yosemite and 3.4.1

[Aage Nielsen]

I simple cannot get it working - my mac keeps having "Resolving host" issues when the tunnelblick is connected. It does not matter if i'm using lan or wifi. As showed in the log some configuration is being ignored ??

2014-10-19 09:21:28 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -ptADGNWradsgnw utun0 1500 1558 10.56.120.6 255.255.255.0 init

                                        **********************************************

                                        Start of output from client.up.tunnelblick.sh

                                        Retrieved from OpenVPN: name server(s) [ 10.56.112.1 ], domain name [ openminds.local ], search domain(s) [  ], and SMB server(s) [  ]

                                        Not aggregating ServerAddresses because running on OS X 10.6 or higher

                                        Setting search domains to 'openminds.local' because running under OS X 10.6 or higher and the search domains were not set manually and 'Prepend domain name to search domains' was not selected

                                        Saved the DNS and SMB configurations so they can be restored

                                        Set ServerAddresses to 10.56.112.1

                                        Set SearchDomains   to openminds.local

                                        Set DomainName       to openminds.local

                                        Setting up to monitor system configuration with process-network-changes

                                        End of output from client.up.tunnelblick.sh

                                        **********************************************

....

....

2014-10-19 09:21:46 *Tunnelblick process-network-changes: A system configuration change was ignored

2014-10-19 09:22:19 *Tunnelblick process-network-changes: A system configuration change was ignored

2014-10-19 09:23:18 *Tunnelblick process-network-changes: A system configuration change was ignored

2014-10-19 09:24:18 *Tunnelblick process-network-changes: A system configuration change was ignored

2014-10-19 09:25:18 *Tunnelblick process-network-changes: A system configuration change was ignored

2014-10-19 09:26:18 *Tunnelblick process-network-changes: A system configuration change was ignored

2014-10-19 09:27:18 *Tunnelblick process-network-changes: A system configuration change was ignored

Any one ?

Best regards

Aage Nielsen

[jkbull...gmail.com]

Please follow the instructions at Read Before You Post.

[Aage Nielsen]

Forgot that the trouble started with updating to Yosemite (and yes I could downgrade OS X) - before I have using tunnelblick for years without any problem.

/aage

[jkbull...gmail.com]

It could be related to a networking problem in Yosemite, but if you continue to have a problem and think it is caused Tunnelblick, please follow the instructions at Read Before You Post so you can get help.

Usually "resolving host" means that the DNS server(s) being used are not responding.

[Aage Nielsen]

Right then:

*Tunnelblick: OS X 10.10.0; Tunnelblick 3.4.1 (build 4054); prior version 3.4beta36 (build 3945); Admin user

"Sanitized" condensed configuration file for /Users/MacAni/Library/Application Support/Tunnelblick/Configurations/mycomp.tblk:

client

dev tun

proto udp

remote <remote ip> 1194

resolv-retry infinite

nobind

ca "mycomp.crt"

cert "client.crt"

key "client.key"

dh "dh2048.pem"

tls-auth "ta.key" 1

tls-remote "/C=DK/O=mycomp/CN=ipnumber"

remote-cert-eku "TLS Web Server Authentication"

script-security 2

cipher AES-256-CBC

auth SHA1

comp-lzo

persist-key

persist-tun

mute-replay-warnings

mute 20

verb 3

keepalive 10 60

================================================================================

"Sanitized" full configuration file

client

dev tun

;dev-node OpenVPN

proto udp

;remote ipnumber 1194

remote <remote ip> 1194

resolv-retry infinite

nobind

ca "mycomp.crt"

cert "client.crt"

key "client.key"

dh "dh2048.pem"

tls-auth "ta.key" 1

tls-remote "/C=DK/O=mycomp/CN=ipnumber"

remote-cert-eku "TLS Web Server Authentication"

script-security 2

cipher AES-256-CBC

auth SHA1

comp-lzo

persist-key

persist-tun

mute-replay-warnings

mute 20

verb 3

keepalive 10 60

================================================================================

There are no unusual files in mycomp.tblk

================================================================================

Configuration preferences:

autoConnect = 0

-onSystemStart = 0

useDNS = 1

-doNotFlushCache = 1

-useRouteUpInsteadOfUp = 0

-keychainHasPrivateKey = 1

-openvpnVersion = -

-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0

-keepConnected = 1

-lastConnectionSucceeded = 1

-tunnelDownSoundName = None

-tunnelUpSoundName = None

-prependDomainNameToSearchDomains = 0

================================================================================

Wildcard preferences:

-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0

================================================================================

Program preferences:

skipWarningThatIPAddressDidNotChangeAfterConnection = 1

placeIconInStandardPositionInStatusBar = 0

launchAtNextLogin = 1

notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0

askedUserIfOKToCheckThatIPAddressDidNotChangeAfterConnection = 1

tunnelblickVersionHistory = (

    "3.4.1 (build 4054)",

    "3.4beta36 (build 3945)",

    "3.4beta34 (build 3935)",

    "3.4beta32 (build 3904)",

    "3.4beta28 (build 3872)",

    "3.4beta26 (build 3828)",

    "3.4beta24 (build 3806)",

    "3.4beta20 (build 3727)",

    "3.4beta18 (build 3704)",

    "3.4beta16 (build 3679)"

)

statusDisplayNumber = 0

lastLaunchTime = 435415989.374501

showConnectedDurations = 1

connectionWindowDisplayCriteria = showWhenConnecting

maxLogDisplaySize = 102400

lastConnectedDisplayName = mycomp

installationUID (not shown)

keyboardShortcutIndex = 1

updateCheckAutomatically = 1

updateSendProfileInfo = 1

NSWindow Frame SettingsSheetWindow = 541 390 829 424 0 0 1680 1027 

NSWindow Frame ConnectingWindow = 645 647 389 187 0 0 1680 1027 

NSWindow Frame SUStatusFrame = 648 691 384 129 0 0 1680 1027 

detailsWindowFrameVersion = 4054

detailsWindowFrame = {{560, 273}, {904, 646}}

detailsWindowLeftFrame = {{0, 0}, {163, 529}}

leftNavSelectedDisplayName = mycomp

haveDealtWithSparkle1dot5b6 = 1

haveDealtWithOldTunTapPreferences = 1

haveDealtWithOldLoginItem = 1

SUEnableAutomaticChecks = 1

SUFeedURL = https://www.tunnelblick.net/appcast-s.rss

SUScheduledCheckInterval = 86400

SUSendProfileInfo = 1

SULastCheckTime = 2014-10-19 12:53:09 +0000

SULastProfileSubmissionDate = 2014-10-18 10:06:45 +0000

SUHasLaunchedBefore = 1

WebKitDefaultFontSize = 11

WebKitStandardFont = Lucida Grande

================================================================================

Tunnelblick Log:

2014-10-19 14:53:12 *Tunnelblick: OS X 10.10.0; Tunnelblick 3.4.1 (build 4054); prior version 3.4beta36 (build 3945)

2014-10-19 14:53:12 *Tunnelblick: Attempting connection with mycomp using shadow copy; Set nameserver = 1; monitoring connection

2014-10-19 14:53:12 *Tunnelblick: openvpnstart start mycomp.tblk 1337 1 0 1 0 16432 -ptADGNWradsgnw 2.3.4

2014-10-19 14:53:12 *Tunnelblick: openvpnstart starting OpenVPN

2014-10-19 14:53:13 *Tunnelblick: openvpnstart log:

     Tunnelblick: 

     OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):

     

          /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.4/openvpn

          --daemon

          --log

          /Library/Application Support/Tunnelblick/Logs/-SUsers-SMacAni-SLibrary-SApplication Support-STunnelblick-SConfigurations-Smycomp.tblk-SContents-SResources-Sconfig.ovpn.1_0_1_0_16432.1337.openvpn.log

          --cd

          /Library/Application Support/Tunnelblick/Users/MacAni/mycomp.tblk/Contents/Resources

          --config

          /Library/Application Support/Tunnelblick/Users/MacAni/mycomp.tblk/Contents/Resources/config.ovpn

          --cd

          /Library/Application Support/Tunnelblick/Users/MacAni/mycomp.tblk/Contents/Resources

          --management

          127.0.0.1

          1337

          --management-query-passwords

          --management-hold

          --script-security

          2

          --up

          /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -ptADGNWradsgnw

          --down

          /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -ptADGNWradsgnw

2014-10-19 14:53:13 *Tunnelblick: Established communication with OpenVPN

2014-10-19 14:53:13 *Tunnelblick: Obtained VPN passphrase from the Keychain

2014-10-19 14:53:13 DEPRECATED OPTION: --tls-remote, please update your configuration

2014-10-19 14:53:13 OpenVPN 2.3.4 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Oct 15 2014

2014-10-19 14:53:13 library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.08

2014-10-19 14:53:13 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337

2014-10-19 14:53:13 Need hold release from management interface, waiting...

2014-10-19 14:53:13 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337

2014-10-19 14:53:13 MANAGEMENT: CMD 'pid'

2014-10-19 14:53:13 MANAGEMENT: CMD 'state on'

2014-10-19 14:53:13 MANAGEMENT: CMD 'state'

2014-10-19 14:53:13 MANAGEMENT: CMD 'bytecount 1'

2014-10-19 14:53:13 MANAGEMENT: CMD 'hold release'

2014-10-19 14:53:13 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2014-10-19 14:53:13 MANAGEMENT: CMD 'password [...]'

2014-10-19 14:53:13 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

2014-10-19 14:53:13 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file

2014-10-19 14:53:13 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

2014-10-19 14:53:13 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

2014-10-19 14:53:13 Socket Buffers: R=[196724->65536] S=[9216->65536]

2014-10-19 14:53:13 UDPv4 link local: [undef]

2014-10-19 14:53:13 UDPv4 link remote: [AF_INET]<remote ip>:1194

2014-10-19 14:53:13 MANAGEMENT: >STATE:1413723193,WAIT,,,

2014-10-19 14:53:13 MANAGEMENT: >STATE:1413723193,AUTH,,,

2014-10-19 14:53:13 TLS: Initial packet from [AF_INET]<remote ip>:1194, sid=94dd860b b00f1b4a

2014-10-19 14:53:13 VERIFY OK: depth=1, /C=DK/ST=Denmark/O=mycomp/CN=mycomp_CA

2014-10-19 14:53:13 Validating certificate extended key usage

2014-10-19 14:53:13 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication

2014-10-19 14:53:13 VERIFY EKU OK

2014-10-19 14:53:13 VERIFY X509NAME OK: /C=DK/O=mycomp/CN=ipnumber

2014-10-19 14:53:13 VERIFY OK: depth=0, /C=DK/O=mycomp/CN=ipnumber

2014-10-19 14:53:13 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

2014-10-19 14:53:13 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

2014-10-19 14:53:13 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

2014-10-19 14:53:13 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

2014-10-19 14:53:13 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA

2014-10-19 14:53:13 [ipnumber] Peer Connection Initiated with [AF_INET]<remote ip>:1194

2014-10-19 14:53:14 MANAGEMENT: >STATE:1413723194,GET_CONFIG,,,

2014-10-19 14:53:15 SENT CONTROL [ipnumber]: 'PUSH_REQUEST' (status=1)

2014-10-19 14:53:16 PUSH: Received control message: 'PUSH_REPLY,route 10.56.112.0 255.255.248.0,dhcp-option DOMAIN mycomp.local,dhcp-option DNS 10.56.112.1,route-gateway 10.56.120.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.56.120.6 255.255.255.0'

2014-10-19 14:53:16 OPTIONS IMPORT: timers and/or timeouts modified

2014-10-19 14:53:16 OPTIONS IMPORT: --ifconfig/up options modified

2014-10-19 14:53:16 OPTIONS IMPORT: route options modified

2014-10-19 14:53:16 OPTIONS IMPORT: route-related options modified

2014-10-19 14:53:16 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

2014-10-19 14:53:16 Opened utun device utun0

2014-10-19 14:53:16 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0

2014-10-19 14:53:16 MANAGEMENT: >STATE:1413723196,ASSIGN_IP,,10.56.120.6,

2014-10-19 14:53:16 /sbin/ifconfig utun0 delete

                                        ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address

2014-10-19 14:53:16 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure

2014-10-19 14:53:16 /sbin/ifconfig utun0 10.56.120.6 10.56.120.6 netmask 255.255.255.0 mtu 1500 up

2014-10-19 14:53:16 /sbin/route add -net 10.56.120.0 10.56.120.6 255.255.255.0

                                        add net 10.56.120.0: gateway 10.56.120.6

2014-10-19 14:53:16 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -ptADGNWradsgnw utun0 1500 1558 10.56.120.6 255.255.255.0 init

                                        **********************************************

                                        Start of output from client.up.tunnelblick.sh

                                        Retrieved from OpenVPN: name server(s) [ 10.56.112.1 ], domain name [ mycomp.local ], search domain(s) [  ], and SMB server(s) [  ]

                                        Not aggregating ServerAddresses because running on OS X 10.6 or higher

                                        Setting search domains to 'mycomp.local' because running under OS X 10.6 or higher and the search domains were not set manually and 'Prepend domain name to search domains' was not selected

                                        Saved the DNS and SMB configurations so they can be restored

                                        Set ServerAddresses to 10.56.112.1

                                        Set SearchDomains   to mycomp.local

                                        Set DomainName       to mycomp.local

                                        Setting up to monitor system configuration with process-network-changes

                                        End of output from client.up.tunnelblick.sh

                                        **********************************************

2014-10-19 14:53:19 *Tunnelblick: No 'connected.sh' script to execute

2014-10-19 14:53:19 MANAGEMENT: >STATE:1413723199,ADD_ROUTES,,,

2014-10-19 14:53:19 /sbin/route add -net 10.56.112.0 10.56.120.1 255.255.248.0

                                        add net 10.56.112.0: gateway 10.56.120.1

2014-10-19 14:53:19 Initialization Sequence Completed

2014-10-19 14:53:19 MANAGEMENT: >STATE:1413723199,CONNECTED,SUCCESS,10.56.120.6,<remote ip>

2014-10-19 14:53:24 *Tunnelblick: This computer's apparent public IP address (78.156.127.202) was unchanged after the connection was made

2014-10-19 14:53:24 *Tunnelblick process-network-changes: A system configuration change was ignored

2014-10-19 14:53:34 *Tunnelblick process-network-changes: A system configuration change was ignored

================================================================================

Console Log:

2014-10-19 09:21:26 Tunnelblick[418] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-mycomp' account = 'privateKey'

2014-10-19 09:31:13 Tunnelblick[418] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-mycomp' account = 'privateKey'

2014-10-19 09:36:51 kernel[0] PM response took 1217 ms (418, Tunnelblick)

2014-10-19 10:17:53 Tunnelblick[418] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-mycomp' account = 'privateKey'

2014-10-19 10:18:26 Tunnelblick[418] applicationShouldTerminate: termination because of Quit; delayed until 'shutdownTunnelblick' finishes

2014-10-19 10:18:28 Tunnelblick[418] Finished shutting down Tunnelblick; allowing termination

2014-10-19 14:53:09 Tunnelblick[2917] Set program update feedURL to https://www.tunnelblick.net/appcast-s.rss

2014-10-19 14:53:10 Tunnelblick[2917] DEBUG: Updater: systemVersion 10.10.0 satisfies minimumSystemVersion 10.4.0

2014-10-19 14:53:10 Tunnelblick[2917] DEBUG: Updater: systemVersion 10.10.0 satisfies minimumSystemVersion 10.4.0

2014-10-19 14:53:13 Tunnelblick[2917] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-mycomp' account = 'privateKey'

================================================================================

Non-Apple kexts that are loaded:

Index Refs Address            Size       Wired      Name (Version) <Linked Against>

  142    3 0xffffff7f83617000 0x57000    0x57000    org.virtualbox.kext.VBoxDrv (4.3.18) <7 5 4 3 1>

  143    0 0xffffff7f8366e000 0x8000     0x8000     org.virtualbox.kext.VBoxUSB (4.3.18) <142 100 39 7 5 4 3 1>

  144    0 0xffffff7f83676000 0x5000     0x5000     org.virtualbox.kext.VBoxNetFlt (4.3.18) <142 7 5 4 3 1>

  145    0 0xffffff7f8367b000 0x6000     0x6000     org.virtualbox.kext.VBoxNetAdp (4.3.18) <142 5 4 1>

/aage

[jkbull...gmail.com]

Try checking the "Route all traffic through the VPN" checkbox on the "While Connected" tab of the "Advanced" window. (Be sure to select the configuration(s) that you want it to apply to in the left side of the "VPN Details…" window before you do that so the setting will be applied to the configuration(s) you want.

Otherwise, it looks like the DNS server on your VPN network is not responding.

[Aage Nielsen]

All of my colleagues (using windows) have no trouble with connecting to our company - so it looks like a mac issue but I can see that there has been some fixes related to dns issues.

When routeing all traffic through VPN no DNS lookup works.

/aage

[stephen...@gmail.com]

We had this issue also after upgrading to Yosemite.

We worked around it by manually adding the DNS server of the remote network in Network Preferences (and also the local domain to the "search domain" settings). This resolved it for us.

[Nello Lucchesi]

Stephen:

Can you elaborate and explain the details of what you did?

Thank you.

- nello