tunnelblick connects, but can not get any Internet Traffic

205 views
Skip to first unread message

shayne

unread,
Jun 14, 2016, 4:58:25 PM6/14/16
to tunnelblick-discuss
I have tunnelblick running seemingly fine, but I can not seem to get to the internet once on the VPN. I feel like I have configured the OpenVPN properly for routing. Not sure where to go from here, or what I should be looking at. 


I hope I have posted what I need to.


Tunnelblick info

*Tunnelblick: OS X 10.11.5; Tunnelblick 3.6.3 (build 4560); Admin user
git commit de3da06d3f99c6839b7ffc5b18f7b3252a79fa8a


Configuration client

"Sanitized" condensed configuration file for /Library/Application Support/Tunnelblick/Shared/client.tblk:

client
dev tun
proto udp
remote 10.0.1.45 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
comp-lzo


================================================================================

Non-Apple kexts that are loaded:

Index Refs Address            Size       Wired      Name (Version) UUID <Linked Against>

================================================================================

There are no unusual files in client.tblk

================================================================================

Configuration preferences:

-notMonitoringConnection = 0
-routeAllTrafficThroughVpn = 1
-useRouteUpInsteadOfUp = 1
-loadTap = 
-loadTun = 
-lastConnectionSucceeded = 1

================================================================================

Wildcard preferences:


================================================================================

Program preferences:

launchAtNextLogin = 1
notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
askedUserIfOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
tunnelblickVersionHistory = (
    "3.6.3 (build 4560)"
)
statusDisplayNumber = 0
lastLaunchTime = 487616721.815273
showConnectedDurations = 1
connectionWindowDisplayCriteria = showWhenConnecting
maxLogDisplaySize = 102400
lastConnectedDisplayName = client
keyboardShortcutIndex = 1
updateCheckAutomatically = 1
updateSendProfileInfo = 1
tunnelblickdHash = 982f7a7b2b98739801aa88b72712259b30dea31dbe8f2662db447888ff2ff295
tunnelblickdPlistHash = ce400d395d1801b003398461b5420021f4d591822783a04b79b2f43956d28620
NSWindow Frame SettingsSheetWindow = 1458 250 829 524 0 0 2560 1417 
NSWindow Frame ConnectingWindow = 1085 942 389 187 0 0 2560 1417 
detailsWindowFrameVersion = 4560
detailsWindowFrame = {{820, 731}, {920, 468}}
detailsWindowLeftFrame = {{0, 0}, {165, 350}}
detailsWindowViewIndex = 0
detailsWindowConfigurationsTabIdentifier = log
leftNavSelectedDisplayName = client
AdvancedWindowTabIdentifier = connectingAndDisconnecting
haveDealtWithSparkle1dot5b6 = 1
haveDealtWithOldTunTapPreferences = 1
haveDealtWithOldLoginItem = 1
SUEnableAutomaticChecks = 1
SUScheduledCheckInterval = 86400
SUSendProfileInfo = 1
SULastCheckTime = 2016-06-14 17:05:21 +0000
SULastProfileSubmissionDate = 2016-06-13 22:47:06 +0000
SUHasLaunchedBefore = 1
WebKitDefaultFontSize = 16
WebKitStandardFont = Times

================================================================================

Tunnelblick Log:

*Tunnelblick: OS X 10.11.5; Tunnelblick 3.6.3 (build 4560)
2016-06-14 13:47:40 *Tunnelblick: Attempting connection with client; Set nameserver = 769; monitoring connection
2016-06-14 13:47:40 *Tunnelblick: openvpnstart start client.tblk 1338 769 0 3 0 1098544 -ptADGNWradsgnw 2.3.10
2016-06-14 13:47:40 *Tunnelblick: openvpnstart log:
     OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
     
          /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.10/openvpn
          --daemon
          --log
          /Library/Application Support/Tunnelblick/Logs/-SLibrary-SApplication Support-STunnelblick-SShared-Sclient.tblk-SContents-SResources-Sconfig.ovpn.769_0_3_0_1098544.1338.openvpn.log
          --cd
          /Library/Application Support/Tunnelblick/Shared/client.tblk/Contents/Resources
          --verb
          3
          --config
          /Library/Application Support/Tunnelblick/Shared/client.tblk/Contents/Resources/config.ovpn
          --verb
          3
          --cd
          /Library/Application Support/Tunnelblick/Shared/client.tblk/Contents/Resources
          --management
          127.0.0.1
          1338
          --management-query-passwords
          --management-hold
          --redirect-gateway
          def1
          --script-security
          2
          --route-up
          /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
          --down
          /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw

2016-06-14 13:47:40 *Tunnelblick: Established communication with OpenVPN
2016-06-14 13:47:40 OpenVPN 2.3.10 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on May  3 2016
2016-06-14 13:47:40 library versions: OpenSSL 1.0.2h  3 May 2016, LZO 2.09
2016-06-14 13:47:40 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1338
2016-06-14 13:47:40 Need hold release from management interface, waiting...
2016-06-14 13:47:40 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1338
2016-06-14 13:47:40 MANAGEMENT: CMD 'pid'
2016-06-14 13:47:40 MANAGEMENT: CMD 'state on'
2016-06-14 13:47:40 MANAGEMENT: CMD 'state'
2016-06-14 13:47:40 MANAGEMENT: CMD 'bytecount 1'
2016-06-14 13:47:40 MANAGEMENT: CMD 'hold release'
2016-06-14 13:47:40 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2016-06-14 13:47:40 Socket Buffers: R=[196724->196724] S=[9216->9216]
2016-06-14 13:47:40 UDPv4 link local: [undef]
2016-06-14 13:47:40 UDPv4 link remote: [AF_INET]10.0.1.45:1194
2016-06-14 13:47:40 MANAGEMENT: >STATE:1465937260,WAIT,,,
2016-06-14 13:47:40 MANAGEMENT: >STATE:1465937260,AUTH,,,
2016-06-14 13:47:40 TLS: Initial packet from [AF_INET]10.0.1.45:1194, sid=f4757f81 57312a6f
2016-06-14 13:47:40 VERIFY OK: depth=1, C=US, ST=California, L=SantaBarbara, O=Underdog, OU=admin, CN=dogbowl, name=ca, emailAddress=*****@*****.com
2016-06-14 13:47:40 VERIFY OK: nsCertType=SERVER
2016-06-14 13:47:40 VERIFY OK: depth=0, C=US, ST=California, L=SantaBarbara, O=Underdog, OU=admin, CN=dogbowl, name=server, emailAddress=*****@*****.com
2016-06-14 13:47:40 *Tunnelblick: openvpnstart starting OpenVPN
2016-06-14 13:47:40 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
2016-06-14 13:47:40 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2016-06-14 13:47:40 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
2016-06-14 13:47:40 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2016-06-14 13:47:40 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
2016-06-14 13:47:40 [dogbowl] Peer Connection Initiated with [AF_INET]10.0.1.45:1194
2016-06-14 13:47:42 MANAGEMENT: >STATE:1465937262,GET_CONFIG,,,
2016-06-14 13:47:43 SENT CONTROL [dogbowl]: 'PUSH_REQUEST' (status=1)
2016-06-14 13:47:43 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
2016-06-14 13:47:43 OPTIONS IMPORT: timers and/or timeouts modified
2016-06-14 13:47:43 OPTIONS IMPORT: --ifconfig/up options modified
2016-06-14 13:47:43 OPTIONS IMPORT: route options modified
2016-06-14 13:47:43 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2016-06-14 13:47:43 Opened utun device utun0
2016-06-14 13:47:43 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
2016-06-14 13:47:43 MANAGEMENT: >STATE:1465937263,ASSIGN_IP,,10.8.0.6,
2016-06-14 13:47:43 /sbin/ifconfig utun0 delete
                                        ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2016-06-14 13:47:43 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2016-06-14 13:47:43 /sbin/ifconfig utun0 10.8.0.6 10.8.0.5 mtu 1500 netmask 255.255.255.255 up
2016-06-14 13:47:43 /sbin/route add -cloning -net 10.0.1.45 -netmask 255.255.255.255 -interface en4
                                        add net 10.0.1.45: gateway en4
2016-06-14 13:47:43 /sbin/route add -net 0.0.0.0 10.8.0.5 128.0.0.0
                                        add net 0.0.0.0: gateway 10.8.0.5
2016-06-14 13:47:43 /sbin/route add -net 128.0.0.0 10.8.0.5 128.0.0.0
                                        add net 128.0.0.0: gateway 10.8.0.5
2016-06-14 13:47:43 MANAGEMENT: >STATE:1465937263,ADD_ROUTES,,,
2016-06-14 13:47:43 /sbin/route add -net 10.8.0.1 10.8.0.5 255.255.255.255
                                        add net 10.8.0.1: gateway 10.8.0.5
                                        **********************************************
                                        Start of output from client.up.tunnelblick.sh
                                        Retrieved from OpenVPN: name server(s) [ 8.8.8.8 8.8.4.4 ], search domain(s) [  ] and SMB server(s) [  ] and using default domain name [ openvpn ]
                                        Not aggregating ServerAddresses because running on OS X 10.6 or higher
                                        Setting search domains to 'openvpn' because running under OS X 10.6 or higher and the search domains were not set manually and 'Prepend domain name to search domains' was not selected
                                        Saved the DNS and SMB configurations so they can be restored
                                        Changed DNS ServerAddresses setting from '10.0.1.1' to '8.8.8.8 8.8.4.4'
                                        Changed DNS SearchDomains setting from '' to 'openvpn'
                                        Changed DNS DomainName setting from 'dogbase.underdogmedia.com' to 'openvpn'
                                        Did not change SMB NetBIOSName setting of ''
                                        Did not change SMB Workgroup setting of ''
                                        Did not change SMB WINSAddresses setting of ''
                                        DNS servers '8.8.8.8 8.8.4.4' will be used for DNS queries when the VPN is active
                                        The DNS servers include only free public DNS servers known to Tunnelblick.
                                        Flushed the DNS cache via dscacheutil
                                        /usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
                                        Notified mDNSResponder that the DNS cache was flushed
                                        Setting up to monitor system configuration with process-network-changes
                                        End of output from client.up.tunnelblick.sh
                                        **********************************************
2016-06-14 13:47:46 *Tunnelblick: No 'connected.sh' script to execute
2016-06-14 13:47:46 Initialization Sequence Completed
2016-06-14 13:47:46 MANAGEMENT: >STATE:1465937266,CONNECTED,SUCCESS,10.8.0.6,10.0.1.45
2016-06-14 13:47:51 *Tunnelblick process-network-changes: A system configuration change was ignored
2016-06-14 13:48:27 *Tunnelblick: After 30.0 seconds, gave up trying to fetch IP address information using the ipInfo host's name after connecting.
2016-06-14 13:48:59 *Tunnelblick: After 30.0 seconds, gave up trying to fetch IP address information using the ipInfo host's IP address after connecting.

================================================================================

"Sanitized" full configuration file

client
dev tun
proto udp

#Server IP and Port
remote 10.0.1.45 1194

resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
comp-lzo



================================================================================

ifconfig output:

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 ::1 prefixlen 128 
inet 127.0.0.1 netmask 0xff000000 
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 
nd6 options=1<PERFORMNUD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=10b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV>
ether 3c:07:54:6b:de:ed 
media: autoselect (none)
status: inactive
en4: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=10b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV>
ether c8:2a:14:4e:5e:d2 
inet 10.0.1.13 netmask 0xffffff00 broadcast 10.0.1.255
media: autoselect (100baseTX <full-duplex,flow-control>)
status: active
en1: flags=8823<UP,BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500
ether 68:a8:6d:25:10:de 
media: autoselect (<unknown type>)
status: inactive
fw1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078
lladdr 00:0a:27:02:00:41:08:de 
media: autoselect <full-duplex>
status: inactive
fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078
lladdr 3c:07:54:ff:fe:98:3d:20 
media: autoselect <full-duplex>
status: inactive
en2: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
options=60<TSO4,TSO6>
ether d2:00:19:83:d2:00 
media: autoselect <full-duplex>
status: inactive
p2p0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 2304
ether 0a:a8:6d:25:10:de 
media: autoselect
status: inactive
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=63<RXCSUM,TXCSUM,TSO4,TSO6>
ether 3e:07:54:b6:00:00 
Configuration:
id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
ipfilter disabled flags 0x2
member: en2 flags=3<LEARNING,DISCOVER>
       ifmaxaddr 0 port 9 priority 0 path cost 0
media: <unknown type>
status: inactive
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 10.8.0.6 --> 10.8.0.5 netmask 0xffffffff 

================================================================================

Console Log:

2016-06-14 10:05:17 Tunnelblick[399] Tunnelblick: OS X 10.11.5; Tunnelblick 3.6.3 (build 4560)
2016-06-14 10:05:21 Tunnelblick[399] Set program update feedURL to https://www.tunnelblick.net/appcast-s.rss
2016-06-14 10:05:23 bird[367] LaunchServices: Failed to create bundleProxy for bundle net.tunnelblick.tunnelblick
2016-06-14 10:17:03 Tunnelblick[399] currentIPInfo(Name): IP address info could not be fetched within 35.3 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={NSUnderlyingError=0x100779af0 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "The request timed out." UserInfo={NSErrorFailingURLStringKey=https://www.tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://www.tunnelblick.net/ipinfo, _kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4, NSLocalizedDescription=The request timed out.}}, NSErrorFailingURLStringKey=https://www.tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://www.tunnelblick.net/ipinfo, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-2102, NSLocalizedDescription=The request timed out.}'; the response was '(null)'
2016-06-14 10:17:03 Tunnelblick[399] App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.
2016-06-14 10:17:35 Tunnelblick[399] currentIPInfo(Address): IP address info could not be fetched within 32.1 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x100796f20 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSErrorFailingURLStringKey=http://205.233.73.116/ipinfo, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection., NSErrorFailingURLKey=http://205.233.73.116/ipinfo}}, NSErrorFailingURLStringKey=http://205.233.73.116/ipinfo, NSErrorFailingURLKey=http://205.233.73.116/ipinfo, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.}'; the response was '(null)'
2016-06-14 10:35:53 Tunnelblick[399] Converting/Installing /Users/shayne/Desktop/vpn/client.ovpn at line 13: Copied ca.crt
2016-06-14 10:35:53 Tunnelblick[399] Changed permissions from 644 to 740 on /private/var/folders/gh/l_myl_ys1c34xlhknpl43mtm0000gn/T/Tunnelblick-PsWXr8/client.tblk/Contents/Resources/ca.crt
2016-06-14 10:35:53 Tunnelblick[399] Converting/Installing /Users/shayne/Desktop/vpn/client.ovpn at line 14: Copied client.crt
2016-06-14 10:35:53 Tunnelblick[399] Changed permissions from 644 to 740 on /private/var/folders/gh/l_myl_ys1c34xlhknpl43mtm0000gn/T/Tunnelblick-PsWXr8/client.tblk/Contents/Resources/client.crt
2016-06-14 10:35:53 Tunnelblick[399] Converting/Installing /Users/shayne/Desktop/vpn/client.ovpn at line 15: Copied client.key
2016-06-14 10:35:53 Tunnelblick[399] Changed permissions from 644 to 740 on /private/var/folders/gh/l_myl_ys1c34xlhknpl43mtm0000gn/T/Tunnelblick-PsWXr8/client.tblk/Contents/Resources/client.key
2016-06-14 10:35:53 Tunnelblick[399] Converting/Installing /Users/shayne/Desktop/vpn/client.ovpn: Converted OpenVPN configuration
2016-06-14 10:37:13 Tunnelblick[399] Converting/Installing /Users/shayne/Desktop/vpn/client_dogbase.ovpn at line 13: Copied ca.crt
2016-06-14 10:37:13 Tunnelblick[399] Changed permissions from 644 to 740 on /private/var/folders/gh/l_myl_ys1c34xlhknpl43mtm0000gn/T/Tunnelblick-Kns6eW/client_dogbase.tblk/Contents/Resources/ca.crt
2016-06-14 10:37:13 Tunnelblick[399] Converting/Installing /Users/shayne/Desktop/vpn/client_dogbase.ovpn at line 14: Copied client.crt
2016-06-14 10:37:13 Tunnelblick[399] Changed permissions from 644 to 740 on /private/var/folders/gh/l_myl_ys1c34xlhknpl43mtm0000gn/T/Tunnelblick-Kns6eW/client_dogbase.tblk/Contents/Resources/client.crt
2016-06-14 10:37:13 Tunnelblick[399] Converting/Installing /Users/shayne/Desktop/vpn/client_dogbase.ovpn at line 15: Copied client.key
2016-06-14 10:37:13 Tunnelblick[399] Changed permissions from 644 to 740 on /private/var/folders/gh/l_myl_ys1c34xlhknpl43mtm0000gn/T/Tunnelblick-Kns6eW/client_dogbase.tblk/Contents/Resources/client.key
2016-06-14 10:37:13 Tunnelblick[399] Converting/Installing /Users/shayne/Desktop/vpn/client_dogbase.ovpn: Converted OpenVPN configuration
2016-06-14 10:37:19 Tunnelblick[399] localNameFromDisplayName: 'client_dogbase' is not a known displayName
2016-06-14 10:37:19 Tunnelblick[399] Beginning installation or repair
2016-06-14 10:37:19 authexec[1223] executing /Applications/Tunnelblick.app/Contents/Resources/installer
2016-06-14 10:37:20 Tunnelblick[399] Installation or repair succeeded; Log:
                                       Tunnelblick installer started 2016-06-14 10:37:19. 3 arguments: 0x0001
                                            /Library/Application Support/Tunnelblick/Shared/client_dogbase.tblk
                                            /private/var/folders/gh/l_myl_ys1c34xlhknpl43mtm0000gn/T/Tunnelblick-Kns6eW/client_dogbase.tblk
                                       Copied /private/var/folders/gh/l_myl_ys1c34xlhknpl43mtm0000gn/T/Tunnelblick-Kns6eW/client_dogbase.tblk
                                           to /Library/Application Support/Tunnelblick/Shared/client_dogbase.tblk.temp
                                       Renamed /Library/Application Support/Tunnelblick/Shared/client_dogbase.tblk.temp
                                            to /Library/Application Support/Tunnelblick/Shared/client_dogbase.tblk
                                       Changed ownership of /Library/Application Support/Tunnelblick/Shared/client_dogbase.tblk and its contents from 501:20 to 0:0
                                       Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Shared/client_dogbase.tblk
                                       Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Shared/client_dogbase.tblk/Contents
                                       Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Shared/client_dogbase.tblk/Contents/Resources
                                       Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Shared/client_dogbase.tblk/Contents/Resources/ca.crt
                                       Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Shared/client_dogbase.tblk/Contents/Resources/client.crt
                                       Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Shared/client_dogbase.tblk/Contents/Resources/client.key
                                       Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Shared/client_dogbase.tblk/Contents/Resources/config.ovpn
                                       Tunnelblick installer finished without error
2016-06-14 10:38:11 Tunnelblick[399] currentIPInfo(Name): IP address info could not be fetched within 35.3 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={NSUnderlyingError=0x106350b40 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "The request timed out." UserInfo={NSErrorFailingURLStringKey=https://www.tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://www.tunnelblick.net/ipinfo, _kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4, NSLocalizedDescription=The request timed out.}}, NSErrorFailingURLStringKey=https://www.tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://www.tunnelblick.net/ipinfo, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-2102, NSLocalizedDescription=The request timed out.}'; the response was '(null)'
2016-06-14 10:38:43 Tunnelblick[399] currentIPInfo(Address): IP address info could not be fetched within 32.1 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x100612db0 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSErrorFailingURLStringKey=http://205.233.73.116/ipinfo, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection., NSErrorFailingURLKey=http://205.233.73.116/ipinfo}}, NSErrorFailingURLStringKey=http://205.233.73.116/ipinfo, NSErrorFailingURLKey=http://205.233.73.116/ipinfo, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.}'; the response was '(null)'
2016-06-14 11:39:02 Tunnelblick[399] currentIPInfo(Name): IP address info could not be fetched within 35.0 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={NSUnderlyingError=0x100766390 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "The request timed out." UserInfo={NSErrorFailingURLStringKey=https://www.tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://www.tunnelblick.net/ipinfo, _kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4, NSLocalizedDescription=The request timed out.}}, NSErrorFailingURLStringKey=https://www.tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://www.tunnelblick.net/ipinfo, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-2102, NSLocalizedDescription=The request timed out.}'; the response was '(null)'
2016-06-14 11:39:34 Tunnelblick[399] currentIPInfo(Address): IP address info could not be fetched within 32.1 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x100546210 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSErrorFailingURLStringKey=http://205.233.73.116/ipinfo, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection., NSErrorFailingURLKey=http://205.233.73.116/ipinfo}}, NSErrorFailingURLStringKey=http://205.233.73.116/ipinfo, NSErrorFailingURLKey=http://205.233.73.116/ipinfo, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.}'; the response was '(null)'
2016-06-14 11:48:10 Tunnelblick[399] currentIPInfo(Name): IP address info could not be fetched within 35.1 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={NSUnderlyingError=0x109362040 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "The request timed out." UserInfo={NSErrorFailingURLStringKey=https://www.tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://www.tunnelblick.net/ipinfo, _kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4, NSLocalizedDescription=The request timed out.}}, NSErrorFailingURLStringKey=https://www.tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://www.tunnelblick.net/ipinfo, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-2102, NSLocalizedDescription=The request timed out.}'; the response was '(null)'
2016-06-14 11:48:42 Tunnelblick[399] currentIPInfo(Address): IP address info could not be fetched within 32.1 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x10934eba0 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSErrorFailingURLStringKey=http://205.233.73.116/ipinfo, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection., NSErrorFailingURLKey=http://205.233.73.116/ipinfo}}, NSErrorFailingURLStringKey=http://205.233.73.116/ipinfo, NSErrorFailingURLKey=http://205.233.73.116/ipinfo, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.}'; the response was '(null)'
2016-06-14 12:16:55 Tunnelblick[399] currentIPInfo(Name): IP address info could not be fetched within 35.0 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={NSUnderlyingError=0x109357390 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "The request timed out." UserInfo={NSErrorFailingURLStringKey=https://www.tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://www.tunnelblick.net/ipinfo, _kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4, NSLocalizedDescription=The request timed out.}}, NSErrorFailingURLStringKey=https://www.tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://www.tunnelblick.net/ipinfo, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-2102, NSLocalizedDescription=The request timed out.}'; the response was '(null)'
2016-06-14 12:17:27 Tunnelblick[399] currentIPInfo(Address): IP address info could not be fetched within 32.2 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x1093577d0 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSErrorFailingURLStringKey=http://205.233.73.116/ipinfo, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection., NSErrorFailingURLKey=http://205.233.73.116/ipinfo}}, NSErrorFailingURLStringKey=http://205.233.73.116/ipinfo, NSErrorFailingURLKey=http://205.233.73.116/ipinfo, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.}'; the response was '(null)'
2016-06-14 12:23:01 Tunnelblick[399] currentIPInfo(Name): IP address info could not be fetched within 35.4 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={NSUnderlyingError=0x100702650 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "The request timed out." UserInfo={NSErrorFailingURLStringKey=https://www.tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://www.tunnelblick.net/ipinfo, _kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4, NSLocalizedDescription=The request timed out.}}, NSErrorFailingURLStringKey=https://www.tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://www.tunnelblick.net/ipinfo, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-2102, NSLocalizedDescription=The request timed out.}'; the response was '(null)'
2016-06-14 12:23:33 Tunnelblick[399] currentIPInfo(Address): IP address info could not be fetched within 32.1 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x109352e90 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSErrorFailingURLStringKey=http://205.233.73.116/ipinfo, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection., NSErrorFailingURLKey=http://205.233.73.116/ipinfo}}, NSErrorFailingURLStringKey=http://205.233.73.116/ipinfo, NSErrorFailingURLKey=http://205.233.73.116/ipinfo, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.}'; the response was '(null)'
2016-06-14 12:40:05 Tunnelblick[399] currentIPInfo(Name): IP address info could not be fetched within 35.5 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={NSUnderlyingError=0x10074fc70 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "The request timed out." UserInfo={NSErrorFailingURLStringKey=https://www.tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://www.tunnelblick.net/ipinfo, _kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4, NSLocalizedDescription=The request timed out.}}, NSErrorFailingURLStringKey=https://www.tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://www.tunnelblick.net/ipinfo, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-2102, NSLocalizedDescription=The request timed out.}'; the response was '(null)'
2016-06-14 12:40:37 Tunnelblick[399] currentIPInfo(Address): IP address info could not be fetched within 32.1 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x107fdf570 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSErrorFailingURLStringKey=http://205.233.73.116/ipinfo, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection., NSErrorFailingURLKey=http://205.233.73.116/ipinfo}}, NSErrorFailingURLStringKey=http://205.233.73.116/ipinfo, NSErrorFailingURLKey=http://205.233.73.116/ipinfo, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.}'; the response was '(null)'
2016-06-14 12:51:11 Tunnelblick[399] currentIPInfo(Name): IP address info could not be fetched within 35.5 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={NSUnderlyingError=0x109340770 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "The request timed out." UserInfo={NSErrorFailingURLStringKey=https://www.tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://www.tunnelblick.net/ipinfo, _kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4, NSLocalizedDescription=The request timed out.}}, NSErrorFailingURLStringKey=https://www.tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://www.tunnelblick.net/ipinfo, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-2102, NSLocalizedDescription=The request timed out.}'; the response was '(null)'
2016-06-14 12:51:43 Tunnelblick[399] currentIPInfo(Address): IP address info could not be fetched within 32.1 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x100549fd0 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSErrorFailingURLStringKey=http://205.233.73.116/ipinfo, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection., NSErrorFailingURLKey=http://205.233.73.116/ipinfo}}, NSErrorFailingURLStringKey=http://205.233.73.116/ipinfo, NSErrorFailingURLKey=http://205.233.73.116/ipinfo, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.}'; the response was '(null)'
2016-06-14 13:29:59 Tunnelblick[399] currentIPInfo(Name): IP address info could not be fetched within 35.0 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={NSUnderlyingError=0x100771700 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "The request timed out." UserInfo={NSErrorFailingURLStringKey=https://www.tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://www.tunnelblick.net/ipinfo, _kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4, NSLocalizedDescription=The request timed out.}}, NSErrorFailingURLStringKey=https://www.tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://www.tunnelblick.net/ipinfo, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-2102, NSLocalizedDescription=The request timed out.}'; the response was '(null)'
2016-06-14 13:32:35 Tunnelblick[399] currentIPInfo(Name): IP address info could not be fetched within 35.1 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={NSUnderlyingError=0x106337830 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "The request timed out." UserInfo={NSErrorFailingURLStringKey=https://www.tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://www.tunnelblick.net/ipinfo, _kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4, NSLocalizedDescription=The request timed out.}}, NSErrorFailingURLStringKey=https://www.tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://www.tunnelblick.net/ipinfo, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-2102, NSLocalizedDescription=The request timed out.}'; the response was '(null)'
2016-06-14 13:33:07 Tunnelblick[399] currentIPInfo(Address): IP address info could not be fetched within 32.2 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x1093aabf0 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSErrorFailingURLStringKey=http://205.233.73.116/ipinfo, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection., NSErrorFailingURLKey=http://205.233.73.116/ipinfo}}, NSErrorFailingURLStringKey=http://205.233.73.116/ipinfo, NSErrorFailingURLKey=http://205.233.73.116/ipinfo, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.}'; the response was '(null)'
2016-06-14 13:46:22 Tunnelblick[399] currentIPInfo(Name): IP address info could not be fetched within 36.0 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={NSUnderlyingError=0x106332fc0 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "The request timed out." UserInfo={NSErrorFailingURLStringKey=https://www.tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://www.tunnelblick.net/ipinfo, _kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4, NSLocalizedDescription=The request timed out.}}, NSErrorFailingURLStringKey=https://www.tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://www.tunnelblick.net/ipinfo, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-2102, NSLocalizedDescription=The request timed out.}'; the response was '(null)'
2016-06-14 13:46:54 Tunnelblick[399] currentIPInfo(Address): IP address info could not be fetched within 32.2 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x10076a8b0 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSErrorFailingURLStringKey=http://205.233.73.116/ipinfo, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection., NSErrorFailingURLKey=http://205.233.73.116/ipinfo}}, NSErrorFailingURLStringKey=http://205.233.73.116/ipinfo, NSErrorFailingURLKey=http://205.233.73.116/ipinfo, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.}'; the response was '(null)'
2016-06-14 13:48:27 Tunnelblick[399] currentIPInfo(Name): IP address info could not be fetched within 35.2 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={NSUnderlyingError=0x111b012f0 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "The request timed out." UserInfo={NSErrorFailingURLStringKey=https://www.tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://www.tunnelblick.net/ipinfo, _kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4, NSLocalizedDescription=The request timed out.}}, NSErrorFailingURLStringKey=https://www.tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://www.tunnelblick.net/ipinfo, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-2102, NSLocalizedDescription=The request timed out.}'; the response was '(null)'
2016-06-14 13:48:59 Tunnelblick[399] currentIPInfo(Address): IP address info could not be fetched within 32.1 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x1093da910 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSErrorFailingURLStringKey=http://205.233.73.116/ipinfo, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection., NSErrorFailingURLKey=http://205.233.73.116/ipinfo}}, NSErrorFailingURLStringKey=http://205.233.73.116/ipinfo, NSErrorFailingURLKey=http://205.233.73.116/ipinfo, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.}'; the response was '(null)'



ifconfig on OpenVpn Server -

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.8.0.1  netmask 255.255.255.255  destination 10.8.0.2
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 986  bytes 67217 (65.6 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0



shayne

unread,
Jun 14, 2016, 5:17:53 PM6/14/16
to tunnelblick-discuss
here is the openVPN server

netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         10.0.1.1        0.0.0.0         UG        0 0          0 enp4s0
10.0.1.0        0.0.0.0         255.255.255.0   U         0 0          0 enp4s0
10.8.0.0        10.8.0.2        255.255.255.0   UG        0 0          0 tun0
10.8.0.2        0.0.0.0         255.255.255.255 UH        0 0          0 tun0

Not sure this matters but, I can ping all but 10.8.0.2 

here is my client before connect to VPN

$route get 10.0.0.1

   route to: 10.0.0.1
destination: default
       mask: default
    gateway: 10.0.1.1
  interface: en4
      flags: <UP,GATEWAY,DONE,STATIC,PRCLONING>
 recvpipe  sendpipe  ssthresh  rtt,msec    rttvar  hopcount      mtu     expire
       0         0         0         0         0         0      1500         0 

here is my client after connect to VPN

$ route get 10.0.0.1

   route to: 10.0.0.1
destination: default
       mask: 128.0.0.0
    gateway: 10.8.0.5
  interface: utun0
      flags: <UP,GATEWAY,DONE,STATIC,PRCLONING>
 recvpipe  sendpipe  ssthresh  rtt,msec    rttvar  hopcount      mtu     expire
       0         0         0         0         0         0      1500         0 

I can not ping 10.8.0.5, not sure that matters either

...

jkbull...gmail.com

unread,
Jun 15, 2016, 8:45:04 AM6/15/16
to tunnelblick-discuss, sha...@underdogmedia.com
Thanks for posting all the diagnostic info. Sorry I can't be more help, but this appears to be a routing or OpenVPN problem, not a problem with Tunnelblick. You should consult OpenVPN experts:
Reply all
Reply to author
Forward
0 new messages