I can connect to the OpenVPN server but cannot reach internet afterwards
222 views
Skip to first unread message
gbh
May 8, 2018, 1:42:42 AM5/8/18
to tunnelblick-discuss
As stated in the subject, I can connect to my OpenVPN server but can not reach the Internet from the server. Afterwards I get this error message:
Warning After connecting to openvpn-credentials-gregmbp, the Internet does not appear to be reachable.
This may mean that your VPN is not configured correctly.
Here is the log file. Any help would be appreciated.
*Tunnelblick: OS X 10.13.4; Tunnelblick 3.7.5a (build 5011); prior version 3.5.21 (build 4270.4981); Admin user
git commit 8aa639b020f231f1cea64abfe272e6deedfa916b
Configuration openvpn-credentials-gregmbp
"Sanitized" condensed configuration file for /Users/gregoryhowland/Library/Application Support/Tunnelblick/Configurations/openvpn-credentials-gregmbp.tblk:
client
remote xxx.xxx.xx.xx 1194
dev tun
proto udp
resolv-retry infinite
remote-cert-tls server
topology subnet
verb 3
cipher BF-CBC
keysize 128
ca ca.crt
cert gregmbp.crt
key gregmbp.key
tls-auth ta.key 1
nobind
persist-key
persist-tun
comp-lzo
<ca>
[Security-related line(s) omitted]
</ca>
<cert>
[Security-related line(s) omitted]
</cert>
<key>
[Security-related line(s) omitted]
</key>
<tls-auth>
[Security-related line(s) omitted]
</tls-auth>
================================================================================
Non-Apple kexts that are loaded:
Index Refs Address Size Wired Name (Version) UUID <Linked Against>
174 0 0xffffff7f83a04000 0x8000 0x8000 foo.tun (1.0) FBA9A61D-E7BB-391C-92E2-C1D85BB065B2 <7 5 4 1>
175 0 0xffffff7f83a0c000 0x7000 0x7000 foo.tap (1.0) FF769517-6401-3F61-9190-B967BF20C0B2 <7 5 4 1>
================================================================================
There are no unusual files in openvpn-credentials-gregmbp.tblk
================================================================================
Configuration preferences:
-skipWarningThatMayNotConnectInFutureBecauseOfOpenVPNOptions = 1
useDNS = 1
-routeAllTrafficThroughVpn = 1
-openvpnVersion =
-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
-keepConnected = 1
-lastConnectionSucceeded = 1
================================================================================
Wildcard preferences:
-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
================================================================================
Program preferences:
launchAtNextLogin = 1
notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
tunnelblickVersionHistory = (
"3.7.5a (build 5011)",
"3.5.21 (build 4270.4981)",
"3.5.3 (build 4270.4371)",
"3.4beta16 (build 3679)",
"3.4beta14 (build 3649)"
)
statusDisplayNumber = 0
lastLaunchTime = 547445379.425186
showConnectedDurations = 1
lastLanguageAtLaunchWasRTL = 0
connectionWindowDisplayCriteria = showWhenConnectingAndConnected
maxLogDisplaySize = 102400
lastConnectedDisplayName = openvpn-credentials-gregmbp
keyboardShortcutIndex = 1
updateCheckAutomatically = 1
NSWindow Frame ConnectingWindow = 525 517 389 187 0 0 1440 877
detailsWindowFrameVersion = 5011
detailsWindowFrame = {{20, 1}, {920, 794}}
detailsWindowLeftFrame = {{0, 0}, {165, 676}}
detailsWindowViewIndex = 0
detailsWindowConfigurationsTabIdentifier = settings
leftNavSelectedDisplayName = openvpn-credentials-gregmbp
AdvancedWindowTabIdentifier = connectingAndDisconnecting
haveDealtWithOldTunTapPreferences = 1
haveDealtWithOldLoginItem = 1
haveDealtWithAfterDisconnect = 1
SUEnableAutomaticChecks = 1
SUFeedURL = https://www.tunnelblick.net/appcast-s.rss
SUScheduledCheckInterval = 86400
SUSendProfileInfo = 1
SUAutomaticallyUpdate = 1
SULastCheckTime = 2018-05-08 04:55:39 +0000
SULastProfileSubmissionDate = 2018-05-06 18:01:39 +0000
SUHasLaunchedBefore = 1
WebKitDefaultFontSize = 11
WebKitStandardFont = Lucida Grande
askedUserIfOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
haveDealtWithSparkle1dot5b6 = 1
updateAutomatically = 1
updateSendProfileInfo = 1
================================================================================
Tunnelblick Log:
*Tunnelblick: OS X 10.13.4; Tunnelblick 3.7.5a (build 5011); prior version 3.5.21 (build 4270.4981)
2018-05-08 01:21:32 *Tunnelblick: Attempting connection with openvpn-credentials-gregmbp using shadow copy; Set nameserver = 769; monitoring connection
2018-05-08 01:21:32 *Tunnelblick: openvpnstart start openvpn-credentials-gregmbp.tblk 1337 769 0 1 0 1065776 -ptADGNWradsgnw 2.4.4-openssl-1.0.2o
2018-05-08 01:21:32 *Tunnelblick: openvpnstart starting OpenVPN
2018-05-08 01:21:33 *Tunnelblick: openvpnstart log:
OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.4.4-openssl-1.0.2o/openvpn
--daemon
--log
/Library/Application Support/Tunnelblick/Logs/-SUsers-Sgregoryhowland-SLibrary-SApplication Support-STunnelblick-SConfigurations-Sopenvpn--credentials--gregmbp.tblk-SContents-SResources-Sconfig.ovpn.769_0_1_0_1065776.1337.openvpn.log
--cd
/Library/Application Support/Tunnelblick/Users/gregoryhowland/openvpn-credentials-gregmbp.tblk/Contents/Resources
--setenv
IV_GUI_VER
"net.tunnelblick.tunnelblick 5011 3.7.5a (build 5011)"
--verb
3
--config
/Library/Application Support/Tunnelblick/Users/gregoryhowland/openvpn-credentials-gregmbp.tblk/Contents/Resources/config.ovpn
--verb
3
--cd
/Library/Application Support/Tunnelblick/Users/gregoryhowland/openvpn-credentials-gregmbp.tblk/Contents/Resources
--management
127.0.0.1
1337
/Library/Application Support/Tunnelblick/cmbcgfcpapakhfednmlojagcnbckemhndeoggfnf.mip
--management-query-passwords
--management-hold
--redirect-gateway
def1
--script-security
2
--up
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
--down
/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
2018-05-08 01:21:33 *Tunnelblick: Established communication with OpenVPN
2018-05-08 01:21:33 WARNING: --keysize is DEPRECATED and will be removed in OpenVPN 2.6
2018-05-08 01:21:33 OpenVPN 2.4.4 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Mar 27 2018
2018-05-08 01:21:33 library versions: OpenSSL 1.0.2o 27 Mar 2018, LZO 2.10
2018-05-08 01:21:33 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337
2018-05-08 01:21:33 Need hold release from management interface, waiting...
2018-05-08 01:21:33 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337
2018-05-08 01:21:33 MANAGEMENT: CMD 'pid'
2018-05-08 01:21:33 MANAGEMENT: CMD 'state on'
2018-05-08 01:21:33 MANAGEMENT: CMD 'state'
2018-05-08 01:21:33 MANAGEMENT: CMD 'bytecount 1'
2018-05-08 01:21:33 MANAGEMENT: CMD 'hold release'
2018-05-08 01:21:33 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2018-05-08 01:21:33 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2018-05-08 01:21:33 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2018-05-08 01:21:33 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xx.xx:1194
2018-05-08 01:21:33 Socket Buffers: R=[196724->196724] S=[9216->9216]
2018-05-08 01:21:33 UDP link local: (not bound)
2018-05-08 01:21:33 UDP link remote: [AF_INET]xxx.xxx.xx.xx:1194
2018-05-08 01:21:33 MANAGEMENT: >STATE:1525756893,WAIT,,,,,,
2018-05-08 01:21:33 MANAGEMENT: >STATE:1525756893,AUTH,,,,,,
2018-05-08 01:21:33 TLS: Initial packet from [AF_INET]xxx.xxx.xx.xx:1194, sid=0ba8cb33 1650c615
2018-05-08 01:21:33 VERIFY OK: depth=1, C=??, ST=UnknownProvince, L=UnknownCity, O=UnknownOrg, OU=UnknownOrgUnit, CN=ukyoihzgdobrmcw, name=ukyoihzgdobrmcw, emailAddress=ukyoihz...@rpankkequvjvdhd.com
2018-05-08 01:21:33 VERIFY KU OK
2018-05-08 01:21:33 Validating certificate extended key usage
2018-05-08 01:21:33 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2018-05-08 01:21:33 VERIFY EKU OK
2018-05-08 01:21:33 VERIFY OK: depth=0, C=??, ST=UnknownProvince, L=UnknownCity, O=UnknownOrg, OU=UnknownOrgUnit, CN=ukyoihzgdobrmcw, name=ukyoihzgdobrmcw, emailAddress=ukyoihz...@rpankkequvjvdhd.com
2018-05-08 01:21:33 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
2018-05-08 01:21:33 [ukyoihzgdobrmcw] Peer Connection Initiated with [AF_INET]xxx.xxx.xx.xx:1194
2018-05-08 01:21:34 MANAGEMENT: >STATE:1525756894,GET_CONFIG,,,,,,
2018-05-08 01:21:34 SENT CONTROL [ukyoihzgdobrmcw]: 'PUSH_REQUEST' (status=1)
2018-05-08 01:21:34 PUSH: Received control message: 'PUSH_REPLY,topology subnet,route-gateway 10.8.0.1,redirect-gateway def1,ping 25,ping-restart 180,ifconfig 10.8.0.2 255.255.255.0'
2018-05-08 01:21:34 OPTIONS IMPORT: timers and/or timeouts modified
2018-05-08 01:21:34 OPTIONS IMPORT: --ifconfig/up options modified
2018-05-08 01:21:34 OPTIONS IMPORT: route options modified
2018-05-08 01:21:34 OPTIONS IMPORT: route-related options modified
2018-05-08 01:21:34 Outgoing Data Channel: Cipher 'BF-CBC' initialized with 128 bit key
2018-05-08 01:21:34 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
2018-05-08 01:21:34 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
2018-05-08 01:21:34 Incoming Data Channel: Cipher 'BF-CBC' initialized with 128 bit key
2018-05-08 01:21:34 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
2018-05-08 01:21:34 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
2018-05-08 01:21:34 WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks.
2018-05-08 01:21:34 Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16)
2018-05-08 01:21:34 Opened utun device utun1
2018-05-08 01:21:34 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
2018-05-08 01:21:34 MANAGEMENT: >STATE:1525756894,ASSIGN_IP,,10.8.0.2,,,,
2018-05-08 01:21:34 /sbin/ifconfig utun1 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2018-05-08 01:21:34 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2018-05-08 01:21:34 /sbin/ifconfig utun1 10.8.0.2 10.8.0.2 netmask 255.255.255.0 mtu 1500 up
2018-05-08 01:21:34 /sbin/route add -net 10.8.0.0 10.8.0.2 255.255.255.0
add net 10.8.0.0: gateway 10.8.0.2
2018-05-08 01:21:34 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw utun1 1500 1542 10.8.0.2 255.255.255.0 init
**********************************************
Start of output from client.up.tunnelblick.sh
NOTE: No network configuration changes need to be made.
WARNING: Will NOT monitor for other network configuration changes.
WARNING: Will NOT disable IPv6 settings.
DNS servers '192.168.1.1 208.67.222.222 208.67.220.220 8.8.8.8 8.8.4.4' were set manually
DNS servers '192.168.1.1 208.67.222.222 208.67.220.220 8.8.8.8 8.8.4.4' will be used for DNS queries when the VPN is active
NOTE: The DNS servers include one or more free public DNS servers known to Tunnelblick and one or more DNS servers not known to Tunnelblick. If used, the DNS servers not known to Tunnelblick may cause DNS queries to fail or be intercepted or falsified even if they are directed through the VPN. Specify only known public DNS servers or DNS servers located on the VPN network to avoid such problems.
Flushed the DNS cache via dscacheutil
/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
Notified mDNSResponder that the DNS cache was flushed
End of output from client.up.tunnelblick.sh
**********************************************
2018-05-08 01:21:37 *Tunnelblick: No 'connected.sh' script to execute
2018-05-08 01:21:37 /sbin/route add -net xxx.xxx.xx.xx 192.168.1.1 255.255.255.255
add net xxx.xxx.xx.xx: gateway 192.168.1.1
2018-05-08 01:21:37 /sbin/route add -net 0.0.0.0 10.8.0.1 128.0.0.0
add net 0.0.0.0: gateway 10.8.0.1
2018-05-08 01:21:37 /sbin/route add -net 128.0.0.0 10.8.0.1 128.0.0.0
add net 128.0.0.0: gateway 10.8.0.1
2018-05-08 01:21:37 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2018-05-08 01:21:37 Initialization Sequence Completed
2018-05-08 01:21:37 MANAGEMENT: >STATE:1525756897,CONNECTED,SUCCESS,10.8.0.2,xxx.xxx.xx.xx,1194,,
2018-05-08 01:22:17 *Tunnelblick: After 30.0 seconds, gave up trying to fetch IP address information using the ipInfo host's name after connecting.
2018-05-08 01:22:52 *Tunnelblick: After 30.0 seconds, gave up trying to fetch IP address information using the ipInfo host's IP address after connecting.
2018-05-08 01:23:24 *Tunnelblick: Disconnecting; notification window disconnect button pressed
2018-05-08 01:23:24 *Tunnelblick: No 'pre-disconnect.sh' script to execute
2018-05-08 01:23:24 *Tunnelblick: Disconnecting using 'kill'
2018-05-08 01:23:25 event_wait : Interrupted system call (code=4)
2018-05-08 01:23:25 /sbin/route delete -net xxx.xxx.xx.xx 192.168.1.1 255.255.255.255
delete net xxx.xxx.xx.xx: gateway 192.168.1.1
2018-05-08 01:23:25 /sbin/route delete -net 0.0.0.0 10.8.0.1 128.0.0.0
delete net 0.0.0.0: gateway 10.8.0.1
2018-05-08 01:23:25 /sbin/route delete -net 128.0.0.0 10.8.0.1 128.0.0.0
delete net 128.0.0.0: gateway 10.8.0.1
2018-05-08 01:23:25 Closing TUN/TAP interface
2018-05-08 01:23:25 /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw utun1 1500 1542 10.8.0.2 255.255.255.0 init
**********************************************
Start of output from client.down.tunnelblick.sh
WARNING: Not restoring DNS settings because no saved Tunnelblick DNS information was found.
Flushed the DNS cache via dscacheutil
/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
Notified mDNSResponder that the DNS cache was flushed
End of output from client.down.tunnelblick.sh
**********************************************
2018-05-08 01:23:26 *Tunnelblick: No 'post-disconnect.sh' script to execute
2018-05-08 01:23:26 *Tunnelblick: Expected disconnection occurred.
2018-05-08 01:23:26 SIGTERM[hard,] received, process exiting
2018-05-08 01:23:26 MANAGEMENT: >STATE:1525757006,EXITING,SIGTERM,,,,,
================================================================================
"Sanitized" full configuration file
client
remote xxx.xxx.xx.xx 1194
dev tun
proto udp
##### Disabled by Tunnelblick: status current_status
resolv-retry infinite
remote-cert-tls server
topology subnet
verb 3
cipher BF-CBC
keysize 128
ca ca.crt
cert gregmbp.crt
key gregmbp.key
tls-auth ta.key 1
nobind
persist-key
persist-tun
comp-lzo
<ca>
[Security-related line(s) omitted]
</ca>
<cert>
[Security-related line(s) omitted]
</cert>
<key>
[Security-related line(s) omitted]
</key>
<tls-auth>
[Security-related line(s) omitted]
</tls-auth>
================================================================================
ifconfig output:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
EHC253: flags=0<> mtu 0
EHC250: flags=0<> mtu 0
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=b<RXCSUM,TXCSUM,VLAN_HWTAGGING>
ether c4:2c:03:3c:5b:d7
nd6 options=201<PERFORMNUD,DAD>
media: autoselect (none)
status: inactive
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 60:33:4b:29:d0:98
inet6 fe80::1074:4b7c:73c7:47c1%en1 prefixlen 64 secured scopeid 0x7
inet 192.168.1.3 netmask 0xffffff00 broadcast 192.168.1.255
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether 02:33:4b:29:d0:98
media: autoselect
status: inactive
fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078
lladdr 78:ca:39:ff:fe:0c:96:2a
nd6 options=201<PERFORMNUD,DAD>
media: autoselect <full-duplex>
status: inactive
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
inet6 fe80::b247:b3fc:da86:c8a%utun0 prefixlen 64 scopeid 0xa
nd6 options=201<PERFORMNUD,DAD>
================================================================================
Console Log:
2018-05-07 19:37:42 Tunnelblick[66385] Set 'expect disconnect' flag
2018-05-07 21:10:15 Tunnelblick[66385] applicationShouldTerminate: termination because of shutdown; delayed until 'shutdownTunnelblick' finishes
2018-05-07 21:10:15 Tunnelblick[66385] Finished shutting down Tunnelblick; allowing termination
2018-05-07 21:20:43 Tunnelblick[448] Tunnelblick: OS X 10.13.4; Tunnelblick 3.7.5a (build 5011)
2018-05-07 21:20:47 Tunnelblick[448] Removed file: /Library/Application Support/Tunnelblick/expect-disconnect.txt
2018-05-07 21:20:48 Tunnelblick[448] Sparkle: ===== Tunnelblick.app =====
2018-05-07 21:20:48 Tunnelblick[448] Sparkle: Verified appcast signature
2018-05-07 21:24:56 Tunnelblick[448] currentIPInfo(Name): IP address info could not be fetched within 35.1 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={NSUnderlyingError=0x60000025a580 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "The request timed out." UserInfo={NSErrorFailingURLStringKey=https://tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://tunnelblick.net/ipinfo, _kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4, NSLocalizedDescription=The request timed out.}}, NSErrorFailingURLStringKey=https://tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://tunnelblick.net/ipinfo, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-2102, NSLocalizedDescription=The request timed out.}'; the response was '(null)'
2018-05-07 21:25:32 Tunnelblick[448] currentIPInfo(Address): IP address info could not be fetched within 36.0 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={NSUnderlyingError=0x604000645b20 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "The request timed out." UserInfo={NSErrorFailingURLStringKey=http://205.233.73.116/ipinfo, NSErrorFailingURLKey=http://205.233.73.116/ipinfo, _kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4, NSLocalizedDescription=The request timed out.}}, NSErrorFailingURLStringKey=http://205.233.73.116/ipinfo, NSErrorFailingURLKey=http://205.233.73.116/ipinfo, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-2102, NSLocalizedDescription=The request timed out.}'; the response was '(null)'
2018-05-07 21:27:35 Tunnelblick[448] Set 'expect disconnect' flag
2018-05-07 21:28:25 Tunnelblick[448] currentIPInfo(Name): IP address info could not be fetched within 36.0 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={NSUnderlyingError=0x60400045e4b0 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "The request timed out." UserInfo={NSErrorFailingURLStringKey=https://tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://tunnelblick.net/ipinfo, _kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4, NSLocalizedDescription=The request timed out.}}, NSErrorFailingURLStringKey=https://tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://tunnelblick.net/ipinfo, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-2102, NSLocalizedDescription=The request timed out.}'; the response was '(null)'
2018-05-07 21:29:00 Tunnelblick[448] currentIPInfo(Address): IP address info could not be fetched within 35.0 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={NSUnderlyingError=0x600000458db0 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "The request timed out." UserInfo={NSErrorFailingURLStringKey=http://205.233.73.116/ipinfo, NSErrorFailingURLKey=http://205.233.73.116/ipinfo, _kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4, NSLocalizedDescription=The request timed out.}}, NSErrorFailingURLStringKey=http://205.233.73.116/ipinfo, NSErrorFailingURLKey=http://205.233.73.116/ipinfo, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-2102, NSLocalizedDescription=The request timed out.}'; the response was '(null)'
2018-05-07 21:31:14 Tunnelblick[448] Set 'expect disconnect' flag
2018-05-07 21:31:52 Tunnelblick[448] applicationShouldTerminate: termination because of shutdown; delayed until 'shutdownTunnelblick' finishes
2018-05-07 21:31:52 Tunnelblick[448] Finished shutting down Tunnelblick; allowing termination
2018-05-07 21:50:33 Tunnelblick[566] Tunnelblick: OS X 10.13.4; Tunnelblick 3.7.5a (build 5011)
2018-05-07 21:50:35 Tunnelblick[566] Sparkle: ===== Tunnelblick.app =====
2018-05-07 21:50:35 Tunnelblick[566] Sparkle: Verified appcast signature
2018-05-07 22:50:34 Tunnelblick[566] currentIPInfo(Name): IP address info could not be fetched within 35.3 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={NSUnderlyingError=0x60400024f2a0 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "The request timed out." UserInfo={NSErrorFailingURLStringKey=https://tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://tunnelblick.net/ipinfo, _kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4, NSLocalizedDescription=The request timed out.}}, NSErrorFailingURLStringKey=https://tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://tunnelblick.net/ipinfo, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-2102, NSLocalizedDescription=The request timed out.}'; the response was '(null)'
2018-05-07 22:51:09 Tunnelblick[566] currentIPInfo(Address): IP address info could not be fetched within 35.2 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={NSUnderlyingError=0x60400044a5c0 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "The request timed out." UserInfo={NSErrorFailingURLStringKey=http://205.233.73.116/ipinfo, NSErrorFailingURLKey=http://205.233.73.116/ipinfo, _kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4, NSLocalizedDescription=The request timed out.}}, NSErrorFailingURLStringKey=http://205.233.73.116/ipinfo, NSErrorFailingURLKey=http://205.233.73.116/ipinfo, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-2102, NSLocalizedDescription=The request timed out.}'; the response was '(null)'
2018-05-07 22:52:18 Tunnelblick[566] Set 'expect disconnect' flag
2018-05-08 00:09:21 Tunnelblick[566] applicationShouldTerminate: termination because of Quit; delayed until 'shutdownTunnelblick' finishes
2018-05-08 00:09:22 Tunnelblick[566] pthread_mutex_lock( &unloadKextsMutex ) failed; status = 16, errno = 2
2018-05-08 00:09:23 Tunnelblick[566] Finished shutting down Tunnelblick; allowing termination
2018-05-08 00:09:38 Tunnelblick[2425] Tunnelblick: OS X 10.13.4; Tunnelblick 3.7.5a (build 5011)
2018-05-08 00:09:39 Tunnelblick[2425] Sparkle: ===== Tunnelblick.app =====
2018-05-08 00:09:39 Tunnelblick[2425] Sparkle: Verified appcast signature
2018-05-08 00:10:43 Tunnelblick[2425] currentIPInfo(Name): IP address info could not be fetched within 36.0 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={NSUnderlyingError=0x600000245d60 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "The request timed out." UserInfo={NSErrorFailingURLStringKey=https://tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://tunnelblick.net/ipinfo, _kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4, NSLocalizedDescription=The request timed out.}}, NSErrorFailingURLStringKey=https://tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://tunnelblick.net/ipinfo, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-2102, NSLocalizedDescription=The request timed out.}'; the response was '(null)'
2018-05-08 00:10:46 Tunnelblick[2425] Set 'expect disconnect' flag
2018-05-08 00:36:59 Tunnelblick[2425] currentIPInfo(Name): IP address info could not be fetched within 35.0 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={NSUnderlyingError=0x600000258720 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "The request timed out." UserInfo={NSErrorFailingURLStringKey=https://tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://tunnelblick.net/ipinfo, _kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4, NSLocalizedDescription=The request timed out.}}, NSErrorFailingURLStringKey=https://tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://tunnelblick.net/ipinfo, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-2102, NSLocalizedDescription=The request timed out.}'; the response was '(null)'
2018-05-08 00:37:34 Tunnelblick[2425] currentIPInfo(Address): IP address info could not be fetched within 35.5 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={NSUnderlyingError=0x604000451fa0 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "The request timed out." UserInfo={NSErrorFailingURLStringKey=http://205.233.73.116/ipinfo, NSErrorFailingURLKey=http://205.233.73.116/ipinfo, _kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4, NSLocalizedDescription=The request timed out.}}, NSErrorFailingURLStringKey=http://205.233.73.116/ipinfo, NSErrorFailingURLKey=http://205.233.73.116/ipinfo, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-2102, NSLocalizedDescription=The request timed out.}'; the response was '(null)'
2018-05-08 00:38:21 Tunnelblick[2425] Set 'expect disconnect' flag
2018-05-08 00:55:36 Tunnelblick[2425] Sparkle: Verified appcast signature
2018-05-08 00:58:29 Tunnelblick[2425] Configuration openvpn-credentials-gregmbp will use OpenVPN 2.4.4 - LibreSSL v2.7.1 instead of 2.5 git 849006b - LibreSSL v2.7.1
2018-05-08 00:59:18 Tunnelblick[2425] Configuration openvpn-credentials-gregmbp will use OpenVPN 2.4.4 - LibreSSL v2.7.1 instead of 2.5 git 849006b - LibreSSL v2.7.1
2018-05-08 00:59:46 Tunnelblick[2425] Configuration openvpn-credentials-gregmbp will use OpenVPN 2.4.4 - LibreSSL v2.7.1 instead of 2.5 git 849006b - LibreSSL v2.7.1
2018-05-08 01:00:34 Tunnelblick[2425] currentIPInfo(Name): IP address info could not be fetched within 35.3 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={NSUnderlyingError=0x60000045ddc0 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "The request timed out." UserInfo={NSErrorFailingURLStringKey=https://tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://tunnelblick.net/ipinfo, _kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4, NSLocalizedDescription=The request timed out.}}, NSErrorFailingURLStringKey=https://tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://tunnelblick.net/ipinfo, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-2102, NSLocalizedDescription=The request timed out.}'; the response was '(null)'
2018-05-08 01:01:09 Tunnelblick[2425] Set 'expect disconnect' flag
2018-05-08 01:01:10 Tunnelblick[2425] currentIPInfo(Address): IP address info could not be fetched within 35.4 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={NSUnderlyingError=0x604000a44470 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "The request timed out." UserInfo={NSErrorFailingURLStringKey=http://205.233.73.116/ipinfo, NSErrorFailingURLKey=http://205.233.73.116/ipinfo, _kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4, NSLocalizedDescription=The request timed out.}}, NSErrorFailingURLStringKey=http://205.233.73.116/ipinfo, NSErrorFailingURLKey=http://205.233.73.116/ipinfo, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-2102, NSLocalizedDescription=The request timed out.}'; the response was '(null)'
2018-05-08 01:02:47 Tunnelblick[2425] Set 'expect disconnect' flag
2018-05-08 01:02:51 Tunnelblick[2425] currentIPInfo(Name): IP address info could not be fetched within 35.7 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={NSUnderlyingError=0x600000257ca0 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "The request timed out." UserInfo={NSErrorFailingURLStringKey=https://tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://tunnelblick.net/ipinfo, _kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4, NSLocalizedDescription=The request timed out.}}, NSErrorFailingURLStringKey=https://tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://tunnelblick.net/ipinfo, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-2102, NSLocalizedDescription=The request timed out.}'; the response was '(null)'
2018-05-08 01:21:32 Tunnelblick[2425] Cleared 'expect disconnect' flag
2018-05-08 01:22:17 Tunnelblick[2425] currentIPInfo(Name): IP address info could not be fetched within 35.1 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={NSUnderlyingError=0x600000458900 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "The request timed out." UserInfo={NSErrorFailingURLStringKey=https://tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://tunnelblick.net/ipinfo, _kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4, NSLocalizedDescription=The request timed out.}}, NSErrorFailingURLStringKey=https://tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://tunnelblick.net/ipinfo, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-2102, NSLocalizedDescription=The request timed out.}'; the response was '(null)'
2018-05-08 01:22:52 Tunnelblick[2425] currentIPInfo(Address): IP address info could not be fetched within 35.4 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={NSUnderlyingError=0x600000453cb0 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "The request timed out." UserInfo={NSErrorFailingURLStringKey=http://205.233.73.116/ipinfo, NSErrorFailingURLKey=http://205.233.73.116/ipinfo, _kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4, NSLocalizedDescription=The request timed out.}}, NSErrorFailingURLStringKey=http://205.233.73.116/ipinfo, NSErrorFailingURLKey=http://205.233.73.116/ipinfo, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-2102, NSLocalizedDescription=The request timed out.}'; the response was '(null)'
2018-05-08 01:23:24 Tunnelblick[2425] Set 'expect disconnect' flag
Tunnelblick developer
May 8, 2018, 6:25:28 AM5/8/18
to tunnelblick-discuss
Some background, please: it appears that you've been using Tunnelblick on this computer for some time (using several releases of Tunnelblick). Did it ever work, or is this a new problem after working successfully for some time? Did the problem happen immediately after the most recent Tunnelblick update?
Usually if a VPN suddenly stops working without having changed anything on your computer, there is a problem with the OpenVPN server.
You could try using the different versions of OpenVPN/SSL that are included in Tunnelblick. That's unlikely to fix this problem but is very easy to do.
Other comments:
- You set DNS manually to "192.168.1.1 208.67.222.222 208.67.220.220 8.8.8.8 8.8.4.4". Are you aware that macOS will use the first NDS server, and will only use the second one if the first one fails to respond at all (i.e, it is down) for 30-60 seconds? (This is unlike Windows, which will send queries to all DNS servers and then use the first response.)
- Your setup uses an obsolete option: " --keysize is DEPRECATED and will be removed in OpenVPN 2.6", and poor encryption: "WARNING: INSECURE cipher with block size less than 128 bit (64 bit)". You should update to more modern settings.
- You could have trouble resolving domain names or be subject to attack because you are not using a DNS that has the same IP address as your OpenVPN server.
2018-05-08 01:21:33 VERIFY OK: depth=1, C=??, ST=UnknownProvince, L=UnknownCity, O=UnknownOrg, OU=UnknownOrgUnit, CN=ukyoihzgdobrmcw, name=ukyoihzgdobrmcw, emailAddress=ukyoihzgdobrmcw@rpankkequvjvdhd.com
2018-05-08 01:21:33 VERIFY KU OK2018-05-08 01:21:33 Validating certificate extended key usage2018-05-08 01:21:33 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication2018-05-08 01:21:33 VERIFY EKU OK
2018-05-08 01:21:33 VERIFY OK: depth=0, C=??, ST=UnknownProvince, L=UnknownCity, O=UnknownOrg, OU=UnknownOrgUnit, CN=ukyoihzgdobrmcw, name=ukyoihzgdobrmcw, emailAddress=ukyoihzgdobrmcw@rpankkequvjvdhd.com
Greg Howland
May 8, 2018, 7:33:23 AM5/8/18
to tunnelbli...@googlegroups.com
I originally installed Tunnelblick a while ago but never got around to get it up and running. This is the first time I’ve put time in to get it to work, so I’ve never had it running on this computer.
About your other comments.
1. I initially had DNS set to only 192.168.1.1 which goes to my Verizon FiOS modem and uses their DNS servers. When that didn’t work, I read somewhere that the Verizon DNS servers may be ignoring my requests because it’s coming from outside their network, so I added the public DNS servers to the list. But that didn’t work either, and I don’t think that’s the issue because it didn’t work even when I connected to the OpenVPN server from within my home network.
2. I’m not sure what this obsolete option is, I just used the default settings. What setting should be changed?
3. So, should I remove the public domain name servers and just use 192.168.1.1 which would use the Verizon servers?
Thanks,
Greg
--
You received this message because you are subscribed to the Google Groups "tunnelblick-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tunnelblick-dis...@googlegroups.com.
Visit this group at https://groups.google.com/group/tunnelblick-discuss.
For more options, visit https://groups.google.com/d/optout.
Tunnelblick developer
May 8, 2018, 8:42:17 AM5/8/18
to tunnelblick-discuss
Sorry, but almost all of your questions/issues are related to OpenVPN, not Tunnelblick. OpenVPN is a very complex program with more than 100 options (maybe more than 200?)Try consulting some OpenVPN references:
To get you started, though: typically, an OpenVPN server is set up to "push" DNS servers to your OpenVPN client, but it is also common to use OpenDNS or Google Public DNS. (If you use your router's built-in DNS server or Verizon's, it probably won't work because it isn't accessible from the OpenVPN server. Verizon's DNS servers, for example, may not respond to DNS requests that come from outside their network.)
On Tuesday, May 8, 2018 at 7:33:23 AM UTC-4, Greg Howland wrote:
I originally installed Tunnelblick a while ago but never got around to get it up and running. This is the first time I’ve put time in to get it to work, so I’ve never had it running on this computer.About your other comments.1. I initially had DNS set to only 192.168.1.1 which goes to my Verizon FiOS modem and uses their DNS servers. When that didn’t work, I read somewhere that the Verizon DNS servers may be ignoring my requests because it’s coming from outside their network, so I added the public DNS servers to the list. But that didn’t work either, and I don’t think that’s the issue because it didn’t work even when I connected to the OpenVPN server from within my home network.2. I’m not sure what this obsolete option is, I just used the default settings. What setting should be changed?3. So, should I remove the public domain name servers and just use 192.168.1.1 which would use the Verizon servers?Thanks,Greg
To unsubscribe from this group and stop receiving emails from it, send an email to tunnelblick-discuss+unsub...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages