*Tunnelblick: OS X 10.12.3; Tunnelblick 3.6.10 (build 4760); prior version 3.6.9 (build 4685); Admin user
git commit 9f798839bcb9c9aaaa46591e672280e6bee491a4
Configuration petitpoisson-openvpn
"Sanitized" condensed configuration file for /Users/xs/Library/Application Support/Tunnelblick/Configurations/petitpoisson-openvpn.tblk:
dev tun
tls-client
pull
proto tcp-client
script-security 2
ca ca.crt
comp-lzo
reneg-sec 0
auth-user-pass
================================================================================
Non-Apple kexts that are loaded:
Index Refs Address Size Wired Name (Version) UUID <Linked Against>
131 0 0xffffff7f80a22000 0x34000 0x34000 com.paragon-software.filesystems.ntfs (318.3.14) F6A7BB1D-5A30-3EAA-9644-77F98E29F1AE <7 5 4 1>
137 0 0xffffff7f80c47000 0x7000 0x7000 com.avira.kext.FileAccessControl (1.2.5) FB07160A-508D-3739-8548-4E1197D1DF37 <5 4 3 1>
152 0 0xffffff7f84705000 0x9000 0x9000 com.asix.driver.ax88179-178a (1.8.0) 18E125DD-F66C-31C1-8C66-552F9CE8F501 <51 39 7 5 4 3 1>
================================================================================
There are no unusual files in petitpoisson-openvpn.tblk
================================================================================
Configuration preferences:
useDNS = 1
-resetPrimaryInterfaceAfterDisconnect = 1
-routeAllTrafficThroughVpn = 1
-useRouteUpInsteadOfUp = 1
-keychainHasUsernameAndPassword = 1
-openvpnVersion =
-lastConnectionSucceeded = 1
================================================================================
Wildcard preferences:
================================================================================
Program preferences:
launchAtNextLogin = 1
notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
askedUserIfOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
tunnelblickVersionHistory = (
"3.6.10 (build 4760)",
"3.6.9 (build 4685)"
)
lastLaunchTime = 507196862.722834
doNotShowNotificationWindowOnMouseover = 1
doNotShowDisconnectedNotificationWindows = 1
lastLanguageAtLaunchWasRTL = 0
connectionWindowDisplayCriteria = showWhenConnecting
maxLogDisplaySize = 102400
lastConnectedDisplayName = petitpoisson-openvpn
keyboardShortcutIndex = 0
updateCheckAutomatically = 1
updateSendProfileInfo = 1
NSWindow Frame ConnectingWindow = 765 755 389 187 0 0 1920 1177
detailsWindowFrameVersion = 4760
detailsWindowFrame = {{445, 148}, {920, 902}}
detailsWindowLeftFrame = {{0, 0}, {165, 784}}
detailsWindowViewIndex = 0
detailsWindowConfigurationsTabIdentifier = settings
leftNavSelectedDisplayName = petitpoisson-openvpn
AdvancedWindowTabIdentifier = connectingAndDisconnecting
haveDealtWithSparkle1dot5b6 = 1
haveDealtWithOldTunTapPreferences = 1
haveDealtWithOldLoginItem = 1
SUEnableAutomaticChecks = 1
SUScheduledCheckInterval = 86400
SUSendProfileInfo = 1
SULastCheckTime = 2017-01-27 08:01:02 +0000
SULastProfileSubmissionDate = 2017-01-23 10:42:42 +0000
SUHasLaunchedBefore = 1
WebKitDefaultFontSize = 16
WebKitStandardFont = Times
================================================================================
Tunnelblick Log:
*Tunnelblick: OS X 10.12.3; Tunnelblick 3.6.10 (build 4760); prior version 3.6.9 (build 4685)
2017-01-27 12:15:14 *Tunnelblick: Attempting connection with petitpoisson-openvpn using shadow copy; Set nameserver = 769; monitoring connection
2017-01-27 12:15:14 *Tunnelblick: openvpnstart start petitpoisson-openvpn.tblk 1337 769 0 1 0 1099568 -ptADGNWradsgnw 2.3.14-openssl-1.0.2j
2017-01-27 12:15:14 *Tunnelblick: openvpnstart log:
OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.14-openssl-1.0.2j/openvpn
--daemon
--log
/Library/Application Support/Tunnelblick/Logs/-SUsers-Sxs-SLibrary-SApplication Support-STunnelblick-SConfigurations-Spetitpoisson--openvpn.tblk-SContents-SResources-Sconfig.ovpn.769_0_1_0_1099568.1337.openvpn.log
--cd
/Library/Application Support/Tunnelblick/Users/xs/petitpoisson-openvpn.tblk/Contents/Resources
--verb
3
--config
/Library/Application Support/Tunnelblick/Users/xs/petitpoisson-openvpn.tblk/Contents/Resources/config.ovpn
--verb
3
--cd
/Library/Application Support/Tunnelblick/Users/xs/petitpoisson-openvpn.tblk/Contents/Resources
--management
127.0.0.1
1337
--management-query-passwords
--management-hold
--redirect-gateway
def1
--script-security
2
--route-up
--down
**********************************************
2017-01-27 12:15:14 *Tunnelblick: Established communication with OpenVPN
2017-01-27 12:15:14 *Tunnelblick: Obtained VPN username and password from the Keychain
2017-01-27 12:15:14 OpenVPN 2.3.14 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Jan 14 2017
2017-01-27 12:15:14 library versions: OpenSSL 1.0.2j 26 Sep 2016, LZO 2.09
2017-01-27 12:15:14 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337 2017-01-27 12:15:14 Need hold release from management interface, waiting...
2017-01-27 12:15:14 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337 2017-01-27 12:15:14 MANAGEMENT: CMD 'pid'
2017-01-27 12:15:14 MANAGEMENT: CMD 'state on'
2017-01-27 12:15:14 MANAGEMENT: CMD 'state'
2017-01-27 12:15:14 MANAGEMENT: CMD 'bytecount 1'
2017-01-27 12:15:14 MANAGEMENT: CMD 'hold release'
2017-01-27 12:15:14 MANAGEMENT: CMD 'username "Auth" "poissonvpn"'
2017-01-27 12:15:14 MANAGEMENT: CMD 'password [...]'
2017-01-27 12:15:14 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2017-01-27 12:15:14 Socket Buffers: R=[131072->131072] S=[131072->131072]
2017-01-27 12:15:14 MANAGEMENT: >STATE:1485515714,RESOLVE,,,
2017-01-27 12:15:14 Attempting to establish TCP connection with [AF_INET]62.197.112.214:8080 [nonblock] 2017-01-27 12:15:14 MANAGEMENT: >STATE:1485515714,TCP_CONNECT,,,
2017-01-27 12:15:14 *Tunnelblick: openvpnstart starting OpenVPN
2017-01-27 12:15:15 TCPv4_CLIENT link local: [undef]
2017-01-27 12:15:15 MANAGEMENT: >STATE:1485515715,WAIT,,,
2017-01-27 12:15:15 MANAGEMENT: >STATE:1485515715,AUTH,,,
2017-01-27 12:15:15 TLS: Initial packet from [AF_INET]62.197.112.214:8080, sid=3124b984 cfc86619 2017-01-27 12:15:15 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2017-01-27 12:15:15 VERIFY OK: depth=1, C=TW, ST=Taiwan, L=Taipei, O=Synology Inc., OU=Certificate Authority, CN=Synology Inc. CA, emailAddress=pro...@synology.com 2017-01-27 12:15:16 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
2017-01-27 12:15:16 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
2017-01-27 12:15:16 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2017-01-27 12:15:16 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
2017-01-27 12:15:16 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
2017-01-27 12:15:16 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2017-01-27 12:15:16 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
2017-01-27 12:15:17 MANAGEMENT: >STATE:1485515717,GET_CONFIG,,,
2017-01-27 12:15:18 SENT CONTROL [synology.com]: 'PUSH_REQUEST' (status=1) 2017-01-27 12:15:18 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route 10.8.0.0 255.255.255.0,route 10.8.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.8.0.6 10.8.0.5'
2017-01-27 12:15:18 OPTIONS IMPORT: timers and/or timeouts modified
2017-01-27 12:15:18 OPTIONS IMPORT: --ifconfig/up options modified
2017-01-27 12:15:18 OPTIONS IMPORT: route options modified
2017-01-27 12:15:18 Opening utun (connect(AF_SYS_CONTROL)): Resource busy
2017-01-27 12:15:18 Opened utun device utun1
2017-01-27 12:15:18 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
2017-01-27 12:15:18 MANAGEMENT: >STATE:1485515718,ASSIGN_IP,,10.8.0.6,
2017-01-27 12:15:18 /sbin/ifconfig utun1 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2017-01-27 12:15:18 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2017-01-27 12:15:18 /sbin/ifconfig utun1 10.8.0.6 10.8.0.5 mtu 1500 netmask 255.255.255.255 up
2017-01-27 12:15:18 /sbin/route add -net 62.197.112.214 10.59.16.254 255.255.255.255
2017-01-27 12:15:18 /sbin/route add -net 0.0.0.0 10.8.0.5 128.0.0.0
2017-01-27 12:15:18 /sbin/route add -net 128.0.0.0 10.8.0.5 128.0.0.0
2017-01-27 12:15:18 MANAGEMENT: >STATE:1485515718,ADD_ROUTES,,,
2017-01-27 12:15:18 /sbin/route add -net 192.168.1.0 10.8.0.5 255.255.255.0
2017-01-27 12:15:18 /sbin/route add -net 10.8.0.0 10.8.0.5 255.255.255.0
2017-01-27 12:15:18 /sbin/route add -net 10.8.0.1 10.8.0.5 255.255.255.255
**********************************************
NOTE: No network configuration changes need to be made.
WARNING: Will NOT monitor for other network configuration changes.
WARNING: Will NOT disable IPv6 settings.
DNS servers '10.59.26.111 10.7.0.100 10.59.17.200' will be used for DNS queries when the VPN is active
NOTE: The DNS servers do not include any free public DNS servers known to Tunnelblick. This may cause DNS queries to fail or be intercepted or falsified even if they are directed through the VPN. Specify only known public DNS servers or DNS servers located on the VPN network to avoid such problems.
Flushed the DNS cache via dscacheutil
/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
Notified mDNSResponder that the DNS cache was flushed
**********************************************
2017-01-27 12:15:20 Initialization Sequence Completed
2017-01-27 12:15:20 MANAGEMENT: >STATE:1485515720,CONNECTED,SUCCESS,10.8.0.6,62.197.112.214
2017-01-27 12:15:21 *Tunnelblick: No 'connected.sh' script to execute
2017-01-27 12:16:01 *Tunnelblick: After 30.0 seconds, gave up trying to fetch IP address information using the ipInfo host's name after connecting.
2017-01-27 12:16:02 *Tunnelblick: fetched IP address information using the ipInfo host's IP address after connecting.
2017-01-27 12:16:58 *Tunnelblick: Disconnecting; VPN Details… window disconnect button pressed
2017-01-27 12:16:58 *Tunnelblick: No 'pre-disconnect.sh' script to execute
2017-01-27 12:16:58 *Tunnelblick: Disconnecting using 'kill'
2017-01-27 12:16:58 event_wait : Interrupted system call (code=4)
2017-01-27 12:16:58 /sbin/route delete -net 10.8.0.1 10.8.0.5 255.255.255.255
2017-01-27 12:16:58 /sbin/route delete -net 10.8.0.0 10.8.0.5 255.255.255.0
2017-01-27 12:16:58 /sbin/route delete -net 192.168.1.0 10.8.0.5 255.255.255.0
2017-01-27 12:16:58 /sbin/route delete -net 62.197.112.214 10.59.16.254 255.255.255.255
2017-01-27 12:16:58 /sbin/route delete -net 0.0.0.0 10.8.0.5 128.0.0.0
delete net 0.0.0.0: gateway 10.8.0.5 2017-01-27 12:16:58 /sbin/route delete -net 128.0.0.0 10.8.0.5 128.0.0.0
2017-01-27 12:16:58 Closing TUN/TAP interface
2017-01-27 12:16:58 /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -r -w -ptADGNWradsgnw utun1 1500 1544 10.8.0.6 10.8.0.5 init **********************************************
WARNING: Not restoring DNS settings because no saved Tunnelblick DNS information was found.
Flushed the DNS cache via dscacheutil
/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
Notified mDNSResponder that the DNS cache was flushed
Resetting primary interface 'en8' via ifconfig en8 down/up...
2017-01-27 12:17:02 SIGTERM[hard,] received, process exiting
2017-01-27 12:17:02 MANAGEMENT: >STATE:1485515822,EXITING,SIGTERM,,
2017-01-27 12:17:03 *Tunnelblick: No 'post-disconnect.sh' script to execute
2017-01-27 12:17:03 *Tunnelblick: Expected disconnection occurred.
================================================================================
"Sanitized" full configuration file
dev tun
tls-client
# The "float" tells OpenVPN to accept authenticated packets from any address,
# not only the address which was specified in the --remote option.
# This is useful when you are connecting to a peer which holds a dynamic address
# such as a dial-in user or DHCP client.
# (Please refer to the manual of OpenVPN for more information.)
#float
# If redirect-gateway is enabled, the client will redirect it's
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)
#redirect-gateway def1
# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.
#dhcp-option DNS DNS_IP_ADDRESS
pull
# If you want to connect by Server's IPv6 address, you should use
# "proto udp6" in UDP mode or "proto tcp6-client" in TCP mode
proto tcp-client
script-security 2
ca ca.crt
comp-lzo
reneg-sec 0
auth-user-pass
================================================================================
ifconfig output:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8823<UP,BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500
ether 78:4f:43:5c:b9:7c
nd6 options=201<PERFORMNUD,DAD>
media: autoselect (<unknown type>)
status: inactive
en1: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
options=60<TSO4,TSO6>
ether 62:00:e5:39:f6:00
media: autoselect <full-duplex>
status: inactive
en2: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
options=60<TSO4,TSO6>
ether 62:00:e5:39:f6:04
media: autoselect <full-duplex>
status: inactive
en3: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
options=60<TSO4,TSO6>
ether 62:00:e5:39:f6:01
media: autoselect <full-duplex>
status: inactive
en4: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
options=60<TSO4,TSO6>
ether 62:00:e5:39:f6:05
media: autoselect <full-duplex>
status: inactive
p2p0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 2304
ether 0a:4f:43:5c:b9:7c
media: autoselect
status: inactive
awdl0: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> mtu 1484
ether 4e:7b:a5:4b:16:38
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: inactive
bridge0: flags=8822<BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500
options=63<RXCSUM,TXCSUM,TSO4,TSO6>
ether 62:00:e5:39:f6:00
Configuration:
id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
ipfilter disabled flags 0x2
member: en1 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 5 priority 0 path cost 0
member: en2 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 6 priority 0 path cost 0
member: en3 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 7 priority 0 path cost 0
member: en4 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 8 priority 0 path cost 0
media: <unknown type>
status: inactive
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
inet6 fe80::bb2d:7568:bbbb:6c84%utun0 prefixlen 64 scopeid 0xd
nd6 options=201<PERFORMNUD,DAD>
en7: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether ac:de:48:00:11:22
inet6 fe80::aede:48ff:fe00:1122%en7 prefixlen 64 scopeid 0xc
nd6 options=281<PERFORMNUD,INSECURE,DAD>
media: autoselect
status: active
en8: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=b<RXCSUM,TXCSUM,VLAN_HWTAGGING>
ether 00:0e:c6:c7:d0:b7
nd6 options=201<PERFORMNUD,DAD>
media: autoselect (<unknown type>)
status: inactive
================================================================================
Console Log:
2017-01-27 09:01:00 Tunnelblick[593] Tunnelblick: OS X 10.12.3; Tunnelblick 3.6.10 (build 4760)
2017-01-27 09:01:01 Tunnelblick[593] Warning: preferences contain unknown preference 'NSWindow Frame SUUpdateAlert'
2017-01-27 09:01:01 Tunnelblick[593] Warning: preferences contain unknown preference 'NSStatusItem Preferred Position Item-0'
2017-01-27 12:15:14 Tunnelblick[593] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-petitpoisson-openvpn' account = 'username'
2017-01-27 12:15:14 Tunnelblick[593] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-petitpoisson-openvpn' account = 'password'
2017-01-27 12:16:01 Tunnelblick[593] currentIPInfo(Name): IP address info could not be fetched within 35.6 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1001 "La requête a expiré." UserInfo={NSUnderlyingError=0x618000258d50 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "La requête a expiré." UserInfo={NSErrorFailingURLStringKey=https://www.tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://www.tunnelblick.net/ipinfo, _kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4, NSLocalizedDescription=La requête a expiré.}}, NSErrorFailingURLStringKey=https://www.tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://www.tunnelblick.net/ipinfo, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-2102, NSLocalizedDescription=La requête a expiré.}'; the response was '(null)'