No smb/afp connection with Mac OSX 10.9.2 with Tunnelblick 3.4beta22 (build 3789)

[Timo]

Hi there,

I´ve got severals problems with establishing a smb or afp connection to my Synology Diskstation via Mac OSX 10.9.2 with Tunnelblick 3.4beta22 (build 3789).

My VPN ist working well, and ich can map drives via IP-Adress. But I´m not able to establish a connection for example afp://Diskstation oder smb://Diskstation

I only can map a drive with afp://192.168.xxx.xxx

Is there anybody with similar Problems?

Thanks!

CONFIG

dev tun

tls-client

remote meine-ip.de 1194

# The "float" tells OpenVPN to accept authenticated packets from any address, 

# not only the address which was specified in the --remote option. 

# This is useful when you are connecting to a peer which holds a dynamic address 

# such as a dial-in user or DHCP client.

# (Please refer to the manual of OpenVPN for more information.)

#float

# If redirect-gateway is enabled, the client will redirect it's

# default network gateway through the VPN.

# It means the VPN connection will firstly connect to the VPN Server

# and then to the internet.

# (Please refer to the manual of OpenVPN for more information.)

redirect-gateway

# dhcp-option DNS: To set primary domain name server address.

# Repeat this option to set secondary DNS server addresses.

dhcp-option DNS 192.168.200.1

pull

proto udp

script-security 2

ca ca.crt

comp-lzo

reneg-sec 0

auth-user-pass

 

LOG

2014-04-11 10:18:57 *Tunnelblick: OS X 10.9.2; Tunnelblick 3.4beta22 (build 3789); prior version 3.4beta20 (build 3727)

2014-04-11 10:18:57 *Tunnelblick: Attempting connection with Diskstation using shadow copy; Set nameserver = 1; monitoring connection

2014-04-11 10:18:57 *Tunnelblick: openvpnstart start Diskstation.tblk 1337 1 0 1 0 305 -ptADGNWradsgnw 2.2.1

2014-04-11 10:18:58 *Tunnelblick: openvpnstart log:

     Loading tun-signed.kext

     

     OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):

     

          /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.2.1/openvpn

          --daemon

          --log

          /Library/Application Support/Tunnelblick/Logs/-SUsers-STimo-SLibrary-SApplication Support-STunnelblick-SConfigurations-SDiskstation.tblk-SContents-SResources-Sconfig.ovpn.1_0_1_0_305.1337.openvpn.log

          --cd

          /Library/Application Support/Tunnelblick/Users/Timo/Diskstation.tblk/Contents/Resources

          --config

          /Library/Application Support/Tunnelblick/Users/Timo/Diskstation.tblk/Contents/Resources/config.ovpn

          --cd

          /Library/Application Support/Tunnelblick/Users/Timo/Diskstation.tblk/Contents/Resources

          --management

          127.0.0.1

          1337

          --management-query-passwords

          --management-hold

          --script-security

          2

          --up

          /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -f -ptADGNWradsgnw

          --down

          /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -f -ptADGNWradsgnw

2014-04-11 10:18:57 OpenVPN 2.2.1 i386-apple-darwin10.8.0 [SSL] [LZO2] [PKCS11] [eurephia] built on Apr  8 2014

2014-04-11 10:18:57 *Tunnelblick: openvpnstart starting OpenVPN

2014-04-11 10:18:58 *Tunnelblick: Established communication with OpenVPN

2014-04-11 10:19:08 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.

2014-04-11 10:19:08 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

2014-04-11 10:19:08 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2014-04-11 10:19:08 LZO compression initialized

2014-04-11 10:19:08 UDPv4 link local (bound): [undef]:1194

2014-04-11 10:19:08 UDPv4 link remote: xxx.xxx.xxx.xxx:1194

2014-04-11 10:19:08 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

2014-04-11 10:19:08 [synology.com] Peer Connection Initiated with xxx.xxx.xxx.xxx:1194

2014-04-11 10:19:11 TUN/TAP device /dev/tun0 opened

2014-04-11 10:19:11 /sbin/ifconfig tun0 delete

                                        ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address

2014-04-11 10:19:11 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure

2014-04-11 10:19:11 /sbin/ifconfig tun0 10.8.0.6 10.8.0.5 mtu 1500 netmask 255.255.255.255 up

2014-04-11 10:19:11 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -f -ptADGNWradsgnw tun0 1500 1542 10.8.0.6 10.8.0.5 init

                                        **********************************************

                                        Start of output from client.up.tunnelblick.sh

                                        Retrieved from OpenVPN: name server(s) [ 192.168.200.1 ], search domain(s) [  ] and SMB server(s) [  ] and using default domain name [ openvpn ]

                                        Not aggregating ServerAddresses because running on OS X 10.6 or higher

                                        Setting search domains to 'openvpn' because running under OS X 10.6 or higher and the search domains were not set manually and 'Prepend domain name to search domains' was not selected

                                        Saved the DNS and SMB configurations so they can be restored

                                        Set ServerAddresses to 192.168.200.1

                                        Set SearchDomains   to openvpn

                                        Set DomainName       to openvpn

                                        Flushed the DNS Cache

                                        Setting up to monitor system configuration with process-network-changes

                                        End of output from client.up.tunnelblick.sh

                                        **********************************************

                                        add net xx.x..xx.xx: gateway xx.xx.xx.xx

                                        delete net 0.0.0.0: gateway xx.xx.xx.xx

                                        add net 0.0.0.0: gateway 10.8.0.5

                                        add net 192.168.200.0: gateway 10.8.0.5

2014-04-11 10:19:14 *Tunnelblick: No 'connected.sh' script to execute

2014-04-11 10:19:14 WARNING: potential route subnet conflict between local LAN [10.8.0.0/255.255.255.0] and remote VPN [10.8.0.0/255.255.255.0]

                                        add net 10.8.0.0: gateway 10.8.0.5

2014-04-11 10:19:14 WARNING: potential route subnet conflict between local LAN [10.8.0.0/255.255.255.0] and remote VPN [10.8.0.1/255.255.255.255]

                                        add net 10.8.0.1: gateway 10.8.0.5

2014-04-11 10:19:14 Initialization Sequence Completed

2014-04-11 10:19:19 *Tunnelblick process-network-changes: A system configuration change was ignored

2014-04-11 10:19:20 *Tunnelblick: This computer's apparent public IP address changed from xx.xx.xx.xx before connection to xx.xx.xx.xx after connection

================================================================================

Console Log:

2014-04-11 10:04:06 Tunnelblick[205] Set program update feedURL to https://www.tunnelblick.net/appcast-b.rss

================================================================================

Non-Apple kexts that are loaded:

Index Refs Address            Size       Wired      Name (Version) <Linked Against>

  126    0 0xffffff7f8209d000 0x6000     0x6000     net.tunnelblick.tun (1.0) <7 5 4 1>

[jkbull...gmail.com]

Your problem may be here:

2014-04-11 10:19:14 WARNING: potential route subnet conflict between local LAN [10.8.0.0/255.255.255.0] and remote VPN [10.8.0.0/255.255.255.0]

and

2014-04-11 10:19:14 WARNING: potential route subnet conflict between local LAN [10.8.0.0/255.255.255.0] and remote VPN [10.8.0.1/255.255.255.255]

This means that your local subnet (the IP address range of the LAN your computer is connected to) conflicts with the subnet of the VPN (the IP address range of the LAN of your VPN server or the IP address range that the VPN server gives out for your VPN connection to use).

This problem can happen if you are trying to connect to a VPN server on your local LAN _from_ your local LAN. Don't do that. :-)

Usually you solve this by changing your local LAN's subnet on the router that your computer connects to the Internet with.

[t.rie...@gmail.com]

I´ve seen this warnings but honestly I can´t understand why there are these two warnings.

Because my Local LAN and my remote VPN are different.

I´m getting this warnings no matter where I am.

From my friends WLAN, from public WLAN, from Office WLAN.

And every time, the local Ip Adress is different from the VPN IP Adresse.

The VPN Range ist 10.8.0.0 and the local LAN, no matter where I am ist 192.168.xxx.xxx

So either the message ist wrong, or I have a problem with my configuration.

By the way it is not possible to configure the VPN Server on the Synology Diskstation. You can only Start or Stop the Server or Chance the IP Adress Range of the VPN Server

[jkbull...gmail.com]

I'm sorry, I did not understand that the Synology Diskstation is providing BOTH the VPN and the file server.

The warnings may still be the problem. According to this page on the Synology website:

http://www.synology.com/en-uk/support/tutorials/459#t3.2

you _do_ set up the VPN on the Diskstation, including the IP address range that it gives out.

Try changing the OpenVPN server to to use a different range (10.12.0.0, for example). I don't know, but you may need to "Export configuration" and use the new configuration after you change the address range.

 

...