asking for passphrase...there isn't one

1,733 views
Skip to first unread message

jeffg...@gmail.com

unread,
Jun 21, 2018, 1:30:01 PM6/21/18
to tunnelblick-discuss
Because of a hard drive issue, I had to re-install tunnelblick on my mac.  I made sure to keep a copy of the ovpn file, so nothing changed there.  Now, tunnelblick is requesting a passphrase, when I deliberately did not set one.

I went back to my OpenVPN server and created a new config file, this time setting a passphrase.  Installed that on tunnelblick and it says connecting for a second and then disconnected.

I vaguely remember having this problem before...can't remember how to fix it

Tunnelblick developer

unread,
Jun 21, 2018, 1:39:47 PM6/21/18
to tunnelblick-discuss
Please post the diagnostic info obtained by following the instructions at Read Before You Post.

jeffg...@gmail.com

unread,
Jun 21, 2018, 1:49:29 PM6/21/18
to tunnelblick-discuss


*Tunnelblick: OS X 10.13.5; Tunnelblick 3.7.6 (build 5060)

2018-06-21 12:45:42 *Tunnelblick: Attempting connection with Home; Set nameserver = 769; monitoring connection

2018-06-21 12:45:42 *Tunnelblick: openvpnstart start Home.tblk 59218 769 0 3 0 1065264 -ptADGNWradsgnw 2.3.18-libressl-2.7.1

2018-06-21 12:45:42 OpenVPN 2.3.18 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Jun  9 2018

2018-06-21 12:45:42 library versions: LibreSSL 2.7.1, LZO 2.10

2018-06-21 12:45:42 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:59218

2018-06-21 12:45:42 Need hold release from management interface, waiting...

2018-06-21 12:45:42 *Tunnelblick: openvpnstart starting OpenVPN

2018-06-21 12:45:43 *Tunnelblick: openvpnstart log:

     OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):

     

          /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.18-libressl-2.7.1/openvpn

          --daemon

          --log

          /Library/Application Support/Tunnelblick/Logs/-SLibrary-SApplication Support-STunnelblick-SShared-SHome.tblk-SContents-SResources-Sconfig.ovpn.769_0_3_0_1065264.59218.openvpn.log

          --cd

          /Library/Application Support/Tunnelblick/Shared/Home.tblk/Contents/Resources

          --setenv

          IV_GUI_VER

          "net.tunnelblick.tunnelblick 5060 3.7.6 (build 5060)"

          --verb

          3

          --config

          /Library/Application Support/Tunnelblick/Shared/Home.tblk/Contents/Resources/config.ovpn

          --verb

          3

          --cd

          /Library/Application Support/Tunnelblick/Shared/Home.tblk/Contents/Resources

          --management

          127.0.0.1

          59218

          /Library/Application Support/Tunnelblick/biljianbkmahomamdgmofoloebdeaefhmbabhiem.mip

          --management-query-passwords

          --management-hold

          --script-security

          2

          --up

          /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw

          --down

          /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw


2018-06-21 12:45:43 *Tunnelblick: Established communication with OpenVPN

2018-06-21 12:45:43 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:59218

2018-06-21 12:45:43 MANAGEMENT: CMD 'pid'

2018-06-21 12:45:43 MANAGEMENT: CMD 'state on'

2018-06-21 12:45:43 MANAGEMENT: CMD 'state'

2018-06-21 12:45:43 MANAGEMENT: CMD 'bytecount 1'

2018-06-21 12:45:43 MANAGEMENT: CMD 'hold release'

2018-06-21 12:45:43 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.

2018-06-21 12:45:43 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2018-06-21 12:45:47 *Tunnelblick: Disconnecting; user cancelled authorization

2018-06-21 12:45:47 *Tunnelblick: No 'pre-disconnect.sh' script to execute

2018-06-21 12:45:47 *Tunnelblick: Disconnecting using 'kill'

2018-06-21 12:45:48 MANAGEMENT: Client disconnected

2018-06-21 12:45:48 ERROR: could not read Private Key username/password/ok/string from management interface

2018-06-21 12:45:48 Exiting due to fatal error

2018-06-21 12:45:49 *Tunnelblick: No 'post-disconnect.sh' script to execute

2018-06-21 12:45:49 *Tunnelblick: Expected disconnection occurred.

Tunnelblick developer

unread,
Jun 21, 2018, 1:55:40 PM6/21/18
to tunnelblick-discuss
If you don't know the passphrase -- which is not associated with the configuration file, it is associated with the .key file., you're stuck.

I think you need to discuss this with whoever provided your OpenVPN server and the key and certificate files.

jeffg...@gmail.com

unread,
Jun 21, 2018, 2:05:30 PM6/21/18
to tunnelblick-discuss
I am the one who created the server and the files.  I don't need much in the way of access, so I put it on a raspberry pi.  Worked just fine until I reinstalled tunnelblick.

Just to see what would happen,I generated a new config file without a passphrase.  Same result

When I added a passphrase, it doesn't ask..just disconnects

Tunnelblick developer

unread,
Jun 21, 2018, 2:10:11 PM6/21/18
to tunnelblick-discuss
The passphrase is not associated with the OpenVPN configuration file. It is associated with a .key file.

You need to regenerate the PKI, as you originally did, not the OpenVPN configuration file.

Jeff Brock

unread,
Jun 21, 2018, 2:12:09 PM6/21/18
to tunnelbli...@googlegroups.com
Isn’t the key file bundled into the ovpn file?
--
You received this message because you are subscribed to a topic in the Google Groups "tunnelblick-discuss" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/tunnelblick-discuss/EeN9WbmfS7s/unsubscribe.
To unsubscribe from this group and all its topics, send an email to tunnelblick-dis...@googlegroups.com.
Visit this group at https://groups.google.com/group/tunnelblick-discuss.
For more options, visit https://groups.google.com/d/optout.

Tunnelblick developer

unread,
Jun 21, 2018, 2:15:45 PM6/21/18
to tunnelblick-discuss
It can be, but since you only posted a tiny part of the diagnostic info, I don't know.


On Thursday, June 21, 2018 at 2:12:09 PM UTC-4, Jeff Brock wrote:
Isn’t the key file bundled into the ovpn file?


Jeff Brock

unread,
Jun 21, 2018, 2:22:41 PM6/21/18
to tunnelbli...@googlegroups.com
So clicking the “copy diagnostic info to clipboard” doesn’t get everything?  Is there another way to get what is needed?
--

Tunnelblick developer

unread,
Jun 21, 2018, 2:28:59 PM6/21/18
to tunnelblick-discuss
"Copy Diagnostic Info to Clipboard" provides LOTS of other information. See, for example this post.

Jeff Brock

unread,
Jun 21, 2018, 3:12:00 PM6/21/18
to tunnelbli...@googlegroups.com
I clicked that button and then Ctrl-V to the posting.  You saw everything that was there.  But that’s getting off topic.

I will probably try again later…spent too much time on this and need to get back to work.  I have a license for Shimo and I installed that.  I don’t care for the interface, but it connected just fine…no passphrase requested.
--
Reply all
Reply to author
Forward
0 new messages