Can connect and ping but not access any other tcp services on the OpenVPN
141 views
Skip to first unread message
Russell Sutherland
Jan 16, 2014, 10:54:09 AM1/16/14
to tunnelbli...@googlegroups.com
I am running the following client version of Tunnelblick on OS X 10.9.1:
Tunnelblick: OS X 10.9.1; Tunnelblick 3.4beta18 (build 3704); Admin user
The remote server end is a Mac OS X Server running 10.8.5 and openvpn2 which has been installed using macports:
$ uname -a
Darwin server1.msc.private 12.5.0 Darwin Kernel Version 12.5.0: Sun Sep 29 13:33:47 PDT 2013; root:xnu-2050.48.12~1/RELEASE_X86_64 x86_64
$ sudo port info openvpn2
openvpn2 @2.3.0 (net, security)
Variants: universal
Description: OpenVPN is an easy-to-use, robust, and highly configurable VPN (Virtual Private Network) daemon which can be used
to securely link two or more private networks using an encrypted tunnel over the internet.
Homepage: http://www.openvpn.net
Build Dependencies: pkgconfig
Library Dependencies: lzo2, openssl
Platforms: darwin
License: GPL-2 OpenSSLException
Maintainers: nomain...@macports.org
This is the server configuration:
$ cat /etc/openvpn/server.conf
dev tun
port 1194
proto udp
topology subnet
server 10.8.0.0 255.255.255.0
push "route 10.10.10.0 255.255.255.0"
ifconfig-pool-persist /etc/openvpn/ipp.txt
cd /etc/openvpn/keys
ca ca.crt
cert server.crt
dh dh1024.pem
keepalive 10 120
comp-lzo
max-clients 10
persist-key
persist-tun
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log
verb 3
I can connect to the remote server and get past the authentication phase as well as getting a route to the remote LAN.
I can ping the remote VPN address (10.8.0.1) as well as the remote LAN address of the VPN server.
$ ping -c5 10.8.0.1
PING 10.8.0.1 (10.8.0.1): 56 data bytes
64 bytes from 10.8.0.1: icmp_seq=0 ttl=64 time=52.565 ms
64 bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=55.862 ms
64 bytes from 10.8.0.1: icmp_seq=2 ttl=64 time=53.923 ms
64 bytes from 10.8.0.1: icmp_seq=3 ttl=64 time=43.644 ms
64 bytes from 10.8.0.1: icmp_seq=4 ttl=64 time=47.624 ms
--- 10.8.0.1 ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 43.644/50.724/55.862/4.467 ms
$ ping -n -c5 10.10.10.101
PING 10.10.10.101 (10.10.10.101): 56 data bytes
64 bytes from 10.10.10.101: icmp_seq=0 ttl=64 time=40.259 ms
64 bytes from 10.10.10.101: icmp_seq=1 ttl=64 time=52.671 ms
64 bytes from 10.10.10.101: icmp_seq=2 ttl=64 time=50.313 ms
64 bytes from 10.10.10.101: icmp_seq=3 ttl=64 time=57.575 ms
64 bytes from 10.10.10.101: icmp_seq=4 ttl=64 time=59.250 ms
--- 10.10.10.101 ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 40.259/52.014/59.250/6.705 ms
But when I try to connect to ssh on the remote VPN server via it's LAN address (10.10.10.101) there is no response. I do not think the TCP return packets are getting sent over the VPN.
$ ssh -v -lruss 10.10.10.101
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 53: Applying options for *
debug1: Connecting to 10.10.10.101 [10.10.10.101] port 22.
......
I have enabled packet forwarding on the Mac OS X server via sysctl:
# sysctl -a |grep forward
net.inet.ip.forwarding: 1
This same configuration works when connecting to a Linux based OpenVPN server.
Any ideas what or where the problem lies? Thanks in advance.
Here is the Tunnelblick diagnostics:
2014-01-16 10:22:23 *Tunnelblick: Attempting connection with MSC-OpenVPN using shadow copy; Set nameserver = 1; monitoring connection
2014-01-16 10:22:23 *Tunnelblick: openvpnstart start MSC-OpenVPN.tblk 1338 1 0 1 0 305 -ptADGNWradsgnw 2.2.1
2014-01-16 10:22:24 *Tunnelblick: openvpnstart log:
Loading tun-signed.kext
OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.2.1/openvpn
--cd
/Library/Application Support/Tunnelblick/Users/russ/MSC-OpenVPN.tblk/Contents/Resources
--daemon
--management
127.0.0.1
1338
--config
/Library/Application Support/Tunnelblick/Users/russ/MSC-OpenVPN.tblk/Contents/Resources/config.ovpn
--log
/Library/Application Support/Tunnelblick/Logs/-SUsers-Sruss-SLibrary-SApplication Support-STunnelblick-SConfigurations-SMSC--OpenVPN.tblk-SContents-SResources-Sconfig.ovpn.1_0_1_0_305.1338.openvpn.log
--management-query-passwords
--management-hold
--script-security
2
--up
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -f -ptADGNWradsgnw
--down
/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -f -ptADGNWradsgnw
2014-01-16 10:22:24 *Tunnelblick: Established communication with OpenVPN
2014-01-16 10:22:24 us=185103 Current Parameter Settings:
2014-01-16 10:22:24 us=185409 config = '/Library/Application Support/Tunnelblick/Users/russ/MSC-OpenVPN.tblk/Contents/Resources/config.ovpn'
2014-01-16 10:22:24 us=185427 mode = 0
2014-01-16 10:22:24 us=185440 show_ciphers = DISABLED
2014-01-16 10:22:24 us=185453 show_digests = DISABLED
2014-01-16 10:22:24 us=185467 show_engines = DISABLED
2014-01-16 10:22:24 us=185481 genkey = DISABLED
2014-01-16 10:22:24 us=185495 key_pass_file = '[UNDEF]'
2014-01-16 10:22:24 us=185510 show_tls_ciphers = DISABLED
2014-01-16 10:22:24 us=185524 Connection profiles [default]:
2014-01-16 10:22:24 us=185538 proto = udp
2014-01-16 10:22:24 us=185553 local = '[UNDEF]'
2014-01-16 10:22:24 us=185567 local_port = 0
2014-01-16 10:22:24 us=185582 remote = '216.154.17.58'
2014-01-16 10:22:24 us=185596 remote_port = 11194
2014-01-16 10:22:24 us=185610 remote_float = DISABLED
2014-01-16 10:22:24 us=185624 bind_defined = DISABLED
2014-01-16 10:22:24 us=185639 bind_local = DISABLED
2014-01-16 10:22:24 us=185653 connect_retry_seconds = 5
2014-01-16 10:22:24 us=185667 connect_timeout = 10
2014-01-16 10:22:24 us=185681 connect_retry_max = 0
2014-01-16 10:22:24 us=185696 socks_proxy_server = '[UNDEF]'
2014-01-16 10:22:24 us=185710 socks_proxy_port = 0
2014-01-16 10:22:24 us=185723 socks_proxy_retry = DISABLED
2014-01-16 10:22:24 us=185736 Connection profiles END
2014-01-16 10:22:24 us=185749 remote_random = DISABLED
2014-01-16 10:22:24 us=185764 ipchange = '[UNDEF]'
2014-01-16 10:22:24 us=185777 dev = 'tun'
2014-01-16 10:22:24 us=185795 dev_type = '[UNDEF]'
2014-01-16 10:22:24 us=185810 dev_node = '[UNDEF]'
2014-01-16 10:22:24 us=185824 lladdr = '[UNDEF]'
2014-01-16 10:22:24 us=185837 topology = 1
2014-01-16 10:22:24 us=185850 tun_ipv6 = DISABLED
2014-01-16 10:22:24 us=185863 ifconfig_local = '[UNDEF]'
2014-01-16 10:22:24 us=185876 ifconfig_remote_netmask = '[UNDEF]'
2014-01-16 10:22:24 us=185889 ifconfig_noexec = DISABLED
2014-01-16 10:22:24 us=185903 ifconfig_nowarn = DISABLED
2014-01-16 10:22:24 us=185918 shaper = 0
2014-01-16 10:22:24 us=185932 tun_mtu = 1500
2014-01-16 10:22:24 us=185945 tun_mtu_defined = ENABLED
2014-01-16 10:22:24 us=185958 link_mtu = 1500
2014-01-16 10:22:24 us=186116 link_mtu_defined = DISABLED
2014-01-16 10:22:24 us=186132 tun_mtu_extra = 0
2014-01-16 10:22:24 us=186153 tun_mtu_extra_defined = DISABLED
2014-01-16 10:22:24 us=186169 fragment = 0
2014-01-16 10:22:24 us=186189 mtu_discover_type = -1
2014-01-16 10:22:24 us=186205 mtu_test = 0
2014-01-16 10:22:24 us=186219 mlock = DISABLED
2014-01-16 10:22:24 us=186233 keepalive_ping = 0
2014-01-16 10:22:24 us=186246 keepalive_timeout = 0
2014-01-16 10:22:24 us=186261 inactivity_timeout = 0
2014-01-16 10:22:24 us=186276 ping_send_timeout = 0
2014-01-16 10:22:24 us=186291 ping_rec_timeout = 0
2014-01-16 10:22:24 us=186306 ping_rec_timeout_action = 0
2014-01-16 10:22:24 us=186320 ping_timer_remote = DISABLED
2014-01-16 10:22:24 us=186334 remap_sigusr1 = 0
2014-01-16 10:22:24 us=186348 explicit_exit_notification = 0
2014-01-16 10:22:24 us=186361 persist_tun = ENABLED
2014-01-16 10:22:24 us=186374 persist_local_ip = DISABLED
2014-01-16 10:22:24 us=186386 persist_remote_ip = DISABLED
2014-01-16 10:22:24 us=186399 persist_key = ENABLED
2014-01-16 10:22:24 us=186413 mssfix = 1450
2014-01-16 10:22:24 us=186425 passtos = DISABLED
2014-01-16 10:22:24 us=186438 resolve_retry_seconds = 1000000000
2014-01-16 10:22:24 us=186451 username = '[UNDEF]'
2014-01-16 10:22:24 us=186465 groupname = '[UNDEF]'
2014-01-16 10:22:24 us=186479 chroot_dir = '[UNDEF]'
2014-01-16 10:22:24 us=186494 cd_dir = '/Library/Application Support/Tunnelblick/Users/russ/MSC-OpenVPN.tblk/Contents/Resources'
2014-01-16 10:22:24 us=186530 writepid = '[UNDEF]'
2014-01-16 10:22:24 us=186546 up_script = '/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -f -ptADGNWradsgnw'
2014-01-16 10:22:24 us=186561 down_script = '/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -f -ptADGNWradsgnw'
2014-01-16 10:22:24 us=186576 down_pre = DISABLED
2014-01-16 10:22:24 us=186589 up_restart = DISABLED
2014-01-16 10:22:24 us=186602 up_delay = DISABLED
2014-01-16 10:22:24 us=186614 daemon = ENABLED
2014-01-16 10:22:24 us=186628 inetd = 0
2014-01-16 10:22:24 us=186640 log = ENABLED
2014-01-16 10:22:24 us=186653 suppress_timestamps = DISABLED
2014-01-16 10:22:24 us=186666 nice = 0
2014-01-16 10:22:24 us=186680 verbosity = 4
2014-01-16 10:22:24 us=186695 mute = 0
2014-01-16 10:22:24 us=186709 gremlin = 0
2014-01-16 10:22:24 us=186723 status_file = '[UNDEF]'
2014-01-16 10:22:24 us=186744 status_file_version = 1
2014-01-16 10:22:24 us=186781 status_file_update_freq = 60
2014-01-16 10:22:24 us=186799 occ = ENABLED
2014-01-16 10:22:24 us=186811 rcvbuf = 65536
2014-01-16 10:22:24 us=186824 sndbuf = 65536
2014-01-16 10:22:24 us=186836 sockflags = 0
2014-01-16 10:22:24 us=186848 fast_io = DISABLED
2014-01-16 10:22:24 us=186862 lzo = 7
2014-01-16 10:22:24 us=186875 route_script = '[UNDEF]'
2014-01-16 10:22:24 us=186888 route_default_gateway = '[UNDEF]'
2014-01-16 10:22:24 us=186901 route_default_metric = 0
2014-01-16 10:22:24 us=186914 route_noexec = DISABLED
2014-01-16 10:22:24 us=186928 route_delay = 0
2014-01-16 10:22:24 us=186941 route_delay_window = 30
2014-01-16 10:22:24 us=186953 route_delay_defined = DISABLED
2014-01-16 10:22:24 us=186966 route_nopull = DISABLED
2014-01-16 10:22:24 us=186981 route_gateway_via_dhcp = DISABLED
2014-01-16 10:22:24 us=186998 max_routes = 100
2014-01-16 10:22:24 us=187013 allow_pull_fqdn = DISABLED
2014-01-16 10:22:24 us=187029 management_addr = '127.0.0.1'
2014-01-16 10:22:24 us=187045 management_port = 1338
2014-01-16 10:22:24 us=187060 management_user_pass = '[UNDEF]'
2014-01-16 10:22:24 us=187074 management_log_history_cache = 250
2014-01-16 10:22:24 us=187088 management_echo_buffer_size = 100
2014-01-16 10:22:24 us=187102 management_write_peer_info_file = '[UNDEF]'
2014-01-16 10:22:24 us=187118 management_client_user = '[UNDEF]'
2014-01-16 10:22:24 us=187132 management_client_group = '[UNDEF]'
2014-01-16 10:22:24 us=187146 management_flags = 6
2014-01-16 10:22:24 us=187159 shared_secret_file = '[UNDEF]'
2014-01-16 10:22:24 us=187173 key_direction = 0
2014-01-16 10:22:24 us=187185 ciphername_defined = ENABLED
2014-01-16 10:22:24 us=187197 ciphername = 'BF-CBC'
2014-01-16 10:22:24 us=187209 authname_defined = ENABLED
2014-01-16 10:22:24 us=187222 authname = 'SHA1'
2014-01-16 10:22:24 us=187235 prng_hash = 'SHA1'
2014-01-16 10:22:24 us=187249 prng_nonce_secret_len = 16
2014-01-16 10:22:24 us=187262 keysize = 0
2014-01-16 10:22:24 us=187275 engine = DISABLED
2014-01-16 10:22:24 us=187289 replay = ENABLED
2014-01-16 10:22:24 us=187303 mute_replay_warnings = DISABLED
2014-01-16 10:22:24 us=187318 replay_window = 64
2014-01-16 10:22:24 us=187333 replay_time = 15
2014-01-16 10:22:24 us=187349 packet_id_file = '[UNDEF]'
2014-01-16 10:22:24 us=187366 use_iv = ENABLED
2014-01-16 10:22:24 us=187382 test_crypto = DISABLED
2014-01-16 10:22:24 us=187397 tls_server = DISABLED
2014-01-16 10:22:24 us=187412 tls_client = ENABLED
2014-01-16 10:22:24 us=187428 key_method = 2
2014-01-16 10:22:24 us=187443 ca_file = 'ca.crt'
2014-01-16 10:22:24 us=187457 ca_path = '[UNDEF]'
2014-01-16 10:22:24 us=187495 dh_file = '[UNDEF]'
2014-01-16 10:22:24 us=187512 cert_file = 'russ.crt'
2014-01-16 10:22:24 us=187528 priv_key_file = 'russ.key'
2014-01-16 10:22:24 us=187544 pkcs12_file = '[UNDEF]'
2014-01-16 10:22:24 us=187560 cipher_list = '[UNDEF]'
2014-01-16 10:22:24 us=187582 tls_verify = '[UNDEF]'
2014-01-16 10:22:24 us=187599 tls_export_cert = '[UNDEF]'
2014-01-16 10:22:24 us=187614 tls_remote = '[UNDEF]'
2014-01-16 10:22:24 us=187629 crl_file = '[UNDEF]'
2014-01-16 10:22:24 us=187644 ns_cert_type = 0
2014-01-16 10:22:24 us=187658 remote_cert_ku[i] = 0
2014-01-16 10:22:24 us=187673 remote_cert_ku[i] = 0
2014-01-16 10:22:24 us=187687 remote_cert_ku[i] = 0
2014-01-16 10:22:24 us=187702 remote_cert_ku[i] = 0
2014-01-16 10:22:24 us=187717 remote_cert_ku[i] = 0
2014-01-16 10:22:24 us=187731 remote_cert_ku[i] = 0
2014-01-16 10:22:24 us=187746 remote_cert_ku[i] = 0
2014-01-16 10:22:24 us=187761 remote_cert_ku[i] = 0
2014-01-16 10:22:24 us=187775 remote_cert_ku[i] = 0
2014-01-16 10:22:24 us=187790 remote_cert_ku[i] = 0
2014-01-16 10:22:24 us=187804 remote_cert_ku[i] = 0
2014-01-16 10:22:24 us=187819 remote_cert_ku[i] = 0
2014-01-16 10:22:24 us=187833 remote_cert_ku[i] = 0
2014-01-16 10:22:24 us=187848 remote_cert_ku[i] = 0
2014-01-16 10:22:24 us=187863 remote_cert_ku[i] = 0
2014-01-16 10:22:24 us=187878 remote_cert_ku[i] = 0
2014-01-16 10:22:24 us=187893 remote_cert_eku = '[UNDEF]'
2014-01-16 10:22:24 us=187908 tls_timeout = 2
2014-01-16 10:22:24 us=187922 renegotiate_bytes = 0
2014-01-16 10:22:24 us=187938 renegotiate_packets = 0
2014-01-16 10:22:24 us=187952 renegotiate_seconds = 3600
2014-01-16 10:22:24 us=187967 handshake_window = 60
2014-01-16 10:22:24 us=187983 transition_window = 3600
2014-01-16 10:22:24 us=187997 single_session = DISABLED
2014-01-16 10:22:24 us=188011 push_peer_info = DISABLED
2014-01-16 10:22:24 us=188025 tls_exit = DISABLED
2014-01-16 10:22:24 us=188038 tls_auth_file = '[UNDEF]'
2014-01-16 10:22:24 us=188052 pkcs11_protected_authentication = DISABLED
2014-01-16 10:22:24 us=188067 pkcs11_protected_authentication = DISABLED
2014-01-16 10:22:24 us=188081 pkcs11_protected_authentication = DISABLED
2014-01-16 10:22:24 us=188095 pkcs11_protected_authentication = DISABLED
2014-01-16 10:22:24 us=188110 pkcs11_protected_authentication = DISABLED
2014-01-16 10:22:24 us=188125 pkcs11_protected_authentication = DISABLED
2014-01-16 10:22:24 us=188139 pkcs11_protected_authentication = DISABLED
2014-01-16 10:22:24 us=188154 pkcs11_protected_authentication = DISABLED
2014-01-16 10:22:24 us=188168 pkcs11_protected_authentication = DISABLED
2014-01-16 10:22:24 us=188184 pkcs11_protected_authentication = DISABLED
2014-01-16 10:22:24 us=188199 pkcs11_protected_authentication = DISABLED
2014-01-16 10:22:24 us=188214 pkcs11_protected_authentication = DISABLED
2014-01-16 10:22:24 us=188226 pkcs11_protected_authentication = DISABLED
2014-01-16 10:22:24 us=188239 pkcs11_protected_authentication = DISABLED
2014-01-16 10:22:24 us=188252 pkcs11_protected_authentication = DISABLED
2014-01-16 10:22:24 us=188264 pkcs11_protected_authentication = DISABLED
2014-01-16 10:22:24 us=188278 pkcs11_private_mode = 00000000
2014-01-16 10:22:24 us=188294 pkcs11_private_mode = 00000000
2014-01-16 10:22:24 us=188308 pkcs11_private_mode = 00000000
2014-01-16 10:22:24 us=188324 pkcs11_private_mode = 00000000
2014-01-16 10:22:24 us=188339 pkcs11_private_mode = 00000000
2014-01-16 10:22:24 us=188354 pkcs11_private_mode = 00000000
2014-01-16 10:22:24 us=188367 pkcs11_private_mode = 00000000
2014-01-16 10:22:24 us=188379 pkcs11_private_mode = 00000000
2014-01-16 10:22:24 us=188391 pkcs11_private_mode = 00000000
2014-01-16 10:22:24 us=188421 pkcs11_private_mode = 00000000
2014-01-16 10:22:24 us=188436 pkcs11_private_mode = 00000000
2014-01-16 10:22:24 us=188448 pkcs11_private_mode = 00000000
2014-01-16 10:22:24 us=188461 pkcs11_private_mode = 00000000
2014-01-16 10:22:24 us=188473 pkcs11_private_mode = 00000000
2014-01-16 10:22:24 us=188487 pkcs11_private_mode = 00000000
2014-01-16 10:22:24 us=188499 pkcs11_private_mode = 00000000
2014-01-16 10:22:24 us=188512 pkcs11_cert_private = DISABLED
2014-01-16 10:22:24 us=188525 pkcs11_cert_private = DISABLED
2014-01-16 10:22:24 us=188537 pkcs11_cert_private = DISABLED
2014-01-16 10:22:24 us=188550 pkcs11_cert_private = DISABLED
2014-01-16 10:22:24 us=188562 pkcs11_cert_private = DISABLED
2014-01-16 10:22:24 us=188575 pkcs11_cert_private = DISABLED
2014-01-16 10:22:24 us=188588 pkcs11_cert_private = DISABLED
2014-01-16 10:22:24 us=188600 pkcs11_cert_private = DISABLED
2014-01-16 10:22:24 us=188612 pkcs11_cert_private = DISABLED
2014-01-16 10:22:24 us=188625 pkcs11_cert_private = DISABLED
2014-01-16 10:22:24 us=188639 pkcs11_cert_private = DISABLED
2014-01-16 10:22:24 us=188653 pkcs11_cert_private = DISABLED
2014-01-16 10:22:24 us=188667 pkcs11_cert_private = DISABLED
2014-01-16 10:22:24 us=188681 pkcs11_cert_private = DISABLED
2014-01-16 10:22:24 us=188696 pkcs11_cert_private = DISABLED
2014-01-16 10:22:24 us=188710 pkcs11_cert_private = DISABLED
2014-01-16 10:22:24 us=188724 pkcs11_pin_cache_period = -1
2014-01-16 10:22:24 us=188740 pkcs11_id = '[UNDEF]'
2014-01-16 10:22:24 us=188755 pkcs11_id_management = DISABLED
2014-01-16 10:22:24 us=188792 server_network = 0.0.0.0
2014-01-16 10:22:24 us=188812 server_netmask = 0.0.0.0
2014-01-16 10:22:24 us=188830 server_bridge_ip = 0.0.0.0
2014-01-16 10:22:24 us=188847 server_bridge_netmask = 0.0.0.0
2014-01-16 10:22:24 us=188863 server_bridge_pool_start = 0.0.0.0
2014-01-16 10:22:24 us=188881 server_bridge_pool_end = 0.0.0.0
2014-01-16 10:22:24 us=188897 ifconfig_pool_defined = DISABLED
2014-01-16 10:22:24 us=188914 ifconfig_pool_start = 0.0.0.0
2014-01-16 10:22:24 us=188931 ifconfig_pool_end = 0.0.0.0
2014-01-16 10:22:24 us=188948 ifconfig_pool_netmask = 0.0.0.0
2014-01-16 10:22:24 us=188963 ifconfig_pool_persist_filename = '[UNDEF]'
2014-01-16 10:22:24 us=188978 ifconfig_pool_persist_refresh_freq = 600
2014-01-16 10:22:24 us=188994 n_bcast_buf = 256
2014-01-16 10:22:24 us=189009 tcp_queue_limit = 64
2014-01-16 10:22:24 us=189024 real_hash_size = 256
2014-01-16 10:22:24 us=189038 virtual_hash_size = 256
2014-01-16 10:22:24 us=189053 client_connect_script = '[UNDEF]'
2014-01-16 10:22:24 us=189068 learn_address_script = '[UNDEF]'
2014-01-16 10:22:24 us=189083 client_disconnect_script = '[UNDEF]'
2014-01-16 10:22:24 us=189098 client_config_dir = '[UNDEF]'
2014-01-16 10:22:24 us=189112 ccd_exclusive = DISABLED
2014-01-16 10:22:24 us=189127 tmp_dir = '/var/folders/s4/5w875g7938jf57d5hh9187fw0000gn/T/'
2014-01-16 10:22:24 us=189142 push_ifconfig_defined = DISABLED
2014-01-16 10:22:24 us=189159 push_ifconfig_local = 0.0.0.0
2014-01-16 10:22:24 us=189176 push_ifconfig_remote_netmask = 0.0.0.0
2014-01-16 10:22:24 us=189191 enable_c2c = DISABLED
2014-01-16 10:22:24 us=189206 duplicate_cn = DISABLED
2014-01-16 10:22:24 us=189222 cf_max = 0
2014-01-16 10:22:24 us=189236 cf_per = 0
2014-01-16 10:22:24 us=189251 max_clients = 1024
2014-01-16 10:22:24 us=189266 max_routes_per_client = 256
2014-01-16 10:22:24 us=189280 auth_user_pass_verify_script = '[UNDEF]'
2014-01-16 10:22:24 us=189294 auth_user_pass_verify_script_via_file = DISABLED
2014-01-16 10:22:24 us=189308 ssl_flags = 0
2014-01-16 10:22:24 us=189321 port_share_host = '[UNDEF]'
2014-01-16 10:22:24 us=189358 port_share_port = 0
2014-01-16 10:22:24 us=189375 client = ENABLED
2014-01-16 10:22:24 us=189389 pull = ENABLED
2014-01-16 10:22:24 us=189404 auth_user_pass_file = '[UNDEF]'
2014-01-16 10:22:24 us=189428 OpenVPN 2.2.1 i386-apple-darwin10.8.0 [SSL] [LZO2] [PKCS11] [eurephia] built on Oct 25 2013
2014-01-16 10:22:24 us=189620 MANAGEMENT: TCP Socket listening on 127.0.0.1:1338
2014-01-16 10:22:24 us=190749 Need hold release from management interface, waiting...
2014-01-16 10:22:24 us=315383 MANAGEMENT: Client connected from 127.0.0.1:1338
2014-01-16 10:22:24 us=321013 MANAGEMENT: CMD 'pid'
2014-01-16 10:22:24 us=321263 MANAGEMENT: CMD 'state on'
2014-01-16 10:22:24 us=321400 MANAGEMENT: CMD 'state'
2014-01-16 10:22:24 us=321557 MANAGEMENT: CMD 'bytecount 1'
2014-01-16 10:22:24 us=321689 MANAGEMENT: CMD 'hold release'
2014-01-16 10:22:24 us=322078 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2014-01-16 10:22:24 us=322217 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2014-01-16 10:22:24 us=327707 LZO compression initialized
2014-01-16 10:22:24 us=327925 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
2014-01-16 10:22:24 us=328067 Socket Buffers: R=[196724->65536] S=[9216->65536]
2014-01-16 10:22:24 us=328167 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
2014-01-16 10:22:24 us=328270 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
2014-01-16 10:22:24 us=328353 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
2014-01-16 10:22:24 us=328444 Local Options hash (VER=V4): '41690919'
2014-01-16 10:22:24 us=328526 Expected Remote Options hash (VER=V4): '530fdded'
2014-01-16 10:22:24 us=328614 UDPv4 link local: [undef]
2014-01-16 10:22:24 us=328695 UDPv4 link remote: 216.154.17.58:11194
2014-01-16 10:22:24 us=328801 MANAGEMENT: >STATE:1389885744,WAIT,,,
2014-01-16 10:22:24 us=350076 MANAGEMENT: >STATE:1389885744,AUTH,,,
2014-01-16 10:22:24 us=350267 TLS: Initial packet from AAA.BBB.17.58:11194, sid=412f68f0 78402b9d
2014-01-16 10:22:24 us=499634 VERIFY OK: depth=1, /C=CA/ST=ON/L=M/O=Canada/CN=CA/emailAddress=russ@
2014-01-16 10:22:24 us=500195 VERIFY OK: depth=0, /C=CA/ST=ON/L=M/O=Canada/CN=server2./emailAddress=russ@
2014-01-16 10:22:24 us=757247 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
2014-01-16 10:22:24 us=757464 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2014-01-16 10:22:24 us=757635 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
2014-01-16 10:22:24 us=757766 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2014-01-16 10:22:24 us=757934 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
2014-01-16 10:22:24 us=758097 [server2.org] Peer Connection Initiated with AAA.BBB.17.58:11194
2014-01-16 10:22:25 us=426089 MANAGEMENT: >STATE:1389885745,GET_CONFIG,,,
2014-01-16 10:22:26 us=427660 SENT CONTROL [server2.org]: 'PUSH_REQUEST' (status=1)
2014-01-16 10:22:26 us=459940 PUSH: Received control message: 'PUSH_REPLY,route 10.10.10.0 255.255.255.0,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.4 255.255.255.0'
2014-01-16 10:22:26 us=460228 OPTIONS IMPORT: timers and/or timeouts modified
2014-01-16 10:22:26 us=460396 OPTIONS IMPORT: --ifconfig/up options modified
2014-01-16 10:22:26 us=460526 OPTIONS IMPORT: route options modified
2014-01-16 10:22:26 us=460745 OPTIONS IMPORT: route-related options modified
2014-01-16 10:22:26 us=460998 ROUTE default_gateway=128.100.103.1
2014-01-16 10:22:26 us=461902 TUN/TAP device /dev/tun0 opened
2014-01-16 10:22:26 us=462072 MANAGEMENT: >STATE:1389885746,ASSIGN_IP,,10.8.0.4,
2014-01-16 10:22:26 us=462384 /sbin/ifconfig tun0 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2014-01-16 10:22:26 us=472983 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2014-01-16 10:22:26 us=473231 /sbin/ifconfig tun0 10.8.0.4 10.8.0.4 netmask 255.255.255.0 mtu 1500 up
2014-01-16 10:22:26 us=493237 /sbin/route add -net 10.8.0.0 10.8.0.4 255.255.255.0
add net 10.8.0.0: gateway 10.8.0.4
2014-01-16 10:22:26 us=504272 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -f -ptADGNWradsgnw tun0 1500 1542 10.8.0.4 255.255.255.0 init
**********************************************
Start of output from client.up.tunnelblick.sh
No network configuration changes need to be made.
Will NOT monitor for other network configuration changes.
End of output from client.up.tunnelblick.sh
**********************************************
2014-01-16 10:22:28 us=732517 MANAGEMENT: >STATE:1389885748,ADD_ROUTES,,,
2014-01-16 10:22:28 us=732831 /sbin/route add -net 10.10.10.0 10.8.0.1 255.255.255.0
2014-01-16 10:22:28 *Tunnelblick: No 'connected.sh' script to execute
add net 10.10.10.0: gateway 10.8.0.1
2014-01-16 10:22:28 us=740944 Initialization Sequence Completed
2014-01-16 10:22:28 us=741352 MANAGEMENT: >STATE:1389885748,CONNECTED,SUCCESS,10.8.0.4,216.154.17.58
2014-01-16 10:22:34 *Tunnelblick: This computer's apparent public IP address (XXX.YYY.103.6) was unchanged after the connection was made
2014-01-16 10:22:23 *Tunnelblick: openvpnstart starting OpenVPN
================================================================================
jkbull...gmail.com
Jan 16, 2014, 11:05:29 AM1/16/14
to tunnelbli...@googlegroups.com
Try setting Tunnelblick to use the VPN for all traffic (which is what I assume you want to do): On the "While Connected" tab of Tunnelblick's "Advanced" settings window, put a check in the "Route all traffic through the VPN" checkbox.
Russell Sutherland
Jan 16, 2014, 12:23:07 PM1/16/14
to tunnelbli...@googlegroups.com
I tried that, even though that is NOT what I want to happen. I only want traffic destined for the remote LAN to go over the VPN tunnel.
Regardless, the ping works to both the server's tunnel and real IP addresses. But the ssh session to the real address fails as before.
Russell
Reply all
Reply to author
Forward
0 new messages