Re: I cannot use openvpnstart to establish the connection. Please help.

531 views
Skip to first unread message

Jonathan K. Bullard

unread,
Jul 26, 2012, 9:03:16 PM7/26/12
to tunnelbli...@googlegroups.com
The easiest way to do it is to create and install a Tunnelblick VPN Configuration[1] with the config file and certs and keys, then connect it once using Tunnelblick. The log will contain (among other things) the openvpnstart command that was used to start the connection. You can just copy/paste that from the log into a shell script (or whatever). And if it doesn't connect, you'll have a log that you can look at to see what's going on.

[1] Creating and Installing a Tunnelblick VPN Configuration


On Thu, Jul 26, 2012 at 8:54 PM, sk <skw...@gmail.com> wrote:
Hi,

I am a newbie to Tunnelblick, so please excuse my "newbieness."

I need a command line tool to establish vpn connections.  With my subscription with Overplay, I downloaded the conf and the cert; and also I downloaded Tunnelblick 3.2.6.  After testing out the app, which works fine on my mac (os x 10.7.4), I switched to command line.  After reading a couple of topics in this group and studying the logs, I tried:
XXXX$ /Applications/Tunnelblick.app/Contents/Resources/openvpnstart start Overplay\ -\ China.conf 0 0 0 0 1 49 -atDASNGWrdasngw
Loading tun.kext 

but it just hanged there at Loading tun.kext.  I also tried other combos, but the result is the same.  e.g.,
1) openvpnstart start Overplay\ -\ China.conf 0
2) With or without Tunnelblick running.

Please help.  Thank you.

My config file content:
client
dev tun
proto udp
remote-random
remote 176.67.86.40 1443
auth-user-pass
resolv-retry infinite
nobind
persist-key
persist-tun
ca OverplayCert.crt
verb 4
route-method exe 
route-delay 2
comp-lzo

--
You received this message because you are subscribed to the Google Groups "tunnelblick-discuss" group.
To view this discussion on the web visit https://groups.google.com/d/msg/tunnelblick-discuss/-/cqNcmJ29p94J.
To post to this group, send email to tunnelbli...@googlegroups.com.
To unsubscribe from this group, send email to tunnelblick-dis...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/tunnelblick-discuss?hl=en.

sk

unread,
Jul 27, 2012, 1:04:09 PM7/27/12
to tunnelbli...@googlegroups.com
Hi,

Now I have come up to the point that it waits for my username and password silently.  I found that out in the log:
...
Fri Jul 27 09:54:49 2012 us=90534   auth_user_pass_file = 'stdin'
Fri Jul 27 09:54:49 2012 us=90544 OpenVPN 2.2.1 i386-apple-darwin10.7.1 [SSL] [LZO2] [PKCS11] [eurephia] built on May  2 2012
Fri Jul 27 09:54:49 2012 us=90631 MANAGEMENT: TCP Socket listening on 127.0.0.1:1338
Enter Auth Username: 

If I enter the username and password in the command line blindly(separated by enter), it will connect.  So, can I embed it in the .conf file? What will be the syntax?
That is what I hope to accomplish; otherwise, it will be pointless for me to use command line.

Thank you very much.
To post to this group, send email to tunnelblick-discuss@googlegroups.com.
To unsubscribe from this group, send email to tunnelblick-discuss+unsub...@googlegroups.com.

Jonathan K. Bullard

unread,
Jul 27, 2012, 2:09:23 PM7/27/12
to tunnelbli...@googlegroups.com
It would not be very secure to have a username/password in the configuration file; I don't think OpenVPN even allows it.

I should have thought of this earlier; I hadn't noticed the username/password issue. The most secure and easiest way is for you to have Tunnelblick store the username/password in the Keychain and retrieve it on demand.

And there's a simple way to control Tunnelblick connections via AppleScript (and AppleScripts can be invoked via the command line).

The basic idea would be for you to run Tunnelblick once to make a connection and enter the username/password and have them stored in the Keychain. You can then disconnect.

After that, just leave Tunnelblick running all the time but with nothing connected. (Tunnelblick's only visible presence will be its icon near the Spotlight icon). If it is running when you log out or restart your computer, it will be launched automatically when you log back in.

Your command line scripts would invoke AppleScripts that connect, disconnect, etc.

AppleScripts are easy to write. You can use the AppleScript Editor (which is in /Applications/Utilities) to write and debug scripts. Save the scripts somewhere convenient.

An example of an AppleScript that connects a configuration named "My VPN" would be:

tell application "Tunnelblick"
connect "My VPN"
end tell

(That script is the equivalent of pressing the "Connect" button -- it starts an attempt to make a connection and returns right away, whether or not the connection was actually established. For a script which waits until a connection is established, see this post.)

To run a script, use the following from the command line (or a shell script):

osascript path-to-the-script

That's it.

For details of using AppleScript to control Tunnelblick, look at AppleScript Support.


To view this discussion on the web visit https://groups.google.com/d/msg/tunnelblick-discuss/-/aXHOmjkcAkMJ.

To post to this group, send email to tunnelbli...@googlegroups.com.
To unsubscribe from this group, send email to tunnelblick-dis...@googlegroups.com.

sk

unread,
Jul 27, 2012, 5:32:54 PM7/27/12
to tunnelbli...@googlegroups.com
Hi,

Thank you for your detail email.  From it, I get 2 proposals:
1) Run Tunnelblick once so that it will save the username/password in the Keychain.
2) Use applescript to use Tunnelblick to connect.

I think both are great (and I should have thought of #2).  When I was trying #1, even I have Tunnelblick around and had it run once, openvpnstart will still wait silently for my username/password.  Can I ask why?

Thank you.

Regards,
sk   
To unsubscribe from this group, send email to tunnelblick-discuss+unsubscribe...@googlegroups.com.

For more options, visit this group at http://groups.google.com/group/tunnelblick-discuss?hl=en.

Jonathan K. Bullard

unread,
Jul 27, 2012, 5:40:52 PM7/27/12
to tunnelbli...@googlegroups.com
I should have thought of AppleScript earlier, too. Sorry.

What I mean is to use Tunnelblick to connect -- not the command line. So launch Tunnelblick, then click on the Tunnelblick icon and click on the "Connect xxx" entry (where xxx is your configuration name).

Tunnelblick should ask you for a username and password in a dialog window with a checkbox to "Save to the Keychain". Do that, then, after it has connected, disconnect. Your password should now be saved in the Keychain. To double-check, have Tunnelblick connect again the same way. Then disconnect.

Then you should (as long as Tunnelblick is running) be able to connect/disconnect using AppleScript.

You may want to change some of the preferences, using the "Appearance" panel of the "VPN Details…" window. For example, you may not want to see the notification window or the startup window. Up to you.

Good luck. 

To view this discussion on the web visit https://groups.google.com/d/msg/tunnelblick-discuss/-/se22dZEpWL4J.

To post to this group, send email to tunnelbli...@googlegroups.com.
To unsubscribe from this group, send email to tunnelblick-dis...@googlegroups.com.

sk

unread,
Jul 27, 2012, 5:49:28 PM7/27/12
to tunnelbli...@googlegroups.com
Hi,

Thank you for your prompt reply and help all along.  Yes, I also checked my KeyChain and 2 entries have been created inside (with the same name and content though), but when I run openvpnstart, it just waits silently.  Do you know why?

Second, how about doing a disconnect with applescript? Is the action "disconnect"?

Regards,

sk 
Good luck. 

Jonathan K. Bullard

unread,
Jul 27, 2012, 7:07:46 PM7/27/12
to tunnelbli...@googlegroups.com
On Fri, Jul 27, 2012 at 5:49 PM, sk <skw...@gmail.com> wrote:
Hi,

Thank you for your prompt reply and help all along.  Yes, I also checked my KeyChain and 2 entries have been created inside (with the same name and content though), but when I run openvpnstart, it just waits silently.  Do you know why?

Two Keychain entries: one for the username, one for the password.

Without the Tunnelblick log, I can't tell why it waits. See below.

Second, how about doing a disconnect with applescript? Is the action "disconnect"?

Yes. Look at the AppleScript page I linked to earlier.
 

To get the Tunnelblick log on the Clipboard so you can paste it into an email:
  1. Click the Tunnelblick icon
  2. Click "VPN Details…"
  3. Select the "Configurations" panel if it is not already selected
  4. Select the configuration whose file you want to look at in the list on the left
  5. Select the "Log" tab if it is not already selected
  6. Click "Copy Log to Clipboard"

To put the contents of your configuration file on the Clipboard so you can paste it into an email, open it in TextEdit as follows:
  1. Click the Tunnelblick icon
  2. Click "VPN Details…"
  3. Select the "Configurations" panel if it is not already selected
  4. Select the configuration whose file you want to look at in the list on the left
  5. Click the little "gear" icon at the bottom of the list on the left
  6. Select "Edit OpenVPN Configuration File…" (or possibly "Examine OpenVPN Configuration File…").
In TextEdit you can Edit : Select All and then Edit : Copy to get the contents of the configuration file put into the clipboard.

To view this discussion on the web visit https://groups.google.com/d/msg/tunnelblick-discuss/-/i0wm5CXzch8J.

To post to this group, send email to tunnelbli...@googlegroups.com.
To unsubscribe from this group, send email to tunnelblick-dis...@googlegroups.com.

sk

unread,
Jul 28, 2012, 12:26:14 AM7/28/12
to tunnelbli...@googlegroups.com
Hi,

Thank you for your help.  You have been providing excellent support.  Please see below for the log.

Regards,

sk

2012-07-27 21:22:48 *Tunnelblick: OS X 10.7.4; Tunnelblick 3.2.6 (build 2891.3007)
2012-07-27 21:24:13 *Tunnelblick: openvpnstart: /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.2.1/openvpn --cd /Users/stephenkwok/Library/Application Support/Tunnelblick/Configurations --daemon --management 127.0.0.1 1337 --config /Users/stephenkwok/Library/Application Support/Tunnelblick/Configurations/Overplay - China.conf --log /Library/Application Support/Tunnelblick/Logs/-SUsers-Sstephenkwok-SLibrary-SApplication Support-STunnelblick-SConfigurations-SOverplay -- China.conf.0_0_0_1_49.1337.openvpn.log --script-security 2
2012-07-27 21:24:14 us=205019 Current Parameter Settings:
2012-07-27 21:24:14 us=205138   config = '/Users/stephenkwok/Library/Application Support/Tunnelblick/Configurations/Overplay - China.conf'
2012-07-27 21:24:14 us=205147   mode = 0
2012-07-27 21:24:14 us=205153   show_ciphers = DISABLED
2012-07-27 21:24:14 us=205160   show_digests = DISABLED
2012-07-27 21:24:14 us=205166   show_engines = DISABLED
2012-07-27 21:24:14 us=205172   genkey = DISABLED
2012-07-27 21:24:14 us=205180   key_pass_file = '[UNDEF]'
2012-07-27 21:24:14 us=205187   show_tls_ciphers = DISABLED
2012-07-27 21:24:14 us=205193 Connection profiles [default]:
2012-07-27 21:24:14 us=205199   proto = udp
2012-07-27 21:24:14 us=205205   local = '[UNDEF]'
2012-07-27 21:24:14 us=205211   local_port = 0
2012-07-27 21:24:14 us=205217   remote = '176.67.86.40'
2012-07-27 21:24:14 us=205223   remote_port = 1443
2012-07-27 21:24:14 us=205229   remote_float = DISABLED
2012-07-27 21:24:14 us=205235   bind_defined = DISABLED
2012-07-27 21:24:14 us=205241   bind_local = DISABLED
2012-07-27 21:24:14 us=205247   connect_retry_seconds = 5
2012-07-27 21:24:14 us=205254   connect_timeout = 10
2012-07-27 21:24:14 us=205260   connect_retry_max = 0
2012-07-27 21:24:14 us=205266   socks_proxy_server = '[UNDEF]'
2012-07-27 21:24:14 us=205272   socks_proxy_port = 0
2012-07-27 21:24:14 us=205277   socks_proxy_retry = DISABLED
2012-07-27 21:24:14 us=205283 Connection profiles END
2012-07-27 21:24:14 us=205290   remote_random = ENABLED
2012-07-27 21:24:14 us=205296   ipchange = '[UNDEF]'
2012-07-27 21:24:14 us=205302   dev = 'tun'
2012-07-27 21:24:14 us=205307   dev_type = '[UNDEF]'
2012-07-27 21:24:14 us=205313   dev_node = '[UNDEF]'
2012-07-27 21:24:14 us=205319   lladdr = '[UNDEF]'
2012-07-27 21:24:14 us=205325   topology = 1
2012-07-27 21:24:14 us=205331   tun_ipv6 = DISABLED
2012-07-27 21:24:14 us=205337   ifconfig_local = '[UNDEF]'
2012-07-27 21:24:14 us=205343   ifconfig_remote_netmask = '[UNDEF]'
2012-07-27 21:24:14 us=205349   ifconfig_noexec = DISABLED
2012-07-27 21:24:14 us=205355   ifconfig_nowarn = DISABLED
2012-07-27 21:24:14 us=205361   shaper = 0
2012-07-27 21:24:14 us=205367   tun_mtu = 1500
2012-07-27 21:24:14 us=205373   tun_mtu_defined = ENABLED
2012-07-27 21:24:14 us=205379   link_mtu = 1500
2012-07-27 21:24:14 us=205385   link_mtu_defined = DISABLED
2012-07-27 21:24:14 us=205391   tun_mtu_extra = 0
2012-07-27 21:24:14 us=205397   tun_mtu_extra_defined = DISABLED
2012-07-27 21:24:14 us=205403   fragment = 0
2012-07-27 21:24:14 us=205409   mtu_discover_type = -1
2012-07-27 21:24:14 us=205414   mtu_test = 0
2012-07-27 21:24:14 us=205420   mlock = DISABLED
2012-07-27 21:24:14 us=205426   keepalive_ping = 0
2012-07-27 21:24:14 us=205432   keepalive_timeout = 0
2012-07-27 21:24:14 us=205438   inactivity_timeout = 0
2012-07-27 21:24:14 us=205444   ping_send_timeout = 0
2012-07-27 21:24:14 us=205450   ping_rec_timeout = 0
2012-07-27 21:24:14 us=205456   ping_rec_timeout_action = 0
2012-07-27 21:24:14 us=205462   ping_timer_remote = DISABLED
2012-07-27 21:24:14 us=205470   remap_sigusr1 = 0
2012-07-27 21:24:14 us=205477   explicit_exit_notification = 0
2012-07-27 21:24:14 us=205482   persist_tun = ENABLED
2012-07-27 21:24:14 us=205488   persist_local_ip = DISABLED
2012-07-27 21:24:14 us=205494   persist_remote_ip = DISABLED
2012-07-27 21:24:14 us=205500   persist_key = ENABLED
2012-07-27 21:24:14 us=205506   mssfix = 1450
2012-07-27 21:24:14 us=205512   passtos = DISABLED
2012-07-27 21:24:14 us=205518   resolve_retry_seconds = 1000000000
2012-07-27 21:24:14 us=205524   username = '[UNDEF]'
2012-07-27 21:24:14 us=205530   groupname = '[UNDEF]'
2012-07-27 21:24:14 us=205536   chroot_dir = '[UNDEF]'
2012-07-27 21:24:14 us=205543   cd_dir = '/Users/stephenkwok/Library/Application Support/Tunnelblick/Configurations'
2012-07-27 21:24:14 us=205556   writepid = '[UNDEF]'
2012-07-27 21:24:14 us=205562   up_script = '[UNDEF]'
2012-07-27 21:24:14 us=205568   down_script = '[UNDEF]'
2012-07-27 21:24:14 us=205574   down_pre = DISABLED
2012-07-27 21:24:14 us=205580   up_restart = DISABLED
2012-07-27 21:24:14 us=205586   up_delay = DISABLED
2012-07-27 21:24:14 us=205594   daemon = ENABLED
2012-07-27 21:24:14 us=205601   inetd = 0
2012-07-27 21:24:14 us=205607   log = ENABLED
2012-07-27 21:24:14 us=205613   suppress_timestamps = DISABLED
2012-07-27 21:24:14 us=205619   nice = 0
2012-07-27 21:24:14 us=205627   verbosity = 4
2012-07-27 21:24:14 us=205634   mute = 0
2012-07-27 21:24:14 us=205640   gremlin = 0
2012-07-27 21:24:14 us=205645   status_file = '[UNDEF]'
2012-07-27 21:24:14 us=205651   status_file_version = 1
2012-07-27 21:24:14 us=205657   status_file_update_freq = 60
2012-07-27 21:24:14 us=205663   occ = ENABLED
2012-07-27 21:24:14 us=205669   rcvbuf = 65536
2012-07-27 21:24:14 us=205675   sndbuf = 65536
2012-07-27 21:24:14 us=205681   sockflags = 0
2012-07-27 21:24:14 us=205687   fast_io = DISABLED
2012-07-27 21:24:14 us=205693   lzo = 7
2012-07-27 21:24:14 us=205699   route_script = '[UNDEF]'
2012-07-27 21:24:14 us=205705   route_default_gateway = '[UNDEF]'
2012-07-27 21:24:14 us=205711   route_default_metric = 0
2012-07-27 21:24:14 us=205716   route_noexec = DISABLED
2012-07-27 21:24:14 us=205722   route_delay = 2
2012-07-27 21:24:14 us=205728   route_delay_window = 30
2012-07-27 21:24:14 us=205734   route_delay_defined = ENABLED
2012-07-27 21:24:14 us=205740   route_nopull = DISABLED
2012-07-27 21:24:14 us=205746   route_gateway_via_dhcp = DISABLED
2012-07-27 21:24:14 us=205752   max_routes = 100
2012-07-27 21:24:14 us=205759   allow_pull_fqdn = DISABLED
2012-07-27 21:24:14 us=205765   management_addr = '127.0.0.1'
2012-07-27 21:24:14 us=205771   management_port = 1337
2012-07-27 21:24:14 us=205777   management_user_pass = '[UNDEF]'
2012-07-27 21:24:14 us=205784   management_log_history_cache = 250
2012-07-27 21:24:14 us=205790   management_echo_buffer_size = 100
2012-07-27 21:24:14 us=205796   management_write_peer_info_file = '[UNDEF]'
2012-07-27 21:24:14 us=205803   management_client_user = '[UNDEF]'
2012-07-27 21:24:14 us=205809   management_client_group = '[UNDEF]'
2012-07-27 21:24:14 us=205815   management_flags = 0
2012-07-27 21:24:14 us=205822   shared_secret_file = '[UNDEF]'
2012-07-27 21:24:14 us=205828   key_direction = 0
2012-07-27 21:24:14 us=205834   ciphername_defined = ENABLED
2012-07-27 21:24:14 us=205840   ciphername = 'BF-CBC'
2012-07-27 21:24:14 us=205846   authname_defined = ENABLED
2012-07-27 21:24:14 us=205853   authname = 'SHA1'
2012-07-27 21:24:14 us=205859   prng_hash = 'SHA1'
2012-07-27 21:24:14 us=205865   prng_nonce_secret_len = 16
2012-07-27 21:24:14 us=205871   keysize = 0
2012-07-27 21:24:14 us=205877   engine = DISABLED
2012-07-27 21:24:14 us=205883   replay = ENABLED
2012-07-27 21:24:14 us=205890   mute_replay_warnings = DISABLED
2012-07-27 21:24:14 us=205896   replay_window = 64
2012-07-27 21:24:14 us=205902   replay_time = 15
2012-07-27 21:24:14 us=205908   packet_id_file = '[UNDEF]'
2012-07-27 21:24:14 us=205914   use_iv = ENABLED
2012-07-27 21:24:14 us=205920   test_crypto = DISABLED
2012-07-27 21:24:14 us=205927   tls_server = DISABLED
2012-07-27 21:24:14 us=205935   tls_client = ENABLED
2012-07-27 21:24:14 us=205942   key_method = 2
2012-07-27 21:24:14 us=205948   ca_file = 'OverplayCert.crt'
2012-07-27 21:24:14 us=205954   ca_path = '[UNDEF]'
2012-07-27 21:24:14 us=205960   dh_file = '[UNDEF]'
2012-07-27 21:24:14 us=205967   cert_file = '[UNDEF]'
2012-07-27 21:24:14 us=205973   priv_key_file = '[UNDEF]'
2012-07-27 21:24:14 us=205985   pkcs12_file = '[UNDEF]'
2012-07-27 21:24:14 us=205992   cipher_list = '[UNDEF]'
2012-07-27 21:24:14 us=205998   tls_verify = '[UNDEF]'
2012-07-27 21:24:14 us=206004   tls_export_cert = '[UNDEF]'
2012-07-27 21:24:14 us=206010   tls_remote = '[UNDEF]'
2012-07-27 21:24:14 us=206016   crl_file = '[UNDEF]'
2012-07-27 21:24:14 us=206022   ns_cert_type = 0
2012-07-27 21:24:14 us=206028   remote_cert_ku[i] = 0
2012-07-27 21:24:14 us=206034   remote_cert_ku[i] = 0
2012-07-27 21:24:14 us=206040   remote_cert_ku[i] = 0
2012-07-27 21:24:14 us=206047   remote_cert_ku[i] = 0
2012-07-27 21:24:14 us=206053   remote_cert_ku[i] = 0
2012-07-27 21:24:14 us=206059   remote_cert_ku[i] = 0
2012-07-27 21:24:14 us=206065   remote_cert_ku[i] = 0
2012-07-27 21:24:14 us=206071   remote_cert_ku[i] = 0
2012-07-27 21:24:14 us=206077   remote_cert_ku[i] = 0
2012-07-27 21:24:14 us=206083   remote_cert_ku[i] = 0
2012-07-27 21:24:14 us=206089   remote_cert_ku[i] = 0
2012-07-27 21:24:14 us=206095   remote_cert_ku[i] = 0
2012-07-27 21:24:14 us=206101   remote_cert_ku[i] = 0
2012-07-27 21:24:14 us=206107   remote_cert_ku[i] = 0
2012-07-27 21:24:14 us=206113   remote_cert_ku[i] = 0
2012-07-27 21:24:14 us=206119   remote_cert_ku[i] = 0
2012-07-27 21:24:14 us=206125   remote_cert_eku = '[UNDEF]'
2012-07-27 21:24:14 us=206131   tls_timeout = 2
2012-07-27 21:24:14 us=206137   renegotiate_bytes = 0
2012-07-27 21:24:14 us=206143   renegotiate_packets = 0
2012-07-27 21:24:14 us=206149   renegotiate_seconds = 3600
2012-07-27 21:24:14 us=206155   handshake_window = 60
2012-07-27 21:24:14 us=206161   transition_window = 3600
2012-07-27 21:24:14 us=206168   single_session = DISABLED
2012-07-27 21:24:14 us=206174   push_peer_info = DISABLED
2012-07-27 21:24:14 us=206180   tls_exit = DISABLED
2012-07-27 21:24:14 us=206186   tls_auth_file = '[UNDEF]'
2012-07-27 21:24:14 us=206193   pkcs11_protected_authentication = DISABLED
2012-07-27 21:24:14 us=206199   pkcs11_protected_authentication = DISABLED
2012-07-27 21:24:14 us=206205   pkcs11_protected_authentication = DISABLED
2012-07-27 21:24:14 us=206212   pkcs11_protected_authentication = DISABLED
2012-07-27 21:24:14 us=206218   pkcs11_protected_authentication = DISABLED
2012-07-27 21:24:14 us=206224   pkcs11_protected_authentication = DISABLED
2012-07-27 21:24:14 us=206230   pkcs11_protected_authentication = DISABLED
2012-07-27 21:24:14 us=206236   pkcs11_protected_authentication = DISABLED
2012-07-27 21:24:14 us=206242   pkcs11_protected_authentication = DISABLED
2012-07-27 21:24:14 us=206248   pkcs11_protected_authentication = DISABLED
2012-07-27 21:24:14 us=206255   pkcs11_protected_authentication = DISABLED
2012-07-27 21:24:14 us=206261   pkcs11_protected_authentication = DISABLED
2012-07-27 21:24:14 us=206267   pkcs11_protected_authentication = DISABLED
2012-07-27 21:24:14 us=206273   pkcs11_protected_authentication = DISABLED
2012-07-27 21:24:14 us=206279   pkcs11_protected_authentication = DISABLED
2012-07-27 21:24:14 us=206285   pkcs11_protected_authentication = DISABLED
2012-07-27 21:24:14 us=206292   pkcs11_private_mode = 00000000
2012-07-27 21:24:14 us=206299   pkcs11_private_mode = 00000000
2012-07-27 21:24:14 us=206305   pkcs11_private_mode = 00000000
2012-07-27 21:24:14 us=206311   pkcs11_private_mode = 00000000
2012-07-27 21:24:14 us=206317   pkcs11_private_mode = 00000000
2012-07-27 21:24:14 us=206324   pkcs11_private_mode = 00000000
2012-07-27 21:24:14 us=206330   pkcs11_private_mode = 00000000
2012-07-27 21:24:14 us=206336   pkcs11_private_mode = 00000000
2012-07-27 21:24:14 us=206342   pkcs11_private_mode = 00000000
2012-07-27 21:24:14 us=206348   pkcs11_private_mode = 00000000
2012-07-27 21:24:14 us=206355   pkcs11_private_mode = 00000000
2012-07-27 21:24:14 us=206361   pkcs11_private_mode = 00000000
2012-07-27 21:24:14 us=206373   pkcs11_private_mode = 00000000
2012-07-27 21:24:14 us=206380   pkcs11_private_mode = 00000000
2012-07-27 21:24:14 us=206386   pkcs11_private_mode = 00000000
2012-07-27 21:24:14 us=206392   pkcs11_private_mode = 00000000
2012-07-27 21:24:14 us=206398   pkcs11_cert_private = DISABLED
2012-07-27 21:24:14 us=206404   pkcs11_cert_private = DISABLED
2012-07-27 21:24:14 us=206411   pkcs11_cert_private = DISABLED
2012-07-27 21:24:14 us=206417   pkcs11_cert_private = DISABLED
2012-07-27 21:24:14 us=206423   pkcs11_cert_private = DISABLED
2012-07-27 21:24:14 us=206429   pkcs11_cert_private = DISABLED
2012-07-27 21:24:14 us=206435   pkcs11_cert_private = DISABLED
2012-07-27 21:24:14 us=206441   pkcs11_cert_private = DISABLED
2012-07-27 21:24:14 us=206447   pkcs11_cert_private = DISABLED
2012-07-27 21:24:14 us=206453   pkcs11_cert_private = DISABLED
2012-07-27 21:24:14 us=206459   pkcs11_cert_private = DISABLED
2012-07-27 21:24:14 us=206465   pkcs11_cert_private = DISABLED
2012-07-27 21:24:14 us=206472   pkcs11_cert_private = DISABLED
2012-07-27 21:24:14 us=206478   pkcs11_cert_private = DISABLED
2012-07-27 21:24:14 us=206484   pkcs11_cert_private = DISABLED
2012-07-27 21:24:14 us=206490   pkcs11_cert_private = DISABLED
2012-07-27 21:24:14 us=206496   pkcs11_pin_cache_period = -1
2012-07-27 21:24:14 us=206502   pkcs11_id = '[UNDEF]'
2012-07-27 21:24:14 us=206509   pkcs11_id_management = DISABLED
2012-07-27 21:24:14 us=206533   server_network = 0.0.0.0
2012-07-27 21:24:14 us=206542   server_netmask = 0.0.0.0
2012-07-27 21:24:14 us=206549   server_bridge_ip = 0.0.0.0
2012-07-27 21:24:14 us=206556   server_bridge_netmask = 0.0.0.0
2012-07-27 21:24:14 us=206564   server_bridge_pool_start = 0.0.0.0
2012-07-27 21:24:14 us=206571   server_bridge_pool_end = 0.0.0.0
2012-07-27 21:24:14 us=206577   ifconfig_pool_defined = DISABLED
2012-07-27 21:24:14 us=206584   ifconfig_pool_start = 0.0.0.0
2012-07-27 21:24:14 us=206591   ifconfig_pool_end = 0.0.0.0
2012-07-27 21:24:14 us=206598   ifconfig_pool_netmask = 0.0.0.0
2012-07-27 21:24:14 us=206604   ifconfig_pool_persist_filename = '[UNDEF]'
2012-07-27 21:24:14 us=206611   ifconfig_pool_persist_refresh_freq = 600
2012-07-27 21:24:14 us=206617   n_bcast_buf = 256
2012-07-27 21:24:14 us=206623   tcp_queue_limit = 64
2012-07-27 21:24:14 us=206630   real_hash_size = 256
2012-07-27 21:24:14 us=206636   virtual_hash_size = 256
2012-07-27 21:24:14 us=206642   client_connect_script = '[UNDEF]'
2012-07-27 21:24:14 us=206649   learn_address_script = '[UNDEF]'
2012-07-27 21:24:14 us=206655   client_disconnect_script = '[UNDEF]'
2012-07-27 21:24:14 us=206661   client_config_dir = '[UNDEF]'
2012-07-27 21:24:14 us=206668   ccd_exclusive = DISABLED
2012-07-27 21:24:14 us=206674   tmp_dir = '/var/folders/v8/8xyql2yn39xbqky9_163v8yh0000gn/T/'
2012-07-27 21:24:14 us=206680   push_ifconfig_defined = DISABLED
2012-07-27 21:24:14 us=206687   push_ifconfig_local = 0.0.0.0
2012-07-27 21:24:14 us=206694   push_ifconfig_remote_netmask = 0.0.0.0
2012-07-27 21:24:14 us=206701   enable_c2c = DISABLED
2012-07-27 21:24:14 us=206707   duplicate_cn = DISABLED
2012-07-27 21:24:14 us=206713   cf_max = 0
2012-07-27 21:24:14 us=206719   cf_per = 0
2012-07-27 21:24:14 us=206726   max_clients = 1024
2012-07-27 21:24:14 us=206732   max_routes_per_client = 256
2012-07-27 21:24:14 us=206738   auth_user_pass_verify_script = '[UNDEF]'
2012-07-27 21:24:14 us=206744   auth_user_pass_verify_script_via_file = DISABLED
2012-07-27 21:24:14 us=206750   ssl_flags = 0
2012-07-27 21:24:14 us=206757   port_share_host = '[UNDEF]'
2012-07-27 21:24:14 us=206763   port_share_port = 0
2012-07-27 21:24:14 us=206769   client = ENABLED
2012-07-27 21:24:14 us=206775   pull = ENABLED
2012-07-27 21:24:14 us=206789   auth_user_pass_file = 'stdin'
2012-07-27 21:24:14 us=206799 OpenVPN 2.2.1 i386-apple-darwin10.7.1 [SSL] [LZO2] [PKCS11] [eurephia] built on May  2 2012
2012-07-27 21:24:14 us=206894 MANAGEMENT: TCP Socket listening on 127.0.0.1:1337

Jonathan K. Bullard

unread,
Jul 28, 2012, 11:07:07 AM7/28/12
to tunnelbli...@googlegroups.com
Hmm. Tunnelblick isn't connecting to OpenVPN (they are two separate programs).

Try quitting Tunnelblick, then using "Activity Monitor" (from /Applications/Utilities) to see if something else is going on:
In the upper right corner, select "All Processes" from the drop-down list.
Click the "Process Name" header to sort by the name of the process.
Make sure there are no "Tunnelblick" processes, and no "openvpn" processes.
If there are any Tunnelblick or openvpn processes, quit them using the Quit Process button in the upper left. First try to "Quit" them and then use "Force Quit" if the regular "Quit" doesn't work.

Then try to connect again using Tunnelblick. (Don't bother to try the AppleScripts until you get a good, working VPN connection using Tunnelblick.)

sk

unread,
Jul 29, 2012, 11:01:26 PM7/29/12
to tunnelbli...@googlegroups.com
Hi,

I can still reproduce it.  I followed your instructions - kill any Tunnel openvpn processes, and it still waited for my username and password silently.  It first waited at
Sun Jul 29 19:52:32 2012 us=577699 MANAGEMENT: TCP Socket listening on 127.0.0.1:1337
Enter Auth Username:

and my terminal showed:
Stephens-MacBook-Pro-2:~ stephenk$ /Applications/Tunnelblick.app/Contents/Resources/openvpnstart start Overplay\ -\ China.conf 0 0 0 0 1 49 -atDASNGWrdasngw
Loading tun.kext

Then, I entered my username and password; and it proceeded.

The full log is as followed.  Thanks again.

Sun Jul 29 19:52:32 2012 us=575912 Current Parameter Settings:
Sun Jul 29 19:52:32 2012 us=576054   config = '/Users/stephenkwok/Library/Application Support/Tunnelblick/Configurations/Overplay - China.conf'
Sun Jul 29 19:52:32 2012 us=576070   mode = 0
Sun Jul 29 19:52:32 2012 us=576077   show_ciphers = DISABLED
Sun Jul 29 19:52:32 2012 us=576083   show_digests = DISABLED
Sun Jul 29 19:52:32 2012 us=576088   show_engines = DISABLED
Sun Jul 29 19:52:32 2012 us=576094   genkey = DISABLED
Sun Jul 29 19:52:32 2012 us=576102   key_pass_file = '[UNDEF]'
Sun Jul 29 19:52:32 2012 us=576108   show_tls_ciphers = DISABLED
Sun Jul 29 19:52:32 2012 us=576113 Connection profiles [default]:
Sun Jul 29 19:52:32 2012 us=576119   proto = udp
Sun Jul 29 19:52:32 2012 us=576125   local = '[UNDEF]'
Sun Jul 29 19:52:32 2012 us=576131   local_port = 0
Sun Jul 29 19:52:32 2012 us=576136   remote = '176.67.86.40'
Sun Jul 29 19:52:32 2012 us=576142   remote_port = 1443
Sun Jul 29 19:52:32 2012 us=576147   remote_float = DISABLED
Sun Jul 29 19:52:32 2012 us=576153   bind_defined = DISABLED
Sun Jul 29 19:52:32 2012 us=576158   bind_local = DISABLED
Sun Jul 29 19:52:32 2012 us=576164   connect_retry_seconds = 5
Sun Jul 29 19:52:32 2012 us=576170   connect_timeout = 10
Sun Jul 29 19:52:32 2012 us=576175   connect_retry_max = 0
Sun Jul 29 19:52:32 2012 us=576181   socks_proxy_server = '[UNDEF]'
Sun Jul 29 19:52:32 2012 us=576186   socks_proxy_port = 0
Sun Jul 29 19:52:32 2012 us=576192   socks_proxy_retry = DISABLED
Sun Jul 29 19:52:32 2012 us=576197 Connection profiles END
Sun Jul 29 19:52:32 2012 us=576203   remote_random = ENABLED
Sun Jul 29 19:52:32 2012 us=576208   ipchange = '[UNDEF]'
Sun Jul 29 19:52:32 2012 us=576214   dev = 'tun'
Sun Jul 29 19:52:32 2012 us=576219   dev_type = '[UNDEF]'
Sun Jul 29 19:52:32 2012 us=576225   dev_node = '[UNDEF]'
Sun Jul 29 19:52:32 2012 us=576230   lladdr = '[UNDEF]'
Sun Jul 29 19:52:32 2012 us=576236   topology = 1
Sun Jul 29 19:52:32 2012 us=576242   tun_ipv6 = DISABLED
Sun Jul 29 19:52:32 2012 us=576247   ifconfig_local = '[UNDEF]'
Sun Jul 29 19:52:32 2012 us=576253   ifconfig_remote_netmask = '[UNDEF]'
Sun Jul 29 19:52:32 2012 us=576259   ifconfig_noexec = DISABLED
Sun Jul 29 19:52:32 2012 us=576264   ifconfig_nowarn = DISABLED
Sun Jul 29 19:52:32 2012 us=576270   shaper = 0
Sun Jul 29 19:52:32 2012 us=576275   tun_mtu = 1500
Sun Jul 29 19:52:32 2012 us=576281   tun_mtu_defined = ENABLED
Sun Jul 29 19:52:32 2012 us=576286   link_mtu = 1500
Sun Jul 29 19:52:32 2012 us=576292   link_mtu_defined = DISABLED
Sun Jul 29 19:52:32 2012 us=576297   tun_mtu_extra = 0
Sun Jul 29 19:52:32 2012 us=576303   tun_mtu_extra_defined = DISABLED
Sun Jul 29 19:52:32 2012 us=576308   fragment = 0
Sun Jul 29 19:52:32 2012 us=576314   mtu_discover_type = -1
Sun Jul 29 19:52:32 2012 us=576319   mtu_test = 0
Sun Jul 29 19:52:32 2012 us=576325   mlock = DISABLED
Sun Jul 29 19:52:32 2012 us=576331   keepalive_ping = 0
Sun Jul 29 19:52:32 2012 us=576338   keepalive_timeout = 0
Sun Jul 29 19:52:32 2012 us=576344   inactivity_timeout = 0
Sun Jul 29 19:52:32 2012 us=576350   ping_send_timeout = 0
Sun Jul 29 19:52:32 2012 us=576356   ping_rec_timeout = 0
Sun Jul 29 19:52:32 2012 us=576361   ping_rec_timeout_action = 0
Sun Jul 29 19:52:32 2012 us=576367   ping_timer_remote = DISABLED
Sun Jul 29 19:52:32 2012 us=576372   remap_sigusr1 = 0
Sun Jul 29 19:52:32 2012 us=576378   explicit_exit_notification = 0
Sun Jul 29 19:52:32 2012 us=576383   persist_tun = ENABLED
Sun Jul 29 19:52:32 2012 us=576389   persist_local_ip = DISABLED
Sun Jul 29 19:52:32 2012 us=576394   persist_remote_ip = DISABLED
Sun Jul 29 19:52:32 2012 us=576400   persist_key = ENABLED
Sun Jul 29 19:52:32 2012 us=576405   mssfix = 1450
Sun Jul 29 19:52:32 2012 us=576411   passtos = DISABLED
Sun Jul 29 19:52:32 2012 us=576417   resolve_retry_seconds = 1000000000
Sun Jul 29 19:52:32 2012 us=576422   username = '[UNDEF]'
Sun Jul 29 19:52:32 2012 us=576428   groupname = '[UNDEF]'
Sun Jul 29 19:52:32 2012 us=576433   chroot_dir = '[UNDEF]'
Sun Jul 29 19:52:32 2012 us=576439   cd_dir = '/Users/stephenkwok/Library/Application Support/Tunnelblick/Configurations'
Sun Jul 29 19:52:32 2012 us=576451   writepid = '[UNDEF]'
Sun Jul 29 19:52:32 2012 us=576457   up_script = '[UNDEF]'
Sun Jul 29 19:52:32 2012 us=576463   down_script = '[UNDEF]'
Sun Jul 29 19:52:32 2012 us=576468   down_pre = DISABLED
Sun Jul 29 19:52:32 2012 us=576474   up_restart = DISABLED
Sun Jul 29 19:52:32 2012 us=576479   up_delay = DISABLED
Sun Jul 29 19:52:32 2012 us=576487   daemon = ENABLED
Sun Jul 29 19:52:32 2012 us=576493   inetd = 0
Sun Jul 29 19:52:32 2012 us=576498   log = ENABLED
Sun Jul 29 19:52:32 2012 us=576504   suppress_timestamps = DISABLED
Sun Jul 29 19:52:32 2012 us=576510   nice = 0
Sun Jul 29 19:52:32 2012 us=576517   verbosity = 4
Sun Jul 29 19:52:32 2012 us=576523   mute = 0
Sun Jul 29 19:52:32 2012 us=576528   gremlin = 0
Sun Jul 29 19:52:32 2012 us=576534   status_file = '[UNDEF]'
Sun Jul 29 19:52:32 2012 us=576540   status_file_version = 1
Sun Jul 29 19:52:32 2012 us=576545   status_file_update_freq = 60
Sun Jul 29 19:52:32 2012 us=576551   occ = ENABLED
Sun Jul 29 19:52:32 2012 us=576556   rcvbuf = 65536
Sun Jul 29 19:52:32 2012 us=576562   sndbuf = 65536
Sun Jul 29 19:52:32 2012 us=576568   sockflags = 0
Sun Jul 29 19:52:32 2012 us=576573   fast_io = DISABLED
Sun Jul 29 19:52:32 2012 us=576579   lzo = 7
Sun Jul 29 19:52:32 2012 us=576584   route_script = '[UNDEF]'
Sun Jul 29 19:52:32 2012 us=576590   route_default_gateway = '[UNDEF]'
Sun Jul 29 19:52:32 2012 us=576596   route_default_metric = 0
Sun Jul 29 19:52:32 2012 us=576601   route_noexec = DISABLED
Sun Jul 29 19:52:32 2012 us=576607   route_delay = 2
Sun Jul 29 19:52:32 2012 us=576612   route_delay_window = 30
Sun Jul 29 19:52:32 2012 us=576618   route_delay_defined = ENABLED
Sun Jul 29 19:52:32 2012 us=576624   route_nopull = DISABLED
Sun Jul 29 19:52:32 2012 us=576629   route_gateway_via_dhcp = DISABLED
Sun Jul 29 19:52:32 2012 us=576635   max_routes = 100
Sun Jul 29 19:52:32 2012 us=576641   allow_pull_fqdn = DISABLED
Sun Jul 29 19:52:32 2012 us=576647   management_addr = '127.0.0.1'
Sun Jul 29 19:52:32 2012 us=576653   management_port = 1337
Sun Jul 29 19:52:32 2012 us=576659   management_user_pass = '[UNDEF]'
Sun Jul 29 19:52:32 2012 us=576665   management_log_history_cache = 250
Sun Jul 29 19:52:32 2012 us=576671   management_echo_buffer_size = 100
Sun Jul 29 19:52:32 2012 us=576678   management_write_peer_info_file = '[UNDEF]'
Sun Jul 29 19:52:32 2012 us=576684   management_client_user = '[UNDEF]'
Sun Jul 29 19:52:32 2012 us=576690   management_client_group = '[UNDEF]'
Sun Jul 29 19:52:32 2012 us=576695   management_flags = 0
Sun Jul 29 19:52:32 2012 us=576701   shared_secret_file = '[UNDEF]'
Sun Jul 29 19:52:32 2012 us=576707   key_direction = 0
Sun Jul 29 19:52:32 2012 us=576713   ciphername_defined = ENABLED
Sun Jul 29 19:52:32 2012 us=576719   ciphername = 'BF-CBC'
Sun Jul 29 19:52:32 2012 us=576724   authname_defined = ENABLED
Sun Jul 29 19:52:32 2012 us=576730   authname = 'SHA1'
Sun Jul 29 19:52:32 2012 us=576736   prng_hash = 'SHA1'
Sun Jul 29 19:52:32 2012 us=576742   prng_nonce_secret_len = 16
Sun Jul 29 19:52:32 2012 us=576747   keysize = 0
Sun Jul 29 19:52:32 2012 us=576753   engine = DISABLED
Sun Jul 29 19:52:32 2012 us=576759   replay = ENABLED
Sun Jul 29 19:52:32 2012 us=576764   mute_replay_warnings = DISABLED
Sun Jul 29 19:52:32 2012 us=576770   replay_window = 64
Sun Jul 29 19:52:32 2012 us=576776   replay_time = 15
Sun Jul 29 19:52:32 2012 us=576782   packet_id_file = '[UNDEF]'
Sun Jul 29 19:52:32 2012 us=576788   use_iv = ENABLED
Sun Jul 29 19:52:32 2012 us=576794   test_crypto = DISABLED
Sun Jul 29 19:52:32 2012 us=576799   tls_server = DISABLED
Sun Jul 29 19:52:32 2012 us=576807   tls_client = ENABLED
Sun Jul 29 19:52:32 2012 us=576813   key_method = 2
Sun Jul 29 19:52:32 2012 us=576819   ca_file = 'OverplayCert.crt'
Sun Jul 29 19:52:32 2012 us=576825   ca_path = '[UNDEF]'
Sun Jul 29 19:52:32 2012 us=576830   dh_file = '[UNDEF]'
Sun Jul 29 19:52:32 2012 us=576836   cert_file = '[UNDEF]'
Sun Jul 29 19:52:32 2012 us=576842   priv_key_file = '[UNDEF]'
Sun Jul 29 19:52:32 2012 us=576853   pkcs12_file = '[UNDEF]'
Sun Jul 29 19:52:32 2012 us=576859   cipher_list = '[UNDEF]'
Sun Jul 29 19:52:32 2012 us=576865   tls_verify = '[UNDEF]'
Sun Jul 29 19:52:32 2012 us=576871   tls_export_cert = '[UNDEF]'
Sun Jul 29 19:52:32 2012 us=576876   tls_remote = '[UNDEF]'
Sun Jul 29 19:52:32 2012 us=576882   crl_file = '[UNDEF]'
Sun Jul 29 19:52:32 2012 us=576888   ns_cert_type = 0
Sun Jul 29 19:52:32 2012 us=576894   remote_cert_ku[i] = 0
Sun Jul 29 19:52:32 2012 us=576899   remote_cert_ku[i] = 0
Sun Jul 29 19:52:32 2012 us=576905   remote_cert_ku[i] = 0
Sun Jul 29 19:52:32 2012 us=576911   remote_cert_ku[i] = 0
Sun Jul 29 19:52:32 2012 us=576917   remote_cert_ku[i] = 0
Sun Jul 29 19:52:32 2012 us=576922   remote_cert_ku[i] = 0
Sun Jul 29 19:52:32 2012 us=576928   remote_cert_ku[i] = 0
Sun Jul 29 19:52:32 2012 us=576933   remote_cert_ku[i] = 0
Sun Jul 29 19:52:32 2012 us=576939   remote_cert_ku[i] = 0
Sun Jul 29 19:52:32 2012 us=576945   remote_cert_ku[i] = 0
Sun Jul 29 19:52:32 2012 us=576950   remote_cert_ku[i] = 0
Sun Jul 29 19:52:32 2012 us=576956   remote_cert_ku[i] = 0
Sun Jul 29 19:52:32 2012 us=576962   remote_cert_ku[i] = 0
Sun Jul 29 19:52:32 2012 us=576968   remote_cert_ku[i] = 0
Sun Jul 29 19:52:32 2012 us=576973   remote_cert_ku[i] = 0
Sun Jul 29 19:52:32 2012 us=576979   remote_cert_ku[i] = 0
Sun Jul 29 19:52:32 2012 us=576984   remote_cert_eku = '[UNDEF]'
Sun Jul 29 19:52:32 2012 us=576990   tls_timeout = 2
Sun Jul 29 19:52:32 2012 us=576996   renegotiate_bytes = 0
Sun Jul 29 19:52:32 2012 us=577002   renegotiate_packets = 0
Sun Jul 29 19:52:32 2012 us=577008   renegotiate_seconds = 3600
Sun Jul 29 19:52:32 2012 us=577013   handshake_window = 60
Sun Jul 29 19:52:32 2012 us=577019   transition_window = 3600
Sun Jul 29 19:52:32 2012 us=577025   single_session = DISABLED
Sun Jul 29 19:52:32 2012 us=577030   push_peer_info = DISABLED
Sun Jul 29 19:52:32 2012 us=577036   tls_exit = DISABLED
Sun Jul 29 19:52:32 2012 us=577042   tls_auth_file = '[UNDEF]'
Sun Jul 29 19:52:32 2012 us=577048   pkcs11_protected_authentication = DISABLED
Sun Jul 29 19:52:32 2012 us=577054   pkcs11_protected_authentication = DISABLED
Sun Jul 29 19:52:32 2012 us=577060   pkcs11_protected_authentication = DISABLED
Sun Jul 29 19:52:32 2012 us=577066   pkcs11_protected_authentication = DISABLED
Sun Jul 29 19:52:32 2012 us=577071   pkcs11_protected_authentication = DISABLED
Sun Jul 29 19:52:32 2012 us=577077   pkcs11_protected_authentication = DISABLED
Sun Jul 29 19:52:32 2012 us=577083   pkcs11_protected_authentication = DISABLED
Sun Jul 29 19:52:32 2012 us=577089   pkcs11_protected_authentication = DISABLED
Sun Jul 29 19:52:32 2012 us=577095   pkcs11_protected_authentication = DISABLED
Sun Jul 29 19:52:32 2012 us=577100   pkcs11_protected_authentication = DISABLED
Sun Jul 29 19:52:32 2012 us=577106   pkcs11_protected_authentication = DISABLED
Sun Jul 29 19:52:32 2012 us=577112   pkcs11_protected_authentication = DISABLED
Sun Jul 29 19:52:32 2012 us=577118   pkcs11_protected_authentication = DISABLED
Sun Jul 29 19:52:32 2012 us=577123   pkcs11_protected_authentication = DISABLED
Sun Jul 29 19:52:32 2012 us=577129   pkcs11_protected_authentication = DISABLED
Sun Jul 29 19:52:32 2012 us=577135   pkcs11_protected_authentication = DISABLED
Sun Jul 29 19:52:32 2012 us=577141   pkcs11_private_mode = 00000000
Sun Jul 29 19:52:32 2012 us=577147   pkcs11_private_mode = 00000000
Sun Jul 29 19:52:32 2012 us=577153   pkcs11_private_mode = 00000000
Sun Jul 29 19:52:32 2012 us=577159   pkcs11_private_mode = 00000000
Sun Jul 29 19:52:32 2012 us=577165   pkcs11_private_mode = 00000000
Sun Jul 29 19:52:32 2012 us=577170   pkcs11_private_mode = 00000000
Sun Jul 29 19:52:32 2012 us=577176   pkcs11_private_mode = 00000000
Sun Jul 29 19:52:32 2012 us=577182   pkcs11_private_mode = 00000000
Sun Jul 29 19:52:32 2012 us=577187   pkcs11_private_mode = 00000000
Sun Jul 29 19:52:32 2012 us=577193   pkcs11_private_mode = 00000000
Sun Jul 29 19:52:32 2012 us=577199   pkcs11_private_mode = 00000000
Sun Jul 29 19:52:32 2012 us=577205   pkcs11_private_mode = 00000000
Sun Jul 29 19:52:32 2012 us=577216   pkcs11_private_mode = 00000000
Sun Jul 29 19:52:32 2012 us=577223   pkcs11_private_mode = 00000000
Sun Jul 29 19:52:32 2012 us=577228   pkcs11_private_mode = 00000000
Sun Jul 29 19:52:32 2012 us=577234   pkcs11_private_mode = 00000000
Sun Jul 29 19:52:32 2012 us=577240   pkcs11_cert_private = DISABLED
Sun Jul 29 19:52:32 2012 us=577246   pkcs11_cert_private = DISABLED
Sun Jul 29 19:52:32 2012 us=577252   pkcs11_cert_private = DISABLED
Sun Jul 29 19:52:32 2012 us=577257   pkcs11_cert_private = DISABLED
Sun Jul 29 19:52:32 2012 us=577263   pkcs11_cert_private = DISABLED
Sun Jul 29 19:52:32 2012 us=577269   pkcs11_cert_private = DISABLED
Sun Jul 29 19:52:32 2012 us=577274   pkcs11_cert_private = DISABLED
Sun Jul 29 19:52:32 2012 us=577280   pkcs11_cert_private = DISABLED
Sun Jul 29 19:52:32 2012 us=577286   pkcs11_cert_private = DISABLED
Sun Jul 29 19:52:32 2012 us=577292   pkcs11_cert_private = DISABLED
Sun Jul 29 19:52:32 2012 us=577297   pkcs11_cert_private = DISABLED
Sun Jul 29 19:52:32 2012 us=577306   pkcs11_cert_private = DISABLED
Sun Jul 29 19:52:32 2012 us=577312   pkcs11_cert_private = DISABLED
Sun Jul 29 19:52:32 2012 us=577318   pkcs11_cert_private = DISABLED
Sun Jul 29 19:52:32 2012 us=577324   pkcs11_cert_private = DISABLED
Sun Jul 29 19:52:32 2012 us=577330   pkcs11_cert_private = DISABLED
Sun Jul 29 19:52:32 2012 us=577336   pkcs11_pin_cache_period = -1
Sun Jul 29 19:52:32 2012 us=577341   pkcs11_id = '[UNDEF]'
Sun Jul 29 19:52:32 2012 us=577347   pkcs11_id_management = DISABLED
Sun Jul 29 19:52:32 2012 us=577369   server_network = 0.0.0.0
Sun Jul 29 19:52:32 2012 us=577377   server_netmask = 0.0.0.0
Sun Jul 29 19:52:32 2012 us=577384   server_bridge_ip = 0.0.0.0
Sun Jul 29 19:52:32 2012 us=577391   server_bridge_netmask = 0.0.0.0
Sun Jul 29 19:52:32 2012 us=577397   server_bridge_pool_start = 0.0.0.0
Sun Jul 29 19:52:32 2012 us=577404   server_bridge_pool_end = 0.0.0.0
Sun Jul 29 19:52:32 2012 us=577410   ifconfig_pool_defined = DISABLED
Sun Jul 29 19:52:32 2012 us=577417   ifconfig_pool_start = 0.0.0.0
Sun Jul 29 19:52:32 2012 us=577424   ifconfig_pool_end = 0.0.0.0
Sun Jul 29 19:52:32 2012 us=577430   ifconfig_pool_netmask = 0.0.0.0
Sun Jul 29 19:52:32 2012 us=577436   ifconfig_pool_persist_filename = '[UNDEF]'
Sun Jul 29 19:52:32 2012 us=577443   ifconfig_pool_persist_refresh_freq = 600
Sun Jul 29 19:52:32 2012 us=577449   n_bcast_buf = 256
Sun Jul 29 19:52:32 2012 us=577455   tcp_queue_limit = 64
Sun Jul 29 19:52:32 2012 us=577460   real_hash_size = 256
Sun Jul 29 19:52:32 2012 us=577466   virtual_hash_size = 256
Sun Jul 29 19:52:32 2012 us=577472   client_connect_script = '[UNDEF]'
Sun Jul 29 19:52:32 2012 us=577478   learn_address_script = '[UNDEF]'
Sun Jul 29 19:52:32 2012 us=577485   client_disconnect_script = '[UNDEF]'
Sun Jul 29 19:52:32 2012 us=577491   client_config_dir = '[UNDEF]'
Sun Jul 29 19:52:32 2012 us=577497   ccd_exclusive = DISABLED
Sun Jul 29 19:52:32 2012 us=577503   tmp_dir = '/var/folders/v8/8xyql2yn39xbqky9_163v8yh0000gn/T/'
Sun Jul 29 19:52:32 2012 us=577509   push_ifconfig_defined = DISABLED
Sun Jul 29 19:52:32 2012 us=577515   push_ifconfig_local = 0.0.0.0
Sun Jul 29 19:52:32 2012 us=577522   push_ifconfig_remote_netmask = 0.0.0.0
Sun Jul 29 19:52:32 2012 us=577528   enable_c2c = DISABLED
Sun Jul 29 19:52:32 2012 us=577534   duplicate_cn = DISABLED
Sun Jul 29 19:52:32 2012 us=577540   cf_max = 0
Sun Jul 29 19:52:32 2012 us=577546   cf_per = 0
Sun Jul 29 19:52:32 2012 us=577551   max_clients = 1024
Sun Jul 29 19:52:32 2012 us=577557   max_routes_per_client = 256
Sun Jul 29 19:52:32 2012 us=577563   auth_user_pass_verify_script = '[UNDEF]'
Sun Jul 29 19:52:32 2012 us=577569   auth_user_pass_verify_script_via_file = DISABLED
Sun Jul 29 19:52:32 2012 us=577575   ssl_flags = 0
Sun Jul 29 19:52:32 2012 us=577581   port_share_host = '[UNDEF]'
Sun Jul 29 19:52:32 2012 us=577587   port_share_port = 0
Sun Jul 29 19:52:32 2012 us=577592   client = ENABLED
Sun Jul 29 19:52:32 2012 us=577598   pull = ENABLED
Sun Jul 29 19:52:32 2012 us=577611   auth_user_pass_file = 'stdin'
Sun Jul 29 19:52:32 2012 us=577620 OpenVPN 2.2.1 i386-apple-darwin10.7.1 [SSL] [LZO2] [PKCS11] [eurephia] built on May  2 2012
Sun Jul 29 19:52:32 2012 us=577699 MANAGEMENT: TCP Socket listening on 127.0.0.1:1337
Enter Auth Username:Enter Auth Password:
Sun Jul 29 19:52:57 2012 us=684739 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sun Jul 29 19:52:57 2012 us=684781 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Jul 29 19:52:57 2012 us=686109 LZO compression initialized
Sun Jul 29 19:52:57 2012 us=686273 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Jul 29 19:52:57 2012 us=686357 Socket Buffers: R=[42080->65536] S=[9216->65536]
Sun Jul 29 19:52:57 2012 us=686395 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Jul 29 19:52:57 2012 us=686435 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sun Jul 29 19:52:57 2012 us=686461 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sun Jul 29 19:52:57 2012 us=686505 Local Options hash (VER=V4): '41690919'
Sun Jul 29 19:52:57 2012 us=686539 Expected Remote Options hash (VER=V4): '530fdded'
Sun Jul 29 19:52:57 2012 us=687294 UDPv4 link local: [undef]
Sun Jul 29 19:52:57 2012 us=687449 UDPv4 link remote: 176.67.86.40:1443
Sun Jul 29 19:53:00 2012 us=260555 TLS: Initial packet from 176.67.86.40:1443, sid=8659e7cc a06e298a
Sun Jul 29 19:53:00 2012 us=260816 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Jul 29 19:53:01 2012 us=203109 VERIFY OK: depth=1, /C=UK/ST=LANCS/L=MANCHESTER/O=OVERPLAY.NET_LLP/OU=CA/CN=OVERPLAY_CA/emailAddress=c...@overplay.net
Sun Jul 29 19:53:01 2012 us=203556 VERIFY OK: depth=0, /C=US/ST=IL/L=Chicago/O=OVERPLAY.NET_LLP/OU=SERVERS/CN=vpn1-us/emailAddress=c...@overplay.net
Sun Jul 29 19:53:01 2012 us=903650 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1542', remote='link-mtu 1574'
Sun Jul 29 19:53:01 2012 us=903882 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1500', remote='tun-mtu 1532'
Sun Jul 29 19:53:01 2012 us=904498 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Jul 29 19:53:01 2012 us=904590 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jul 29 19:53:01 2012 us=904744 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Jul 29 19:53:01 2012 us=904824 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jul 29 19:53:01 2012 us=904949 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun Jul 29 19:53:01 2012 us=905058 [vpn1-us] Peer Connection Initiated with 176.67.86.40:1443
Sun Jul 29 19:53:04 2012 us=321254 SENT CONTROL [vpn1-us]: 'PUSH_REQUEST' (status=1)
Sun Jul 29 19:53:04 2012 us=477711 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,route 10.12.5.1,topology net30,ping 10,ping-restart 120,ifconfig 10.12.5.50 10.12.5.49'
Sun Jul 29 19:53:04 2012 us=478077 OPTIONS IMPORT: timers and/or timeouts modified
Sun Jul 29 19:53:04 2012 us=478194 OPTIONS IMPORT: --ifconfig/up options modified
Sun Jul 29 19:53:04 2012 us=478295 OPTIONS IMPORT: route options modified
Sun Jul 29 19:53:04 2012 us=478394 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Jul 29 19:53:04 2012 us=478646 ROUTE default_gateway=192.168.101.1
Sun Jul 29 19:53:04 2012 us=478917 TUN/TAP device /dev/tun0 opened
Sun Jul 29 19:53:04 2012 us=479072 /sbin/ifconfig tun0 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
Sun Jul 29 19:53:04 2012 us=482268 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
Sun Jul 29 19:53:04 2012 us=482452 /sbin/ifconfig tun0 10.12.5.50 10.12.5.49 mtu 1500 netmask 255.255.255.255 up
Sun Jul 29 19:53:06 2012 us=477370 /sbin/route add -net 176.67.86.40 192.168.101.1 255.255.255.255
add net 176.67.86.40: gateway 192.168.101.1
Sun Jul 29 19:53:06 2012 us=481018 /sbin/route add -net 0.0.0.0 10.12.5.49 128.0.0.0
add net 0.0.0.0: gateway 10.12.5.49
Sun Jul 29 19:53:06 2012 us=483319 /sbin/route add -net 128.0.0.0 10.12.5.49 128.0.0.0
add net 128.0.0.0: gateway 10.12.5.49
Sun Jul 29 19:53:06 2012 us=485576 /sbin/route add -net 10.12.5.1 10.12.5.49 255.255.255.255
add net 10.12.5.1: gateway 10.12.5.49
Sun Jul 29 19:53:06 2012 us=488323 Initialization Sequence Completed 

Jonathan K. Bullard

unread,
Jul 30, 2012, 3:00:28 PM7/30/12
to tunnelbli...@googlegroups.com
I don't understand. Is it working or not?

You don't seem to have the username/password saved in the Keychain -- wasn't that the plan?

I'll try to clarify:
Don't use the command line. Don't use AppleScript. Before anything else, use Tunnelblick to connect. First make sure that there are no processes named "openvpn" or "Tunnelblick", then launch Tunnelblick and click to connect a configuration. Tunnelblick should pop up a window asking for your username/password. That window will have a checkbox to save the password in the Keychain. Check the box, enter your username and password, and click "OK". Wait until you have a connection to your VPN. Make sure the VPN is working properly, you can surf the web, and it is setting your IP address correctly (try http://www.whatismyipaddress.com).

If there are problems, or if it doesn't ask for your password, send the Tunnelblick Log and the configuration file, as described below.

Do not try to use AppleScript until after you are able to connect successfully using Tunnelblick. Tunnelblick must be running (but does not need to be connected to the VPN) to use AppleScript. When you try to connect via AppleScript, Tunnelblick will start the connection and get your username/password from the Keychain and provide it to OpenVPN. You shouldn't have to type it in again.

=========================

If you are having a problem with Tunnelblick, please include the following with your question.
  • the entire contents of the Tunnelblick log; and
  • the contents of your configuration file
    Be sure to X out any sensitive information such as server IP addresses.

    To get the Tunnelblick log on the Clipboard so you can paste it into an email:
    1. Click the Tunnelblick icon
    2. Click "VPN Details…"
    3. Select the "Configurations" panel if it is not already selected
    4. Select the configuration whose file you want to look at in the list on the left
    5. Select the "Log" tab if it is not already selected
    6. Click "Copy Log to Clipboard"

    To put the contents of your configuration file on the Clipboard so you can paste it into an email, open it in TextEdit as follows:
    1. Click the Tunnelblick icon
    2. Click "VPN Details…"
    3. Select the "Configurations" panel if it is not already selected
    4. Select the configuration whose file you want to look at in the list on the left
    5. Click the little "gear" icon at the bottom of the list on the left
    6. Select "Edit OpenVPN Configuration File…" (or possibly "Examine OpenVPN Configuration File…").
    In TextEdit you can Edit : Select All and then Edit : Copy to get the contents of the configuration file put into the clipboard.


    --
    You received this message because you are subscribed to the Google Groups "tunnelblick-discuss" group.
    To view this discussion on the web visit https://groups.google.com/d/msg/tunnelblick-discuss/-/ZnxWnh2TUy8J.

    To post to this group, send email to tunnelbli...@googlegroups.com.
    To unsubscribe from this group, send email to tunnelblick-dis...@googlegroups.com.

    sk

    unread,
    Jul 30, 2012, 6:20:00 PM7/30/12
    to tunnelbli...@googlegroups.com
    Hi,

    No, I still can't get it to work.  Please see my answers embedded below.  Thank you for your help.


    On Monday, July 30, 2012 12:00:28 PM UTC-7, jkbull...gmail.com wrote:
    I don't understand. Is it working or not?
    No, it still prompts for my username and password silently. 


    You don't seem to have the username/password saved in the Keychain -- wasn't that the plan?
    I have.  I have just try it again:
    1) deleted the entry manually
    2) started Tunnelblick for saving the username and password
    3) disconnected
    4) made sure that there is an enty in my KeyChain and it is named "Tunnelblick-Auth-Overplay - China" (I have even tried extended the access control to all applications.
    5) in a terminal, executes "/Applications/Tunnelblick.app/Contents/Resources/openvpnstart start Overplay\ -\ China.conf 0 0 0 0 1 49 -atDASNGWrdasngw"
    Then, it displayed:
    Stephens-MacBook-Pro-2:~ stephenk$ /Applications/Tunnelblick.app/Contents/Resources/openvpnstart start Overplay\ -\ China.conf 0 0 0 0 1 49 -atDASNGWrdasngw
    Loading tun.kext

    In the log, it displayed:
    Mon Jul 30 15:14:33 2012 us=958574 MANAGEMENT: TCP Socket listening on 127.0.0.1:1337
    Enter Auth Username: 

    If I enter my username and password at the terminal, then, it will connect; otherwise, it will just wait there.


    I'll try to clarify:
    Don't use the command line. Don't use AppleScript. Before anything else, use Tunnelblick to connect. First make sure that there are no processes named "openvpn" or "Tunnelblick", then launch Tunnelblick and click to connect a configuration. Tunnelblick should pop up a window asking for your username/password. That window will have a checkbox to save the password in the Keychain. Check the box, enter your username and password, and click "OK". Wait until you have a connection to your VPN. Make sure the VPN is working properly, you can surf the web, and it is setting your IP address correctly (try http://www.whatismyipaddress.com).
    Checked.
     

    If there are problems, or if it doesn't ask for your password, send the Tunnelblick Log and the configuration file, as described below.

    Do not try to use AppleScript until after you are able to connect successfully using Tunnelblick. Tunnelblick must be running (but does not need to be connected to the VPN) to use AppleScript. When you try to connect via AppleScript, Tunnelblick will start the connection and get your username/password from the Keychain and provide it to OpenVPN. You shouldn't have to type it in again.
    Checked.
     

    =========================

    If you are having a problem with Tunnelblick, please include the following with your question.
    • the entire contents of the Tunnelblick log; and
    • the contents of your configuration file
    Be sure to X out any sensitive information such as server IP addresses.
    I did it already previously, so I don't want to repeat it for the length of the content.
     
    Sun Jul 29 19:53:01 2012 us=203109 VERIFY OK: depth=1, /C=UK/ST=LANCS/L=MANCHESTER/O=OVERPLAY.NET_LLP/OU=CA/CN=OVERPLAY_CA/emailAddress=ca@overplay.net
    Sun Jul 29 19:53:01 2012 us=203556 VERIFY OK: depth=0, /C=US/ST=IL/L=Chicago/O=OVERPLAY.NET_LLP/OU=SERVERS/CN=vpn1-us/emailAddress=ca@overplay.net

    To post to this group, send email to tunnelblick-discuss@googlegroups.com.
    To unsubscribe from this group, send email to tunnelblick-discuss+unsub...@googlegroups.com.

    Jonathan K. Bullard

    unread,
    Jul 30, 2012, 6:24:55 PM7/30/12
    to tunnelbli...@googlegroups.com
    Sorry. I think you should stick with AppleScript. Forget using opevpnstart. If you use openvpnstart Tunnelblick won't supply the password, because Tunnelblick didn't start OpenVPN.

    Use AppleScript.

    To view this discussion on the web visit https://groups.google.com/d/msg/tunnelblick-discuss/-/rv0wSOhAJpIJ.

    To post to this group, send email to tunnelbli...@googlegroups.com.
    To unsubscribe from this group, send email to tunnelblick-dis...@googlegroups.com.

    sk

    unread,
    Jul 30, 2012, 7:20:35 PM7/30/12
    to tunnelbli...@googlegroups.com
    That is heartbreaking.  If Tunnelblick passes them to openvpnstart, then others should be able to do the same, right?
    Use AppleScript.

    Hi,

    To unsubscribe from this group, send email to tunnelblick-discuss+unsubscribe...@googlegroups.com.

    For more options, visit this group at http://groups.google.com/group/tunnelblick-discuss?hl=en.

    Jonathan K. Bullard

    unread,
    Jul 30, 2012, 7:35:04 PM7/30/12
    to tunnelbli...@googlegroups.com
    On Mon, Jul 30, 2012 at 7:20 PM, sk <skw...@gmail.com> wrote:
    That is heartbreaking.  If Tunnelblick passes them to openvpnstart, then others should be able to do the same, right?

    Why is it heartbreaking to use AppleScript?


    To view this discussion on the web visit https://groups.google.com/d/msg/tunnelblick-discuss/-/hayolnvls8YJ.

    To post to this group, send email to tunnelbli...@googlegroups.com.
    To unsubscribe from this group, send email to tunnelblick-dis...@googlegroups.com.
    Reply all
    Reply to author
    Forward
    0 new messages