Certificate expired ?
86 views
Skip to first unread message
Nicolas Hyla
Jan 14, 2025, 5:54:22 AM1/14/25
to tunnelblick-discuss
Hello,
I don't understand why he tell me that my certificate is expired but the only certificate i had on my config is ok till end of 2046^^
*Tunnelblick: macOS 13.2.1 (22D68); Tunnelblick 3.8.8d (build 5779); Admin user
git commit 85e5c2eda41b9d2367be4e51c90a649ffef3f887 + uncommitted changes:
?? ../third_party/sources/IOUserEthernetController.h
The Tunnelblick.app process is not being translated (arm64)
System Integrity Protection is enabled
Model: MacBookPro17,1
Configuration sodaco
"Sanitized" condensed configuration file for /Library/Application Support/Tunnelblick/Shared/sodaco.tblk:
dev tap
verb 5
dev-type tap
ping-timer-rem
proto tcp-client
cipher CHACHA20-POLY1305
auth SHA384
tls-auth tls-auth.unknown 1
tls-client
client
nobind
remote 85.234.213.196 65443
remote-cert-tls server
ca ca.crt
cert user.crt
key user.key
auth-user-pass
================================================================================
Files in sodaco.tblk:
Contents/Resources/ca.crt
Contents/Resources/use….key
Contents/Resources/use….crt
Contents/Resources/config.ovpn
Contents/Resources/tls….unknown
================================================================================
Tunnelblick Kext Policy Data:
net.tunnelblick.tap|Z2SG5H3HC8|Jonathan Bullard|1|1
net.tunnelblick.tun|Z2SG5H3HC8|Jonathan Bullard|1|1
================================================================================
Configuration preferences:
-keychainHasUsernameAndPassword = 1
-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
-loginWindowSecurityTokenCheckboxIsChecked = 0
-lastConnectionSucceeded = 0
================================================================================
Wildcard preferences:
-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
================================================================================
Program preferences:
launchAtNextLogin = 1
tunnelblickVersionHistory = (
"3.8.8d (build 5779)"
)
lastLaunchTime = 757346010.3459311
lastLanguageAtLaunchWasRTL = 0
connectionWindowDisplayCriteria = showWhenConnecting
maxLogDisplaySize = 102400
lastConnectedDisplayName = sodaco
keyboardShortcutIndex = 1
updateCheckAutomatically = 0
NSWindow Frame SettingsSheetWindow = 312 127 829 548 0 0 1440 875
NSWindow Frame ConnectingWindow = 525 512 389 217 0 0 1440 875
NSWindow Frame ListingWindow = 346 323 500 428 0 0 1440 875
detailsWindowFrameVersion = 5779
detailsWindowFrame = {{81, 334}, {920, 522}}
detailsWindowLeftFrame = {{0, 0}, {167, 402}}
detailsWindowViewIndex = 0
detailsWindowConfigurationsTabIdentifier = log
leftNavSelectedDisplayName = sodaco
AdvancedWindowTabIdentifier = vpnCredentials
haveDealtWithOldTunTapPreferences = 1
haveDealtWithAlwaysShowLoginWindow = 1
haveDealtWithOldLoginItem = 1
haveDealtWithAfterDisconnect = 1
SUEnableAutomaticChecks = 0
SUScheduledCheckInterval = 86400
SUHasLaunchedBefore = 1
================================================================================
Forced preferences:
(None)
================================================================================
Deployed forced preferences:
(None)
================================================================================
Tunnelblick Log:
2025-01-14 11:51:43.651775 *Tunnelblick: macOS 13.2.1 (22D68); Tunnelblick 3.8.8d (build 5779)
2025-01-14 11:51:43.972127 *Tunnelblick: Attempting connection with sodaco; Set nameserver = 769; monitoring connection
2025-01-14 11:51:43.973572 *Tunnelblick: openvpnstart start sodaco.tblk 54014 769 0 3 0 34652530 -ptADGNWradsgnw 2.5.9-openssl-1.1.1v <password>
2025-01-14 11:51:44.003096 *Tunnelblick: openvpnstart starting OpenVPN
2025-01-14 11:51:45.299455 DEPRECATED OPTION: --cipher set to 'CHACHA20-POLY1305' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'CHACHA20-POLY1305' to --data-ciphers or change --cipher 'CHACHA20-POLY1305' to --data-ciphers-fallback 'CHACHA20-POLY1305' to silence this warning.
2025-01-14 11:51:45.300074 OpenVPN 2.5.9 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Aug 4 2023
2025-01-14 11:51:45.300144 library versions: OpenSSL 1.1.1v 1 Aug 2023, LZO 2.10
2025-01-14 11:51:45.302480 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:54014
2025-01-14 11:51:45.303473 Need hold release from management interface, waiting...
2025-01-14 11:51:46.522533 *Tunnelblick: openvpnstart log:
The system reported that the tap kext was loaded successfully
OpenVPN started successfully.
Command used to start OpenVPN (one argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.5.9-openssl-1.1.1v/openvpn
--daemon
--log /Library/Application Support/Tunnelblick/Logs/-SLibrary-SApplication Support-STunnelblick-SShared-Ssodaco.tblk-SContents-SResources-Sconfig.ovpn.769_0_3_0_34652530.54014.openvpn.log
--cd /Library/Application Support/Tunnelblick/Shared/sodaco.tblk/Contents/Resources
--machine-readable-output
--setenv IV_GUI_VER "net.tunnelblick.tunnelblick 5779 3.8.8d (build 5779)"
--verb 3
--config /Library/Application Support/Tunnelblick/Shared/sodaco.tblk/Contents/Resources/config.ovpn
--setenv TUNNELBLICK_CONFIG_FOLDER /Library/Application Support/Tunnelblick/Shared/sodaco.tblk/Contents/Resources
--verb 3
--cd /Library/Application Support/Tunnelblick/Shared/sodaco.tblk/Contents/Resources
--management 127.0.0.1 54014 /Library/Application Support/Tunnelblick/Mips/sodaco.tblk.mip
--management-query-passwords
--management-hold
--script-security 2
--route-up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -a -d -f -m -w -ptADGNWradsgnw
--down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -a -d -f -m -w -ptADGNWradsgnw
--route-pre-down /Applications/Tunnelblick.app/Contents/Resources/client.route-pre-down.tunnelblick.sh -9 -a -d -f -m -w -ptADGNWradsgnw
2025-01-14 11:51:46.543638 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:54014
2025-01-14 11:51:46.577017 MANAGEMENT: CMD 'pid'
2025-01-14 11:51:46.577130 MANAGEMENT: CMD 'auth-retry interact'
2025-01-14 11:51:46.577189 MANAGEMENT: CMD 'state on'
2025-01-14 11:51:46.577240 MANAGEMENT: CMD 'state'
2025-01-14 11:51:46.577473 MANAGEMENT: CMD 'bytecount 1'
2025-01-14 11:51:46.578502 *Tunnelblick: Established communication with OpenVPN
2025-01-14 11:51:46.617534 *Tunnelblick: >INFO:OpenVPN Management Interface Version 3 -- type 'help' for more info
2025-01-14 11:51:46.620441 MANAGEMENT: CMD 'hold release'
2025-01-14 11:51:46.973021 *Tunnelblick: Obtained VPN username and password from the Keychain
2025-01-14 11:51:46.975205 MANAGEMENT: CMD 'username "Auth" "nicolas"'
2025-01-14 11:51:46.975294 MANAGEMENT: CMD 'password [...]'
2025-01-14 11:51:46.976569 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2025-01-14 11:51:46.982965 WARNING: Your certificate has expired!
2025-01-14 11:51:46.983504 Outgoing Control Channel Authentication: Using 384 bit message hash 'SHA384' for HMAC authentication
2025-01-14 11:51:46.983523 Incoming Control Channel Authentication: Using 384 bit message hash 'SHA384' for HMAC authentication
2025-01-14 11:51:46.994815 TCP/UDP: Preserving recently used remote address: [AF_INET]85.234.213.196:65443
2025-01-14 11:51:46.995015 Socket Buffers: R=[131072->131072] S=[131072->131072]
2025-01-14 11:51:46.995036 Attempting to establish TCP connection with [AF_INET]85.234.213.196:65443 [nonblock]
2025-01-14 11:51:46.995057 MANAGEMENT: >STATE:1736851906,TCP_CONNECT,,,,,,
2025-01-14 11:51:47.072199 TCP connection established with [AF_INET]85.234.213.196:65443
2025-01-14 11:51:47.072263 TCP_CLIENT link local: (not bound)
2025-01-14 11:51:47.072281 TCP_CLIENT link remote: [AF_INET]85.234.213.196:65443
2025-01-14 11:51:47.072316 MANAGEMENT: >STATE:1736851907,WAIT,,,,,,
2025-01-14 11:51:47.123766 MANAGEMENT: >STATE:1736851907,AUTH,,,,,,
2025-01-14 11:51:47.124142 TLS: Initial packet from [AF_INET]85.234.213.196:65443, sid=312f22f4 a08156d6
2025-01-14 11:51:47.124554 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2025-01-14 11:51:47.290740 VERIFY OK: depth=1, C=BE, ST=BXL, L=Bruxelles, O=SODACO, emailAddress=in...@sodaco.be, CN=Sodaco RootCA
2025-01-14 11:51:47.293979 VERIFY KU OK
2025-01-14 11:51:47.294135 Validating certificate extended key usage
2025-01-14 11:51:47.294166 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2025-01-14 11:51:47.294193 VERIFY EKU OK
2025-01-14 11:51:47.294220 VERIFY OK: depth=0, C=BE, ST=BXL, L=Bruxelles, O=SODACO, emailAddress=in...@sodaco.be, CN=vpn01.sodaco.be
2025-01-14 11:51:47.328195 *Tunnelblick: Disconnecting using 'kill'
2025-01-14 11:51:47.367298 event_wait : Interrupted system call (code=4)
2025-01-14 11:51:47.370349 SIGTERM[hard,] received, process exiting
2025-01-14 11:51:47.370447 MANAGEMENT: >STATE:1736851907,EXITING,SIGTERM,,,,,
2025-01-14 11:51:50.698636 *Tunnelblick: Expected disconnection occurred.
================================================================================
Down log:
00:16:00 *Tunnelblick: **********************************************
00:16:00 *Tunnelblick: Start of output from client.down.tunnelblick.sh
00:16:00 *Tunnelblick: Cancelled monitoring system configuration changes
00:16:00 *Tunnelblick: Restored State:DNS
00:16:00 *Tunnelblick: Removed Setup:DNS
00:16:00 *Tunnelblick: Removed State:SMB
00:16:00 *Tunnelblick: Restored DNS and SMB settings
00:16:00 *Tunnelblick: Flushed the DNS cache with dscacheutil -flushcache
00:16:00 *Tunnelblick: Notified mDNSResponder that the DNS cache was flushed
00:16:00 *Tunnelblick: End of output from client.down.tunnelblick.sh
00:16:00 *Tunnelblick: **********************************************
================================================================================
Previous down log:
00:15:54 *Tunnelblick: **********************************************
00:15:54 *Tunnelblick: Start of output from client.down.tunnelblick.sh
00:15:54 *Tunnelblick: Cancelled monitoring system configuration changes
00:15:54 *Tunnelblick: Restored State:DNS
00:15:54 *Tunnelblick: Removed Setup:DNS
00:15:54 *Tunnelblick: Removed State:SMB
00:15:54 *Tunnelblick: Restored DNS and SMB settings
00:15:54 *Tunnelblick: Flushed the DNS cache with dscacheutil -flushcache
00:15:54 *Tunnelblick: Notified mDNSResponder that the DNS cache was flushed
00:15:54 *Tunnelblick: Notified mDNSResponderHelper that the DNS cache was flushed
00:15:54 *Tunnelblick: End of output from client.down.tunnelblick.sh
00:15:54 *Tunnelblick: **********************************************
================================================================================
Network services:
An asterisk (*) denotes that a network service is disabled.
USB 10/100/1000 LAN
Thunderbolt Bridge
Wi-Fi
iPhone
Wi-Fi Power (en0): On
================================================================================
ifconfig output:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
anpi0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether ae:95:c4:9a:9c:af
inet6 fe80::ac95:c4ff:fe9a:9caf%anpi0 prefixlen 64 scopeid 0x4
nd6 options=201<PERFORMNUD,DAD>
media: 100baseTX <full-duplex>
status: inactive
anpi1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether ae:95:c4:9a:9c:b0
inet6 fe80::ac95:c4ff:fe9a:9cb0%anpi1 prefixlen 64 scopeid 0x5
nd6 options=201<PERFORMNUD,DAD>
media: 100baseTX <full-duplex>
status: inactive
en3: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether ae:95:c4:9a:9c:8f
nd6 options=201<PERFORMNUD,DAD>
media: 100baseTX <full-duplex>
status: inactive
en4: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether ae:95:c4:9a:9c:90
nd6 options=201<PERFORMNUD,DAD>
media: 100baseTX <full-duplex>
status: inactive
en1: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=460<TSO4,TSO6,CHANNEL_IO>
ether 36:75:51:f8:79:00
media: autoselect <full-duplex>
status: inactive
en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=460<TSO4,TSO6,CHANNEL_IO>
ether 36:75:51:f8:79:04
media: autoselect <full-duplex>
status: inactive
ap1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether 3e:06:30:2a:aa:30
media: autoselect
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=6463<RXCSUM,TXCSUM,TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>
ether 3c:06:30:2a:aa:30
inet6 fe80::1495:c608:92b6:c684%en0 prefixlen 64 secured scopeid 0xb
inet 172.20.10.2 netmask 0xfffffff0 broadcast 172.20.10.15
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=63<RXCSUM,TXCSUM,TSO4,TSO6>
ether 36:75:51:f8:79:00
Configuration:
id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
ipfilter disabled flags 0x0
member: en1 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 8 priority 0 path cost 0
member: en2 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 9 priority 0 path cost 0
nd6 options=201<PERFORMNUD,DAD>
media: <unknown type>
status: inactive
awdl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=6463<RXCSUM,TXCSUM,TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>
ether 26:94:17:d2:f6:2f
inet6 fe80::2494:17ff:fed2:f62f%awdl0 prefixlen 64 scopeid 0xd
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
llw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether 26:94:17:d2:f6:2f
inet6 fe80::2494:17ff:fed2:f62f%llw0 prefixlen 64 scopeid 0xe
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: inactive
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
inet6 fe80::387b:3282:e3bb:b503%utun0 prefixlen 64 scopeid 0xf
nd6 options=201<PERFORMNUD,DAD>
utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
inet6 fe80::400a:5cd8:85ef:2207%utun1 prefixlen 64 scopeid 0x10
nd6 options=201<PERFORMNUD,DAD>
utun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1000
inet6 fe80::ce81:b1c:bd2c:69e%utun2 prefixlen 64 scopeid 0x11
nd6 options=201<PERFORMNUD,DAD>
utun3: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
inet6 fe80::355b:b794:3a1a:a523%utun3 prefixlen 64 scopeid 0x14
nd6 options=201<PERFORMNUD,DAD>
utun4: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
inet6 fe80::524e:dc7:1e55:b1de%utun4 prefixlen 64 scopeid 0x15
nd6 options=201<PERFORMNUD,DAD>
================================================================================
Non-Apple kexts that are loaded:
Index Refs Address Size Wired Name (Version) UUID <Linked Against>
================================================================================
Quit Log:
2024-12-30 00:15:58.151132 applicationShouldTerminate: termination because of Quit; delayed until 'shutdownTunnelblick' finishes)
2024-12-30 00:15:58.154681 shutDownTunnelblick: started.
2024-12-30 00:15:58.160795 shutDownTunnelblick: stopping icon animation.
2024-12-30 00:15:58.161529 shutDownTunnelblick: Starting cleanup.
2024-12-30 00:15:58.161850 cleanup: Entering cleanup
2024-12-30 00:15:58.162133 synchronized user defaults
2024-12-30 00:16:03.489184 shutDownTunnelblick: Cleanup finished.
2024-12-30 00:16:03.490970 Finished shutting down Tunnelblick; allowing termination
================================================================================
Traces Log:
================================================================================
Console Log:
git commit 85e5c2eda41b9d2367be4e51c90a649ffef3f887 + uncommitted changes:
?? ../third_party/sources/IOUserEthernetController.h
The Tunnelblick.app process is not being translated (arm64)
System Integrity Protection is enabled
Model: MacBookPro17,1
Configuration sodaco
"Sanitized" condensed configuration file for /Library/Application Support/Tunnelblick/Shared/sodaco.tblk:
dev tap
verb 5
dev-type tap
ping-timer-rem
proto tcp-client
cipher CHACHA20-POLY1305
auth SHA384
tls-auth tls-auth.unknown 1
tls-client
client
nobind
remote 85.234.213.196 65443
remote-cert-tls server
ca ca.crt
cert user.crt
key user.key
auth-user-pass
================================================================================
Files in sodaco.tblk:
Contents/Resources/ca.crt
Contents/Resources/use….key
Contents/Resources/use….crt
Contents/Resources/config.ovpn
Contents/Resources/tls….unknown
================================================================================
Tunnelblick Kext Policy Data:
net.tunnelblick.tap|Z2SG5H3HC8|Jonathan Bullard|1|1
net.tunnelblick.tun|Z2SG5H3HC8|Jonathan Bullard|1|1
================================================================================
Configuration preferences:
-keychainHasUsernameAndPassword = 1
-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
-loginWindowSecurityTokenCheckboxIsChecked = 0
-lastConnectionSucceeded = 0
================================================================================
Wildcard preferences:
-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
================================================================================
Program preferences:
launchAtNextLogin = 1
tunnelblickVersionHistory = (
"3.8.8d (build 5779)"
)
lastLaunchTime = 757346010.3459311
lastLanguageAtLaunchWasRTL = 0
connectionWindowDisplayCriteria = showWhenConnecting
maxLogDisplaySize = 102400
lastConnectedDisplayName = sodaco
keyboardShortcutIndex = 1
updateCheckAutomatically = 0
NSWindow Frame SettingsSheetWindow = 312 127 829 548 0 0 1440 875
NSWindow Frame ConnectingWindow = 525 512 389 217 0 0 1440 875
NSWindow Frame ListingWindow = 346 323 500 428 0 0 1440 875
detailsWindowFrameVersion = 5779
detailsWindowFrame = {{81, 334}, {920, 522}}
detailsWindowLeftFrame = {{0, 0}, {167, 402}}
detailsWindowViewIndex = 0
detailsWindowConfigurationsTabIdentifier = log
leftNavSelectedDisplayName = sodaco
AdvancedWindowTabIdentifier = vpnCredentials
haveDealtWithOldTunTapPreferences = 1
haveDealtWithAlwaysShowLoginWindow = 1
haveDealtWithOldLoginItem = 1
haveDealtWithAfterDisconnect = 1
SUEnableAutomaticChecks = 0
SUScheduledCheckInterval = 86400
SUHasLaunchedBefore = 1
================================================================================
Forced preferences:
(None)
================================================================================
Deployed forced preferences:
(None)
================================================================================
Tunnelblick Log:
2025-01-14 11:51:43.651775 *Tunnelblick: macOS 13.2.1 (22D68); Tunnelblick 3.8.8d (build 5779)
2025-01-14 11:51:43.972127 *Tunnelblick: Attempting connection with sodaco; Set nameserver = 769; monitoring connection
2025-01-14 11:51:43.973572 *Tunnelblick: openvpnstart start sodaco.tblk 54014 769 0 3 0 34652530 -ptADGNWradsgnw 2.5.9-openssl-1.1.1v <password>
2025-01-14 11:51:44.003096 *Tunnelblick: openvpnstart starting OpenVPN
2025-01-14 11:51:45.299455 DEPRECATED OPTION: --cipher set to 'CHACHA20-POLY1305' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'CHACHA20-POLY1305' to --data-ciphers or change --cipher 'CHACHA20-POLY1305' to --data-ciphers-fallback 'CHACHA20-POLY1305' to silence this warning.
2025-01-14 11:51:45.300074 OpenVPN 2.5.9 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Aug 4 2023
2025-01-14 11:51:45.300144 library versions: OpenSSL 1.1.1v 1 Aug 2023, LZO 2.10
2025-01-14 11:51:45.302480 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:54014
2025-01-14 11:51:45.303473 Need hold release from management interface, waiting...
2025-01-14 11:51:46.522533 *Tunnelblick: openvpnstart log:
The system reported that the tap kext was loaded successfully
OpenVPN started successfully.
Command used to start OpenVPN (one argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.5.9-openssl-1.1.1v/openvpn
--daemon
--log /Library/Application Support/Tunnelblick/Logs/-SLibrary-SApplication Support-STunnelblick-SShared-Ssodaco.tblk-SContents-SResources-Sconfig.ovpn.769_0_3_0_34652530.54014.openvpn.log
--cd /Library/Application Support/Tunnelblick/Shared/sodaco.tblk/Contents/Resources
--machine-readable-output
--setenv IV_GUI_VER "net.tunnelblick.tunnelblick 5779 3.8.8d (build 5779)"
--verb 3
--config /Library/Application Support/Tunnelblick/Shared/sodaco.tblk/Contents/Resources/config.ovpn
--setenv TUNNELBLICK_CONFIG_FOLDER /Library/Application Support/Tunnelblick/Shared/sodaco.tblk/Contents/Resources
--verb 3
--cd /Library/Application Support/Tunnelblick/Shared/sodaco.tblk/Contents/Resources
--management 127.0.0.1 54014 /Library/Application Support/Tunnelblick/Mips/sodaco.tblk.mip
--management-query-passwords
--management-hold
--script-security 2
--route-up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -a -d -f -m -w -ptADGNWradsgnw
--down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -a -d -f -m -w -ptADGNWradsgnw
--route-pre-down /Applications/Tunnelblick.app/Contents/Resources/client.route-pre-down.tunnelblick.sh -9 -a -d -f -m -w -ptADGNWradsgnw
2025-01-14 11:51:46.543638 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:54014
2025-01-14 11:51:46.577017 MANAGEMENT: CMD 'pid'
2025-01-14 11:51:46.577130 MANAGEMENT: CMD 'auth-retry interact'
2025-01-14 11:51:46.577189 MANAGEMENT: CMD 'state on'
2025-01-14 11:51:46.577240 MANAGEMENT: CMD 'state'
2025-01-14 11:51:46.577473 MANAGEMENT: CMD 'bytecount 1'
2025-01-14 11:51:46.578502 *Tunnelblick: Established communication with OpenVPN
2025-01-14 11:51:46.617534 *Tunnelblick: >INFO:OpenVPN Management Interface Version 3 -- type 'help' for more info
2025-01-14 11:51:46.620441 MANAGEMENT: CMD 'hold release'
2025-01-14 11:51:46.973021 *Tunnelblick: Obtained VPN username and password from the Keychain
2025-01-14 11:51:46.975205 MANAGEMENT: CMD 'username "Auth" "nicolas"'
2025-01-14 11:51:46.975294 MANAGEMENT: CMD 'password [...]'
2025-01-14 11:51:46.976569 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2025-01-14 11:51:46.982965 WARNING: Your certificate has expired!
2025-01-14 11:51:46.983504 Outgoing Control Channel Authentication: Using 384 bit message hash 'SHA384' for HMAC authentication
2025-01-14 11:51:46.983523 Incoming Control Channel Authentication: Using 384 bit message hash 'SHA384' for HMAC authentication
2025-01-14 11:51:46.994815 TCP/UDP: Preserving recently used remote address: [AF_INET]85.234.213.196:65443
2025-01-14 11:51:46.995015 Socket Buffers: R=[131072->131072] S=[131072->131072]
2025-01-14 11:51:46.995036 Attempting to establish TCP connection with [AF_INET]85.234.213.196:65443 [nonblock]
2025-01-14 11:51:46.995057 MANAGEMENT: >STATE:1736851906,TCP_CONNECT,,,,,,
2025-01-14 11:51:47.072199 TCP connection established with [AF_INET]85.234.213.196:65443
2025-01-14 11:51:47.072263 TCP_CLIENT link local: (not bound)
2025-01-14 11:51:47.072281 TCP_CLIENT link remote: [AF_INET]85.234.213.196:65443
2025-01-14 11:51:47.072316 MANAGEMENT: >STATE:1736851907,WAIT,,,,,,
2025-01-14 11:51:47.123766 MANAGEMENT: >STATE:1736851907,AUTH,,,,,,
2025-01-14 11:51:47.124142 TLS: Initial packet from [AF_INET]85.234.213.196:65443, sid=312f22f4 a08156d6
2025-01-14 11:51:47.124554 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2025-01-14 11:51:47.290740 VERIFY OK: depth=1, C=BE, ST=BXL, L=Bruxelles, O=SODACO, emailAddress=in...@sodaco.be, CN=Sodaco RootCA
2025-01-14 11:51:47.293979 VERIFY KU OK
2025-01-14 11:51:47.294135 Validating certificate extended key usage
2025-01-14 11:51:47.294166 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2025-01-14 11:51:47.294193 VERIFY EKU OK
2025-01-14 11:51:47.294220 VERIFY OK: depth=0, C=BE, ST=BXL, L=Bruxelles, O=SODACO, emailAddress=in...@sodaco.be, CN=vpn01.sodaco.be
2025-01-14 11:51:47.328195 *Tunnelblick: Disconnecting using 'kill'
2025-01-14 11:51:47.367298 event_wait : Interrupted system call (code=4)
2025-01-14 11:51:47.370349 SIGTERM[hard,] received, process exiting
2025-01-14 11:51:47.370447 MANAGEMENT: >STATE:1736851907,EXITING,SIGTERM,,,,,
2025-01-14 11:51:50.698636 *Tunnelblick: Expected disconnection occurred.
================================================================================
Down log:
00:16:00 *Tunnelblick: **********************************************
00:16:00 *Tunnelblick: Start of output from client.down.tunnelblick.sh
00:16:00 *Tunnelblick: Cancelled monitoring system configuration changes
00:16:00 *Tunnelblick: Restored State:DNS
00:16:00 *Tunnelblick: Removed Setup:DNS
00:16:00 *Tunnelblick: Removed State:SMB
00:16:00 *Tunnelblick: Restored DNS and SMB settings
00:16:00 *Tunnelblick: Flushed the DNS cache with dscacheutil -flushcache
00:16:00 *Tunnelblick: Notified mDNSResponder that the DNS cache was flushed
00:16:00 *Tunnelblick: End of output from client.down.tunnelblick.sh
00:16:00 *Tunnelblick: **********************************************
================================================================================
Previous down log:
00:15:54 *Tunnelblick: **********************************************
00:15:54 *Tunnelblick: Start of output from client.down.tunnelblick.sh
00:15:54 *Tunnelblick: Cancelled monitoring system configuration changes
00:15:54 *Tunnelblick: Restored State:DNS
00:15:54 *Tunnelblick: Removed Setup:DNS
00:15:54 *Tunnelblick: Removed State:SMB
00:15:54 *Tunnelblick: Restored DNS and SMB settings
00:15:54 *Tunnelblick: Flushed the DNS cache with dscacheutil -flushcache
00:15:54 *Tunnelblick: Notified mDNSResponder that the DNS cache was flushed
00:15:54 *Tunnelblick: Notified mDNSResponderHelper that the DNS cache was flushed
00:15:54 *Tunnelblick: End of output from client.down.tunnelblick.sh
00:15:54 *Tunnelblick: **********************************************
================================================================================
Network services:
An asterisk (*) denotes that a network service is disabled.
USB 10/100/1000 LAN
Thunderbolt Bridge
Wi-Fi
iPhone
Wi-Fi Power (en0): On
================================================================================
ifconfig output:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
anpi0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether ae:95:c4:9a:9c:af
inet6 fe80::ac95:c4ff:fe9a:9caf%anpi0 prefixlen 64 scopeid 0x4
nd6 options=201<PERFORMNUD,DAD>
media: 100baseTX <full-duplex>
status: inactive
anpi1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether ae:95:c4:9a:9c:b0
inet6 fe80::ac95:c4ff:fe9a:9cb0%anpi1 prefixlen 64 scopeid 0x5
nd6 options=201<PERFORMNUD,DAD>
media: 100baseTX <full-duplex>
status: inactive
en3: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether ae:95:c4:9a:9c:8f
nd6 options=201<PERFORMNUD,DAD>
media: 100baseTX <full-duplex>
status: inactive
en4: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether ae:95:c4:9a:9c:90
nd6 options=201<PERFORMNUD,DAD>
media: 100baseTX <full-duplex>
status: inactive
en1: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=460<TSO4,TSO6,CHANNEL_IO>
ether 36:75:51:f8:79:00
media: autoselect <full-duplex>
status: inactive
en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=460<TSO4,TSO6,CHANNEL_IO>
ether 36:75:51:f8:79:04
media: autoselect <full-duplex>
status: inactive
ap1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether 3e:06:30:2a:aa:30
media: autoselect
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=6463<RXCSUM,TXCSUM,TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>
ether 3c:06:30:2a:aa:30
inet6 fe80::1495:c608:92b6:c684%en0 prefixlen 64 secured scopeid 0xb
inet 172.20.10.2 netmask 0xfffffff0 broadcast 172.20.10.15
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=63<RXCSUM,TXCSUM,TSO4,TSO6>
ether 36:75:51:f8:79:00
Configuration:
id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
ipfilter disabled flags 0x0
member: en1 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 8 priority 0 path cost 0
member: en2 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 9 priority 0 path cost 0
nd6 options=201<PERFORMNUD,DAD>
media: <unknown type>
status: inactive
awdl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=6463<RXCSUM,TXCSUM,TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>
ether 26:94:17:d2:f6:2f
inet6 fe80::2494:17ff:fed2:f62f%awdl0 prefixlen 64 scopeid 0xd
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
llw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether 26:94:17:d2:f6:2f
inet6 fe80::2494:17ff:fed2:f62f%llw0 prefixlen 64 scopeid 0xe
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: inactive
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
inet6 fe80::387b:3282:e3bb:b503%utun0 prefixlen 64 scopeid 0xf
nd6 options=201<PERFORMNUD,DAD>
utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
inet6 fe80::400a:5cd8:85ef:2207%utun1 prefixlen 64 scopeid 0x10
nd6 options=201<PERFORMNUD,DAD>
utun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1000
inet6 fe80::ce81:b1c:bd2c:69e%utun2 prefixlen 64 scopeid 0x11
nd6 options=201<PERFORMNUD,DAD>
utun3: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
inet6 fe80::355b:b794:3a1a:a523%utun3 prefixlen 64 scopeid 0x14
nd6 options=201<PERFORMNUD,DAD>
utun4: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
inet6 fe80::524e:dc7:1e55:b1de%utun4 prefixlen 64 scopeid 0x15
nd6 options=201<PERFORMNUD,DAD>
================================================================================
Non-Apple kexts that are loaded:
Index Refs Address Size Wired Name (Version) UUID <Linked Against>
================================================================================
Quit Log:
2024-12-30 00:15:58.151132 applicationShouldTerminate: termination because of Quit; delayed until 'shutdownTunnelblick' finishes)
2024-12-30 00:15:58.154681 shutDownTunnelblick: started.
2024-12-30 00:15:58.160795 shutDownTunnelblick: stopping icon animation.
2024-12-30 00:15:58.161529 shutDownTunnelblick: Starting cleanup.
2024-12-30 00:15:58.161850 cleanup: Entering cleanup
2024-12-30 00:15:58.162133 synchronized user defaults
2024-12-30 00:16:03.489184 shutDownTunnelblick: Cleanup finished.
2024-12-30 00:16:03.490970 Finished shutting down Tunnelblick; allowing termination
================================================================================
Traces Log:
================================================================================
Console Log:
Tunnelblick Developer
Jan 14, 2025, 7:58:20 AM1/14/25
to tunnelblick-discuss
Thanks for providing the diagnostic info.
It looks like the "expired" description of the problem is wrong. Looking at the log, OpenVPN is saying
2025-01-14 11:51:47.294166 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
which is a different problem. Do an Internet search for "Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication" to get more information about that particular error and how to fix it, and/or consult sources of help from OpenVPN. (Note that the error comes from OpenVPN, not Tunnelblick.)
Nicolas Hyla
Jan 19, 2025, 6:47:40 PM1/19/25
to tunnelblick-discuss
I don't find the solution on the web, if someone have an idea. thank's for the work.
Have a nice day
Reply all
Reply to author
Forward
Message has been deleted
0 new messages