Can't connect get a "Waiting for server response" on Tunnelblick

3,680 views

Skip to first unread message

open...@gmail.com

unread,

Sep 9, 2014, 8:35:13 AM9/9/14

to tunnelbli...@googlegroups.com

Hi,

I have setup my ASUS RT-AC66U using the latest stock software as a VPN Server. Exported the config file and imported into Tunnelblick as per the documentation. When I'm away from home and try to connect I get the message "Waiting for server response". Tried this now in different locations but to no avail. Whats up? Can anyone shed any light please? Below is my log file. Thank you.

*Tunnelblick: OS X 10.9.4; Tunnelblick 3.4beta36 (build 3945); Admin user

"Sanitized" condensed configuration file for /Library/Application Support/Tunnelblick/Shared/myVPN.tblk:

client

dev tun

proto udp

remote jonathan.knowsitall.info 1194

float

comp-lzo adaptive

keepalive 15 60

auth-user-pass

ns-cert-type server

<ca>

[Security-related line(s) omitted]

</ca>

<cert>

[Security-related line(s) omitted]

</cert>

<key>

[Security-related line(s) omitted]

</key>

resolv-retry infinite

nobind

================================================================================

"Sanitized" full configuration file

client

dev tun

proto udp

remote jonathan.knowsitall.info 1194

float

comp-lzo adaptive

keepalive 15 60

auth-user-pass

ns-cert-type server

<ca>

[Security-related line(s) omitted]

</ca>

<cert>

[Security-related line(s) omitted]

</cert>

<key>

[Security-related line(s) omitted]

</key>

resolv-retry infinite

nobind

================================================================================

Cannot list unusual files in myVPN.tblk; not a private configuration

================================================================================

Configuration preferences:

-keychainHasUsernameAndPassword = 1

-loadTun =

-openvpnVersion = -

-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 1

-lastConnectionSucceeded = 0

================================================================================

Wildcard preferences:

-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 1

================================================================================

Program preferences:

inhibitOutboundTunneblickTraffic = 1

launchAtNextLogin = 1

notOKToCheckThatIPAddressDidNotChangeAfterConnection = 1

askedUserIfOKToCheckThatIPAddressDidNotChangeAfterConnection = 1

tunnelblickVersionHistory = (

"3.4beta36 (build 3945)"

)

statusDisplayNumber = 0

lastLaunchTime = 431958564.664337

connectionWindowDisplayCriteria = showWhenConnecting

maxLogDisplaySize = 102400

lastConnectedDisplayName = home

installationUID (not shown)

keyboardShortcutIndex = 1

updateCheckAutomatically = 1

updateSendProfileInfo = 1

NSWindow Frame ConnectingWindow = 765 669 389 187 0 0 1920 1058

detailsWindowFrameVersion = 3945

detailsWindowFrame = {{309, 505}, {920, 468}}

detailsWindowLeftFrame = {{0, 0}, {164, 350}}

leftNavSelectedDisplayName = myVPN

haveDealtWithSparkle1dot5b6 = 1

haveDealtWithOldTunTapPreferences = 1

haveDealtWithOldLoginItem = 1

SUEnableAutomaticChecks = 0

SUFeedURL = https://www.tunnelblick.net/appcast-b.rss

SUScheduledCheckInterval = 86400

SUSendProfileInfo = 1

SULastCheckTime = 2014-09-09 12:29:24 +0000

SULastProfileSubmissionDate = 2014-09-04 08:43:42 +0000

SUHasLaunchedBefore = 1

WebKitDefaultFontSize = 16

WebKitStandardFont = Times

================================================================================

Tunnelblick Log:

2014-09-09 14:29:36 *Tunnelblick: OS X 10.9.4; Tunnelblick 3.4beta36 (build 3945)

2014-09-09 14:29:36 *Tunnelblick: Attempting connection with myVPN; Set nameserver = 1; monitoring connection

2014-09-09 14:29:36 *Tunnelblick: openvpnstart start myVPN.tblk 1338 1 0 3 0 16688 -ptADGNWradsgnw 2.3.4

2014-09-09 14:29:36 *Tunnelblick: openvpnstart log:

Tunnelblick:

OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):

/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.4/openvpn

--daemon

--log

/Library/Application Support/Tunnelblick/Logs/-SLibrary-SApplication Support-STunnelblick-SShared-SmyVPN.tblk-SContents-SResources-Sconfig.ovpn.1_0_3_0_16688.1338.openvpn.log

--cd

/Library/Application Support/Tunnelblick/Shared/myVPN.tblk/Contents/Resources

--config

/Library/Application Support/Tunnelblick/Shared/myVPN.tblk/Contents/Resources/config.ovpn

--cd

/Library/Application Support/Tunnelblick/Shared/myVPN.tblk/Contents/Resources

--management

127.0.0.1

1338

--management-query-passwords

--management-hold

--script-security

--up

/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -f -ptADGNWradsgnw

--down

/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -f -ptADGNWradsgnw

2014-09-09 14:29:36 *Tunnelblick: Established communication with OpenVPN

2014-09-09 14:29:36 *Tunnelblick: Obtained VPN username and password from the Keychain

2014-09-09 14:29:36 OpenVPN 2.3.4 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Sep 1 2014

2014-09-09 14:29:36 library versions: OpenSSL 1.0.1i 6 Aug 2014, LZO 2.08

2014-09-09 14:29:36 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2014-09-09 14:29:36 *Tunnelblick: openvpnstart starting OpenVPN

2014-09-09 14:29:37 UDPv4 link local: [undef]

2014-09-09 14:29:37 UDPv4 link remote: [AF_INET]82.217.92.143:1194

2014-09-09 14:29:56 *Tunnelblick: Disconnecting; VPN Details… window disconnect button pressed

2014-09-09 14:29:56 *Tunnelblick: Disconnecting using 'kill'

2014-09-09 14:29:56 event_wait : Interrupted system call (code=4)

2014-09-09 14:29:56 SIGTERM[hard,] received, process exiting

2014-09-09 14:29:56 *Tunnelblick: No 'post-disconnect.sh' script to execute

2014-09-09 14:29:56 *Tunnelblick: Expected disconnection occurred.

================================================================================

Console Log:

2014-09-09 11:30:32 gkbisd[270] Unable to collect cdhash for /Applications/Tunnelblick.app (error code 100024)

2014-09-09 11:30:33 Tunnelblick[8471] Set program update feedURL to https://www.tunnelblick.net/appcast-b.rss

2014-09-09 11:30:34 Tunnelblick[8471] DEBUG: Updater: systemVersion 10.9.4 satisfies minimumSystemVersion 10.4.0

2014-09-09 11:30:42 Tunnelblick[8471] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-home' account = 'username'

2014-09-09 11:30:42 Tunnelblick[8471] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-home' account = 'password'

2014-09-09 11:39:27 Tunnelblick[8471] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-home' account = 'username'

2014-09-09 11:39:27 Tunnelblick[8471] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-home' account = 'password'

2014-09-09 11:39:54 Tunnelblick[8471] DEBUG: Updater: systemVersion 10.9.4 satisfies minimumSystemVersion 10.4.0

2014-09-09 11:40:36 Tunnelblick[8471] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-home' account = 'username'

2014-09-09 11:40:36 Tunnelblick[8471] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-home' account = 'password'

2014-09-09 11:52:04 Tunnelblick[8471] applicationShouldTerminate: termination because of Quit; delayed until 'shutdownTunnelblick' finishes

2014-09-09 11:52:04 Tunnelblick[8471] Finished shutting down Tunnelblick; allowing termination

2014-09-09 11:52:09 gkbisd[270] Unable to collect cdhash for /Applications/Tunnelblick.app (error code 100024)

2014-09-09 11:52:10 Tunnelblick[8740] Set program update feedURL to https://www.tunnelblick.net/appcast-b.rss

2014-09-09 11:52:10 Tunnelblick[8740] DEBUG: Updater: systemVersion 10.9.4 satisfies minimumSystemVersion 10.4.0

2014-09-09 11:52:16 Tunnelblick[8740] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-home' account = 'username'

2014-09-09 11:52:16 Tunnelblick[8740] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-home' account = 'password'

2014-09-09 11:52:33 Tunnelblick[8740] applicationShouldTerminate: termination because of Quit; delayed until 'shutdownTunnelblick' finishes

2014-09-09 11:52:33 Tunnelblick[8740] Finished shutting down Tunnelblick; allowing termination

2014-09-09 11:58:22 gkbisd[270] Unable to collect cdhash for /Applications/Tunnelblick.app (error code 100024)

2014-09-09 11:58:23 Tunnelblick[8798] Set program update feedURL to https://www.tunnelblick.net/appcast-b.rss

2014-09-09 11:58:24 Tunnelblick[8798] DEBUG: Updater: systemVersion 10.9.4 satisfies minimumSystemVersion 10.4.0

2014-09-09 11:58:27 Tunnelblick[8798] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-home' account = 'username'

2014-09-09 11:58:27 Tunnelblick[8798] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-home' account = 'password'

2014-09-09 11:58:40 Tunnelblick[8798] applicationShouldTerminate: termination because of Quit; delayed until 'shutdownTunnelblick' finishes

2014-09-09 11:58:41 Tunnelblick[8798] Finished shutting down Tunnelblick; allowing termination

2014-09-09 13:50:31 gkbisd[270] Unable to collect cdhash for /Applications/Tunnelblick.app (error code 100024)

2014-09-09 13:50:31 Tunnelblick[10164] Set program update feedURL to https://www.tunnelblick.net/appcast-b.rss

2014-09-09 13:50:31 Tunnelblick[10164] Converting/Installing /Users/jonathan/Desktop/myVPN.tblk/client.ovpn: Converted OpenVPN configuration

2014-09-09 13:50:44 Tunnelblick[10164] Beginning installation or repair

2014-09-09 13:50:44 authexec[10177] executing /Applications/Tunnelblick.app/Contents/Resources/installer

2014-09-09 13:50:44 Tunnelblick[10164] Installation or repair succeeded; Log:

Tunnelblick installer started 2014-09-09 13:50:44. 3 arguments: 0x0001 /Library/Application Support/Tunnelblick/Shared/myVPN.tblk /private/var/folders/c4/7cy9_tx53t37ssn01kp2jxwr0000gn/T/Tunnelblick-CA1V2x/myVPN.tblk

Copied /private/var/folders/c4/7cy9_tx53t37ssn01kp2jxwr0000gn/T/Tunnelblick-CA1V2x/myVPN.tblk to /Library/Application Support/Tunnelblick/Shared/myVPN.tblk.temp

Moved /Library/Application Support/Tunnelblick/Shared/myVPN.tblk.temp to /Library/Application Support/Tunnelblick/Shared/myVPN.tblk

Changed ownership of /Library/Application Support/Tunnelblick/Shared/myVPN.tblk and its contents from 501:20 to 0:0

Changed permissions from 640 to 600 on /Library/Application Support/Tunnelblick/Shared/myVPN.tblk/Contents/Resources/config.ovpn

2014-09-09 13:50:45 Tunnelblick[10164] DEBUG: Updater: systemVersion 10.9.4 satisfies minimumSystemVersion 10.4.0

2014-09-09 13:51:54 Tunnelblick[10164] Can't find Keychain item to delete for service = 'Tunnelblick-Auth-myVPN' account = 'username' because it does not exist

2014-09-09 13:51:54 Tunnelblick[10164] Can't find Keychain item to delete for service = 'Tunnelblick-Auth-myVPN' account = 'password' because it does not exist

2014-09-09 13:56:45 Tunnelblick[10164] applicationShouldTerminate: termination because of Quit; delayed until 'shutdownTunnelblick' finishes

2014-09-09 13:56:46 Tunnelblick[10164] Finished shutting down Tunnelblick; allowing termination

2014-09-09 13:57:08 sudo[10217] jonathan : TTY=ttys001 ; PWD=/Library/Application Support/Tunnelblick/Shared ; USER=root ; COMMAND=/bin/rm -rf home.tblk/

2014-09-09 13:57:33 sudo[10219] jonathan : TTY=ttys001 ; PWD=/Library/Application Support/Tunnelblick/Shared ; USER=root ; COMMAND=/usr/bin/cd myVPN.tblk/

2014-09-09 13:57:39 sudo[10225] jonathan : TTY=ttys001 ; PWD=/Library/Application Support/Tunnelblick/Shared ; USER=root ; COMMAND=/bin/sh

2014-09-09 13:59:59 gkbisd[270] Unable to collect cdhash for /Applications/Tunnelblick.app (error code 100024)

2014-09-09 13:59:59 Tunnelblick[10239] Set program update feedURL to https://www.tunnelblick.net/appcast-b.rss

2014-09-09 14:00:00 Tunnelblick[10239] DEBUG: Updater: systemVersion 10.9.4 satisfies minimumSystemVersion 10.4.0

2014-09-09 14:00:04 Tunnelblick[10239] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-myVPN' account = 'username'

2014-09-09 14:00:04 Tunnelblick[10239] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-myVPN' account = 'password'

2014-09-09 14:04:59 Tunnelblick[10239] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-myVPN' account = 'username'

2014-09-09 14:04:59 Tunnelblick[10239] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-myVPN' account = 'password'

2014-09-09 14:06:52 Tunnelblick[10239] openvpnstart stderr from killall:

Tunnelblick: stderr from killall: No matching processes were found

2014-09-09 14:07:04 Tunnelblick[10239] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-myVPN' account = 'username'

2014-09-09 14:07:04 Tunnelblick[10239] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-myVPN' account = 'password'

2014-09-09 14:07:16 Tunnelblick[10239] applicationShouldTerminate: termination because of Quit; delayed until 'shutdownTunnelblick' finishes

2014-09-09 14:07:16 Tunnelblick[10239] Finished shutting down Tunnelblick; allowing termination

2014-09-09 14:21:18 Tunnelblick[827] Set program update feedURL to https://www.tunnelblick.net/appcast-b.rss

2014-09-09 14:21:19 Tunnelblick[827] DEBUG: Updater: systemVersion 10.9.4 satisfies minimumSystemVersion 10.4.0

2014-09-09 14:21:41 Tunnelblick[827] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-myVPN' account = 'username'

2014-09-09 14:21:41 Tunnelblick[827] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-myVPN' account = 'password'

2014-09-09 14:24:02 Tunnelblick[827] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-myVPN' account = 'username'

2014-09-09 14:24:02 Tunnelblick[827] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-myVPN' account = 'password'

2014-09-09 14:29:20 Tunnelblick[827] applicationShouldTerminate: termination because of Quit; delayed until 'shutdownTunnelblick' finishes

2014-09-09 14:29:20 Tunnelblick[827] Finished shutting down Tunnelblick; allowing termination

2014-09-09 14:29:24 Tunnelblick[912] Set program update feedURL to https://www.tunnelblick.net/appcast-b.rss

2014-09-09 14:29:25 Tunnelblick[912] DEBUG: Updater: systemVersion 10.9.4 satisfies minimumSystemVersion 10.4.0

2014-09-09 14:29:36 Tunnelblick[912] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-myVPN' account = 'username'

2014-09-09 14:29:36 Tunnelblick[912] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-myVPN' account = 'password'

================================================================================

Non-Apple kexts that are loaded:

Index Refs Address Size Wired Name (Version) <Linked Against>

63 0 0xffffff7f8090f000 0x47000 0x47000 at.obdev.nke.LittleSnitch (4098) <5 4 3 1>

129 1 0xffffff7f80a51000 0xa000 0xa000 com.avatron.AVExVideo (1.7) <82 5 4 3>

130 0 0xffffff7f80a5b000 0x9000 0x9000 com.avatron.AVExFramebuffer (1.7) <129 82 5 4 3>

135 3 0xffffff7f82153000 0x56000 0x56000 org.virtualbox.kext.VBoxDrv (4.3.14) <7 5 4 3 1>

136 0 0xffffff7f821a9000 0x8000 0x8000 org.virtualbox.kext.VBoxUSB (4.3.14) <135 46 36 7 5 4 3 1>

138 0 0xffffff7f821b1000 0x5000 0x5000 org.virtualbox.kext.VBoxNetFlt (4.3.14) <135 7 5 4 3 1>

139 0 0xffffff7f821b6000 0x6000 0x6000 org.virtualbox.kext.VBoxNetAdp (4.3.14) <135 5 4 1>

140 0 0xffffff7f807ce000 0x6000 0x6000 foo.tap (1.0) <7 5 4 1>

141 0 0xffffff7f807c6000 0x6000 0x6000 foo.tun (1.0) <7 5 4 1>

jkbull...gmail.com

unread,

Sep 9, 2014, 9:19:47 AM9/9/14

to tunnelbli...@googlegroups.com, open...@gmail.com

Hi.

First, I doubt this has anything to do with the problem you are having, but I noticed the following warning in the Console Log:

gkbisd[270] Unable to collect cdhash for /Applications/Tunnelblick.app (error code 100024)

See https://discussions.apple.com/thread/6433525 for a discussion of these warnings.

Now, as to the problem connecting to the VPN that you are having: the log shows that your computer never received a response from your router.

Looking at your router's specs at http://www.asus.com/us/Networking/RTAC66U/specifications, the router does not support the OpenVPN protocol, which is what Tunnelblick uses. It supports IPSec, PPTP, and L2TP. So it looks like you can't use Tunnelblick with it. However, a Google search also turned up several references to using OpenVPN with the router, so maybe that info is out-of-date.

If the router does support OpenVPN, then the problem could be caused by any one of several things, for example:

The router's OpenVPN isn't running
The router's OpenVPN is listening to some port other than the port 1194 specified in your configuration file
The name "jonathan.knowsitall.info" doesn't resolve to your router
Some firewall between your computer and the router is blocking communication on port 1194

As to the last item, it could be that the ISP that your router is connected to does not allow connections to port 1194. (Some ISPs block certain ports -- for example, they might block port 80 to prevent you from running a website from your home.)

jona...@spindriftgroup.com

unread,

Sep 9, 2014, 10:33:07 AM9/9/14

to tunnelbli...@googlegroups.com, open...@gmail.com

Hi,

Thanks for the feedback. Please find my updates inline.

On Tuesday, 9 September 2014 15:19:47 UTC+2, jkbull...gmail.com wrote:

Hi.

First, I doubt this has anything to do with the problem you are having, but I noticed the following warning in the Console Log:

gkbisd[270] Unable to collect cdhash for /Applications/Tunnelblick.app (error code 100024)

See https://discussions.apple.com/thread/6433525 for a discussion of these warnings.

Thanks for pointing this out.

Now, as to the problem connecting to the VPN that you are having: the log shows that your computer never received a response from your router.

Looking at your router's specs at http://www.asus.com/us/Networking/RTAC66U/specifications, the router does not support the OpenVPN protocol, which is what Tunnelblick uses. It supports IPSec, PPTP, and L2TP. So it looks like you can't use Tunnelblick with it. However, a Google search also turned up several references to using OpenVPN with the router, so maybe that info is out-of-date.

Later releases of the stock firmware support OpenVPN and there are links to Tunnelblick for the Mac providing instructions. I'm not using dd-wrt or tomato just yet.

If the router does support OpenVPN, then the problem could be caused by any one of several things, for example:
The router's OpenVPN isn't running

Its set to "on"

The router's OpenVPN is listening to some port other than the port 1194 specified in your configuration file
The name "jonathan.knowsitall.info" doesn't resolve to your router

its a dyndns lookup to my dynamic IP address. I can use ssh using this address.

Some firewall between your computer and the router is blocking communication on port 1194
As to the last item, it could be that the ISP that your router is connected to does not allow connections to port 1194. (Some ISPs block certain ports -- for example, they might block port 80 to prevent you from running a website from your home.)

The Open Port Tool tells me that port 1194 is blocked. Not sure whether thats my provider, Ziggo, or my AC66U router. Further investigation reveals that although the stock firmware supports OpenVPN, the NAT Passthrough for VPN only lists PPTP,L2TP,IPSec, RTSP,H.323 and SIP. (facepalm). I guess this is a bug with the stock firmware. I will chase up ASUS.

Thanks.

open...@gmail.com

unread,

Sep 10, 2014, 7:07:36 AM9/10/14

to tunnelbli...@googlegroups.com, open...@gmail.com

Hi,

Whether it was me raising an issue to ASUS or not, but ASUS issued a new firmware release yesterday 9-9-2014 RT-AC66U_3.0.0.4_376_2524-g0013f52.trx

This resolves the openVPN connection issue. I can now connect using TunnelBlick with openvpn 2.3.4 to my ASUS RT-AC66U router across a public internet. Yippee. Also confirmed that Ziggo.nl, my hosting provider does not close port 1194.

So, happy that the VPN works... now I seem to have an issue connecting with the 5G band (facepalm) which I didn't have with the previous firmware release....

Just so the folks out there with dd-wrt software know. I noticed using the latest release of dd-wrt, rather than the stock ASUS firmware, that it did not seem to take advantage of the ac capabilities and the transmission rate dropped significantly. Thats why I have remained with the stock firmware to take advantages of the features of the product at least for now just in case anybody also had the same issue.

Thanks for your help and suggestions, appreciated.

On Tuesday, 9 September 2014 15:19:47 UTC+2, jkbull...gmail.com wrote:

Reply all

Reply to author

Forward

0 new messages