Continual Tunnelblick VPN Disconnect / Reconnect Activity

100 views
Skip to first unread message

Jeff Bernthisel

unread,
Apr 10, 2023, 6:11:50 PM4/10/23
to tunnelbli...@googlegroups.com
Looking for an assist with subject.  Home network for connection to office server. Have removed modem/router combo IP from my DNS list on macbook, but it shows still being used in log.  Very frequently through the day the VPN disconnects for 5 - 8 seconds and then reconnects.  Each time this disconnects server connection and requires shut down and RDP remote desktop.

  14:56:16 *Tunnelblick:  DNS servers '8.8.8.8,8.8.4.4,208.67.222.222,208.67.220.220' were set manually

                           14:56:16 *Tunnelblick:  WARNING: that setting is being ignored; '192.168.0.1' is being used.

                           14:56:16 *Tunnelblick:  DNS servers '192.168.0.1' will be used for DNS queries when the VPN is active

                           14:56:16 *Tunnelblick:  NOTE: The DNS servers do not include any free public DNS servers known to Tunnelblick. This may cause DNS queries to fail or be intercepted or falsified even if they are directed through the VPN. Specify only known public DNS servers or DNS servers located on the VPN network to avoid such problems.

                           14:56:16 *Tunnelblick:  Flushed the DNS cache via dscacheutil

                           14:56:16 *Tunnelblick:  /usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil

                           14:56:17 *Tunnelblick:  Notified mDNSResponder that the DNS cache was flushed

                           14:56:17 *Tunnelblick:  Not notifying mDNSResponderHelper that the DNS cache was flushed because it is not running

                           14:56:17 *Tunnelblick:  End of output from client.up.tunnelblick.sh

                           14:56:17 *Tunnelblick:  **********************************************

2023-04-10 14:56:17.030797 Initialization Sequence Completed

2023-04-10 14:56:17.030819 MANAGEMENT: >STATE:1681163777,CONNECTED,SUCCESS,10.81.234.6,162.155.61.26,8443,,

2023-04-10 14:56:18.255778 *Tunnelblick: Routing info stdout:

   route to: 192.168.0.1

destination: 192.168.0.1

  interface: en0

      flags: <UP,HOST,DONE,LLINFO,WASCLONED,IFSCOPE,IFREF,ROUTER>

 recvpipe  sendpipe  ssthresh  rtt,msec    rttvar  hopcount      mtu     expire

       0         0         0        14        11         0      1500      1188 

stderr:


2023-04-10 14:56:18.257312 *Tunnelblick: Warning: DNS server address 192.168.0.1 is not a public IP address and is not being routed through the VPN.



2023-04-10 14:56:23.484898 *Tunnelblick: This computer's apparent public IP address (67.40.95.46) was unchanged after the connection was made


Tunnelblick developer

unread,
Apr 10, 2023, 9:49:34 PM4/10/23
to tunnelblick-discuss
Please post the full diagnostic info obtained by following the instructions at Read Before You Post (https://tunnelblick.net/cBeforeYouPost.html).

Jeff Bernthisel

unread,
Apr 11, 2023, 10:11:33 AM4/11/23
to tunnelblick-discuss
Looking for an assist with subject.  Home network for connection to office server. Have removed modem/router combo IP from my DNS list on macbook, but it shows still being used in log.  Very frequently through the day the VPN disconnects for 5 - 8 seconds and then reconnects.  Each time this disconnects server connection and requires shut down and RDP remote desktop.

023-04-10 14:55:59.944353 *Tunnelblick: macOS 13.3.1 (22E261); Tunnelblick 3.8.8a (build 5776); prior version 3.8.7beta02 (build 5730)
2023-04-10 14:56:00.314091 *Tunnelblick: Attempting connection with ___...@mcneil.local__ssl_vpn_config; Set nameserver = 769; not monitoring connection
2023-04-10 14:56:00.314331 *Tunnelblick: openvpnstart start __...@mcneil.local__ssl_vpn_config.tblk 49237 769 0 3 1 34652464 -ptADGNWradsgnw 2.5.9-openssl-1.1.1t <password>
2023-04-10 14:56:00.334805 *Tunnelblick: openvpnstart starting OpenVPN
2023-04-10 14:56:00.627612 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
2023-04-10 14:56:00.627889 OpenVPN 2.5.9 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Feb 16 2023
2023-04-10 14:56:00.627905 library versions: OpenSSL 1.1.1t  7 Feb 2023, LZO 2.10
2023-04-10 14:56:00.628763 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:49237
2023-04-10 14:56:00.628779 Need hold release from management interface, waiting...
2023-04-10 14:56:00.940328 *Tunnelblick: openvpnstart log:
     OpenVPN started successfully.
     Command used to start OpenVPN (one argument per displayed line):
          /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.5.9-openssl-1.1.1t/openvpn
          --daemon
          --log /Library/Application Support/Tunnelblick/Logs/-SLibrary-SApplication Support-STunnelbl...@mcneil.local__ssl_vpn_config.tblk-SContents-SResources-Sconfig.ovpn.769_0_3_1_34652464.49237.openvpn.log
          --cd /Library/Application Support/Tunnelblick/Shared/je...@mcneil.local__ssl_vpn_config.tblk/Contents/Resources
          --machine-readable-output
          --setenv IV_GUI_VER "net.tunnelblick.tunnelblick 5776 3.8.8a (build 5776)"
          --verb 3
          --config /Library/Application Support/Tunnelblick/Shared/je...@mcneil.local__ssl_vpn_config.tblk/Contents/Resources/config.ovpn
          --setenv TUNNELBLICK_CONFIG_FOLDER /Library/Application Support/Tunnelblick/Shared/je...@mcneil.local__ssl_vpn_config.tblk/Contents/Resources
          --verb 3
          --cd /Library/Application Support/Tunnelblick/Shared/je...@mcneil.local__ssl_vpn_config.tblk/Contents/Resources
          --management 127.0.0.1 49237 /Library/Application Support/Tunnelblick/Mips/___...@mcneil.local__ssl_vpn_config.tblk.mip
          --management-query-passwords
          --management-hold
          --script-security 2
          --route-up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -w -ptADGNWradsgnw
          --down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -w -ptADGNWradsgnw
2023-04-10 14:56:00.946147 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:49237
2023-04-10 14:56:00.969029 MANAGEMENT: CMD 'pid'
2023-04-10 14:56:00.969227 MANAGEMENT: CMD 'auth-retry interact'
2023-04-10 14:56:00.969260 MANAGEMENT: CMD 'state on'
2023-04-10 14:56:00.969285 *Tunnelblick: Established communication with OpenVPN
2023-04-10 14:56:00.969286 MANAGEMENT: CMD 'state'
2023-04-10 14:56:00.969330 MANAGEMENT: CMD 'bytecount 1'
2023-04-10 14:56:00.970297 *Tunnelblick: >INFO:OpenVPN Management Interface Version 3 -- type 'help' for more info
2023-04-10 14:56:00.971517 MANAGEMENT: CMD 'hold release'
2023-04-10 14:56:00.977940 *Tunnelblick: Obtained VPN username and password from the Keychain
2023-04-10 14:56:00.980017 MANAGEMENT: CMD 'username "Auth" "jeffb"'
2023-04-10 14:56:00.980233 MANAGEMENT: CMD 'password [...]'
2023-04-10 14:56:00.980810 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2023-04-10 14:56:00.984536 TCP/UDP: Preserving recently used remote address: [AF_INET]162.155.61.26:8443
2023-04-10 14:56:00.984831 Socket Buffers: R=[786896->786896] S=[9216->9216]
2023-04-10 14:56:00.984878 UDP link local: (not bound)
2023-04-10 14:56:00.984918 UDP link remote: [AF_INET]162.155.61.26:8443
2023-04-10 14:56:00.984965 MANAGEMENT: >STATE:1681163760,WAIT,,,,,,
2023-04-10 14:56:01.053512 MANAGEMENT: >STATE:1681163761,AUTH,,,,,,
2023-04-10 14:56:01.053786 TLS: Initial packet from [AF_INET]162.155.61.26:8443, sid=aa0018b1 30a3ba82
2023-04-10 14:56:01.054343 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2023-04-10 14:56:01.661544 VERIFY OK: depth=1, C=US, ST=OH, L=Painesville, O=McNeil Industries, OU=IT, CN=VPN, emailAddress=admini...@mcneilindustries.com
2023-04-10 14:56:01.662424 VERIFY X509NAME OK: C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Appliance_Certificate_YNsybbkM9SX3qgv, emailAddress=n...@example.com
2023-04-10 14:56:01.662459 VERIFY OK: depth=0, C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Appliance_Certificate_YNsybbkM9SX3qgv, emailAddress=n...@example.com
2023-04-10 14:56:02.081891 Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2023-04-10 14:56:02.082248 [Appliance_Certificate_YNsybbkM9SX3qgv] Peer Connection Initiated with [AF_INET]162.155.61.26:8443
2023-04-10 14:56:03.183936 MANAGEMENT: >STATE:1681163763,GET_CONFIG,,,,,,
2023-04-10 14:56:03.184319 SENT CONTROL [Appliance_Certificate_YNsybbkM9SX3qgv]: 'PUSH_REQUEST' (status=1)
2023-04-10 14:56:08.944906 SENT CONTROL [Appliance_Certificate_YNsybbkM9SX3qgv]: 'PUSH_REQUEST' (status=1)
2023-04-10 14:56:09.089186 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.81.234.5,sndbuf 0,rcvbuf 0,sndbuf 0,rcvbuf 0,ping 45,ping-restart 180,route 192.168.40.0 255.255.255.0,route 10.1.0.0 255.255.255.0,route 10.1.1.0 255.255.255.0,route 10.1.3.0 255.255.255.0,route 10.1.2.0 255.255.255.0,topology subnet,route remote_host 255.255.255.255 net_gateway,dhcp-option DNS 192.168.40.10,dhcp-option DOMAIN mcneil.local,ifconfig 10.81.234.6 255.255.255.0'
2023-04-10 14:56:09.089549 OPTIONS IMPORT: timers and/or timeouts modified
2023-04-10 14:56:09.089566 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
2023-04-10 14:56:09.089593 Socket Buffers: R=[786896->786896] S=[9216->9216]
2023-04-10 14:56:09.089604 OPTIONS IMPORT: --ifconfig/up options modified
2023-04-10 14:56:09.089615 OPTIONS IMPORT: route options modified
2023-04-10 14:56:09.089625 OPTIONS IMPORT: route-related options modified
2023-04-10 14:56:09.089635 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2023-04-10 14:56:09.089651 Using peer cipher 'AES-128-CBC'
2023-04-10 14:56:09.089824 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
2023-04-10 14:56:09.089839 Outgoing Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-04-10 14:56:09.089853 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
2023-04-10 14:56:09.089863 Incoming Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-04-10 14:56:09.109974 Opened utun device utun5
2023-04-10 14:56:09.110100 MANAGEMENT: >STATE:1681163769,ASSIGN_IP,,10.81.234.6,,,,
2023-04-10 14:56:09.110125 /sbin/ifconfig utun5 delete
                           ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2023-04-10 14:56:09.126501 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2023-04-10 14:56:09.126549 /sbin/ifconfig utun5 10.81.234.6 10.81.234.6 netmask 255.255.255.0 mtu 1500 up
2023-04-10 14:56:09.146402 /sbin/route add -net 10.81.234.0 10.81.234.6 255.255.255.0
                           add net 10.81.234.0: gateway 10.81.234.6
2023-04-10 14:56:13.254815 MANAGEMENT: >STATE:1681163773,ADD_ROUTES,,,,,,
2023-04-10 14:56:13.254987 /sbin/route add -net 162.155.61.26 192.168.0.1 255.255.255.255
                           add net 162.155.61.26: gateway 192.168.0.1
2023-04-10 14:56:13.266847 /sbin/route add -net 192.168.40.0 10.81.234.5 255.255.255.0
                           add net 192.168.40.0: gateway 10.81.234.5
2023-04-10 14:56:13.271578 /sbin/route add -net 10.1.0.0 10.81.234.5 255.255.255.0
                           add net 10.1.0.0: gateway 10.81.234.5
2023-04-10 14:56:13.279384 /sbin/route add -net 10.1.1.0 10.81.234.5 255.255.255.0
                           add net 10.1.1.0: gateway 10.81.234.5
2023-04-10 14:56:13.286924 /sbin/route add -net 10.1.3.0 10.81.234.5 255.255.255.0
                           add net 10.1.3.0: gateway 10.81.234.5
2023-04-10 14:56:13.299962 /sbin/route add -net 10.1.2.0 10.81.234.5 255.255.255.0
                           add net 10.1.2.0: gateway 10.81.234.5
2023-04-10 14:56:13.304323 /sbin/route add -net 162.155.61.26 192.168.0.1 255.255.255.255
                           route: writing to routing socket: File exists
                           add net 162.155.61.26: gateway 192.168.0.1: File exists
                           14:56:13 *Tunnelblick:  **********************************************
                           14:56:13 *Tunnelblick:  Start of output from client.up.tunnelblick.sh
                           14:56:15 *Tunnelblick:  Disabled IPv6 for 'Wi-Fi'
                           14:56:15 *Tunnelblick:  Disabled IPv6 for 'iPhone USB'
                           14:56:15 *Tunnelblick:  Disabled IPv6 for 'Thunderbolt Bridge'
                           14:56:15 *Tunnelblick:  Retrieved from OpenVPN: name server(s) [ 192.168.40.10 ], domain name [ mcneil.local ], search domain(s) [ ], and SMB server(s) [ ]
                           14:56:15 *Tunnelblick:  WARNING: Ignoring ServerAddresses '192.168.40.10' because ServerAddresses was set manually and '-allowChangesToManuallySetNetworkSettings' was not specified
                           14:56:15 *Tunnelblick:  Setting search domains to 'mcneil.local' because the search domains were not set manually (or are allowed to be changed) and 'Prepend domain name to search domains' was not selected
                           14:56:16 *Tunnelblick:  Saved the DNS and SMB configurations so they can be restored
                           14:56:16 *Tunnelblick:  Did not change DNS ServerAddresses setting of '192.168.0.1' (but re-set it)
                           14:56:16 *Tunnelblick:  Changed DNS SearchDomains setting from 'home' to 'mcneil.local'
                           14:56:16 *Tunnelblick:  Changed DNS DomainName setting from '' to 'mcneil.local'
                           14:56:16 *Tunnelblick:  Did not change SMB NetBIOSName setting of 'JEFFS-MBP'
                           14:56:16 *Tunnelblick:  Did not change SMB Workgroup setting of ''
                           14:56:16 *Tunnelblick:  Did not change SMB WINSAddresses setting of ''

                           14:56:16 *Tunnelblick:  DNS servers '8.8.8.8,8.8.4.4,208.67.222.222,208.67.220.220' were set manually
                           14:56:16 *Tunnelblick:  WARNING: that setting is being ignored; '192.168.0.1' is being used.
                           14:56:16 *Tunnelblick:  DNS servers '192.168.0.1' will be used for DNS queries when the VPN is active
                           14:56:16 *Tunnelblick:  NOTE: The DNS servers do not include any free public DNS servers known to Tunnelblick. This may cause DNS queries to fail or be intercepted or falsified even if they are directed through the VPN. Specify only known public DNS servers or DNS servers located on the VPN network to avoid such problems.
                           14:56:16 *Tunnelblick:  Flushed the DNS cache via dscacheutil
                           14:56:16 *Tunnelblick:  /usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
                           14:56:17 *Tunnelblick:  Notified mDNSResponder that the DNS cache was flushed
                           14:56:17 *Tunnelblick:  Not notifying mDNSResponderHelper that the DNS cache was flushed because it is not running
                           14:56:17 *Tunnelblick:  End of output from client.up.tunnelblick.sh
                           14:56:17 *Tunnelblick:  **********************************************
2023-04-10 14:56:17.030797 Initialization Sequence Completed
2023-04-10 14:56:17.030819 MANAGEMENT: >STATE:1681163777,CONNECTED,SUCCESS,10.81.234.6,162.155.61.26,8443,,
2023-04-10 14:56:18.255778 *Tunnelblick: Routing info stdout:
   route to: 192.168.0.1
destination: 192.168.0.1
  interface: en0
      flags: <UP,HOST,DONE,LLINFO,WASCLONED,IFSCOPE,IFREF,ROUTER>
 recvpipe  sendpipe  ssthresh  rtt,msec    rttvar  hopcount      mtu     expire
       0         0         0        14        11         0      1500      1188
stderr:

2023-04-10 14:56:18.257312 *Tunnelblick: Warning: DNS server address 192.168.0.1 is not a public IP address and is not being routed through the VPN.


2023-04-10 14:56:23.484898 *Tunnelblick: This computer's apparent public IP address (67.40.95.46) was unchanged after the connection was made
2023-04-10 15:14:25.120330 *Tunnelblick: Disconnecting; notification window disconnect button pressed
2023-04-10 15:14:25.427383 *Tunnelblick: Disconnecting using 'kill'
2023-04-10 15:14:25.617369 event_wait : Interrupted system call (code=4)
2023-04-10 15:14:25.621096 SIGTERM received, sending exit notification to peer
2023-04-10 15:14:26.820967 event_wait : Interrupted system call (code=4)
2023-04-10 15:14:26.821477 /sbin/route delete -net 162.155.61.26 192.168.0.1 255.255.255.255
                           delete net 162.155.61.26: gateway 192.168.0.1
2023-04-10 15:14:26.828188 /sbin/route delete -net 192.168.40.0 10.81.234.5 255.255.255.0
                           delete net 192.168.40.0: gateway 10.81.234.5
2023-04-10 15:14:26.832768 /sbin/route delete -net 10.1.0.0 10.81.234.5 255.255.255.0
                           delete net 10.1.0.0: gateway 10.81.234.5
2023-04-10 15:14:26.836906 /sbin/route delete -net 10.1.1.0 10.81.234.5 255.255.255.0
                           delete net 10.1.1.0: gateway 10.81.234.5
2023-04-10 15:14:26.841467 /sbin/route delete -net 10.1.3.0 10.81.234.5 255.255.255.0
                           delete net 10.1.3.0: gateway 10.81.234.5
2023-04-10 15:14:26.844524 /sbin/route delete -net 10.1.2.0 10.81.234.5 255.255.255.0
                           delete net 10.1.2.0: gateway 10.81.234.5
2023-04-10 15:14:26.846812 /sbin/route delete -net 162.155.61.26 192.168.0.1 255.255.255.255
                           route: writing to routing socket: not in table
                           delete net 162.155.61.26: gateway 192.168.0.1: not in table
2023-04-10 15:14:26.849768 Closing TUN/TAP interface
2023-04-10 15:14:26.850354 /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -w -ptADGNWradsgnw utun5 1500 1622 10.81.234.6 255.255.255.0 init
                           15:14:26 *Tunnelblick:  **********************************************
                           15:14:26 *Tunnelblick:  Start of output from client.down.tunnelblick.sh
                           15:14:27 *Tunnelblick:  Restored State:DNS
                           15:14:27 *Tunnelblick:  Restored Setup:DNS
                           15:14:27 *Tunnelblick:  Restored DNS and SMB settings
                           15:14:27 *Tunnelblick:  Re-enabled IPv6 (automatic) for "Wi-Fi"
                           15:14:27 *Tunnelblick:  Re-enabled IPv6 (automatic) for "iPhone USB"
                           15:14:27 *Tunnelblick:  Re-enabled IPv6 (automatic) for "Thunderbolt Bridge"
                           15:14:27 *Tunnelblick:  Flushed the DNS cache with dscacheutil -flushcache
                           15:14:27 *Tunnelblick:  Notified mDNSResponder that the DNS cache was flushed
                           15:14:27 *Tunnelblick:  End of output from client.down.tunnelblick.sh
                           15:14:27 *Tunnelblick:  **********************************************
2023-04-10 15:14:27.244348 SIGTERM[hard,] received, process exiting
2023-04-10 15:14:27.244360 MANAGEMENT: >STATE:1681164867,EXITING,SIGTERM,,,,,
2023-04-10 15:14:27.877406 *Tunnelblick: Expected disconnection occurred.


Tunnelblick developer

unread,
Apr 11, 2023, 11:29:14 AM4/11/23
to tunnelblick-discuss
Very frequently through the day the VPN disconnects for 5 - 8 seconds and then reconnects.
OpenVPN apparently is deciding that the connection is faulty (noisy or interrupted) OpenVPN on your computer detects this problem by "pinging" the VPN server every 45 seconds. If no responses from the VPN server are received by your computer within 180 seconds, the connection is considered bad and OpenVPN on your computer "restarts" the VPN by disconnecting it and then attempting to reconnect it.

(The 45 and 180 come from the following commands sent by the VPN server to your computer in the process of setting up the VPN: "ping 45,ping-restart 180")

Such a problem is usually caused by a problem with or between VPN server and your computer. It could be caused by a problem in the VPN server itself, the network it is on, its Internet connection, or your home Internet connection, modem, router, or computer.

It n also be caused by a firewall at any point in the traffic path. For example, the Great Firewall of Chine may block traffic (so the "pings" are never received by the VPN server or the VPN server's response may not reach your computer).

Two other observations:

This computer's apparent public IP address (67.40.95.46) was unchanged after the connection was made
This is because neither the OpenVPN configuration file nor the Tunnelblick settings not route all traffic through the VPN. Only traffic destined for the VPN network (i.e., your office network) is routed through the VPN. All other traffic is routed as if the VPN was not connected. Although this minimizes traffic through the VPN, this is generally considered a bad practice because your computer can act as an entry point from the Internet to the office network. If this isn't what you want, check the "Route all IPv4 traffic through the VPN" on the Settings tab of the Configurations panel of Tunnelblick's "VPN Details" window.

DNS server address 192.168.0.1 is not a public IP address and is not being routed through the VPN
This is because you have set the IP address for your computer manually (in "System Preferences" >> Network >> Advanced >> DNS), as shown by this message in the log:
 
Ignoring ServerAddresses '192.168.40.10' because ServerAddresses was set manually and '-allowChangesToManuallySetNetworkSettings' was not specified

So the DNS address you specified is being used instead of the DNS address specified by the VPN. If you want to use the DNS server specified by the VPN, you need to put a check in "Allow changes to manually-set network settings" on the "Connecting & Disconnecting" tab of the "Advanced Settings" page. (Press the "Advanced…" button on the Configurations panel of Tunnelblick's "VPN Details" window.)
Reply all
Reply to author
Forward
0 new messages