Can't connect to two VPNs at once

[Stavros Pavlidis]

Hello,

I have a company VPN that hides certain servers and can only be accessed via them. In order to access them, I need to be connected to both at the same time. I received two .ovpn config files from our IT team for each VPN respectively, one set to use 1196 and the other 1194, but I can only connect to one at a time. I can connect to any one of the two, but it will fail to connect to the other one if one of them is connected.

I just switched to a Mac, and our IT team has no experience with it, under Windows I would just create a new TAP adapter for the second one by using the OpenVPN software and it would work.

Any suggestions what should I do? The error I'm getting each time I try to connect to the second after the first is already connected is "This computer's apparent public IP address was not different after connecting to first-vpn-here. It is still 77.29.93.130.

This may mean that your VPN is not configured correctly.".

And in the log of the second connection I'm getting "Socket bind failed on local address [AF_INET6][undef]:1194: Address already in use (errno=48)".

I'm using the latest 3.7.8 version on MacOS Mojave.

Thanks a lot.

[Tunnelblick developer]

The error I'm getting each time I try to connect to the second after the first is already connected is "This computer's apparent public IP address was not different after connecting to first-vpn-here. It is still 77.29.93.130.

1. That message  is not an error; it is just telling you the situation. Most users want everything to be routed through the VPN and want to be warned if it isn't, but in your case, you don't want everything routed through the VPN, so you can ignore that message. To avoid the message, un-check "Check if the apparent public IP address changed after connecting" in the "Settings" tab of the "Configurations" panel of Tunnelblick's "VPN Details" window. (Select the configuration you want the change to be applied to in the list on the left side of that panel before you un-check the box.)
   
   
2. That message doesn't appear when you try to connect to the second VPN; it appears about 10 seconds after you connect successfully to the first VPN and in fact, it has nothing to do with the second VPN.
   

The second error is more puzzling. For help with that, please post the diagnostic info obtained by following the instructions at Read Before You Post (https://tunnelblick.net/cBeforeYouPost.html). Collect the info for each VPN separately, do not try to connect two VPNs at once.

Two connections at a time are problematic on a Mac because it does DNS very differently from Windows.

[Stavros Pavlidis]

Hi,

Logs to both VPN networks connected and disconnected individually are attached.

[Tunnelblick developer]

Thanks for providing the diagnostic info.

As I wrote before, multiple simultaneous VPNs are problematic, but I believe the two configurations you are using should work OK.

(A) You do need to un-check the "Check if the apparent public IP address changed after connecting" boxes for both configurations in the "Settings" tab of the "Configurations" panel of Tunnelblick's "VPN Details" window. (Click on a configuration to select it, then click the box to un-check it. Do that for each of the two configurations.)

(B) The second configuration (only) should have another setting changed, too: Select the second configuration in the list on the left, then click on the words "Set nameserver" (to the right of "Set DNS/WINS") and then click on "Do not set nameserver" in the menu that pops up.

(C) Restart your computer. (This is necessary because your network setup seems to be a bit messed up -- there is already a "utun0" device being used, which means that something went very wrong at some point at the past. Normally, no "utun" devices are in use except by the VPNs.)

All of the above steps only need to be done once. 

Then I think you should be all set.

I'm not sure if the following are necessary, but if you have trouble, you might try to connect//disconnect as follows:

• To connect: connect to the first one first, then -- after the first is completely connected -- connect to the second.
  
• To disconnect: disconnect from the second one first, then --after the second is completely disconnected -- disconnect the first.
  

If you still get the "Socket bind failed on local address [AF_INET6][undef]:1194: Address already in use (errno=48)" error, please click the "Copy diagnostic info to Clipboard" button before doing anything else, wait for it to complete, and then paste the info into a reply.

Good luck!

[Stavros Pavlidis]

Hi,

Thanks for the suggestions. I did all the points from A. to C. and upon restart I end up with the same issue, the second network doesn't connect after the first one has already connected.

Logs attached.

[Stavros Pavlidis]

So, I guess I've reached the end of the line with "expert" help. I better go look somewhere else for a solution for my problem.

[Tunnelblick developer]

I think this may be an IPv6 problem. Tunnelblick does not fully support IPv6. You might try Viscosity to see if that works.

[Stavros Pavlidis]

Installing Viscosity resolved absolutely nothing, keep on getting the same end result. the second network fails to connect if the first one is already connected. Going completely nuts about this one, on High Sierra we had it working but neither me or my colleagues remember what we did to solve it.

[Tunnelblick developer]

If neither Tunnelblick nor Viscosity work for this, it is probably a problem with the OpenVPN configurations, or even with OpenVPN itself.

You could try other versions of OpenVPN using Tunnelblick. Tunnelblick usually has two or three versions, each with two SSL libraries, which don't enter into this problem, so ignore them. Try all three versions of OpenVPN for both connections.

If none of that helps, you might want to consult OpenVPN experts:

• OpenVPN FAQ
• OpenVPN HOWTO
• OpenVPN 2.3 Man Page
• OpenVPN Documentation
• OpenVPN Users Forum
• OpenVPN Users Mailing List

[n.hoa...@gmail.com]

any update on this? 

I had the same problem.

I believe tunnel-brick create utun1 for the first connection, but for the second it does not create utun2 but reuse utun1.

[Tunnelblick developer]

I believe tunnel-brick create utun1 for the first connection, but for the second it does not create utun2 but reuse utun1.

Do you have any logs that show that? My understanding is that OpenVPN creates a new utun instance for each VPN.

Do all of the versions of OpenVPN have the same problem?

(Please note that the "tun" and "utun" interfaces are created by OpenVPN, not Tunnelblick.)

[n.hoa...@gmail.com]

Here is error log (exactly same with others')

TCP/UDP: Socket bind failed on local address [AF_INET6][undef]:1194: Address already in use (errno=48)

INET6 = IPv6 , I think.

Should I disable IPv6 on MacOS?