSparkle1dot5b6 = 1
haveDealtWithOldTunTapPreferences = 1
haveDealtWithOldLoginItem = 1
SUEnableAutomaticChecks = 1
SUScheduledCheckInterval = 86400
SUSendProfileInfo = 1
SULastCheckTime = 2017-03-18 17:33:21 +0000
SULastProfileSubmissionDate = 2017-03-17 22:39:56 +0000
SUHasLaunchedBefore = 1
WebKitDefaultFontSize = 16
WebKitStandardFont = Times
================================================================================
Tunnelblick Log:
*Tunnelblick: OS X 10.11.6; Tunnelblick 3.7.1beta01 (build 4800)
2017-03-18 10:34:17 *Tunnelblick: Attempting connection with macbook using shadow copy; Set nameserver = 769; monitoring connection
2017-03-18 10:34:17 *Tunnelblick: openvpnstart start macbook.tblk 1337 769 0 1 0 1065264 -ptADGNWradsgnw 2.3.14-openssl-1.0.2k
2017-03-18 10:34:17 *Tunnelblick: openvpnstart log:
OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.14-openssl-1.0.2k/openvpn
--daemon
--log
/Library/Application Support/Tunnelblick/Logs/-SUsers-SMacbook-SLibrary-SApplication Support-STunnelblick-SConfigurations-Smacbook.tblk-SContents-SResources-Sconfig.ovpn.769_0_1_0_1065264.1337.openvpn.log
--cd
/Library/Application Support/Tunnelblick/Users/Macbook/macbook.tblk/Contents/Resources
--verb
3
--config
/Library/Application Support/Tunnelblick/Users/Macbook/macbook.tblk/Contents/Resources/config.ovpn
--verb
3
--cd
/Library/Application Support/Tunnelblick/Users/Macbook/macbook.tblk/Contents/Resources
--management
127.0.0.1
1337
--management-query-passwords
--management-hold
--script-security
2
--up
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
--down
/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
2017-03-18 10:34:17 *Tunnelblick: Established communication with OpenVPN
2017-03-18 10:34:17 OpenVPN 2.3.14 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Jan 30 2017
2017-03-18 10:34:17 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09
2017-03-18 10:34:17 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337
2017-03-18 10:34:17 Need hold release from management interface, waiting...
2017-03-18 10:34:17 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337
2017-03-18 10:34:17 MANAGEMENT: CMD 'pid'
2017-03-18 10:34:17 MANAGEMENT: CMD 'state on'
2017-03-18 10:34:17 MANAGEMENT: CMD 'state'
2017-03-18 10:34:17 MANAGEMENT: CMD 'bytecount 1'
2017-03-18 10:34:17 MANAGEMENT: CMD 'hold release'
2017-03-18 10:34:17 *Tunnelblick: Obtained VPN username and password from the Keychain
2017-03-18 10:34:17 MANAGEMENT: CMD 'username "Auth" "macbook"'
2017-03-18 10:34:17 MANAGEMENT: CMD 'password [...]'
2017-03-18 10:34:17 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2017-03-18 10:34:17 Socket Buffers: R=[196724->196724] S=[9216->9216]
2017-03-18 10:34:17 MANAGEMENT: >STATE:1489858457,RESOLVE,,,
2017-03-18 10:34:17 UDPv4 link local: [undef]
2017-03-18 10:34:17 UDPv4 link remote: [AF_INET]98.237.238.53:1194
2017-03-18 10:34:17 MANAGEMENT: >STATE:1489858457,WAIT,,,
2017-03-18 10:34:17 MANAGEMENT: >STATE:1489858457,AUTH,,,
2017-03-18 10:34:17 TLS: Initial packet from [AF_INET]98.237.238.53:1194, sid=ed894a0b 18d0b050
2017-03-18 10:34:17 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2017-03-18 10:34:17 *Tunnelblick: openvpnstart starting OpenVPN
2017-03-18 10:34:18 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U, emailAddress=m...@myhost.mydomain
2017-03-18 10:34:18 VERIFY OK: nsCertType=SERVER
2017-03-18 10:34:18 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U, emailAddress=m...@myhost.mydomain
2017-03-18 10:34:18 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
2017-03-18 10:34:18 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
2017-03-18 10:34:18 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2017-03-18 10:34:18 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
2017-03-18 10:34:18 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
2017-03-18 10:34:18 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2017-03-18 10:34:18 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
2017-03-18 10:34:18 [RT-AC68U] Peer Connection Initiated with [AF_INET]98.237.238.53:1194
2017-03-18 10:34:19 MANAGEMENT: >STATE:1489858459,GET_CONFIG,,,
2017-03-18 10:34:20 SENT CONTROL [RT-AC68U]: 'PUSH_REQUEST' (status=1)
2017-03-18 10:34:20 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0 vpn_gateway 500,redirect-gateway def1,route 10.8.0.1,topology net30,ping 15,ping-restart 60,ifconfig 10.8.0.6 10.8.0.5'
2017-03-18 10:34:20 OPTIONS IMPORT: timers and/or timeouts modified
2017-03-18 10:34:20 OPTIONS IMPORT: --ifconfig/up options modified
2017-03-18 10:34:20 OPTIONS IMPORT: route options modified
2017-03-18 10:34:20 Opened utun device utun0
2017-03-18 10:34:20 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
2017-03-18 10:34:20 MANAGEMENT: >STATE:1489858460,ASSIGN_IP,,10.8.0.6,
2017-03-18 10:34:20 /sbin/ifconfig utun0 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2017-03-18 10:34:20 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2017-03-18 10:34:20 /sbin/ifconfig utun0 10.8.0.6 10.8.0.5 mtu 1500 netmask 255.255.255.255 up
2017-03-18 10:34:20 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw utun0 1500 1542 10.8.0.6 10.8.0.5 init
**********************************************
Start of output from client.up.tunnelblick.sh
NOTE: No network configuration changes need to be made.
WARNING: Will NOT monitor for other network configuration changes.
WARNING: Will NOT disable IPv6 settings.
DNS servers '8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220' were set manually
DNS servers '8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220' will be used for DNS queries when the VPN is active
The DNS servers include only free public DNS servers known to Tunnelblick.
Flushed the DNS cache via dscacheutil
/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
Notified mDNSResponder that the DNS cache was flushed
End of output from client.up.tunnelblick.sh
**********************************************
2017-03-18 10:34:22 *Tunnelblick: No 'connected.sh' script to execute
2017-03-18 10:34:22 /sbin/route add -net 98.237.238.53 10.224.0.1 255.255.255.255
add net 98.237.238.53: gateway 10.224.0.1
2017-03-18 10:34:22 /sbin/route add -net 0.0.0.0 10.8.0.5 128.0.0.0
add net 0.0.0.0: gateway 10.8.0.5
2017-03-18 10:34:22 /sbin/route add -net 128.0.0.0 10.8.0.5 128.0.0.0
add net 128.0.0.0: gateway 10.8.0.5
2017-03-18 10:34:22 MANAGEMENT: >STATE:1489858462,ADD_ROUTES,,,
2017-03-18 10:34:22 /sbin/route add -net 192.168.1.0 10.8.0.5 255.255.255.0
add net 192.168.1.0: gateway 10.8.0.5
2017-03-18 10:34:22 /sbin/route add -net 10.8.0.1 10.8.0.5 255.255.255.255
add net 10.8.0.1: gateway 10.8.0.5
2017-03-18 10:34:22 Initialization Sequence Completed
2017-03-18 10:34:22 MANAGEMENT: >STATE:1489858462,CONNECTED,SUCCESS,10.8.0.6,98.237.238.53
2017-03-18 10:34:45 *Tunnelblick: This computer's apparent public IP address changed from 73.109.62.245 before connection to xx.xxx.238.53 after connection
2017-03-18 10:35:02 *Tunnelblick: Disconnecting; 'Disconnect' (toggle) menu command invoked
2017-03-18 10:35:02 *Tunnelblick: No 'pre-disconnect.sh' script to execute
2017-03-18 10:35:02 *Tunnelblick: Disconnecting using 'kill'
2017-03-18 10:35:02 event_wait : Interrupted system call (code=4)
2017-03-18 10:35:02 /sbin/route delete -net 10.8.0.1 10.8.0.5 255.255.255.255
delete net 10.8.0.1: gateway 10.8.0.5
2017-03-18 10:35:02 /sbin/route delete -net 192.168.1.0 10.8.0.5 255.255.255.0
delete net 192.168.1.0: gateway 10.8.0.5
2017-03-18 10:35:02 /sbin/route delete -net 98.237.238.53 10.224.0.1 255.255.255.255
delete net 98.237.238.53: gateway 10.224.0.1
2017-03-18 10:35:02 /sbin/route delete -net 0.0.0.0 10.8.0.5 128.0.0.0
delete net 0.0.0.0: gateway 10.8.0.5
2017-03-18 10:35:02 /sbin/route delete -net 128.0.0.0 10.8.0.5 128.0.0.0
delete net 128.0.0.0: gateway 10.8.0.5
2017-03-18 10:35:02 Closing TUN/TAP interface
2017-03-18 10:35:02 /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw utun0 1500 1542 10.8.0.6 10.8.0.5 init
**********************************************
Start of output from client.down.tunnelblick.sh
WARNING: Not restoring DNS settings because no saved Tunnelblick DNS information was found.
Flushed the DNS cache via dscacheutil
/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
Notified mDNSResponder that the DNS cache was flushed
End of output from client.down.tunnelblick.sh
**********************************************
2017-03-18 10:35:03 SIGTERM[hard,] received, process exiting
2017-03-18 10:35:03 MANAGEMENT: >STATE:1489858503,EXITING,SIGTERM,,
2017-03-18 10:35:04 *Tunnelblick: No 'post-disconnect.sh' script to execute
2017-03-18 10:35:04 *Tunnelblick: Expected disconnection occurred.
================================================================================
"Sanitized" full configuration file
client
dev tun
proto udp
remote xxxx.asuscomm.com 1194
float
comp-lzo adaptive
keepalive 15 60
auth-user-pass
ns-cert-type server
<ca>
[Security-related line(s) omitted]
</ca>
<cert>
[Security-related line(s) omitted]
</cert>
<key>
[Security-related line(s) omitted]
</key>
resolv-retry infinite
nobind
================================================================================
ifconfig output:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=1<PERFORMNUD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=27<RXCSUM,TXCSUM,VLAN_MTU,TSO4>
ether e8:06:88:b9:58:8a
nd6 options=1<PERFORMNUD>
media: autoselect
status: inactive
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 58:b0:35:88:f1:23
inet6 fe80::5ab0:35ff:fe88:f123%en1 prefixlen 64 scopeid 0x5
inet 10.243.164.197 netmask 0xffe00000 broadcast 10.255.255.255
nd6 options=1<PERFORMNUD>
media: autoselect
status: active
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether 0a:b0:35:88:f1:23
media: autoselect
status: inactive
================================================================================
Console Log:
2017-03-18 10:33:18 Tunnelblick[371] Tunnelblick: OS X 10.11.6; Tunnelblick 3.7.1beta01 (build 4800)
2017-03-18 10:33:21 Tunnelblick[371] Sparkle: ===== Tunnelblick =====
2017-03-18 10:33:21 Tunnelblick[371] Sparkle: Verified appcast signature
2017-03-18 10:34:17 Tunnelblick[371] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-macbook' account = 'username'
2017-03-18 10:34:17 Tunnelblick[371] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-macbook' account = 'password'
Tunnelblick developer
Mar 18, 2017, 10:48:16 PM3/18/17
to tunnelblick-discuss
The configuration info that is being pushed from the server to the client does not include any DNS information. That can cause the sort of problem you see. Typically an ISP's DNS server will not respond to queries that come from outside the ISP's network. Typically, when you connect to the VPN, DNS queries go through the VPN, so they appear to the DNS server to be coming from the VPN, not from your computer. That may mean that the queries are seen to be coming from outside the DNS server's network, so it ignores them.
The usual solution to that is for the OpenVPN server to "push" DNS server addresses to the OpenVPN client, which then uses them instead of the default DNS servers. By specifying DNS serves that either accept all queries, or that accept queries from the VPN, DNS queries that go through the VPN work.
2017-03-18 10:34:18 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U, emailAddress=me@myhost.mydomain
2017-03-18 10:34:18 VERIFY OK: nsCertType=SERVER
2017-03-18 10:34:18 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U, emailAddress=me@myhost.mydomain
Message has been deleted
wswen...@gmail.com
Mar 19, 2017, 3:41:45 PM3/19/17
to tunnelblick-discuss
Not
sure if I'm going in the right direction but I changed the WAN DNS
setting on my router "Connect to DNS sever Automatically" from Yes to No
and entered 208.67.220.220 as DNS server 1 and 208.67.222.222 as server
2. I also entered the same 2 DNS servers into the Network Control
Panel/DNS Servers on my Macbook, these are now the only servers on the
list).
There was no change in connect-ability, I can connect to the router but not to the internet. Below is the diagnostic log after making the above changes. Any suggestions?
Thanks
There was no change in connect-ability, I can connect to the router but not to the internet. Below is the diagnostic log after making the above changes. Any suggestions?
Thanks
*Tunnelblick: OS X 10.11.6; Tunnelblick 3.7.1beta01 (build 4800); Admin user
git commit 844a29ce2d4edda7d77bf96279e84b42a80bec57
Configuration macbook2
"Sanitized" condensed configuration file for /Users/Macbook/Library/Application Support/Tunnelblick/Configurations/macbook2.tblk:
"Sanitized" condensed configuration file for /Users/Macbook/Library/Application Support/Tunnelblick/Configurations/macbook2.tblk:
client
dev tun
proto udp
remote xxxx.asuscomm.com 1194
float
comp-lzo adaptive
keepalive 15 60
auth-user-pass
ns-cert-type server
redirect-gateway def1
<ca>
[Security-related line(s) omitted]
</ca>
<cert>
[Security-related line(s) omitted]
</cert>
<key>
[Security-related line(s) omitted]
</key>
resolv-retry infinite
nobind
================================================================================
Non-Apple kexts that are loaded:
Index Refs Address Size Wired Name (Version) UUID <Linked Against>
111 0 0xffffff7f80a7b000 0x5b000 0x5b000 com.paragon-software.kext.VDMounter (526.1) DEA8787E-5CCC-31F8-9730-B5E58A4C15D1 <16 5 4 3 1>
================================================================================
There are no unusual files in macbook2.tblk
================================================================================
There are no unusual files in macbook2.tblk
================================================================================
Configuration preferences:
-keychainHasUsernameAndPassword = 1
-lastConnectionSucceeded = 1
================================================================================
Wildcard preferences:
================================================================================
Program preferences:
placeIconInStandardPositionInStatusBar = 1
launchAtNextLogin = 1
notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
askedUserIfOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
tunnelblickVersionHistory = (
"3.7.1beta01 (build 4800)"
)
================================================================================
Wildcard preferences:
================================================================================
Program preferences:
placeIconInStandardPositionInStatusBar = 1
launchAtNextLogin = 1
notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
askedUserIfOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
tunnelblickVersionHistory = (
"3.7.1beta01 (build 4800)"
)
lastLaunchTime = 511643043.136401
lastLanguageAtLaunchWasRTL = 0
connectionWindowDisplayCriteria = showWhenConnecting
maxLogDisplaySize = 102400
lastConnectedDisplayName = macbook2
keyboardShortcutIndex = 1
updateCheckAutomatically = 1
updateSendProfileInfo = 1
NSWindow Frame ConnectingWindow = 424 442 389 187 0 0 1280 777
detailsWindowFrameVersion = 4800
detailsWindowFrame = {{59, 167}, {920, 468}}
detailsWindowLeftFrame = {{0, 0}, {165, 350}}
detailsWindowViewIndex = 0
detailsWindowConfigurationsTabIdentifier = log
leftNavSelectedDisplayName = macbook2
AdvancedWindowTabIdentifier = vpnCredentials
haveDealtWithSparkle1dot5b6 = 1
haveDealtWithOldTunTapPreferences = 1
haveDealtWithOldLoginItem = 1
SUEnableAutomaticChecks = 1
SUScheduledCheckInterval = 86400
SUSendProfileInfo = 1
SULastCheckTime = 2017-03-19 19:04:04 +0000
SULastProfileSubmissionDate = 2017-03-17 22:39:56 +0000
SUHasLaunchedBefore = 1
WebKitDefaultFontSize = 16
WebKitStandardFont = Times
================================================================================
Tunnelblick Log:
*Tunnelblick: OS X 10.11.6; Tunnelblick 3.7.1beta01 (build 4800)
2017-03-19 12:04:31 *Tunnelblick: Attempting connection with macbook2 using shadow copy; Set nameserver = 769; monitoring connection
2017-03-19 12:04:31 *Tunnelblick: openvpnstart start macbook2.tblk 1338 769 0 1 0 1065264 -ptADGNWradsgnw 2.3.14-openssl-1.0.2k
2017-03-19 12:04:31 *Tunnelblick: openvpnstart starting OpenVPN
2017-03-19 12:04:32 *Tunnelblick: openvpnstart log:
2017-03-19 12:04:31 *Tunnelblick: openvpnstart start macbook2.tblk 1338 769 0 1 0 1065264 -ptADGNWradsgnw 2.3.14-openssl-1.0.2k
2017-03-19 12:04:31 *Tunnelblick: openvpnstart starting OpenVPN
2017-03-19 12:04:32 *Tunnelblick: openvpnstart log:
OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.14-openssl-1.0.2k/openvpn
--daemon
--log
/Library/Application Support/Tunnelblick/Logs/-SUsers-SMacbook-SLibrary-SApplication Support-STunnelblick-SConfigurations-Smacbook2.tblk-SContents-SResources-Sconfig.ovpn.769_0_1_0_1065264.1338.openvpn.log
--cd
/Library/Application Support/Tunnelblick/Users/Macbook/macbook2.tblk/Contents/Resources
--verb
3
--config
/Library/Application Support/Tunnelblick/Users/Macbook/macbook2.tblk/Contents/Resources/config.ovpn
--verb
3
--cd
/Library/Application Support/Tunnelblick/Users/Macbook/macbook2.tblk/Contents/Resources
--management
127.0.0.1
1338
--cd
/Library/Application Support/Tunnelblick/Users/Macbook/macbook2.tblk/Contents/Resources
--verb
3
--config
/Library/Application Support/Tunnelblick/Users/Macbook/macbook2.tblk/Contents/Resources/config.ovpn
--verb
3
--cd
/Library/Application Support/Tunnelblick/Users/Macbook/macbook2.tblk/Contents/Resources
--management
127.0.0.1
1338
--management-query-passwords
--management-hold
--script-security
2
--up
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
--down
/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
2017-03-19 12:04:32 *Tunnelblick: Established communication with OpenVPN
2017-03-19 12:04:32 *Tunnelblick: Obtained VPN username and password from the Keychain
2017-03-19 12:04:32 OpenVPN 2.3.14 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Jan 30 2017
2017-03-19 12:04:32 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09
2017-03-19 12:04:32 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1338
2017-03-19 12:04:32 Need hold release from management interface, waiting...
2017-03-19 12:04:32 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1338
2017-03-19 12:04:32 MANAGEMENT: CMD 'pid'
2017-03-19 12:04:32 MANAGEMENT: CMD 'state on'
2017-03-19 12:04:32 MANAGEMENT: CMD 'state'
2017-03-19 12:04:32 MANAGEMENT: CMD 'bytecount 1'
2017-03-19 12:04:32 MANAGEMENT: CMD 'hold release'
2017-03-19 12:04:32 MANAGEMENT: CMD 'username "Auth" "macbook"'
2017-03-19 12:04:32 MANAGEMENT: CMD 'password [...]'
2017-03-19 12:04:32 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2017-03-19 12:04:32 Socket Buffers: R=[196724->196724] S=[9216->9216]
2017-03-19 12:04:32 MANAGEMENT: >STATE:1489950272,RESOLVE,,,
2017-03-19 12:04:32 UDPv4 link local: [undef]
2017-03-19 12:04:32 UDPv4 link remote: [AF_INET]98.237.238.53:1194
2017-03-19 12:04:32 MANAGEMENT: >STATE:1489950272,WAIT,,,
2017-03-19 12:04:32 MANAGEMENT: >STATE:1489950272,AUTH,,,
2017-03-19 12:04:32 TLS: Initial packet from [AF_INET]98.237.238.53:1194, sid=adad6aec 145c5e15
2017-03-19 12:04:32 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2017-03-19 12:04:32 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U, emailAddress=m...@myhost.mydomain
2017-03-19 12:04:32 VERIFY OK: nsCertType=SERVER
2017-03-19 12:04:32 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U, emailAddress=m...@myhost.mydomain
2017-03-19 12:04:32 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
2017-03-19 12:04:32 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
2017-03-19 12:04:32 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2017-03-19 12:04:32 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
2017-03-19 12:04:32 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
2017-03-19 12:04:32 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2017-03-19 12:04:32 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
2017-03-19 12:04:32 [RT-AC68U] Peer Connection Initiated with [AF_INET]98.237.238.53:1194
2017-03-19 12:04:34 MANAGEMENT: >STATE:1489950274,GET_CONFIG,,,
2017-03-19 12:04:35 SENT CONTROL [RT-AC68U]: 'PUSH_REQUEST' (status=1)
2017-03-19 12:04:35 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0 vpn_gateway 500,dhcp-option DNS 192.168.1.1,redirect-gateway def1,route 10.8.0.1,topology net30,ping 15,ping-restart 60,ifconfig 10.8.0.10 10.8.0.9'
2017-03-19 12:04:35 OPTIONS IMPORT: timers and/or timeouts modified
2017-03-19 12:04:35 OPTIONS IMPORT: --ifconfig/up options modified
2017-03-19 12:04:35 OPTIONS IMPORT: route options modified
2017-03-19 12:04:35 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2017-03-19 12:04:35 Opened utun device utun0
2017-03-19 12:04:35 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
2017-03-19 12:04:35 MANAGEMENT: >STATE:1489950275,ASSIGN_IP,,10.8.0.10,
2017-03-19 12:04:35 /sbin/ifconfig utun0 delete
2017-03-19 12:04:32 *Tunnelblick: Obtained VPN username and password from the Keychain
2017-03-19 12:04:32 OpenVPN 2.3.14 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Jan 30 2017
2017-03-19 12:04:32 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09
2017-03-19 12:04:32 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1338
2017-03-19 12:04:32 Need hold release from management interface, waiting...
2017-03-19 12:04:32 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1338
2017-03-19 12:04:32 MANAGEMENT: CMD 'pid'
2017-03-19 12:04:32 MANAGEMENT: CMD 'state on'
2017-03-19 12:04:32 MANAGEMENT: CMD 'state'
2017-03-19 12:04:32 MANAGEMENT: CMD 'bytecount 1'
2017-03-19 12:04:32 MANAGEMENT: CMD 'hold release'
2017-03-19 12:04:32 MANAGEMENT: CMD 'username "Auth" "macbook"'
2017-03-19 12:04:32 MANAGEMENT: CMD 'password [...]'
2017-03-19 12:04:32 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2017-03-19 12:04:32 Socket Buffers: R=[196724->196724] S=[9216->9216]
2017-03-19 12:04:32 MANAGEMENT: >STATE:1489950272,RESOLVE,,,
2017-03-19 12:04:32 UDPv4 link local: [undef]
2017-03-19 12:04:32 UDPv4 link remote: [AF_INET]98.237.238.53:1194
2017-03-19 12:04:32 MANAGEMENT: >STATE:1489950272,WAIT,,,
2017-03-19 12:04:32 MANAGEMENT: >STATE:1489950272,AUTH,,,
2017-03-19 12:04:32 TLS: Initial packet from [AF_INET]98.237.238.53:1194, sid=adad6aec 145c5e15
2017-03-19 12:04:32 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2017-03-19 12:04:32 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U, emailAddress=m...@myhost.mydomain
2017-03-19 12:04:32 VERIFY OK: nsCertType=SERVER
2017-03-19 12:04:32 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U, emailAddress=m...@myhost.mydomain
2017-03-19 12:04:32 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
2017-03-19 12:04:32 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
2017-03-19 12:04:32 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2017-03-19 12:04:32 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
2017-03-19 12:04:32 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
2017-03-19 12:04:32 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2017-03-19 12:04:32 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
2017-03-19 12:04:32 [RT-AC68U] Peer Connection Initiated with [AF_INET]98.237.238.53:1194
2017-03-19 12:04:34 MANAGEMENT: >STATE:1489950274,GET_CONFIG,,,
2017-03-19 12:04:35 SENT CONTROL [RT-AC68U]: 'PUSH_REQUEST' (status=1)
2017-03-19 12:04:35 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0 vpn_gateway 500,dhcp-option DNS 192.168.1.1,redirect-gateway def1,route 10.8.0.1,topology net30,ping 15,ping-restart 60,ifconfig 10.8.0.10 10.8.0.9'
2017-03-19 12:04:35 OPTIONS IMPORT: timers and/or timeouts modified
2017-03-19 12:04:35 OPTIONS IMPORT: --ifconfig/up options modified
2017-03-19 12:04:35 OPTIONS IMPORT: route options modified
2017-03-19 12:04:35 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2017-03-19 12:04:35 Opened utun device utun0
2017-03-19 12:04:35 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
2017-03-19 12:04:35 MANAGEMENT: >STATE:1489950275,ASSIGN_IP,,10.8.0.10,
2017-03-19 12:04:35 /sbin/ifconfig utun0 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2017-03-19 12:04:35 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2017-03-19 12:04:35 /sbin/ifconfig utun0 10.8.0.10 10.8.0.9 mtu 1500 netmask 255.255.255.255 up
2017-03-19 12:04:35 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw utun0 1500 1542 10.8.0.10 10.8.0.9 init
2017-03-19 12:04:35 /sbin/ifconfig utun0 10.8.0.10 10.8.0.9 mtu 1500 netmask 255.255.255.255 up
2017-03-19 12:04:35 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw utun0 1500 1542 10.8.0.10 10.8.0.9 init
Disabled IPv6 for 'Ethernet'
Disabled IPv6 for 'Wi-Fi'
Disabled IPv6 for 'Bluetooth PAN'
Retrieved from OpenVPN: name server(s) [ 192.168.1.1 ], search domain(s) [ ] and SMB server(s) [ ] and using default domain name [ openvpn ]
WARNING: Ignoring ServerAddresses '192.168.1.1' because ServerAddresses was set manually
Setting search domains to 'openvpn' because running under OS X 10.6 or higher and the search domains were not set manually and 'Prepend domain name to search domains' was not selected
Saved the DNS and SMB configurations so they can be restored
Did not change DNS ServerAddresses setting of '208.67.222.222 208.67.220.220' (but re-set it)
Changed DNS SearchDomains setting from '' to 'openvpn'
Changed DNS DomainName setting from '' to 'openvpn'
Did not change SMB NetBIOSName setting of ''
Did not change SMB Workgroup setting of ''
Did not change SMB WINSAddresses setting of ''
DNS servers '208.67.222.222 208.67.220.220' were set manually
DNS servers '208.67.222.222 208.67.220.220' will be used for DNS queries when the VPN is active
Disabled IPv6 for 'Wi-Fi'
Disabled IPv6 for 'Bluetooth PAN'
Retrieved from OpenVPN: name server(s) [ 192.168.1.1 ], search domain(s) [ ] and SMB server(s) [ ] and using default domain name [ openvpn ]
WARNING: Ignoring ServerAddresses '192.168.1.1' because ServerAddresses was set manually
Setting search domains to 'openvpn' because running under OS X 10.6 or higher and the search domains were not set manually and 'Prepend domain name to search domains' was not selected
Saved the DNS and SMB configurations so they can be restored
Did not change DNS ServerAddresses setting of '208.67.222.222 208.67.220.220' (but re-set it)
Changed DNS SearchDomains setting from '' to 'openvpn'
Changed DNS DomainName setting from '' to 'openvpn'
Did not change SMB NetBIOSName setting of ''
Did not change SMB Workgroup setting of ''
Did not change SMB WINSAddresses setting of ''
DNS servers '208.67.222.222 208.67.220.220' were set manually
DNS servers '208.67.222.222 208.67.220.220' will be used for DNS queries when the VPN is active
The DNS servers include only free public DNS servers known to Tunnelblick.
Flushed the DNS cache via dscacheutil
/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
Notified mDNSResponder that the DNS cache was flushed
Setting up to monitor system configuration with process-network-changes
2017-03-19 12:04:39 *Tunnelblick: No 'connected.sh' script to execute
2017-03-19 12:04:39 /sbin/route add -net 98.237.238.53 10.224.0.1 255.255.255.255
2017-03-19 12:04:39 /sbin/route add -net 98.237.238.53 10.224.0.1 255.255.255.255
2017-03-19 12:04:39 /sbin/route add -net 0.0.0.0 10.8.0.9 128.0.0.0
add net 0.0.0.0: gateway 10.8.0.9
2017-03-19 12:04:39 /sbin/route add -net 128.0.0.0 10.8.0.9 128.0.0.0
add net 128.0.0.0: gateway 10.8.0.9
2017-03-19 12:04:39 MANAGEMENT: >STATE:1489950279,ADD_ROUTES,,,
2017-03-19 12:04:39 /sbin/route add -net 192.168.1.0 10.8.0.9 255.255.255.0
add net 192.168.1.0: gateway 10.8.0.9
2017-03-19 12:04:39 /sbin/route add -net 10.8.0.1 10.8.0.9 255.255.255.255
add net 10.8.0.1: gateway 10.8.0.9
2017-03-19 12:04:39 Initialization Sequence Completed
2017-03-19 12:04:39 MANAGEMENT: >STATE:1489950279,CONNECTED,SUCCESS,10.8.0.10,98.xxx.xxx.xx
2017-03-19 12:04:43 *Tunnelblick process-network-changes: A system configuration change was ignored
2017-03-19 12:05:01 *Tunnelblick: This computer's apparent public IP address changed from 73.109.63.51 before connection to 98.237.238.53 after connection
2017-03-19 12:05:43 *Tunnelblick: Disconnecting; 'Disconnect' (toggle) menu command invoked
2017-03-19 12:05:43 *Tunnelblick: No 'pre-disconnect.sh' script to execute
2017-03-19 12:05:43 *Tunnelblick: Disconnecting using 'kill'
2017-03-19 12:05:43 event_wait : Interrupted system call (code=4)
2017-03-19 12:05:43 /sbin/route delete -net 10.8.0.1 10.8.0.9 255.255.255.255
delete net 10.8.0.1: gateway 10.8.0.9
2017-03-19 12:05:43 /sbin/route delete -net 192.168.1.0 10.8.0.9 255.255.255.0
delete net 192.168.1.0: gateway 10.8.0.9
2017-03-19 12:05:43 /sbin/route delete -net 98.xxx.xxx.xx 10.224.0.1 255.255.255.255
add net 0.0.0.0: gateway 10.8.0.9
2017-03-19 12:04:39 /sbin/route add -net 128.0.0.0 10.8.0.9 128.0.0.0
add net 128.0.0.0: gateway 10.8.0.9
2017-03-19 12:04:39 MANAGEMENT: >STATE:1489950279,ADD_ROUTES,,,
2017-03-19 12:04:39 /sbin/route add -net 192.168.1.0 10.8.0.9 255.255.255.0
add net 192.168.1.0: gateway 10.8.0.9
2017-03-19 12:04:39 /sbin/route add -net 10.8.0.1 10.8.0.9 255.255.255.255
add net 10.8.0.1: gateway 10.8.0.9
2017-03-19 12:04:39 Initialization Sequence Completed
2017-03-19 12:04:39 MANAGEMENT: >STATE:1489950279,CONNECTED,SUCCESS,10.8.0.10,98.xxx.xxx.xx
2017-03-19 12:04:43 *Tunnelblick process-network-changes: A system configuration change was ignored
2017-03-19 12:05:01 *Tunnelblick: This computer's apparent public IP address changed from 73.109.63.51 before connection to 98.237.238.53 after connection
2017-03-19 12:05:43 *Tunnelblick: Disconnecting; 'Disconnect' (toggle) menu command invoked
2017-03-19 12:05:43 *Tunnelblick: No 'pre-disconnect.sh' script to execute
2017-03-19 12:05:43 *Tunnelblick: Disconnecting using 'kill'
2017-03-19 12:05:43 event_wait : Interrupted system call (code=4)
2017-03-19 12:05:43 /sbin/route delete -net 10.8.0.1 10.8.0.9 255.255.255.255
delete net 10.8.0.1: gateway 10.8.0.9
2017-03-19 12:05:43 /sbin/route delete -net 192.168.1.0 10.8.0.9 255.255.255.0
delete net 192.168.1.0: gateway 10.8.0.9
2017-03-19 12:05:43 /sbin/route delete -net 98.xxx.xxx.xx 10.224.0.1 255.255.255.255
2017-03-19 12:05:43 /sbin/route delete -net 0.0.0.0 10.8.0.9 128.0.0.0
delete net 0.0.0.0: gateway 10.8.0.9
2017-03-19 12:05:43 /sbin/route delete -net 128.0.0.0 10.8.0.9 128.0.0.0
delete net 128.0.0.0: gateway 10.8.0.9
2017-03-19 12:05:43 Closing TUN/TAP interface
2017-03-19 12:05:43 /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw utun0 1500 1542 10.8.0.10 10.8.0.9 init
delete net 0.0.0.0: gateway 10.8.0.9
2017-03-19 12:05:43 /sbin/route delete -net 128.0.0.0 10.8.0.9 128.0.0.0
delete net 128.0.0.0: gateway 10.8.0.9
2017-03-19 12:05:43 Closing TUN/TAP interface
2017-03-19 12:05:43 /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw utun0 1500 1542 10.8.0.10 10.8.0.9 init
Cancelled monitoring of system configuration changes
Restored the DNS and SMB configurations
Re-enabled IPv6 (automatic) for 'Ethernet'
Re-enabled IPv6 (automatic) for 'Wi-Fi'
Re-enabled IPv6 (automatic) for 'Bluetooth PAN'
Restored the DNS and SMB configurations
Re-enabled IPv6 (automatic) for 'Ethernet'
Re-enabled IPv6 (automatic) for 'Wi-Fi'
Re-enabled IPv6 (automatic) for 'Bluetooth PAN'
Flushed the DNS cache via dscacheutil
/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
Notified mDNSResponder that the DNS cache was flushed
End of output from client.down.tunnelblick.sh
**********************************************
2017-03-19 12:05:43 SIGTERM[hard,] received, process exiting
2017-03-19 12:05:43 MANAGEMENT: >STATE:1489950343,EXITING,SIGTERM,,
2017-03-19 12:05:44 *Tunnelblick: No 'post-disconnect.sh' script to execute
2017-03-19 12:05:44 *Tunnelblick: Expected disconnection occurred.
2017-03-19 12:05:43 MANAGEMENT: >STATE:1489950343,EXITING,SIGTERM,,
2017-03-19 12:05:44 *Tunnelblick: No 'post-disconnect.sh' script to execute
2017-03-19 12:05:44 *Tunnelblick: Expected disconnection occurred.
================================================================================
"Sanitized" full configuration file
client
dev tun
proto udp
remote xxxx.asuscomm.com 1194
float
comp-lzo adaptive
keepalive 15 60
auth-user-pass
ns-cert-type server
redirect-gateway def1
inet 10.229.131.247 netmask 0xffe00000 broadcast 10.255.255.255
inet6 fe80::5ab0:35ff:fe88:f123%en1 prefixlen 64 scopeid 0x5
nd6 options=1<PERFORMNUD>
media: autoselect
status: active
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether 0a:b0:35:88:f1:23
media: autoselect
status: inactive
================================================================================
Console Log:
media: autoselect
status: active
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether 0a:b0:35:88:f1:23
media: autoselect
status: inactive
================================================================================
Console Log:
2017-03-19 12:04:01 Tunnelblick[415] Tunnelblick: OS X 10.11.6; Tunnelblick 3.7.1beta01 (build 4800)
2017-03-19 12:04:04 Tunnelblick[415] Sparkle: ===== Tunnelblick =====
2017-03-19 12:04:04 Tunnelblick[415] Sparkle: Verified appcast signature
2017-03-19 12:04:10 Tunnelblick[415] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-macbook' account = 'username'
2017-03-19 12:04:10 Tunnelblick[415] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-macbook' account = 'password'
2017-03-19 12:04:32 Tunnelblick[415] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-macbook2' account = 'username'
2017-03-19 12:04:32 Tunnelblick[415] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-macbook2' account = 'password'
2017-03-19 12:04:04 Tunnelblick[415] Sparkle: ===== Tunnelblick =====
2017-03-19 12:04:04 Tunnelblick[415] Sparkle: Verified appcast signature
2017-03-19 12:04:10 Tunnelblick[415] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-macbook' account = 'username'
2017-03-19 12:04:10 Tunnelblick[415] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-macbook' account = 'password'
2017-03-19 12:04:32 Tunnelblick[415] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-macbook2' account = 'username'
2017-03-19 12:04:32 Tunnelblick[415] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-macbook2' account = 'password'
Reply all
Reply to author
Forward
0 new messages