Can't access internet through home OpenVPN server on Asus router (problem on Mac/iOS, works on Windows)

2,923 views

Skip to first unread message

namn...@gmail.com

unread,

Dec 26, 2016, 6:13:33 PM12/26/16

to tunnelbli...@googlegroups.com

Hi,

I have setup an OpenVPN server using my Asus router and the Merlin custom firmware.

With some startup troubles and do to the office network limitations, I had to set the port to 443 and using TCP.

After hours of struggling I tested on my friend's Windows 10 PC, and it worked right away. (whatsmyip showed my home IP etc)

On both my Mac/iOS (using tunnelblick/openvpn app) it seems I am connected, but I cannot access any internet, the only thing I can access is my home router.

I have added <push "redirect-gateway def1"> to the server config to force all traffic through the VPN.

Diagnostic log w/o sensitive info (I couldn't update to the beta version of tunnelblick for some reason):

EDIT: I managed to install the beta version, see updated log;

*Tunnelblick: OS X 10.12.2; Tunnelblick 3.6.10beta05 (build 4740); prior version 3.5.5 (build 4270.4461); Admin user

git commit 48f12038d7ac6da26c2e9fc3ab7c8937ad7e0f42

Configuration client1

"Sanitized" condensed configuration file for /Users/XXXX/Library/Application Support/Tunnelblick/Configurations/client1.tblk:

client

dev tun

proto tcp-client

remote XXXX.com 443

float

cipher AES-256-CBC

comp-lzo adaptive

keepalive 15 60

auth-user-pass

ns-cert-type server

<ca>

[Security-related line(s) omitted]

</ca>

<cert>

[Security-related line(s) omitted]

</cert>

<key>

[Security-related line(s) omitted]

</key>

resolv-retry infinite

nobind

================================================================================

Non-Apple kexts that are loaded:

Index Refs Address Size Wired Name (Version) UUID <Linked Against>

149 0 0xffffff7f83209000 0x2000 0x2000 com.regularrateandrhythm.driver.RowmoteIREmu (1.2) 5749D5E1-7BCC-37AE-95DB-F223CACD7396 <41 34 5 4 3>

150 0 0xffffff7f8320b000 0x8000 0x8000 foo.tun (1.0) FBA9A61D-E7BB-391C-92E2-C1D85BB065B2 <7 5 4 1>

================================================================================

There are no unusual files in client1.tblk

================================================================================

Configuration preferences:

-keychainHasUsernameAndPassword = 1

-lastConnectionSucceeded = 1

================================================================================

Wildcard preferences:

================================================================================

Program preferences:

skipWarningThatIPANotFetchedBeforeConnection = 1

launchAtNextLogin = 1

notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0

askedUserIfOKToCheckThatIPAddressDidNotChangeAfterConnection = 1

tunnelblickVersionHistory = (

"3.6.10beta05 (build 4740)",

"3.5.5 (build 4270.4461)",

"3.4beta34 (build 3935)"

)

statusDisplayNumber = 0

lastLaunchTime = 504482527.866039

lastLanguageAtLaunchWasRTL = 0

connectionWindowDisplayCriteria = showWhenConnecting

maxLogDisplaySize = 102400

lastConnectedDisplayName = client1

keyboardShortcutIndex = 1

namedCredentialsNames = (

XXXX

)

updateCheckAutomatically = 1

updateCheckBetas = 1

updateSendProfileInfo = 1

NSWindow Frame ConnectingWindow = 488 435 412 297 0 0 1440 878

detailsWindowFrameVersion = 4740

detailsWindowFrame = {{235, 307}, {920, 468}}

detailsWindowLeftFrame = {{0, 0}, {165, 350}}

detailsWindowViewIndex = 0

detailsWindowConfigurationsTabIdentifier = log

leftNavSelectedDisplayName = client1

haveDealtWithSparkle1dot5b6 = 1

haveDealtWithOldTunTapPreferences = 1

haveDealtWithOldLoginItem = 1

SUEnableAutomaticChecks = 1

SUFeedURL = https://www.tunnelblick.net/appcast-b.rss

SUScheduledCheckInterval = 86400

SUSendProfileInfo = 1

SULastCheckTime = 2016-12-26 22:02:09 +0000

SULastProfileSubmissionDate = 2016-12-23 19:09:58 +0000

SUHasLaunchedBefore = 1

WebKitDefaultFontSize = 11

WebKitStandardFont = .SF NS Text

================================================================================

Tunnelblick Log:

*Tunnelblick: OS X 10.12.2; Tunnelblick 3.6.10beta05 (build 4740); prior version 3.5.5 (build 4270.4461)

2016-12-27 00:07:32 *Tunnelblick: Attempting connection with client1 using shadow copy; Set nameserver = 769; monitoring connection

2016-12-27 00:07:32 *Tunnelblick: openvpnstart start client1.tblk 1337 769 0 1 0 1065264 -ptADGNWradsgnw 2.3.14-openssl-1.0.2j

2016-12-27 00:07:33 *Tunnelblick: openvpnstart log:

OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):

/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.14-openssl-1.0.2j/openvpn

--daemon

--log

/Library/Application Support/Tunnelblick/Logs/-SUsers-SXXXX-SLibrary-SApplication Support-STunnelblick-SConfigurations-Sclient1.tblk-SContents-SResources-Sconfig.ovpn.769_0_1_0_1065264.1337.openvpn.log

--cd

/Library/Application Support/Tunnelblick/Users/XXXX/client1.tblk/Contents/Resources

--verb

--config

/Library/Application Support/Tunnelblick/Users/XXXX/client1.tblk/Contents/Resources/config.ovpn

--verb

--cd

/Library/Application Support/Tunnelblick/Users/XXXX/client1.tblk/Contents/Resources

--management

127.0.0.1

1337

--management-query-passwords

--management-hold

--script-security

--up

/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw

--down

/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw

2016-12-27 00:07:32 OpenVPN 2.3.14 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Dec 23 2016

2016-12-27 00:07:32 library versions: OpenSSL 1.0.2j 26 Sep 2016, LZO 2.09

2016-12-27 00:07:32 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337

2016-12-27 00:07:32 Need hold release from management interface, waiting...

2016-12-27 00:07:32 *Tunnelblick: openvpnstart starting OpenVPN

2016-12-27 00:07:33 *Tunnelblick: Established communication with OpenVPN

2016-12-27 00:07:33 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337

2016-12-27 00:07:33 MANAGEMENT: CMD 'pid'

2016-12-27 00:07:33 MANAGEMENT: CMD 'state on'

2016-12-27 00:07:33 MANAGEMENT: CMD 'state'

2016-12-27 00:07:33 MANAGEMENT: CMD 'bytecount 1'

2016-12-27 00:07:33 MANAGEMENT: CMD 'hold release'

2016-12-27 00:07:39 MANAGEMENT: CMD 'username "Auth" "XXXX"'

2016-12-27 00:07:39 MANAGEMENT: CMD 'password [...]'

2016-12-27 00:07:39 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2016-12-27 00:07:39 Socket Buffers: R=[131072->131072] S=[131072->131072]

2016-12-27 00:07:39 MANAGEMENT: >STATE:1482793659,RESOLVE,,,

2016-12-27 00:07:40 Attempting to establish TCP connection with [AF_INET]XXX.XXX.XXX.XXX:443 [nonblock]

2016-12-27 00:07:40 MANAGEMENT: >STATE:1482793660,TCP_CONNECT,,,

2016-12-27 00:07:41 TCP connection established with [AF_INET]XXX.XXX.XXX.XXX:443

2016-12-27 00:07:41 TCPv4_CLIENT link local: [undef]

2016-12-27 00:07:41 TCPv4_CLIENT link remote: [AF_INET]XXX.XXX.XXX.XXX:443

2016-12-27 00:07:41 MANAGEMENT: >STATE:1482793661,WAIT,,,

2016-12-27 00:07:41 MANAGEMENT: >STATE:1482793661,AUTH,,,

2016-12-27 00:07:41 TLS: Initial packet from [AF_INET]XXX.XXX.XXX.XXX:443, sid=4ae795fd 08ccd4ac

2016-12-27 00:07:41 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

2016-12-27 00:07:42 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC66U, emailAddress=m...@myhost.mydomain

2016-12-27 00:07:42 VERIFY OK: nsCertType=SERVER

2016-12-27 00:07:42 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC66U, emailAddress=m...@myhost.mydomain

2016-12-27 00:07:42 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

2016-12-27 00:07:42 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

2016-12-27 00:07:42 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

2016-12-27 00:07:42 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

2016-12-27 00:07:42 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA

2016-12-27 00:07:42 [RT-AC66U] Peer Connection Initiated with [AF_INET]XXX.XXX.XXX.XXX:443

2016-12-27 00:07:44 MANAGEMENT: >STATE:1482793664,GET_CONFIG,,,

2016-12-27 00:07:45 SENT CONTROL [RT-AC66U]: 'PUSH_REQUEST' (status=1)

2016-12-27 00:07:45 PUSH: Received control message: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0,redirect-gateway def1,route-gateway 10.8.0.1,topology subnet,ping 15,ping-restart 60,ifconfig 10.8.0.2 255.255.255.0'

2016-12-27 00:07:45 OPTIONS IMPORT: timers and/or timeouts modified

2016-12-27 00:07:45 OPTIONS IMPORT: --ifconfig/up options modified

2016-12-27 00:07:45 OPTIONS IMPORT: route options modified

2016-12-27 00:07:45 OPTIONS IMPORT: route-related options modified

2016-12-27 00:07:45 Opening utun (connect(AF_SYS_CONTROL)): Resource busy

2016-12-27 00:07:45 Opened utun device utun1

2016-12-27 00:07:45 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0

2016-12-27 00:07:45 MANAGEMENT: >STATE:1482793665,ASSIGN_IP,,10.8.0.2,

2016-12-27 00:07:45 /sbin/ifconfig utun1 delete

ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address

2016-12-27 00:07:45 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure

2016-12-27 00:07:45 /sbin/ifconfig utun1 10.8.0.2 10.8.0.2 netmask 255.255.255.0 mtu 1500 up

2016-12-27 00:07:45 /sbin/route add -net 10.8.0.0 10.8.0.2 255.255.255.0

add net 10.8.0.0: gateway 10.8.0.2

2016-12-27 00:07:45 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw utun1 1500 1560 10.8.0.2 255.255.255.0 init

**********************************************

Start of output from client.up.tunnelblick.sh

NOTE: No network configuration changes need to be made.

WARNING: Will NOT monitor for other network configuration changes.

WARNING: Will NOT disable IPv6 settings.

DNS servers 'XXX.XXX.XXX.115 XXX.XXX.XXX.83 XXX.XXX.XXX.76' will be used for DNS queries when the VPN is active

NOTE: The DNS servers do not include any free public DNS servers known to Tunnelblick. This may cause DNS queries to fail or be intercepted or falsified even if they are directed through the VPN. Specify only known public DNS servers or DNS servers located on the VPN network to avoid such problems.

Flushed the DNS cache via dscacheutil

/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil

Notified mDNSResponder that the DNS cache was flushed

End of output from client.up.tunnelblick.sh

**********************************************

2016-12-27 00:07:47 *Tunnelblick: No 'connected.sh' script to execute

2016-12-27 00:07:47 *Tunnelblick: Could not determine this computer's apparent public IP address before the connection was completed

2016-12-27 00:07:47 /sbin/route add -net XXX.XXX.XXX.XXX 10.107.95.254 255.255.255.255

add net XXX.XXX.XXX.XXX: gateway 10.107.95.254

2016-12-27 00:07:47 /sbin/route add -net 0.0.0.0 10.8.0.1 128.0.0.0

add net 0.0.0.0: gateway 10.8.0.1

2016-12-27 00:07:47 /sbin/route add -net 128.0.0.0 10.8.0.1 128.0.0.0

add net 128.0.0.0: gateway 10.8.0.1

2016-12-27 00:07:47 MANAGEMENT: >STATE:1482793667,ADD_ROUTES,,,

2016-12-27 00:07:47 /sbin/route add -net 192.168.2.0 10.8.0.1 255.255.255.0

add net 192.168.2.0: gateway 10.8.0.1

2016-12-27 00:07:47 Initialization Sequence Completed

2016-12-27 00:07:47 MANAGEMENT: >STATE:1482793667,CONNECTED,SUCCESS,10.8.0.2,XXX.XXX.XXX.XXX

2016-12-27 00:08:03 *Tunnelblick: Disconnecting; 'Disconnect all' menu command invoked

2016-12-27 00:08:03 *Tunnelblick: No 'pre-disconnect.sh' script to execute

2016-12-27 00:08:03 *Tunnelblick: Disconnecting using 'kill'

2016-12-27 00:08:03 event_wait : Interrupted system call (code=4)

2016-12-27 00:08:03 /sbin/route delete -net 192.168.2.0 10.8.0.1 255.255.255.0

delete net 192.168.2.0: gateway 10.8.0.1

2016-12-27 00:08:03 /sbin/route delete -net XXX.XXX.XXX.XXX 10.107.95.254 255.255.255.255

delete net XXX.XXX.XXX.XXX: gateway 10.107.95.254

2016-12-27 00:08:03 /sbin/route delete -net 0.0.0.0 10.8.0.1 128.0.0.0

delete net 0.0.0.0: gateway 10.8.0.1

2016-12-27 00:08:03 /sbin/route delete -net 128.0.0.0 10.8.0.1 128.0.0.0

delete net 128.0.0.0: gateway 10.8.0.1

2016-12-27 00:08:03 Closing TUN/TAP interface

2016-12-27 00:08:03 /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw utun1 1500 1560 10.8.0.2 255.255.255.0 init

**********************************************

Start of output from client.down.tunnelblick.sh

WARNING: Not restoring DNS settings because no saved Tunnelblick DNS information was found.

Flushed the DNS cache via dscacheutil

/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil

Notified mDNSResponder that the DNS cache was flushed

End of output from client.down.tunnelblick.sh

**********************************************

2016-12-27 00:08:04 SIGTERM[hard,] received, process exiting

2016-12-27 00:08:04 MANAGEMENT: >STATE:1482793684,EXITING,SIGTERM,,

2016-12-27 00:08:04 *Tunnelblick: No 'post-disconnect.sh' script to execute

2016-12-27 00:08:04 *Tunnelblick: Expected disconnection occurred.

================================================================================

"Sanitized" full configuration file

client

dev tun

proto tcp-client

remote XXXX.com 443

float

cipher AES-256-CBC

comp-lzo adaptive

keepalive 15 60

auth-user-pass

ns-cert-type server

<ca>

[Security-related line(s) omitted]

</ca>

<cert>

[Security-related line(s) omitted]

</cert>

<key>

[Security-related line(s) omitted]

</key>

resolv-retry infinite

nobind

================================================================================

ifconfig output:

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384

options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>

inet 127.0.0.1 netmask 0xff000000

inet6 ::1 prefixlen 128

inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1

nd6 options=201<PERFORMNUD,DAD>

gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280

stf0: flags=0<> mtu 1280

en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

ether 84:38:35:59:0d:f6

inet6 fe80::b3:e5f7:c799:b2da%en0 prefixlen 64 secured scopeid 0x4

inet 10.107.82.98 netmask 0xfffff000 broadcast 10.107.95.255

nd6 options=201<PERFORMNUD,DAD>

media: autoselect

status: active

en1: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500

options=60<TSO4,TSO6>

ether 32:00:1c:0c:00:00

media: autoselect <full-duplex>

status: inactive

p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304

ether 06:38:35:59:0d:f6

media: autoselect

status: inactive

awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1484

ether 06:bf:59:76:00:35

inet6 fe80::4bf:59ff:fe76:35%awdl0 prefixlen 64 scopeid 0x7

nd6 options=201<PERFORMNUD,DAD>

media: autoselect

status: active

bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

options=63<RXCSUM,TXCSUM,TSO4,TSO6>

ether 32:00:1c:0c:00:00

Configuration:

id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0

maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200

root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0

ipfilter disabled flags 0x2

member: en1 flags=3<LEARNING,DISCOVER>

ifmaxaddr 0 port 5 priority 0 path cost 0

nd6 options=201<PERFORMNUD,DAD>

media: <unknown type>

status: inactive

utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000

inet6 fe80::3d49:f950:c12e:2f1e%utun0 prefixlen 64 scopeid 0x9

nd6 options=201<PERFORMNUD,DAD>

ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1364

inet 10.7.0.2 --> 192.168.2.1 netmask 0xfffff000

================================================================================

Console Log:

2016-12-27 00:07:11 Tunnelblick[1711] Tunnelblick needs to perform an action that requires administrator authorization.

2016-12-27 00:07:11 Tunnelblick[1711] Beginning installation or repair

2016-12-27 00:07:12 Tunnelblick[1711] Installation or repair succeeded; Log:

Tunnelblick installer started 2016-12-27 00:07:12. 2 arguments: 0x2001

/Users/XXXX/Library/Application Support/Tunnelblick/Configurations/client1.tblk

removed /Users/XXXX/Library/Application Support/Tunnelblick/Configurations/client1.tblk

removed /Library/Application Support/Tunnelblick/Users/XXXX/client1.tblk

Tunnelblick installer finished without error

2016-12-27 00:07:12 Tunnelblick[1711] Uninstalled configuration file /Users/XXXX/Library/Application Support/Tunnelblick/Configurations/client1.tblk

2016-12-27 00:07:25 Tunnelblick[1711] Converting/Installing /Users/XXXX/Dropbox/client1.ovpn: One or more CR characters have been removed or replaced with LF characters

2016-12-27 00:07:25 Tunnelblick[1711] Converting/Installing /Users/XXXX/Dropbox/client1.ovpn: Converted OpenVPN configuration

2016-12-27 00:07:28 Tunnelblick[1711] localNameFromDisplayName: 'client1' is not a known displayName

2016-12-27 00:07:28 Tunnelblick[1711] Tunnelblick needs to perform an action that requires administrator authorization.

2016-12-27 00:07:28 Tunnelblick[1711] Beginning installation or repair

2016-12-27 00:07:28 Tunnelblick[1711] Installation or repair succeeded; Log:

Tunnelblick installer started 2016-12-27 00:07:28. 3 arguments: 0x0001

/Users/XXXX/Library/Application Support/Tunnelblick/Configurations/client1.tblk

/private/var/folders/km/vhvjhm6s4yvb0xk1prmgn_zh0000gn/T/Tunnelblick-hlwTI9/client1.tblk

Copied /private/var/folders/km/vhvjhm6s4yvb0xk1prmgn_zh0000gn/T/Tunnelblick-hlwTI9/client1.tblk

to /Users/XXXX/Library/Application Support/Tunnelblick/Configurations/client1.tblk.temp

Renamed /Users/XXXX/Library/Application Support/Tunnelblick/Configurations/client1.tblk.temp

to /Users/XXXX/Library/Application Support/Tunnelblick/Configurations/client1.tblk

Changed ownership of /Users/XXXX/Library/Application Support/Tunnelblick/Configurations/client1.tblk and its contents from 501:20 to 501:80

Copied /Users/XXXX/Library/Application Support/Tunnelblick/Configurations/client1.tblk

to /Library/Application Support/Tunnelblick/Users/XXXX/client1.tblk.temp

Renamed /Library/Application Support/Tunnelblick/Users/XXXX/client1.tblk.temp

to /Library/Application Support/Tunnelblick/Users/XXXX/client1.tblk

Changed ownership of /Library/Application Support/Tunnelblick/Users/XXXX/client1.tblk and its contents from 501:80 to 0:0

Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/XXXX/client1.tblk

Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/XXXX/client1.tblk/Contents

Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/XXXX/client1.tblk/Contents/Resources

Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/XXXX/client1.tblk/Contents/Resources/config.ovpn

Created secure (shadow) copy of client1.tblk

Tunnelblick installer finished without error

2016-12-27 00:08:04 Tunnelblick[1711] currentIPInfo(Name): IP address info could not be fetched within 32.0 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1005 "The network connection was lost." UserInfo={NSUnderlyingError=0x600000452c90 {Error Domain=kCFErrorDomainCFNetwork Code=-1005 "The network connection was lost." UserInfo={NSErrorFailingURLStringKey=https://www.tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://www.tunnelblick.net/ipinfo, _kCFStreamErrorCodeKey=54, _kCFStreamErrorDomainKey=1, NSLocalizedDescription=The network connection was lost.}}, NSErrorFailingURLStringKey=https://www.tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://www.tunnelblick.net/ipinfo, _kCFStreamErrorDomainKey=1, _kCFStreamErrorCodeKey=54, NSLocalizedDescription=The network connection was lost.}'; the response was '(null)'

2016-12-27 00:08:12 Tunnelblick[1711] BUG in libdispatch client: kevent[EVFILT_MACHPORT] monitored resource vanished before the source cancel handler was invoked

namk

unread,

Jan 16, 2017, 11:35:37 AM1/16/17

to tunnelbli...@googlegroups.com

No ideas anyone?

*Tunnelblick: OS X 10.12.2; Tunnelblick 3.6.10beta06 (build 4750); prior version 3.6.10beta05 (build 4740)

2017-01-16 17:28:26 *Tunnelblick: Attempting connection with client1 using shadow copy; Set nameserver = 769; monitoring connection

2017-01-16 17:28:26 *Tunnelblick: openvpnstart start client1.tblk 1337 769 0 1 0 1065776 -ptADGNWradsgnw 2.3.14-openssl-1.0.2j

2017-01-16 17:28:26 *Tunnelblick: openvpnstart log:

OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):

/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.14-openssl-1.0.2j/openvpn

--daemon

--log

/Library/Application Support/Tunnelblick/Logs/-SUsers-Syolonam-SLibrary-SApplication Support-STunnelblick-SConfigurations-Sclient1.tblk-SContents-SResources-Sconfig.ovpn.769_0_1_0_1065776.1337.openvpn.log

--cd

/Library/Application Support/Tunnelblick/Users/yolonam/client1.tblk/Contents/Resources

--verb

--config

/Library/Application Support/Tunnelblick/Users/yolonam/client1.tblk/Contents/Resources/config.ovpn

--verb

--cd

/Library/Application Support/Tunnelblick/Users/yolonam/client1.tblk/Contents/Resources

--management

127.0.0.1

1337

--management-query-passwords

--management-hold

--redirect-gateway

def1

--script-security

--up

/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw

--down

/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw

2017-01-16 17:28:26 *Tunnelblick: Established communication with OpenVPN

2017-01-16 17:28:26 *Tunnelblick: Obtained VPN username and password from the Keychain

2017-01-16 17:28:26 OpenVPN 2.3.14 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Dec 27 2016

2017-01-16 17:28:26 library versions: OpenSSL 1.0.2j 26 Sep 2016, LZO 2.09

2017-01-16 17:28:26 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337

2017-01-16 17:28:26 Need hold release from management interface, waiting...

2017-01-16 17:28:26 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337

2017-01-16 17:28:26 MANAGEMENT: CMD 'pid'

2017-01-16 17:28:26 MANAGEMENT: CMD 'state on'

2017-01-16 17:28:26 MANAGEMENT: CMD 'state'

2017-01-16 17:28:26 MANAGEMENT: CMD 'bytecount 1'

2017-01-16 17:28:26 MANAGEMENT: CMD 'hold release'

2017-01-16 17:28:26 MANAGEMENT: CMD 'username "Auth" "namk"'

2017-01-16 17:28:26 MANAGEMENT: CMD 'password [...]'

2017-01-16 17:28:26 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2017-01-16 17:28:26 Socket Buffers: R=[131072->131072] S=[131072->131072]

2017-01-16 17:28:26 MANAGEMENT: >STATE:1484584106,RESOLVE,,,

2017-01-16 17:28:26 *Tunnelblick: openvpnstart starting OpenVPN

2017-01-16 17:28:27 Attempting to establish TCP connection with [AF_INET]XXX.XXX.XXX.231:443 [nonblock]

2017-01-16 17:28:27 MANAGEMENT: >STATE:1484584107,TCP_CONNECT,,,

2017-01-16 17:28:28 TCP connection established with [AF_INET]XXX.XXX.XXX.231:443

2017-01-16 17:28:28 TCPv4_CLIENT link local: [undef]

2017-01-16 17:28:28 TCPv4_CLIENT link remote: [AF_INET]XXX.XXX.XXX.231:443

2017-01-16 17:28:28 MANAGEMENT: >STATE:1484584108,WAIT,,,

2017-01-16 17:28:28 MANAGEMENT: >STATE:1484584108,AUTH,,,

2017-01-16 17:28:28 TLS: Initial packet from [AF_INET]XXX.XXX.XXX.231:443, sid=ab8dd6f6 79cf8578

2017-01-16 17:28:28 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

2017-01-16 17:28:28 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC66U, emailAddress=m...@myhost.mydomain

2017-01-16 17:28:28 VERIFY OK: nsCertType=SERVER

2017-01-16 17:28:28 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC66U, emailAddress=m...@myhost.mydomain

2017-01-16 17:28:29 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

2017-01-16 17:28:29 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

2017-01-16 17:28:29 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

2017-01-16 17:28:29 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

2017-01-16 17:28:29 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA

2017-01-16 17:28:29 [RT-AC66U] Peer Connection Initiated with [AF_INET]XXX.XXX.XXX.231:443

2017-01-16 17:28:30 MANAGEMENT: >STATE:1484584110,GET_CONFIG,,,

2017-01-16 17:28:31 SENT CONTROL [RT-AC66U]: 'PUSH_REQUEST' (status=1)

2017-01-16 17:28:32 PUSH: Received control message: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0,redirect-gateway def1,route-gateway 10.8.0.1,topology subnet,ping 15,ping-restart 60,ifconfig 10.8.0.2 255.255.255.0'

2017-01-16 17:28:32 OPTIONS IMPORT: timers and/or timeouts modified

2017-01-16 17:28:32 OPTIONS IMPORT: --ifconfig/up options modified

2017-01-16 17:28:32 OPTIONS IMPORT: route options modified

2017-01-16 17:28:32 OPTIONS IMPORT: route-related options modified

2017-01-16 17:28:32 Opening utun (connect(AF_SYS_CONTROL)): Resource busy

2017-01-16 17:28:32 Opened utun device utun1

2017-01-16 17:28:32 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0

2017-01-16 17:28:32 MANAGEMENT: >STATE:1484584112,ASSIGN_IP,,10.8.0.2,

2017-01-16 17:28:32 /sbin/ifconfig utun1 delete

ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address

2017-01-16 17:28:32 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure

2017-01-16 17:28:32 /sbin/ifconfig utun1 10.8.0.2 10.8.0.2 netmask 255.255.255.0 mtu 1500 up

2017-01-16 17:28:32 /sbin/route add -net 10.8.0.0 10.8.0.2 255.255.255.0

add net 10.8.0.0: gateway 10.8.0.2

2017-01-16 17:28:32 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw utun1 1500 1560 10.8.0.2 255.255.255.0 init

**********************************************

Start of output from client.up.tunnelblick.sh

NOTE: No network configuration changes need to be made.

WARNING: Will NOT monitor for other network configuration changes.

WARNING: Will NOT disable IPv6 settings.

DNS servers 'XXX.XXX.XXX.10 XXX.XXX.XXX.10' will be used for DNS queries when the VPN is active

Flushed the DNS cache via dscacheutil

/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil

Notified mDNSResponder that the DNS cache was flushed

End of output from client.up.tunnelblick.sh

**********************************************

2017-01-16 17:28:34 *Tunnelblick: No 'connected.sh' script to execute

2017-01-16 17:28:34 /sbin/route add -net XXX.XXX.XXX.231 XXX.XXX.XXX.254 255.255.255.255

add net XXX.XXX.XXX.231: gateway XXX.XXX.XXX.254

2017-01-16 17:28:34 /sbin/route add -net 0.0.0.0 10.8.0.1 128.0.0.0

add net 0.0.0.0: gateway 10.8.0.1

2017-01-16 17:28:34 /sbin/route add -net 128.0.0.0 10.8.0.1 128.0.0.0

add net 128.0.0.0: gateway 10.8.0.1

2017-01-16 17:28:34 MANAGEMENT: >STATE:1484584114,ADD_ROUTES,,,

2017-01-16 17:28:34 /sbin/route add -net 192.168.2.0 10.8.0.1 255.255.255.0

add net 192.168.2.0: gateway 10.8.0.1

2017-01-16 17:28:34 Initialization Sequence Completed

2017-01-16 17:28:34 MANAGEMENT: >STATE:1484584114,CONNECTED,SUCCESS,10.8.0.2,XXX.XXX.XXX.231

Tunnelblick developer

unread,

Jan 16, 2017, 11:57:01 AM1/16/17

to tunnelblick-discuss

You have disabled the warning that the Internet could not be reached even before connecting. Please reset it by resetting all warnings (on the "Preferences" panel of Tunnelblick's "VPN Details" window.) If you see that warning, there is something wrong with your networking setup even before you try to connect the VPN and that should be resolved before you try to use the VPN.

Your VPN setup does not "push" any DNS information from the OpenVPN server. That means that the "….115" DNS server which you apparently use when not connected to the VPN will also be used when you are connected to the VPN. That is very unusual and probably is a misconfiguration of the OpenVPN server on your Asus router.

Your setup also does not "Route all IPv4 traffic through the VPN", which is probably not what you want.

On Monday, January 16, 2017 at 11:35:37 AM UTC-5, namk wrote:

No ideas anyone?

namk

unread,

Jan 16, 2017, 12:16:06 PM1/16/17

to tunnelblick-discuss

Thanks for your reply.

I double-checked my configuration of the OpenVPN server on my router, found out I had to check off these:

It finally then pushed all my traffic through the VPN + I got DNS information from my server!

I've been reading a lot about configuring the VPN using "command lines" and disregarded the GUI altogether.