VPN working on local machine but not on shared connection
72 views
Skip to first unread message
eugenio.z...@gmail.com
Apr 26, 2020, 12:43:26 PM4/26/20
to tunnelblick-discuss
Hi everyone,
I'm trying to understand if I can use an unused Mac Mini as a VPN client to route all my network traffic through VPN.To do this I'm still experimenting with Internet connection sharing (the option given by MacOS): input my 4G connection (USB tethered), tunnel it, and output it to the rest of my network via a different NIC (well, ok, the other way round...).
I installed and configured Tunnelblick to launch at startup and configured a connection to:
- launch when Tunnelblick starts
- configure nameserver (default option)
- monitor network settings
- route all IPv4 traffic
No matter what I do / change on this configuration file, my Mac Mini perfectly works (I can navigate as expected no matter the connection: wifi, LAN, USB tethering... everything is ok), but not if I share my connection with other computers (MacOS Control Panel > Sharing > Share Internet). What happens in this case is:
- when the VPN is OFF
- Mac Mini can surf
- connected computers can surf as well
- when the VPN is ON
- Mac Mini can still surf
- connected computers STOP SURFING: page load is stuck forever
I already tried
- enabling/disabling "Configure Nameserver" option
- editing the config file to add my DNS settings
- enabling/disablind the "Route all IPv4 traffic" option
... but nothing changes: my mac can surf, all other computers only surf when the VPN is OFF.
Can somebody help here? What setting should I enable to make sure all traffic passing through this machine is tunneled through the VPN even if this traffic comes from another machine?
Thanks in advance
Eugenio (from Italy)
Eugenio Zaffagnini
Apr 26, 2020, 12:46:37 PM4/26/20
to tunnelbli...@googlegroups.com
PS:
This is the connection log in case it's useful:
This is the connection log in case it's useful:
*Tunnelblick: macOS 10.13.6 (17G66); Tunnelblick 3.8.2 (build 5480); Standard user
git commit 6155bb774cf9652ef0231b712d7784ee03d3c85e
Configuration it-mil.prod.surfshark.com_udp
"Sanitized" condensed configuration file for /Library/Application Support/Tunnelblick/Shared/it-mil.prod.surfshark.com_udp.tblk:
client
dev tun
proto udp
remote it-mil.prod.surfshark.com 1194
resolv-retry infinite
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0
dhcp-option DNS 1.1.1.1
dhcp-option DNS 1.0.0.1
dhcp-option DNS 2606:4700:4700::1111
dhcp-option DNS 2606:4700:4700::1001
dhcp-option DNS 8.8.8.8
dhcp-option DNS 8.8.4.4
remote-cert-tls server
auth-user-pass
verb 3
pull
fast-io
cipher AES-256-CBC
auth SHA512
<ca>
[Security-related line(s) omitted]
</ca>
key-direction 1
<tls-auth>
[Security-related line(s) omitted]
</tls-auth>
================================================================================
Files in it-mil.prod.surfshark.com_udp.tblk:
Contents/Resources/config.ovpn
================================================================================
Configuration preferences:
autoConnect = 1
-onSystemStart = 0
useDNS = 1
-resetPrimaryInterfaceAfterUnexpectedDisconnect = 0
-routeAllTrafficThroughVpn = 1
-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
-keepConnected = 1
-disableNetworkAccessAfterUnexpectedDisconnect = 0
-alwaysShowLoginWindow = 0
-lastConnectionSucceeded = 1
================================================================================
Wildcard preferences:
================================================================================
Program preferences:
placeIconInStandardPositionInStatusBar = 1
launchAtNextLogin = 1
tunnelblickVersionHistory = (
"3.8.2 (build 5480)"
)
lastLaunchTime = 609605012.2964
doNotShowSplashScreen = 1
showConnectedDurations = 1
lastLanguageAtLaunchWasRTL = 0
connectionWindowDisplayCriteria = showWhenConnecting
maxLogDisplaySize = 10485760
lastConnectedDisplayName = it-mil.prod.surfshark.com_udp
keyboardShortcutIndex = 1
namedCredentialsThatAllConfigurationsUse = Comuni
updateCheckAutomatically = 1
NSWindow Frame ConnectingWindow = 390 522 500 322 0 0 1280 1001
detailsWindowFrameVersion = 5480
detailsWindowFrame = {{56, 415}, {1171, 468}}
detailsWindowLeftFrame = {{0, 0}, {499, 350}}
detailsWindowViewIndex = 0
detailsWindowConfigurationsTabIdentifier = settings
leftNavSelectedDisplayName = it-mil.prod.surfshark.com_udp
AdvancedWindowTabIdentifier = vpnCredentials
haveDealtWithOldTunTapPreferences = 1
haveDealtWithOldLoginItem = 1
haveDealtWithAfterDisconnect = 1
SUEnableAutomaticChecks = 1
SUScheduledCheckInterval = 86400
SULastCheckTime = 2020-04-26 14:43:32 +0000
SUHasLaunchedBefore = 1
WebKitDefaultFontSize = 16
WebKitStandardFont = Times
================================================================================
Tunnelblick Log:
2020-04-26 18:41:56.491795 *Tunnelblick: macOS 10.13.6 (17G66); Tunnelblick 3.8.2 (build 5480)
2020-04-26 18:41:56.825120 *Tunnelblick: Attempting connection with it-mil.prod.surfshark.com_udp; Set nameserver = 769; monitoring connection
2020-04-26 18:41:56.826397 *Tunnelblick: openvpnstart start it-mil.prod.surfshark.com_udp.tblk 64974 769 0 3 0 1098544 -ptADGNWradsgnw 2.4.8-openssl-1.1.1e
2020-04-26 18:41:56.861166 *Tunnelblick: openvpnstart starting OpenVPN
2020-04-26 18:41:57.039810 OpenVPN 2.4.8 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Mar 22 2020
2020-04-26 18:41:57.039924 library versions: OpenSSL 1.1.1e 17 Mar 2020, LZO 2.10
2020-04-26 18:41:57.041534 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:64974
2020-04-26 18:41:57.041577 Need hold release from management interface, waiting...
2020-04-26 18:41:57.452395 *Tunnelblick: openvpnstart log:
OpenVPN started successfully.
Command used to start OpenVPN (one argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.4.8-openssl-1.1.1e/openvpn
--daemon
--log /Library/Application Support/Tunnelblick/Logs/-SLibrary-SApplication Support-STunnelblick-SShared-Sit--mil.prod.surfshark.com_udp.tblk-SContents-SResources-Sconfig.ovpn.769_0_3_0_1098544.64974.openvpn.log
--cd /Library/Application Support/Tunnelblick/Shared/it-mil.prod.surfshark.com_udp.tblk/Contents/Resources
--machine-readable-output
--setenv IV_GUI_VER "net.tunnelblick.tunnelblick 5480 3.8.2 (build 5480)"
--verb 3
--config /Library/Application Support/Tunnelblick/Shared/it-mil.prod.surfshark.com_udp.tblk/Contents/Resources/config.ovpn
--setenv TUNNELBLICK_CONFIG_FOLDER /Library/Application Support/Tunnelblick/Shared/it-mil.prod.surfshark.com_udp.tblk/Contents/Resources
--verb 3
--cd /Library/Application Support/Tunnelblick/Shared/it-mil.prod.surfshark.com_udp.tblk/Contents/Resources
--management 127.0.0.1 64974 /Library/Application Support/Tunnelblick/clohhibfgonddoamlemiaaekcgakjjhnghpjfegg.mip
--management-query-passwords
--management-hold
--redirect-gateway def1
--script-security 2
--route-up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
--down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
2020-04-26 18:41:57.466369 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:64974
2020-04-26 18:41:57.509247 MANAGEMENT: CMD 'pid'
2020-04-26 18:41:57.509449 MANAGEMENT: CMD 'auth-retry interact'
2020-04-26 18:41:57.509578 MANAGEMENT: CMD 'state on'
2020-04-26 18:41:57.509666 MANAGEMENT: CMD 'state'
2020-04-26 18:41:57.509742 MANAGEMENT: CMD 'bytecount 1'
2020-04-26 18:41:57.522613 *Tunnelblick: Established communication with OpenVPN
2020-04-26 18:41:57.525234 *Tunnelblick: >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
2020-04-26 18:41:57.526993 MANAGEMENT: CMD 'hold release'
2020-04-26 18:41:57.584565 *Tunnelblick: Obtained VPN username and password from the Keychain
2020-04-26 18:41:57.586010 MANAGEMENT: CMD 'username "Auth" "[EDITED]"'
2020-04-26 18:41:57.586154 MANAGEMENT: CMD 'password [...]'
2020-04-26 18:41:57.590974 WARNING: --ping should normally be used with --ping-restart or --ping-exit
2020-04-26 18:41:57.591028 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2020-04-26 18:41:57.593072 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2020-04-26 18:41:57.593263 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2020-04-26 18:41:57.593594 MANAGEMENT: >STATE:1587919317,RESOLVE,,,,,,
2020-04-26 18:41:57.647727 TCP/UDP: Preserving recently used remote address: [AF_INET]95.174.64.67:1194
2020-04-26 18:41:57.647856 Socket Buffers: R=[196724->196724] S=[9216->9216]
2020-04-26 18:41:57.647890 UDP link local: (not bound)
2020-04-26 18:41:57.647923 UDP link remote: [AF_INET]95.174.64.67:1194
2020-04-26 18:41:57.647992 MANAGEMENT: >STATE:1587919317,WAIT,,,,,,
2020-04-26 18:41:57.672539 MANAGEMENT: >STATE:1587919317,AUTH,,,,,,
2020-04-26 18:41:57.672616 TLS: Initial packet from [AF_INET]95.174.64.67:1194, sid=22289257 b70fd9d1
2020-04-26 18:41:57.672786 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2020-04-26 18:41:57.710716 VERIFY OK: depth=2, C=VG, O=Surfshark, CN=Surfshark Root CA
2020-04-26 18:41:57.713189 VERIFY OK: depth=1, C=VG, O=Surfshark, CN=Surfshark Intermediate CA
2020-04-26 18:41:57.714268 VERIFY KU OK
2020-04-26 18:41:57.714335 Validating certificate extended key usage
2020-04-26 18:41:57.714357 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2020-04-26 18:41:57.714378 VERIFY EKU OK
2020-04-26 18:41:57.714398 VERIFY OK: depth=0, CN=it-mil-v007.prod.surfshark.com
2020-04-26 18:41:57.783035 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1633', remote='link-mtu 1581'
2020-04-26 18:41:57.783106 WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher AES-256-GCM'
2020-04-26 18:41:57.783142 WARNING: 'auth' is used inconsistently, local='auth SHA512', remote='auth [null-digest]'
2020-04-26 18:41:57.783361 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
2020-04-26 18:41:57.784699 [it-mil-v007.prod.surfshark.com] Peer Connection Initiated with [AF_INET]95.174.64.67:1194
2020-04-26 18:41:58.887706 MANAGEMENT: >STATE:1587919318,GET_CONFIG,,,,,,
2020-04-26 18:41:58.887828 SENT CONTROL [it-mil-v007.prod.surfshark.com]: 'PUSH_REQUEST' (status=1)
2020-04-26 18:41:58.909652 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 162.252.172.57,dhcp-option DNS 149.154.159.92,redirect-gateway def1,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,block-outside-dns,route-gateway 10.8.8.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.8.4 255.255.255.0,peer-id 1,cipher AES-256-GCM'
2020-04-26 18:41:58.909780 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:7: block-outside-dns (2.4.8)
2020-04-26 18:41:58.909856 OPTIONS IMPORT: timers and/or timeouts modified
2020-04-26 18:41:58.909885 OPTIONS IMPORT: explicit notify parm(s) modified
2020-04-26 18:41:58.909908 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
2020-04-26 18:41:58.910008 Socket Buffers: R=[196724->524288] S=[9216->524288]
2020-04-26 18:41:58.910042 OPTIONS IMPORT: --ifconfig/up options modified
2020-04-26 18:41:58.910062 OPTIONS IMPORT: route options modified
2020-04-26 18:41:58.910081 OPTIONS IMPORT: route-related options modified
2020-04-26 18:41:58.910101 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2020-04-26 18:41:58.910120 OPTIONS IMPORT: peer-id set
2020-04-26 18:41:58.910138 OPTIONS IMPORT: adjusting link_mtu to 1656
2020-04-26 18:41:58.910187 OPTIONS IMPORT: data channel crypto options modified
2020-04-26 18:41:58.910219 Data Channel: using negotiated cipher 'AES-256-GCM'
2020-04-26 18:41:58.910399 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2020-04-26 18:41:58.910434 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2020-04-26 18:41:58.910872 Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16)
2020-04-26 18:41:58.911083 Opened utun device utun1
2020-04-26 18:41:58.911125 MANAGEMENT: >STATE:1587919318,ASSIGN_IP,,10.8.8.4,,,,
2020-04-26 18:41:58.911153 /sbin/ifconfig utun1 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2020-04-26 18:41:58.929186 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2020-04-26 18:41:58.929259 /sbin/ifconfig utun1 10.8.8.4 10.8.8.4 netmask 255.255.255.0 mtu 1500 up
2020-04-26 18:41:58.934366 /sbin/route add -net 10.8.8.0 10.8.8.4 255.255.255.0
add net 10.8.8.0: gateway 10.8.8.4
2020-04-26 18:41:58.949139 /sbin/route add -net 95.174.64.67 192.168.0.1 255.255.255.255
add net 95.174.64.67: gateway 192.168.0.1
2020-04-26 18:41:58.953863 /sbin/route add -net 0.0.0.0 10.8.8.1 128.0.0.0
add net 0.0.0.0: gateway 10.8.8.1
2020-04-26 18:41:58.959109 /sbin/route add -net 128.0.0.0 10.8.8.1 128.0.0.0
add net 128.0.0.0: gateway 10.8.8.1
18:41:59 *Tunnelblick: **********************************************
18:41:59 *Tunnelblick: Start of output from client.up.tunnelblick.sh
18:42:01 *Tunnelblick: Disabled IPv6 for 'Ethernet'
18:42:01 *Tunnelblick: Disabled IPv6 for 'Pixel 4 USB Tether'
18:42:01 *Tunnelblick: Disabled IPv6 for 'FireWire'
18:42:01 *Tunnelblick: Disabled IPv6 for 'Wi-Fi'
18:42:01 *Tunnelblick: Disabled IPv6 for 'Bluetooth PAN'
18:42:01 *Tunnelblick: Disabled IPv6 for 'Thunderbolt Bridge'
18:42:01 *Tunnelblick: Retrieved from OpenVPN: name server(s) [ 1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001 8.8.8.8 8.8.4.4 162.252.172.57 149.154.159.92 ], search domain(s) [ ] and SMB server(s) [ ] and using default domain name [ openvpn ]
18:42:02 *Tunnelblick: WARNING: Ignoring ServerAddresses '1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001 8.8.8.8 8.8.4.4 162.252.172.57 149.154.159.92' because ServerAddresses was set manually and '-allowChangesToManuallySetNetworkSettings' was not specified
18:42:02 *Tunnelblick: Setting search domains to 'openvpn' because the search domains were not set manually (or are allowed to be changed) and 'Prepend domain name to search domains' was not selected
18:42:04 *Tunnelblick: Saved the DNS and SMB configurations so they can be restored
18:42:04 *Tunnelblick: Did not change DNS ServerAddresses setting of '1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4' (but re-set it)
18:42:04 *Tunnelblick: Changed DNS SearchDomains setting from '' to 'openvpn'
18:42:04 *Tunnelblick: Changed DNS DomainName setting from '' to 'openvpn'
18:42:04 *Tunnelblick: Did not change SMB NetBIOSName setting of ''
18:42:04 *Tunnelblick: Did not change SMB Workgroup setting of ''
18:42:04 *Tunnelblick: Did not change SMB WINSAddresses setting of ''
18:42:04 *Tunnelblick: DNS servers '1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001 8.8.8.8 8.8.4.4' were set manually
18:42:04 *Tunnelblick: WARNING: that setting is being ignored; '1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4' is being used.
18:42:04 *Tunnelblick: DNS servers '1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4' will be used for DNS queries when the VPN is active
18:42:04 *Tunnelblick: The DNS servers include only free public DNS servers known to Tunnelblick.
18:42:04 *Tunnelblick: Flushed the DNS cache via dscacheutil
18:42:04 *Tunnelblick: /usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
18:42:04 *Tunnelblick: Notified mDNSResponder that the DNS cache was flushed
18:42:04 *Tunnelblick: Not notifying mDNSResponderHelper that the DNS cache was flushed because it is not running
18:42:04 *Tunnelblick: Setting up to monitor system configuration with process-network-changes
18:42:04 *Tunnelblick: End of output from client.up.tunnelblick.sh
18:42:04 *Tunnelblick: **********************************************
2020-04-26 18:42:04.383666 Initialization Sequence Completed
2020-04-26 18:42:04.383776 MANAGEMENT: >STATE:1587919324,CONNECTED,SUCCESS,10.8.8.4,95.174.64.67,1194,,
2020-04-26 18:42:04.606581 *Tunnelblick: DNS address 1.0.0.1 is being routed through the VPN
2020-04-26 18:42:04.718745 *Tunnelblick: DNS address 1.1.1.1 is being routed through the VPN
2020-04-26 18:42:04.824232 *Tunnelblick: DNS address 8.8.4.4 is being routed through the VPN
2020-04-26 18:42:04.932820 *Tunnelblick: DNS address 8.8.8.8 is being routed through the VPN
2020-04-26 18:42:08.090619 *Tunnelblick: process-network-changes: A system configuration change was ignored
2020-04-26 18:42:10.868965 *Tunnelblick: This computer's apparent public IP address changed from 95.236.108.137 before connection to 95.174.64.68 after connection
================================================================================
Down log:
18:19:12 *Tunnelblick: **********************************************
18:19:12 *Tunnelblick: Start of output from client.down.tunnelblick.sh
18:19:12 *Tunnelblick: Cancelled monitoring system configuration changes
18:19:12 *Tunnelblick: Restored State:DNS
18:19:12 *Tunnelblick: Removed Setup:DNS
18:19:12 *Tunnelblick: Removed State:SMB
18:19:12 *Tunnelblick: Restored DNS and SMB settings
18:19:12 *Tunnelblick: Re-enabled IPv6 (automatic) for "Ethernet"
18:19:12 *Tunnelblick: Re-enabled IPv6 (automatic) for "Pixel 4 USB Tether"
18:19:12 *Tunnelblick: Re-enabled IPv6 (automatic) for "FireWire"
18:19:13 *Tunnelblick: Re-enabled IPv6 (automatic) for "Wi-Fi"
18:19:13 *Tunnelblick: Re-enabled IPv6 (automatic) for "Bluetooth PAN"
18:19:13 *Tunnelblick: Re-enabled IPv6 (automatic) for "Thunderbolt Bridge"
18:19:13 *Tunnelblick: Flushed the DNS cache with dscacheutil -flushcache
18:19:13 *Tunnelblick: Notified mDNSResponder that the DNS cache was flushed
18:19:13 *Tunnelblick: End of output from client.down.tunnelblick.sh
18:19:13 *Tunnelblick: **********************************************
================================================================================
Previous down log:
18:06:21 *Tunnelblick: **********************************************
18:06:21 *Tunnelblick: Start of output from client.down.tunnelblick.sh
18:06:21 *Tunnelblick: Cancelled monitoring system configuration changes
18:06:21 *Tunnelblick: Restored State:DNS
18:06:21 *Tunnelblick: Removed Setup:DNS
18:06:21 *Tunnelblick: Removed State:SMB
18:06:21 *Tunnelblick: Restored DNS and SMB settings
18:06:21 *Tunnelblick: Re-enabled IPv6 (automatic) for "Ethernet"
18:06:22 *Tunnelblick: Re-enabled IPv6 (automatic) for "Pixel 4 USB Tether"
18:06:22 *Tunnelblick: Re-enabled IPv6 (automatic) for "FireWire"
18:06:22 *Tunnelblick: Re-enabled IPv6 (automatic) for "Wi-Fi"
18:06:22 *Tunnelblick: Re-enabled IPv6 (automatic) for "Bluetooth PAN"
18:06:22 *Tunnelblick: Re-enabled IPv6 (automatic) for "Thunderbolt Bridge"
18:06:22 *Tunnelblick: Flushed the DNS cache with dscacheutil -flushcache
18:06:22 *Tunnelblick: Notified mDNSResponder that the DNS cache was flushed
18:06:22 *Tunnelblick: End of output from client.down.tunnelblick.sh
18:06:22 *Tunnelblick: **********************************************
================================================================================
Network services:
An asterisk (*) denotes that a network service is disabled.
Ethernet
Pixel 4 USB Tether
FireWire
Wi-Fi
Bluetooth PAN
Thunderbolt Bridge
Wi-Fi Power (en1): On
================================================================================
ifconfig output:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
EHC250: flags=0<> mtu 0
EHC253: flags=0<> mtu 0
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=10b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV>
ether 3c:07:54:30:e8:34
nd6 options=201<PERFORMNUD,DAD>
media: autoselect (none)
status: inactive
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 28:37:37:16:35:d7
inet 192.168.0.107 netmask 0xffffff00 broadcast 192.168.0.255
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether 0a:37:37:16:35:d7
media: autoselect
status: inactive
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=63<RXCSUM,TXCSUM,TSO4,TSO6>
ether b2:00:17:83:09:a1
Configuration:
id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
ipfilter disabled flags 0x2
member: en2 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 10 priority 0 path cost 0
nd6 options=201<PERFORMNUD,DAD>
media: <unknown type>
status: inactive
en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=60<TSO4,TSO6>
ether b2:00:17:83:09:a1
media: autoselect <full-duplex>
status: inactive
fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078
lladdr a4:b1:97:ff:fe:78:30:9a
nd6 options=201<PERFORMNUD,DAD>
media: autoselect <full-duplex>
status: inactive
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
inet6 fe80::7021:394a:5238:4909%utun0 prefixlen 64 scopeid 0xc
nd6 options=201<PERFORMNUD,DAD>
utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 10.8.8.4 --> 10.8.8.4 netmask 0xffffff00
================================================================================
Non-Apple kexts that are loaded:
Index Refs Address Size Wired Name (Version) UUID <Linked Against>
================================================================================
Quit Log:
2020-04-26 16:42:18.136631 applicationShouldTerminate: termination because of Quit; delayed until 'shutdownTunnelblick' finishes)
================================================================================
Console Log:
2020-04-26 12:46:52.863776 Tunnelblick[729] cleanup: Entering cleanup
2020-04-26 12:46:52.864568 Tunnelblick[729] synchronized user defaults
2020-04-26 12:46:53.487681 Tunnelblick[729] Set up flag files for shutting down the computer and expecting all configurations to be disconnected
2020-04-26 12:46:53.488393 Tunnelblick[729] doDisconnectionsForShuttingDownComputer: Set 'expect disconnect 1 ALL'
2020-04-26 12:46:53.489324 Tunnelblick[729] Started disconnecting all configurations
2020-04-26 12:46:53.489953 Tunnelblick[729] Skipping cleanup because computer is shutting down or restarting
2020-04-26 12:46:53.491031 Tunnelblick[729] Finished shutting down Tunnelblick; allowing termination
2020-04-26 16:30:06.325034 Tunnelblick[379] Tunnelblick: macOS 10.13.6; Tunnelblick 3.8.2 (build 5480)
2020-04-26 16:30:12.891616 Tunnelblick[379] Sparkle: ===== Tunnelblick =====
2020-04-26 16:30:12.892459 Tunnelblick[379] Sparkle: Verified appcast signature
2020-04-26 16:43:27.544498 Tunnelblick[377] Tunnelblick: macOS 10.13.6; Tunnelblick 3.8.2 (build 5480)
2020-04-26 17:12:58.667029 Tunnelblick[377] Set 'expect disconnect 1 -SLibrary-SApplication Support-STunnelblick-SShared-Sit--mil-Dprod-Dsurfshark-Dcom_udp-Dtblk-SContents-SResources'
2020-04-26 17:31:31.893632 Tunnelblick[377] Set 'expect disconnect 1 -SLibrary-SApplication Support-STunnelblick-SShared-Ses--bcn-Dprod-Dsurfshark-Dcom_udp-Dtblk-SContents-SResources'
2020-04-26 17:37:56.998158 Tunnelblick[377] Set 'expect disconnect 1 -SLibrary-SApplication Support-STunnelblick-SShared-Sit--mil-Dprod-Dsurfshark-Dcom_udp-Dtblk-SContents-SResources'
2020-04-26 17:38:34.601119 Tunnelblick[377] Il file di log di OpenVPN contiene il seguente messaggio:
"Unrecognized option or missing or extra parameter(s)".
Questo errore significa che un'opzione contenuta nel documento di configurazione di OpenVPN o che è stata richiesta dal server OpenVPN:
• non è stata scritta correttamente,
• non ha il numero corretto di parametri, o
• non è supportata dalla versione di OpenVPN usata da questa configurazione. Potrebbe trattarsi di una nuova opzione non supportata in una versione meno recente di OpenVPN o di un'opzione non più supportata che è stata rimossa da una versione più recente di OpenVPN. È possibile scegliere quale versione di OpenVPN usare per questa configurazione all'interno di "Impostazioni" nel pannello "Configurazioni" nella finestra "Dettagli sulla VPN".
È possibile trovare ulteriori informazioni all'interno di "Log" nel pannello "Configurazioni" nella finestra "Dettagli sulla VPN" di Tunnelblick.
2020-04-26 17:40:12.753306 Tunnelblick[377] Set 'expect disconnect 1 -SLibrary-SApplication Support-STunnelblick-SShared-Sit--mil-Dprod-Dsurfshark-Dcom_udp-Dtblk-SContents-SResources'
2020-04-26 17:40:18.591614 Tunnelblick[377] Cleared 'expect disconnect 0 -SLibrary-SApplication Support-STunnelblick-SShared-Sit--mil-Dprod-Dsurfshark-Dcom_udp-Dtblk-SContents-SResources'
2020-04-26 17:40:52.163231 Tunnelblick[377] Set 'expect disconnect 1 -SLibrary-SApplication Support-STunnelblick-SShared-Sit--mil-Dprod-Dsurfshark-Dcom_udp-Dtblk-SContents-SResources'
2020-04-26 17:56:02.056301 Tunnelblick[377] Set 'expect disconnect 1 -SLibrary-SApplication Support-STunnelblick-SShared-Sit--rom-Dprod-Dsurfshark-Dcom_tcp-Dtblk-SContents-SResources'
2020-04-26 18:05:34.330506 Tunnelblick[377] Set 'expect disconnect 1 -SLibrary-SApplication Support-STunnelblick-SShared-Sit--rom-Dprod-Dsurfshark-Dcom_udp-Dtblk-SContents-SResources'
2020-04-26 18:06:21.506770 Tunnelblick[377] Set 'expect disconnect 1 -SLibrary-SApplication Support-STunnelblick-SShared-Sit--rom-Dprod-Dsurfshark-Dcom_tcp-Dtblk-SContents-SResources'
2020-04-26 18:07:31.086803 Tunnelblick[377] Set 'expect disconnect 1 -SLibrary-SApplication Support-STunnelblick-SShared-Sit--rom-Dprod-Dsurfshark-Dcom_tcp-Dtblk-SContents-SResources'
2020-04-26 18:13:40.258574 Tunnelblick[377] Authorizing an operation without a new admin authorization because Tunnelblick is in administrator mode
2020-04-26 18:13:40.258748 Tunnelblick[377] Tunnelblick ha bisogno di effettuare un'operazione per la quale è necessaria l'autorizzazione di un utente amministratore.
2020-04-26 18:13:40.258843 Tunnelblick[377] Beginning installation or repair
2020-04-26 18:13:40.278173 Tunnelblick[377] Authorizing an operation without a new admin authorization because Tunnelblick is in administrator mode
2020-04-26 18:13:40.514052 Tunnelblick[377] Installation or repair succeeded; Log:
Tunnelblick installer started 2020-04-26 18:13:40.379076. 3 arguments: 0x1001
/Users/eugeniozaffagnini/Library/Application Support/Tunnelblick/Configurations/it-mil.prod.surfshark.com_udp.tblk
/Library/Application Support/Tunnelblick/Shared/it-mil.prod.surfshark.com_udp.tblk
getuid() = 502; getgid() = 20; geteuid() = 0; getegid() = 20
Changed permissions from 744 to 755 on /var/log/Tunnelblick
Created directory /Library/Application Support/Tunnelblick/Users/eugeniozaffagnini with owner 0:0 and permissions 755
Changed ownership of /Users/eugeniozaffagnini/Library/Application Support/Tunnelblick from 502:20 to 502:80
Changed ownership of /Users/eugeniozaffagnini/Library/Application Support/Tunnelblick/Configurations from 502:20 to 502:80
Copied /Library/Application Support/Tunnelblick/Shared/it-mil.prod.surfshark.com_udp.tblk
to /Users/eugeniozaffagnini/Library/Application Support/Tunnelblick/Configurations/it-mil.prod.surfshark.com_udp.tblk.temp
Deleted /Library/Application Support/Tunnelblick/Shared/it-mil.prod.surfshark.com_udp.tblk
Renamed /Users/eugeniozaffagnini/Library/Application Support/Tunnelblick/Configurations/it-mil.prod.surfshark.com_udp.tblk.temp
to /Users/eugeniozaffagnini/Library/Application Support/Tunnelblick/Configurations/it-mil.prod.surfshark.com_udp.tblk
Changed ownership of /Users/eugeniozaffagnini/Library/Application Support/Tunnelblick/Configurations/it-mil.prod.surfshark.com_udp.tblk and its contents from 0:0 to 502:80
Changed permissions from 755 to 750 on /Users/eugeniozaffagnini/Library/Application Support/Tunnelblick/Configurations/it-mil.prod.surfshark.com_udp.tblk
Changed permissions from 755 to 750 on /Users/eugeniozaffagnini/Library/Application Support/Tunnelblick/Configurations/it-mil.prod.surfshark.com_udp.tblk/Contents
Changed permissions from 755 to 750 on /Users/eugeniozaffagnini/Library/Application Support/Tunnelblick/Configurations/it-mil.prod.surfshark.com_udp.tblk/Contents/Resources
Changed permissions from 700 to 740 on /Users/eugeniozaffagnini/Library/Application Support/Tunnelblick/Configurations/it-mil.prod.surfshark.com_udp.tblk/Contents/Resources/config.ovpn
Copied /Users/eugeniozaffagnini/Library/Application Support/Tunnelblick/Configurations/it-mil.prod.surfshark.com_udp.tblk
to /Library/Application Support/Tunnelblick/Users/eugeniozaffagnini/it-mil.prod.surfshark.com_udp.tblk.temp
Renamed /Library/Application Support/Tunnelblick/Users/eugeniozaffagnini/it-mil.prod.surfshark.com_udp.tblk.temp
to /Library/Application Support/Tunnelblick/Users/eugeniozaffagnini/it-mil.prod.surfshark.com_udp.tblk
Changed ownership of /Library/Application Support/Tunnelblick/Users/eugeniozaffagnini/it-mil.prod.surfshark.com_udp.tblk and its contents from 502:80 to 0:0
Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/eugeniozaffagnini/it-mil.prod.surfshark.com_udp.tblk
Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/eugeniozaffagnini/it-mil.prod.surfshark.com_udp.tblk/Contents
Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/eugeniozaffagnini/it-mil.prod.surfshark.com_udp.tblk/Contents/Resources
Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/eugeniozaffagnini/it-mil.prod.surfshark.com_udp.tblk/Contents/Resources/config.ovpn
Created secure (shadow) copy of it-mil.prod.surfshark.com_udp.tblk
Tunnelblick installer finished without error
2020-04-26 18:16:46.123582 Tunnelblick[377] tunnelblickd status from compareShadowCopy: 252
2020-04-26 18:16:57.537709 Tunnelblick[377] tunnelblickd status from compareShadowCopy: 252
2020-04-26 18:17:26.752972 Tunnelblick[377] Tunnelblick ha bisogno di effettuare un'operazione per la quale è necessaria l'autorizzazione di un utente amministratore.
2020-04-26 18:17:26.753095 Tunnelblick[377] Beginning installation or repair
2020-04-26 18:17:26.981271 Tunnelblick[377] Installation or repair succeeded; Log:
Tunnelblick installer started 2020-04-26 18:17:26.850309. 3 arguments: 0x1001
/Library/Application Support/Tunnelblick/Shared/it-mil.prod.surfshark.com_udp.tblk
/Users/eugeniozaffagnini/Library/Application Support/Tunnelblick/Configurations/it-mil.prod.surfshark.com_udp.tblk
getuid() = 502; getgid() = 20; geteuid() = 0; getegid() = 20
Copied /Users/eugeniozaffagnini/Library/Application Support/Tunnelblick/Configurations/it-mil.prod.surfshark.com_udp.tblk
to /Library/Application Support/Tunnelblick/Shared/it-mil.prod.surfshark.com_udp.tblk.temp
Deleted /Users/eugeniozaffagnini/Library/Application Support/Tunnelblick/Configurations/it-mil.prod.surfshark.com_udp.tblk
Renamed /Library/Application Support/Tunnelblick/Shared/it-mil.prod.surfshark.com_udp.tblk.temp
to /Library/Application Support/Tunnelblick/Shared/it-mil.prod.surfshark.com_udp.tblk
Changed ownership of /Library/Application Support/Tunnelblick/Shared/it-mil.prod.surfshark.com_udp.tblk and its contents from 502:80 to 0:0
Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Shared/it-mil.prod.surfshark.com_udp.tblk
Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Shared/it-mil.prod.surfshark.com_udp.tblk/Contents
Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Shared/it-mil.prod.surfshark.com_udp.tblk/Contents/Resources
Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Shared/it-mil.prod.surfshark.com_udp.tblk/Contents/Resources/config.ovpn
Deleted /Library/Application Support/Tunnelblick/Users/eugeniozaffagnini/it-mil.prod.surfshark.com_udp.tblk
Deleted secure (shadow) copy of it-mil.prod.surfshark.com_udp.tblk
Tunnelblick installer finished without error
2020-04-26 18:19:11.236240 Tunnelblick[377] Set 'expect disconnect 1 -SLibrary-SApplication Support-STunnelblick-SShared-Sit--mil-Dprod-Dsurfshark-Dcom_udp-Dtblk-SContents-SResources'
2020-04-26 18:40:38.600752 Tunnelblick[377] Il file di log di OpenVPN contiene il seguente messaggio:
"Unrecognized option or missing or extra parameter(s)".
Questo errore significa che un'opzione contenuta nel documento di configurazione di OpenVPN o che è stata richiesta dal server OpenVPN:
• non è stata scritta correttamente,
• non ha il numero corretto di parametri, o
• non è supportata dalla versione di OpenVPN usata da questa configurazione. Potrebbe trattarsi di una nuova opzione non supportata in una versione meno recente di OpenVPN o di un'opzione non più supportata che è stata rimossa da una versione più recente di OpenVPN. È possibile scegliere quale versione di OpenVPN usare per questa configurazione all'interno di "Impostazioni" nel pannello "Configurazioni" nella finestra "Dettagli sulla VPN".
È possibile trovare ulteriori informazioni all'interno di "Log" nel pannello "Configurazioni" nella finestra "Dettagli sulla VPN" di Tunnelblick.
2020-04-26 18:40:53.314771 Tunnelblick[377] Removing *-skipWarningAboutDownroot
2020-04-26 18:40:53.317045 Tunnelblick[377] Removing *-skipWarningAboutNoTunOrTap
2020-04-26 18:40:53.319238 Tunnelblick[377] Removing *-skipWarningUnableToToEstablishOpenVPNLink
2020-04-26 18:40:53.321428 Tunnelblick[377] Removing *-skipWarningThatCannotConnectBecauseOfOpenVPNOptions
2020-04-26 18:40:53.323599 Tunnelblick[377] Removing *-skipWarningThatNotUsingSpecifiedOpenVPN
2020-04-26 18:40:53.325994 Tunnelblick[377] Removing *-skipWarningThatCannotConnectBecauseOfOpenVPNOptionConflicts
2020-04-26 18:40:53.328235 Tunnelblick[377] Removing *-skipWarningThatMayNotConnectInFutureBecauseOfOpenVPNOptions
2020-04-26 18:41:58.923039 Tunnelblick[377] Il file di log di OpenVPN contiene il seguente messaggio:
"Unrecognized option or missing or extra parameter(s)".
Questo errore significa che un'opzione contenuta nel documento di configurazione di OpenVPN o che è stata richiesta dal server OpenVPN:
• non è stata scritta correttamente,
• non ha il numero corretto di parametri, o
• non è supportata dalla versione di OpenVPN usata da questa configurazione. Potrebbe trattarsi di una nuova opzione non supportata in una versione meno recente di OpenVPN o di un'opzione non più supportata che è stata rimossa da una versione più recente di OpenVPN. È possibile scegliere quale versione di OpenVPN usare per questa configurazione all'interno di "Impostazioni" nel pannello "Configurazioni" nella finestra "Dettagli sulla VPN".
È possibile trovare ulteriori informazioni all'interno di "Log" nel pannello "Configurazioni" nella finestra "Dettagli sulla VPN" di Tunnelblick.
Tunnelblick developer
Apr 26, 2020, 6:13:16 PM4/26/20
to tunnelblick-discuss
I have a vague memory that you cannot use Internet Connection Sharing with Tunnelblick. macOS doesn't let it work. You should search this discussion group for relevant posts. I think it was a few years ago.
Eugenio Zaffagnini
Apr 27, 2020, 5:22:09 AM4/27/20
to tunnelblick-discuss
Aw... Damn Apple ;-)
If that's it, will sell the Mini and go the pfSense box instead. Less hassle.
If that's it, will sell the Mini and go the pfSense box instead. Less hassle.
Thanks for the answer!
Reply all
Reply to author
Forward
0 new messages