Upgraded to 3.7 and then 3.7.1beta01... Error: "Tunnelblick was unable to start OpenVPN to connect..."

412 views

Skip to first unread message

Eli104

unread,

Jan 31, 2017, 7:56:00 AM1/31/17

to tunnelblick-discuss

HELP!

Today I unpraded to Tunnelblick 3.7.0 (Stable) and tried to connect. I received the error message: "Tunnelblick was unable to start OpenVPN to connect XXXX VPN. For details, see the log in the VPN Details… window"

I followed the instructions on how to post a message here, which included downloading and upgrading to the latest BETA version in case there was a known problem, but I still have the same error and cannot connect.

Log file below... (Sanitized)... Any ideas are welcome!!

*Tunnelblick: OS X 10.12.2; Tunnelblick 3.7.1beta01 (build 4800); prior version 3.7.0 (build 4790); Admin user

git commit 844a29ce2d4edda7d77bf96279e84b42a80bec57

Configuration GhehVee VPN

"Sanitized" condensed configuration file for /Users/elisherer2015/Library/Application Support/Tunnelblick/Configurations/GhehVee VPN.tblk:

dev tun

client

proto tcp-client

ca ca.crt

cert client.crt

key client.pem

tls-remote "/O=WatchGuard_Technologies/OU=Fireware/CN=Fireware_SSLVPN_Server"

remote-cert-eku "TLS Web Server Authentication"

remote XX.XXX.XXX.XXX 443 [I cleaned the address here for the log]

persist-key

persist-tun

verb 3

mute 20

keepalive 10 60

cipher AES-256-CBC

auth SHA1

float 1

reneg-sec 3660

nobind

mute-replay-warnings

auth-user-pass

================================================================================

Non-Apple kexts that are loaded:

Index Refs Address Size Wired Name (Version) UUID <Linked Against>

134 0 0xffffff7f80b22000 0x7000 0x7000 com.Perfect.Driver.SystemAudioRecorder (1.0.0) 006E5F93-3F76-3B8B-BF63-0EB171665EA5 <108 5 4 3 1>

================================================================================

There are no unusual files in GhehVee VPN.tblk

================================================================================

Configuration preferences:

useDNS = 1

-keychainHasUsernameAndPassword = 1

-openvpnVersion = -

-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 1

-lastConnectionSucceeded = 0

-tunnelDownSoundName = Speak

-tunnelUpSoundName = Speak

================================================================================

Wildcard preferences:

-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 1

================================================================================

Program preferences:

placeIconInStandardPositionInStatusBar = 1

launchAtNextLogin = 1

menuIconSet = 3.3.TBMenuIcons

notOKToCheckThatIPAddressDidNotChangeAfterConnection = 1

askedUserIfOKToCheckThatIPAddressDidNotChangeAfterConnection = 1

tunnelblickVersionHistory = (

"3.7.1beta01 (build 4800)",

"3.7.0 (build 4790)",

"3.6.9 (build 4685)",

"3.6.8 (build 4625)",

"3.6.7c (build 4606)",

"3.6.7a (build 4603)",

"3.6.7 (build 4602)",

"3.6.0a (build 4543.4546)",

"3.5.8 (build 4270.4530)",

"3.5.6 (build 4270.4505)"

)

statusDisplayNumber = 0

lastLaunchTime = 507560014.421453

showConnectedDurations = 1

lastLanguageAtLaunchWasRTL = 0

connectionWindowDisplayCriteria = showWhenChanges

maxLogDisplaySize = 102400

lastConnectedDisplayName = GhehVee VPN

keyboardShortcutIndex = 1

updateCheckAutomatically = 1

updateSendProfileInfo = 1

NSWindow Frame SettingsSheetWindow = 459 353 829 524 0 0 1440 877

NSWindow Frame ConnectingWindow = 525 518 389 187 0 0 1440 877

NSWindow Frame SUUpdateAlert = 410 364 620 392 0 0 1440 877

detailsWindowFrameVersion = 4800

detailsWindowFrame = {{328, 378}, {920, 468}}

detailsWindowLeftFrame = {{0, 0}, {165, 350}}

detailsWindowViewIndex = 0

detailsWindowConfigurationsTabIdentifier = settings

leftNavSelectedDisplayName = GhehVee VPN

AdvancedWindowTabIdentifier = connectingAndDisconnecting

haveDealtWithSparkle1dot5b6 = 1

haveDealtWithOldTunTapPreferences = 1

haveDealtWithOldLoginItem = 1

SUEnableAutomaticChecks = 1

SUFeedURL = https://www.tunnelblick.net/appcast-s.rss

SUScheduledCheckInterval = 86400

SUSendProfileInfo = 1

SULastCheckTime = 2017-01-31 12:53:39 +0000

SULastProfileSubmissionDate = 2017-01-31 12:35:49 +0000

SUHasLaunchedBefore = 1

WebKitDefaultFontSize = 11

WebKitStandardFont = .AppleSystemUIFont

================================================================================

Tunnelblick Log:

*Tunnelblick: OS X 10.12.2; Tunnelblick 3.7.1beta01 (build 4800); prior version 3.7.0 (build 4790)

2017-01-31 07:53:36 *Tunnelblick: Attempting connection with GhehVee VPN using shadow copy; Set nameserver = 769; monitoring connection

2017-01-31 07:53:36 *Tunnelblick: openvpnstart start GhehVee\ VPN.tblk 1337 769 0 1 0 1065264 -ptADGNWradsgnw 2.5_git_4590c38-libressl-2.5.0

2017-01-31 07:53:37 *Tunnelblick:

Could not start OpenVPN (openvpnstart returned with status #251)

Contents of the openvpnstart log:

*Tunnelblick: openvpnstart log:

OpenVPN returned with status 1, errno = 0:

Undefined error: 0

Command used to start OpenVPN (one argument per displayed line):

/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.5_git_4590c38-libressl-2.5.0/openvpn

--daemon

--log

/Library/Application Support/Tunnelblick/Logs/-SUsers-Selisherer2015-SLibrary-SApplication Support-STunnelblick-SConfigurations-SGhehVee VPN.tblk-SContents-SResources-Sconfig.ovpn.769_0_1_0_1065264.1337.openvpn.log

--cd

/Library/Application Support/Tunnelblick/Users/elisherer2015/GhehVee VPN.tblk/Contents/Resources

--verb

--config

/Library/Application Support/Tunnelblick/Users/elisherer2015/GhehVee VPN.tblk/Contents/Resources/config.ovpn

--verb

--cd

/Library/Application Support/Tunnelblick/Users/elisherer2015/GhehVee VPN.tblk/Contents/Resources

--management

127.0.0.1

1337

--management-query-passwords

--management-hold

--script-security

--up

/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw

--down

/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw

Contents of the OpenVPN log:

Options error: Unrecognized option or missing or extra parameter(s) in /Library/Application Support/Tunnelblick/Users/elisherer2015/GhehVee VPN.tblk/Contents/Resources/config.ovpn:7: tls-remote (2.5_git_4590c38)

Use --help for more information.

More details may be in the Console Log's "All Messages"

================================================================================

"Sanitized" full configuration file

dev tun

client

proto tcp-client

ca ca.crt

cert client.crt

key client.pem

tls-remote "/O=WatchGuard_Technologies/OU=Fireware/CN=Fireware_SSLVPN_Server"

remote-cert-eku "TLS Web Server Authentication"

remote XX.XXX.XXX.XXX 443 same cleaning here.. for the log

persist-key

persist-tun

verb 3

mute 20

keepalive 10 60

cipher AES-256-CBC

auth SHA1

float 1

reneg-sec 3660

nobind

mute-replay-warnings

auth-user-pass

================================================================================

ifconfig output:

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384

options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>

inet 127.0.0.1 netmask 0xff000000

inet6 ::1 prefixlen 128

inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1

nd6 options=201<PERFORMNUD,DAD>

gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280

stf0: flags=0<> mtu 1280

en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

ether 98:01:a7:a0:71:ff

inet6 fe80::422:6fd8:a24b:b34d%en0 prefixlen 64 secured scopeid 0x4

inet 192.168.1.185 netmask 0xffffff00 broadcast 192.168.1.255

nd6 options=201<PERFORMNUD,DAD>

media: autoselect

status: active

en1: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500

options=60<TSO4,TSO6>

ether 6a:00:02:44:d5:70

media: autoselect <full-duplex>

status: inactive

en2: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500

options=60<TSO4,TSO6>

ether 6a:00:02:44:d5:71

media: autoselect <full-duplex>

status: inactive

bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

options=63<RXCSUM,TXCSUM,TSO4,TSO6>

ether 6a:00:02:44:d5:70

Configuration:

id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0

maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200

root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0

ipfilter disabled flags 0x2

member: en1 flags=3<LEARNING,DISCOVER>

ifmaxaddr 0 port 5 priority 0 path cost 0

member: en2 flags=3<LEARNING,DISCOVER>

ifmaxaddr 0 port 6 priority 0 path cost 0

nd6 options=201<PERFORMNUD,DAD>

media: <unknown type>

status: inactive

p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304

ether 0a:01:a7:a0:71:ff

media: autoselect

status: inactive

awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1484

ether 96:cc:6f:75:64:8d

inet6 fe80::94cc:6fff:fe75:648d%awdl0 prefixlen 64 scopeid 0x9

nd6 options=201<PERFORMNUD,DAD>

media: autoselect

status: active

utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000

inet6 fe80::aaf7:400f:adb5:6943%utun0 prefixlen 64 scopeid 0xa

nd6 options=201<PERFORMNUD,DAD>

utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380

inet6 fe80::5658:2ac6:cd6e:4d77%utun1 prefixlen 64 scopeid 0xb

nd6 options=201<PERFORMNUD,DAD>

utun3: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380

inet6 fe80::903:cd9f:a237:a66e%utun3 prefixlen 64 scopeid 0xd

inet6 fd8a:3d9:bf30:c008:903:cd9f:a237:a66e prefixlen 64

nd6 options=201<PERFORMNUD,DAD>

utun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380

inet6 fe80::8964:914d:2bd7:6661%utun2 prefixlen 64 scopeid 0xc

nd6 options=201<PERFORMNUD,DAD>

================================================================================

Console Log:

2017-01-31 07:35:48 Tunnelblick[5686] Tunnelblick: OS X 10.12.2; Tunnelblick 3.6.9 (build 4685)

2017-01-31 07:35:49 Tunnelblick[5686] Warning: preferences contain unknown preference 'NSWindow Frame SUUpdateAlert'

2017-01-31 07:35:49 Tunnelblick[5686] Using icon set '3.3.TBMenuIcons' without Retina images

2017-01-31 07:35:49 Tunnelblick[5686] Set program update feedURL to https://www.tunnelblick.net/appcast-s.rss

2017-01-31 07:35:49 Tunnelblick[5686] Sparkle: ===== Tunnelblick.app =====

2017-01-31 07:35:49 Tunnelblick[5686] Sparkle: Verified appcast signature

2017-01-31 07:35:59 Tunnelblick[5686] Sparkle: Extracting using '/usr/bin/ditto' '-x' '-k' '-' < '/Users/elisherer2015/Library/Caches/net.tunnelblick.tunnelblick/org.sparkle-project.Sparkle/Tunnelblick 4790/Tunnelblick_3.7.0_build_4790.zip' '/Users/elisherer2015/Library/Caches/net.tunnelblick.tunnelblick/org.sparkle-project.Sparkle/Tunnelblick 4790'

2017-01-31 07:36:01 Tunnelblick[5686] updater:willInstallUpdate: Starting cleanup.

2017-01-31 07:36:01 Tunnelblick[5686] updater:willInstallUpdate: Cleanup finished.

2017-01-31 07:36:02 Tunnelblick[5686] applicationShouldTerminate: termination because of Quit; delayed until 'shutdownTunnelblick' finishes

2017-01-31 07:36:02 Tunnelblick[5686] pthread_mutex_trylock( &cleanupMutex ) failed; status = 16, errno = 3

2017-01-31 07:36:02 Tunnelblick[5686] pthread_mutex_trylock( &cleanupMutex ) failed is normal and expected when Tunnelblick is updated

2017-01-31 07:36:02 Tunnelblick[5686] Finished shutting down Tunnelblick; allowing termination

2017-01-31 07:36:04 Tunnelblick[5715] Tunnelblick: OS X 10.12.2; Tunnelblick 3.7.0 (build 4790)

2017-01-31 07:36:05 Tunnelblick[5715] Warning: preferences contain unknown preference 'NSWindow Frame SUUpdateAlert'

2017-01-31 07:36:05 Tunnelblick[5715] Need to replace and/or reload 'tunnelblickd':

daemonHashesMatch = NO

plistHashesMatch = YES

activePlistMatches = YES

2017-01-31 07:36:08 Tunnelblick[5715] Tunnelblick needs to:

• Complete the update

2017-01-31 07:36:08 Tunnelblick[5715] Beginning installation or repair

2017-01-31 07:36:09 Tunnelblick[5715] Installation or repair succeeded; Log:

Tunnelblick installer started 2017-01-31 07:36:08. 1 arguments: 0x0101

Created directory /var/log/Tunnelblick with owner 0:0 and permissions 755

Replaced /Library/LaunchDaemons/net.tunnelblick.tunnelblick.tunnelblickd.plist

Used launchctl to load tunnelblickd

Tunnelblick installer finished without error

2017-01-31 07:36:09 Tunnelblick[5715] Using icon set '3.3.TBMenuIcons' without Retina images

2017-01-31 07:36:09 Tunnelblick[5715] Sparkle: ===== Tunnelblick.app =====

2017-01-31 07:36:09 Tunnelblick[5715] Sparkle: Verified appcast signature

2017-01-31 07:36:13 tunnelblickd[5733] Status = 251 from tunnelblick-helper command 'start GhehVee VPN.tblk 1337 769 0 1 0 1065264 -ptADGNWradsgnw 2.4.0-libressl-2.5.0'

2017-01-31 07:36:13 Tunnelblick[5715] tunnelblickd status from start: 251

2017-01-31 07:36:23 tunnelblickd[5733] Status = 251 from tunnelblick-helper command 'start GhehVee VPN.tblk 1337 769 0 1 0 1065264 -ptADGNWradsgnw 2.4.0-libressl-2.5.0'

2017-01-31 07:36:24 Tunnelblick[5715] tunnelblickd status from start: 251

2017-01-31 07:36:31 tunnelblickd[5733] Status = 251 from tunnelblick-helper command 'start Zee Old Client.tblk 1337 769 0 1 0 1065264 -ptADGNWradsgnw 2.4.0-libressl-2.5.0'

2017-01-31 07:36:32 Tunnelblick[5715] tunnelblickd status from start: 251

2017-01-31 07:36:40 Tunnelblick[5715] Using icon set '3.3.TBMenuIcons' without Retina images

2017-01-31 07:37:13 Tunnelblick[5715] BUG in libdispatch client: kevent[EVFILT_MACHPORT] monitored resource vanished before the source cancel handler was invoked

2017-01-31 07:38:11 tunnelblickd[5778] Status = 251 from tunnelblick-helper command 'start GhehVee VPN.tblk 1337 769 0 1 0 1065264 -ptADGNWradsgnw 2.4.0-libressl-2.5.0'

2017-01-31 07:38:11 Tunnelblick[5715] tunnelblickd status from start: 251

2017-01-31 07:38:30 Tunnelblick[5715] applicationShouldTerminate: termination because of Quit; delayed until 'shutdownTunnelblick' finishes

2017-01-31 07:38:30 Tunnelblick[5715] Finished shutting down Tunnelblick; allowing termination

2017-01-31 07:38:33 Tunnelblick[5801] Tunnelblick: OS X 10.12.2; Tunnelblick 3.7.0 (build 4790)

2017-01-31 07:38:33 Tunnelblick[5801] Warning: preferences contain unknown preference 'NSWindow Frame SUUpdateAlert'

2017-01-31 07:38:34 Tunnelblick[5801] Using icon set '3.3.TBMenuIcons' without Retina images

2017-01-31 07:38:34 Tunnelblick[5801] Sparkle: ===== Tunnelblick.app =====

2017-01-31 07:38:34 Tunnelblick[5801] Sparkle: Verified appcast signature

2017-01-31 07:38:38 tunnelblickd[5778] Status = 251 from tunnelblick-helper command 'start GhehVee VPN.tblk 1337 769 0 1 0 1065264 -ptADGNWradsgnw 2.4.0-libressl-2.5.0'

2017-01-31 07:38:38 Tunnelblick[5801] tunnelblickd status from start: 251

2017-01-31 07:38:54 Tunnelblick[5801] Using icon set '3.3.TBMenuIcons' without Retina images

2017-01-31 07:39:52 tunnelblickd[5845] Status = 251 from tunnelblick-helper command 'start GhehVee VPN.tblk 1337 769 0 1 0 1065264 -ptADGNWradsgnw 2.4.0-libressl-2.5.0'

2017-01-31 07:39:53 Tunnelblick[5801] tunnelblickd status from start: 251

2017-01-31 07:42:06 Tunnelblick[5801] applicationShouldTerminate: termination because of Quit; delayed until 'shutdownTunnelblick' finishes

2017-01-31 07:42:06 Tunnelblick[5801] Finished shutting down Tunnelblick; allowing termination

2017-01-31 07:43:30 Tunnelblick[5978] Tunnelblick: OS X 10.12.2; Tunnelblick 3.7.1beta01 (build 4800)

2017-01-31 07:43:30 Tunnelblick[5978] Tunnelblick cannot run when it is on /Volumes because the volume has the MNT_NOSUID statfs flag set.

2017-01-31 07:43:33 Tunnelblick[5978] Tunnelblick needs to:

• Be installed in /Applications as Tunnelblick

• Change ownership and permissions of the program to secure it

• Secure configurations

2017-01-31 07:43:33 Tunnelblick[5978] Beginning installation or repair

2017-01-31 07:43:34 Tunnelblick[5978] Installation or repair succeeded; Log:

Tunnelblick installer started 2017-01-31 07:43:33. 1 arguments: 0x0017

Moved /Applications/Tunnelblick.app to the Trash

Copied /Volumes/Tunnelblick/Tunnelblick.app to /Applications/Tunnelblick.app

Removed all 'com.apple.quarantine' extended attributes

Changed ownership of /Applications/Tunnelblick.app and its contents from 501:80 to 0:0

Changed permissions from 644 to 740 on /Users/elisherer2015/Library/Application Support/Tunnelblick/Configurations/.DS_Store

Need to replace and/or reload 'tunnelblickd':

daemonHashesMatch = NO

plistHashesMatch = YES

activePlistMatches = YES

Replaced /Library/LaunchDaemons/net.tunnelblick.tunnelblick.tunnelblickd.plist

Used launchctl to load tunnelblickd

Tunnelblick installer finished without error

2017-01-31 07:43:34 Tunnelblick[5978] applicationShouldTerminate: termination because of Quit; delayed until 'shutdownTunnelblick' finishes

2017-01-31 07:43:34 Tunnelblick[5991] Tunnelblick: OS X 10.12.2; Tunnelblick 3.7.1beta01 (build 4800)

2017-01-31 07:43:34 Tunnelblick[5978] Finished shutting down Tunnelblick; allowing termination

2017-01-31 07:43:34 Tunnelblick[5991] Using icon set '3.3.TBMenuIcons' without Retina images

2017-01-31 07:43:35 Tunnelblick[5991] Sparkle: ===== Tunnelblick.app =====

2017-01-31 07:43:35 Tunnelblick[5991] Sparkle: Verified appcast signature

2017-01-31 07:43:51 tunnelblickd[6020] Status = 251 from tunnelblick-helper command 'start GhehVee VPN.tblk 1337 769 0 1 0 1065264 -ptADGNWradsgnw 2.5_git_4590c38-libressl-2.5.0'

2017-01-31 07:43:51 Tunnelblick[5991] tunnelblickd status from start: 251

2017-01-31 07:44:15 Tunnelblick[5991] Using icon set '3.3.TBMenuIcons' without Retina images

2017-01-31 07:45:50 Tunnelblick[5991] BUG in libdispatch client: kevent[EVFILT_MACHPORT] monitored resource vanished before the source cancel handler was invoked

2017-01-31 07:45:57 tunnelblickd[6060] Status = 251 from tunnelblick-helper command 'start GhehVee VPN.tblk 1337 769 0 1 0 1065264 -ptADGNWradsgnw 2.5_git_4590c38-libressl-2.5.0'

2017-01-31 07:45:57 Tunnelblick[5991] tunnelblickd status from start: 251

2017-01-31 07:47:53 tunnelblickd[6107] Status = 251 from tunnelblick-helper command 'start GhehVee VPN.tblk 1337 769 0 1 0 1065264 -ptADGNWradsgnw 2.5_git_4590c38-libressl-2.5.0'

2017-01-31 07:47:53 Tunnelblick[5991] tunnelblickd status from start: 251

2017-01-31 07:53:08 Tunnelblick[5991] applicationShouldTerminate: termination because of Quit; delayed until 'shutdownTunnelblick' finishes

2017-01-31 07:53:08 Tunnelblick[5991] Finished shutting down Tunnelblick; allowing termination

2017-01-31 07:53:29 Tunnelblick[6230] Tunnelblick: OS X 10.12.2; Tunnelblick 3.7.1beta01 (build 4800)

2017-01-31 07:53:29 Tunnelblick[6230] /Applications/Tunnelblick.app not owned by root:wheel

2017-01-31 07:53:32 Tunnelblick[6230] Tunnelblick needs to:

• Change ownership and permissions of the program to secure it

2017-01-31 07:53:32 Tunnelblick[6230] Beginning installation or repair

2017-01-31 07:53:33 Tunnelblick[6230] Installation or repair succeeded; Log:

Tunnelblick installer started 2017-01-31 07:53:32. 1 arguments: 0x0005

Changed ownership of /Applications/Tunnelblick.app and its contents from 501:80 to 0:0

Tunnelblick installer finished without error

2017-01-31 07:53:33 Tunnelblick[6230] Using icon set '3.3.TBMenuIcons' without Retina images

2017-01-31 07:53:37 tunnelblickd[6255] Status = 251 from tunnelblick-helper command 'start GhehVee VPN.tblk 1337 769 0 1 0 1065264 -ptADGNWradsgnw 2.5_git_4590c38-libressl-2.5.0'

2017-01-31 07:53:37 Tunnelblick[6230] tunnelblickd status from start: 251

2017-01-31 07:53:39 Tunnelblick[6230] Sparkle: ===== Tunnelblick.app =====

2017-01-31 07:53:39 Tunnelblick[6230] Sparkle: Verified appcast signature

2017-01-31 07:53:44 Tunnelblick[6230] Using icon set '3.3.TBMenuIcons' without Retina images

2017-01-31 07:53:47 Tunnelblick[6230] BUG in libdispatch client: kevent[EVFILT_MACHPORT] monitored resource vanished before the source cancel handler was invoked

Tunnelblick developer

unread,

Jan 31, 2017, 8:14:09 AM1/31/17

to tunnelblick-discuss

The problem is shown here:

Contents of the OpenVPN log:

Options error: Unrecognized option or missing or extra parameter(s) in /Library/Application Support/Tunnelblick/Users/elisherer2015/GhehVee VPN.tblk/Contents/Resources/config.ovpn:7: tls-remote (2.5_git_4590c38)

Your configuration file includes a "tls-remote" option. That option is not available in OpenVPN 2.5, which is the version of OpenVPN that you have selected to use with this configuration.

Quick Solution: Choose a different version of OpenVPN, either 2.4 or 2.3.14. You can do that on the "Settings" tab of the "Configurations" panel of Tunnelblick's "VPN Details" window. The change will affect all configurations that you have selected in the list on the left side of the window.

Better Solution: Update your VPN configurations to use the "verify-x509-name" option instead.

"tls-remote" was deprecated in March 2013 – nearly four years ago. It was finally removed from OpenVPN 2.5 in November 2016, with the following comment from a developer:

In OpenVPN 2.3 --tls-remote got deprecated in favour of --verify-x509-name.
The new option solves the same task as --tls-remote but in a more flexible
and improved way. This new option was introduced in commit 9f0fc745664fd0
(release/2.3: f6e12862cefd054eb1). Removing --tls-remote will only require
a minor configuration file change.

The removal of this option has been documented in the man pages since the
release of OpenVPN v2.3, where also the deprecation of --compat-names and
--no-name-remapping was included. However, those two will first be removed
in OpenVPN v2.5.

Eli104

unread,

Jan 31, 2017, 8:22:28 AM1/31/17

to tunnelblick-discuss

Thanks! I had to go back to 2.3.14 to get it to connect...

Question: What is involved in changing from "tls-remote" to "verify-x509-name"? I have very little support for this (solution is not officially supported by the company). Is it just re-writing the name in the configuration, (would be too simple), or does the actual configuration detail need to be changed?

Sorry for the "simple" questions... Not really used to getting this far into the details.

Tunnelblick developer

unread,

Jan 31, 2017, 9:03:17 AM1/31/17

to tunnelblick-discuss

If you're getting the same error with OpenVPN 2.4.0 (and not some other error), then it is even more urgent that it be addressed.

As I understand it, using "verify-x509-name" involves changing the OpenVPN configurations on both the OpenVPN client and the OpenVPN server.

It isn't clear to me if the VPN you are connecting to is your VPN (VPN-ing into your home LAN when you are on your company network), or it is your company's VPN (connecting to the company's VPN from your home).

If it is your VPN, you should be able to change to verify-x509-name because you control both ends. However, OpenVPN configuration is not for the faint of heart and may be difficult. How to do it is purely an OpenVPN question (that is, not a Tunnelblick question) and you will have to consult OpenVPN resources:

If it is your company's VPN, they must make the changes.

Why they would want to continue to use something that has been deprecated for several years and has now been removed is beyond me. They will be stuck with an insecure VPN when OpenVPN stops supporting version 2.4 if a security issue is found in that version.

Tunnelblick includes the latest versions of OpenVPN to allow testing and finding problems such as this so that VPN users have time to deal with them. Tunnelblick also includes older, supported versions of OpenVPN to allow VPNs that require them (such as the VPN you are using) to continue to work.

At some point Tunnelblick will include only OpenVPN 2.4 or higher; you would then be stuck with using an old version of Tunnelblick, which might not work on newer versions of macOS and could be vulnerable to attack.

Reply all

Reply to author

Forward

0 new messages