write to TUN/TAP : Input/output error (code=5)
1,127 views
Skip to first unread message
PaF
May 4, 2010, 6:21:31 AM5/4/10
to tunnelblick-discuss
Hi,
I have Tunnelblick: OS X 10.6.3; Tunnelblick 3.0 (build 1437); OpenVPN
2.1.1 installed. With a config file of
client
dev tap
proto udp
remote XX.XX.XX.XX 1194
resolv-retry infinite
nobind
persist-key
mute-replay-warnings
ca ca.crt
cert XX.crt
key XX.key
cipher BF-CBC
comp-lzo
verb 5
mute 20
I am not able to connect to my office OpenVPN server. This
configuration was working a week ago. Other than Software Update, the
only change I can think of is that I changed Keychain Access access
passwords. I get the following
Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC
authentication
Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC
authentication
1024 bit RSA
[server] Peer Connection Initiated with XX.XX.XX.XX:1194
SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
ping-restart 300'
OPTIONS IMPORT: timers and/or timeouts modified
OPTIONS IMPORT: route options modified
OPTIONS IMPORT: route-related options modified
ROUTE default_gateway=192.168.1.1
TUN/TAP device /dev/tap0 opened
write to TUN/TAP : Input/output error (code=5)
write to TUN/TAP : Input/output error (code=5)
...
At log level 10, the log has:
OPTIONS IMPORT: timers and/or timeouts modified
OPTIONS IMPORT: route options modified
OPTIONS IMPORT: route-related options modified
ROUTE default_gateway=192.168.1.1
TUN/TAP device /dev/tap0 opened
SE_RESET
SE_CTL rwflags=0x0003 ev=5 fast=1 cap=1024 maxfd=-1 arg=0x00083520
SE_CTL rwflags=0x0000 ev=6 fast=1 cap=1024 maxfd=5 arg=0x00083124
SE_CTL rwflags=0x0002 ev=4 fast=1 cap=1024 maxfd=6 arg=0x0008311c
I/O WAIT Tr|Tw|SR|SW [5/180008]
SE_WAIT_FAST maxfd=6 tv=5/180008
0] rwflags=0x0002 arg=0x0008311c
1] rwflags=0x0002 arg=0x00083520
event_wait returned 2
I/O WAIT status=0x0082
...
TUN WRITE [60]
write to TUN/TAP returned -1
write to TUN/TAP : Input/output error (code=5)
netstat -ain while connecting gives:
tap0* 1500 <Link#7> a6:8f:87:d0:68:a5 0 0 0
0 0
/dev/tap0 exists:
crw-rw---- 1 root wheel 21, 0 May 4 03:15 /dev/tap0
I deleted and reinstalled Tunnelblick to no avail.
Any pointers ?
Paul
--
You received this message because you are subscribed to the Google Groups "tunnelblick-discuss" group.
To post to this group, send email to tunnelbli...@googlegroups.com.
To unsubscribe from this group, send email to tunnelblick-dis...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/tunnelblick-discuss?hl=en.
I have Tunnelblick: OS X 10.6.3; Tunnelblick 3.0 (build 1437); OpenVPN
2.1.1 installed. With a config file of
client
dev tap
proto udp
remote XX.XX.XX.XX 1194
resolv-retry infinite
nobind
persist-key
mute-replay-warnings
ca ca.crt
cert XX.crt
key XX.key
cipher BF-CBC
comp-lzo
verb 5
mute 20
I am not able to connect to my office OpenVPN server. This
configuration was working a week ago. Other than Software Update, the
only change I can think of is that I changed Keychain Access access
passwords. I get the following
Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC
authentication
Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC
authentication
1024 bit RSA
[server] Peer Connection Initiated with XX.XX.XX.XX:1194
SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
ping-restart 300'
OPTIONS IMPORT: timers and/or timeouts modified
OPTIONS IMPORT: route options modified
OPTIONS IMPORT: route-related options modified
ROUTE default_gateway=192.168.1.1
TUN/TAP device /dev/tap0 opened
write to TUN/TAP : Input/output error (code=5)
write to TUN/TAP : Input/output error (code=5)
...
At log level 10, the log has:
OPTIONS IMPORT: timers and/or timeouts modified
OPTIONS IMPORT: route options modified
OPTIONS IMPORT: route-related options modified
ROUTE default_gateway=192.168.1.1
TUN/TAP device /dev/tap0 opened
SE_RESET
SE_CTL rwflags=0x0003 ev=5 fast=1 cap=1024 maxfd=-1 arg=0x00083520
SE_CTL rwflags=0x0000 ev=6 fast=1 cap=1024 maxfd=5 arg=0x00083124
SE_CTL rwflags=0x0002 ev=4 fast=1 cap=1024 maxfd=6 arg=0x0008311c
I/O WAIT Tr|Tw|SR|SW [5/180008]
SE_WAIT_FAST maxfd=6 tv=5/180008
0] rwflags=0x0002 arg=0x0008311c
1] rwflags=0x0002 arg=0x00083520
event_wait returned 2
I/O WAIT status=0x0082
...
TUN WRITE [60]
write to TUN/TAP returned -1
write to TUN/TAP : Input/output error (code=5)
netstat -ain while connecting gives:
tap0* 1500 <Link#7> a6:8f:87:d0:68:a5 0 0 0
0 0
/dev/tap0 exists:
crw-rw---- 1 root wheel 21, 0 May 4 03:15 /dev/tap0
I deleted and reinstalled Tunnelblick to no avail.
Any pointers ?
Paul
--
You received this message because you are subscribed to the Google Groups "tunnelblick-discuss" group.
To post to this group, send email to tunnelbli...@googlegroups.com.
To unsubscribe from this group, send email to tunnelblick-dis...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/tunnelblick-discuss?hl=en.
jkbull...gmail.com
May 4, 2010, 7:00:11 AM5/4/10
to tunnelblick-discuss
This type of error is often due to a kext conflict. Type
kextstat
into a Terminal window and see if anything like
124 0 0x460ab000 0x6000 0x5000 foo.tap (1.0) <7 5 4 1>
125 0 0x460bf000 0x6000 0x5000 foo.tun (1.0) <7 5 4 1>
appears. (It is the "foo.tap" and "foo.tun" that you are looking for.
And it may literally be "foo.tap"; for some reason that's the name!)
If it does, use
sudo kextunload foo.tap
sudo kextunload foo.tun
to unload them.
Also, unload any other .tap and .tun kexts.
Then try Tunnelblick again.
Conflicting kexts can be caused either by Tunnelblick itself in rare
instances, or by using other VPN software -- for example, Cisco's VPN
software installs its own, incompatible, kexts at system start. You
may need to stop Cisco's software from doing that.
If there aren't any kext conflicts, try an older version of
Tunnelblick -- say, 3.0b10 (which is most likely what you upgraded
from). You can get older, "deprecated" versions of Tunnelblick at
http://code.google.com/p/tunnelblick/downloads/list?can=4
kextstat
into a Terminal window and see if anything like
124 0 0x460ab000 0x6000 0x5000 foo.tap (1.0) <7 5 4 1>
125 0 0x460bf000 0x6000 0x5000 foo.tun (1.0) <7 5 4 1>
appears. (It is the "foo.tap" and "foo.tun" that you are looking for.
And it may literally be "foo.tap"; for some reason that's the name!)
If it does, use
sudo kextunload foo.tap
sudo kextunload foo.tun
to unload them.
Also, unload any other .tap and .tun kexts.
Then try Tunnelblick again.
Conflicting kexts can be caused either by Tunnelblick itself in rare
instances, or by using other VPN software -- for example, Cisco's VPN
software installs its own, incompatible, kexts at system start. You
may need to stop Cisco's software from doing that.
If there aren't any kext conflicts, try an older version of
Tunnelblick -- say, 3.0b10 (which is most likely what you upgraded
from). You can get older, "deprecated" versions of Tunnelblick at
http://code.google.com/p/tunnelblick/downloads/list?can=4
jkbull...gmail.com
May 4, 2010, 7:29:58 AM5/4/10
to tunnelblick-discuss
Sorry, the unload commands should be:
sudo kextunload -b foo.tap
sudo kextunload -b foo.tun
Restarting your computer will also unload the kexts unless they are
being loaded at system start (as Cisco does).
And note that other programs (Cisco, etc.) use different names (not
foo), but they would still end in .tap or .tun.
sudo kextunload -b foo.tap
sudo kextunload -b foo.tun
Restarting your computer will also unload the kexts unless they are
being loaded at system start (as Cisco does).
And note that other programs (Cisco, etc.) use different names (not
foo), but they would still end in .tap or .tun.
PaF
May 5, 2010, 3:11:14 AM5/5/10
to tunnelblick-discuss
There is no tun/tap duplication. kextstat gives me
Index Refs Address Size Wired Name (Version) <Linked
Against>
1 75 0 0 0 com.apple.kpi.bsd (10.3.0)
4 105 0 0 0 com.apple.kpi.libkern
(10.3.0)
5 91 0 0 0 com.apple.kpi.mach
(10.3.0)
7 47 0 0 0 com.apple.kpi.unsupported
(10.3.0)
132 0 0x56b7c000 0x6000 0x5000 foo.tap (1.0) <7 5 4 1>
133 0 0x56c0a000 0x6000 0x5000 foo.tun (1.0) <7 5 4 1>
I tried rebooting, then installing 3.0b26 and then 3.0b10. No luck,
and no kext duplication. I think the problem is simpler. After re-
installing 3.0 (of Mar 3rd, i.e. latest), I ran the command
sudo ifconfig tap0 inet xx.xx.xx.yy netmask 255.255.255.0
and VPN works !
Of course, xx.xx.xx.yy was not given to me by the remote OpenVPN
server, and none of the ROUTE commands sent down have been executed on
the tap interface; so this is not a solution, only a work-around.
Does this give an idea where the problem lies ?
Index Refs Address Size Wired Name (Version) <Linked
Against>
1 75 0 0 0 com.apple.kpi.bsd (10.3.0)
4 105 0 0 0 com.apple.kpi.libkern
(10.3.0)
5 91 0 0 0 com.apple.kpi.mach
(10.3.0)
7 47 0 0 0 com.apple.kpi.unsupported
(10.3.0)
132 0 0x56b7c000 0x6000 0x5000 foo.tap (1.0) <7 5 4 1>
133 0 0x56c0a000 0x6000 0x5000 foo.tun (1.0) <7 5 4 1>
I tried rebooting, then installing 3.0b26 and then 3.0b10. No luck,
and no kext duplication. I think the problem is simpler. After re-
installing 3.0 (of Mar 3rd, i.e. latest), I ran the command
sudo ifconfig tap0 inet xx.xx.xx.yy netmask 255.255.255.0
and VPN works !
Of course, xx.xx.xx.yy was not given to me by the remote OpenVPN
server, and none of the ROUTE commands sent down have been executed on
the tap interface; so this is not a solution, only a work-around.
Does this give an idea where the problem lies ?
PaF
May 5, 2010, 4:25:06 AM5/5/10
to tunnelblick-discuss
Whoops, spoke too soon - VPN works for a small period of time, then
icmp errors.
I did try to kextunload -b both tap and tun before restarting
Tunnelblick (3.0, 3.0b26 and 3.0b10). Did not help.
Is there any debugging level / flag or command line (specific
openvpnstart incantation) I can try ?
icmp errors.
I did try to kextunload -b both tap and tun before restarting
Tunnelblick (3.0, 3.0b26 and 3.0b10). Did not help.
Is there any debugging level / flag or command line (specific
openvpnstart incantation) I can try ?
PaF
May 5, 2010, 4:39:32 AM5/5/10
to tunnelblick-discuss
And now, after another re-install of 3.0 (Mar 3rd), and no changes, it
works. Huh ?
tap0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether a6:ec:f9:43:8e:e0
inet xx.xx.xx.yy netmask 0xffffff00 broadcast xx.xx.xx.255
open (pid 28741)
xx.xx.xx.yy is from the server.
I'll monitor and post back if there is any repeat.
works. Huh ?
tap0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether a6:ec:f9:43:8e:e0
inet xx.xx.xx.yy netmask 0xffffff00 broadcast xx.xx.xx.255
open (pid 28741)
xx.xx.xx.yy is from the server.
I'll monitor and post back if there is any repeat.
Reply all
Reply to author
Forward
0 new messages