Connection Problems on MacBook M1
523 views
Skip to first unread message
Kevin Broom
Jan 27, 2021, 4:09:13 PM1/27/21
to tunnelbli...@googlegroups.com
Hello,
I face the problem that I cannot connect Tunnelblick on my new Laptop.
I would appreciate it, if anyone can help me with this issue.
Below you can find the Diagnostic:
*Tunnelblick: macOS 11.1 (20C69); Tunnelblick 3.8.5beta02 (build 5620); prior version 3.8.3 (build 5520); Admin user
git commit e6ce2cbb9353b6f6e97bbf1ba90f4957a065121b
The Tunnelblick.app process is being translated
System Integrity Protection is enabled
Configuration recherche
"Sanitized" condensed configuration file for /Users/kevinbroom/Library/Application Support/Tunnelblick/Configurations/recherche.tblk:
client
dev tap
dev-type tap
proto tcp
connect-timeout 20
remote openvpn-recherche.bcw-gruppe.de 1194
remote openvpn-recherche.bcw-gruppe.de 443
remote-cert-tls server
auth-user-pass
ignore-unknown-option block-outside-dns
block-outside-dns
route-metric 1
push-peer-info
<ca>
[Security-related line(s) omitted]
</ca>
================================================================================
Files in recherche.tblk:
Contents/Resources/config.ovpn
================================================================================
Tunnelblick Kext Policy Data:
================================================================================
Configuration preferences:
-keychainHasUsernameAndPassword = 1
-openvpnVersion = -
-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
-loggingLevel = 3
-alwaysShowLoginWindow = 0
-lastConnectionSucceeded = 0
================================================================================
Wildcard preferences:
-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
================================================================================
Program preferences:
allowNonAdminSafeConfigurationReplacement = 1 (forced)
inhibitOutboundTunneblickTraffic = 0
launchAtNextLogin = 1
tunnelblickVersionHistory = (
"3.8.5beta02 (build 5620)",
"3.8.4a (build 5601)",
"3.8.3 (build 5520)",
"3.8.2 (build 5480)",
"3.7.8 (build 5180)",
"3.8.2beta07 (build 5470)",
"3.8.2 (build 5480)"
)
lastLaunchTime = 633041284.908875
lastLanguageAtLaunchWasRTL = 0
connectionWindowDisplayCriteria = showWhenConnecting
maxLogDisplaySize = 102400
lastConnectedDisplayName = recherche
keyboardShortcutIndex = 1
updateCheckAutomatically = 1
updateCheckBetas = 1
NSWindow Frame ConnectingWindow = 525 525 389 193 0 0 1440 875
NSWindow Frame SUUpdateAlert = 410 376 620 392 0 0 1440 875
detailsWindowFrameVersion = 5620
detailsWindowFrame = {{260, 317}, {920, 470}}
detailsWindowLeftFrame = {{0, 0}, {167, 350}}
detailsWindowViewIndex = 0
detailsWindowConfigurationsTabIdentifier = log
leftNavSelectedDisplayName = recherche
haveDealtWithOldTunTapPreferences = 1
haveDealtWithOldLoginItem = 1
haveDealtWithAfterDisconnect = 1
SUEnableAutomaticChecks = 1
SUScheduledCheckInterval = 86400
SULastCheckTime = 2021-01-27 18:39:31 +0000
SUHasLaunchedBefore = 1
WebKitDefaultFontSize = 16
WebKitStandardFont = Times
================================================================================
Forced preferences:
{
allowNonAdminSafeConfigurationReplacement = 1;
}
================================================================================
Deployed forced preferences:
(None)
================================================================================
Tunnelblick Log:
2021-01-27 19:41:46.361071 *Tunnelblick: macOS 11.1 (20C69); Tunnelblick 3.8.5beta02 (build 5620); prior version 3.8.3 (build 5520)
2021-01-27 19:41:47.204812 *Tunnelblick: Attempting connection with recherche using shadow copy; Set nameserver = 769; monitoring connection
2021-01-27 19:41:47.205089 *Tunnelblick: openvpnstart start recherche.tblk 62798 769 0 1 0 1098096 -ptADGNWradsgnw 2.5.0-openssl-1.1.1i
2021-01-27 19:41:47.280511 *Tunnelblick: openvpnstart starting OpenVPN
2021-01-27 19:41:48.036161 Unrecognized option or missing or extra parameter(s) in /Library/Application Support/Tunnelblick/Users/kevinbroom/recherche.tblk/Contents/Resources/config.ovpn:22: block-outside-dns (2.5.0)
2021-01-27 19:41:48.037058 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2021-01-27 19:41:48.038366 OpenVPN 2.5.0 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Dec 14 2020
2021-01-27 19:41:48.038619 library versions: OpenSSL 1.1.1i 8 Dec 2020, LZO 2.10
2021-01-27 19:41:48.049000 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:62798
2021-01-27 19:41:48.049050 Need hold release from management interface, waiting...
2021-01-27 19:41:48.472274 *Tunnelblick: openvpnstart log:
OpenVPN started successfully.
Command used to start OpenVPN (one argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.5.0-openssl-1.1.1i/openvpn
--daemon
--log /Library/Application Support/Tunnelblick/Logs/-SUsers-Skevinbroom-SLibrary-SApplication Support-STunnelblick-SConfigurations-Srecherche.tblk-SContents-SResources-Sconfig.ovpn.769_0_1_0_1098096.62798.openvpn.log
--cd /Library/Application Support/Tunnelblick/Users/kevinbroom/recherche.tblk/Contents/Resources
--machine-readable-output
--setenv IV_GUI_VER "net.tunnelblick.tunnelblick 5620 3.8.5beta02 (build 5620)"
--verb 3
--config /Library/Application Support/Tunnelblick/Users/kevinbroom/recherche.tblk/Contents/Resources/config.ovpn
--setenv TUNNELBLICK_CONFIG_FOLDER /Library/Application Support/Tunnelblick/Users/kevinbroom/recherche.tblk/Contents/Resources
--verb 3
--cd /Library/Application Support/Tunnelblick/Users/kevinbroom/recherche.tblk/Contents/Resources
--management 127.0.0.1 62798 /Library/Application Support/Tunnelblick/ijggppmeomiedegfpnlbgnnfclakjjnmiifjijii.mip
--management-query-passwords
--management-hold
--script-security 2
--route-up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -a -d -f -m -w -ptADGNWradsgnw
--down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -a -d -f -m -w -ptADGNWradsgnw
--route-pre-down /Applications/Tunnelblick.app/Contents/Resources/client.route-pre-down.tunnelblick.sh -9 -a -d -f -m -w -ptADGNWradsgnw
2021-01-27 19:41:48.484284 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:62798
2021-01-27 19:41:48.524506 *Tunnelblick: Established communication with OpenVPN
2021-01-27 19:41:48.524545 MANAGEMENT: CMD 'pid'
2021-01-27 19:41:48.524750 MANAGEMENT: CMD 'auth-retry interact'
2021-01-27 19:41:48.524824 MANAGEMENT: CMD 'state on'
2021-01-27 19:41:48.524866 MANAGEMENT: CMD 'state'
2021-01-27 19:41:48.524914 MANAGEMENT: CMD 'bytecount 1'
2021-01-27 19:41:48.525241 *Tunnelblick: >INFO:OpenVPN Management Interface Version 3 -- type 'help' for more info
2021-01-27 19:41:48.529918 MANAGEMENT: CMD 'hold release'
2021-01-27 19:41:48.546124 *Tunnelblick: Obtained VPN username and password from the Keychain
2021-01-27 19:41:48.547763 MANAGEMENT: CMD 'username "Auth" "499760"'
2021-01-27 19:41:48.547865 MANAGEMENT: CMD 'password [...]'
2021-01-27 19:41:48.550086 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2021-01-27 19:41:48.581305 MANAGEMENT: >STATE:1611772908,RESOLVE,,,,,,
2021-01-27 19:41:48.791729 TCP/UDP: Preserving recently used remote address: [AF_INET]87.190.244.48:1194
2021-01-27 19:41:48.791948 Socket Buffers: R=[131072->131072] S=[131072->131072]
2021-01-27 19:41:48.791975 Attempting to establish TCP connection with [AF_INET]87.190.244.48:1194 [nonblock]
2021-01-27 19:41:48.792000 MANAGEMENT: >STATE:1611772908,TCP_CONNECT,,,,,,
2021-01-27 19:41:48.905946 TCP connection established with [AF_INET]87.190.244.48:1194
2021-01-27 19:41:48.906141 TCP_CLIENT link local: (not bound)
2021-01-27 19:41:48.906187 TCP_CLIENT link remote: [AF_INET]87.190.244.48:1194
2021-01-27 19:41:48.906874 MANAGEMENT: >STATE:1611772908,WAIT,,,,,,
2021-01-27 19:41:48.969683 MANAGEMENT: >STATE:1611772908,AUTH,,,,,,
2021-01-27 19:41:48.969800 TLS: Initial packet from [AF_INET]87.190.244.48:1194, sid=dfaaf33c 8a67ee31
2021-01-27 19:41:48.969968 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2021-01-27 19:41:49.132461 VERIFY OK: depth=1, CN=BCW-Gruppe OpenVPN CA
2021-01-27 19:41:49.134279 VERIFY KU OK
2021-01-27 19:41:49.134315 Validating certificate extended key usage
2021-01-27 19:41:49.134334 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-01-27 19:41:49.134350 VERIFY EKU OK
2021-01-27 19:41:49.134742 VERIFY OK: depth=0, CN=server
2021-01-27 19:41:49.214838 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
2021-01-27 19:41:49.215053 [server] Peer Connection Initiated with [AF_INET]87.190.244.48:1194
2021-01-27 19:41:49.327587 PUSH: Received control message: 'PUSH_REPLY,route 172.23.255.0 255.255.255.0,route 172.22.255.0 255.255.255.0,redirect-private,dhcp-option DNS 172.24.0.1,register-dns,route-gateway 172.24.0.1,ping 10,ping-restart 60,ifconfig 172.24.136.113 255.255.0.0,peer-id 0,cipher AES-256-GCM'
2021-01-27 19:41:49.328153 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:5: register-dns (2.5.0)
2021-01-27 19:41:49.328280 OPTIONS IMPORT: timers and/or timeouts modified
2021-01-27 19:41:49.328310 OPTIONS IMPORT: --ifconfig/up options modified
2021-01-27 19:41:49.328334 OPTIONS IMPORT: route options modified
2021-01-27 19:41:49.328358 OPTIONS IMPORT: route-related options modified
2021-01-27 19:41:49.328389 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2021-01-27 19:41:49.328411 OPTIONS IMPORT: peer-id set
2021-01-27 19:41:49.328441 OPTIONS IMPORT: adjusting link_mtu to 1658
2021-01-27 19:41:49.328474 OPTIONS IMPORT: data channel crypto options modified
2021-01-27 19:41:49.328555 Data Channel: using negotiated cipher 'AES-256-GCM'
2021-01-27 19:41:49.328970 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-01-27 19:41:49.329023 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-01-27 19:41:49.332795 MANAGEMENT: Client disconnected
2021-01-27 19:41:49.332941 Cannot allocate TUN/TAP dev dynamically
2021-01-27 19:41:49.332967 Exiting due to fatal error
2021-01-27 19:41:50.919306 *Tunnelblick: Expected disconnection occurred.
================================================================================
Down log:
14:31:28 *Tunnelblick: **********************************************
14:31:28 *Tunnelblick: Start of output from client.down.tunnelblick.sh
14:31:29 *Tunnelblick: Cancelled monitoring system configuration changes
14:31:29 *Tunnelblick: Restored State:DNS
14:31:29 *Tunnelblick: Removed Setup:DNS
14:31:29 *Tunnelblick: Removed State:SMB
14:31:29 *Tunnelblick: Restored DNS and SMB settings
14:31:29 *Tunnelblick: Flushed the DNS cache with dscacheutil -flushcache
14:31:29 *Tunnelblick: Notified mDNSResponder that the DNS cache was flushed
14:31:29 *Tunnelblick: End of output from client.down.tunnelblick.sh
14:31:29 *Tunnelblick: **********************************************
================================================================================
Previous down log:
14:28:49 *Tunnelblick: **********************************************
14:28:49 *Tunnelblick: Start of output from client.down.tunnelblick.sh
14:28:49 *Tunnelblick: Cancelled monitoring system configuration changes
14:28:49 *Tunnelblick: Restored State:DNS
14:28:49 *Tunnelblick: Removed Setup:DNS
14:28:49 *Tunnelblick: Removed State:SMB
14:28:49 *Tunnelblick: Restored DNS and SMB settings
14:28:49 *Tunnelblick: Flushed the DNS cache with dscacheutil -flushcache
14:28:49 *Tunnelblick: Notified mDNSResponder that the DNS cache was flushed
14:28:49 *Tunnelblick: End of output from client.down.tunnelblick.sh
14:28:49 *Tunnelblick: **********************************************
================================================================================
Network services:
An asterisk (*) denotes that a network service is disabled.
Ethernet Adaptor (en3)
Ethernet Adaptor (en4)
Wi-Fi
Bluetooth PAN
Thunderbolt Bridge
Wi-Fi Power (en0): On
================================================================================
ifconfig output:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
anpi0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether 1e:00:ea:1a:23:41
inet6 fe80::1c00:eaff:fe1a:2341%anpi0 prefixlen 64 scopeid 0x4
nd6 options=201<PERFORMNUD,DAD>
media: none
status: inactive
anpi1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether 1e:00:ea:1a:23:42
inet6 fe80::1c00:eaff:fe1a:2342%anpi1 prefixlen 64 scopeid 0x5
nd6 options=201<PERFORMNUD,DAD>
media: none
status: inactive
ap1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether 72:ed:3c:0b:92:11
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: inactive
en3: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether 1e:00:ea:1a:23:21
nd6 options=201<PERFORMNUD,DAD>
media: none
status: inactive
en4: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether 1e:00:ea:1a:23:22
nd6 options=201<PERFORMNUD,DAD>
media: none
status: inactive
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether 50:ed:3c:0b:92:11
inet6 fe80::4ac:bf3a:8b6e:f8b8%en0 prefixlen 64 secured scopeid 0x9
inet6 2a02:810d:1500:5bfc:1cf0:e584:118b:302a prefixlen 64 autoconf secured
inet6 2a02:810d:1500:5bfc:c5b1:e355:5ba9:af9d prefixlen 64 autoconf temporary
inet 192.168.178.70 netmask 0xffffff00 broadcast 192.168.178.255
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
en1: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=460<TSO4,TSO6,CHANNEL_IO>
ether 36:28:fa:19:37:40
media: autoselect <full-duplex>
status: inactive
en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=460<TSO4,TSO6,CHANNEL_IO>
ether 36:28:fa:19:37:44
media: autoselect <full-duplex>
status: inactive
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=63<RXCSUM,TXCSUM,TSO4,TSO6>
ether 36:28:fa:19:37:40
Configuration:
id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
ipfilter disabled flags 0x0
member: en1 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 10 priority 0 path cost 0
member: en2 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 11 priority 0 path cost 0
nd6 options=201<PERFORMNUD,DAD>
media: <unknown type>
status: inactive
awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether ae:34:cc:9f:18:38
inet6 fe80::ac34:ccff:fe9f:1838%awdl0 prefixlen 64 scopeid 0xd
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
llw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether ae:34:cc:9f:18:38
inet6 fe80::ac34:ccff:fe9f:1838%llw0 prefixlen 64 scopeid 0xe
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
inet6 fe80::5c97:1a88:8019:9955%utun0 prefixlen 64 scopeid 0xf
nd6 options=201<PERFORMNUD,DAD>
utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
inet6 fe80::2a0c:16d9:30e:25c7%utun1 prefixlen 64 scopeid 0x10
nd6 options=201<PERFORMNUD,DAD>
utun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
inet6 fe80::428a:d81d:a223:776e%utun2 prefixlen 64 scopeid 0x11
nd6 options=201<PERFORMNUD,DAD>
utun3: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
inet6 fe80::179c:db15:1be3:76c1%utun3 prefixlen 64 scopeid 0x12
nd6 options=201<PERFORMNUD,DAD>
utun4: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
inet6 fe80::9080:d371:ff9c:d364%utun4 prefixlen 64 scopeid 0x13
nd6 options=201<PERFORMNUD,DAD>
utun5: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
inet6 fe80::f781:1790:3d26:e8f4%utun5 prefixlen 64 scopeid 0x14
nd6 options=201<PERFORMNUD,DAD>
utun6: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
inet6 fe80::f244:a704:f:b315%utun6 prefixlen 64 scopeid 0x15
nd6 options=201<PERFORMNUD,DAD>
================================================================================
Non-Apple kexts that are loaded:
Index Refs Address Size Wired Name (Version) UUID <Linked Against>
================================================================================
Quit Log:
2021-01-22 21:47:47.728413 cleanup: Entering cleanup
2021-01-22 21:47:47.729094 synchronized user defaults
2021-01-22 21:47:49.215430 applicationShouldTerminate: termination for unknown reason, probably Command-Q; delayed until 'shutdownTunnelblick' finishes)
2021-01-22 21:47:49.227671 shutDownTunnelblick: started.
2021-01-22 21:47:49.228307 shutDownTunnelblick: Starting cleanup.
2021-01-22 21:47:49.230020 cleanup: Entering cleanup
2021-01-22 21:47:49.230976 shutDownTunnelblick: Cleanup already being done.
2021-01-22 21:47:49.232305 Finished shutting down Tunnelblick; allowing termination
================================================================================
Console Log:
2021-01-27 19:39:31.195262 Tunnelblick[23419] Sparkle: Verified appcast signature
2021-01-27 19:39:52.355819 Tunnelblick[23419] Das OpenVPN Log enthält die folgende Nachricht:
"Unrecognized option or missing or extra parameter(s)".
Diese Fehlermeldung bedeutet, dass eine Option, die in der OpenVPN Konfigurationsdatei enthalten ist oder vom OpenVPN-Server "gepushed" wurde:
• falsch geschrieben wurde
• fehlende oder zusätzliche Argumente beinhaltet, oder
• in der Version von OpenVPN, die für diese Konfiguration verwendet wird, nicht implementiert ist. Dies kann eine neue Option sein, die nicht in einer alten Version von OpenVPN implementiert ist, oder eine alte Option, die in einer neuen Version von OpenVPN entfernt wurde. Sie können in dem Reiter "Einstellungen" des Fensters "Konfigurationen" im Fenster "VPN Details" von Tunnelblick wählen, welche Version von OpenVPN mit dieser Konfiguration verwendet werden soll.
Weitere Details finden Sie im VPN Log unter dem Reiter "Log" im Fenster "Konfigurationen" des Tunnelblick Fensters "VPN-Details".
2021-01-27 19:45:24.980036 Tunnelblick[23419] Das OpenVPN Log enthält die folgende Nachricht:
"Unrecognized option or missing or extra parameter(s)".
Diese Fehlermeldung bedeutet, dass eine Option, die in der OpenVPN Konfigurationsdatei enthalten ist oder vom OpenVPN-Server "gepushed" wurde:
• falsch geschrieben wurde
• fehlende oder zusätzliche Argumente beinhaltet, oder
• in der Version von OpenVPN, die für diese Konfiguration verwendet wird, nicht implementiert ist. Dies kann eine neue Option sein, die nicht in einer alten Version von OpenVPN implementiert ist, oder eine alte Option, die in einer neuen Version von OpenVPN entfernt wurde. Sie können in dem Reiter "Einstellungen" des Fensters "Konfigurationen" im Fenster "VPN Details" von Tunnelblick wählen, welche Version von OpenVPN mit dieser Konfiguration verwendet werden soll.
Weitere Details finden Sie im VPN Log unter dem Reiter "Log" im Fenster "Konfigurationen" des Tunnelblick Fensters "VPN-Details".
I face the problem that I cannot connect Tunnelblick on my new Laptop.
I would appreciate it, if anyone can help me with this issue.
Below you can find the Diagnostic:
*Tunnelblick: macOS 11.1 (20C69); Tunnelblick 3.8.5beta02 (build 5620); prior version 3.8.3 (build 5520); Admin user
git commit e6ce2cbb9353b6f6e97bbf1ba90f4957a065121b
The Tunnelblick.app process is being translated
System Integrity Protection is enabled
Configuration recherche
"Sanitized" condensed configuration file for /Users/kevinbroom/Library/Application Support/Tunnelblick/Configurations/recherche.tblk:
client
dev tap
dev-type tap
proto tcp
connect-timeout 20
remote openvpn-recherche.bcw-gruppe.de 1194
remote openvpn-recherche.bcw-gruppe.de 443
remote-cert-tls server
auth-user-pass
ignore-unknown-option block-outside-dns
block-outside-dns
route-metric 1
push-peer-info
<ca>
[Security-related line(s) omitted]
</ca>
================================================================================
Files in recherche.tblk:
Contents/Resources/config.ovpn
================================================================================
Tunnelblick Kext Policy Data:
================================================================================
Configuration preferences:
-keychainHasUsernameAndPassword = 1
-openvpnVersion = -
-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
-loggingLevel = 3
-alwaysShowLoginWindow = 0
-lastConnectionSucceeded = 0
================================================================================
Wildcard preferences:
-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
================================================================================
Program preferences:
allowNonAdminSafeConfigurationReplacement = 1 (forced)
inhibitOutboundTunneblickTraffic = 0
launchAtNextLogin = 1
tunnelblickVersionHistory = (
"3.8.5beta02 (build 5620)",
"3.8.4a (build 5601)",
"3.8.3 (build 5520)",
"3.8.2 (build 5480)",
"3.7.8 (build 5180)",
"3.8.2beta07 (build 5470)",
"3.8.2 (build 5480)"
)
lastLaunchTime = 633041284.908875
lastLanguageAtLaunchWasRTL = 0
connectionWindowDisplayCriteria = showWhenConnecting
maxLogDisplaySize = 102400
lastConnectedDisplayName = recherche
keyboardShortcutIndex = 1
updateCheckAutomatically = 1
updateCheckBetas = 1
NSWindow Frame ConnectingWindow = 525 525 389 193 0 0 1440 875
NSWindow Frame SUUpdateAlert = 410 376 620 392 0 0 1440 875
detailsWindowFrameVersion = 5620
detailsWindowFrame = {{260, 317}, {920, 470}}
detailsWindowLeftFrame = {{0, 0}, {167, 350}}
detailsWindowViewIndex = 0
detailsWindowConfigurationsTabIdentifier = log
leftNavSelectedDisplayName = recherche
haveDealtWithOldTunTapPreferences = 1
haveDealtWithOldLoginItem = 1
haveDealtWithAfterDisconnect = 1
SUEnableAutomaticChecks = 1
SUScheduledCheckInterval = 86400
SULastCheckTime = 2021-01-27 18:39:31 +0000
SUHasLaunchedBefore = 1
WebKitDefaultFontSize = 16
WebKitStandardFont = Times
================================================================================
Forced preferences:
{
allowNonAdminSafeConfigurationReplacement = 1;
}
================================================================================
Deployed forced preferences:
(None)
================================================================================
Tunnelblick Log:
2021-01-27 19:41:46.361071 *Tunnelblick: macOS 11.1 (20C69); Tunnelblick 3.8.5beta02 (build 5620); prior version 3.8.3 (build 5520)
2021-01-27 19:41:47.204812 *Tunnelblick: Attempting connection with recherche using shadow copy; Set nameserver = 769; monitoring connection
2021-01-27 19:41:47.205089 *Tunnelblick: openvpnstart start recherche.tblk 62798 769 0 1 0 1098096 -ptADGNWradsgnw 2.5.0-openssl-1.1.1i
2021-01-27 19:41:47.280511 *Tunnelblick: openvpnstart starting OpenVPN
2021-01-27 19:41:48.036161 Unrecognized option or missing or extra parameter(s) in /Library/Application Support/Tunnelblick/Users/kevinbroom/recherche.tblk/Contents/Resources/config.ovpn:22: block-outside-dns (2.5.0)
2021-01-27 19:41:48.037058 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2021-01-27 19:41:48.038366 OpenVPN 2.5.0 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Dec 14 2020
2021-01-27 19:41:48.038619 library versions: OpenSSL 1.1.1i 8 Dec 2020, LZO 2.10
2021-01-27 19:41:48.049000 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:62798
2021-01-27 19:41:48.049050 Need hold release from management interface, waiting...
2021-01-27 19:41:48.472274 *Tunnelblick: openvpnstart log:
OpenVPN started successfully.
Command used to start OpenVPN (one argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.5.0-openssl-1.1.1i/openvpn
--daemon
--log /Library/Application Support/Tunnelblick/Logs/-SUsers-Skevinbroom-SLibrary-SApplication Support-STunnelblick-SConfigurations-Srecherche.tblk-SContents-SResources-Sconfig.ovpn.769_0_1_0_1098096.62798.openvpn.log
--cd /Library/Application Support/Tunnelblick/Users/kevinbroom/recherche.tblk/Contents/Resources
--machine-readable-output
--setenv IV_GUI_VER "net.tunnelblick.tunnelblick 5620 3.8.5beta02 (build 5620)"
--verb 3
--config /Library/Application Support/Tunnelblick/Users/kevinbroom/recherche.tblk/Contents/Resources/config.ovpn
--setenv TUNNELBLICK_CONFIG_FOLDER /Library/Application Support/Tunnelblick/Users/kevinbroom/recherche.tblk/Contents/Resources
--verb 3
--cd /Library/Application Support/Tunnelblick/Users/kevinbroom/recherche.tblk/Contents/Resources
--management 127.0.0.1 62798 /Library/Application Support/Tunnelblick/ijggppmeomiedegfpnlbgnnfclakjjnmiifjijii.mip
--management-query-passwords
--management-hold
--script-security 2
--route-up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -a -d -f -m -w -ptADGNWradsgnw
--down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -a -d -f -m -w -ptADGNWradsgnw
--route-pre-down /Applications/Tunnelblick.app/Contents/Resources/client.route-pre-down.tunnelblick.sh -9 -a -d -f -m -w -ptADGNWradsgnw
2021-01-27 19:41:48.484284 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:62798
2021-01-27 19:41:48.524506 *Tunnelblick: Established communication with OpenVPN
2021-01-27 19:41:48.524545 MANAGEMENT: CMD 'pid'
2021-01-27 19:41:48.524750 MANAGEMENT: CMD 'auth-retry interact'
2021-01-27 19:41:48.524824 MANAGEMENT: CMD 'state on'
2021-01-27 19:41:48.524866 MANAGEMENT: CMD 'state'
2021-01-27 19:41:48.524914 MANAGEMENT: CMD 'bytecount 1'
2021-01-27 19:41:48.525241 *Tunnelblick: >INFO:OpenVPN Management Interface Version 3 -- type 'help' for more info
2021-01-27 19:41:48.529918 MANAGEMENT: CMD 'hold release'
2021-01-27 19:41:48.546124 *Tunnelblick: Obtained VPN username and password from the Keychain
2021-01-27 19:41:48.547763 MANAGEMENT: CMD 'username "Auth" "499760"'
2021-01-27 19:41:48.547865 MANAGEMENT: CMD 'password [...]'
2021-01-27 19:41:48.550086 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2021-01-27 19:41:48.581305 MANAGEMENT: >STATE:1611772908,RESOLVE,,,,,,
2021-01-27 19:41:48.791729 TCP/UDP: Preserving recently used remote address: [AF_INET]87.190.244.48:1194
2021-01-27 19:41:48.791948 Socket Buffers: R=[131072->131072] S=[131072->131072]
2021-01-27 19:41:48.791975 Attempting to establish TCP connection with [AF_INET]87.190.244.48:1194 [nonblock]
2021-01-27 19:41:48.792000 MANAGEMENT: >STATE:1611772908,TCP_CONNECT,,,,,,
2021-01-27 19:41:48.905946 TCP connection established with [AF_INET]87.190.244.48:1194
2021-01-27 19:41:48.906141 TCP_CLIENT link local: (not bound)
2021-01-27 19:41:48.906187 TCP_CLIENT link remote: [AF_INET]87.190.244.48:1194
2021-01-27 19:41:48.906874 MANAGEMENT: >STATE:1611772908,WAIT,,,,,,
2021-01-27 19:41:48.969683 MANAGEMENT: >STATE:1611772908,AUTH,,,,,,
2021-01-27 19:41:48.969800 TLS: Initial packet from [AF_INET]87.190.244.48:1194, sid=dfaaf33c 8a67ee31
2021-01-27 19:41:48.969968 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2021-01-27 19:41:49.132461 VERIFY OK: depth=1, CN=BCW-Gruppe OpenVPN CA
2021-01-27 19:41:49.134279 VERIFY KU OK
2021-01-27 19:41:49.134315 Validating certificate extended key usage
2021-01-27 19:41:49.134334 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-01-27 19:41:49.134350 VERIFY EKU OK
2021-01-27 19:41:49.134742 VERIFY OK: depth=0, CN=server
2021-01-27 19:41:49.214838 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
2021-01-27 19:41:49.215053 [server] Peer Connection Initiated with [AF_INET]87.190.244.48:1194
2021-01-27 19:41:49.327587 PUSH: Received control message: 'PUSH_REPLY,route 172.23.255.0 255.255.255.0,route 172.22.255.0 255.255.255.0,redirect-private,dhcp-option DNS 172.24.0.1,register-dns,route-gateway 172.24.0.1,ping 10,ping-restart 60,ifconfig 172.24.136.113 255.255.0.0,peer-id 0,cipher AES-256-GCM'
2021-01-27 19:41:49.328153 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:5: register-dns (2.5.0)
2021-01-27 19:41:49.328280 OPTIONS IMPORT: timers and/or timeouts modified
2021-01-27 19:41:49.328310 OPTIONS IMPORT: --ifconfig/up options modified
2021-01-27 19:41:49.328334 OPTIONS IMPORT: route options modified
2021-01-27 19:41:49.328358 OPTIONS IMPORT: route-related options modified
2021-01-27 19:41:49.328389 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2021-01-27 19:41:49.328411 OPTIONS IMPORT: peer-id set
2021-01-27 19:41:49.328441 OPTIONS IMPORT: adjusting link_mtu to 1658
2021-01-27 19:41:49.328474 OPTIONS IMPORT: data channel crypto options modified
2021-01-27 19:41:49.328555 Data Channel: using negotiated cipher 'AES-256-GCM'
2021-01-27 19:41:49.328970 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-01-27 19:41:49.329023 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-01-27 19:41:49.332795 MANAGEMENT: Client disconnected
2021-01-27 19:41:49.332941 Cannot allocate TUN/TAP dev dynamically
2021-01-27 19:41:49.332967 Exiting due to fatal error
2021-01-27 19:41:50.919306 *Tunnelblick: Expected disconnection occurred.
================================================================================
Down log:
14:31:28 *Tunnelblick: **********************************************
14:31:28 *Tunnelblick: Start of output from client.down.tunnelblick.sh
14:31:29 *Tunnelblick: Cancelled monitoring system configuration changes
14:31:29 *Tunnelblick: Restored State:DNS
14:31:29 *Tunnelblick: Removed Setup:DNS
14:31:29 *Tunnelblick: Removed State:SMB
14:31:29 *Tunnelblick: Restored DNS and SMB settings
14:31:29 *Tunnelblick: Flushed the DNS cache with dscacheutil -flushcache
14:31:29 *Tunnelblick: Notified mDNSResponder that the DNS cache was flushed
14:31:29 *Tunnelblick: End of output from client.down.tunnelblick.sh
14:31:29 *Tunnelblick: **********************************************
================================================================================
Previous down log:
14:28:49 *Tunnelblick: **********************************************
14:28:49 *Tunnelblick: Start of output from client.down.tunnelblick.sh
14:28:49 *Tunnelblick: Cancelled monitoring system configuration changes
14:28:49 *Tunnelblick: Restored State:DNS
14:28:49 *Tunnelblick: Removed Setup:DNS
14:28:49 *Tunnelblick: Removed State:SMB
14:28:49 *Tunnelblick: Restored DNS and SMB settings
14:28:49 *Tunnelblick: Flushed the DNS cache with dscacheutil -flushcache
14:28:49 *Tunnelblick: Notified mDNSResponder that the DNS cache was flushed
14:28:49 *Tunnelblick: End of output from client.down.tunnelblick.sh
14:28:49 *Tunnelblick: **********************************************
================================================================================
Network services:
An asterisk (*) denotes that a network service is disabled.
Ethernet Adaptor (en3)
Ethernet Adaptor (en4)
Wi-Fi
Bluetooth PAN
Thunderbolt Bridge
Wi-Fi Power (en0): On
================================================================================
ifconfig output:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
anpi0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether 1e:00:ea:1a:23:41
inet6 fe80::1c00:eaff:fe1a:2341%anpi0 prefixlen 64 scopeid 0x4
nd6 options=201<PERFORMNUD,DAD>
media: none
status: inactive
anpi1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether 1e:00:ea:1a:23:42
inet6 fe80::1c00:eaff:fe1a:2342%anpi1 prefixlen 64 scopeid 0x5
nd6 options=201<PERFORMNUD,DAD>
media: none
status: inactive
ap1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether 72:ed:3c:0b:92:11
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: inactive
en3: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether 1e:00:ea:1a:23:21
nd6 options=201<PERFORMNUD,DAD>
media: none
status: inactive
en4: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether 1e:00:ea:1a:23:22
nd6 options=201<PERFORMNUD,DAD>
media: none
status: inactive
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether 50:ed:3c:0b:92:11
inet6 fe80::4ac:bf3a:8b6e:f8b8%en0 prefixlen 64 secured scopeid 0x9
inet6 2a02:810d:1500:5bfc:1cf0:e584:118b:302a prefixlen 64 autoconf secured
inet6 2a02:810d:1500:5bfc:c5b1:e355:5ba9:af9d prefixlen 64 autoconf temporary
inet 192.168.178.70 netmask 0xffffff00 broadcast 192.168.178.255
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
en1: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=460<TSO4,TSO6,CHANNEL_IO>
ether 36:28:fa:19:37:40
media: autoselect <full-duplex>
status: inactive
en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=460<TSO4,TSO6,CHANNEL_IO>
ether 36:28:fa:19:37:44
media: autoselect <full-duplex>
status: inactive
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=63<RXCSUM,TXCSUM,TSO4,TSO6>
ether 36:28:fa:19:37:40
Configuration:
id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
ipfilter disabled flags 0x0
member: en1 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 10 priority 0 path cost 0
member: en2 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 11 priority 0 path cost 0
nd6 options=201<PERFORMNUD,DAD>
media: <unknown type>
status: inactive
awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether ae:34:cc:9f:18:38
inet6 fe80::ac34:ccff:fe9f:1838%awdl0 prefixlen 64 scopeid 0xd
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
llw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether ae:34:cc:9f:18:38
inet6 fe80::ac34:ccff:fe9f:1838%llw0 prefixlen 64 scopeid 0xe
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
inet6 fe80::5c97:1a88:8019:9955%utun0 prefixlen 64 scopeid 0xf
nd6 options=201<PERFORMNUD,DAD>
utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
inet6 fe80::2a0c:16d9:30e:25c7%utun1 prefixlen 64 scopeid 0x10
nd6 options=201<PERFORMNUD,DAD>
utun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
inet6 fe80::428a:d81d:a223:776e%utun2 prefixlen 64 scopeid 0x11
nd6 options=201<PERFORMNUD,DAD>
utun3: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
inet6 fe80::179c:db15:1be3:76c1%utun3 prefixlen 64 scopeid 0x12
nd6 options=201<PERFORMNUD,DAD>
utun4: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
inet6 fe80::9080:d371:ff9c:d364%utun4 prefixlen 64 scopeid 0x13
nd6 options=201<PERFORMNUD,DAD>
utun5: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
inet6 fe80::f781:1790:3d26:e8f4%utun5 prefixlen 64 scopeid 0x14
nd6 options=201<PERFORMNUD,DAD>
utun6: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
inet6 fe80::f244:a704:f:b315%utun6 prefixlen 64 scopeid 0x15
nd6 options=201<PERFORMNUD,DAD>
================================================================================
Non-Apple kexts that are loaded:
Index Refs Address Size Wired Name (Version) UUID <Linked Against>
================================================================================
Quit Log:
2021-01-22 21:47:47.728413 cleanup: Entering cleanup
2021-01-22 21:47:47.729094 synchronized user defaults
2021-01-22 21:47:49.215430 applicationShouldTerminate: termination for unknown reason, probably Command-Q; delayed until 'shutdownTunnelblick' finishes)
2021-01-22 21:47:49.227671 shutDownTunnelblick: started.
2021-01-22 21:47:49.228307 shutDownTunnelblick: Starting cleanup.
2021-01-22 21:47:49.230020 cleanup: Entering cleanup
2021-01-22 21:47:49.230976 shutDownTunnelblick: Cleanup already being done.
2021-01-22 21:47:49.232305 Finished shutting down Tunnelblick; allowing termination
================================================================================
Console Log:
2021-01-27 19:39:31.195262 Tunnelblick[23419] Sparkle: Verified appcast signature
2021-01-27 19:39:52.355819 Tunnelblick[23419] Das OpenVPN Log enthält die folgende Nachricht:
"Unrecognized option or missing or extra parameter(s)".
Diese Fehlermeldung bedeutet, dass eine Option, die in der OpenVPN Konfigurationsdatei enthalten ist oder vom OpenVPN-Server "gepushed" wurde:
• falsch geschrieben wurde
• fehlende oder zusätzliche Argumente beinhaltet, oder
• in der Version von OpenVPN, die für diese Konfiguration verwendet wird, nicht implementiert ist. Dies kann eine neue Option sein, die nicht in einer alten Version von OpenVPN implementiert ist, oder eine alte Option, die in einer neuen Version von OpenVPN entfernt wurde. Sie können in dem Reiter "Einstellungen" des Fensters "Konfigurationen" im Fenster "VPN Details" von Tunnelblick wählen, welche Version von OpenVPN mit dieser Konfiguration verwendet werden soll.
Weitere Details finden Sie im VPN Log unter dem Reiter "Log" im Fenster "Konfigurationen" des Tunnelblick Fensters "VPN-Details".
2021-01-27 19:45:24.980036 Tunnelblick[23419] Das OpenVPN Log enthält die folgende Nachricht:
"Unrecognized option or missing or extra parameter(s)".
Diese Fehlermeldung bedeutet, dass eine Option, die in der OpenVPN Konfigurationsdatei enthalten ist oder vom OpenVPN-Server "gepushed" wurde:
• falsch geschrieben wurde
• fehlende oder zusätzliche Argumente beinhaltet, oder
• in der Version von OpenVPN, die für diese Konfiguration verwendet wird, nicht implementiert ist. Dies kann eine neue Option sein, die nicht in einer alten Version von OpenVPN implementiert ist, oder eine alte Option, die in einer neuen Version von OpenVPN entfernt wurde. Sie können in dem Reiter "Einstellungen" des Fensters "Konfigurationen" im Fenster "VPN Details" von Tunnelblick wählen, welche Version von OpenVPN mit dieser Konfiguration verwendet werden soll.
Weitere Details finden Sie im VPN Log unter dem Reiter "Log" im Fenster "Konfigurationen" des Tunnelblick Fensters "VPN-Details".
Tunnelblick developer
Jan 27, 2021, 4:11:40 PM1/27/21
to tunnelblick-discuss
Reply all
Reply to author
Forward
0 new messages