Tunnelblick openvpn not sending a PUSH_REQUEST?

[Kee Hinckley]

Tunnelblick 3.5.4 (build 4270.4395) on Yosemite
On the server, OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO]
[EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec 1 2014

I've been running Tunnelblick for years connecting to a very old openvpn
server, but only with a partial redirect of IP connections. I recently
set a new server up on a new machine for routing all traffic, and used
it successfully with my iPhone, but when I created a configuration for
my Mac, I'm not getting my traffic all routed through the gateway.
Looking at the server logs, I see a significant difference between the
two connections.

Server logs when phone connects

Fri Oct 16 11:56:02 2015 KeeiPhone/xxx:40139 MULTI_sva: pool returned
IPv4=10.8.0.10, IPv6=(Not enabled)
Fri Oct 16 11:56:02 2015 KeeiPhone/xxx:40139 MULTI: Learn: 10.8.0.10 ->
KeeiPhone/xxx:40139
Fri Oct 16 11:56:02 2015 KeeiPhone/xxx:40139 MULTI: primary virtual IP
for KeeiPhone/xxx:40139: 10.8.0.10
Fri Oct 16 11:56:02 2015 KeeiPhone/xxx:40139 PUSH: Received control
message: 'PUSH_REQUEST'
Fri Oct 16 11:56:02 2015 KeeiPhone/xxx:40139 send_push_reply():
safe_cap=940
Fri Oct 16 11:56:02 2015 KeeiPhone/xxx:40139 SENT CONTROL [KeeiPhone]:
'PUSH_REPLY,route-gateway 10.8.0.1,redirect-gateway def1
bypass-dhcp,dhcp-options DNS 8.8.8.8,dhcp-options DNS 8.8.4.4,route
10.8.0.1,topology net30,ping 30,ping-restart 240,ifconfig 10.8.0.10
10.8.0.9' (status=1)

Server logs when my laptop connects

Fri Oct 16 12:14:57 2015 angmar/xxx:38542 MULTI_sva: pool returned
IPv4=10.8.0.30, IPv6=(Not enabled)
Fri Oct 16 12:14:57 2015 angmar/xxx:38542 MULTI: Learn: 10.8.0.30 ->
angmar/xxx:38542
Fri Oct 16 12:14:57 2015 angmar/xxx:38542 MULTI: primary virtual IP for
angmar/xxx:38542: 10.8.0.30

And that's it. It never receives a PUSH_REQUEST, so it never sends the
PUSH_REPLY.

Client configuration:

tls-client
remote xxx
comp-lzo
port xxx
proto udp
dev tun
remote-cert-tls server


Server config

sndbuf 0
rcvbuf 0
mssfix 1100
port 443
proto udp
dev tun2
route-up "/sbin/ifconfig tun2 up"
tls-server
ca easy-rsa/2.0/keys/ca.crt
cert easy-rsa/2.0/keys/server.crt
key easy-rsa/2.0/keys/server.key
dh easy-rsa/2.0/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-options DNS 8.8.8.8"
push "dhcp-options DNS 8.8.4.4"
keepalive 30 240
comp-lzo
script-security 2
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn.log
verb 3

[jkbull...gmail.com]

This is an OpenVPN configuration problem, not a Tunnelblick problem. But it is very easy (at least the problem you presented; there may be other problems).

To send a "PUSH_REQUEST", the client config must contain either a "pull" option or a "client" option ("client" implies "pull" and "tls-client"). See the OpenVPN man page.

On Friday, October 16, 2015 at 12:27:52 PM UTC-4, Kee Hinckley wrote:

Tunnelblick 3.5.4 (build 4270.4395) on Yosemite
On the server, OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO]
[EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec  1 2014

I've been running Tunnelblick for years connecting to a very old openvpn
server, but only with a partial redirect of IP connections. I recently
set a new server up on a new machine for routing all traffic, and used
it successfully with my iPhone, but when I created a configuration for
my Mac, I'm not getting my traffic all routed through the gateway.
Looking at the server logs, I see a significant difference between the
two connections.

[Kee Hinckley]

Thanks, I thought it probably was, but I wasn’t getting anywhere in search. That fixed it perfectly. Thanks.

On 16 Oct 2015, at 12:38, jkbull…gmail.com wrote:

This is an OpenVPN configuration problem, not a Tunnelblick problem. But it
is very easy (at least the problem you presented; there may be other
problems).

To send a “PUSH_REQUEST”, the client config must contain either a “pull”
option or a “client” option (“client” implies “pull” and “tls-client”). See
the OpenVPN man page

https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage.

On Friday, October 16, 2015 at 12:27:52 PM UTC-4, Kee Hinckley wrote:

Tunnelblick 3.5.4 (build 4270.4395) on Yosemite
On the server, OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO]
[EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec  1 2014

I’ve been running Tunnelblick for years connecting to a very old openvpn
server, but only with a partial redirect of IP connections. I recently
set a new server up on a new machine for routing all traffic, and used
it successfully with my iPhone, but when I created a configuration for
my Mac, I’m not getting my traffic all routed through the gateway.
Looking at the server logs, I see a significant difference between the
two connections.

Client configuration:

tls-client
remote xxx
comp-lzo
port xxx
proto udp
dev tun
remote-cert-tls server

–
You received this message because you are subscribed to the Google Groups “tunnelblick-discuss” group.
To unsubscribe from this group and stop receiving emails from it, send an email to tunnelblick-dis...@googlegroups.com.
Visit this group at http://groups.google.com/group/tunnelblick-discuss.
For more options, visit https://groups.google.com/d/optout.