TLS handshake will not complete in tunnelblick: incoming plaintext read error
1,306 views
Skip to first unread message
cmw...@g.rit.edu
Jul 9, 2015, 11:51:50 AM7/9/15
to tunnelbli...@googlegroups.com
I am attempting to connect to a pfSense openVPN server using Tunnelblick 3.6beta06 as an administrator, but I am receiving a TLS handshake error each time I attempt to connect. I double checked the location of the tls key, as well as the contents of the key and they are correct on both the openVPN server, and on my local macbook. The log and configuration files have been posted below, any help would be appreciated.
*Tunnelblick: OS X 10.7.5; Tunnelblick 3.6beta06 (build 4346); Admin user
Configuration config
"Sanitized" condensed configuration file for /Users/cw/Library/Application Support/Tunnelblick/Configurations/config.tblk:
client
dev tap
proto tcp
remote 128.151.18.205 443
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert C.crt
key C.key
ns-cert-type server
tls-auth ta.key 1
cipher AES-128-CBC
auth SHA1
comp-lzo
verb 5
================================================================================
Non-Apple kexts that are loaded:
Index Refs Address Size Wired Name (Version) <Linked Against>
112 3 0xffffff7f826dc000 0x58000 0x58000 org.virtualbox.kext.VBoxDrv (4.3.28) <7 5 4 3 1>
113 0 0xffffff7f81d0e000 0x8000 0x8000 org.virtualbox.kext.VBoxUSB (4.3.28) <112 35 32 7 5 4 3 1>
114 0 0xffffff7f817be000 0x5000 0x5000 org.virtualbox.kext.VBoxNetFlt (4.3.28) <112 7 5 4 3 1>
115 0 0xffffff7f81ae2000 0x6000 0x6000 org.virtualbox.kext.VBoxNetAdp (4.3.28) <112 5 4 1>
================================================================================
There are no unusual files in config.tblk
================================================================================
Configuration preferences:
-lastConnectionSucceeded = 0
================================================================================
Wildcard preferences:
================================================================================
Program preferences:
launchAtNextLogin = 1
notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
askedUserIfOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
tunnelblickVersionHistory = (
"3.6beta06 (build 4346)"
)
statusDisplayNumber = 0
lastLaunchTime = 458148471.812864
connectionWindowDisplayCriteria = showWhenConnecting
maxLogDisplaySize = 102400
installationUID (not shown)
keyboardShortcutIndex = 1
updateCheckAutomatically = 1
updateSendProfileInfo = 1
NSWindow Frame SettingsSheetWindow = 372 98 829 424 0 0 1280 778
NSWindow Frame ConnectingWindow = 445 466 389 187 0 0 1280 778
detailsWindowFrameVersion = 4346
detailsWindowFrame = {{38, 151}, {1069, 596}}
detailsWindowLeftFrame = {{0, 0}, {196, 478}}
leftNavSelectedDisplayName = config
haveDealtWithSparkle1dot5b6 = 1
haveDealtWithOldTunTapPreferences = 1
haveDealtWithOldLoginItem = 1
SUEnableAutomaticChecks = 1
SUFeedURL = https://www.tunnelblick.net/appcast-b.rss
SUScheduledCheckInterval = 86400
SUSendProfileInfo = 1
SULastCheckTime = 2015-07-09 15:27:51 +0000
SULastProfileSubmissionDate = 2015-07-06 20:16:33 +0000
SUHasLaunchedBefore = 1
WebKitDefaultFontSize = 16
WebKitStandardFont = Times
================================================================================
Tunnelblick Log:
2015-07-09 11:28:05 *Tunnelblick: OS X 10.7.5; Tunnelblick 3.6beta06 (build 4346)
2015-07-09 11:28:06 *Tunnelblick: Attempting connection with config using shadow copy; Set nameserver = 1; monitoring connection
2015-07-09 11:28:06 *Tunnelblick: openvpnstart start config.tblk 1337 1 0 1 0 16754 -ptADGNWradsgnw 2.3.6
2015-07-09 11:28:07 *Tunnelblick: openvpnstart log:
OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.6/openvpn
--daemon
--log
/Library/Application Support/Tunnelblick/Logs/-SUsers-Scw-SLibrary-SApplication Support-STunnelblick-SConfigurations-Sconfig.tblk-SContents-SResources-Sconfig.ovpn.1_0_1_0_16754.1337.openvpn.log
--cd
/Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents/Resources
--verb
3
--config
/Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents/Resources/config.ovpn
--cd
/Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents/Resources
--management
127.0.0.1
1337
--management-query-passwords
--management-hold
--script-security
2
--up
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -a -d -f -m -w -ptADGNWradsgnw
--down
/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -a -d -f -m -w -ptADGNWradsgnw
--route-pre-down
/Applications/Tunnelblick.app/Contents/Resources/client.route-pre-down.tunnelblick.sh -a -d -f -m -w -ptADGNWradsgnw
2015-07-09 11:28:06 us=899028 Current Parameter Settings:
2015-07-09 11:28:06 us=899266 config = '/Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents/Resources/config.ovpn'
2015-07-09 11:28:06 us=899282 mode = 0
2015-07-09 11:28:06 us=899294 show_ciphers = DISABLED
2015-07-09 11:28:06 us=899307 show_digests = DISABLED
2015-07-09 11:28:06 us=899324 show_engines = DISABLED
2015-07-09 11:28:06 us=899337 genkey = DISABLED
2015-07-09 11:28:06 us=899349 key_pass_file = '[UNDEF]'
2015-07-09 11:28:06 us=899362 show_tls_ciphers = DISABLED
2015-07-09 11:28:06 us=899374 Connection profiles [default]:
2015-07-09 11:28:06 us=899387 proto = tcp-client
2015-07-09 11:28:06 us=899399 local = '[UNDEF]'
2015-07-09 11:28:06 us=899412 local_port = 0
2015-07-09 11:28:06 us=899424 remote = '128.151.18.205'
2015-07-09 11:28:06 us=899437 remote_port = 443
2015-07-09 11:28:06 us=899449 remote_float = DISABLED
2015-07-09 11:28:06 us=899461 bind_defined = DISABLED
2015-07-09 11:28:06 us=899473 bind_local = DISABLED
2015-07-09 11:28:06 us=899485 connect_retry_seconds = 5
2015-07-09 11:28:06 us=899497 connect_timeout = 10
2015-07-09 11:28:06 us=899510 connect_retry_max = 0
2015-07-09 11:28:06 us=899522 socks_proxy_server = '[UNDEF]'
2015-07-09 11:28:06 us=899535 socks_proxy_port = 0
2015-07-09 11:28:06 us=899547 socks_proxy_retry = DISABLED
2015-07-09 11:28:06 us=899560 tun_mtu = 1500
2015-07-09 11:28:06 us=899572 tun_mtu_defined = ENABLED
2015-07-09 11:28:06 us=899584 link_mtu = 1500
2015-07-09 11:28:06 us=899596 link_mtu_defined = DISABLED
2015-07-09 11:28:06 us=899609 tun_mtu_extra = 32
2015-07-09 11:28:06 us=899621 tun_mtu_extra_defined = ENABLED
2015-07-09 11:28:06 us=899633 mtu_discover_type = -1
2015-07-09 11:28:06 us=899645 fragment = 0
2015-07-09 11:28:06 us=899661 mssfix = 1450
2015-07-09 11:28:06 us=899674 explicit_exit_notification = 0
2015-07-09 11:28:06 us=899739 Connection profiles END
2015-07-09 11:28:06 us=899753 remote_random = DISABLED
2015-07-09 11:28:06 us=899766 ipchange = '[UNDEF]'
2015-07-09 11:28:06 us=899779 dev = 'tap'
2015-07-09 11:28:06 us=899791 dev_type = '[UNDEF]'
2015-07-09 11:28:06 us=899803 dev_node = '[UNDEF]'
2015-07-09 11:28:06 us=899816 lladdr = '[UNDEF]'
2015-07-09 11:28:06 us=899828 topology = 1
2015-07-09 11:28:06 us=899840 tun_ipv6 = DISABLED
2015-07-09 11:28:06 us=899853 ifconfig_local = '[UNDEF]'
2015-07-09 11:28:06 us=899865 ifconfig_remote_netmask = '[UNDEF]'
2015-07-09 11:28:06 us=899878 ifconfig_noexec = DISABLED
2015-07-09 11:28:06 us=899890 ifconfig_nowarn = DISABLED
2015-07-09 11:28:06 us=899902 ifconfig_ipv6_local = '[UNDEF]'
2015-07-09 11:28:06 us=899915 ifconfig_ipv6_netbits = 0
2015-07-09 11:28:06 us=899927 ifconfig_ipv6_remote = '[UNDEF]'
2015-07-09 11:28:06 us=899940 shaper = 0
2015-07-09 11:28:06 us=899952 mtu_test = 0
2015-07-09 11:28:06 us=899964 mlock = DISABLED
2015-07-09 11:28:06 us=899977 keepalive_ping = 0
2015-07-09 11:28:06 us=899989 keepalive_timeout = 0
2015-07-09 11:28:06 us=900001 inactivity_timeout = 0
2015-07-09 11:28:06 us=900014 ping_send_timeout = 0
2015-07-09 11:28:06 us=900026 ping_rec_timeout = 0
2015-07-09 11:28:06 us=900038 ping_rec_timeout_action = 0
2015-07-09 11:28:06 us=900050 ping_timer_remote = DISABLED
2015-07-09 11:28:06 us=900063 remap_sigusr1 = 0
2015-07-09 11:28:06 us=900075 persist_tun = ENABLED
2015-07-09 11:28:06 us=900087 persist_local_ip = DISABLED
2015-07-09 11:28:06 us=900099 persist_remote_ip = DISABLED
2015-07-09 11:28:06 us=900112 persist_key = ENABLED
2015-07-09 11:28:06 us=900124 passtos = DISABLED
2015-07-09 11:28:06 us=900136 resolve_retry_seconds = 1000000000
2015-07-09 11:28:06 us=900149 username = '[UNDEF]'
2015-07-09 11:28:06 us=900175 groupname = '[UNDEF]'
2015-07-09 11:28:06 us=900188 chroot_dir = '[UNDEF]'
2015-07-09 11:28:06 us=900200 cd_dir = '/Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents/Resources'
2015-07-09 11:28:06 us=900213 writepid = '[UNDEF]'
2015-07-09 11:28:06 us=900225 up_script = '/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -a -d -f -m -w -ptADGNWradsgnw'
2015-07-09 11:28:06 us=900238 down_script = '/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -a -d -f -m -w -ptADGNWradsgnw'
2015-07-09 11:28:06 us=900250 down_pre = DISABLED
2015-07-09 11:28:06 us=900262 up_restart = DISABLED
2015-07-09 11:28:06 us=900274 up_delay = DISABLED
2015-07-09 11:28:06 us=900286 daemon = ENABLED
2015-07-09 11:28:06 us=900299 inetd = 0
2015-07-09 11:28:06 us=900311 log = ENABLED
2015-07-09 11:28:06 us=900323 suppress_timestamps = DISABLED
2015-07-09 11:28:06 us=900335 nice = 0
2015-07-09 11:28:06 us=900347 verbosity = 5
2015-07-09 11:28:06 us=900359 mute = 0
2015-07-09 11:28:06 us=900371 status_file = '[UNDEF]'
2015-07-09 11:28:06 us=900383 status_file_version = 1
2015-07-09 11:28:06 us=900396 status_file_update_freq = 60
2015-07-09 11:28:06 us=900408 occ = ENABLED
2015-07-09 11:28:06 us=900420 rcvbuf = 65536
2015-07-09 11:28:06 us=900436 sndbuf = 65536
2015-07-09 11:28:06 us=900449 sockflags = 0
2015-07-09 11:28:06 us=900461 fast_io = DISABLED
2015-07-09 11:28:06 us=900473 lzo = 7
2015-07-09 11:28:06 us=900485 route_script = '[UNDEF]'
2015-07-09 11:28:06 us=900497 route_default_gateway = '[UNDEF]'
2015-07-09 11:28:06 us=900509 route_default_metric = 0
2015-07-09 11:28:06 us=900522 route_noexec = DISABLED
2015-07-09 11:28:06 us=900534 route_delay = 0
2015-07-09 11:28:06 us=900550 route_delay_window = 30
2015-07-09 11:28:06 us=900563 route_delay_defined = DISABLED
2015-07-09 11:28:06 us=900576 route_nopull = DISABLED
2015-07-09 11:28:06 us=900589 route_gateway_via_dhcp = DISABLED
2015-07-09 11:28:06 us=900602 max_routes = 100
2015-07-09 11:28:06 us=900614 allow_pull_fqdn = DISABLED
2015-07-09 11:28:06 us=900627 management_addr = '127.0.0.1'
2015-07-09 11:28:06 us=900639 management_port = 1337
2015-07-09 11:28:06 us=900652 management_user_pass = '[UNDEF]'
2015-07-09 11:28:06 us=900665 management_log_history_cache = 250
2015-07-09 11:28:06 us=900678 management_echo_buffer_size = 100
2015-07-09 11:28:06 us=900691 management_write_peer_info_file = '[UNDEF]'
2015-07-09 11:28:06 us=900704 management_client_user = '[UNDEF]'
2015-07-09 11:28:06 us=900716 management_client_group = '[UNDEF]'
2015-07-09 11:28:06 us=900729 management_flags = 6
2015-07-09 11:28:06 us=900742 shared_secret_file = '[UNDEF]'
2015-07-09 11:28:06 us=900755 key_direction = 2
2015-07-09 11:28:06 us=900767 ciphername_defined = ENABLED
2015-07-09 11:28:06 us=900780 ciphername = 'AES-128-CBC'
2015-07-09 11:28:06 us=900792 authname_defined = ENABLED
2015-07-09 11:28:06 us=900805 authname = 'SHA1'
2015-07-09 11:28:06 us=900817 prng_hash = 'SHA1'
2015-07-09 11:28:06 us=900830 prng_nonce_secret_len = 16
2015-07-09 11:28:06 us=900843 keysize = 0
2015-07-09 11:28:06 us=900855 engine = DISABLED
2015-07-09 11:28:06 us=900868 replay = ENABLED
2015-07-09 11:28:06 us=900881 mute_replay_warnings = DISABLED
2015-07-09 11:28:06 us=900894 replay_window = 64
2015-07-09 11:28:06 us=900906 replay_time = 15
2015-07-09 11:28:06 us=900919 packet_id_file = '[UNDEF]'
2015-07-09 11:28:06 us=900931 use_iv = ENABLED
2015-07-09 11:28:06 us=900944 test_crypto = DISABLED
2015-07-09 11:28:06 us=900957 tls_server = DISABLED
2015-07-09 11:28:06 us=900969 tls_client = ENABLED
2015-07-09 11:28:06 us=900995 key_method = 2
2015-07-09 11:28:06 us=901008 ca_file = 'ca.crt'
2015-07-09 11:28:06 us=901021 ca_path = '[UNDEF]'
2015-07-09 11:28:06 us=901033 dh_file = '[UNDEF]'
2015-07-09 11:28:06 us=901045 cert_file = 'Craig.crt'
2015-07-09 11:28:06 us=901058 priv_key_file = 'Craig.key'
2015-07-09 11:28:06 us=901071 pkcs12_file = '[UNDEF]'
2015-07-09 11:28:06 us=901083 cipher_list = '[UNDEF]'
2015-07-09 11:28:06 us=901095 tls_verify = '[UNDEF]'
2015-07-09 11:28:06 us=901108 tls_export_cert = '[UNDEF]'
2015-07-09 11:28:06 us=901120 verify_x509_type = 0
2015-07-09 11:28:06 us=901133 verify_x509_name = '[UNDEF]'
2015-07-09 11:28:06 us=901145 crl_file = '[UNDEF]'
2015-07-09 11:28:06 us=901158 ns_cert_type = 1
2015-07-09 11:28:06 us=901171 remote_cert_ku[i] = 0
2015-07-09 11:28:06 us=901183 remote_cert_ku[i] = 0
2015-07-09 11:28:06 us=901196 remote_cert_ku[i] = 0
2015-07-09 11:28:06 us=901208 remote_cert_ku[i] = 0
2015-07-09 11:28:06 us=901221 remote_cert_ku[i] = 0
2015-07-09 11:28:06 us=901234 remote_cert_ku[i] = 0
2015-07-09 11:28:06 us=901246 remote_cert_ku[i] = 0
2015-07-09 11:28:06 us=901259 remote_cert_ku[i] = 0
2015-07-09 11:28:06 us=901271 remote_cert_ku[i] = 0
2015-07-09 11:28:06 us=901283 remote_cert_ku[i] = 0
2015-07-09 11:28:06 us=901296 remote_cert_ku[i] = 0
2015-07-09 11:28:06 us=901308 remote_cert_ku[i] = 0
2015-07-09 11:28:06 us=901321 remote_cert_ku[i] = 0
2015-07-09 11:28:06 us=901333 remote_cert_ku[i] = 0
2015-07-09 11:28:06 us=901346 remote_cert_ku[i] = 0
2015-07-09 11:28:06 us=901358 remote_cert_ku[i] = 0
2015-07-09 11:28:06 us=901370 remote_cert_eku = '[UNDEF]'
2015-07-09 11:28:06 us=901383 ssl_flags = 0
2015-07-09 11:28:06 us=901399 tls_timeout = 2
2015-07-09 11:28:06 us=901411 renegotiate_bytes = 0
2015-07-09 11:28:06 us=901424 renegotiate_packets = 0
2015-07-09 11:28:06 us=901447 renegotiate_seconds = 3600
2015-07-09 11:28:06 us=901459 handshake_window = 60
2015-07-09 11:28:06 us=901471 transition_window = 3600
2015-07-09 11:28:06 us=901482 single_session = DISABLED
2015-07-09 11:28:06 us=901494 push_peer_info = DISABLED
2015-07-09 11:28:06 us=901506 tls_exit = DISABLED
2015-07-09 11:28:06 us=901518 tls_auth_file = 'ta.key'
2015-07-09 11:28:06 us=901530 pkcs11_protected_authentication = DISABLED
2015-07-09 11:28:06 us=901542 pkcs11_protected_authentication = DISABLED
2015-07-09 11:28:06 us=901554 pkcs11_protected_authentication = DISABLED
2015-07-09 11:28:06 us=901566 pkcs11_protected_authentication = DISABLED
2015-07-09 11:28:06 us=901579 pkcs11_protected_authentication = DISABLED
2015-07-09 11:28:06 us=901590 pkcs11_protected_authentication = DISABLED
2015-07-09 11:28:06 us=901602 pkcs11_protected_authentication = DISABLED
2015-07-09 11:28:06 us=901614 pkcs11_protected_authentication = DISABLED
2015-07-09 11:28:06 us=901626 pkcs11_protected_authentication = DISABLED
2015-07-09 11:28:06 us=901638 pkcs11_protected_authentication = DISABLED
2015-07-09 11:28:06 us=901650 pkcs11_protected_authentication = DISABLED
2015-07-09 11:28:06 us=901662 pkcs11_protected_authentication = DISABLED
2015-07-09 11:28:06 us=901674 pkcs11_protected_authentication = DISABLED
2015-07-09 11:28:06 us=901686 pkcs11_protected_authentication = DISABLED
2015-07-09 11:28:06 us=901698 pkcs11_protected_authentication = DISABLED
2015-07-09 11:28:06 us=901710 pkcs11_protected_authentication = DISABLED
2015-07-09 11:28:06 us=901723 pkcs11_private_mode = 00000000
2015-07-09 11:28:06 us=901735 pkcs11_private_mode = 00000000
2015-07-09 11:28:06 us=901747 pkcs11_private_mode = 00000000
2015-07-09 11:28:06 us=901759 pkcs11_private_mode = 00000000
2015-07-09 11:28:06 us=901771 pkcs11_private_mode = 00000000
2015-07-09 11:28:06 us=901795 pkcs11_private_mode = 00000000
2015-07-09 11:28:06 us=901807 pkcs11_private_mode = 00000000
2015-07-09 11:28:06 us=901820 pkcs11_private_mode = 00000000
2015-07-09 11:28:06 us=901832 pkcs11_private_mode = 00000000
2015-07-09 11:28:06 us=901844 pkcs11_private_mode = 00000000
2015-07-09 11:28:06 us=901856 pkcs11_private_mode = 00000000
2015-07-09 11:28:06 us=901868 pkcs11_private_mode = 00000000
2015-07-09 11:28:06 us=901880 pkcs11_private_mode = 00000000
2015-07-09 11:28:06 us=901892 pkcs11_private_mode = 00000000
2015-07-09 11:28:06 us=901904 pkcs11_private_mode = 00000000
2015-07-09 11:28:06 us=901917 pkcs11_private_mode = 00000000
2015-07-09 11:28:06 us=901929 pkcs11_cert_private = DISABLED
2015-07-09 11:28:06 us=901941 pkcs11_cert_private = DISABLED
2015-07-09 11:28:06 us=901953 pkcs11_cert_private = DISABLED
2015-07-09 11:28:06 us=901964 pkcs11_cert_private = DISABLED
2015-07-09 11:28:06 us=901976 pkcs11_cert_private = DISABLED
2015-07-09 11:28:06 us=901988 pkcs11_cert_private = DISABLED
2015-07-09 11:28:06 us=902000 pkcs11_cert_private = DISABLED
2015-07-09 11:28:06 us=902012 pkcs11_cert_private = DISABLED
2015-07-09 11:28:06 us=902024 pkcs11_cert_private = DISABLED
2015-07-09 11:28:06 us=902036 pkcs11_cert_private = DISABLED
2015-07-09 11:28:06 us=902048 pkcs11_cert_private = DISABLED
2015-07-09 11:28:06 us=902060 pkcs11_cert_private = DISABLED
2015-07-09 11:28:06 us=902072 pkcs11_cert_private = DISABLED
2015-07-09 11:28:06 us=902084 pkcs11_cert_private = DISABLED
2015-07-09 11:28:06 us=902096 pkcs11_cert_private = DISABLED
2015-07-09 11:28:06 us=902108 pkcs11_cert_private = DISABLED
2015-07-09 11:28:06 us=902120 pkcs11_pin_cache_period = -1
2015-07-09 11:28:06 us=902132 pkcs11_id = '[UNDEF]'
2015-07-09 11:28:06 us=902144 pkcs11_id_management = DISABLED
2015-07-09 11:28:06 us=902172 server_network = 0.0.0.0
2015-07-09 11:28:06 us=902186 server_netmask = 0.0.0.0
2015-07-09 11:28:06 us=902203 server_network_ipv6 = ::
2015-07-09 11:28:06 us=902216 server_netbits_ipv6 = 0
2015-07-09 11:28:06 us=902229 server_bridge_ip = 0.0.0.0
2015-07-09 11:28:06 us=902242 server_bridge_netmask = 0.0.0.0
2015-07-09 11:28:06 us=902255 server_bridge_pool_start = 0.0.0.0
2015-07-09 11:28:06 us=902269 server_bridge_pool_end = 0.0.0.0
2015-07-09 11:28:06 us=902281 ifconfig_pool_defined = DISABLED
2015-07-09 11:28:06 us=902294 ifconfig_pool_start = 0.0.0.0
2015-07-09 11:28:06 us=902307 ifconfig_pool_end = 0.0.0.0
2015-07-09 11:28:06 us=902320 ifconfig_pool_netmask = 0.0.0.0
2015-07-09 11:28:06 us=902332 ifconfig_pool_persist_filename = '[UNDEF]'
2015-07-09 11:28:06 us=902345 ifconfig_pool_persist_refresh_freq = 600
2015-07-09 11:28:06 us=902357 ifconfig_ipv6_pool_defined = DISABLED
2015-07-09 11:28:06 us=902369 ifconfig_ipv6_pool_base = ::
2015-07-09 11:28:06 us=902382 ifconfig_ipv6_pool_netbits = 0
2015-07-09 11:28:06 us=902394 n_bcast_buf = 256
2015-07-09 11:28:06 us=902406 tcp_queue_limit = 64
2015-07-09 11:28:06 us=902417 real_hash_size = 256
2015-07-09 11:28:06 us=902429 virtual_hash_size = 256
2015-07-09 11:28:06 us=902441 client_connect_script = '[UNDEF]'
2015-07-09 11:28:06 us=902453 learn_address_script = '[UNDEF]'
2015-07-09 11:28:06 us=902465 client_disconnect_script = '[UNDEF]'
2015-07-09 11:28:06 us=902477 client_config_dir = '[UNDEF]'
2015-07-09 11:28:06 us=902489 ccd_exclusive = DISABLED
2015-07-09 11:28:06 us=902503 tmp_dir = '/var/folders/tb/wr4sybb57x165vflq090gy700000gp/T/'
2015-07-09 11:28:06 us=902516 push_ifconfig_defined = DISABLED
2015-07-09 11:28:06 us=902529 push_ifconfig_local = 0.0.0.0
2015-07-09 11:28:06 us=902542 push_ifconfig_remote_netmask = 0.0.0.0
2015-07-09 11:28:06 us=902566 push_ifconfig_ipv6_defined = DISABLED
2015-07-09 11:28:06 us=902579 push_ifconfig_ipv6_local = ::/0
2015-07-09 11:28:06 us=902592 push_ifconfig_ipv6_remote = ::
2015-07-09 11:28:06 us=902606 enable_c2c = DISABLED
2015-07-09 11:28:06 us=902618 duplicate_cn = DISABLED
2015-07-09 11:28:06 us=902630 cf_max = 0
2015-07-09 11:28:06 us=902642 cf_per = 0
2015-07-09 11:28:06 us=902656 max_clients = 1024
2015-07-09 11:28:06 us=902668 max_routes_per_client = 256
2015-07-09 11:28:06 us=902681 auth_user_pass_verify_script = '[UNDEF]'
2015-07-09 11:28:06 us=902693 auth_user_pass_verify_script_via_file = DISABLED
2015-07-09 11:28:06 us=902705 port_share_host = '[UNDEF]'
2015-07-09 11:28:06 us=902717 port_share_port = 0
2015-07-09 11:28:06 us=902729 client = ENABLED
2015-07-09 11:28:06 us=902741 pull = ENABLED
2015-07-09 11:28:06 us=902754 auth_user_pass_file = '[UNDEF]'
2015-07-09 11:28:06 us=902768 OpenVPN 2.3.6 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Jun 12 2015
2015-07-09 11:28:06 us=902787 library versions: OpenSSL 1.0.2c 12 Jun 2015, LZO 2.09
2015-07-09 11:28:06 us=903537 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337
2015-07-09 11:28:06 us=904082 Need hold release from management interface, waiting...
2015-07-09 11:28:06 *Tunnelblick: openvpnstart starting OpenVPN
2015-07-09 11:28:07 *Tunnelblick: Established communication with OpenVPN
2015-07-09 11:28:07 us=631138 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337
2015-07-09 11:28:07 us=657374 MANAGEMENT: CMD 'pid'
2015-07-09 11:28:07 us=657681 MANAGEMENT: CMD 'state on'
2015-07-09 11:28:07 us=657830 MANAGEMENT: CMD 'state'
2015-07-09 11:28:07 us=658059 MANAGEMENT: CMD 'bytecount 1'
2015-07-09 11:28:07 us=658203 MANAGEMENT: CMD 'hold release'
2015-07-09 11:28:07 us=658652 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2015-07-09 11:28:07 us=659973 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
2015-07-09 11:28:07 us=660236 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2015-07-09 11:28:07 us=660362 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2015-07-09 11:28:07 us=660501 LZO compression initialized
2015-07-09 11:28:07 us=660731 Control Channel MTU parms [ L:1592 D:168 EF:68 EB:0 ET:0 EL:0 ]
2015-07-09 11:28:07 us=660910 Socket Buffers: R=[262140->65536] S=[131070->65536]
2015-07-09 11:28:07 us=661409 Data Channel MTU parms [ L:1592 D:1450 EF:60 EB:135 ET:32 EL:0 AF:3/1 ]
2015-07-09 11:28:07 us=661576 Local Options String: 'V4,dev-type tap,link-mtu 1592,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
2015-07-09 11:28:07 us=661685 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1592,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
2015-07-09 11:28:07 us=661922 Local Options hash (VER=V4): '29f6c8b2'
2015-07-09 11:28:07 us=662035 Expected Remote Options hash (VER=V4): '3d4363c6'
2015-07-09 11:28:07 us=662156 Attempting to establish TCP connection with [AF_INET]128.151.18.205:443 [nonblock]
2015-07-09 11:28:07 us=662272 MANAGEMENT: >STATE:1436455687,TCP_CONNECT,,,
2015-07-09 11:28:08 us=663652 TCP connection established with [AF_INET]128.151.18.205:443
2015-07-09 11:28:08 us=664578 TCPv4_CLIENT link local: [undef]
2015-07-09 11:28:08 us=665636 TCPv4_CLIENT link remote: [AF_INET]128.151.18.205:443
2015-07-09 11:28:08 us=665799 MANAGEMENT: >STATE:1436455688,WAIT,,,
WRThu Jul 9 11:28:08 2015 us=669186 MANAGEMENT: >STATE:1436455688,AUTH,,,
2015-07-09 11:28:08 us=669486 TLS: Initial packet from [AF_INET]128.151.18.205:443, sid=869715af 2d8bce29
WWWWRRRWRRRWWRWRWRRWWRWRWRRWWRWRWRThu Jul 9 11:28:08 2015 us=685470 VERIFY ERROR: depth=0, error=self signed certificate: C=US, ST=State, L=Locality, O=pfSense webConfigurator Self-Signed Certificate, emailAddress=ad...@pfSense.localdomain, CN=pfSense-559a8e35a90d9
2015-07-09 11:28:08 us=685977 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2015-07-09 11:28:08 us=686136 TLS Error: TLS object -> incoming plaintext read error
2015-07-09 11:28:08 us=686240 TLS Error: TLS handshake failed
2015-07-09 11:28:08 us=686443 Fatal TLS error (check_tls_errors_co), restarting
2015-07-09 11:28:08 us=686583 TCP/UDP: Closing socket
2015-07-09 11:28:08 us=687186 SIGUSR1[soft,tls-error] received, process restarting
2015-07-09 11:28:08 us=687437 MANAGEMENT: >STATE:1436455688,RECONNECTING,tls-error,,
2015-07-09 11:28:08 us=770197 MANAGEMENT: CMD 'hold release'
2015-07-09 11:28:08 us=770420 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2015-07-09 11:28:08 us=770574 Re-using SSL/TLS context
2015-07-09 11:28:08 us=770688 LZO compression initialized
2015-07-09 11:28:08 us=770912 Control Channel MTU parms [ L:1592 D:168 EF:68 EB:0 ET:0 EL:0 ]
2015-07-09 11:28:08 us=771097 Socket Buffers: R=[262140->65536] S=[131070->65536]
2015-07-09 11:28:08 us=771347 Data Channel MTU parms [ L:1592 D:1450 EF:60 EB:135 ET:32 EL:0 AF:3/1 ]
2015-07-09 11:28:08 us=771480 Local Options String: 'V4,dev-type tap,link-mtu 1592,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
2015-07-09 11:28:08 us=771586 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1592,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
2015-07-09 11:28:08 us=771702 Local Options hash (VER=V4): '29f6c8b2'
2015-07-09 11:28:08 us=771814 Expected Remote Options hash (VER=V4): '3d4363c6'
2015-07-09 11:28:08 us=771927 Attempting to establish TCP connection with [AF_INET]128.151.18.205:443 [nonblock]
2015-07-09 11:28:08 us=772034 MANAGEMENT: >STATE:1436455688,TCP_CONNECT,,,
2015-07-09 11:28:09 us=772897 TCP connection established with [AF_INET]128.151.18.205:443
2015-07-09 11:28:09 us=773342 TCPv4_CLIENT link local: [undef]
2015-07-09 11:28:09 us=773461 TCPv4_CLIENT link remote: [AF_INET]128.151.18.205:443
2015-07-09 11:28:09 us=773646 MANAGEMENT: >STATE:1436455689,WAIT,,,
WRThu Jul 9 11:28:09 2015 us=780248 MANAGEMENT: >STATE:1436455689,AUTH,,,
2015-07-09 11:28:09 us=780543 TLS: Initial packet from [AF_INET]128.151.18.205:443, sid=dccda6c5 5e55eff2
RRWRRRWWRWRRRWWRWRRRWWRWRRThu Jul 9 11:28:09 2015 us=793044 VERIFY ERROR: depth=0, error=self signed certificate: C=US, ST=State, L=Locality, O=pfSense webConfigurator Self-Signed Certificate, emailAddress=ad...@pfSense.localdomain, CN=pfSense-559a8e35a90d9
2015-07-09 11:28:09 us=793330 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2015-07-09 11:28:09 us=793540 TLS Error: TLS object -> incoming plaintext read error
2015-07-09 11:28:09 us=793691 TLS Error: TLS handshake failed
2015-07-09 11:28:09 us=794064 Fatal TLS error (check_tls_errors_co), restarting
2015-07-09 11:28:09 us=794271 TCP/UDP: Closing socket
2015-07-09 11:28:09 us=794461 SIGUSR1[soft,tls-error] received, process restarting
2015-07-09 11:28:09 us=794610 MANAGEMENT: >STATE:1436455689,RECONNECTING,tls-error,,
2015-07-09 11:28:09 us=870250 MANAGEMENT: CMD 'hold release'
2015-07-09 11:28:09 us=870716 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2015-07-09 11:28:09 us=871066 Re-using SSL/TLS context
2015-07-09 11:28:09 us=871188 LZO compression initialized
2015-07-09 11:28:09 us=871356 Control Channel MTU parms [ L:1592 D:168 EF:68 EB:0 ET:0 EL:0 ]
2015-07-09 11:28:09 us=871517 Socket Buffers: R=[262140->65536] S=[131070->65536]
2015-07-09 11:28:09 us=871748 Data Channel MTU parms [ L:1592 D:1450 EF:60 EB:135 ET:32 EL:0 AF:3/1 ]
2015-07-09 11:28:09 us=871890 Local Options String: 'V4,dev-type tap,link-mtu 1592,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
2015-07-09 11:28:09 us=871995 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1592,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
2015-07-09 11:28:09 us=872109 Local Options hash (VER=V4): '29f6c8b2'
2015-07-09 11:28:09 us=872220 Expected Remote Options hash (VER=V4): '3d4363c6'
2015-07-09 11:28:09 us=872331 Attempting to establish TCP connection with [AF_INET]128.151.18.205:443 [nonblock]
2015-07-09 11:28:09 us=872437 MANAGEMENT: >STATE:1436455689,TCP_CONNECT,,,
2015-07-09 11:28:10 *Tunnelblick: Disconnecting; VPN Details… window disconnect button pressed
2015-07-09 11:28:10 *Tunnelblick: Disconnecting using 'kill'
2015-07-09 11:28:10 us=395419 TCP/UDP: Closing socket
2015-07-09 11:28:10 us=395717 SIGTERM[hard,init_instance] received, process exiting
2015-07-09 11:28:10 us=395831 MANAGEMENT: >STATE:1436455690,EXITING,init_instance,,
2015-07-09 11:28:11 *Tunnelblick: No 'post-disconnect.sh' script to execute
2015-07-09 11:28:11 *Tunnelblick: Expected disconnection occurred.
================================================================================
"Sanitized" full configuration file
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
dev tap
;dev tun
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
proto tcp
;proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote X.X.X.X 443
;remote my-server-2 1194
# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.
;remote-random
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Downgrade privileges after initialization (non-Windows only)
;user nobody
;group nobody
# Try to preserve some state across restarts.
persist-key
persist-tun
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings
# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
ca ca.crt
cert C.crt
key C.key
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# https://urldefense.proofpoint.com/v2/url?u=http-3A__openvpn.net_howto.html-23mitm&d=BQICAg&c=kbmfwr1Yojg42sGEpaQh5ofMHBeTl9EI2eaqQZhHbOU&r=Inw718_LZnUK
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
ns-cert-type server
# If a tls-auth key is used on the server
# then every client must also have the key.
tls-auth ta.key 1
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
cipher AES-128-CBC
auth SHA1
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
# Set log file verbosity.
verb 5
# End of file
================================================================================
ifconfig output:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=27<RXCSUM,TXCSUM,VLAN_MTU,TSO4>
ether 34:15:9e:32:ce:46
media: autoselect
status: inactive
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 58:b0:35:84:03:bd
inet6 fe80::5ab0:35ff:fe84:3bd%en1 prefixlen 64 scopeid 0x5
inet 10.5.10.98 netmask 0xffffc000 broadcast 10.5.63.255
media: autoselect
status: active
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether 0a:b0:35:84:03:bd
media: autoselect
status: inactive
================================================================================
Console Log:
2015-07-09 09:04:02 Tunnelblick[353] Set program update feedURL to https://www.tunnelblick.net/appcast-b.rss
2015-07-09 09:04:05 Tunnelblick[353] DEBUG: Updater: systemVersion 10.7.5 satisfies minimumSystemVersion 10.4.0
2015-07-09 09:04:05 Tunnelblick[353] DEBUG: Updater: systemVersion 10.7.5 satisfies minimumSystemVersion 10.4.0
2015-07-09 09:15:50 tunnelblickd[480] Status = 252 from tunnelblick-helper command 'compareShadowCopy config'
2015-07-09 09:15:50 Tunnelblick[353] tunnelblickd status from compareShadowCopy: 252
2015-07-09 09:15:54 Tunnelblick[353] Beginning installation or repair
2015-07-09 09:15:54 authexec[486] executing /Applications/Tunnelblick.app/Contents/Resources/installer
2015-07-09 09:15:55 Tunnelblick[353] Installation or repair succeeded; Log:
Tunnelblick installer started 2015-07-09 09:15:54. 3 arguments: 0x0001
/Library/Application Support/Tunnelblick/Users/cw/config.tblk
/Users/cw/Library/Application Support/Tunnelblick/Configurations/config.tblk
Copied /Users/cw/Library/Application Support/Tunnelblick/Configurations/config.tblk
to /Library/Application Support/Tunnelblick/Users/cw/config.tblk.temp
Renamed /Library/Application Support/Tunnelblick/Users/cw/config.tblk.temp
to /Library/Application Support/Tunnelblick/Users/cw/config.tblk
Changed ownership of /Library/Application Support/Tunnelblick/Users/cw/config.tblk and its contents from 502:80 to 0:0
Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/cw/config.tblk
Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents
Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents/Resources
Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents/Resources/ca.crt
Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents/Resources/config.ovpn
Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents/Resources/C.crt
Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents/Resources/C.key
Tunnelblick installer finished without error
2015-07-09 09:15:55 Tunnelblick[353] Created or updated secure (shadow) copy of configuration file /Users/cw/Library/Application Support/Tunnelblick/Configurations/config.tblk
2015-07-09 09:15:56 tunnelblickd[480] Status = 251 from tunnelblick-helper command 'start config.tblk 1337 1 0 1 0 16754 -ptADGNWradsgnw 2.3.6'
2015-07-09 09:15:56 Tunnelblick[353] tunnelblickd status from start: 251
2015-07-09 09:19:07 tunnelblickd[504] Status = 252 from tunnelblick-helper command 'compareShadowCopy config'
2015-07-09 09:19:07 Tunnelblick[353] tunnelblickd status from compareShadowCopy: 252
2015-07-09 09:19:10 Tunnelblick[353] Beginning installation or repair
2015-07-09 09:19:10 authexec[508] executing /Applications/Tunnelblick.app/Contents/Resources/installer
2015-07-09 09:19:11 Tunnelblick[353] Installation or repair succeeded; Log:
Tunnelblick installer started 2015-07-09 09:19:10. 3 arguments: 0x0001
/Library/Application Support/Tunnelblick/Users/cw/config.tblk
/Users/cw/Library/Application Support/Tunnelblick/Configurations/config.tblk
Copied /Users/cw/Library/Application Support/Tunnelblick/Configurations/config.tblk
to /Library/Application Support/Tunnelblick/Users/cw/config.tblk.temp
Renamed /Library/Application Support/Tunnelblick/Users/cw/config.tblk.temp
to /Library/Application Support/Tunnelblick/Users/cw/config.tblk
Changed ownership of /Library/Application Support/Tunnelblick/Users/cw/config.tblk and its contents from 502:80 to 0:0
Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/cw/config.tblk
Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents
Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents/Resources
Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents/Resources/ca.crt
Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents/Resources/config.ovpn
Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents/Resources/C.crt
Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents/Resources/C.key
Tunnelblick installer finished without error
2015-07-09 09:19:11 Tunnelblick[353] Created or updated secure (shadow) copy of configuration file /Users/cw/Library/Application Support/Tunnelblick/Configurations/config.tblk
2015-07-09 09:19:12 tunnelblickd[504] Status = 251 from tunnelblick-helper command 'start config.tblk 1337 1 0 1 0 16754 -ptADGNWradsgnw 2.3.6'
2015-07-09 09:19:13 Tunnelblick[353] tunnelblickd status from start: 251
2015-07-09 09:22:15 Tunnelblick[353] Converting/Installing /Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents/Resources/config.ovpn: File '/Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents/Resources/config.ovpn' is missing.
2015-07-09 09:22:39 tunnelblickd[522] Status = 252 from tunnelblick-helper command 'compareShadowCopy config'
2015-07-09 09:22:39 Tunnelblick[353] tunnelblickd status from compareShadowCopy: 252
2015-07-09 09:23:05 Tunnelblick[353] Beginning installation or repair
2015-07-09 09:23:05 authexec[527] executing /Applications/Tunnelblick.app/Contents/Resources/installer
2015-07-09 09:23:06 Tunnelblick[353] Installation or repair succeeded; Log:
Tunnelblick installer started 2015-07-09 09:23:05. 2 arguments: 0x2001
/Users/cweaver/Library/Application Support/Tunnelblick/Configurations/config.tblk
removed /Users/cw/Library/Application Support/Tunnelblick/Configurations/config.tblk
removed /Library/Application Support/Tunnelblick/Users/cw/config.tblk
Tunnelblick installer finished without error
2015-07-09 09:23:06 Tunnelblick[353] Uninstalled configuration file /Users/cw/Library/Application Support/Tunnelblick/Configurations/config.tblk
2015-07-09 09:23:25 Tunnelblick[353] Converting/Installing /Users/cw/Desktop/newConfig/config.ovpn at line 88: Copied ca.crt
2015-07-09 09:23:25 Tunnelblick[353] Changed permissions from 700 to 740 on /private/var/folders/tb/wr4sybb57x165vflq090gy700000gp/T/Tunnelblick-dKBl8h/config.tblk/Contents/Resources/ca.crt
2015-07-09 09:23:25 Tunnelblick[353] Converting/Installing /Users/cw/Desktop/newConfig/config.ovpn at line 89: Copied C.crt
2015-07-09 09:23:25 Tunnelblick[353] Changed permissions from 700 to 740 on /private/var/folders/tb/wr4sybb57x165vflq090gy700000gp/T/Tunnelblick-dKBl8h/config.tblk/Contents/Resources/C.crt
2015-07-09 09:23:25 Tunnelblick[353] Converting/Installing /Users/cw/Desktop/newConfig/config.ovpn at line 90: Copied C.key
2015-07-09 09:23:25 Tunnelblick[353] Changed permissions from 700 to 740 on /private/var/folders/tb/wr4sybb57x165vflq090gy700000gp/T/Tunnelblick-dKBl8h/config.tblk/Contents/Resources/C.key
2015-07-09 09:23:25 Tunnelblick[353] Converting/Installing /Users/cw/Desktop/newConfig/config.ovpn at line 107: Copied ta.key
2015-07-09 09:23:25 Tunnelblick[353] Changed permissions from 666 to 740 on /private/var/folders/tb/wr4sybb57x165vflq090gy700000gp/T/Tunnelblick-dKBl8h/config.tblk/Contents/Resources/ta.key
2015-07-09 09:23:25 Tunnelblick[353] Converting/Installing /Users/cw/Desktop/newConfig/config.ovpn: Converted OpenVPN configuration
2015-07-09 09:23:32 Tunnelblick[353] Beginning installation or repair
2015-07-09 09:23:32 authexec[536] executing /Applications/Tunnelblick.app/Contents/Resources/installer
2015-07-09 09:23:33 Tunnelblick[353] Installation or repair succeeded; Log:
Tunnelblick installer started 2015-07-09 09:23:32. 3 arguments: 0x0001
/Users/cw/Library/Application Support/Tunnelblick/Configurations/config.tblk
/private/var/folders/tb/wr4sybb57x165vflq090gy700000gp/T/Tunnelblick-dKBl8h/config.tblk
Copied /private/var/folders/tb/wr4sybb57x165vflq090gy700000gp/T/Tunnelblick-dKBl8h/config.tblk
to /Users/cw/Library/Application Support/Tunnelblick/Configurations/config.tblk.temp
Renamed /Users/cw/Library/Application Support/Tunnelblick/Configurations/config.tblk.temp
to /Users/cw/Library/Application Support/Tunnelblick/Configurations/config.tblk
Changed ownership of /Users/cw/Library/Application Support/Tunnelblick/Configurations/config.tblk and its contents from 502:20 to 502:80
Copied /Users/cw/Library/Application Support/Tunnelblick/Configurations/config.tblk
to /Library/Application Support/Tunnelblick/Users/cw/config.tblk.temp
Renamed /Library/Application Support/Tunnelblick/Users/cw/config.tblk.temp
to /Library/Application Support/Tunnelblick/Users/cw/config.tblk
Changed ownership of /Library/Application Support/Tunnelblick/Users/cw/config.tblk and its contents from 502:80 to 0:0
Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/cw/config.tblk
Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents
Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents/Resources
Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents/Resources/ca.crt
Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents/Resources/config.ovpn
Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents/Resources/Craig.crt
Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents/Resources/Craig.key
Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents/Resources/ta.key
Created secure (shadow) copy of config.tblk
Tunnelblick installer finished without error
2015-07-09 09:26:32 tunnelblickd[546] Status = 252 from tunnelblick-helper command 'compareShadowCopy config'
2015-07-09 09:26:32 Tunnelblick[353] tunnelblickd status from compareShadowCopy: 252
2015-07-09 09:26:35 Tunnelblick[353] Beginning installation or repair
2015-07-09 09:26:35 authexec[551] executing /Applications/Tunnelblick.app/Contents/Resources/installer
2015-07-09 09:26:36 Tunnelblick[353] Installation or repair succeeded; Log:
Tunnelblick installer started 2015-07-09 09:26:35. 3 arguments: 0x0001
/Library/Application Support/Tunnelblick/Users/cw/config.tblk
/Users/cw/Library/Application Support/Tunnelblick/Configurations/config.tblk
Copied /Users/cw/Library/Application Support/Tunnelblick/Configurations/config.tblk
to /Library/Application Support/Tunnelblick/Users/cw/config.tblk.temp
Renamed /Library/Application Support/Tunnelblick/Users/cw/config.tblk.temp
to /Library/Application Support/Tunnelblick/Users/cw/config.tblk
Changed ownership of /Library/Application Support/Tunnelblick/Users/cw/config.tblk and its contents from 502:80 to 0:0
Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/cw/config.tblk
Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents
Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents/Resources
Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents/Resources/ca.crt
Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents/Resources/config.ovpn
Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents/Resources/C.crt
Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents/Resources/C.key
Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents/Resources/ta.key
Tunnelblick installer finished without error
2015-07-09 09:26:36 Tunnelblick[353] Created or updated secure (shadow) copy of configuration file /Users/cw/Library/Application Support/Tunnelblick/Configurations/config.tblk
2015-07-09 10:52:12 tunnelblickd[1083] Status = 252 from tunnelblick-helper command 'compareShadowCopy config'
2015-07-09 10:52:13 Tunnelblick[353] tunnelblickd status from compareShadowCopy: 252
2015-07-09 10:52:16 Tunnelblick[353] Beginning installation or repair
2015-07-09 10:52:16 authexec[1098] executing /Applications/Tunnelblick.app/Contents/Resources/installer
2015-07-09 10:52:17 Tunnelblick[353] Installation or repair succeeded; Log:
Tunnelblick installer started 2015-07-09 10:52:16. 3 arguments: 0x0001
/Library/Application Support/Tunnelblick/Users/cw/config.tblk
/Users/cw/Library/Application Support/Tunnelblick/Configurations/config.tblk
Copied /Users/cw/Library/Application Support/Tunnelblick/Configurations/config.tblk
to /Library/Application Support/Tunnelblick/Users/cw/config.tblk.temp
Renamed /Library/Application Support/Tunnelblick/Users/cw/config.tblk.temp
to /Library/Application Support/Tunnelblick/Users/cw/config.tblk
Changed ownership of /Library/Application Support/Tunnelblick/Users/cw/config.tblk and its contents from 502:80 to 0:0
Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/cw/config.tblk
Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents
Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents/Resources
Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents/Resources/ca.crt
Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents/Resources/config.ovpn
Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents/Resources/C.crt
Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents/Resources/C.key
Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents/Resources/ta.key
Tunnelblick installer finished without error
2015-07-09 10:52:17 Tunnelblick[353] Created or updated secure (shadow) copy of configuration file /Users/cw/Library/Application Support/Tunnelblick/Configurations/config.tblk
2015-07-09 11:21:58 [0x0-0x1e01e].org.mozilla.firefox[494] onclick@https://groups.google.com/forum/#!forum/tunnelblick-discuss:1:17
2015-07-09 11:25:58 Tunnelblick[353] applicationShouldTerminate: termination because of Quit; delayed until 'shutdownTunnelblick' finishes
2015-07-09 11:25:59 Tunnelblick[353] Finished shutting down Tunnelblick; allowing termination
2015-07-09 11:27:50 Tunnelblick[1181] Set program update feedURL to https://www.tunnelblick.net/appcast-b.rss
2015-07-09 11:27:52 Tunnelblick[1181] DEBUG: Updater: systemVersion 10.7.5 satisfies minimumSystemVersion 10.4.0
2015-07-09 11:27:52 Tunnelblick[1181] DEBUG: Updater: systemVersion 10.7.5 satisfies minimumSystemVersion 10.4.0
jkbull...gmail.com
Jul 9, 2015, 12:22:22 PM7/9/15
to tunnelbli...@googlegroups.com, cmw...@g.rit.edu, cmw...@g.rit.edu
On Thursday, July 9, 2015 at 11:51:50 AM UTC-4, <> wrote:
I am attempting to connect to a pfSense openVPN server using Tunnelblick 3.6beta06 as an administrator, but I am receiving a TLS handshake error each time I attempt to connect. I double checked the location of the tls key, as well as the contents of the key and they are correct on both the openVPN server, and on my local macbook. The log and configuration files have been posted below, any help would be appreciated.
Here's the specific error message (well, as specific as OpenSSL gets):
2015-07-09 11:28:08 us=685977 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
It means that, well, the certificate failed verification. You can search for the reasons that might happen, but you are probably better off just regenerating the keys and certificates. Further help might be available on a pfSense forum, or somewhere that deals with however you generated the public key infrastructure.
cmw...@g.rit.edu
Jul 9, 2015, 2:04:37 PM7/9/15
to tunnelbli...@googlegroups.com, cmw...@g.rit.edu
I just created a new certificate authority and regenerated the keys and certificates, but I am receiving the same error still. I will continue searching the pfSense forum.
Reply all
Reply to author
Forward
0 new messages