OSX 10.10.3: No PUSH statements = get no IP address / IOS8 and Linux works
43 views
Skip to first unread message
Denny Fuchs
Jun 1, 2015, 2:22:20 PM6/1/15
to tunnelbli...@googlegroups.com
hi,
I have the strange problem, that I don't get any PUSH statements on any OSX 10.10.3 clients. Connecting with any IOS8 device (official OpenVPN client) or Linux (Linux Mint / Ubuntu ..) works like a charm.
Server (Debian Wheey) config:
===========
tls-server
dev tun0
pkcs12 /etc/openvpn/keys/OpenVPN_Server_Nos.p12
dh /etc/openvpn/keys/dh4096.pem
server 192.168.254.0 255.255.255.0
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log
comp-lzo
port 1194
proto udp
keepalive 10 120
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DOMAIN foo.local"
verb 3
duplicate-cn
ifconfig-pool-persist ipp.txt
===========
client
=====================
tls-client
dev tun
proto udp
remote vpn.server.example.com 1194 #1.2.3.4
nobind
ca ca.pem
cert denny.pem
key keys.pem
comp-lzo
verb 4
resolv-retry infinite
persist-key
persist-tun
redirect-gateway def1
=======================
Tunnelblick connection log:
======================
2015-06-01 19:55:14 *Tunnelblick: openvpnstart starting OpenVPN
2015-06-01 19:55:13 *Tunnelblick: OS X 10.10.3; Tunnelblick 3.5.0 (build 4265)
2015-06-01 19:55:14 *Tunnelblick: Attempting connection with Nos using shadow copy; Set nameserver = 1; monitoring connection
2015-06-01 19:55:14 *Tunnelblick: openvpnstart start Nos.tblk 1338 1 0 1 0 49968 -ptADGNWradsgnw 2.3.6
2015-06-01 19:55:15 *Tunnelblick: openvpnstart log:
OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.6/openvpn
--daemon
--log
/Library/Application Support/Tunnelblick/Logs/-SUsers-Sdenny-SLibrary-SApplication Support-STunnelblick-SConfigurations-SNos.tblk-SContents-SResources-Sconfig.ovpn.1_0_1_0_49968.1338.openvpn.log
--cd
/Library/Application Support/Tunnelblick/Users/denny/Nos.tblk/Contents/Resources
--config
/Library/Application Support/Tunnelblick/Users/denny/Nos.tblk/Contents/Resources/config.ovpn
--cd
/Library/Application Support/Tunnelblick/Users/denny/Nos.tblk/Contents/Resources
--management
127.0.0.1
1338
--management-query-passwords
--management-hold
--redirect-gateway
def1
--script-security
2
--route-up
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -d -f -m -w -ptADGNWradsgnw
--down
/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -d -f -m -w -ptADGNWradsgnw
2015-06-01 19:55:14 us=849056 Current Parameter Settings:
2015-06-01 19:55:14 us=849331 config = '/Library/Application Support/Tunnelblick/Users/denny/Nos.tblk/Contents/Resources/config.ovpn'
2015-06-01 19:55:14 us=849345 mode = 0
2015-06-01 19:55:14 us=849356 show_ciphers = DISABLED
2015-06-01 19:55:14 us=849368 show_digests = DISABLED
2015-06-01 19:55:14 us=849379 show_engines = DISABLED
2015-06-01 19:55:14 us=849390 genkey = DISABLED
2015-06-01 19:55:14 us=849401 key_pass_file = '[UNDEF]'
2015-06-01 19:55:14 us=849412 show_tls_ciphers = DISABLED
2015-06-01 19:55:14 us=849423 Connection profiles [default]:
2015-06-01 19:55:14 us=849435 proto = udp
2015-06-01 19:55:14 us=849446 local = '[UNDEF]'
2015-06-01 19:55:14 us=849457 local_port = 0
2015-06-01 19:55:14 us=849470 remote = vpn.server.example.com'
2015-06-01 19:55:14 us=849481 remote_port = 1194
2015-06-01 19:55:14 us=849492 remote_float = DISABLED
2015-06-01 19:55:14 us=849503 bind_defined = DISABLED
2015-06-01 19:55:14 us=849514 bind_local = DISABLED
2015-06-01 19:55:14 us=849526 connect_retry_seconds = 5
2015-06-01 19:55:14 us=849538 connect_timeout = 10
2015-06-01 19:55:14 us=849549 connect_retry_max = 0
2015-06-01 19:55:14 us=849560 socks_proxy_server = '[UNDEF]'
2015-06-01 19:55:14 us=849571 socks_proxy_port = 0
2015-06-01 19:55:14 us=849583 socks_proxy_retry = DISABLED
2015-06-01 19:55:14 us=849594 tun_mtu = 1500
2015-06-01 19:55:14 us=849605 tun_mtu_defined = ENABLED
2015-06-01 19:55:14 us=849616 link_mtu = 1500
2015-06-01 19:55:14 us=849627 link_mtu_defined = DISABLED
2015-06-01 19:55:14 us=849638 tun_mtu_extra = 0
2015-06-01 19:55:14 us=849649 tun_mtu_extra_defined = DISABLED
2015-06-01 19:55:14 us=849660 mtu_discover_type = -1
2015-06-01 19:55:14 us=849671 fragment = 0
2015-06-01 19:55:14 us=849682 mssfix = 1450
2015-06-01 19:55:14 us=849693 explicit_exit_notification = 0
2015-06-01 19:55:14 us=849704 Connection profiles END
2015-06-01 19:55:14 us=849715 remote_random = DISABLED
2015-06-01 19:55:14 us=849726 ipchange = '[UNDEF]'
2015-06-01 19:55:14 us=849737 dev = 'tun'
2015-06-01 19:55:14 us=849748 dev_type = '[UNDEF]'
2015-06-01 19:55:14 us=849759 dev_node = '[UNDEF]'
2015-06-01 19:55:14 us=849770 lladdr = '[UNDEF]'
2015-06-01 19:55:14 us=849781 topology = 1
2015-06-01 19:55:14 us=849792 tun_ipv6 = DISABLED
2015-06-01 19:55:14 us=849803 ifconfig_local = '[UNDEF]'
2015-06-01 19:55:14 us=849814 ifconfig_remote_netmask = '[UNDEF]'
2015-06-01 19:55:14 us=849827 ifconfig_noexec = DISABLED
2015-06-01 19:55:14 us=849838 ifconfig_nowarn = DISABLED
2015-06-01 19:55:14 us=849849 ifconfig_ipv6_local = '[UNDEF]'
2015-06-01 19:55:14 us=849860 ifconfig_ipv6_netbits = 0
2015-06-01 19:55:14 us=849871 ifconfig_ipv6_remote = '[UNDEF]'
2015-06-01 19:55:14 us=849882 shaper = 0
2015-06-01 19:55:14 us=849893 mtu_test = 0
2015-06-01 19:55:14 us=849904 mlock = DISABLED
2015-06-01 19:55:14 us=849915 keepalive_ping = 0
2015-06-01 19:55:14 us=849926 keepalive_timeout = 0
2015-06-01 19:55:14 us=849938 inactivity_timeout = 0
2015-06-01 19:55:14 us=849949 ping_send_timeout = 0
2015-06-01 19:55:14 us=849966 ping_rec_timeout = 0
2015-06-01 19:55:14 us=849978 ping_rec_timeout_action = 0
2015-06-01 19:55:14 us=849989 ping_timer_remote = DISABLED
2015-06-01 19:55:14 us=850000 remap_sigusr1 = 0
2015-06-01 19:55:14 us=850011 persist_tun = ENABLED
2015-06-01 19:55:14 us=850022 persist_local_ip = DISABLED
2015-06-01 19:55:14 us=850033 persist_remote_ip = DISABLED
2015-06-01 19:55:14 us=850044 persist_key = ENABLED
2015-06-01 19:55:14 us=850055 passtos = DISABLED
2015-06-01 19:55:14 us=850070 resolve_retry_seconds = 1000000000
2015-06-01 19:55:14 us=850093 username = '[UNDEF]'
2015-06-01 19:55:14 us=850105 groupname = '[UNDEF]'
2015-06-01 19:55:14 us=850116 chroot_dir = '[UNDEF]'
2015-06-01 19:55:14 us=850127 cd_dir = '/Library/Application Support/Tunnelblick/Users/denny/Nos.tblk/Contents/Resources'
2015-06-01 19:55:14 us=850138 writepid = '[UNDEF]'
2015-06-01 19:55:14 us=850152 up_script = '[UNDEF]'
2015-06-01 19:55:14 us=850164 down_script = '/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -d -f -m -w -ptADGNWradsgnw'
2015-06-01 19:55:14 us=850175 down_pre = DISABLED
2015-06-01 19:55:14 us=850186 up_restart = DISABLED
2015-06-01 19:55:14 us=850197 up_delay = DISABLED
2015-06-01 19:55:14 us=850208 daemon = ENABLED
2015-06-01 19:55:14 us=850219 inetd = 0
2015-06-01 19:55:14 us=850230 log = ENABLED
2015-06-01 19:55:14 us=850242 suppress_timestamps = DISABLED
2015-06-01 19:55:14 us=850253 nice = 0
2015-06-01 19:55:14 us=850264 verbosity = 4
2015-06-01 19:55:14 us=850275 mute = 0
2015-06-01 19:55:14 us=850286 status_file = '[UNDEF]'
2015-06-01 19:55:14 us=850297 status_file_version = 1
2015-06-01 19:55:14 us=850309 status_file_update_freq = 60
2015-06-01 19:55:14 us=850320 occ = ENABLED
2015-06-01 19:55:14 us=850331 rcvbuf = 65536
2015-06-01 19:55:14 us=850342 sndbuf = 65536
2015-06-01 19:55:14 us=850353 sockflags = 0
2015-06-01 19:55:14 us=850364 fast_io = DISABLED
2015-06-01 19:55:14 us=850375 lzo = 7
2015-06-01 19:55:14 us=850386 route_script = '/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -d -f -m -w -ptADGNWradsgnw'
2015-06-01 19:55:14 us=850398 route_default_gateway = '[UNDEF]'
2015-06-01 19:55:14 us=850409 route_default_metric = 0
2015-06-01 19:55:14 us=850420 route_noexec = DISABLED
2015-06-01 19:55:14 us=850431 route_delay = 0
2015-06-01 19:55:14 us=850442 route_delay_window = 30
2015-06-01 19:55:14 us=850453 route_delay_defined = DISABLED
2015-06-01 19:55:14 us=850465 route_nopull = DISABLED
2015-06-01 19:55:14 us=850476 route_gateway_via_dhcp = DISABLED
2015-06-01 19:55:14 us=850488 max_routes = 100
2015-06-01 19:55:14 us=850499 allow_pull_fqdn = DISABLED
2015-06-01 19:55:14 us=850511 [redirect_default_gateway local=0]
2015-06-01 19:55:14 us=850523 management_addr = '127.0.0.1'
2015-06-01 19:55:14 us=850535 management_port = 1338
2015-06-01 19:55:14 us=850546 management_user_pass = '[UNDEF]'
2015-06-01 19:55:14 us=850558 management_log_history_cache = 250
2015-06-01 19:55:14 us=850570 management_echo_buffer_size = 100
2015-06-01 19:55:14 us=850582 management_write_peer_info_file = '[UNDEF]'
2015-06-01 19:55:14 us=850594 management_client_user = '[UNDEF]'
2015-06-01 19:55:14 us=850605 management_client_group = '[UNDEF]'
2015-06-01 19:55:14 us=850617 management_flags = 6
2015-06-01 19:55:14 us=850629 shared_secret_file = '[UNDEF]'
2015-06-01 19:55:14 us=850641 key_direction = 0
2015-06-01 19:55:14 us=850652 ciphername_defined = ENABLED
2015-06-01 19:55:14 us=850664 ciphername = 'BF-CBC'
2015-06-01 19:55:14 us=850675 authname_defined = ENABLED
2015-06-01 19:55:14 us=850687 authname = 'SHA1'
2015-06-01 19:55:14 us=850698 prng_hash = 'SHA1'
2015-06-01 19:55:14 us=850710 prng_nonce_secret_len = 16
2015-06-01 19:55:14 us=850722 keysize = 0
2015-06-01 19:55:14 us=850733 engine = DISABLED
2015-06-01 19:55:14 us=850744 replay = ENABLED
2015-06-01 19:55:14 us=850756 mute_replay_warnings = DISABLED
2015-06-01 19:55:14 us=850767 replay_window = 64
2015-06-01 19:55:14 us=850779 replay_time = 15
2015-06-01 19:55:14 us=850794 packet_id_file = '[UNDEF]'
2015-06-01 19:55:14 us=850806 use_iv = ENABLED
2015-06-01 19:55:14 us=850817 test_crypto = DISABLED
2015-06-01 19:55:14 us=850828 tls_server = DISABLED
2015-06-01 19:55:14 us=850852 tls_client = ENABLED
2015-06-01 19:55:14 us=850864 key_method = 2
2015-06-01 19:55:14 us=850876 ca_file = 'ca.pem'
2015-06-01 19:55:14 us=850888 ca_path = '[UNDEF]'
2015-06-01 19:55:14 us=850899 dh_file = '[UNDEF]'
2015-06-01 19:55:14 us=850911 cert_file = 'denny.pem'
2015-06-01 19:55:14 us=850923 priv_key_file = 'keys.pem'
2015-06-01 19:55:14 us=850934 pkcs12_file = '[UNDEF]'
2015-06-01 19:55:14 us=850946 cipher_list = '[UNDEF]'
2015-06-01 19:55:14 us=850957 tls_verify = '[UNDEF]'
2015-06-01 19:55:14 us=850969 tls_export_cert = '[UNDEF]'
2015-06-01 19:55:14 us=850980 verify_x509_type = 0
2015-06-01 19:55:14 us=850992 verify_x509_name = '[UNDEF]'
2015-06-01 19:55:14 us=851004 crl_file = '[UNDEF]'
2015-06-01 19:55:14 us=851015 ns_cert_type = 0
2015-06-01 19:55:14 us=851027 remote_cert_ku[i] = 0
2015-06-01 19:55:14 us=851038 remote_cert_ku[i] = 0
2015-06-01 19:55:14 us=851050 remote_cert_ku[i] = 0
2015-06-01 19:55:14 us=851061 remote_cert_ku[i] = 0
2015-06-01 19:55:14 us=851073 remote_cert_ku[i] = 0
2015-06-01 19:55:14 us=851084 remote_cert_ku[i] = 0
2015-06-01 19:55:14 us=851096 remote_cert_ku[i] = 0
2015-06-01 19:55:14 us=851107 remote_cert_ku[i] = 0
2015-06-01 19:55:14 us=851118 remote_cert_ku[i] = 0
2015-06-01 19:55:14 us=851130 remote_cert_ku[i] = 0
2015-06-01 19:55:14 us=851141 remote_cert_ku[i] = 0
2015-06-01 19:55:14 us=851152 remote_cert_ku[i] = 0
2015-06-01 19:55:14 us=851164 remote_cert_ku[i] = 0
2015-06-01 19:55:14 us=851175 remote_cert_ku[i] = 0
2015-06-01 19:55:14 us=851186 remote_cert_ku[i] = 0
2015-06-01 19:55:14 us=851198 remote_cert_ku[i] = 0
2015-06-01 19:55:14 us=851209 remote_cert_eku = '[UNDEF]'
2015-06-01 19:55:14 us=851221 ssl_flags = 0
2015-06-01 19:55:14 us=851232 tls_timeout = 2
2015-06-01 19:55:14 us=851244 renegotiate_bytes = 0
2015-06-01 19:55:14 us=851255 renegotiate_packets = 0
2015-06-01 19:55:14 us=851267 renegotiate_seconds = 3600
2015-06-01 19:55:14 us=851278 handshake_window = 60
2015-06-01 19:55:14 us=851446 transition_window = 3600
2015-06-01 19:55:14 us=851462 single_session = DISABLED
2015-06-01 19:55:14 us=851474 push_peer_info = DISABLED
2015-06-01 19:55:14 us=851486 tls_exit = DISABLED
2015-06-01 19:55:14 us=851497 tls_auth_file = '[UNDEF]'
2015-06-01 19:55:14 us=851509 pkcs11_protected_authentication = DISABLED
2015-06-01 19:55:14 us=851521 pkcs11_protected_authentication = DISABLED
2015-06-01 19:55:14 us=851532 pkcs11_protected_authentication = DISABLED
2015-06-01 19:55:14 us=851544 pkcs11_protected_authentication = DISABLED
2015-06-01 19:55:14 us=851556 pkcs11_protected_authentication = DISABLED
2015-06-01 19:55:14 us=851567 pkcs11_protected_authentication = DISABLED
2015-06-01 19:55:14 us=851579 pkcs11_protected_authentication = DISABLED
2015-06-01 19:55:14 us=851591 pkcs11_protected_authentication = DISABLED
2015-06-01 19:55:14 us=851602 pkcs11_protected_authentication = DISABLED
2015-06-01 19:55:14 us=851614 pkcs11_protected_authentication = DISABLED
2015-06-01 19:55:14 us=851626 pkcs11_protected_authentication = DISABLED
2015-06-01 19:55:14 us=851637 pkcs11_protected_authentication = DISABLED
2015-06-01 19:55:14 us=851649 pkcs11_protected_authentication = DISABLED
2015-06-01 19:55:14 us=851660 pkcs11_protected_authentication = DISABLED
2015-06-01 19:55:14 us=851672 pkcs11_protected_authentication = DISABLED
2015-06-01 19:55:14 us=851684 pkcs11_protected_authentication = DISABLED
2015-06-01 19:55:14 us=851696 pkcs11_private_mode = 00000000
2015-06-01 19:55:14 us=851707 pkcs11_private_mode = 00000000
2015-06-01 19:55:14 us=851719 pkcs11_private_mode = 00000000
2015-06-01 19:55:14 us=851731 pkcs11_private_mode = 00000000
2015-06-01 19:55:14 us=851756 pkcs11_private_mode = 00000000
2015-06-01 19:55:14 us=851769 pkcs11_private_mode = 00000000
2015-06-01 19:55:14 us=851780 pkcs11_private_mode = 00000000
2015-06-01 19:55:14 us=851792 pkcs11_private_mode = 00000000
2015-06-01 19:55:14 us=851804 pkcs11_private_mode = 00000000
2015-06-01 19:55:14 us=851816 pkcs11_private_mode = 00000000
2015-06-01 19:55:14 us=851827 pkcs11_private_mode = 00000000
2015-06-01 19:55:14 us=851839 pkcs11_private_mode = 00000000
2015-06-01 19:55:14 us=851850 pkcs11_private_mode = 00000000
2015-06-01 19:55:14 us=851862 pkcs11_private_mode = 00000000
2015-06-01 19:55:14 us=851874 pkcs11_private_mode = 00000000
2015-06-01 19:55:14 us=851885 pkcs11_private_mode = 00000000
2015-06-01 19:55:14 us=851897 pkcs11_cert_private = DISABLED
2015-06-01 19:55:14 us=851908 pkcs11_cert_private = DISABLED
2015-06-01 19:55:14 us=851920 pkcs11_cert_private = DISABLED
2015-06-01 19:55:14 us=851931 pkcs11_cert_private = DISABLED
2015-06-01 19:55:14 us=851943 pkcs11_cert_private = DISABLED
2015-06-01 19:55:14 us=851955 pkcs11_cert_private = DISABLED
2015-06-01 19:55:14 us=851966 pkcs11_cert_private = DISABLED
2015-06-01 19:55:14 us=851978 pkcs11_cert_private = DISABLED
2015-06-01 19:55:14 us=851989 pkcs11_cert_private = DISABLED
2015-06-01 19:55:14 us=852001 pkcs11_cert_private = DISABLED
2015-06-01 19:55:14 us=852055 pkcs11_cert_private = DISABLED
2015-06-01 19:55:14 us=852068 pkcs11_cert_private = DISABLED
2015-06-01 19:55:14 us=852080 pkcs11_cert_private = DISABLED
2015-06-01 19:55:14 us=852091 pkcs11_cert_private = DISABLED
2015-06-01 19:55:14 us=852103 pkcs11_cert_private = DISABLED
2015-06-01 19:55:14 us=852116 pkcs11_cert_private = DISABLED
2015-06-01 19:55:14 us=852128 pkcs11_pin_cache_period = -1
2015-06-01 19:55:14 us=852140 pkcs11_id = '[UNDEF]'
2015-06-01 19:55:14 us=852151 pkcs11_id_management = DISABLED
2015-06-01 19:55:14 us=852176 server_network = 0.0.0.0
2015-06-01 19:55:14 us=852191 server_netmask = 0.0.0.0
2015-06-01 19:55:14 us=852209 server_network_ipv6 = ::
2015-06-01 19:55:14 us=852221 server_netbits_ipv6 = 0
2015-06-01 19:55:14 us=852234 server_bridge_ip = 0.0.0.0
2015-06-01 19:55:14 us=852247 server_bridge_netmask = 0.0.0.0
2015-06-01 19:55:14 us=852260 server_bridge_pool_start = 0.0.0.0
2015-06-01 19:55:14 us=852273 server_bridge_pool_end = 0.0.0.0
2015-06-01 19:55:14 us=852284 ifconfig_pool_defined = DISABLED
2015-06-01 19:55:14 us=852303 ifconfig_pool_start = 0.0.0.0
2015-06-01 19:55:14 us=852316 ifconfig_pool_end = 0.0.0.0
2015-06-01 19:55:14 us=852329 ifconfig_pool_netmask = 0.0.0.0
2015-06-01 19:55:14 us=852342 ifconfig_pool_persist_filename = '[UNDEF]'
2015-06-01 19:55:14 us=852354 ifconfig_pool_persist_refresh_freq = 600
2015-06-01 19:55:14 us=852366 ifconfig_ipv6_pool_defined = DISABLED
2015-06-01 19:55:14 us=852378 ifconfig_ipv6_pool_base = ::
2015-06-01 19:55:14 us=852390 ifconfig_ipv6_pool_netbits = 0
2015-06-01 19:55:14 us=852402 n_bcast_buf = 256
2015-06-01 19:55:14 us=852413 tcp_queue_limit = 64
2015-06-01 19:55:14 us=852425 real_hash_size = 256
2015-06-01 19:55:14 us=852436 virtual_hash_size = 256
2015-06-01 19:55:14 us=852448 client_connect_script = '[UNDEF]'
2015-06-01 19:55:14 us=852459 learn_address_script = '[UNDEF]'
2015-06-01 19:55:14 us=852471 client_disconnect_script = '[UNDEF]'
2015-06-01 19:55:14 us=852482 client_config_dir = '[UNDEF]'
2015-06-01 19:55:14 us=852494 ccd_exclusive = DISABLED
2015-06-01 19:55:14 us=852505 tmp_dir = '/var/folders/mc/qj34b7dd4sd2jfy_k9_8kxqc000102/T/'
2015-06-01 19:55:14 us=852517 push_ifconfig_defined = DISABLED
2015-06-01 19:55:14 us=852530 push_ifconfig_local = 0.0.0.0
2015-06-01 19:55:14 us=852555 push_ifconfig_remote_netmask = 0.0.0.0
2015-06-01 19:55:14 us=852567 push_ifconfig_ipv6_defined = DISABLED
2015-06-01 19:55:14 us=852580 push_ifconfig_ipv6_local = ::/0
2015-06-01 19:55:14 us=852592 push_ifconfig_ipv6_remote = ::
2015-06-01 19:55:14 us=852605 enable_c2c = DISABLED
2015-06-01 19:55:14 us=852616 duplicate_cn = DISABLED
2015-06-01 19:55:14 us=852628 cf_max = 0
2015-06-01 19:55:14 us=852640 cf_per = 0
2015-06-01 19:55:14 us=852651 max_clients = 1024
2015-06-01 19:55:14 us=852663 max_routes_per_client = 256
2015-06-01 19:55:14 us=852674 auth_user_pass_verify_script = '[UNDEF]'
2015-06-01 19:55:14 us=852687 auth_user_pass_verify_script_via_file = DISABLED
2015-06-01 19:55:14 us=852699 port_share_host = '[UNDEF]'
2015-06-01 19:55:14 us=852711 port_share_port = 0
2015-06-01 19:55:14 us=852722 client = DISABLED
2015-06-01 19:55:14 us=852734 pull = DISABLED
2015-06-01 19:55:14 us=852745 auth_user_pass_file = '[UNDEF]'
2015-06-01 19:55:14 us=852765 OpenVPN 2.3.6 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Apr 3 2015
2015-06-01 19:55:14 us=852787 library versions: OpenSSL 1.0.1m 19 Mar 2015, LZO 2.08
2015-06-01 19:55:14 us=855747 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1338
2015-06-01 19:55:14 us=863775 Need hold release from management interface, waiting...
2015-06-01 19:55:15 *Tunnelblick: Established communication with OpenVPN
2015-06-01 19:55:15 us=840882 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1338
2015-06-01 19:55:15 us=897772 MANAGEMENT: CMD 'pid'
2015-06-01 19:55:15 us=898080 MANAGEMENT: CMD 'state on'
2015-06-01 19:55:15 us=898216 MANAGEMENT: CMD 'state'
2015-06-01 19:55:15 us=898433 MANAGEMENT: CMD 'bytecount 1'
2015-06-01 19:55:15 us=898556 MANAGEMENT: CMD 'hold release'
2015-06-01 19:55:15 us=898903 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2015-06-01 19:55:15 us=898981 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2015-06-01 19:55:15 us=900137 LZO compression initialized
2015-06-01 19:55:15 us=900330 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
2015-06-01 19:55:15 us=900483 Socket Buffers: R=[196724->65536] S=[9216->65536]
2015-06-01 19:55:15 us=900727 MANAGEMENT: >STATE:1433181315,RESOLVE,,,
2015-06-01 19:55:15 us=902098 Opened utun device utun0
2015-06-01 19:55:15 us=902341 NOTE: unable to redirect default gateway -- VPN gateway parameter (--route-gateway or --ifconfig) is missing
**********************************************
Start of output from client.up.tunnelblick.sh
No network configuration changes need to be made.
Will NOT monitor for other network configuration changes.
DNS servers '192.168.3.254 fd00::a96:d7ff:fe27:d26' will be used for DNS queries when the VPN is active
The DNS servers do not include any free public DNS servers known to Tunnelblick. This may cause DNS queries to fail or be intercepted or falsified even if they are directed through the VPN. Specify only known public DNS servers or DNS servers located on the VPN network to avoid such problems.
Flushed the DNS cache via dscacheutil
Flushed the DNS cache via discoveryutil udnsflushcaches
Flushed the DNS cache via discoveryutil mdnsflushcache
No matching processes were found
mDNSResponder not running. Not notifying it that the DNS cache was flushed
End of output from client.up.tunnelblick.sh
**********************************************
2015-06-01 19:55:18 us=353158 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
2015-06-01 19:55:18 us=353353 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
2015-06-01 19:55:18 us=353427 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
2015-06-01 19:55:18 us=353666 Local Options hash (VER=V4): '41690919'
2015-06-01 19:55:18 us=353790 Expected Remote Options hash (VER=V4): '530fdded'
2015-06-01 19:55:18 us=353877 UDPv4 link local: [undef]
2015-06-01 19:55:18 us=354004 UDPv4 link remote: [AF_INET]1.2.3.4:1194
2015-06-01 19:55:18 us=354116 MANAGEMENT: >STATE:1433181318,WAIT,,,
2015-06-01 19:55:18 us=373094 MANAGEMENT: >STATE:1433181318,AUTH,,,
2015-06-01 19:55:18 us=373263 TLS: Initial packet from [AF_INET]1.2.3.4:1194, sid=1c57fd6f 695094f7
2015-06-01 19:55:18 us=567184 VERIFY OK: depth=1, ...... <removed>
2015-06-01 19:55:18 us=569117 VERIFY OK: depth=0, ........<removed>
2015-06-01 19:55:19 us=438099 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
2015-06-01 19:55:19 us=438285 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2015-06-01 19:55:19 us=438427 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
2015-06-01 19:55:19 us=438582 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2015-06-01 19:55:19 us=438846 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA
2015-06-01 19:55:19 us=438957 [OpenVPN_Server_Nos] Peer Connection Initiated with [AF_INET]1.2.3.4:1194
2015-06-01 19:55:20 us=478408 Initialization Sequence Completed
2015-06-01 19:55:20 us=478611 MANAGEMENT: >STATE:1433181320,CONNECTED,SUCCESS,,1.2.3.4
2015-06-01 19:55:21 *Tunnelblick: No 'connected.sh' script to execute
2015-06-01 19:55:26 *Tunnelblick: This computer's apparent public IP address (130.180.66.250) was unchanged after the connection was made
==========================================
The server log:
==========================
Mon Jun 1 20:18:51 2015 130.180.66.250:55231 TLS: Initial packet from [AF_INET]130.180.66.250:55231, sid=e403ef7b eef1eee8
Mon Jun 1 20:18:52 2015 130.180.66.250:55231 VERIFY OK: depth=1, <removed>
Mon Jun 1 20:18:52 2015 130.180.66.250:55231 VERIFY OK: depth=0, <removed>
Mon Jun 1 20:18:52 2015 130.180.66.250:55231 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Jun 1 20:18:52 2015 130.180.66.250:55231 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Jun 1 20:18:52 2015 130.180.66.250:55231 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Jun 1 20:18:52 2015 130.180.66.250:55231 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Jun 1 20:18:52 2015 130.180.66.250:55231 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA
Mon Jun 1 20:18:52 2015 130.180.66.250:55231 [OpenVPN_Denny_Fuchs] Peer Connection Initiated with [AF_INET]130.180.66.250:55231
Mon Jun 1 20:18:52 2015 OpenVPN_Denny_Fuchs/130.180.66.250:55231 MULTI_sva: pool returned IPv4=192.168.254.6, IPv6=(Not enabled)
Mon Jun 1 20:18:52 2015 OpenVPN_Denny_Fuchs/130.180.66.250:55231 MULTI: Learn: 192.168.254.6 -> OpenVPN_Denny_Fuchs/130.180.66.250:55231
Mon Jun 1 20:18:52 2015 OpenVPN_Denny_Fuchs/130.180.66.250:55231 MULTI: primary virtual IP for OpenVPN_Denny_Fuchs/130.180.66.250:55231: 192.168.254.6
=================================
I have no clue, what the problem is ...
any suggestions?
cu denny
I have the strange problem, that I don't get any PUSH statements on any OSX 10.10.3 clients. Connecting with any IOS8 device (official OpenVPN client) or Linux (Linux Mint / Ubuntu ..) works like a charm.
Server (Debian Wheey) config:
===========
tls-server
dev tun0
pkcs12 /etc/openvpn/keys/OpenVPN_Server_Nos.p12
dh /etc/openvpn/keys/dh4096.pem
server 192.168.254.0 255.255.255.0
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log
comp-lzo
port 1194
proto udp
keepalive 10 120
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DOMAIN foo.local"
verb 3
duplicate-cn
ifconfig-pool-persist ipp.txt
===========
client
=====================
tls-client
dev tun
proto udp
remote vpn.server.example.com 1194 #1.2.3.4
nobind
ca ca.pem
cert denny.pem
key keys.pem
comp-lzo
verb 4
resolv-retry infinite
persist-key
persist-tun
redirect-gateway def1
=======================
Tunnelblick connection log:
======================
2015-06-01 19:55:14 *Tunnelblick: openvpnstart starting OpenVPN
2015-06-01 19:55:13 *Tunnelblick: OS X 10.10.3; Tunnelblick 3.5.0 (build 4265)
2015-06-01 19:55:14 *Tunnelblick: Attempting connection with Nos using shadow copy; Set nameserver = 1; monitoring connection
2015-06-01 19:55:14 *Tunnelblick: openvpnstart start Nos.tblk 1338 1 0 1 0 49968 -ptADGNWradsgnw 2.3.6
2015-06-01 19:55:15 *Tunnelblick: openvpnstart log:
OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.6/openvpn
--daemon
--log
/Library/Application Support/Tunnelblick/Logs/-SUsers-Sdenny-SLibrary-SApplication Support-STunnelblick-SConfigurations-SNos.tblk-SContents-SResources-Sconfig.ovpn.1_0_1_0_49968.1338.openvpn.log
--cd
/Library/Application Support/Tunnelblick/Users/denny/Nos.tblk/Contents/Resources
--config
/Library/Application Support/Tunnelblick/Users/denny/Nos.tblk/Contents/Resources/config.ovpn
--cd
/Library/Application Support/Tunnelblick/Users/denny/Nos.tblk/Contents/Resources
--management
127.0.0.1
1338
--management-query-passwords
--management-hold
--redirect-gateway
def1
--script-security
2
--route-up
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -d -f -m -w -ptADGNWradsgnw
--down
/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -d -f -m -w -ptADGNWradsgnw
2015-06-01 19:55:14 us=849056 Current Parameter Settings:
2015-06-01 19:55:14 us=849331 config = '/Library/Application Support/Tunnelblick/Users/denny/Nos.tblk/Contents/Resources/config.ovpn'
2015-06-01 19:55:14 us=849345 mode = 0
2015-06-01 19:55:14 us=849356 show_ciphers = DISABLED
2015-06-01 19:55:14 us=849368 show_digests = DISABLED
2015-06-01 19:55:14 us=849379 show_engines = DISABLED
2015-06-01 19:55:14 us=849390 genkey = DISABLED
2015-06-01 19:55:14 us=849401 key_pass_file = '[UNDEF]'
2015-06-01 19:55:14 us=849412 show_tls_ciphers = DISABLED
2015-06-01 19:55:14 us=849423 Connection profiles [default]:
2015-06-01 19:55:14 us=849435 proto = udp
2015-06-01 19:55:14 us=849446 local = '[UNDEF]'
2015-06-01 19:55:14 us=849457 local_port = 0
2015-06-01 19:55:14 us=849470 remote = vpn.server.example.com'
2015-06-01 19:55:14 us=849481 remote_port = 1194
2015-06-01 19:55:14 us=849492 remote_float = DISABLED
2015-06-01 19:55:14 us=849503 bind_defined = DISABLED
2015-06-01 19:55:14 us=849514 bind_local = DISABLED
2015-06-01 19:55:14 us=849526 connect_retry_seconds = 5
2015-06-01 19:55:14 us=849538 connect_timeout = 10
2015-06-01 19:55:14 us=849549 connect_retry_max = 0
2015-06-01 19:55:14 us=849560 socks_proxy_server = '[UNDEF]'
2015-06-01 19:55:14 us=849571 socks_proxy_port = 0
2015-06-01 19:55:14 us=849583 socks_proxy_retry = DISABLED
2015-06-01 19:55:14 us=849594 tun_mtu = 1500
2015-06-01 19:55:14 us=849605 tun_mtu_defined = ENABLED
2015-06-01 19:55:14 us=849616 link_mtu = 1500
2015-06-01 19:55:14 us=849627 link_mtu_defined = DISABLED
2015-06-01 19:55:14 us=849638 tun_mtu_extra = 0
2015-06-01 19:55:14 us=849649 tun_mtu_extra_defined = DISABLED
2015-06-01 19:55:14 us=849660 mtu_discover_type = -1
2015-06-01 19:55:14 us=849671 fragment = 0
2015-06-01 19:55:14 us=849682 mssfix = 1450
2015-06-01 19:55:14 us=849693 explicit_exit_notification = 0
2015-06-01 19:55:14 us=849704 Connection profiles END
2015-06-01 19:55:14 us=849715 remote_random = DISABLED
2015-06-01 19:55:14 us=849726 ipchange = '[UNDEF]'
2015-06-01 19:55:14 us=849737 dev = 'tun'
2015-06-01 19:55:14 us=849748 dev_type = '[UNDEF]'
2015-06-01 19:55:14 us=849759 dev_node = '[UNDEF]'
2015-06-01 19:55:14 us=849770 lladdr = '[UNDEF]'
2015-06-01 19:55:14 us=849781 topology = 1
2015-06-01 19:55:14 us=849792 tun_ipv6 = DISABLED
2015-06-01 19:55:14 us=849803 ifconfig_local = '[UNDEF]'
2015-06-01 19:55:14 us=849814 ifconfig_remote_netmask = '[UNDEF]'
2015-06-01 19:55:14 us=849827 ifconfig_noexec = DISABLED
2015-06-01 19:55:14 us=849838 ifconfig_nowarn = DISABLED
2015-06-01 19:55:14 us=849849 ifconfig_ipv6_local = '[UNDEF]'
2015-06-01 19:55:14 us=849860 ifconfig_ipv6_netbits = 0
2015-06-01 19:55:14 us=849871 ifconfig_ipv6_remote = '[UNDEF]'
2015-06-01 19:55:14 us=849882 shaper = 0
2015-06-01 19:55:14 us=849893 mtu_test = 0
2015-06-01 19:55:14 us=849904 mlock = DISABLED
2015-06-01 19:55:14 us=849915 keepalive_ping = 0
2015-06-01 19:55:14 us=849926 keepalive_timeout = 0
2015-06-01 19:55:14 us=849938 inactivity_timeout = 0
2015-06-01 19:55:14 us=849949 ping_send_timeout = 0
2015-06-01 19:55:14 us=849966 ping_rec_timeout = 0
2015-06-01 19:55:14 us=849978 ping_rec_timeout_action = 0
2015-06-01 19:55:14 us=849989 ping_timer_remote = DISABLED
2015-06-01 19:55:14 us=850000 remap_sigusr1 = 0
2015-06-01 19:55:14 us=850011 persist_tun = ENABLED
2015-06-01 19:55:14 us=850022 persist_local_ip = DISABLED
2015-06-01 19:55:14 us=850033 persist_remote_ip = DISABLED
2015-06-01 19:55:14 us=850044 persist_key = ENABLED
2015-06-01 19:55:14 us=850055 passtos = DISABLED
2015-06-01 19:55:14 us=850070 resolve_retry_seconds = 1000000000
2015-06-01 19:55:14 us=850093 username = '[UNDEF]'
2015-06-01 19:55:14 us=850105 groupname = '[UNDEF]'
2015-06-01 19:55:14 us=850116 chroot_dir = '[UNDEF]'
2015-06-01 19:55:14 us=850127 cd_dir = '/Library/Application Support/Tunnelblick/Users/denny/Nos.tblk/Contents/Resources'
2015-06-01 19:55:14 us=850138 writepid = '[UNDEF]'
2015-06-01 19:55:14 us=850152 up_script = '[UNDEF]'
2015-06-01 19:55:14 us=850164 down_script = '/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -d -f -m -w -ptADGNWradsgnw'
2015-06-01 19:55:14 us=850175 down_pre = DISABLED
2015-06-01 19:55:14 us=850186 up_restart = DISABLED
2015-06-01 19:55:14 us=850197 up_delay = DISABLED
2015-06-01 19:55:14 us=850208 daemon = ENABLED
2015-06-01 19:55:14 us=850219 inetd = 0
2015-06-01 19:55:14 us=850230 log = ENABLED
2015-06-01 19:55:14 us=850242 suppress_timestamps = DISABLED
2015-06-01 19:55:14 us=850253 nice = 0
2015-06-01 19:55:14 us=850264 verbosity = 4
2015-06-01 19:55:14 us=850275 mute = 0
2015-06-01 19:55:14 us=850286 status_file = '[UNDEF]'
2015-06-01 19:55:14 us=850297 status_file_version = 1
2015-06-01 19:55:14 us=850309 status_file_update_freq = 60
2015-06-01 19:55:14 us=850320 occ = ENABLED
2015-06-01 19:55:14 us=850331 rcvbuf = 65536
2015-06-01 19:55:14 us=850342 sndbuf = 65536
2015-06-01 19:55:14 us=850353 sockflags = 0
2015-06-01 19:55:14 us=850364 fast_io = DISABLED
2015-06-01 19:55:14 us=850375 lzo = 7
2015-06-01 19:55:14 us=850386 route_script = '/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -d -f -m -w -ptADGNWradsgnw'
2015-06-01 19:55:14 us=850398 route_default_gateway = '[UNDEF]'
2015-06-01 19:55:14 us=850409 route_default_metric = 0
2015-06-01 19:55:14 us=850420 route_noexec = DISABLED
2015-06-01 19:55:14 us=850431 route_delay = 0
2015-06-01 19:55:14 us=850442 route_delay_window = 30
2015-06-01 19:55:14 us=850453 route_delay_defined = DISABLED
2015-06-01 19:55:14 us=850465 route_nopull = DISABLED
2015-06-01 19:55:14 us=850476 route_gateway_via_dhcp = DISABLED
2015-06-01 19:55:14 us=850488 max_routes = 100
2015-06-01 19:55:14 us=850499 allow_pull_fqdn = DISABLED
2015-06-01 19:55:14 us=850511 [redirect_default_gateway local=0]
2015-06-01 19:55:14 us=850523 management_addr = '127.0.0.1'
2015-06-01 19:55:14 us=850535 management_port = 1338
2015-06-01 19:55:14 us=850546 management_user_pass = '[UNDEF]'
2015-06-01 19:55:14 us=850558 management_log_history_cache = 250
2015-06-01 19:55:14 us=850570 management_echo_buffer_size = 100
2015-06-01 19:55:14 us=850582 management_write_peer_info_file = '[UNDEF]'
2015-06-01 19:55:14 us=850594 management_client_user = '[UNDEF]'
2015-06-01 19:55:14 us=850605 management_client_group = '[UNDEF]'
2015-06-01 19:55:14 us=850617 management_flags = 6
2015-06-01 19:55:14 us=850629 shared_secret_file = '[UNDEF]'
2015-06-01 19:55:14 us=850641 key_direction = 0
2015-06-01 19:55:14 us=850652 ciphername_defined = ENABLED
2015-06-01 19:55:14 us=850664 ciphername = 'BF-CBC'
2015-06-01 19:55:14 us=850675 authname_defined = ENABLED
2015-06-01 19:55:14 us=850687 authname = 'SHA1'
2015-06-01 19:55:14 us=850698 prng_hash = 'SHA1'
2015-06-01 19:55:14 us=850710 prng_nonce_secret_len = 16
2015-06-01 19:55:14 us=850722 keysize = 0
2015-06-01 19:55:14 us=850733 engine = DISABLED
2015-06-01 19:55:14 us=850744 replay = ENABLED
2015-06-01 19:55:14 us=850756 mute_replay_warnings = DISABLED
2015-06-01 19:55:14 us=850767 replay_window = 64
2015-06-01 19:55:14 us=850779 replay_time = 15
2015-06-01 19:55:14 us=850794 packet_id_file = '[UNDEF]'
2015-06-01 19:55:14 us=850806 use_iv = ENABLED
2015-06-01 19:55:14 us=850817 test_crypto = DISABLED
2015-06-01 19:55:14 us=850828 tls_server = DISABLED
2015-06-01 19:55:14 us=850852 tls_client = ENABLED
2015-06-01 19:55:14 us=850864 key_method = 2
2015-06-01 19:55:14 us=850876 ca_file = 'ca.pem'
2015-06-01 19:55:14 us=850888 ca_path = '[UNDEF]'
2015-06-01 19:55:14 us=850899 dh_file = '[UNDEF]'
2015-06-01 19:55:14 us=850911 cert_file = 'denny.pem'
2015-06-01 19:55:14 us=850923 priv_key_file = 'keys.pem'
2015-06-01 19:55:14 us=850934 pkcs12_file = '[UNDEF]'
2015-06-01 19:55:14 us=850946 cipher_list = '[UNDEF]'
2015-06-01 19:55:14 us=850957 tls_verify = '[UNDEF]'
2015-06-01 19:55:14 us=850969 tls_export_cert = '[UNDEF]'
2015-06-01 19:55:14 us=850980 verify_x509_type = 0
2015-06-01 19:55:14 us=850992 verify_x509_name = '[UNDEF]'
2015-06-01 19:55:14 us=851004 crl_file = '[UNDEF]'
2015-06-01 19:55:14 us=851015 ns_cert_type = 0
2015-06-01 19:55:14 us=851027 remote_cert_ku[i] = 0
2015-06-01 19:55:14 us=851038 remote_cert_ku[i] = 0
2015-06-01 19:55:14 us=851050 remote_cert_ku[i] = 0
2015-06-01 19:55:14 us=851061 remote_cert_ku[i] = 0
2015-06-01 19:55:14 us=851073 remote_cert_ku[i] = 0
2015-06-01 19:55:14 us=851084 remote_cert_ku[i] = 0
2015-06-01 19:55:14 us=851096 remote_cert_ku[i] = 0
2015-06-01 19:55:14 us=851107 remote_cert_ku[i] = 0
2015-06-01 19:55:14 us=851118 remote_cert_ku[i] = 0
2015-06-01 19:55:14 us=851130 remote_cert_ku[i] = 0
2015-06-01 19:55:14 us=851141 remote_cert_ku[i] = 0
2015-06-01 19:55:14 us=851152 remote_cert_ku[i] = 0
2015-06-01 19:55:14 us=851164 remote_cert_ku[i] = 0
2015-06-01 19:55:14 us=851175 remote_cert_ku[i] = 0
2015-06-01 19:55:14 us=851186 remote_cert_ku[i] = 0
2015-06-01 19:55:14 us=851198 remote_cert_ku[i] = 0
2015-06-01 19:55:14 us=851209 remote_cert_eku = '[UNDEF]'
2015-06-01 19:55:14 us=851221 ssl_flags = 0
2015-06-01 19:55:14 us=851232 tls_timeout = 2
2015-06-01 19:55:14 us=851244 renegotiate_bytes = 0
2015-06-01 19:55:14 us=851255 renegotiate_packets = 0
2015-06-01 19:55:14 us=851267 renegotiate_seconds = 3600
2015-06-01 19:55:14 us=851278 handshake_window = 60
2015-06-01 19:55:14 us=851446 transition_window = 3600
2015-06-01 19:55:14 us=851462 single_session = DISABLED
2015-06-01 19:55:14 us=851474 push_peer_info = DISABLED
2015-06-01 19:55:14 us=851486 tls_exit = DISABLED
2015-06-01 19:55:14 us=851497 tls_auth_file = '[UNDEF]'
2015-06-01 19:55:14 us=851509 pkcs11_protected_authentication = DISABLED
2015-06-01 19:55:14 us=851521 pkcs11_protected_authentication = DISABLED
2015-06-01 19:55:14 us=851532 pkcs11_protected_authentication = DISABLED
2015-06-01 19:55:14 us=851544 pkcs11_protected_authentication = DISABLED
2015-06-01 19:55:14 us=851556 pkcs11_protected_authentication = DISABLED
2015-06-01 19:55:14 us=851567 pkcs11_protected_authentication = DISABLED
2015-06-01 19:55:14 us=851579 pkcs11_protected_authentication = DISABLED
2015-06-01 19:55:14 us=851591 pkcs11_protected_authentication = DISABLED
2015-06-01 19:55:14 us=851602 pkcs11_protected_authentication = DISABLED
2015-06-01 19:55:14 us=851614 pkcs11_protected_authentication = DISABLED
2015-06-01 19:55:14 us=851626 pkcs11_protected_authentication = DISABLED
2015-06-01 19:55:14 us=851637 pkcs11_protected_authentication = DISABLED
2015-06-01 19:55:14 us=851649 pkcs11_protected_authentication = DISABLED
2015-06-01 19:55:14 us=851660 pkcs11_protected_authentication = DISABLED
2015-06-01 19:55:14 us=851672 pkcs11_protected_authentication = DISABLED
2015-06-01 19:55:14 us=851684 pkcs11_protected_authentication = DISABLED
2015-06-01 19:55:14 us=851696 pkcs11_private_mode = 00000000
2015-06-01 19:55:14 us=851707 pkcs11_private_mode = 00000000
2015-06-01 19:55:14 us=851719 pkcs11_private_mode = 00000000
2015-06-01 19:55:14 us=851731 pkcs11_private_mode = 00000000
2015-06-01 19:55:14 us=851756 pkcs11_private_mode = 00000000
2015-06-01 19:55:14 us=851769 pkcs11_private_mode = 00000000
2015-06-01 19:55:14 us=851780 pkcs11_private_mode = 00000000
2015-06-01 19:55:14 us=851792 pkcs11_private_mode = 00000000
2015-06-01 19:55:14 us=851804 pkcs11_private_mode = 00000000
2015-06-01 19:55:14 us=851816 pkcs11_private_mode = 00000000
2015-06-01 19:55:14 us=851827 pkcs11_private_mode = 00000000
2015-06-01 19:55:14 us=851839 pkcs11_private_mode = 00000000
2015-06-01 19:55:14 us=851850 pkcs11_private_mode = 00000000
2015-06-01 19:55:14 us=851862 pkcs11_private_mode = 00000000
2015-06-01 19:55:14 us=851874 pkcs11_private_mode = 00000000
2015-06-01 19:55:14 us=851885 pkcs11_private_mode = 00000000
2015-06-01 19:55:14 us=851897 pkcs11_cert_private = DISABLED
2015-06-01 19:55:14 us=851908 pkcs11_cert_private = DISABLED
2015-06-01 19:55:14 us=851920 pkcs11_cert_private = DISABLED
2015-06-01 19:55:14 us=851931 pkcs11_cert_private = DISABLED
2015-06-01 19:55:14 us=851943 pkcs11_cert_private = DISABLED
2015-06-01 19:55:14 us=851955 pkcs11_cert_private = DISABLED
2015-06-01 19:55:14 us=851966 pkcs11_cert_private = DISABLED
2015-06-01 19:55:14 us=851978 pkcs11_cert_private = DISABLED
2015-06-01 19:55:14 us=851989 pkcs11_cert_private = DISABLED
2015-06-01 19:55:14 us=852001 pkcs11_cert_private = DISABLED
2015-06-01 19:55:14 us=852055 pkcs11_cert_private = DISABLED
2015-06-01 19:55:14 us=852068 pkcs11_cert_private = DISABLED
2015-06-01 19:55:14 us=852080 pkcs11_cert_private = DISABLED
2015-06-01 19:55:14 us=852091 pkcs11_cert_private = DISABLED
2015-06-01 19:55:14 us=852103 pkcs11_cert_private = DISABLED
2015-06-01 19:55:14 us=852116 pkcs11_cert_private = DISABLED
2015-06-01 19:55:14 us=852128 pkcs11_pin_cache_period = -1
2015-06-01 19:55:14 us=852140 pkcs11_id = '[UNDEF]'
2015-06-01 19:55:14 us=852151 pkcs11_id_management = DISABLED
2015-06-01 19:55:14 us=852176 server_network = 0.0.0.0
2015-06-01 19:55:14 us=852191 server_netmask = 0.0.0.0
2015-06-01 19:55:14 us=852209 server_network_ipv6 = ::
2015-06-01 19:55:14 us=852221 server_netbits_ipv6 = 0
2015-06-01 19:55:14 us=852234 server_bridge_ip = 0.0.0.0
2015-06-01 19:55:14 us=852247 server_bridge_netmask = 0.0.0.0
2015-06-01 19:55:14 us=852260 server_bridge_pool_start = 0.0.0.0
2015-06-01 19:55:14 us=852273 server_bridge_pool_end = 0.0.0.0
2015-06-01 19:55:14 us=852284 ifconfig_pool_defined = DISABLED
2015-06-01 19:55:14 us=852303 ifconfig_pool_start = 0.0.0.0
2015-06-01 19:55:14 us=852316 ifconfig_pool_end = 0.0.0.0
2015-06-01 19:55:14 us=852329 ifconfig_pool_netmask = 0.0.0.0
2015-06-01 19:55:14 us=852342 ifconfig_pool_persist_filename = '[UNDEF]'
2015-06-01 19:55:14 us=852354 ifconfig_pool_persist_refresh_freq = 600
2015-06-01 19:55:14 us=852366 ifconfig_ipv6_pool_defined = DISABLED
2015-06-01 19:55:14 us=852378 ifconfig_ipv6_pool_base = ::
2015-06-01 19:55:14 us=852390 ifconfig_ipv6_pool_netbits = 0
2015-06-01 19:55:14 us=852402 n_bcast_buf = 256
2015-06-01 19:55:14 us=852413 tcp_queue_limit = 64
2015-06-01 19:55:14 us=852425 real_hash_size = 256
2015-06-01 19:55:14 us=852436 virtual_hash_size = 256
2015-06-01 19:55:14 us=852448 client_connect_script = '[UNDEF]'
2015-06-01 19:55:14 us=852459 learn_address_script = '[UNDEF]'
2015-06-01 19:55:14 us=852471 client_disconnect_script = '[UNDEF]'
2015-06-01 19:55:14 us=852482 client_config_dir = '[UNDEF]'
2015-06-01 19:55:14 us=852494 ccd_exclusive = DISABLED
2015-06-01 19:55:14 us=852505 tmp_dir = '/var/folders/mc/qj34b7dd4sd2jfy_k9_8kxqc000102/T/'
2015-06-01 19:55:14 us=852517 push_ifconfig_defined = DISABLED
2015-06-01 19:55:14 us=852530 push_ifconfig_local = 0.0.0.0
2015-06-01 19:55:14 us=852555 push_ifconfig_remote_netmask = 0.0.0.0
2015-06-01 19:55:14 us=852567 push_ifconfig_ipv6_defined = DISABLED
2015-06-01 19:55:14 us=852580 push_ifconfig_ipv6_local = ::/0
2015-06-01 19:55:14 us=852592 push_ifconfig_ipv6_remote = ::
2015-06-01 19:55:14 us=852605 enable_c2c = DISABLED
2015-06-01 19:55:14 us=852616 duplicate_cn = DISABLED
2015-06-01 19:55:14 us=852628 cf_max = 0
2015-06-01 19:55:14 us=852640 cf_per = 0
2015-06-01 19:55:14 us=852651 max_clients = 1024
2015-06-01 19:55:14 us=852663 max_routes_per_client = 256
2015-06-01 19:55:14 us=852674 auth_user_pass_verify_script = '[UNDEF]'
2015-06-01 19:55:14 us=852687 auth_user_pass_verify_script_via_file = DISABLED
2015-06-01 19:55:14 us=852699 port_share_host = '[UNDEF]'
2015-06-01 19:55:14 us=852711 port_share_port = 0
2015-06-01 19:55:14 us=852722 client = DISABLED
2015-06-01 19:55:14 us=852734 pull = DISABLED
2015-06-01 19:55:14 us=852745 auth_user_pass_file = '[UNDEF]'
2015-06-01 19:55:14 us=852765 OpenVPN 2.3.6 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Apr 3 2015
2015-06-01 19:55:14 us=852787 library versions: OpenSSL 1.0.1m 19 Mar 2015, LZO 2.08
2015-06-01 19:55:14 us=855747 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1338
2015-06-01 19:55:14 us=863775 Need hold release from management interface, waiting...
2015-06-01 19:55:15 *Tunnelblick: Established communication with OpenVPN
2015-06-01 19:55:15 us=840882 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1338
2015-06-01 19:55:15 us=897772 MANAGEMENT: CMD 'pid'
2015-06-01 19:55:15 us=898080 MANAGEMENT: CMD 'state on'
2015-06-01 19:55:15 us=898216 MANAGEMENT: CMD 'state'
2015-06-01 19:55:15 us=898433 MANAGEMENT: CMD 'bytecount 1'
2015-06-01 19:55:15 us=898556 MANAGEMENT: CMD 'hold release'
2015-06-01 19:55:15 us=898903 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2015-06-01 19:55:15 us=898981 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2015-06-01 19:55:15 us=900137 LZO compression initialized
2015-06-01 19:55:15 us=900330 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
2015-06-01 19:55:15 us=900483 Socket Buffers: R=[196724->65536] S=[9216->65536]
2015-06-01 19:55:15 us=900727 MANAGEMENT: >STATE:1433181315,RESOLVE,,,
2015-06-01 19:55:15 us=902098 Opened utun device utun0
2015-06-01 19:55:15 us=902341 NOTE: unable to redirect default gateway -- VPN gateway parameter (--route-gateway or --ifconfig) is missing
**********************************************
Start of output from client.up.tunnelblick.sh
No network configuration changes need to be made.
Will NOT monitor for other network configuration changes.
DNS servers '192.168.3.254 fd00::a96:d7ff:fe27:d26' will be used for DNS queries when the VPN is active
The DNS servers do not include any free public DNS servers known to Tunnelblick. This may cause DNS queries to fail or be intercepted or falsified even if they are directed through the VPN. Specify only known public DNS servers or DNS servers located on the VPN network to avoid such problems.
Flushed the DNS cache via dscacheutil
Flushed the DNS cache via discoveryutil udnsflushcaches
Flushed the DNS cache via discoveryutil mdnsflushcache
No matching processes were found
mDNSResponder not running. Not notifying it that the DNS cache was flushed
End of output from client.up.tunnelblick.sh
**********************************************
2015-06-01 19:55:18 us=353158 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
2015-06-01 19:55:18 us=353353 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
2015-06-01 19:55:18 us=353427 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
2015-06-01 19:55:18 us=353666 Local Options hash (VER=V4): '41690919'
2015-06-01 19:55:18 us=353790 Expected Remote Options hash (VER=V4): '530fdded'
2015-06-01 19:55:18 us=353877 UDPv4 link local: [undef]
2015-06-01 19:55:18 us=354004 UDPv4 link remote: [AF_INET]1.2.3.4:1194
2015-06-01 19:55:18 us=354116 MANAGEMENT: >STATE:1433181318,WAIT,,,
2015-06-01 19:55:18 us=373094 MANAGEMENT: >STATE:1433181318,AUTH,,,
2015-06-01 19:55:18 us=373263 TLS: Initial packet from [AF_INET]1.2.3.4:1194, sid=1c57fd6f 695094f7
2015-06-01 19:55:18 us=567184 VERIFY OK: depth=1, ...... <removed>
2015-06-01 19:55:18 us=569117 VERIFY OK: depth=0, ........<removed>
2015-06-01 19:55:19 us=438099 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
2015-06-01 19:55:19 us=438285 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2015-06-01 19:55:19 us=438427 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
2015-06-01 19:55:19 us=438582 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2015-06-01 19:55:19 us=438846 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA
2015-06-01 19:55:19 us=438957 [OpenVPN_Server_Nos] Peer Connection Initiated with [AF_INET]1.2.3.4:1194
2015-06-01 19:55:20 us=478408 Initialization Sequence Completed
2015-06-01 19:55:20 us=478611 MANAGEMENT: >STATE:1433181320,CONNECTED,SUCCESS,,1.2.3.4
2015-06-01 19:55:21 *Tunnelblick: No 'connected.sh' script to execute
2015-06-01 19:55:26 *Tunnelblick: This computer's apparent public IP address (130.180.66.250) was unchanged after the connection was made
==========================================
The server log:
==========================
Mon Jun 1 20:18:51 2015 130.180.66.250:55231 TLS: Initial packet from [AF_INET]130.180.66.250:55231, sid=e403ef7b eef1eee8
Mon Jun 1 20:18:52 2015 130.180.66.250:55231 VERIFY OK: depth=1, <removed>
Mon Jun 1 20:18:52 2015 130.180.66.250:55231 VERIFY OK: depth=0, <removed>
Mon Jun 1 20:18:52 2015 130.180.66.250:55231 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Jun 1 20:18:52 2015 130.180.66.250:55231 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Jun 1 20:18:52 2015 130.180.66.250:55231 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Jun 1 20:18:52 2015 130.180.66.250:55231 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Jun 1 20:18:52 2015 130.180.66.250:55231 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA
Mon Jun 1 20:18:52 2015 130.180.66.250:55231 [OpenVPN_Denny_Fuchs] Peer Connection Initiated with [AF_INET]130.180.66.250:55231
Mon Jun 1 20:18:52 2015 OpenVPN_Denny_Fuchs/130.180.66.250:55231 MULTI_sva: pool returned IPv4=192.168.254.6, IPv6=(Not enabled)
Mon Jun 1 20:18:52 2015 OpenVPN_Denny_Fuchs/130.180.66.250:55231 MULTI: Learn: 192.168.254.6 -> OpenVPN_Denny_Fuchs/130.180.66.250:55231
Mon Jun 1 20:18:52 2015 OpenVPN_Denny_Fuchs/130.180.66.250:55231 MULTI: primary virtual IP for OpenVPN_Denny_Fuchs/130.180.66.250:55231: 192.168.254.6
=================================
I have no clue, what the problem is ...
any suggestions?
cu denny
jkbull...gmail.com
Jun 1, 2015, 3:44:06 PM6/1/15
to tunnelbli...@googlegroups.com, denny....@gmail.com
To accept a "push" from the server, your client configuration file needs either a "pull" option, or a "client" option ("client" implies "pull" and "tls-client").
I don't know how or why iOS8 or Linux clients would override that because it is a security feature. The client must specifically give permission for the server to "push".
Denny Fuchs
Jun 1, 2015, 3:53:30 PM6/1/15
to tunnelbli...@googlegroups.com, denny....@gmail.com
hi,
Am Montag, 1. Juni 2015 21:44:06 UTC+2 schrieb jkbull...gmail.com:
To accept a "push" from the server, your client configuration file needs either a "pull" option, or a "client" option ("client" implies "pull" and "tls-client").
hmm, but I have "tls-client" in the client config, or did you mean anything else?
cu denny
jkbull...gmail.com
Jun 1, 2015, 3:58:00 PM6/1/15
to tunnelbli...@googlegroups.com, denny....@gmail.com
Yes. I mean either "pull" or "client". "tls-client" is a different option – it is not the same as "client". See the OpenVPN 2.3 man page for details.
Denny Fuchs
Jun 1, 2015, 5:21:32 PM6/1/15
to tunnelbli...@googlegroups.com, denny....@gmail.com
hi,
Am Montag, 1. Juni 2015 21:58:00 UTC+2 schrieb jkbull...gmail.com:
Yes. I mean either "pull" or "client". "tls-client" is a different option – it is not the same as "client". See the OpenVPN 2.3 man page for details.
great it works :-) but, I red in the manpage:
- --client
- A helper directive designed to simplify the configuration of OpenVPN's client mode. This directive is equivalent to:
pull tls-client
So I misunderstood the word "equivalent". However, it works now !
thank you :-)
cu denny
Reply all
Reply to author
Forward
0 new messages