Routing Issue with OpenVPN

[emcc...@gmail.com]

I have setup OpenVPN server and am trying to use Tunnelbrick to connect to VPN and route all traffic through VPN.  I am using Mac OSX Sierra.  Everything appears to connect fine to the VPN.  I can use the VPN address to connect to the VPN server and ping the client on the internal network... no issues.  The problem is that I can't ping anything on any other network.  The OpenVPN server has the firewall currently disabled to insure that is not the issue.  The diagnostic log is attached.  Any help would be greatly appreciated.  I feel like it's something simple I must be missing.

https://pastebin.com/Nn3p1Psc

XXX.XXX.XXX.XXX has been used to mask the real IP of the VPN server.

[Tunnelblick developer]

Yes, it is most likely a routing problem. 

Try consulting some OpenVPN references:

• OpenVPN FAQ

• OpenVPN HOWTO

• OpenVPN 2.3 Man Page

• OpenVPN Documentation

• OpenVPN Users Forum

• OpenVPN Users Mailing List

Separate from the routing problem, note that the use of "user nobody" and "group nogroup" is problematic. Because OpenVPN is running as nobody when disconnecting the VPN, it is not able to restore routing by removing the route commands it used to set up the VPN. (The "down-root" plugin doesn't help here because the routing commands come from OpenVPN itslef, not the down script.) That's what's causing the following errors:

2017-10-22 12:49:20 /sbin/route delete -net 10.8.0.1 10.8.0.5 255.255.255.255

                                        route: must be root to alter routing table

2017-10-22 12:49:20 ERROR: OS X route delete command failed: external program exited with error status: 77

2017-10-22 12:49:20 /sbin/route delete -net XXX.XXX.XXX.XXX 192.168.1.1 255.255.255.255

                                        route: must be root to alter routing table

2017-10-22 12:49:20 ERROR: OS X route delete command failed: external program exited with error status: 77

2017-10-22 12:49:20 /sbin/route delete -net 0.0.0.0 10.8.0.5 128.0.0.0

                                        route: must be root to alter routing table

2017-10-22 12:49:20 ERROR: OS X route delete command failed: external program exited with error status: 77

2017-10-22 12:49:20 /sbin/route delete -net 128.0.0.0 10.8.0.5 128.0.0.0

                                        route: must be root to alter routing table

2017-10-22 12:49:20 ERROR: OS X route delete command failed: external program exited with error status: 77

If you remove the "user nobody" and "group nogroup" lines from the configuration (or comment them out), this problem will be avoided.