Tunnelblick tries connecting to wrong IP address

38 views

Skip to first unread message

stach...@gmail.com

unread,

Jun 10, 2018, 10:06:57 AM6/10/18

to tunnelblick-discuss

Tunnelblick appears to be using a cached DNS entry to try and connect to my home VPN server as even though I'm using the same Dynamic DNS name that resolves correctly with DIG commands, Tunnelblick tries to connect to a very old, potentially cached IP address, that isn't mine any more. I've looked at every setting in Tunnelblick and can't find anything that would be causing this for the past year or so (trying the various new releases of Tunnelblick along the way). I can connect just fine if I manually change my VPN file to use my current dynamic IP address for home, which is resolving properly as well, as confirmed by Dig.

I have also tried uninstalling and reinstalling Tunnelblick to no avail as well.

Thanks in advance for any help that you can provide and below is a current diagnostics log (from the current version), as requested.

Stach

*Tunnelblick: OS X 10.13.5; Tunnelblick 3.7.6 (build 5060); prior version 3.7.5a (build 5011); Admin user

git commit 97cf07d5d8675473cd114a94759b495fcef9b2ad

Configuration NewHome-Full-443T

"Sanitized" condensed configuration file for /Library/Application Support/Tunnelblick/Shared/NewHome-Full-443T.tblk:

client

dev tun

proto tcp-client

remote homeip.net 443

float

ncp-ciphers AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC

cipher AES-128-CBC

comp-lzo adaptive

keepalive 15 60

remote-cert-tls server

<ca>

[Security-related line(s) omitted]

</ca>

<cert>

[Security-related line(s) omitted]

</cert>

<key>

[Security-related line(s) omitted]

</key>

resolv-retry infinite

nobind

================================================================================

Non-Apple kexts that are loaded:

Index Refs Address Size Wired Name (Version) UUID <Linked Against>

80 0 0xffffff7f80cbb000 0x7000 0x7000 com.joshuawise.kexts.HoRNDIS (6) 2FF769BE-1667-3CE2-A8AE-C9D86BAF30D4 <52 15 5 4 3 1>

89 0 0xffffff7f80eac000 0x7000 0x7000 com.sony.driver.dsccamDeviceInfo00 (1) 1C4F8BAF-0AB0-35A4-8ED2-168DF963273C <27 26 25 4 3>

151 3 0xffffff7f85c16000 0x64000 0x64000 org.virtualbox.kext.VBoxDrv (5.2.8) E68480EC-6423-30BA-9728-D1B0B5D606FE <7 5 4 3 1>

159 0 0xffffff7f85c7a000 0x8000 0x8000 org.virtualbox.kext.VBoxUSB (5.2.8) 6D97A7F9-6650-3AF5-9477-144D758EB0F0 <158 151 52 7 5 4 3 1>

160 0 0xffffff7f85c82000 0x5000 0x5000 org.virtualbox.kext.VBoxNetFlt (5.2.8) 324CE487-51AE-38A0-AED2-8F8DED2CFD8F <151 7 5 4 3 1>

161 0 0xffffff7f85c87000 0x6000 0x6000 org.virtualbox.kext.VBoxNetAdp (5.2.8) 85257673-062A-35FB-9221-8AB980E0CE5A <151 5 4 1>

================================================================================

There are no unusual files in NewHome-Full-443T.tblk

================================================================================

Configuration preferences:

-skipWarningThatMayNotConnectInFutureBecauseOfOpenVPNOptions = 1

-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 1

-lastConnectionSucceeded = 0

================================================================================

Wildcard preferences:

-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 1

================================================================================

Program preferences:

skipWarningAboutUnavailableOpenvpnVersions = 1

launchAtNextLogin = 1

notOKToCheckThatIPAddressDidNotChangeAfterConnection = 1

tunnelblickVersionHistory = (

"3.7.6 (build 5060)",

"3.7.5a (build 5011)",

"3.7.5 (build 5010)",

"3.7.5beta08 (build 5003)",

"3.7.1b (build 4813)",

"3.7.5beta08 (build 5003)",

"3.7.4b (build 4921)",

"3.7.4 (build 4900)",

"3.7.3 (build 4880)",

"3.7.2 (build 4850)"

)

statusDisplayNumber = 0

lastLaunchTime = 550328256.003153

lastLanguageAtLaunchWasRTL = 0

connectionWindowDisplayCriteria = showWhenConnecting

maxLogDisplaySize = 102400

lastConnectedDisplayName = NewHome-Full-443T

keyboardShortcutIndex = 1

updateCheckAutomatically = 1

NSWindow Frame SettingsSheetWindow = 831 141 829 524 0 0 1680 1027

NSWindow Frame ConnectingWindow = 645 630 389 187 0 0 1680 1027

NSWindow Frame SUUpdateAlert = 530 476 620 392 0 0 1680 1027

NSWindow Frame ListingWindow = 428 144 500 422 0 0 1680 1027

detailsWindowFrameVersion = 5011

detailsWindowFrame = {{379, 420}, {920, 468}}

detailsWindowLeftFrame = {{0, 0}, {165, 350}}

detailsWindowViewIndex = 0

detailsWindowConfigurationsTabIdentifier = log

leftNavSelectedDisplayName = NewHome-Full-443T

AdvancedWindowTabIdentifier = connectingAndDisconnecting

haveDealtWithOldTunTapPreferences = 1

haveDealtWithOldLoginItem = 1

haveDealtWithAfterDisconnect = 1

SUEnableAutomaticChecks = 1

SUFeedURL = https://www.tunnelblick.net/appcast-s.rss

SUScheduledCheckInterval = 86400

SUSendProfileInfo = 0

SULastCheckTime = 2018-06-10 12:57:36 +0000

SUHasLaunchedBefore = 1

WebKitDefaultFontSize = 11

WebKitStandardFont = .AppleSystemUIFont

userAgreementVersionAgreedTo = 1

askedUserIfOKToCheckThatIPAddressDidNotChangeAfterConnection = 1

haveDealtWithSparkle1dot5b6 = 1

tunnelblickdHash = 004cdba8e08abd144bc48409040bc80e29c12ee9741ed7d73754f51d2547f7ea

tunnelblickdPlistHash = ce400d395d1801b003398461b5420021f4d591822783a04b79b2f43956d28620

updateSendProfileInfo = 0

================================================================================

Tunnelblick Log:

*Tunnelblick: OS X 10.13.5; Tunnelblick 3.7.6 (build 5060); prior version 3.7.5a (build 5011)

2018-06-10 08:37:23 *Tunnelblick: Attempting connection with NewHome-Full-443T; Set nameserver = 769; monitoring connection

2018-06-10 08:37:23 *Tunnelblick: openvpnstart start NewHome-Full-443T.tblk 58772 769 0 3 0 1065264 -ptADGNWradsgnw 2.4.6-openssl-1.0.2o

2018-06-10 08:37:23 *Tunnelblick: openvpnstart log:

OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):

/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.4.6-openssl-1.0.2o/openvpn

--daemon

--log

/Library/Application Support/Tunnelblick/Logs/-SLibrary-SApplication Support-STunnelblick-SShared-SNewHome--Full--443T.tblk-SContents-SResources-Sconfig.ovpn.769_0_3_0_1065264.58772.openvpn.log

--cd

/Library/Application Support/Tunnelblick/Shared/NewHome-Full-443T.tblk/Contents/Resources

--setenv

IV_GUI_VER

"net.tunnelblick.tunnelblick 5060 3.7.6 (build 5060)"

--verb

--config

/Library/Application Support/Tunnelblick/Shared/NewHome-Full-443T.tblk/Contents/Resources/config.ovpn

--verb

--cd

/Library/Application Support/Tunnelblick/Shared/NewHome-Full-443T.tblk/Contents/Resources

--management

127.0.0.1

58772

/Library/Application Support/Tunnelblick/kidlmeeapfmdookhkhbajggdpjcdjedddcfaiach.mip

--management-query-passwords

--management-hold

--script-security

--up

/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw

--down

/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw

2018-06-10 08:37:23 *Tunnelblick: Established communication with OpenVPN

2018-06-10 08:37:23 OpenVPN 2.4.6 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Jun 9 2018

2018-06-10 08:37:23 library versions: OpenSSL 1.0.2o 27 Mar 2018, LZO 2.10

2018-06-10 08:37:23 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:58772

2018-06-10 08:37:23 Need hold release from management interface, waiting...

2018-06-10 08:37:23 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:58772

2018-06-10 08:37:23 MANAGEMENT: CMD 'pid'

2018-06-10 08:37:23 MANAGEMENT: CMD 'state on'

2018-06-10 08:37:23 MANAGEMENT: CMD 'state'

2018-06-10 08:37:23 MANAGEMENT: CMD 'bytecount 1'

2018-06-10 08:37:23 MANAGEMENT: CMD 'hold release'

2018-06-10 08:37:23 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2018-06-10 08:37:23 MANAGEMENT: >STATE:1528637843,RESOLVE,,,,,,

2018-06-10 08:37:23 TCP/UDP: Preserving recently used remote address: [AF_INET]75.100.85.217:443

2018-06-10 08:37:23 Socket Buffers: R=[131072->131072] S=[131072->131072]

2018-06-10 08:37:23 Attempting to establish TCP connection with [AF_INET]75.100.85.217:443 [nonblock]

2018-06-10 08:37:23 MANAGEMENT: >STATE:1528637843,TCP_CONNECT,,,,,,

2018-06-10 08:37:23 *Tunnelblick: openvpnstart starting OpenVPN

================================================================================

"Sanitized" full configuration file

client

dev tun

proto tcp-client

remote homeipr.net 443

float

ncp-ciphers AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC

cipher AES-128-CBC

comp-lzo adaptive

keepalive 15 60

remote-cert-tls server

<ca>

[Security-related line(s) omitted]

</ca>

<cert>

[Security-related line(s) omitted]

</cert>

<key>

[Security-related line(s) omitted]

</key>

resolv-retry infinite

nobind

================================================================================

ifconfig output:

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384

options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>

inet 127.0.0.1 netmask 0xff000000

inet6 ::1 prefixlen 128

inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1

nd6 options=201<PERFORMNUD,DAD>

gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280

stf0: flags=0<> mtu 1280

XHC20: flags=0<> mtu 0

en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

ether 34:36:3b:d2:0b:0e

inet6 fe80::b0:2430:eb0c:bb12%en0 prefixlen 64 secured scopeid 0x5

inet 192.168.23.110 netmask 0xffffff00 broadcast 192.168.23.255

nd6 options=201<PERFORMNUD,DAD>

media: autoselect

status: active

p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304

ether 06:36:3b:d2:0b:0e

media: autoselect

status: inactive

awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1484

ether 02:2d:84:c0:56:d4

inet6 fe80::2d:84ff:fec0:56d4%awdl0 prefixlen 64 scopeid 0x7

nd6 options=201<PERFORMNUD,DAD>

media: autoselect

status: active

en1: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500

options=60<TSO4,TSO6>

ether 72:00:07:33:49:20

media: autoselect <full-duplex>

status: inactive

en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500

options=60<TSO4,TSO6>

ether 72:00:07:33:49:21

media: autoselect <full-duplex>

status: inactive

bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

options=63<RXCSUM,TXCSUM,TSO4,TSO6>

ether 72:00:07:33:49:20

Configuration:

id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0

maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200

root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0

ipfilter disabled flags 0x2

member: en1 flags=3<LEARNING,DISCOVER>

ifmaxaddr 0 port 8 priority 0 path cost 0

member: en2 flags=3<LEARNING,DISCOVER>

ifmaxaddr 0 port 9 priority 0 path cost 0

nd6 options=201<PERFORMNUD,DAD>

media: <unknown type>

status: inactive

utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000

inet6 fe80::152:aa91:b4a5:51d4%utun0 prefixlen 64 scopeid 0xb

nd6 options=201<PERFORMNUD,DAD>

utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380

inet6 fe80::4142:d59e:167f:6ca4%utun1 prefixlen 64 scopeid 0xc

nd6 options=201<PERFORMNUD,DAD>

utun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380

inet6 fe80::38b5:a652:c6a4:20a6%utun2 prefixlen 64 scopeid 0xd

nd6 options=201<PERFORMNUD,DAD>

utun3: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380

inet6 fe80::669a:73c0:3a98:5fc5%utun3 prefixlen 64 scopeid 0xe

nd6 options=201<PERFORMNUD,DAD>

================================================================================

Console Log:

2018-06-10 07:56:56 Tunnelblick[15687] Tunnelblick: OS X 10.13.5; Tunnelblick 3.7.5a (build 5011)

2018-06-10 07:56:57 Tunnelblick[15687] Sparkle: ===== Tunnelblick =====

2018-06-10 07:56:57 Tunnelblick[15687] Sparkle: Verified appcast signature

2018-06-10 07:57:20 Tunnelblick[15687] Sparkle: Extracting using '/usr/bin/ditto' '-x' '-k' '-' < '/Users/Stach/Library/Caches/net.tunnelblick.tunnelblick/org.sparkle-project.Sparkle/Tunnelblick 5060/Tunnelblick_3.7.6_build_5060.zip' '/Users/Stach/Library/Caches/net.tunnelblick.tunnelblick/org.sparkle-project.Sparkle/Tunnelblick 5060'

2018-06-10 07:57:21 Tunnelblick[15687] updater:willInstallUpdate: Starting cleanup.

2018-06-10 07:57:22 Tunnelblick[15687] updater:willInstallUpdate: Cleanup finished.

2018-06-10 07:57:22 Tunnelblick[15687] applicationShouldTerminate: termination because of Quit; delayed until 'shutdownTunnelblick' finishes

2018-06-10 07:57:22 Tunnelblick[15687] pthread_mutex_trylock( &cleanupMutex ) failed; status = 16, errno = 9

2018-06-10 07:57:22 Tunnelblick[15687] pthread_mutex_trylock( &cleanupMutex ) failed is normal and expected when Tunnelblick is updated

2018-06-10 07:57:22 Tunnelblick[15687] Finished shutting down Tunnelblick; allowing termination

2018-06-10 07:57:26 Tunnelblick[15712] Tunnelblick: OS X 10.13.5; Tunnelblick 3.7.6 (build 5060)

2018-06-10 07:57:27 Tunnelblick[15712] Need to replace and/or reload 'tunnelblickd':

daemonHashesMatch = NO

plistHashesMatch = YES

activePlistMatches = YES

2018-06-10 07:57:34 Tunnelblick[15712] Tunnelblick needs to:

• Complete the update

2018-06-10 07:57:34 Tunnelblick[15712] Beginning installation or repair

2018-06-10 07:57:35 Tunnelblick[15712] Installation or repair succeeded; Log:

Tunnelblick installer started 2018-06-10 07:57:35. 1 arguments: 0x0101

Replaced /Library/LaunchDaemons/net.tunnelblick.tunnelblick.tunnelblickd.plist

Used launchctl to load tunnelblickd

Tunnelblick installer finished without error

2018-06-10 07:57:36 Tunnelblick[15712] Sparkle: ===== Tunnelblick =====

2018-06-10 07:57:36 Tunnelblick[15712] Sparkle: Verified appcast signature

2018-06-10 07:58:26 Tunnelblick[15712] Set 'expect disconnect' flag

2018-06-10 08:36:34 Tunnelblick[15712] Tunnelblick needs to perform an action that requires a computer administrator's authorization.

2018-06-10 08:36:34 Tunnelblick[15712] Beginning installation or repair

2018-06-10 08:36:34 Tunnelblick[15712] Installation or repair succeeded; Log:

Tunnelblick installer started 2018-06-10 08:36:34. 2 arguments: 0x2001

/Users/Stach/Library/Application Support/Tunnelblick/Configurations/NewHome-Full-443T.tblk

removed /Users/Stach/Library/Application Support/Tunnelblick/Configurations/NewHome-Full-443T.tblk

removed /Library/Application Support/Tunnelblick/Users/Stach/NewHome-Full-443T.tblk

Tunnelblick installer finished without error

2018-06-10 08:36:34 Tunnelblick[15712] Uninstalled configuration file /Users/Stach/Library/Application Support/Tunnelblick/Configurations/NewHome-Full-443T.tblk

2018-06-10 08:36:34 Tunnelblick[15712] localNameFromDisplayName: 'NewHome-Full-443T' is not a known displayName

2018-06-10 08:36:35 Tunnelblick[15712] Configuration Home-Full-Fast will use OpenVPN 2.4.6 - OpenSSL v1.0.2o instead of 2.4.4 - OpenSSL v1.0.2n

2018-06-10 08:36:35 Tunnelblick[15712] localNameFromDisplayName: 'NewHome-Full-443T' is not a known displayName

2018-06-10 08:36:35 Tunnelblick[15712] Configuration Home-Full-Fast will use OpenVPN 2.4.6 - OpenSSL v1.0.2o instead of 2.4.4 - OpenSSL v1.0.2n

2018-06-10 08:36:35 Tunnelblick[15712] localNameFromDisplayName: 'NewHome-Full-443T' is not a known displayName

2018-06-10 08:36:35 Tunnelblick[15712] Configuration Home-Full-Fast will use OpenVPN 2.4.6 - OpenSSL v1.0.2o instead of 2.4.4 - OpenSSL v1.0.2n

2018-06-10 08:36:35 Tunnelblick[15712] localNameFromDisplayName: 'NewHome-Full-443T' is not a known displayName

2018-06-10 08:37:10 Tunnelblick[15712] Converting/Installing /Users/Shared/Downloads/Hardware/Networking/OpenVPN Client Configuration/Home-Full-443T/NewHome-Full-443T.ovpn: One or more CR characters have been removed or replaced with LF characters

2018-06-10 08:37:10 Tunnelblick[15712] Configuration Home-Full-Fast will use OpenVPN 2.4.6 - OpenSSL v1.0.2o instead of 2.4.4 - OpenSSL v1.0.2n

2018-06-10 08:37:14 Tunnelblick[15712] localNameFromDisplayName: 'NewHome-Full-443T' is not a known displayName

2018-06-10 08:37:14 Tunnelblick[15712] Tunnelblick needs to perform an action that requires a computer administrator's authorization.

2018-06-10 08:37:14 Tunnelblick[15712] Beginning installation or repair

2018-06-10 08:37:14 Tunnelblick[15712] Installation or repair succeeded; Log:

Tunnelblick installer started 2018-06-10 08:37:14. 3 arguments: 0x0001

/Library/Application Support/Tunnelblick/Shared/NewHome-Full-443T.tblk

/private/var/folders/q7/zqrj9n8x5xgcsrjwyzr5qzkm0000gp/T/Tunnelblick-sGqR6Y/NewHome-Full-443T.tblk

Copied /private/var/folders/q7/zqrj9n8x5xgcsrjwyzr5qzkm0000gp/T/Tunnelblick-sGqR6Y/NewHome-Full-443T.tblk

to /Library/Application Support/Tunnelblick/Shared/NewHome-Full-443T.tblk.temp

Renamed /Library/Application Support/Tunnelblick/Shared/NewHome-Full-443T.tblk.temp

to /Library/Application Support/Tunnelblick/Shared/NewHome-Full-443T.tblk

Changed ownership of /Library/Application Support/Tunnelblick/Shared/NewHome-Full-443T.tblk and its contents from 502:20 to 0:0

Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Shared/NewHome-Full-443T.tblk

Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Shared/NewHome-Full-443T.tblk/Contents

Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Shared/NewHome-Full-443T.tblk/Contents/Resources

Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Shared/NewHome-Full-443T.tblk/Contents/Resources/config.ovpn

Tunnelblick installer finished without error

2018-06-10 08:37:14 Tunnelblick[15712] Configuration Home-Full-Fast will use OpenVPN 2.4.6 - OpenSSL v1.0.2o instead of 2.4.4 - OpenSSL v1.0.2n

2018-06-10 08:37:15 Tunnelblick[15712] Configuration Home-Full-Fast will use OpenVPN 2.4.6 - OpenSSL v1.0.2o instead of 2.4.4 - OpenSSL v1.0.2n

Tunnelblick developer

unread,

Jun 10, 2018, 10:24:55 AM6/10/18

to tunnelblick-discuss

Tunnelblick (and OpenVPN, which is the program that connects to the OpenVPN server) use the standard macOS DNS resolution system. So what matters is the DNS settings in System Preferences > Network.

"ping", "dig", and some other macOS command line utilities use other methods to do DNS lookups, and so do some browsers.

stach...@gmail.com

unread,

Jun 10, 2018, 11:03:59 AM6/10/18

to tunnelblick-discuss

That's what I thought Tunnelblick would use as well, but how do you explain a simple Dig, and not specifying a nameserver so that it uses what macOS is configured to use, giving me the correct answer

myhome.net. 169 IN A 75.100.141.235

while Tunnelblick tries connecting to a completely different IP address, as shown here?

2018-06-10 10:00:13 MANAGEMENT: >STATE:1528642813,RESOLVE,,,,,,

2018-06-10 10:00:13 TCP/UDP: Preserving recently used remote address: [AF_INET]75.100.85.217:443

2018-06-10 10:00:13 Socket Buffers: R=[131072->131072] S=[131072->131072]

2018-06-10 10:00:13 *Tunnelblick: openvpnstart starting OpenVPN

2018-06-10 10:00:13 Attempting to establish TCP connection with [AF_INET]75.100.85.217:443 [nonblock]

and here's my ovpn config file.

client

dev tun

proto tcp-client

remote myhome.net 443

float

ncp-ciphers AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC

cipher AES-128-CBC

comp-lzo adaptive

keepalive 15 60

remote-cert-tls server

The line "Preserving recently used remote address" concerns me as it seems to imply that it's using a cached address from long ago by mistake. Could that be?

Thanks again for your quick response.

Stach

Tunnelblick developer

unread,

Jun 10, 2018, 1:15:27 PM6/10/18

to tunnelbli...@googlegroups.com

dig, ping, etc. use a different DNS resolution mechanism than most of the rest of macOS, so it is not entirely surprising that they get different results in some circumstances.

In other words, dig chooses a nameserver to use – when you don't specify one – differently than macOS, so it could give different results (as it apparently does in your situation).

I think "Preserving recently used remote address" is saying that it is storing the address in a cache, not retrieving it from a cache. As far as I know OpenVPN doesn't cache anything from one invocation to the next – there isn't any place for it to do so. (But that's really an OpenVPN question.)

What do you have in System Preferences > Network > Advanced > DNS for each of the different active network interfaces on your computer?

Tunnelblick developer

unread,

Jun 10, 2018, 1:30:43 PM6/10/18

to tunnelblick-discuss

And what is in /etc/resolv.cnf?

stach...@gmail.com

unread,

Jun 10, 2018, 2:44:13 PM6/10/18

to tunnelblick-discuss

I only have the DNS resolver on my home network listed, as shown by nslookup (below). However, it doesn't matter where I am connected (hotel, work, a different house, etc...) it never ever resolves correctly, even if I change my machines DNS to resolve at google (8.8.8.8).

nslookup

> server

Default server: 192.168.23.1

Address: 192.168.23.1#53

I have also flushed my macOS DNS cache with this command "sudo killall -HUP mDNSResponder", which didn't help either.

It really seems like my OpenVPN client is caching an A record from long ago and not even trying to resolve it again.

Thanks again for your help.

-Stach

Tunnelblick developer

unread,

Jun 10, 2018, 3:11:09 PM6/10/18

to tunnelblick-discuss

Don't use command line programs on macOS, including nslookup, to test for DNS problems. They are not relevant and cannot be relied on. Just don't use them!

I understand that you think OpenVPN is caching the A records.

It isn't.

If you don't believe me, check with OpenVPN references:

OpenVPN FAQ
OpenVPN HOWTO
OpenVPN 2.3 Man Page
OpenVPN Documentation
OpenVPN Users Forum
OpenVPN Users Mailing List

Please check:

What are the DNS settings for each network interface? (Get them from System Preferences > Network, not from a command line program.)

What are the contents of /etc/hosts?

stach...@gmail.com

unread,

Jun 10, 2018, 3:48:27 PM6/10/18

to tunnelblick-discuss

As you suggested, it was the /etc/hosts file. I must have manually edited that during a vacation when my DDNS service was having issues and totally forgotten about. I should have known to check this but thanks so much for your help, it was greatly appreciated!

-Stach

Tunnelblick developer

unread,

Jun 10, 2018, 7:47:11 PM6/10/18

to tunnelblick-discuss

/etc/hosts -- I should have suggested that earlier!

Reply all

Reply to author

Forward

0 new messages