I understand the basics of how TunnelBlick works. Im assuming my original post wasn't clear:
TunnelBlick installed on Mac OS
At my client site I can connect to their client severs via TunnelBlick and access them via Remote Desktop and SQL Pro
On holiday staying at a cottage, I achieved the same via their wifi
At home I've never been able to connect. It connects and assigns an IP, but I can't access either via Remote Desktop, SQL and my internet stops working via Safari. The latter is fixed when IPs are manually entered into the DNS list
So, either my ISP has certain settings, the ISP Router has certain settings and/or the TunnelBlick config file settings conflict. This is what I need to understand and hopefully resolve the issue.
With regards to my file I will post. Apologies if I misread, but it came across like I needed to remove any sensitive information first. I will post later when I boot up my laptop.
Thanks again
*Tunnelblick: OS X 10.12.3; Tunnelblick 3.7.0 (build 4790); Admin user
git commit 8c2e63a08fd49c4b4881925fea8282547bf2de25
"Sanitized" condensed configuration file for /Library/Application Support/Tunnelblick/Shared/x.tblk:
client
dev tun
proto tcp
remote xxxx 4334
resolv-retry infinite
nobind
persist-key
persist-tun
<ca>
[Security-related line(s) omitted]
</ca>
<cert>
[Security-related line(s) omitted]
</cert>
<key>
[Security-related line(s) omitted]
</key>
auth-user-pass
cipher AES-128-CBC
auth SHA1
comp-lzo
route-delay 4
verb 3
reneg-sec 86400
================================================================================
Non-Apple kexts that are loaded:
Index Refs Address Size Wired Name (Version) UUID <Linked Against>
128 0 0xffffff7f80c1c000 0x1d000 0x1d000 com.kaspersky.kext.klif (3.4.4a33) B14D1F82-6B60-3702-AEAF-406BD1C02A21 <16 5 4 3 1>
131 0 0xffffff7f80bb3000 0x5b000 0x5b000 com.kaspersky.nke (2.3.1a8) 7E183B3A-B139-30E7-BA4A-50C5EBC3A1DA <52 7 5 4 3 1>
147 0 0xffffff7f84714000 0x13000 0x13000 com.kaspersky.kext.kimul.46 (46) C7C64F17-E476-3B02-8652-5BD01674151B <5 4 3 1>
153 0 0xffffff7f84727000 0x2000 0x2000 com.kaspersky.kext.mark.1.0.6 (1.0.6) 9E31771B-3AA7-3BC0-92CB-FE1EACCD6985 <4 1>
168 0 0xffffff7f84816000 0x14000 0x14000 com.intel.kext.intelhaxm (6.0.5) 8C4C5339-F7AA-36E5-A052-3D2E7DC6DF16 <7 5 4 3 1>
================================================================================
There are no unusual files in xxtblk
================================================================================
Configuration preferences:
-keychainHasUsernameAndPassword = 1
-lastConnectionSucceeded = 1
================================================================================
Wildcard preferences:
================================================================================
Program preferences:
launchAtNextLogin = 1
notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
askedUserIfOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
tunnelblickVersionHistory = (
"3.7.0 (build 4790)"
)
statusDisplayNumber = 0
lastLaunchTime = 511088719.445342
lastLanguageAtLaunchWasRTL = 0
connectionWindowDisplayCriteria = showWhenConnecting
maxLogDisplaySize = 102400
lastConnectedDisplayName = xxx
keyboardShortcutIndex = 1
updateCheckAutomatically = 1
updateCheckBetas = 0
updateSendProfileInfo = 1
NSWindow Frame SettingsSheetWindow = 758 468 829 524 0 0 1680 1027
NSWindow Frame ConnectingWindow = 634 561 412 297 0 0 1680 1027
detailsWindowFrameVersion = 4790
detailsWindowFrame = {{637, 414}, {920, 468}}
detailsWindowLeftFrame = {{0, 0}, {165, 350}}
detailsWindowViewIndex = 0
detailsWindowConfigurationsTabIdentifier = settings
leftNavSelectedDisplayName = x
AdvancedWindowTabIdentifier = connectingAndDisconnecting
haveDealtWithSparkle1dot5b6 = 1
haveDealtWithOldTunTapPreferences = 1
haveDealtWithOldLoginItem = 1
SUEnableAutomaticChecks = 1
SUScheduledCheckInterval = 86400
SUSendProfileInfo = 1
SULastCheckTime = 2017-03-18 10:20:25 +0000
SULastProfileSubmissionDate = 2017-03-17 22:45:11 +0000
SUHasLaunchedBefore = 1
WebKitDefaultFontSize = 16
WebKitStandardFont = Times
================================================================================
Tunnelblick Log:
*Tunnelblick: OS X 10.12.3; Tunnelblick 3.7.0 (build 4790)
2017-03-19 19:54:06 *Tunnelblick: Attempting connection with xx; Set nameserver = 769; monitoring connection
2017-03-19 19:54:06 *Tunnelblick: openvpnstart start x.tblk 1337 769 0 3 0 1065264 -ptADGNWradsgnw 2.3.14-openssl-1.0.2k
2017-03-19 19:54:06 *Tunnelblick: openvpnstart log:
OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.14-openssl-1.0.2k/openvpn
--daemon
--log
/Library/Application Support/Tunnelblick/Logs/-SLibrary-SApplication Support-STunnelblick-SShared-x.tblk-SContents-SResources-Sconfig.ovpn.769_0_3_0_1065264.1337.openvpn.log
--cd
/Library/Application Support/Tunnelblick/Shared/x.tblk/Contents/Resources
--verb
3
--config
/Library/Application Support/Tunnelblick/Shared/x.tblk/Contents/Resources/config.ovpn
--verb
3
--cd
/Library/Application Support/Tunnelblick/Shared/x.tblk/Contents/Resources
--management
127.0.0.1
1337
--management-query-passwords
--management-hold
--script-security
2
--up
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
--down
/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
2017-03-19 19:54:06 OpenVPN 2.3.14 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Jan 28 2017
2017-03-19 19:54:06 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09
2017-03-19 19:54:06 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337
2017-03-19 19:54:06 Need hold release from management interface, waiting...
2017-03-19 19:54:06 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337
2017-03-19 19:54:06 *Tunnelblick: openvpnstart starting OpenVPN
2017-03-19 19:54:07 *Tunnelblick: Established communication with OpenVPN
2017-03-19 19:54:07 *Tunnelblick: Obtained VPN username and password from the Keychain
2017-03-19 19:54:07 MANAGEMENT: CMD 'pid'
2017-03-19 19:54:07 MANAGEMENT: CMD 'state on'
2017-03-19 19:54:07 MANAGEMENT: CMD 'state'
2017-03-19 19:54:07 MANAGEMENT: CMD 'bytecount 1'
2017-03-19 19:54:07 MANAGEMENT: CMD 'hold release'
2017-03-19 19:54:07 MANAGEMENT: CMD 'username "Auth" "raybetts"'
2017-03-19 19:54:07 MANAGEMENT: CMD 'password [...]'
2017-03-19 19:54:07 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2017-03-19 19:54:07 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2017-03-19 19:54:07 Socket Buffers: R=[131072->131072] S=[131072->131072]
2017-03-19 19:54:07 MANAGEMENT: >STATE:1489953247,RESOLVE,,,
2017-03-19 19:54:07 Attempting to establish TCP connection with [AF_INET]91.185.172.236:4334 [nonblock]
2017-03-19 19:54:07 MANAGEMENT: >STATE:1489953247,TCP_CONNECT,,,
2017-03-19 19:54:08 TCP connection established with [AF_INET]91.185.172.236:4334
2017-03-19 19:54:08 TCPv4_CLIENT link local: [undef]
2017-03-19 19:54:08 TCPv4_CLIENT link remote: [AF_INET]91.185.172.236:4334
2017-03-19 19:54:08 MANAGEMENT: >STATE:1489953248,WAIT,,,
2017-03-19 19:54:08 MANAGEMENT: >STATE:1489953248,AUTH,,,
2017-03-19 19:54:08 TLS: Initial packet from [AF_INET]91.185.172.236:4334, sid=5ce983dd 95601f46
2017-03-19 19:54:08 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2017-03-19 19:54:08 VERIFY OK: depth=1, C=gb, L=Solihull, O=x, CN=x, emailAddress=x.co.uk
2017-03-19 19:54:08 VERIFY OK: depth=0, C=gb, L=Solihull, O=x, CN=x, emailAddress=x.co.uk
2017-03-19 19:54:09 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
2017-03-19 19:54:09 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2017-03-19 19:54:09 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
2017-03-19 19:54:09 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2017-03-19 19:54:09 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
2017-03-19 19:54:09 [gateway.x] Peer Connection Initiated with [AF_INET]91.185.172.236:4334
2017-03-19 19:54:10 MANAGEMENT: >STATE:1489953250,GET_CONFIG,,,
2017-03-19 19:54:11 SENT CONTROL [gateway.x]: 'PUSH_REQUEST' (status=1)
2017-03-19 19:54:11 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.242.2.1,route-gateway 10.242.2.1,topology subnet,ping 10,ping-restart 120,route 10.5.0.0 255.255.248.0,route 192.168.200.10 255.255.255.255,route 192.168.0.0 255.255.248.0,route 192.168.176.0 255.255.252.0,dhcp-option DNS 192.,dhcp-option DNS 192.,dhcp-option DOMAIN x.local,ifconfig 10.242.2.2 255.255.255.0'
2017-03-19 19:54:11 OPTIONS IMPORT: timers and/or timeouts modified
2017-03-19 19:54:11 OPTIONS IMPORT: --ifconfig/up options modified
2017-03-19 19:54:11 OPTIONS IMPORT: route options modified
2017-03-19 19:54:11 OPTIONS IMPORT: route-related options modified
2017-03-19 19:54:11 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2017-03-19 19:54:11 Opening utun (connect(AF_SYS_CONTROL)): Resource busy
2017-03-19 19:54:11 Opening utun (connect(AF_SYS_CONTROL)): Resource busy
2017-03-19 19:54:11 Opened utun device utun2
2017-03-19 19:54:11 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
2017-03-19 19:54:11 MANAGEMENT: >STATE:1489953251,ASSIGN_IP,,10.242.2.2,
2017-03-19 19:54:11 /sbin/ifconfig utun2 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2017-03-19 19:54:11 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2017-03-19 19:54:11 /sbin/ifconfig utun2 10.242.2.2 10.242.2.2 netmask 255.255.255.0 mtu 1500 up
2017-03-19 19:54:12 /sbin/route add -net 10.242.2.0 10.242.2.2 255.255.255.0
add net 10.242.2.0: gateway 10.242.2.2
2017-03-19 19:54:12 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw utun2 1500 1560 10.242.2.2 255.255.255.0 init
**********************************************
Start of output from client.up.tunnelblick.sh
Disabled IPv6 for 'Wi-Fi'
Retrieved from OpenVPN: name server(s) [ 192. 192. ], domain name [ x.local ], search domain(s) [ ], and SMB server(s) [ ]
Not aggregating ServerAddresses because running on OS X 10.6 or higher
Setting search domains to 'x.local' because running under OS X 10.6 or higher and the search domains were not set manually and 'Prepend domain name to search domains' was not selected
Saved the DNS and SMB configurations so they can be restored
Changed DNS ServerAddresses setting from '192.168.0.1' to '192. 192.'
Changed DNS SearchDomains setting from '' to 'x.local'
Changed DNS DomainName setting from 'Home' to 'x.local'
Did not change SMB NetBIOSName setting of ''
Did not change SMB Workgroup setting of ''
Did not change SMB WINSAddresses setting of ''
DNS servers '192. 192.' will be used for DNS queries when the VPN is active
NOTE: The DNS servers do not include any free public DNS servers known to Tunnelblick. This may cause DNS queries to fail or be intercepted or falsified even if they are directed through the VPN. Specify only known public DNS servers or DNS servers located on the VPN network to avoid such problems.
Flushed the DNS cache via dscacheutil
/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
Notified mDNSResponder that the DNS cache was flushed
Setting up to monitor system configuration with process-network-changes
End of output from client.up.tunnelblick.sh
**********************************************
2017-03-19 19:54:25 MANAGEMENT: >STATE:1489953265,ADD_ROUTES,,,
2017-03-19 19:54:25 /sbin/route add -net 10.5.0.0 10.242.2.1 255.255.248.0
add net 10.5.0.0: gateway 10.242.2.1
2017-03-19 19:54:25 /sbin/route add -net 192.168.200.10 10.242.2.1 255.255.255.255
add net 192.168.200.10: gateway 10.242.2.1
2017-03-19 19:54:25 /sbin/route add -net 192.168.0.0 10.242.2.1 255.255.248.0
add net 192.168.0.0: gateway 10.242.2.1
2017-03-19 19:54:26 /sbin/route add -net 192.168.176.0 10.242.2.1 255.255.252.0
add net 192.168.176.0: gateway 10.242.2.1
2017-03-19 19:54:26 Initialization Sequence Completed
2017-03-19 19:54:26 MANAGEMENT: >STATE:1489953266,CONNECTED,SUCCESS,10.242.2.2,91.185.172.236
2017-03-19 19:54:26 *Tunnelblick: No 'connected.sh' script to execute
================================================================================
"Sanitized" full configuration file
# OVPN_ACCESS_SERVER_USERNAME=raybetts
client
dev tun
proto tcp
remote x 4334
;tls-remote "C=gb, L=S, O=x, CN=gateway.x, emailAddress=itsupport@x"
;route remote_host 255.255.255.255 net_gateway
resolv-retry infinite
nobind
persist-key
persist-tun
<ca>
[Security-related line(s) omitted]
</ca>
<cert>
[Security-related line(s) omitted]
</cert>
<key>
[Security-related line(s) omitted]
</key>
auth-user-pass
cipher AES-128-CBC
auth SHA1
comp-lzo
route-delay 4
verb 3
reneg-sec 86400
================================================================================
ifconfig output:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 78:4f:43:58:93:ed
inet 192.168.0.26 netmask 0xffffff00 broadcast 192.168.0.255
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
en1: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
options=60<TSO4,TSO6>
ether d2:00:69:89:0b:00
media: autoselect <full-duplex>
status: inactive
en3: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
options=60<TSO4,TSO6>
ether d2:00:69:89:0b:01
media: autoselect <full-duplex>
status: inactive
en2: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
options=60<TSO4,TSO6>
ether d2:00:69:89:0b:04
media: autoselect <full-duplex>
status: inactive
en4: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
options=60<TSO4,TSO6>
ether d2:00:69:89:0b:05
media: autoselect <full-duplex>
status: inactive
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=63<RXCSUM,TXCSUM,TSO4,TSO6>
ether d2:00:69:89:0b:00
Configuration:
id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
ipfilter disabled flags 0x2
member: en1 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 5 priority 0 path cost 0
member: en2 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 7 priority 0 path cost 0
member: en3 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 6 priority 0 path cost 0
member: en4 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 8 priority 0 path cost 0
media: <unknown type>
status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether 0a:4f:43:58:93:ed
media: autoselect
status: inactive
awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1484
ether b6:2e:87:54:99:e2
inet6 fe80::b42e:87ff:fe54:99e2%awdl0 prefixlen 64 scopeid 0xb
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
inet6 fe80::236d:53e3:eb0b:dada%utun0 prefixlen 64 scopeid 0xd
nd6 options=201<PERFORMNUD,DAD>
utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
inet6 fe80::31b1:9672:2f9f:e440%utun1 prefixlen 64 scopeid 0x10
nd6 options=201<PERFORMNUD,DAD>
en5: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether ac:de:48:00:11:22
inet6 fe80::aede:48ff:fe00:1122%en5 prefixlen 64 scopeid 0xc
nd6 options=281<PERFORMNUD,INSECURE,DAD>
media: autoselect
status: active
utun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 10.242.2.2 --> 10.242.2.2 netmask 0xffffff00
================================================================================
Console Log:
2017-03-19 19:54:07 Tunnelblick[445] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-x' account = 'username'
2017-03-19 19:54:07 Tunnelblick[445] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-x' account = 'password'
2017-03-19 19:54:11 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.242.2.1,route-gateway 10.242.2.1,topology subnet,ping 10,ping-restart 120,route 10.5.0.0 255.255.248.0,route 192.168.200.10 255.255.255.255,route 192.168.0.0 255.255.248.0,route 192.168.176.0 255.255.252.0,dhcp-option DNS 192.,dhcp-option DNS 192.,dhcp-option DOMAIN x.local,ifconfig 10.242.2.2 255.255.255.0'
--
You received this message because you are subscribed to the Google Groups "tunnelblick-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tunnelblick-discuss+unsub...@googlegroups.com.
Visit this group at https://groups.google.com/group/tunnelblick-discuss.
For more options, visit https://groups.google.com/d/optout.