Regularly dropping connection
122 views
Skip to first unread message
Larry Martell
Jun 17, 2016, 10:17:09 AM6/17/16
to tunnelblick-discuss
I am running Tunnelblick 3.6.3 (build 4560) on OS X 10.8.5. On a regular basis, but without a pattern (i.e. sometimes after 5 minutes, sometimes 20 minutes, sometimes an hour, and so on), my connection is dropped. My sysadmin says this only happens to me, and he is unable to help me. It's not my internet connection, as that is up when the correction get dropped.
This is what is in the log:
2016-06-17 08:12:37 Connection reset, restarting [-1]
2016-06-17 08:12:37 /Applications/Tunnelblick.app/Contents/Resources/client.route-pre-down.tunnelblick.sh -9 -a -d -f -m -w -ptADGNWradsgnw tap0 1500 1576 init
**********************************************
Start of output from client.route-pre-down.tunnelblick.sh
WARNING: Ignoring change of Network Primary Service from 9BB0ABA3-38C0-45CE-A273-6204095D2F1D to RestoreIpv6Services :
9BB0ABA3-38C0-45CE-A273-6204095D2F1D
Released the DHCP lease via ipconfig set "tap0" NONE.
End of output from client.route-pre-down.tunnelblick.sh
**********************************************
2016-06-17 08:12:37 /sbin/route delete -net 0.0.0.0 192.168.0.1 255.255.255.255
delete net 0.0.0.0: gateway 192.168.0.1
2016-06-17 08:12:37 Closing TUN/TAP interface
2016-06-17 08:12:37 /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -a -d -f -m -w -ptADGNWradsgnw tap0 1500 1576 init
**********************************************
Start of output from client.down.tunnelblick.sh
Restored the DNS and SMB configurations
2016-06-17 08:12:37 SIGUSR1[soft,connection-reset] received, process restarting
2016-06-17 08:12:37 MANAGEMENT: >STATE:1466165557,RECONNECTING,connection-reset,,
2016-06-17 08:12:38 *Tunnelblick: No 'reconnecting.sh' script to execute
2016-06-17 08:12:38 MANAGEMENT: CMD 'hold release'
How can I debug what the underlying problem is?
jkbull...gmail.com
Jun 17, 2016, 10:44:58 AM6/17/16
to tunnelblick-discuss
So there are two problems?
- The connection is dropped
- The connection doesn't restart properly.
Or does the connection restart properly?
Larry Martell
Jun 17, 2016, 12:06:10 PM6/17/16
to tunnelbli...@googlegroups.com
Yes, the connection starts properly, but when it's dropped I lose all
my ssh sessions.
The "read before you post" page says:
1. Make sure you do not have manually set DNS server addresses in OS X
System Preferences : Network (select the primary interface, click the
"Advanced..." button, then the DNS tab; there should be no addresses
on the left that are not dimmed).
Originally my DNS servers were set to my ISP's servers, and the
correction was dropping. My admin told me to remove those and put in
8.8.8.8, which I did, but it did not fix the problem. Now I just tried
removing 8.8.8.8 and the IPS's DNS servers re-appeared. There does not
seem to be any way to remove them.
6. Make sure that "Check if the apparent public IP address changed
after connecting" is checked.
I checked that (it was not checked) and then when I connected I got a
dialog box that said:
This computer's apparent public IP address was not different after
connecting to MyCompany. It is still xx.xx.xx.xx.
This may mean that your VPN is not configured correctly.
Here is the log from the connection to the disconnection:
*Tunnelblick: OS X 10.8.5; Tunnelblick 3.6.3 (build 4560); Admin user
git commit de3da06d3f99c6839b7ffc5b18f7b3252a79fa8a
Configuration Elucid(180)
"Sanitized" condensed configuration file for
/Users/LarryMartell/Library/Application
Support/Tunnelblick/Configurations/Elucid(180).tblk:
client
dev tap
proto tcp-client
remote 71.245.233.180 1194
float
comp-lzo adaptive
keepalive 15 60
auth-user-pass
ns-cert-type server
<ca>
[Security-related line(s) omitted]
</ca>
<cert>
[Security-related line(s) omitted]
</cert>
<key>
[Security-related line(s) omitted]
</key>
resolv-retry infinite
nobind
================================================================================
Non-Apple kexts that are loaded:
Index Refs Address Size Wired Name (Version)
<Linked Against>
135 0 0xffffff7f826c5000 0x8000 0x8000 foo.tun (1.0) <7 5 4 1>
191 3 0xffffff7f82862000 0x63000 0x63000
org.virtualbox.kext.VBoxDrv (5.0.20) <7 5 4 3 1>
192 0 0xffffff7f8265b000 0x8000 0x8000
org.virtualbox.kext.VBoxUSB (5.0.20) <191 45 33 7 5 4 3 1>
193 0 0xffffff7f82663000 0x5000 0x5000
org.virtualbox.kext.VBoxNetFlt (5.0.20) <191 7 5 4 3 1>
194 0 0xffffff7f82668000 0x6000 0x6000
org.virtualbox.kext.VBoxNetAdp (5.0.20) <191 5 4 1>
229 0 0xffffff7f82949000 0x7000 0x7000
net.tunnelblick.tap (4560.2) <7 5 4 1>
================================================================================
There are no unusual files in Elucid(180).tblk
================================================================================
Configuration preferences:
-routeAllTrafficThroughVpn = 0
-keychainHasUsernameAndPassword = 1
-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
-keepConnected = 1
-loggingLevel = 3
-lastConnectionSucceeded = 1
================================================================================
Wildcard preferences:
-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
================================================================================
Program preferences:
launchAtNextLogin = 1
notOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
askedUserIfOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
tunnelblickVersionHistory = (
"3.6.3 (build 4560)"
)
lastLaunchTime = 486497531.535787
connectionWindowDisplayCriteria = showWhenConnecting
maxLogDisplaySize = 102400
lastConnectedDisplayName = Elucid(180)
keyboardShortcutIndex = 1
updateCheckAutomatically = 0
updateSendProfileInfo = 1
tunnelblickdHash =
982f7a7b2b98739801aa88b72712259b30dea31dbe8f2662db447888ff2ff295
tunnelblickdPlistHash =
ce400d395d1801b003398461b5420021f4d591822783a04b79b2f43956d28620
NSWindow Frame SettingsSheetWindow = 927 200 829 524 0 0 1920 1178
NSWindow Frame ConnectingWindow = 765 744 389 187 0 0 1920 1178
detailsWindowFrameVersion = 4560
detailsWindowFrame = {{500, 533}, {920, 468}}
detailsWindowLeftFrame = {{0, 0}, {165, 350}}
detailsWindowViewIndex = 0
detailsWindowConfigurationsTabIdentifier = log
leftNavSelectedDisplayName = Elucid(180)
AdvancedWindowTabIdentifier = connectingAndDisconnecting
haveDealtWithSparkle1dot5b6 = 1
haveDealtWithOldTunTapPreferences = 1
haveDealtWithOldLoginItem = 1
SUEnableAutomaticChecks = 0
SUFeedURL = https://www.tunnelblick.net/appcast-s.rss
SUScheduledCheckInterval = 86400
SUSendProfileInfo = 1
SULastCheckTime = 2016-05-24 12:41:44 +0000
SUHasLaunchedBefore = 1
WebKitDefaultFontSize = 16
WebKitStandardFont = Times
================================================================================
Tunnelblick Log:
2016-06-17 11:04:31 OpenVPN 2.3.10 x86_64-apple-darwin [SSL (OpenSSL)]
[LZO] [PKCS11] [MH] [IPv6] built on May 3 2016
2016-06-17 11:04:31 library versions: OpenSSL 1.0.2h 3 May 2016, LZO 2.09
2016-06-17 11:04:31 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337
2016-06-17 11:04:31 Need hold release from management interface, waiting...
*Tunnelblick: OS X 10.8.5; Tunnelblick 3.6.3 (build 4560)
2016-06-17 11:04:30 *Tunnelblick: Attempting connection with
Elucid(180) using shadow copy; Set nameserver = 769; monitoring
connection
2016-06-17 11:04:30 *Tunnelblick: openvpnstart start Elucid(180).tblk
1337 769 0 1 0 1065330 -ptADGNWradsgnw 2.3.10
2016-06-17 11:04:33 *Tunnelblick: openvpnstart log:
Loading tap-20111101.kext
OpenVPN started successfully. Command used to start OpenVPN (one
argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.10/openvpn
--daemon
--log
/Library/Application
Support/Tunnelblick/Logs/-SUsers-SLarryMartell-SLibrary-SApplication
Support-STunnelblick-SConfigurations-SElucid(180).tblk-SContents-SResources-Sconfig.ovpn.769_0_1_0_1065330.1337.openvpn.log
--cd
/Library/Application
Support/Tunnelblick/Users/LarryMartell/Elucid(180).tblk/Contents/Resources
--verb
3
--config
/Library/Application
Support/Tunnelblick/Users/LarryMartell/Elucid(180).tblk/Contents/Resources/config.ovpn
--verb
3
--cd
/Library/Application
Support/Tunnelblick/Users/LarryMartell/Elucid(180).tblk/Contents/Resources
--management
127.0.0.1
1337
--management-query-passwords
--management-hold
--script-security
2
--up
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh
2016-06-17 11:04:33 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337
2016-06-17 11:04:33 *Tunnelblick: Established communication with OpenVPN
2016-06-17 11:04:33 *Tunnelblick: Obtained VPN username and password
from the Keychain
2016-06-17 11:04:33 MANAGEMENT: CMD 'pid'
2016-06-17 11:04:33 MANAGEMENT: CMD 'state on'
2016-06-17 11:04:33 MANAGEMENT: CMD 'state'
2016-06-17 11:04:33 MANAGEMENT: CMD 'bytecount 1'
2016-06-17 11:04:33 MANAGEMENT: CMD 'hold release'
2016-06-17 11:04:33 MANAGEMENT: CMD 'username "Auth" "lmartell"'
2016-06-17 11:04:33 MANAGEMENT: CMD 'password [...]'
2016-06-17 11:04:33 NOTE: the current --script-security setting may
allow this configuration to call user-defined scripts
2016-06-17 11:04:33 Socket Buffers: R=[131072->131072] S=[131072->131072]
2016-06-17 11:04:33 Attempting to establish TCP connection with
[AF_INET]71.245.233.180:1194 [nonblock]
2016-06-17 11:04:33 MANAGEMENT: >STATE:1466175873,TCP_CONNECT,,,
2016-06-17 11:04:34 TCP connection established with [AF_INET]71.245.233.180:1194
2016-06-17 11:04:34 TCPv4_CLIENT link local: [undef]
2016-06-17 11:04:34 TCPv4_CLIENT link remote: [AF_INET]71.245.233.180:1194
2016-06-17 11:04:34 MANAGEMENT: >STATE:1466175874,WAIT,,,
2016-06-17 11:04:34 MANAGEMENT: >STATE:1466175874,AUTH,,,
2016-06-17 11:04:34 TLS: Initial packet from
[AF_INET]71.245.233.180:1194, sid=a8861fd6 73f686e6
2016-06-17 11:04:34 WARNING: this configuration may cache passwords in
memory -- use the auth-nocache option to prevent this
2016-06-17 11:04:35 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS,
CN=RT-N66U, emailAddress=m...@myhost.mydomain
2016-06-17 11:04:35 VERIFY OK: nsCertType=SERVER
2016-06-17 11:04:35 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS,
CN=RT-N66U, emailAddress=m...@myhost.mydomain
2016-06-17 11:04:36 Data Channel Encrypt: Cipher 'BF-CBC' initialized
with 128 bit key
2016-06-17 11:04:36 Data Channel Encrypt: Using 160 bit message hash
'SHA1' for HMAC authentication
2016-06-17 11:04:36 Data Channel Decrypt: Cipher 'BF-CBC' initialized
with 128 bit key
2016-06-17 11:04:36 Data Channel Decrypt: Using 160 bit message hash
'SHA1' for HMAC authentication
2016-06-17 11:04:36 Control Channel: TLSv1, cipher TLSv1/SSLv3
DHE-RSA-AES256-SHA, 1024 bit RSA
2016-06-17 11:04:36 [RT-N66U] Peer Connection Initiated with
[AF_INET]71.245.233.180:1194
2016-06-17 11:04:37 MANAGEMENT: >STATE:1466175877,GET_CONFIG,,,
2016-06-17 11:04:38 SENT CONTROL [RT-N66U]: 'PUSH_REQUEST' (status=1)
2016-06-17 11:04:38 PUSH: Received control message: 'PUSH_REPLY,route
0.0.0.0 255.255.255.255 net_gateway,dhcp-option DNS
192.168.10.254,route-gateway dhcp,ping 15,ping-restart 60'
2016-06-17 11:04:38 OPTIONS IMPORT: timers and/or timeouts modified
2016-06-17 11:04:38 OPTIONS IMPORT: route options modified
2016-06-17 11:04:38 OPTIONS IMPORT: route-related options modified
2016-06-17 11:04:38 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option
options modified
2016-06-17 11:04:38 TUN/TAP device /dev/tap0 opened
2016-06-17 11:04:38
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh
Did 'ipconfig set "tap0" DHCP'
Configuring tap DNS via DHCP
asynchronously
End of output from
client.up.tunnelblick.sh
**********************************************
2016-06-17 11:04:40 MANAGEMENT: >STATE:1466175880,ADD_ROUTES,,,
2016-06-17 11:04:40 /sbin/route add -net 0.0.0.0 192.168.0.1 255.255.255.255
2016-06-17 11:04:40 *Tunnelblick: No 'connected.sh' script to execute
add net 0.0.0.0: gateway 192.168.0.1
2016-06-17 11:04:40 Initialization Sequence Completed
2016-06-17 11:04:40 MANAGEMENT:
>STATE:1466175880,CONNECTED,SUCCESS,,71.245.233.180
Sleeping for 0 seconds to wait
for DHCP to finish setup.
Sleeping for 1 seconds to wait
for DHCP to finish setup.
Sleeping for 2 seconds to wait
for DHCP to finish setup.
Sleeping for 3 seconds to wait
for DHCP to finish setup.
Sleeping for 4 seconds to wait
for DHCP to finish setup.
2016-06-17 11:04:46 *Tunnelblick: This computer's apparent public IP
address (24.194.243.225) was unchanged after the connection was made
2016-06-17 11:04:53 Extracted DHCP router address: 192.168.10.1
WARNING: No DNS information
received from OpenVPN via DHCP, so no network/DNS configuration
changes need to be made.
WARNING: Will NOT monitor for
other network configuration changes.
DNS servers '8.8.8.8' were set manually
DNS servers '8.8.8.8' will be
used for DNS queries when the VPN is active
The DNS servers include only
free public DNS servers known to Tunnelblick.
Flushed the DNS cache via dscacheutil
/usr/sbin/discoveryutil not
present. Not flushing the DNS cache via discoveryutil
Notified mDNSResponder that
the DNS cache was flushed
2016-06-17 11:59:28 [RT-N66U] Inactivity timeout (--ping-restart), restarting
2016-06-17 11:59:28
2016-06-17 11:59:28
2016-06-17 11:59:31 MANAGEMENT: >STATE:1466179171,RECONNECTING,ping-restart,,
2016-06-17 11:59:32 *Tunnelblick: No 'reconnecting.sh' script to execute
2016-06-17 11:59:32 MANAGEMENT: CMD 'hold release'
2016-06-17 11:59:32 NOTE: the current --script-security setting may
allow this configuration to call user-defined scripts
2016-06-17 11:59:32 Socket Buffers: R=[131072->131072] S=[131072->131072]
2016-06-17 11:59:32 Attempting to establish TCP connection with
[AF_INET]71.245.233.180:1194 [nonblock]
2016-06-17 11:59:32 MANAGEMENT: >STATE:1466179172,TCP_CONNECT,,,
2016-06-17 11:59:33 TCP connection established with [AF_INET]71.245.233.180:1194
2016-06-17 11:59:33 TCPv4_CLIENT link local: [undef]
2016-06-17 11:59:33 TCPv4_CLIENT link remote: [AF_INET]71.245.233.180:1194
2016-06-17 11:59:33 MANAGEMENT: >STATE:1466179173,WAIT,,,
2016-06-17 11:59:33 MANAGEMENT: >STATE:1466179173,AUTH,,,
2016-06-17 11:59:33 TLS: Initial packet from
[AF_INET]71.245.233.180:1194, sid=ae58919a f795216d
2016-06-17 11:59:35 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS,
CN=RT-N66U, emailAddress=m...@myhost.mydomain
2016-06-17 11:59:35 VERIFY OK: nsCertType=SERVER
2016-06-17 11:59:35 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS,
CN=RT-N66U, emailAddress=m...@myhost.mydomain
2016-06-17 11:59:35 Data Channel Encrypt: Cipher 'BF-CBC' initialized
with 128 bit key
2016-06-17 11:59:35 Data Channel Encrypt: Using 160 bit message hash
'SHA1' for HMAC authentication
2016-06-17 11:59:35 Data Channel Decrypt: Cipher 'BF-CBC' initialized
with 128 bit key
2016-06-17 11:59:35 Data Channel Decrypt: Using 160 bit message hash
'SHA1' for HMAC authentication
2016-06-17 11:59:35 Control Channel: TLSv1, cipher TLSv1/SSLv3
DHE-RSA-AES256-SHA, 1024 bit RSA
2016-06-17 11:59:35 [RT-N66U] Peer Connection Initiated with
[AF_INET]71.245.233.180:1194
2016-06-17 11:59:36 MANAGEMENT: >STATE:1466179176,GET_CONFIG,,,
2016-06-17 11:59:37 SENT CONTROL [RT-N66U]: 'PUSH_REQUEST' (status=1)
2016-06-17 11:59:37 PUSH: Received control message: 'PUSH_REPLY,route
0.0.0.0 255.255.255.255 net_gateway,dhcp-option DNS
192.168.10.254,route-gateway dhcp,ping 15,ping-restart 60'
2016-06-17 11:59:37 OPTIONS IMPORT: timers and/or timeouts modified
2016-06-17 11:59:37 OPTIONS IMPORT: route options modified
2016-06-17 11:59:37 OPTIONS IMPORT: route-related options modified
2016-06-17 11:59:37 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option
options modified
2016-06-17 11:59:37 TUN/TAP device /dev/tap0 opened
2016-06-17 11:59:37
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh
Did 'ipconfig set "tap0" DHCP'
Configuring tap DNS via DHCP
asynchronously
End of output from
client.up.tunnelblick.sh
**********************************************
2016-06-17 11:59:40 MANAGEMENT: >STATE:1466179180,ADD_ROUTES,,,
2016-06-17 11:59:40 /sbin/route add -net 0.0.0.0 192.168.0.1 255.255.255.255
add net 0.0.0.0: gateway 192.168.0.1
2016-06-17 11:59:40 Initialization Sequence Completed
2016-06-17 11:59:40 MANAGEMENT:
>STATE:1466179180,CONNECTED,SUCCESS,,71.245.233.180
Sleeping for 3 seconds to wait
for DHCP to finish setup.
Sleeping for 4 seconds to wait
for DHCP to finish setup.
2016-06-17 11:59:40 *Tunnelblick: No 'connected.sh' script to execute
Sleeping for 0 seconds to wait
for DHCP to finish setup.
Sleeping for 1 seconds to wait
for DHCP to finish setup.
Sleeping for 2 seconds to wait
for DHCP to finish setup.
2016-06-17 11:59:45 *Tunnelblick: This computer's apparent public IP
address (24.194.243.225) was unchanged after the connection was made
2016-06-17 11:59:52 Extracted DHCP router address: 192.168.10.1
WARNING: No DNS information
received from OpenVPN via DHCP, so no network/DNS configuration
changes need to be made.
WARNING: Will NOT monitor for
other network configuration changes.
DNS servers '8.8.8.8' were set manually
DNS servers '8.8.8.8' will be
used for DNS queries when the VPN is active
The DNS servers include only
free public DNS servers known to Tunnelblick.
Flushed the DNS cache via dscacheutil
/usr/sbin/discoveryutil not
present. Not flushing the DNS cache via discoveryutil
Notified mDNSResponder that
the DNS cache was flushed
================================================================================
"Sanitized" full configuration file
client
dev tap
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap
proto tcp-client
remote 71.245.233.180 1194
float
comp-lzo adaptive
keepalive 15 60
auth-user-pass
ns-cert-type server
<ca>
[Security-related line(s) omitted]
</ca>
<cert>
[Security-related line(s) omitted]
</cert>
<key>
[Security-related line(s) omitted]
</key>
resolv-retry infinite
nobind
================================================================================
ifconfig output:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet 127.94.0.1 netmask 0xff000000
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=2b<RXCSUM,TXCSUM,VLAN_HWTAGGING,TSO4>
ether 40:6c:8f:03:0d:75
media: autoselect (none)
status: inactive
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 68:a8:6d:30:8f:4c
inet6 fe80::6aa8:6dff:fe30:8f4c%en1 prefixlen 64 scopeid 0x5
inet 192.168.0.3 netmask 0xffffff00 broadcast 192.168.0.255
media: autoselect
status: active
fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078
lladdr 3c:07:54:ff:fe:cd:dc:62
media: autoselect <full-duplex>
status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether 0a:a8:6d:30:8f:4c
media: autoselect
status: inactive
vboxnet0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
ether 0a:00:27:00:00:00
inet 192.168.56.1 netmask 0xffffff00 broadcast 192.168.56.255
vboxnet1: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 0a:00:27:00:00:01
tap0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 6a:80:b5:d9:eb:84
inet 192.168.10.34 netmask 0xffffff00 broadcast 192.168.10.255
open (pid 80453)
================================================================================
Console Log:
2016-06-17 07:44:25 Tunnelblick[6469] Keychain item retrieved
successfully for service = 'Tunnelblick-Auth-Elucid(180)' account =
'username'
2016-06-17 07:44:25 Tunnelblick[6469] Keychain item retrieved
successfully for service = 'Tunnelblick-Auth-Elucid(180)' account =
'password'
2016-06-17 10:30:36 Tunnelblick[6469] Keychain item retrieved
successfully for service = 'Tunnelblick-Auth-Elucid(180)' account =
'username'
2016-06-17 10:30:36 Tunnelblick[6469] Keychain item retrieved
successfully for service = 'Tunnelblick-Auth-Elucid(180)' account =
'password'
2016-06-17 11:04:33 Tunnelblick[6469] Keychain item retrieved
successfully for service = 'Tunnelblick-Auth-Elucid(180)' account =
'username'
2016-06-17 11:04:33 Tunnelblick[6469] Keychain item retrieved
successfully for service = 'Tunnelblick-Auth-Elucid(180)' account =
'password'
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "tunnelblick-discuss" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/tunnelblick-discuss/pN5eZNs51JI/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> tunnelblick-dis...@googlegroups.com.
> Visit this group at https://groups.google.com/group/tunnelblick-discuss.
> For more options, visit https://groups.google.com/d/optout.
my ssh sessions.
The "read before you post" page says:
1. Make sure you do not have manually set DNS server addresses in OS X
System Preferences : Network (select the primary interface, click the
"Advanced..." button, then the DNS tab; there should be no addresses
on the left that are not dimmed).
Originally my DNS servers were set to my ISP's servers, and the
correction was dropping. My admin told me to remove those and put in
8.8.8.8, which I did, but it did not fix the problem. Now I just tried
removing 8.8.8.8 and the IPS's DNS servers re-appeared. There does not
seem to be any way to remove them.
6. Make sure that "Check if the apparent public IP address changed
after connecting" is checked.
I checked that (it was not checked) and then when I connected I got a
dialog box that said:
This computer's apparent public IP address was not different after
connecting to MyCompany. It is still xx.xx.xx.xx.
This may mean that your VPN is not configured correctly.
Here is the log from the connection to the disconnection:
*Tunnelblick: OS X 10.8.5; Tunnelblick 3.6.3 (build 4560); Admin user
git commit de3da06d3f99c6839b7ffc5b18f7b3252a79fa8a
Configuration Elucid(180)
"Sanitized" condensed configuration file for
/Users/LarryMartell/Library/Application
Support/Tunnelblick/Configurations/Elucid(180).tblk:
client
dev tap
proto tcp-client
remote 71.245.233.180 1194
float
comp-lzo adaptive
keepalive 15 60
auth-user-pass
ns-cert-type server
<ca>
[Security-related line(s) omitted]
</ca>
<cert>
[Security-related line(s) omitted]
</cert>
<key>
[Security-related line(s) omitted]
</key>
resolv-retry infinite
nobind
================================================================================
Non-Apple kexts that are loaded:
Index Refs Address Size Wired Name (Version)
<Linked Against>
135 0 0xffffff7f826c5000 0x8000 0x8000 foo.tun (1.0) <7 5 4 1>
191 3 0xffffff7f82862000 0x63000 0x63000
org.virtualbox.kext.VBoxDrv (5.0.20) <7 5 4 3 1>
192 0 0xffffff7f8265b000 0x8000 0x8000
org.virtualbox.kext.VBoxUSB (5.0.20) <191 45 33 7 5 4 3 1>
193 0 0xffffff7f82663000 0x5000 0x5000
org.virtualbox.kext.VBoxNetFlt (5.0.20) <191 7 5 4 3 1>
194 0 0xffffff7f82668000 0x6000 0x6000
org.virtualbox.kext.VBoxNetAdp (5.0.20) <191 5 4 1>
229 0 0xffffff7f82949000 0x7000 0x7000
net.tunnelblick.tap (4560.2) <7 5 4 1>
================================================================================
There are no unusual files in Elucid(180).tblk
================================================================================
Configuration preferences:
-routeAllTrafficThroughVpn = 0
-keychainHasUsernameAndPassword = 1
-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
-keepConnected = 1
-loggingLevel = 3
-lastConnectionSucceeded = 1
================================================================================
Wildcard preferences:
-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
================================================================================
Program preferences:
launchAtNextLogin = 1
notOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
askedUserIfOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
tunnelblickVersionHistory = (
"3.6.3 (build 4560)"
)
lastLaunchTime = 486497531.535787
connectionWindowDisplayCriteria = showWhenConnecting
maxLogDisplaySize = 102400
lastConnectedDisplayName = Elucid(180)
keyboardShortcutIndex = 1
updateCheckAutomatically = 0
updateSendProfileInfo = 1
tunnelblickdHash =
982f7a7b2b98739801aa88b72712259b30dea31dbe8f2662db447888ff2ff295
tunnelblickdPlistHash =
ce400d395d1801b003398461b5420021f4d591822783a04b79b2f43956d28620
NSWindow Frame SettingsSheetWindow = 927 200 829 524 0 0 1920 1178
NSWindow Frame ConnectingWindow = 765 744 389 187 0 0 1920 1178
detailsWindowFrameVersion = 4560
detailsWindowFrame = {{500, 533}, {920, 468}}
detailsWindowLeftFrame = {{0, 0}, {165, 350}}
detailsWindowViewIndex = 0
detailsWindowConfigurationsTabIdentifier = log
leftNavSelectedDisplayName = Elucid(180)
AdvancedWindowTabIdentifier = connectingAndDisconnecting
haveDealtWithSparkle1dot5b6 = 1
haveDealtWithOldTunTapPreferences = 1
haveDealtWithOldLoginItem = 1
SUEnableAutomaticChecks = 0
SUFeedURL = https://www.tunnelblick.net/appcast-s.rss
SUScheduledCheckInterval = 86400
SUSendProfileInfo = 1
SULastCheckTime = 2016-05-24 12:41:44 +0000
SUHasLaunchedBefore = 1
WebKitDefaultFontSize = 16
WebKitStandardFont = Times
================================================================================
Tunnelblick Log:
2016-06-17 11:04:31 OpenVPN 2.3.10 x86_64-apple-darwin [SSL (OpenSSL)]
[LZO] [PKCS11] [MH] [IPv6] built on May 3 2016
2016-06-17 11:04:31 library versions: OpenSSL 1.0.2h 3 May 2016, LZO 2.09
2016-06-17 11:04:31 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337
2016-06-17 11:04:31 Need hold release from management interface, waiting...
*Tunnelblick: OS X 10.8.5; Tunnelblick 3.6.3 (build 4560)
2016-06-17 11:04:30 *Tunnelblick: Attempting connection with
Elucid(180) using shadow copy; Set nameserver = 769; monitoring
connection
2016-06-17 11:04:30 *Tunnelblick: openvpnstart start Elucid(180).tblk
1337 769 0 1 0 1065330 -ptADGNWradsgnw 2.3.10
2016-06-17 11:04:33 *Tunnelblick: openvpnstart log:
Loading tap-20111101.kext
OpenVPN started successfully. Command used to start OpenVPN (one
argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.10/openvpn
--daemon
--log
/Library/Application
Support/Tunnelblick/Logs/-SUsers-SLarryMartell-SLibrary-SApplication
Support-STunnelblick-SConfigurations-SElucid(180).tblk-SContents-SResources-Sconfig.ovpn.769_0_1_0_1065330.1337.openvpn.log
--cd
/Library/Application
Support/Tunnelblick/Users/LarryMartell/Elucid(180).tblk/Contents/Resources
--verb
3
--config
/Library/Application
Support/Tunnelblick/Users/LarryMartell/Elucid(180).tblk/Contents/Resources/config.ovpn
--verb
3
--cd
/Library/Application
Support/Tunnelblick/Users/LarryMartell/Elucid(180).tblk/Contents/Resources
--management
127.0.0.1
1337
--management-query-passwords
--management-hold
--script-security
2
--up
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh
-9 -a -d -f -m -w -ptADGNWradsgnw
--down
/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh
-9 -a -d -f -m -w -ptADGNWradsgnw
--route-pre-down
-9 -a -d -f -m -w -ptADGNWradsgnw
/Applications/Tunnelblick.app/Contents/Resources/client.route-pre-down.tunnelblick.sh
-9 -a -d -f -m -w -ptADGNWradsgnw
2016-06-17 11:04:30 *Tunnelblick: openvpnstart starting OpenVPN
-9 -a -d -f -m -w -ptADGNWradsgnw
2016-06-17 11:04:33 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337
2016-06-17 11:04:33 *Tunnelblick: Established communication with OpenVPN
2016-06-17 11:04:33 *Tunnelblick: Obtained VPN username and password
from the Keychain
2016-06-17 11:04:33 MANAGEMENT: CMD 'pid'
2016-06-17 11:04:33 MANAGEMENT: CMD 'state on'
2016-06-17 11:04:33 MANAGEMENT: CMD 'state'
2016-06-17 11:04:33 MANAGEMENT: CMD 'bytecount 1'
2016-06-17 11:04:33 MANAGEMENT: CMD 'hold release'
2016-06-17 11:04:33 MANAGEMENT: CMD 'username "Auth" "lmartell"'
2016-06-17 11:04:33 MANAGEMENT: CMD 'password [...]'
2016-06-17 11:04:33 NOTE: the current --script-security setting may
allow this configuration to call user-defined scripts
2016-06-17 11:04:33 Socket Buffers: R=[131072->131072] S=[131072->131072]
2016-06-17 11:04:33 Attempting to establish TCP connection with
[AF_INET]71.245.233.180:1194 [nonblock]
2016-06-17 11:04:33 MANAGEMENT: >STATE:1466175873,TCP_CONNECT,,,
2016-06-17 11:04:34 TCP connection established with [AF_INET]71.245.233.180:1194
2016-06-17 11:04:34 TCPv4_CLIENT link local: [undef]
2016-06-17 11:04:34 TCPv4_CLIENT link remote: [AF_INET]71.245.233.180:1194
2016-06-17 11:04:34 MANAGEMENT: >STATE:1466175874,WAIT,,,
2016-06-17 11:04:34 MANAGEMENT: >STATE:1466175874,AUTH,,,
2016-06-17 11:04:34 TLS: Initial packet from
[AF_INET]71.245.233.180:1194, sid=a8861fd6 73f686e6
2016-06-17 11:04:34 WARNING: this configuration may cache passwords in
memory -- use the auth-nocache option to prevent this
2016-06-17 11:04:35 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS,
CN=RT-N66U, emailAddress=m...@myhost.mydomain
2016-06-17 11:04:35 VERIFY OK: nsCertType=SERVER
2016-06-17 11:04:35 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS,
CN=RT-N66U, emailAddress=m...@myhost.mydomain
2016-06-17 11:04:36 Data Channel Encrypt: Cipher 'BF-CBC' initialized
with 128 bit key
2016-06-17 11:04:36 Data Channel Encrypt: Using 160 bit message hash
'SHA1' for HMAC authentication
2016-06-17 11:04:36 Data Channel Decrypt: Cipher 'BF-CBC' initialized
with 128 bit key
2016-06-17 11:04:36 Data Channel Decrypt: Using 160 bit message hash
'SHA1' for HMAC authentication
2016-06-17 11:04:36 Control Channel: TLSv1, cipher TLSv1/SSLv3
DHE-RSA-AES256-SHA, 1024 bit RSA
2016-06-17 11:04:36 [RT-N66U] Peer Connection Initiated with
[AF_INET]71.245.233.180:1194
2016-06-17 11:04:37 MANAGEMENT: >STATE:1466175877,GET_CONFIG,,,
2016-06-17 11:04:38 SENT CONTROL [RT-N66U]: 'PUSH_REQUEST' (status=1)
2016-06-17 11:04:38 PUSH: Received control message: 'PUSH_REPLY,route
0.0.0.0 255.255.255.255 net_gateway,dhcp-option DNS
192.168.10.254,route-gateway dhcp,ping 15,ping-restart 60'
2016-06-17 11:04:38 OPTIONS IMPORT: timers and/or timeouts modified
2016-06-17 11:04:38 OPTIONS IMPORT: route options modified
2016-06-17 11:04:38 OPTIONS IMPORT: route-related options modified
2016-06-17 11:04:38 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option
options modified
2016-06-17 11:04:38 TUN/TAP device /dev/tap0 opened
2016-06-17 11:04:38
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh
-9 -a -d -f -m -w -ptADGNWradsgnw tap0 1500 1576 init
**********************************************
Start of output from
client.up.tunnelblick.sh
**********************************************
Start of output from
Did 'ipconfig set "tap0" DHCP'
Configuring tap DNS via DHCP
asynchronously
End of output from
client.up.tunnelblick.sh
**********************************************
2016-06-17 11:04:40 MANAGEMENT: >STATE:1466175880,ADD_ROUTES,,,
2016-06-17 11:04:40 /sbin/route add -net 0.0.0.0 192.168.0.1 255.255.255.255
2016-06-17 11:04:40 *Tunnelblick: No 'connected.sh' script to execute
add net 0.0.0.0: gateway 192.168.0.1
2016-06-17 11:04:40 Initialization Sequence Completed
2016-06-17 11:04:40 MANAGEMENT:
>STATE:1466175880,CONNECTED,SUCCESS,,71.245.233.180
Sleeping for 0 seconds to wait
for DHCP to finish setup.
Sleeping for 1 seconds to wait
for DHCP to finish setup.
Sleeping for 2 seconds to wait
for DHCP to finish setup.
Sleeping for 3 seconds to wait
for DHCP to finish setup.
Sleeping for 4 seconds to wait
for DHCP to finish setup.
2016-06-17 11:04:46 *Tunnelblick: This computer's apparent public IP
address (24.194.243.225) was unchanged after the connection was made
2016-06-17 11:04:53 Extracted DHCP router address: 192.168.10.1
WARNING: No DNS information
received from OpenVPN via DHCP, so no network/DNS configuration
changes need to be made.
WARNING: Will NOT monitor for
other network configuration changes.
DNS servers '8.8.8.8' were set manually
DNS servers '8.8.8.8' will be
used for DNS queries when the VPN is active
The DNS servers include only
free public DNS servers known to Tunnelblick.
Flushed the DNS cache via dscacheutil
/usr/sbin/discoveryutil not
present. Not flushing the DNS cache via discoveryutil
Notified mDNSResponder that
the DNS cache was flushed
2016-06-17 11:59:28 [RT-N66U] Inactivity timeout (--ping-restart), restarting
2016-06-17 11:59:28
/Applications/Tunnelblick.app/Contents/Resources/client.route-pre-down.tunnelblick.sh
-9 -a -d -f -m -w -ptADGNWradsgnw tap0 1500 1576 init
**********************************************
Start of output from
client.route-pre-down.tunnelblick.sh
WARNING: Ignoring change of
Network Primary Service from 9BB0ABA3-38C0-45CE-A273-6204095D2F1D to
RestoreIpv6Services :
9BB0ABA3-38C0-45CE-A273-6204095D2F1D
Released the DHCP lease via
ipconfig set "tap0" NONE.
End of output from
client.route-pre-down.tunnelblick.sh
**********************************************
2016-06-17 11:59:28 /sbin/route delete -net 0.0.0.0 192.168.0.1 255.255.255.255
-9 -a -d -f -m -w -ptADGNWradsgnw tap0 1500 1576 init
**********************************************
Start of output from
client.route-pre-down.tunnelblick.sh
WARNING: Ignoring change of
Network Primary Service from 9BB0ABA3-38C0-45CE-A273-6204095D2F1D to
RestoreIpv6Services :
9BB0ABA3-38C0-45CE-A273-6204095D2F1D
Released the DHCP lease via
ipconfig set "tap0" NONE.
End of output from
client.route-pre-down.tunnelblick.sh
**********************************************
delete net 0.0.0.0: gateway 192.168.0.1
2016-06-17 11:59:28 Closing TUN/TAP interface
2016-06-17 11:59:28
/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh
-9 -a -d -f -m -w -ptADGNWradsgnw tap0 1500 1576 init
**********************************************
Start of output from
client.down.tunnelblick.sh
Restored the DNS and SMB configurations
2016-06-17 11:59:31 SIGUSR1[soft,ping-restart] received, process restarting
-9 -a -d -f -m -w -ptADGNWradsgnw tap0 1500 1576 init
**********************************************
Start of output from
client.down.tunnelblick.sh
Restored the DNS and SMB configurations
2016-06-17 11:59:31 MANAGEMENT: >STATE:1466179171,RECONNECTING,ping-restart,,
2016-06-17 11:59:32 *Tunnelblick: No 'reconnecting.sh' script to execute
2016-06-17 11:59:32 MANAGEMENT: CMD 'hold release'
2016-06-17 11:59:32 NOTE: the current --script-security setting may
allow this configuration to call user-defined scripts
2016-06-17 11:59:32 Socket Buffers: R=[131072->131072] S=[131072->131072]
2016-06-17 11:59:32 Attempting to establish TCP connection with
[AF_INET]71.245.233.180:1194 [nonblock]
2016-06-17 11:59:32 MANAGEMENT: >STATE:1466179172,TCP_CONNECT,,,
2016-06-17 11:59:33 TCP connection established with [AF_INET]71.245.233.180:1194
2016-06-17 11:59:33 TCPv4_CLIENT link local: [undef]
2016-06-17 11:59:33 TCPv4_CLIENT link remote: [AF_INET]71.245.233.180:1194
2016-06-17 11:59:33 MANAGEMENT: >STATE:1466179173,WAIT,,,
2016-06-17 11:59:33 MANAGEMENT: >STATE:1466179173,AUTH,,,
2016-06-17 11:59:33 TLS: Initial packet from
[AF_INET]71.245.233.180:1194, sid=ae58919a f795216d
2016-06-17 11:59:35 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS,
CN=RT-N66U, emailAddress=m...@myhost.mydomain
2016-06-17 11:59:35 VERIFY OK: nsCertType=SERVER
2016-06-17 11:59:35 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS,
CN=RT-N66U, emailAddress=m...@myhost.mydomain
2016-06-17 11:59:35 Data Channel Encrypt: Cipher 'BF-CBC' initialized
with 128 bit key
2016-06-17 11:59:35 Data Channel Encrypt: Using 160 bit message hash
'SHA1' for HMAC authentication
2016-06-17 11:59:35 Data Channel Decrypt: Cipher 'BF-CBC' initialized
with 128 bit key
2016-06-17 11:59:35 Data Channel Decrypt: Using 160 bit message hash
'SHA1' for HMAC authentication
2016-06-17 11:59:35 Control Channel: TLSv1, cipher TLSv1/SSLv3
DHE-RSA-AES256-SHA, 1024 bit RSA
2016-06-17 11:59:35 [RT-N66U] Peer Connection Initiated with
[AF_INET]71.245.233.180:1194
2016-06-17 11:59:36 MANAGEMENT: >STATE:1466179176,GET_CONFIG,,,
2016-06-17 11:59:37 SENT CONTROL [RT-N66U]: 'PUSH_REQUEST' (status=1)
2016-06-17 11:59:37 PUSH: Received control message: 'PUSH_REPLY,route
0.0.0.0 255.255.255.255 net_gateway,dhcp-option DNS
192.168.10.254,route-gateway dhcp,ping 15,ping-restart 60'
2016-06-17 11:59:37 OPTIONS IMPORT: timers and/or timeouts modified
2016-06-17 11:59:37 OPTIONS IMPORT: route options modified
2016-06-17 11:59:37 OPTIONS IMPORT: route-related options modified
2016-06-17 11:59:37 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option
options modified
2016-06-17 11:59:37 TUN/TAP device /dev/tap0 opened
2016-06-17 11:59:37
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh
-9 -a -d -f -m -w -ptADGNWradsgnw tap0 1500 1576 init
**********************************************
Start of output from
client.up.tunnelblick.sh
**********************************************
Start of output from
Did 'ipconfig set "tap0" DHCP'
Configuring tap DNS via DHCP
asynchronously
End of output from
client.up.tunnelblick.sh
**********************************************
2016-06-17 11:59:40 MANAGEMENT: >STATE:1466179180,ADD_ROUTES,,,
2016-06-17 11:59:40 /sbin/route add -net 0.0.0.0 192.168.0.1 255.255.255.255
add net 0.0.0.0: gateway 192.168.0.1
2016-06-17 11:59:40 Initialization Sequence Completed
2016-06-17 11:59:40 MANAGEMENT:
>STATE:1466179180,CONNECTED,SUCCESS,,71.245.233.180
Sleeping for 3 seconds to wait
for DHCP to finish setup.
Sleeping for 4 seconds to wait
for DHCP to finish setup.
2016-06-17 11:59:40 *Tunnelblick: No 'connected.sh' script to execute
Sleeping for 0 seconds to wait
for DHCP to finish setup.
Sleeping for 1 seconds to wait
for DHCP to finish setup.
Sleeping for 2 seconds to wait
for DHCP to finish setup.
2016-06-17 11:59:45 *Tunnelblick: This computer's apparent public IP
address (24.194.243.225) was unchanged after the connection was made
2016-06-17 11:59:52 Extracted DHCP router address: 192.168.10.1
WARNING: No DNS information
received from OpenVPN via DHCP, so no network/DNS configuration
changes need to be made.
WARNING: Will NOT monitor for
other network configuration changes.
DNS servers '8.8.8.8' were set manually
DNS servers '8.8.8.8' will be
used for DNS queries when the VPN is active
The DNS servers include only
free public DNS servers known to Tunnelblick.
Flushed the DNS cache via dscacheutil
/usr/sbin/discoveryutil not
present. Not flushing the DNS cache via discoveryutil
Notified mDNSResponder that
the DNS cache was flushed
================================================================================
"Sanitized" full configuration file
client
dev tap
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap
proto tcp-client
remote 71.245.233.180 1194
float
comp-lzo adaptive
keepalive 15 60
auth-user-pass
ns-cert-type server
<ca>
[Security-related line(s) omitted]
</ca>
<cert>
[Security-related line(s) omitted]
</cert>
<key>
[Security-related line(s) omitted]
</key>
resolv-retry infinite
nobind
================================================================================
ifconfig output:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet 127.94.0.1 netmask 0xff000000
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=2b<RXCSUM,TXCSUM,VLAN_HWTAGGING,TSO4>
ether 40:6c:8f:03:0d:75
media: autoselect (none)
status: inactive
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 68:a8:6d:30:8f:4c
inet6 fe80::6aa8:6dff:fe30:8f4c%en1 prefixlen 64 scopeid 0x5
inet 192.168.0.3 netmask 0xffffff00 broadcast 192.168.0.255
media: autoselect
status: active
fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078
lladdr 3c:07:54:ff:fe:cd:dc:62
media: autoselect <full-duplex>
status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether 0a:a8:6d:30:8f:4c
media: autoselect
status: inactive
vboxnet0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
ether 0a:00:27:00:00:00
inet 192.168.56.1 netmask 0xffffff00 broadcast 192.168.56.255
vboxnet1: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 0a:00:27:00:00:01
tap0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 6a:80:b5:d9:eb:84
inet 192.168.10.34 netmask 0xffffff00 broadcast 192.168.10.255
open (pid 80453)
================================================================================
Console Log:
2016-06-17 07:44:25 Tunnelblick[6469] Keychain item retrieved
successfully for service = 'Tunnelblick-Auth-Elucid(180)' account =
'username'
2016-06-17 07:44:25 Tunnelblick[6469] Keychain item retrieved
successfully for service = 'Tunnelblick-Auth-Elucid(180)' account =
'password'
2016-06-17 10:30:36 Tunnelblick[6469] Keychain item retrieved
successfully for service = 'Tunnelblick-Auth-Elucid(180)' account =
'username'
2016-06-17 10:30:36 Tunnelblick[6469] Keychain item retrieved
successfully for service = 'Tunnelblick-Auth-Elucid(180)' account =
'password'
2016-06-17 11:04:33 Tunnelblick[6469] Keychain item retrieved
successfully for service = 'Tunnelblick-Auth-Elucid(180)' account =
'username'
2016-06-17 11:04:33 Tunnelblick[6469] Keychain item retrieved
successfully for service = 'Tunnelblick-Auth-Elucid(180)' account =
'password'
> You received this message because you are subscribed to a topic in the
> Google Groups "tunnelblick-discuss" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/tunnelblick-discuss/pN5eZNs51JI/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> tunnelblick-dis...@googlegroups.com.
> Visit this group at https://groups.google.com/group/tunnelblick-discuss.
> For more options, visit https://groups.google.com/d/optout.
jkbull...gmail.com
Jun 17, 2016, 1:19:10 PM6/17/16
to tunnelblick-discuss
Your VPN server told your computer to "ping" the VPN server every 15 seconds and to restart the connection if more than 60 seconds go by without a response:
2016-06-17 11:04:38 PUSH: Received control message: 'PUSH_REPLY,route 0.0.0.0 255.255.255.255 net_gateway,dhcp-option DNS 192.168.10.254,route-gateway dhcp,ping 15,ping-restart 60'
And apparently that's what is happening:
2016-06-17 11:59:28 [RT-N66U] Inactivity timeout (--ping-restart), restarting
As to why the ping responses were not received, I can't help with that. It indicates a network problem between your computer and the VPN server.
On Friday, June 17, 2016 at 12:06:10 PM UTC-4, Larry Martell wrote:
Yes, the connection starts properly, but when it's dropped I lose all
my ssh sessions.
The "read before you post" page says:
1. Make sure you do not have manually set DNS server addresses in OS X
System Preferences : Network (select the primary interface, click the
"Advanced..." button, then the DNS tab; there should be no addresses
on the left that are not dimmed).
Originally my DNS servers were set to my ISP's servers, and the
correction was dropping. My admin told me to remove those and put in
8.8.8.8, which I did, but it did not fix the problem. Now I just tried
removing 8.8.8.8 and the IPS's DNS servers re-appeared. There does not
seem to be any way to remove them.
6. Make sure that "Check if the apparent public IP address changed
after connecting" is checked.
I checked that (it was not checked) and then when I connected I got a
dialog box that said:
This computer's apparent public IP address was not different after
connecting to MyCompany. It is still xx.xx.xx.xx.
This may mean that your VPN is not configured correctly.
Here is the log from the connection to the disconnection:
<snip>
Larry Martell
Jun 17, 2016, 1:55:59 PM6/17/16
to tunnelbli...@googlegroups.com
So who is resetting the connection? The server or the client?
jkbull...gmail.com
Jun 17, 2016, 2:03:17 PM6/17/16
to tunnelblick-discuss
The server gave your computer instructions to "restart the connection after 60 seconds without responses to pings".
Your computer (the client) followed the instructions and restarted the connection.
So the client restarted the connection under the circumstances that were specified by the server.
On Friday, June 17, 2016 at 1:55:59 PM UTC-4, Larry Martell wrote:
So who is resetting the connection? The server or the client?
Larry Martell
Jun 17, 2016, 2:40:19 PM6/17/16
to tunnelbli...@googlegroups.com
Is there some client side setting where I can tell the client to
ignore instructions like this from the server?
ignore instructions like this from the server?
jkbull...gmail.com
Jun 17, 2016, 3:48:23 PM6/17/16
to tunnelblick-discuss
Try consulting some OpenVPN references:
On Friday, June 17, 2016 at 2:40:19 PM UTC-4, Larry Martell wrote:
Is there some client side setting where I can tell the client to
ignore instructions like this from the server?
Larry Martell
Jun 18, 2016, 8:04:15 AM6/18/16
to tunnelbli...@googlegroups.com
So apparently you can ignore the pushed ping-restart using
--pull-filter ignore ping-restart, but how would I get tunnelblick to
invoke openVPN with that option?
--pull-filter ignore ping-restart, but how would I get tunnelblick to
invoke openVPN with that option?
jkbull...gmail.com
Jun 18, 2016, 9:02:24 AM6/18/16
to tunnelblick-discuss
First: Doing that may solve the restart problem, but cause a bigger problem: complete loss of connectivity through the VPN. If the "pings" are not getting through, then other traffic may not get through either. The reason the VPN is being restarted is because traffic is not going through, so ignoring that may not help you much.
Second: "--pull-filter" was added to OpenVPN source code only a few days ago, so it is not included in the current versions of Tunnelblick, which are a month old. Tunnelblick typically includes at least two copies of OpenVPN, one "stable" version and one from the latest source code (the "git-master" version.) So before adding the option to the OpenVPN configuration file as described below, you'll have to wait for the next release of a Tunnelblick beta (which will probably be within the next week or so). Then you'll have to use the "git-master" version of OpenVPN in the Tunnelblick beta.
To (finally) answer your question: OpenVPN options go into the OpenVPN configuration file.
To open that file for editing:
- Launch Tunnelblick
- Click on the Tunnelblick icon at the top of the display, then click on "VPN Details..."
- Click to select the configuration you want to edit in the list on the left of the "VPN Details" window
- Click the little "gear" icon at the bottom of the list, then (only if it is not dimmed), click on "Edit OpenVPN Configuration File"
(If "Examine OpenVPN Configuration File" appears instead of "Edit OpenVPN Configuration File", your configuration file is shared and cannot be modified. To change it to a private configuration so the configuration file can be modified, click on the "gear" icon and then click on "Make Configuration Private" and enter a computer admin username/password.)
The OpenVPN configuration file will be opened in TextEdit. Make any changes you want to and then save and close the file. The next time you try to connect the configuration you will need to enter a computer admin username/password to secure the modified file.
On Saturday, June 18, 2016 at 8:04:15 AM UTC-4, Larry Martell wrote:
So apparently you can ignore the pushed ping-restart using
--pull-filter ignore ping-restart, but how would I get tunnelblick to
invoke openVPN with that option?
Larry Martell
Jun 18, 2016, 12:54:34 PM6/18/16
to tunnelbli...@googlegroups.com
Thank you very much for the detailed reply. I know what you are saying
about the loss of connectivity, but I connect to 3 different VPNs at
different times. For one I use Open VPN Connect, for one I use some
PPTP client that is on my Mac, and for one I use Tunnleblick. It is
only the one I connect to with Tunnleblick that regularly disconnects.
The sysadmin for that site said I am the only one who is experiencing
problems, and he has variously blamed it on:
-I am running too much on my computer
-I have an old version of MacOS
-I have many VMs configured (even though none are running when I connect)
-The old firewall/VPN appliance they have is crappy
-I'm a Yankee fan and he's a Red Sox fan
He has given up trying to help me, and my client is annoyed because
the constant disconnects seriously effect my productivity. So I am
grasping at straws and willing to try anything.
about the loss of connectivity, but I connect to 3 different VPNs at
different times. For one I use Open VPN Connect, for one I use some
PPTP client that is on my Mac, and for one I use Tunnleblick. It is
only the one I connect to with Tunnleblick that regularly disconnects.
The sysadmin for that site said I am the only one who is experiencing
problems, and he has variously blamed it on:
-I am running too much on my computer
-I have an old version of MacOS
-I have many VMs configured (even though none are running when I connect)
-The old firewall/VPN appliance they have is crappy
-I'm a Yankee fan and he's a Red Sox fan
He has given up trying to help me, and my client is annoyed because
the constant disconnects seriously effect my productivity. So I am
grasping at straws and willing to try anything.
Reply all
Reply to author
Forward
0 new messages