Only one browser able to work when connected

[jenni.t...@gmail.com]

I have been using Tunnelblick for a couple months now. I think my Mac (Mavericks) received a Tunnelblick update yesterday, but I also installed a new modem yesterday.

Today, when I connect with Tunnelblick, only Chrome is able to function and load pages, Safari and Firefox behave as if they don't have a connection, occasionally slowly loading half a page - but mostly not loading anything. Tunnelblick looks suspicious as other computers and devices (iPhone, Windows 7, Windows 8) are able to connect to this server with their designated VPN software and various browsers (they are all connecting to the same server with the same details).

When Tunnelblick is disconnected, both Safari and Firefox load pages just fine.

Tunnelblick DNS is "Set nameserver" and I do not see any issues in the log (then again I might not recognize them either).

Any ideas, how to proceed?

[jkbull...gmail.com]

Please follow the instructions at Read Before You Post to provide the info needed to diagnose problems.

[jenni.t...@gmail.com]

"Read before you post" info:

1. I do not have manually set DNS server addresses
2. "Set DNS/WINS" is set to "Set nameserver"
3. "Check if the apparent public IP address changed after connecting" is checked.

Below is the diagnostic log. I have pinned the problem to occur only with the new modem (Cisco Linksys X3000), when I changed back to the old one, things were back to normal.



*Tunnelblick: OS X 10.9.5; Tunnelblick 3.4.2 (build 4055.4161); prior version 3.4.0 (build 4007); Admin user


"Sanitized" condensed configuration file for /Users/xxxx/Library/Application Support/Tunnelblick/Configurations/xxxxxxxx.com.tblk:


client

dev tun

ca ca.crt

cert devkit.crt

key devkit.key

comp-lzo

remote xxxxxxxx.com

keepalive 10 900

inactive 3600

persist-key

persist-tun



================================================================================


"Sanitized" full configuration file


client

dev tun



ca ca.crt

cert devkit.crt

key devkit.key




comp-lzo

remote xxxxxxxx.com



keepalive 10 900

inactive 3600




persist-key

persist-tun


================================================================================

There are no unusual files in xxxxxxxx.com.tblk

================================================================================


Configuration preferences:


-lastConnectionSucceeded = 1


================================================================================


Wildcard preferences:


================================================================================


Program preferences:


skipWarningThatInternetIsNotReachable = 1

launchAtNextLogin = 1

notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0

askedUserIfOKToCheckThatIPAddressDidNotChangeAfterConnection = 1

tunnelblickVersionHistory = (

"3.4.2 (build 4055.4161)",

"3.4.0 (build 4007)"

)

lastLaunchTime = 440597403.816744

connectionWindowDisplayCriteria = showWhenConnecting

maxLogDisplaySize = 102400

lastConnectedDisplayName = xxxxxxxx.com

keyboardShortcutIndex = 1

updateCheckAutomatically = 1

updateSendProfileInfo = 0

NSWindow Frame SettingsSheetWindow = 539 447 829 424 0 0 1440 878

NSWindow Frame ConnectingWindow = 525 540 389 187 0 0 1440 878

detailsWindowFrameVersion = 4055.4161

detailsWindowFrame = {{533, 410}, {904, 468}}

detailsWindowLeftFrame = {{0, 0}, {163, 350}}

leftNavSelectedDisplayName = xxxxxxxx.com

haveDealtWithSparkle1dot5b6 = 1

haveDealtWithOldTunTapPreferences = 1

haveDealtWithOldLoginItem = 1

SUEnableAutomaticChecks = 1

SUFeedURL = https://www.tunnelblick.net/appcast-s.rss

SUScheduledCheckInterval = 86400

SUSendProfileInfo = 0

SULastCheckTime = 2014-12-18 12:10:03 +0000

SUHasLaunchedBefore = 1

WebKitDefaultFontSize = 11

WebKitStandardFont = Lucida Grande



================================================================================

Tunnelblick Log:



2014-12-21 13:13:00 *Tunnelblick: openvpnstart starting OpenVPN

2014-12-21 13:13:00 *Tunnelblick: OS X 10.9.5; Tunnelblick 3.4.2 (build 4055.4161); prior version 3.4.0 (build 4007)

2014-12-21 13:13:00 *Tunnelblick: Attempting connection with xxxxxxxx.com using shadow copy; Set nameserver = 1; monitoring connection

2014-12-21 13:13:00 *Tunnelblick: openvpnstart start xxxxxxxx.com.tblk 1337 1 0 1 0 16688 -ptADGNWradsgnw 2.3.6

2014-12-21 13:13:01 *Tunnelblick: openvpnstart log:

Tunnelblick:

OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):



/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.6/openvpn

--daemon

--log

/Library/Application Support/Tunnelblick/Logs/-SUsers-Sxxxx-SLibrary-SApplication Support-STunnelblick-SConfigurations-Sxxxxxxxx.com.tblk-SContents-SResources-Sconfig.ovpn.1_0_1_0_16688.1337.openvpn.log

--cd

/Library/Application Support/Tunnelblick/Users/xxxx/xxxxxxxx.com.tblk/Contents/Resources

--config

/Library/Application Support/Tunnelblick/Users/xxxx/xxxxxxxx.com.tblk/Contents/Resources/config.ovpn

--cd

/Library/Application Support/Tunnelblick/Users/xxxx/xxxxxxxx.com.tblk/Contents/Resources

--management

127.0.0.1

1337

--management-query-passwords

--management-hold

--script-security

2

--up

/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -f -ptADGNWradsgnw

--down

/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -f -ptADGNWradsgnw




2014-12-21 13:13:01 *Tunnelblick: Established communication with OpenVPN

2014-12-21 13:13:01 OpenVPN 2.3.6 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Dec 1 2014

2014-12-21 13:13:01 library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.08

2014-12-21 13:13:01 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

2014-12-21 13:13:01 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2014-12-21 13:13:01 UDPv4 link local (bound): [undef]

2014-12-21 13:13:01 UDPv4 link remote: [AF_INET]194.155.169.66:1194

2014-12-21 13:13:11 [xxxxxxxx.com] Peer Connection Initiated with [AF_INET]194.155.169.66:1194

2014-12-21 13:13:13 Opened utun device utun0

2014-12-21 13:13:13 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0

2014-12-21 13:13:13 /sbin/ifconfig utun0 delete

ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address

2014-12-21 13:13:13 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure

2014-12-21 13:13:13 /sbin/ifconfig utun0 10.101.10.6 10.101.10.5 mtu 1500 netmask 255.255.255.255 up

2014-12-21 13:13:13 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -f -ptADGNWradsgnw utun0 1500 1542 10.101.10.6 10.101.10.5 init

**********************************************

Start of output from client.up.tunnelblick.sh

No network configuration changes need to be made.

Will NOT monitor for other network configuration changes.

End of output from client.up.tunnelblick.sh

**********************************************

add net 194.155.169.66: gateway 192.169.1.1

add net 0.0.0.0: gateway 10.101.10.5

add net 128.0.0.0: gateway 10.101.10.5

add net 10.101.10.1: gateway 10.101.10.5

2014-12-21 13:13:15 *Tunnelblick: No 'connected.sh' script to execute

2014-12-21 13:13:15 Initialization Sequence Completed

2014-12-21 13:13:26 *Tunnelblick: This computer's apparent public IP address changed from 85.108.155.235 before connection to 194.155.169.66 after connection

2014-12-21 13:14:41 *Tunnelblick: Disconnecting; 'Disconnect' (toggle) menu command invoked

2014-12-21 13:14:41 *Tunnelblick: Disconnecting using 'kill'

2014-12-21 13:14:41 event_wait : Interrupted system call (code=4)

delete net 10.101.10.1: gateway 10.101.10.5

delete net 194.155.169.66: gateway 192.169.1.1

delete net 0.0.0.0: gateway 10.101.10.5

delete net 128.0.0.0: gateway 10.101.10.5

2014-12-21 13:14:41 /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -f -ptADGNWradsgnw utun0 1500 1542 10.101.10.6 10.101.10.5 init

**********************************************

Start of output from client.down.tunnelblick.sh

WARNING: Not restoring DNS settings because no saved Tunnelblick DNS information was found.

End of output from client.down.tunnelblick.sh

**********************************************

2014-12-21 13:14:42 SIGTERM[hard,] received, process exiting

2014-12-21 13:14:43 *Tunnelblick: No 'post-disconnect.sh' script to execute

2014-12-21 13:14:43 *Tunnelblick: Expected disconnection occurred.




================================================================================

Console Log:




2014-12-21 12:30:15 WindowServer[94] CGError post_notification(const CGSNotificationType, void *const, const size_t, const bool, const CGSRealTimeDelta, const int, const CGSConnectionID *const, const pid_t): Timed out 1.000 second wait for reply from "Tunnelblick" for synchronous notification type 102 (kCGSDisplayWillSleep) (CID 0x1aeab, PID 476)

2014-12-21 12:40:20 WindowServer[94] CGError post_notification(const CGSNotificationType, void *const, const size_t, const bool, const CGSRealTimeDelta, const int, const CGSConnectionID *const, const pid_t): Timed out 1.000 second wait for reply from "Tunnelblick" for synchronous notification type 102 (kCGSDisplayWillSleep) (CID 0x1aeab, PID 476)




================================================================================

[jkbull...gmail.com]

This probably has to do with the DNS server on your new router combined with the way your VPN is set up.

One thing you can look into is if the new router is set to do anything odd with DNS. Perhaps there is a bad setting or something.

If not, I think the bottom line if you continue to use the new router is that you should manually enter DNS servers to your computer's network setup and use the "Do not set nameserver" setting in Tunnelblick. You can set the nameservers to Google's Public DNS service, or OpenDNS, or any other public DNS service.

Here's a semi-technical explanation:

Usually, a VPN is set up to "push" DNS server addresses to a client computer (your computer). So when the VPN is active, all DNS requests go through the VPN to the VPN server or a DNS server on the VPN network. Your setup does not do that, so your computer continues to use the DNS server that it used before the VPN was connected. That can be problematic, because the DNS server may not work well with requests that come from the VPN instead of your computer (and some requests may appear to come from the VPN instead of your computer because, well, that's what VPNs do).

The reason I think the problem is DNS-related is two-fold:

1. Chrome works but other browsers don't: Chrome bypasses the OS X DNS system and uses the Google Public DNS servers; other browsers don't. So if Chrome works but other browsers don't, there is a problem with the DNS system that other browsers are using. Since Tunnelblick/OpenVPN are not being instructed by the VPN server to change any DNS settings, the problematic DNS system is the one provided by OS X. In your case, that is specified to OS X by your router as one of the DHCP settings. That's why a different router gives you different results. (Usually the router would just pass on DNS settings obtained from your ISP, but apparently your new browser isn't doing that, or has some other problem with DNS.)
   
   
2. Tunnelblick's check for an IP address change took 11 seconds to complete. Usually it takes a  fraction of a second. There could be other explanations for this, but the most likely is a DNS problem resolving the "tunnelblick.net" name into an IP address.

On Sunday, December 21, 2014 6:41:47 AM UTC-5, jenni.t...@gmail.com wrote:

"Read before you post" info:

1. I do not have manually set DNS server addresses
2. "Set DNS/WINS" is set to "Set nameserver"
3. "Check if the apparent public IP address changed after connecting" is checked.

Below is the diagnostic log. I have pinned the problem to occur only with the new modem (Cisco Linksys X3000), when I changed back to the old one, things were back to normal.

<snip>

[jenni.t...@gmail.com]

a big thank you for the super quick and coherent reply, will try the things you suggested.

[jenni.t...@gmail.com]

The instructions solved the problem.

(Now, both router and mac have google DNS server addresses,  Tunnelblick is "set nameserver")

On Thursday, December 18, 2014 2:34:31 PM UTC+2, jenni.t...@gmail.com wrote: