Issue with TAP VPN on Catalina

262 views
Skip to first unread message

Scott Crooks

unread,
Mar 21, 2021, 5:09:33 AM3/21/21
to tunnelblick-discuss
Greetings,

I originally posted on SNB Forums about this issue (https://www.snbforums.com/threads/issues-with-openvpn-tap-setup.71298/), but found that the problem I was having was not related to the ASUS Merlin firmware at all. It's an issue with Tunnelblick, and apparently many other OpenVPN clients on macOS.

Basically, I've set up a Layer-2 (TAP) based OpenVPN server on my ASUS router after having successfully set up a Layer-3 (TUN) based one previously. The reason is because I wanted Layer-2 connectivity for being able to print using Bonjour, among other things.

I can connect with Tunnelblick (and with Pritunl and with Viscosity), but they all seem to have the same problem, namely that after connecting, I don't receive any routes, and can't do anything on the network. I've tried the exact same client / server configuration combination on Windows using the OpenVPN client, and it works great. I can connect, receive an IP from the LAN DHCP, and browse the Internet.

I feel like it's something simple, but I can't quite figure it out. Is anyone else having this issue?

I have attached the following:
  • Screenshot of server config on ASUS router
  • OpenVPN configuration file for the server on the ASUS router
  • Screenshot of my Tunnelblick settings before connecting to the VPN
  • Tunnelblick diagnostic information, with usernames and IP addresses replaced
openvpn-tap-server.png
server.txt
tunnelblick-tap-client.png
tunnelblick-diagnostic-info.txt

Tunnelblick developer

unread,
Mar 21, 2021, 7:25:29 AM3/21/21
to tunnelblick-discuss
Notice the following warnings from  the log (the first two are from OpenVPN, the last one is Tunnelblick and is a result of the other problems):

2021-03-21 09:54:32.461310 WARNING: You have specified redirect-gateway and redirect-private at the same time (or the same option multiple times). This is not well supported and may lead to unexpected results

2021-03-21 09:54:32.474948 WARNING: OpenVPN was configured to add an IPv4 route. However, no IPv4 has been configured for tap0, therefore the route installation may fail or may not work as expected.

2021-03-21 09:54:37.341324 *Tunnelblick: Warning: DNS server address <my-asus-router-lan-ip> is not a public IP address and is not being routed through the VPN.

You should consult OpenVPN experts to resolve this. See Support for links to sources of OpenVPN info.
Reply all
Reply to author
Forward
0 new messages