Re-connection loop due to DNS leakage on latest tunnelblick on macOS 26.2?

2 views

Skip to first unread message

theresa mic-snare

unread,

2:42 PM (2 hours ago) 2:42 PM

to tunnelblick-discuss

Hello dear community,

I've noticed a problem recently with the latest macOS release, 26.2

The funny thing is that in December the exact same config was already successfully working, so I assume it has to have something to do with the macOS release since the Tunnelblick release and config wasn't touched since then.

Short description of the problem:

When I click on connect, it will say for a split second "successfully connected" or "authenticated" and then tries to immediately reconnect.

The only error messages that I can see is that
"Warning: could not obtain a list of DNS addresses that are expected"

and

"Tunnelblick: Warning: DNS server Address 208.67.220.220 is a known public DNS server but is not being routed through the VPN"

Does anyone know what could possibly be causing this problem? Or has anyone experienced something similar?

I know this sounds silly, but

I was debating this yesterday with chatGPT and the LLM was assuming this has something to do with recent changes in macOS 26.2 release and network stack.

Please find below a log of the diagnostic logs:

*Tunnelblick: macOS 26.2 (25C56); Tunnelblick 8.0 (build 6300); Admin user
git commit ee17945a7cc14b103ce3bd758b282418c799b96c
The Tunnelblick.app process is not being translated (arm64)
System Integrity Protection is enabled
Model: Mac16,12

================================================================================

Configuration bla

"Sanitized" condensed configuration file for /Library/Application Support/Tunnelblick/Shared/bla.tblk:

client
dev tun
proto tcp
remote 194.232.104.3 443
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
ca ca.crt
cert client.crt
key client.key
route-method exe
route-delay 2
remote-cert-tls server
verify-x509-name gtec.bla name
dhcp-option DNS 8.8.8.8
up "gtecdns6fix.sh up"
down "gtecdns6fix.sh down"
script-security 2

================================================================================

Files in bla.tblk:
Contents/Resources/cli….crt
Contents/Resources/ca.crt
Contents/Resources/gtecdns6fix.sh
Contents/Resources/config.ovpn
Contents/Resources/cli….key

================================================================================

Configuration preferences:

useDNS = 1
-authenticateOnConnect = 0 (forced)
-resetPrimaryInterfaceAfterDisconnect = 0
-routeAllTrafficThroughVpn = 0
-useUpInsteadOfRouteUp = 0
-keychainHasPrivateKey = 1
-loadTun =
-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
-keepConnected = 0
-doNotDisableIpv6onTun = 1
-disableNetworkAccessAfterDisconnect = 0
-lastConnectionSucceeded = 1

================================================================================

Wildcard preferences:

-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0

================================================================================

Program preferences:

skipWarningThatIPANotFetchedBeforeConnection = 1
skipWarningThatIPAddressDidNotChangeAfterConnection = 1
launchAtNextLogin = 1
menuIconSet = 3.3.TBMenuIcons
tunnelblickVersionHistory = (
"8.0 (build 6300)"
)
lastLaunchTime = 790368066.617944
showConnectedDurations = 1
lastLanguageAtLaunchWasRTL = 0
connectionWindowDisplayCriteria = showWhenConnecting
maxLogDisplaySize = 102400
lastConnectedDisplayName = bla
keyboardShortcutIndex = 1
updateCheckAutomatically = 1
NSWindow Frame SettingsSheetWindow = 377 124 829 548 0 0 1470 923
NSWindow Frame ConnectingWindow = 540 529 389 217 0 0 1470 923
NSWindow Frame ListingWindow = 357 358 500 428 0 0 1470 923
detailsWindowFrameVersion = 6300
detailsWindowFrame = {{115, 216}, {920, 522}}
detailsWindowLeftFrame = {{0, 0}, {167, 402}}
detailsWindowViewIndex = 0
detailsWindowConfigurationsTabIdentifier = settings
leftNavOutlineViewExpandedDisplayNames = (
"OpenVPN profile/"
)
leftNavSelectedDisplayName = bla
AdvancedWindowTabIdentifier = connectingAndDisconnecting
haveDealtWithOldTunTapPreferences = 1
haveDealtWithAlwaysShowLoginWindow = 1
haveDealtWithOldLoginItem = 1
haveDealtWithAfterDisconnect = 1
SULastCheckTime = 2026-01-17 18:41:08 +0000

================================================================================

Forced preferences:

{
"bla-authenticateOnConnect" = 0;
}

================================================================================

Deployed forced preferences:

(None)

================================================================================

Tunnelblick Kext Policy Data:

================================================================================

Tunnelblick Log:

2026-01-17 19:48:18.867917 *Tunnelblick: macOS 26.2 (25C56); Tunnelblick 8.0 (build 6300)
2026-01-17 19:48:19.022225 *Tunnelblick: Attempting connection with bla; Set nameserver = 0x00000301; monitoring connection
2026-01-17 19:48:19.022444 *Tunnelblick: openvpnstart start bla.tblk 63954 0x00000301 0 3 0 0x0200c130 -ptADGNWradsgnw 2.6.14-openssl-3.0.16 <password>
2026-01-17 19:48:19.043017 *Tunnelblick: openvpnstart starting OpenVPN
2026-01-17 19:48:19.335691 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2026-01-17 19:48:19.335821 Multiple --down scripts defined. The previously configured script is overridden.
2026-01-17 19:48:19.336989 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2026-01-17 19:48:19.337170 OpenVPN 2.6.14 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD]
2026-01-17 19:48:19.337180 library versions: OpenSSL 3.0.16 11 Feb 2025, LZO 2.10
2026-01-17 19:48:19.338272 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:63954
2026-01-17 19:48:19.338285 Need hold release from management interface, waiting...
2026-01-17 19:48:19.647755 *Tunnelblick: openvpnstart log:
OpenVPN started successfully.
Command used to start OpenVPN (one argument per displayed line):
/Library/Application Support/Tunnelblick/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.6.14-openssl-3.0.16/openvpn
--daemon
--log-append /Library/Application Support/Tunnelblick/Logs/-SLibrary-SApplication Support-STunnelblick-SShared-Sbla.tblk-SContents-SResources-Sconfig.ovpn.769_0_3_0_33603888.63954.openvpn.log
--cd /Library/Application Support/Tunnelblick/Shared/bla.tblk/Contents/Resources
--machine-readable-output
--setenv IV_GUI_VER "net.tunnelblick.tunnelblick 6300 8.0 (build 6300)"
--verb 3
--config /Library/Application Support/Tunnelblick/Shared/bla.tblk/Contents/Resources/config.ovpn
--setenv TUNNELBLICK_CONFIG_FOLDER /Library/Application Support/Tunnelblick/Shared/bla.tblk/Contents/Resources
--verb 3
--cd /Library/Application Support/Tunnelblick/Shared/bla.tblk/Contents/Resources
--management 127.0.0.1 63954 /Library/Application Support/Tunnelblick/Mips/bla.tblk.mip
--setenv IV_SSO webauth,crtext
--management-query-passwords
--management-hold
--script-security 2
--route-up "/Library/Application Support/Tunnelblick/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh" -d -f -m -w -ptADGNWradsgnw
--down "/Library/Application Support/Tunnelblick/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh" -d -f -m -w -ptADGNWradsgnw
2026-01-17 19:48:19.648589 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:50150
2026-01-17 19:48:19.661787 MANAGEMENT: CMD 'pid'
2026-01-17 19:48:19.661854 MANAGEMENT: CMD 'auth-retry interact'
2026-01-17 19:48:19.661877 MANAGEMENT: CMD 'state on'
2026-01-17 19:48:19.661899 MANAGEMENT: CMD 'state'
2026-01-17 19:48:19.661937 MANAGEMENT: CMD 'bytecount 1'
2026-01-17 19:48:19.662240 *Tunnelblick: Established communication with OpenVPN
2026-01-17 19:48:19.663250 *Tunnelblick: >INFO:OpenVPN Management Interface Version 5 -- type 'help' for more info
2026-01-17 19:48:19.663538 MANAGEMENT: CMD 'hold release'
2026-01-17 19:48:19.663687 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2026-01-17 19:48:19.667891 *Tunnelblick: Obtained passphrase from the Keychain
2026-01-17 19:48:19.668175 MANAGEMENT: CMD 'password [...]'
2026-01-17 19:48:19.668220 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2026-01-17 19:48:19.669326 TCP/UDP: Preserving recently used remote address: [AF_INET]194.232.104.3:443
2026-01-17 19:48:19.669362 Socket Buffers: R=[131072->131072] S=[131072->131072]
2026-01-17 19:48:19.669374 Attempting to establish TCP connection with [AF_INET]194.232.104.3:443
2026-01-17 19:48:19.669384 MANAGEMENT: >STATE:1768675699,TCP_CONNECT,,,,,,
2026-01-17 19:48:19.685344 TCP connection established with [AF_INET]194.232.104.3:443
2026-01-17 19:48:19.685366 TCPv4_CLIENT link local: (not bound)
2026-01-17 19:48:19.685376 TCPv4_CLIENT link remote: [AF_INET]194.232.104.3:443
2026-01-17 19:48:19.685412 MANAGEMENT: >STATE:1768675699,WAIT,,,,,,
2026-01-17 19:48:19.704622 MANAGEMENT: >STATE:1768675699,AUTH,,,,,,
2026-01-17 19:48:19.704644 TLS: Initial packet from [AF_INET]194.232.104.3:443, sid=a6183e63 ccc7b725
2026-01-17 19:48:19.732764 VERIFY OK: depth=2, C=AT, O=KBC, OU=bla, CN=RCA
2026-01-17 19:48:19.733415 VERIFY OK: depth=1, C=AT, O=KBC, OU=bla, CN=VAULT
2026-01-17 19:48:19.734055 VERIFY KU OK
2026-01-17 19:48:19.734066 Validating certificate extended key usage
2026-01-17 19:48:19.734073 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2026-01-17 19:48:19.734079 VERIFY EKU OK
2026-01-17 19:48:19.734086 VERIFY X509NAME OK: C=AT, ST=Vienna, L=Vienna, O=KBC, OU=Cyber Defense Center, CN=gtec.bla
2026-01-17 19:48:19.734092 VERIFY OK: depth=0, C=AT, ST=Vienna, L=Vienna, O=KBC, OU=Cyber Defense Center, CN=gtec.bla
2026-01-17 19:48:19.763920 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 256 bits ECprime256v1, signature: ecdsa-with-SHA256, peer temporary key: 253 bits X25519
2026-01-17 19:48:19.763950 [gtec.bla] Peer Connection Initiated with [AF_INET]194.232.104.3:443
2026-01-17 19:48:19.763964 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2026-01-17 19:48:19.763999 TLS: tls_multi_process: initial untrusted session promoted to trusted
2026-01-17 19:48:20.939107 MANAGEMENT: >STATE:1768675700,GET_CONFIG,,,,,,
2026-01-17 19:48:20.939165 SENT CONTROL [gtec.bla]: 'PUSH_REQUEST' (status=1)
2026-01-17 19:48:20.960737 PUSH: Received control message: 'PUSH_REPLY,tun-ipv6,dhcp-option DNS fd00:bla:0:8:9920::1,dhcp-option DOMAIN bla,route-ipv6 fd00:bla::/32,route-ipv6 fd00:1ab::/32,route-gateway 13.37.0.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 fd00:bla:a:0:1::29/64 fd00:bla:0:1::1,ifconfig 13.37.0.229 255.255.0.0,peer-id 54,cipher AES-256-GCM,protocol-flags cc-exit tls-ekm dyn-tls-crypt,tun-mtu 1500'
2026-01-17 19:48:20.960833 OPTIONS IMPORT: --ifconfig/up options modified
2026-01-17 19:48:20.960844 OPTIONS IMPORT: route options modified
2026-01-17 19:48:20.960852 OPTIONS IMPORT: route-related options modified
2026-01-17 19:48:20.960860 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2026-01-17 19:48:20.960866 OPTIONS IMPORT: tun-mtu set to 1500
2026-01-17 19:48:20.960889 GDG6: remote_host_ipv6=n/a
2026-01-17 19:48:20.960940 GDG6: problem writing to routing socket: No such process (errno=3)
2026-01-17 19:48:20.961206 Opened utun device utun4
2026-01-17 19:48:20.961224 MANAGEMENT: >STATE:1768675700,ASSIGN_IP,,13.37.0.229,,,,,fd00:bla:a:0:1::29
2026-01-17 19:48:20.961234 /sbin/ifconfig utun4 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2026-01-17 19:48:20.966873 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2026-01-17 19:48:20.966902 /sbin/ifconfig utun4 13.37.0.229 13.37.0.229 netmask 255.255.0.0 mtu 1500 up
2026-01-17 19:48:20.970198 /sbin/route add -net 13.37.0.0 13.37.0.229 255.255.0.0
add net 13.37.0.0: gateway 13.37.0.229
2026-01-17 19:48:20.975260 /sbin/ifconfig utun4 inet6 fd00:bla:a:0:1::29/64 mtu 1500 up
2026-01-17 19:48:20.983079 add_route_ipv6(fd00:bla:a::/64 -> fd00:bla:a:0:1::29 metric 0) dev utun4
2026-01-17 19:48:20.983152 /sbin/route add -inet6 fd00:bla:a:: -prefixlen 64 -iface utun4
route: writing to routing socket: File exists
add net fd00:bla:a::: gateway utun4: File exists
2026-01-17 19:48:20.987532 gtecdns6fix.sh up utun4 1500 0 13.37.0.229 255.255.0.0 init
2026-01-17 19:48:21.002208 Data Channel: cipher 'AES-256-GCM', peer-id: 54, compression: 'lzo'
2026-01-17 19:48:21.002215 Timers: ping 10, ping-restart 120
2026-01-17 19:48:21.002219 Protocol options: protocol-flags cc-exit tls-ekm dyn-tls-crypt
2026-01-17 19:48:21.037077 Connection reset, restarting [0]
2026-01-17 19:48:21.037499 SIGUSR1[soft,connection-reset] received, process restarting
2026-01-17 19:48:21.037541 MANAGEMENT: >STATE:1768675701,RECONNECTING,connection-reset,,,,,
2026-01-17 19:48:21.183187 *Tunnelblick: Delaying HOLD release for 1.000 seconds
2026-01-17 19:48:22.184524 MANAGEMENT: CMD 'hold release'
2026-01-17 19:48:22.184571 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2026-01-17 19:48:22.184708 TCP/UDP: Preserving recently used remote address: [AF_INET]194.232.104.3:443
2026-01-17 19:48:22.184749 Socket Buffers: R=[131072->131072] S=[131072->131072]
2026-01-17 19:48:22.184761 Attempting to establish TCP connection with [AF_INET]194.232.104.3:443
2026-01-17 19:48:22.184770 MANAGEMENT: >STATE:1768675702,TCP_CONNECT,,,,,,
2026-01-17 19:48:22.295092 TCP connection established with [AF_INET]194.232.104.3:443
2026-01-17 19:48:22.295134 TCPv4_CLIENT link local: (not bound)
2026-01-17 19:48:22.295148 TCPv4_CLIENT link remote: [AF_INET]194.232.104.3:443
2026-01-17 19:48:22.295196 MANAGEMENT: >STATE:1768675702,WAIT,,,,,,
2026-01-17 19:48:22.319427 MANAGEMENT: >STATE:1768675702,AUTH,,,,,,
2026-01-17 19:48:22.319456 TLS: Initial packet from [AF_INET]194.232.104.3:443, sid=896ec1d4 496fb8a7
2026-01-17 19:48:22.462138 VERIFY OK: depth=2, C=AT, O=KBC, OU=bla, CN=RCA
2026-01-17 19:48:22.462867 VERIFY OK: depth=1, C=AT, O=KBC, OU=bla, CN=VAULT
2026-01-17 19:48:22.463593 VERIFY KU OK
2026-01-17 19:48:22.463607 Validating certificate extended key usage
2026-01-17 19:48:22.463615 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2026-01-17 19:48:22.463620 VERIFY EKU OK
2026-01-17 19:48:22.463625 VERIFY X509NAME OK: C=AT, ST=Vienna, L=Vienna, O=KBC, OU=Cyber Defense Center, CN=gtec.bla
2026-01-17 19:48:22.463630 VERIFY OK: depth=0, C=AT, ST=Vienna, L=Vienna, O=KBC, OU=Cyber Defense Center, CN=gtec.bla
2026-01-17 19:48:22.503098 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 256 bits ECprime256v1, signature: ecdsa-with-SHA256, peer temporary key: 253 bits X25519
2026-01-17 19:48:22.503123 [gtec.bla] Peer Connection Initiated with [AF_INET]194.232.104.3:443
2026-01-17 19:48:22.503135 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2026-01-17 19:48:22.503170 TLS: tls_multi_process: initial untrusted session promoted to trusted
2026-01-17 19:48:22.965129 PUSH: Received control message: 'PUSH_REPLY,tun-ipv6,dhcp-option DNS fd00:bla:0:8:9920::1,dhcp-option DOMAIN bla,route-ipv6 fd00:bla::/32,route-ipv6 fd00:1ab::/32,route-gateway 13.37.0.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 fd00:bla:a:0:1::29/64 fd00:bla:0:1::1,ifconfig 13.37.0.229 255.255.0.0,peer-id 54,cipher AES-256-GCM,protocol-flags cc-exit tls-ekm dyn-tls-crypt,tun-mtu 1500'
2026-01-17 19:48:22.965192 OPTIONS IMPORT: --ifconfig/up options modified
2026-01-17 19:48:22.965200 OPTIONS IMPORT: route options modified
2026-01-17 19:48:22.965208 OPTIONS IMPORT: route-related options modified
2026-01-17 19:48:22.965215 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2026-01-17 19:48:22.965227 OPTIONS IMPORT: tun-mtu set to 1500
2026-01-17 19:48:22.965233 Preserving previous TUN/TAP instance: utun4
2026-01-17 19:48:22.965351 Initialization Sequence Completed
2026-01-17 19:48:22.965375 MANAGEMENT: >STATE:1768675702,CONNECTED,SUCCESS,13.37.0.229,194.232.104.3,443,192.168.1.234,50159,fd00:bla:a:0:1::29
2026-01-17 19:48:22.965386 Data Channel: cipher 'AES-256-GCM', peer-id: 54, compression: 'lzo'
2026-01-17 19:48:22.965392 Timers: ping 10, ping-restart 120
2026-01-17 19:48:22.965398 Protocol options: protocol-flags cc-exit tls-ekm dyn-tls-crypt
2026-01-17 19:48:24.079360 *Tunnelblick: Warning: Could not obtain a list of DNS addresses that are expected
2026-01-17 19:48:24.134817 Connection reset, restarting [0]
2026-01-17 19:48:24.135157 SIGUSR1[soft,connection-reset] received, process restarting
2026-01-17 19:48:24.135185 MANAGEMENT: >STATE:1768675704,RECONNECTING,connection-reset,,,,,
2026-01-17 19:48:24.284107 *Tunnelblick: Delaying HOLD release for 1.000 seconds
2026-01-17 19:48:24.286055 *Tunnelblick: Routing info stdout:
route to: 208.67.220.220
destination: default
mask: default
gateway: 192.168.1.1
interface: en0
flags: <UP,GATEWAY,DONE,STATIC,PRCLONING,GLOBAL>
recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire
0 0 0 0 0 0 1500 0
stderr:

2026-01-17 19:48:24.286193 *Tunnelblick: Warning: DNS server Address 208.67.220.220 is a known public DNS server but is not being routed through the VPN
2026-01-17 19:48:25.285516 MANAGEMENT: CMD 'hold release'
2026-01-17 19:48:25.285605 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2026-01-17 19:48:25.285797 TCP/UDP: Preserving recently used remote address: [AF_INET]194.232.104.3:443
2026-01-17 19:48:25.285857 Socket Buffers: R=[131072->131072] S=[131072->131072]
2026-01-17 19:48:25.285868 Attempting to establish TCP connection with [AF_INET]194.232.104.3:443
2026-01-17 19:48:25.285877 MANAGEMENT: >STATE:1768675705,TCP_CONNECT,,,,,,
2026-01-17 19:48:25.299146 TCP connection established with [AF_INET]194.232.104.3:443
2026-01-17 19:48:25.299204 TCPv4_CLIENT link local: (not bound)
2026-01-17 19:48:25.299223 TCPv4_CLIENT link remote: [AF_INET]194.232.104.3:443
2026-01-17 19:48:25.299300 MANAGEMENT: >STATE:1768675705,WAIT,,,,,,
2026-01-17 19:48:25.321545 MANAGEMENT: >STATE:1768675705,AUTH,,,,,,
2026-01-17 19:48:25.321657 TLS: Initial packet from [AF_INET]194.232.104.3:443, sid=36c3f5a2 73f957cc
2026-01-17 19:48:25.344953 VERIFY OK: depth=2, C=AT, O=KBC, OU=bla, CN=RCA
2026-01-17 19:48:25.346531 VERIFY OK: depth=1, C=AT, O=KBC, OU=bla, CN=VAULT
2026-01-17 19:48:25.348042 VERIFY KU OK
2026-01-17 19:48:25.348073 Validating certificate extended key usage
2026-01-17 19:48:25.348090 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2026-01-17 19:48:25.348107 VERIFY EKU OK
2026-01-17 19:48:25.348118 VERIFY X509NAME OK: C=AT, ST=Vienna, L=Vienna, O=KBC, OU=Cyber Defense Center, CN=gtec.bla
2026-01-17 19:48:25.348129 VERIFY OK: depth=0, C=AT, ST=Vienna, L=Vienna, O=KBC, OU=Cyber Defense Center, CN=gtec.bla
2026-01-17 19:48:25.386102 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 256 bits ECprime256v1, signature: ecdsa-with-SHA256, peer temporary key: 253 bits X25519
2026-01-17 19:48:25.386189 [gtec.bla] Peer Connection Initiated with [AF_INET]194.232.104.3:443
2026-01-17 19:48:25.386219 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2026-01-17 19:48:25.386307 TLS: tls_multi_process: initial untrusted session promoted to trusted
2026-01-17 19:48:25.474114 PUSH: Received control message: 'PUSH_REPLY,tun-ipv6,dhcp-option DNS fd00:bla:0:8:9920::1,dhcp-option DOMAIN bla,route-ipv6 fd00:bla::/32,route-ipv6 fd00:1ab::/32,route-gateway 13.37.0.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 fd00:bla:a:0:1::29/64 fd00:bla:0:1::1,ifconfig 13.37.0.229 255.255.0.0,peer-id 54,cipher AES-256-GCM,protocol-flags cc-exit tls-ekm dyn-tls-crypt,tun-mtu 1500'
2026-01-17 19:48:25.474339 OPTIONS IMPORT: --ifconfig/up options modified
2026-01-17 19:48:25.474360 OPTIONS IMPORT: route options modified
2026-01-17 19:48:25.474373 OPTIONS IMPORT: route-related options modified
2026-01-17 19:48:25.474383 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2026-01-17 19:48:25.474395 OPTIONS IMPORT: tun-mtu set to 1500
2026-01-17 19:48:25.474406 Preserving previous TUN/TAP instance: utun4
2026-01-17 19:48:25.474661 Initialization Sequence Completed
2026-01-17 19:48:25.474706 MANAGEMENT: >STATE:1768675705,CONNECTED,SUCCESS,13.37.0.229,194.232.104.3,443,192.168.1.234,50170,fd00:bla:a:0:1::29
2026-01-17 19:48:25.474726 Data Channel: cipher 'AES-256-GCM', peer-id: 54, compression: 'lzo'
2026-01-17 19:48:25.474739 Timers: ping 10, ping-restart 120
2026-01-17 19:48:25.474751 Protocol options: protocol-flags cc-exit tls-ekm dyn-tls-crypt
2026-01-17 19:48:26.603169 *Tunnelblick: Warning: Could not obtain a list of DNS addresses that are expected
2026-01-17 19:48:26.666719 Connection reset, restarting [0]
2026-01-17 19:48:26.667048 SIGUSR1[soft,connection-reset] received, process restarting
2026-01-17 19:48:26.667074 MANAGEMENT: >STATE:1768675706,RECONNECTING,connection-reset,,,,,
2026-01-17 19:48:26.812100 *Tunnelblick: Delaying HOLD release for 1.000 seconds
2026-01-17 19:48:26.814809 *Tunnelblick: Routing info stdout:
route to: 208.67.220.220
destination: default
mask: default
gateway: 192.168.1.1
interface: en0
flags: <UP,GATEWAY,DONE,STATIC,PRCLONING,GLOBAL>
recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire
0 0 0 0 0 0 1500 0
stderr:

2026-01-17 19:48:26.815132 *Tunnelblick: Warning: DNS server Address 208.67.220.220 is a known public DNS server but is not being routed through the VPN
2026-01-17 19:48:27.813233 MANAGEMENT: CMD 'hold release'
2026-01-17 19:48:27.813337 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2026-01-17 19:48:27.813575 TCP/UDP: Preserving recently used remote address: [AF_INET]194.232.104.3:443
2026-01-17 19:48:27.813654 Socket Buffers: R=[131072->131072] S=[131072->131072]
2026-01-17 19:48:27.813675 Attempting to establish TCP connection with [AF_INET]194.232.104.3:443
2026-01-17 19:48:27.813690 MANAGEMENT: >STATE:1768675707,TCP_CONNECT,,,,,,
2026-01-17 19:48:27.838166 TCP connection established with [AF_INET]194.232.104.3:443
2026-01-17 19:48:27.838215 TCPv4_CLIENT link local: (not bound)
2026-01-17 19:48:27.838236 TCPv4_CLIENT link remote: [AF_INET]194.232.104.3:443
2026-01-17 19:48:27.838316 MANAGEMENT: >STATE:1768675707,WAIT,,,,,,
2026-01-17 19:48:27.873197 MANAGEMENT: >STATE:1768675707,AUTH,,,,,,
2026-01-17 19:48:27.873261 TLS: Initial packet from [AF_INET]194.232.104.3:443, sid=df464e44 024fdfef
2026-01-17 19:48:27.918324 VERIFY OK: depth=2, C=AT, O=KBC, OU=bla, CN=RCA
2026-01-17 19:48:27.919828 VERIFY OK: depth=1, C=AT, O=KBC, OU=bla, CN=VAULT
2026-01-17 19:48:27.921338 VERIFY KU OK
2026-01-17 19:48:27.921365 Validating certificate extended key usage
2026-01-17 19:48:27.921378 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2026-01-17 19:48:27.921390 VERIFY EKU OK
2026-01-17 19:48:27.921401 VERIFY X509NAME OK: C=AT, ST=Vienna, L=Vienna, O=KBC, OU=Cyber Defense Center, CN=gtec.bla
2026-01-17 19:48:27.921411 VERIFY OK: depth=0, C=AT, ST=Vienna, L=Vienna, O=KBC, OU=Cyber Defense Center, CN=gtec.bla
2026-01-17 19:48:28.036728 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 256 bits ECprime256v1, signature: ecdsa-with-SHA256, peer temporary key: 253 bits X25519
2026-01-17 19:48:28.036822 [gtec.bla] Peer Connection Initiated with [AF_INET]194.232.104.3:443
2026-01-17 19:48:28.036856 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2026-01-17 19:48:28.036974 TLS: tls_multi_process: initial untrusted session promoted to trusted
2026-01-17 19:48:28.171154 PUSH: Received control message: 'PUSH_REPLY,tun-ipv6,dhcp-option DNS fd00:bla:0:8:9920::1,dhcp-option DOMAIN bla,route-ipv6 fd00:bla::/32,route-ipv6 fd00:1ab::/32,route-gateway 13.37.0.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 fd00:bla:a:0:1::29/64 fd00:bla:0:1::1,ifconfig 13.37.0.229 255.255.0.0,peer-id 54,cipher AES-256-GCM,protocol-flags cc-exit tls-ekm dyn-tls-crypt,tun-mtu 1500'
2026-01-17 19:48:28.171341 OPTIONS IMPORT: --ifconfig/up options modified
2026-01-17 19:48:28.171360 OPTIONS IMPORT: route options modified
2026-01-17 19:48:28.171402 OPTIONS IMPORT: route-related options modified
2026-01-17 19:48:28.171418 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2026-01-17 19:48:28.171429 OPTIONS IMPORT: tun-mtu set to 1500
2026-01-17 19:48:28.171441 Preserving previous TUN/TAP instance: utun4
2026-01-17 19:48:28.171708 Initialization Sequence Completed
2026-01-17 19:48:28.171765 MANAGEMENT: >STATE:1768675708,CONNECTED,SUCCESS,13.37.0.229,194.232.104.3,443,192.168.1.234,50172,fd00:bla:a:0:1::29
2026-01-17 19:48:28.171785 Data Channel: cipher 'AES-256-GCM', peer-id: 54, compression: 'lzo'
2026-01-17 19:48:28.171797 Timers: ping 10, ping-restart 120
2026-01-17 19:48:28.171808 Protocol options: protocol-flags cc-exit tls-ekm dyn-tls-crypt
2026-01-17 19:48:29.291219 *Tunnelblick: Warning: Could not obtain a list of DNS addresses that are expected
2026-01-17 19:48:29.410341 *Tunnelblick: Routing info stdout:
route to: 208.67.220.220
destination: default
mask: default
gateway: 192.168.1.1
interface: en0
flags: <UP,GATEWAY,DONE,STATIC,PRCLONING,GLOBAL>
recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire
0 0 0 0 0 0 1500 0
stderr:

2026-01-17 19:48:29.410819 *Tunnelblick: Warning: DNS server Address 208.67.220.220 is a known public DNS server but is not being routed through the VPN
2026-01-17 19:48:29.523000 *Tunnelblick: Routing info stdout:
route to: 208.67.222.222
destination: default
mask: default
gateway: 192.168.1.1
interface: en0
flags: <UP,GATEWAY,DONE,STATIC,PRCLONING,GLOBAL>
recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire
0 0 0 0 0 0 1500 0
stderr:

2026-01-17 19:48:29.523477 *Tunnelblick: Warning: DNS server Address 208.67.222.222 is a known public DNS server but is not being routed through the VPN
2026-01-17 19:48:29.541107 Connection reset, restarting [0]
2026-01-17 19:48:29.541639 SIGUSR1[soft,connection-reset] received, process restarting
2026-01-17 19:48:29.541695 MANAGEMENT: >STATE:1768675709,RECONNECTING,connection-reset,,,,,
2026-01-17 19:48:29.687610 *Tunnelblick: Delaying HOLD release for 1.000 seconds
2026-01-17 19:48:29.690469 *Tunnelblick: Routing info stdout:
route to: 8.8.4.4
destination: 8.8.4.4
gateway: 192.168.1.1
interface: en0
flags: <UP,GATEWAY,HOST,DONE,WASCLONED,IFSCOPE,IFREF,GLOBAL>
recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire
0 0 0 0 0 0 1500 0
stderr:

2026-01-17 19:48:29.690686 *Tunnelblick: Warning: DNS server Address 8.8.4.4 is a known public DNS server but is not being routed through the VPN
2026-01-17 19:48:30.688928 MANAGEMENT: CMD 'hold release'
2026-01-17 19:48:30.689087 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2026-01-17 19:48:30.689371 TCP/UDP: Preserving recently used remote address: [AF_INET]194.232.104.3:443
2026-01-17 19:48:30.689466 Socket Buffers: R=[131072->131072] S=[131072->131072]
2026-01-17 19:48:30.689489 Attempting to establish TCP connection with [AF_INET]194.232.104.3:443
2026-01-17 19:48:30.689505 MANAGEMENT: >STATE:1768675710,TCP_CONNECT,,,,,,
2026-01-17 19:48:30.728439 TCP connection established with [AF_INET]194.232.104.3:443
2026-01-17 19:48:30.728519 TCPv4_CLIENT link local: (not bound)
2026-01-17 19:48:30.728542 TCPv4_CLIENT link remote: [AF_INET]194.232.104.3:443
2026-01-17 19:48:30.728642 MANAGEMENT: >STATE:1768675710,WAIT,,,,,,
2026-01-17 19:48:30.773113 MANAGEMENT: >STATE:1768675710,AUTH,,,,,,
2026-01-17 19:48:30.773222 TLS: Initial packet from [AF_INET]194.232.104.3:443, sid=bb6a9d03 e85f97a5
2026-01-17 19:48:30.817130 VERIFY OK: depth=2, C=AT, O=KBC, OU=bla, CN=RCA
2026-01-17 19:48:30.818675 VERIFY OK: depth=1, C=AT, O=KBC, OU=bla, CN=VAULT
2026-01-17 19:48:30.820190 VERIFY KU OK
2026-01-17 19:48:30.820216 Validating certificate extended key usage
2026-01-17 19:48:30.820229 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2026-01-17 19:48:30.820239 VERIFY EKU OK
2026-01-17 19:48:30.820250 VERIFY X509NAME OK: C=AT, ST=Vienna, L=Vienna, O=KBC, OU=Cyber Defense Center, CN=gtec.bla
2026-01-17 19:48:30.820260 VERIFY OK: depth=0, C=AT, ST=Vienna, L=Vienna, O=KBC, OU=Cyber Defense Center, CN=gtec.bla
2026-01-17 19:48:30.910286 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 256 bits ECprime256v1, signature: ecdsa-with-SHA256, peer temporary key: 253 bits X25519
2026-01-17 19:48:30.910363 [gtec.bla] Peer Connection Initiated with [AF_INET]194.232.104.3:443
2026-01-17 19:48:30.910390 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2026-01-17 19:48:30.910480 TLS: tls_multi_process: initial untrusted session promoted to trusted
2026-01-17 19:48:31.036407 MANAGEMENT: >STATE:1768675711,GET_CONFIG,,,,,,
2026-01-17 19:48:31.036505 SENT CONTROL [gtec.bla]: 'PUSH_REQUEST' (status=1)
2026-01-17 19:48:31.036587 PUSH: Received control message: 'PUSH_REPLY,tun-ipv6,dhcp-option DNS fd00:bla:0:8:9920::1,dhcp-option DOMAIN bla,route-ipv6 fd00:bla::/32,route-ipv6 fd00:1ab::/32,route-gateway 13.37.0.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 fd00:bla:a:0:1::29/64 fd00:bla:0:1::1,ifconfig 13.37.0.229 255.255.0.0,peer-id 54,cipher AES-256-GCM,protocol-flags cc-exit tls-ekm dyn-tls-crypt,tun-mtu 1500'
2026-01-17 19:48:31.036739 OPTIONS IMPORT: --ifconfig/up options modified
2026-01-17 19:48:31.036755 OPTIONS IMPORT: route options modified
2026-01-17 19:48:31.036766 OPTIONS IMPORT: route-related options modified
2026-01-17 19:48:31.036775 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2026-01-17 19:48:31.036786 OPTIONS IMPORT: tun-mtu set to 1500
2026-01-17 19:48:31.036798 Preserving previous TUN/TAP instance: utun4
2026-01-17 19:48:31.037050 Initialization Sequence Completed
2026-01-17 19:48:31.037116 MANAGEMENT: >STATE:1768675711,CONNECTED,SUCCESS,13.37.0.229,194.232.104.3,443,192.168.1.234,50174,fd00:bla:a:0:1::29
2026-01-17 19:48:31.037136 Data Channel: cipher 'AES-256-GCM', peer-id: 54, compression: 'lzo'
2026-01-17 19:48:31.037183 Timers: ping 10, ping-restart 120
2026-01-17 19:48:31.037196 Protocol options: protocol-flags cc-exit tls-ekm dyn-tls-crypt
2026-01-17 19:48:32.161058 *Tunnelblick: Warning: Could not obtain a list of DNS addresses that are expected
2026-01-17 19:48:32.207855 *Tunnelblick: This computer's apparent public IP address (80.108.3.78) was unchanged after the connection was made
2026-01-17 19:48:32.267407 *Tunnelblick: Routing info stdout:
route to: 208.67.220.220
destination: default
mask: default
gateway: 192.168.1.1
interface: en0
flags: <UP,GATEWAY,DONE,STATIC,PRCLONING,GLOBAL>
recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire
0 0 0 0 0 0 1500 0
stderr:

2026-01-17 19:48:32.267519 *Tunnelblick: Warning: DNS server Address 208.67.220.220 is a known public DNS server but is not being routed through the VPN
2026-01-17 19:48:32.383948 *Tunnelblick: Routing info stdout:
route to: 208.67.222.222
destination: default
mask: default
gateway: 192.168.1.1
interface: en0
flags: <UP,GATEWAY,DONE,STATIC,PRCLONING,GLOBAL>
recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire
0 0 0 0 0 0 1500 0
stderr:

2026-01-17 19:48:32.384285 *Tunnelblick: Warning: DNS server Address 208.67.222.222 is a known public DNS server but is not being routed through the VPN
2026-01-17 19:48:32.430214 Connection reset, restarting [0]
2026-01-17 19:48:32.430753 SIGUSR1[soft,connection-reset] received, process restarting
2026-01-17 19:48:32.430801 MANAGEMENT: >STATE:1768675712,RECONNECTING,connection-reset,,,,,
2026-01-17 19:48:32.582034 *Tunnelblick: Delaying HOLD release for 1.000 seconds
2026-01-17 19:48:32.587952 *Tunnelblick: Routing info stdout:
route to: 8.8.4.4
destination: 8.8.4.4
gateway: 192.168.1.1
interface: en0
flags: <UP,GATEWAY,HOST,DONE,WASCLONED,IFSCOPE,IFREF,GLOBAL>
recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire
0 0 0 0 0 0 1500 0
stderr:

2026-01-17 19:48:32.588173 *Tunnelblick: Warning: DNS server Address 8.8.4.4 is a known public DNS server but is not being routed through the VPN
2026-01-17 19:48:33.583366 MANAGEMENT: CMD 'hold release'
2026-01-17 19:48:33.583524 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2026-01-17 19:48:33.583783 TCP/UDP: Preserving recently used remote address: [AF_INET]194.232.104.3:443
2026-01-17 19:48:33.583879 Socket Buffers: R=[131072->131072] S=[131072->131072]
2026-01-17 19:48:33.583906 Attempting to establish TCP connection with [AF_INET]194.232.104.3:443
2026-01-17 19:48:33.583926 MANAGEMENT: >STATE:1768675713,TCP_CONNECT,,,,,,
2026-01-17 19:48:33.624026 TCP connection established with [AF_INET]194.232.104.3:443
2026-01-17 19:48:33.624092 TCPv4_CLIENT link local: (not bound)
2026-01-17 19:48:33.624116 TCPv4_CLIENT link remote: [AF_INET]194.232.104.3:443
2026-01-17 19:48:33.624225 MANAGEMENT: >STATE:1768675713,WAIT,,,,,,
2026-01-17 19:48:33.671198 MANAGEMENT: >STATE:1768675713,AUTH,,,,,,
2026-01-17 19:48:33.671270 TLS: Initial packet from [AF_INET]194.232.104.3:443, sid=a692f9b3 fd69d685
2026-01-17 19:48:33.711808 VERIFY OK: depth=2, C=AT, O=KBC, OU=bla, CN=RCA
2026-01-17 19:48:33.713341 VERIFY OK: depth=1, C=AT, O=KBC, OU=bla, CN=VAULT
2026-01-17 19:48:33.714878 VERIFY KU OK
2026-01-17 19:48:33.714908 Validating certificate extended key usage
2026-01-17 19:48:33.714924 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2026-01-17 19:48:33.714939 VERIFY EKU OK
2026-01-17 19:48:33.714953 VERIFY X509NAME OK: C=AT, ST=Vienna, L=Vienna, O=KBC, OU=Cyber Defense Center, CN=gtec.bla
2026-01-17 19:48:33.714966 VERIFY OK: depth=0, C=AT, ST=Vienna, L=Vienna, O=KBC, OU=Cyber Defense Center, CN=gtec.bla
2026-01-17 19:48:33.803260 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 256 bits ECprime256v1, signature: ecdsa-with-SHA256, peer temporary key: 253 bits X25519
2026-01-17 19:48:33.803381 [gtec.bla] Peer Connection Initiated with [AF_INET]194.232.104.3:443
2026-01-17 19:48:33.803428 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2026-01-17 19:48:33.803524 TLS: tls_multi_process: initial untrusted session promoted to trusted
2026-01-17 19:48:33.933041 PUSH: Received control message: 'PUSH_REPLY,tun-ipv6,dhcp-option DNS fd00:bla:0:8:9920::1,dhcp-option DOMAIN bla,route-ipv6 fd00:bla::/32,route-ipv6 fd00:1ab::/32,route-gateway 13.37.0.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 fd00:bla:a:0:1::29/64 fd00:bla:0:1::1,ifconfig 13.37.0.229 255.255.0.0,peer-id 54,cipher AES-256-GCM,protocol-flags cc-exit tls-ekm dyn-tls-crypt,tun-mtu 1500'
2026-01-17 19:48:33.933281 OPTIONS IMPORT: --ifconfig/up options modified
2026-01-17 19:48:33.933322 OPTIONS IMPORT: route options modified
2026-01-17 19:48:33.933342 OPTIONS IMPORT: route-related options modified
2026-01-17 19:48:33.933360 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2026-01-17 19:48:33.933377 OPTIONS IMPORT: tun-mtu set to 1500
2026-01-17 19:48:33.933393 Preserving previous TUN/TAP instance: utun4
2026-01-17 19:48:33.933645 Initialization Sequence Completed
2026-01-17 19:48:33.933694 MANAGEMENT: >STATE:1768675713,CONNECTED,SUCCESS,13.37.0.229,194.232.104.3,443,192.168.1.234,50176,fd00:bla:a:0:1::29
2026-01-17 19:48:33.933717 Data Channel: cipher 'AES-256-GCM', peer-id: 54, compression: 'lzo'
2026-01-17 19:48:33.933733 Timers: ping 10, ping-restart 120
2026-01-17 19:48:33.933751 Protocol options: protocol-flags cc-exit tls-ekm dyn-tls-crypt
2026-01-17 19:48:34.889044 *Tunnelblick: This computer's apparent public IP address (80.108.3.78) was unchanged after the connection was made
2026-01-17 19:48:35.054662 *Tunnelblick: Warning: Could not obtain a list of DNS addresses that are expected
2026-01-17 19:48:35.130328 Connection reset, restarting [0]
2026-01-17 19:48:35.130925 SIGUSR1[soft,connection-reset] received, process restarting
2026-01-17 19:48:35.130997 MANAGEMENT: >STATE:1768675715,RECONNECTING,connection-reset,,,,,
2026-01-17 19:48:35.277639 *Tunnelblick: Delaying HOLD release for 1.000 seconds
2026-01-17 19:48:35.280635 *Tunnelblick: Routing info stdout:
route to: 208.67.220.220
destination: default
mask: default
gateway: 192.168.1.1
interface: en0
flags: <UP,GATEWAY,DONE,STATIC,PRCLONING,GLOBAL>
recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire
0 0 0 0 0 0 1500 0
stderr:

2026-01-17 19:48:35.280841 *Tunnelblick: Warning: DNS server Address 208.67.220.220 is a known public DNS server but is not being routed through the VPN
2026-01-17 19:48:36.504866 MANAGEMENT: CMD 'hold release'
2026-01-17 19:48:36.505920 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2026-01-17 19:48:36.506119 TCP/UDP: Preserving recently used remote address: [AF_INET]194.232.104.3:443
2026-01-17 19:48:36.506217 Socket Buffers: R=[131072->131072] S=[131072->131072]
2026-01-17 19:48:36.506239 Attempting to establish TCP connection with [AF_INET]194.232.104.3:443
2026-01-17 19:48:36.506255 MANAGEMENT: >STATE:1768675716,TCP_CONNECT,,,,,,
2026-01-17 19:48:36.527193 TCP connection established with [AF_INET]194.232.104.3:443
2026-01-17 19:48:36.527292 TCPv4_CLIENT link local: (not bound)
2026-01-17 19:48:36.527323 TCPv4_CLIENT link remote: [AF_INET]194.232.104.3:443
2026-01-17 19:48:36.527410 MANAGEMENT: >STATE:1768675716,WAIT,,,,,,
2026-01-17 19:48:36.546366 MANAGEMENT: >STATE:1768675716,AUTH,,,,,,
2026-01-17 19:48:36.546477 TLS: Initial packet from [AF_INET]194.232.104.3:443, sid=d5b2c131 da28347e
2026-01-17 19:48:36.566511 VERIFY OK: depth=2, C=AT, O=KBC, OU=bla, CN=RCA
2026-01-17 19:48:36.567477 VERIFY OK: depth=1, C=AT, O=KBC, OU=bla, CN=VAULT
2026-01-17 19:48:36.568089 VERIFY KU OK
2026-01-17 19:48:36.568111 Validating certificate extended key usage
2026-01-17 19:48:36.568118 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2026-01-17 19:48:36.568123 VERIFY EKU OK
2026-01-17 19:48:36.568128 VERIFY X509NAME OK: C=AT, ST=Vienna, L=Vienna, O=KBC, OU=Cyber Defense Center, CN=gtec.bla
2026-01-17 19:48:36.568133 VERIFY OK: depth=0, C=AT, ST=Vienna, L=Vienna, O=KBC, OU=Cyber Defense Center, CN=gtec.bla
2026-01-17 19:48:36.605206 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 256 bits ECprime256v1, signature: ecdsa-with-SHA256, peer temporary key: 253 bits X25519
2026-01-17 19:48:36.605292 [gtec.bla] Peer Connection Initiated with [AF_INET]194.232.104.3:443
2026-01-17 19:48:36.605320 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2026-01-17 19:48:36.605413 TLS: tls_multi_process: initial untrusted session promoted to trusted
2026-01-17 19:48:36.682697 PUSH: Received control message: 'PUSH_REPLY,tun-ipv6,dhcp-option DNS fd00:bla:0:8:9920::1,dhcp-option DOMAIN bla,route-ipv6 fd00:bla::/32,route-ipv6 fd00:1ab::/32,route-gateway 13.37.0.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 fd00:bla:a:0:1::29/64 fd00:bla:0:1::1,ifconfig 13.37.0.229 255.255.0.0,peer-id 54,cipher AES-256-GCM,protocol-flags cc-exit tls-ekm dyn-tls-crypt,tun-mtu 1500'
2026-01-17 19:48:36.682866 OPTIONS IMPORT: --ifconfig/up options modified
2026-01-17 19:48:36.682883 OPTIONS IMPORT: route options modified
2026-01-17 19:48:36.682892 OPTIONS IMPORT: route-related options modified
2026-01-17 19:48:36.682900 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2026-01-17 19:48:36.682909 OPTIONS IMPORT: tun-mtu set to 1500
2026-01-17 19:48:36.682919 Preserving previous TUN/TAP instance: utun4
2026-01-17 19:48:36.683115 Initialization Sequence Completed
2026-01-17 19:48:36.683146 MANAGEMENT: >STATE:1768675716,CONNECTED,SUCCESS,13.37.0.229,194.232.104.3,443,192.168.1.234,50178,fd00:bla:a:0:1::29
2026-01-17 19:48:36.683161 Data Channel: cipher 'AES-256-GCM', peer-id: 54, compression: 'lzo'
2026-01-17 19:48:36.683170 Timers: ping 10, ping-restart 120
2026-01-17 19:48:36.683179 Protocol options: protocol-flags cc-exit tls-ekm dyn-tls-crypt
2026-01-17 19:48:37.572763 *Tunnelblick: This computer's apparent public IP address (80.108.3.78) was unchanged after the connection was made
2026-01-17 19:48:37.805315 *Tunnelblick: Warning: Could not obtain a list of DNS addresses that are expected
2026-01-17 19:48:37.853813 Connection reset, restarting [0]
2026-01-17 19:48:37.854226 SIGUSR1[soft,connection-reset] received, process restarting
2026-01-17 19:48:37.854294 MANAGEMENT: >STATE:1768675717,RECONNECTING,connection-reset,,,,,
2026-01-17 19:48:37.998642 *Tunnelblick: Delaying HOLD release for 1.000 seconds
2026-01-17 19:48:38.001335 *Tunnelblick: Routing info stdout:
route to: 208.67.220.220
destination: default
mask: default
gateway: 192.168.1.1
interface: en0
flags: <UP,GATEWAY,DONE,STATIC,PRCLONING,GLOBAL>
recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire
0 0 0 0 0 0 1500 0
stderr:

2026-01-17 19:48:38.001649 *Tunnelblick: Warning: DNS server Address 208.67.220.220 is a known public DNS server but is not being routed through the VPN
2026-01-17 19:48:39.000367 MANAGEMENT: CMD 'hold release'
2026-01-17 19:48:39.000489 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2026-01-17 19:48:39.000729 TCP/UDP: Preserving recently used remote address: [AF_INET]194.232.104.3:443
2026-01-17 19:48:39.000810 Socket Buffers: R=[131072->131072] S=[131072->131072]
2026-01-17 19:48:39.000839 Attempting to establish TCP connection with [AF_INET]194.232.104.3:443
2026-01-17 19:48:39.000854 MANAGEMENT: >STATE:1768675719,TCP_CONNECT,,,,,,
2026-01-17 19:48:39.019852 TCP connection established with [AF_INET]194.232.104.3:443
2026-01-17 19:48:39.019939 TCPv4_CLIENT link local: (not bound)
2026-01-17 19:48:39.019978 TCPv4_CLIENT link remote: [AF_INET]194.232.104.3:443
2026-01-17 19:48:39.020077 MANAGEMENT: >STATE:1768675719,WAIT,,,,,,
2026-01-17 19:48:39.039925 MANAGEMENT: >STATE:1768675719,AUTH,,,,,,
2026-01-17 19:48:39.039975 TLS: Initial packet from [AF_INET]194.232.104.3:443, sid=8fe91624 feface1e
2026-01-17 19:48:39.064675 VERIFY OK: depth=2, C=AT, O=KBC, OU=bla, CN=RCA
2026-01-17 19:48:39.066150 VERIFY OK: depth=1, C=AT, O=KBC, OU=bla, CN=VAULT
2026-01-17 19:48:39.067279 VERIFY KU OK
2026-01-17 19:48:39.067322 Validating certificate extended key usage
2026-01-17 19:48:39.067334 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2026-01-17 19:48:39.067343 VERIFY EKU OK
2026-01-17 19:48:39.067351 VERIFY X509NAME OK: C=AT, ST=Vienna, L=Vienna, O=KBC, OU=Cyber Defense Center, CN=gtec.bla
2026-01-17 19:48:39.067360 VERIFY OK: depth=0, C=AT, ST=Vienna, L=Vienna, O=KBC, OU=Cyber Defense Center, CN=gtec.bla
2026-01-17 19:48:39.102231 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 256 bits ECprime256v1, signature: ecdsa-with-SHA256, peer temporary key: 253 bits X25519
2026-01-17 19:48:39.102327 [gtec.bla] Peer Connection Initiated with [AF_INET]194.232.104.3:443
2026-01-17 19:48:39.102357 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2026-01-17 19:48:39.102433 TLS: tls_multi_process: initial untrusted session promoted to trusted
2026-01-17 19:48:39.169368 PUSH: Received control message: 'PUSH_REPLY,tun-ipv6,dhcp-option DNS fd00:bla:0:8:9920::1,dhcp-option DOMAIN bla,route-ipv6 fd00:bla::/32,route-ipv6 fd00:1ab::/32,route-gateway 13.37.0.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 fd00:bla:a:0:1::29/64 fd00:bla:0:1::1,ifconfig 13.37.0.229 255.255.0.0,peer-id 54,cipher AES-256-GCM,protocol-flags cc-exit tls-ekm dyn-tls-crypt,tun-mtu 1500'
2026-01-17 19:48:39.169563 OPTIONS IMPORT: --ifconfig/up options modified
2026-01-17 19:48:39.169584 OPTIONS IMPORT: route options modified
2026-01-17 19:48:39.169597 OPTIONS IMPORT: route-related options modified
2026-01-17 19:48:39.169609 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2026-01-17 19:48:39.169622 OPTIONS IMPORT: tun-mtu set to 1500
2026-01-17 19:48:39.169637 Preserving previous TUN/TAP instance: utun4
2026-01-17 19:48:39.169897 Initialization Sequence Completed
2026-01-17 19:48:39.169940 MANAGEMENT: >STATE:1768675719,CONNECTED,SUCCESS,13.37.0.229,194.232.104.3,443,192.168.1.234,50180,fd00:bla:a:0:1::29
2026-01-17 19:48:39.169962 Data Channel: cipher 'AES-256-GCM', peer-id: 54, compression: 'lzo'
2026-01-17 19:48:39.169975 Timers: ping 10, ping-restart 120
2026-01-17 19:48:39.169985 Protocol options: protocol-flags cc-exit tls-ekm dyn-tls-crypt
2026-01-17 19:48:40.292658 *Tunnelblick: Warning: Could not obtain a list of DNS addresses that are expected
2026-01-17 19:48:40.323905 Connection reset, restarting [0]
2026-01-17 19:48:40.324287 SIGUSR1[soft,connection-reset] received, process restarting
2026-01-17 19:48:40.324360 MANAGEMENT: >STATE:1768675720,RECONNECTING,connection-reset,,,,,
2026-01-17 19:48:40.487134 *Tunnelblick: Routing info stdout:
route to: 208.67.220.220
destination: default
mask: default
gateway: 192.168.1.1
interface: en0
flags: <UP,GATEWAY,DONE,STATIC,PRCLONING,GLOBAL>
recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire
0 0 0 0 0 0 1500 0
stderr:

2026-01-17 19:48:40.487316 *Tunnelblick: Warning: DNS server Address 208.67.220.220 is a known public DNS server but is not being routed through the VPN
2026-01-17 19:48:40.487579 *Tunnelblick: Delaying HOLD release for 1.000 seconds
2026-01-17 19:48:41.489045 MANAGEMENT: CMD 'hold release'
2026-01-17 19:48:41.489200 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2026-01-17 19:48:41.489476 TCP/UDP: Preserving recently used remote address: [AF_INET]194.232.104.3:443
2026-01-17 19:48:41.489569 Socket Buffers: R=[131072->131072] S=[131072->131072]
2026-01-17 19:48:41.489591 Attempting to establish TCP connection with [AF_INET]194.232.104.3:443
2026-01-17 19:48:41.489609 MANAGEMENT: >STATE:1768675721,TCP_CONNECT,,,,,,
2026-01-17 19:48:41.504217 TCP connection established with [AF_INET]194.232.104.3:443
2026-01-17 19:48:41.504264 TCPv4_CLIENT link local: (not bound)
2026-01-17 19:48:41.504283 TCPv4_CLIENT link remote: [AF_INET]194.232.104.3:443
2026-01-17 19:48:41.504351 MANAGEMENT: >STATE:1768675721,WAIT,,,,,,
2026-01-17 19:48:41.524290 MANAGEMENT: >STATE:1768675721,AUTH,,,,,,
2026-01-17 19:48:41.524379 TLS: Initial packet from [AF_INET]194.232.104.3:443, sid=280aa324 11d61161
2026-01-17 19:48:41.546828 VERIFY OK: depth=2, C=AT, O=KBC, OU=bla, CN=RCA
2026-01-17 19:48:41.548383 VERIFY OK: depth=1, C=AT, O=KBC, OU=bla, CN=VAULT
2026-01-17 19:48:41.549886 VERIFY KU OK
2026-01-17 19:48:41.549911 Validating certificate extended key usage
2026-01-17 19:48:41.549926 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2026-01-17 19:48:41.549936 VERIFY EKU OK
2026-01-17 19:48:41.549946 VERIFY X509NAME OK: C=AT, ST=Vienna, L=Vienna, O=KBC, OU=Cyber Defense Center, CN=gtec.bla
2026-01-17 19:48:41.549957 VERIFY OK: depth=0, C=AT, ST=Vienna, L=Vienna, O=KBC, OU=Cyber Defense Center, CN=gtec.bla
2026-01-17 19:48:41.583537 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 256 bits ECprime256v1, signature: ecdsa-with-SHA256, peer temporary key: 253 bits X25519
2026-01-17 19:48:41.583623 [gtec.bla] Peer Connection Initiated with [AF_INET]194.232.104.3:443
2026-01-17 19:48:41.583651 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2026-01-17 19:48:41.583721 TLS: tls_multi_process: initial untrusted session promoted to trusted
2026-01-17 19:48:41.652088 PUSH: Received control message: 'PUSH_REPLY,tun-ipv6,dhcp-option DNS fd00:bla:0:8:9920::1,dhcp-option DOMAIN bla,route-ipv6 fd00:bla::/32,route-ipv6 fd00:1ab::/32,route-gateway 13.37.0.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 fd00:bla:a:0:1::29/64 fd00:bla:0:1::1,ifconfig 13.37.0.229 255.255.0.0,peer-id 54,cipher AES-256-GCM,protocol-flags cc-exit tls-ekm dyn-tls-crypt,tun-mtu 1500'
2026-01-17 19:48:41.652260 OPTIONS IMPORT: --ifconfig/up options modified
2026-01-17 19:48:41.652276 OPTIONS IMPORT: route options modified
2026-01-17 19:48:41.652288 OPTIONS IMPORT: route-related options modified
2026-01-17 19:48:41.652298 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2026-01-17 19:48:41.652311 OPTIONS IMPORT: tun-mtu set to 1500
2026-01-17 19:48:41.652321 Preserving previous TUN/TAP instance: utun4
2026-01-17 19:48:41.652574 Initialization Sequence Completed
2026-01-17 19:48:41.652612 MANAGEMENT: >STATE:1768675721,CONNECTED,SUCCESS,13.37.0.229,194.232.104.3,443,192.168.1.234,50182,fd00:bla:a:0:1::29
2026-01-17 19:48:41.652630 Data Channel: cipher 'AES-256-GCM', peer-id: 54, compression: 'lzo'
2026-01-17 19:48:41.652642 Timers: ping 10, ping-restart 120
2026-01-17 19:48:41.652655 Protocol options: protocol-flags cc-exit tls-ekm dyn-tls-crypt
2026-01-17 19:48:42.771123 *Tunnelblick: Warning: Could not obtain a list of DNS addresses that are expected
2026-01-17 19:48:42.817749 Connection reset, restarting [0]
2026-01-17 19:48:42.818143 SIGUSR1[soft,connection-reset] received, process restarting
2026-01-17 19:48:42.818185 MANAGEMENT: >STATE:1768675722,RECONNECTING,connection-reset,,,,,
2026-01-17 19:48:42.964782 *Tunnelblick: Delaying HOLD release for 1.000 seconds
2026-01-17 19:48:42.967625 *Tunnelblick: Routing info stdout:
route to: 208.67.220.220
destination: default
mask: default
gateway: 192.168.1.1
interface: en0
flags: <UP,GATEWAY,DONE,STATIC,PRCLONING,GLOBAL>
recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire
0 0 0 0 0 0 1500 0
stderr:

2026-01-17 19:48:42.967840 *Tunnelblick: Warning: DNS server Address 208.67.220.220 is a known public DNS server but is not being routed through the VPN
2026-01-17 19:48:43.966548 MANAGEMENT: CMD 'hold release'
2026-01-17 19:48:43.966681 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2026-01-17 19:48:43.966919 TCP/UDP: Preserving recently used remote address: [AF_INET]194.232.104.3:443
2026-01-17 19:48:43.967007 Socket Buffers: R=[131072->131072] S=[131072->131072]
2026-01-17 19:48:43.967028 Attempting to establish TCP connection with [AF_INET]194.232.104.3:443
2026-01-17 19:48:43.967044 MANAGEMENT: >STATE:1768675723,TCP_CONNECT,,,,,,
2026-01-17 19:48:43.984355 TCP connection established with [AF_INET]194.232.104.3:443
2026-01-17 19:48:43.984401 TCPv4_CLIENT link local: (not bound)
2026-01-17 19:48:43.984419 TCPv4_CLIENT link remote: [AF_INET]194.232.104.3:443
2026-01-17 19:48:43.984492 MANAGEMENT: >STATE:1768675723,WAIT,,,,,,
2026-01-17 19:48:44.006450 MANAGEMENT: >STATE:1768675724,AUTH,,,,,,
2026-01-17 19:48:44.006530 TLS: Initial packet from [AF_INET]194.232.104.3:443, sid=663b6afe 9fffb7fd
2026-01-17 19:48:44.034650 VERIFY OK: depth=2, C=AT, O=KBC, OU=bla, CN=RCA
2026-01-17 19:48:44.036159 VERIFY OK: depth=1, C=AT, O=KBC, OU=bla, CN=VAULT
2026-01-17 19:48:44.037653 VERIFY KU OK
2026-01-17 19:48:44.037677 Validating certificate extended key usage
2026-01-17 19:48:44.037691 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2026-01-17 19:48:44.037702 VERIFY EKU OK
2026-01-17 19:48:44.037739 VERIFY X509NAME OK: C=AT, ST=Vienna, L=Vienna, O=KBC, OU=Cyber Defense Center, CN=gtec.bla
2026-01-17 19:48:44.037751 VERIFY OK: depth=0, C=AT, ST=Vienna, L=Vienna, O=KBC, OU=Cyber Defense Center, CN=gtec.bla
2026-01-17 19:48:44.074194 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 256 bits ECprime256v1, signature: ecdsa-with-SHA256, peer temporary key: 253 bits X25519
2026-01-17 19:48:44.074291 [gtec.bla] Peer Connection Initiated with [AF_INET]194.232.104.3:443
2026-01-17 19:48:44.074320 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2026-01-17 19:48:44.074406 TLS: tls_multi_process: initial untrusted session promoted to trusted
2026-01-17 19:48:44.148635 PUSH: Received control message: 'PUSH_REPLY,tun-ipv6,dhcp-option DNS fd00:bla:0:8:9920::1,dhcp-option DOMAIN bla,route-ipv6 fd00:bla::/32,route-ipv6 fd00:1ab::/32,route-gateway 13.37.0.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 fd00:bla:a:0:1::29/64 fd00:bla:0:1::1,ifconfig 13.37.0.229 255.255.0.0,peer-id 54,cipher AES-256-GCM,protocol-flags cc-exit tls-ekm dyn-tls-crypt,tun-mtu 1500'
2026-01-17 19:48:44.148827 OPTIONS IMPORT: --ifconfig/up options modified
2026-01-17 19:48:44.148850 OPTIONS IMPORT: route options modified
2026-01-17 19:48:44.148863 OPTIONS IMPORT: route-related options modified
2026-01-17 19:48:44.148873 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2026-01-17 19:48:44.148885 OPTIONS IMPORT: tun-mtu set to 1500
2026-01-17 19:48:44.148895 Preserving previous TUN/TAP instance: utun4
2026-01-17 19:48:44.149126 Initialization Sequence Completed
2026-01-17 19:48:44.149166 MANAGEMENT: >STATE:1768675724,CONNECTED,SUCCESS,13.37.0.229,194.232.104.3,443,192.168.1.234,50183,fd00:bla:a:0:1::29
2026-01-17 19:48:44.149187 Data Channel: cipher 'AES-256-GCM', peer-id: 54, compression: 'lzo'
2026-01-17 19:48:44.149201 Timers: ping 10, ping-restart 120
2026-01-17 19:48:44.149212 Protocol options: protocol-flags cc-exit tls-ekm dyn-tls-crypt
2026-01-17 19:48:45.265614 *Tunnelblick: Warning: Could not obtain a list of DNS addresses that are expected
2026-01-17 19:48:45.345558 Connection reset, restarting [0]
2026-01-17 19:48:45.345955 SIGUSR1[soft,connection-reset] received, process restarting
2026-01-17 19:48:45.346123 MANAGEMENT: >STATE:1768675725,RECONNECTING,connection-reset,,,,,
2026-01-17 19:48:45.492888 *Tunnelblick: Delaying HOLD release for 1.000 seconds
2026-01-17 19:48:45.495278 *Tunnelblick: Routing info stdout:
route to: 208.67.220.220
destination: default
mask: default
gateway: 192.168.1.1
interface: en0
flags: <UP,GATEWAY,DONE,STATIC,PRCLONING,GLOBAL>
recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire
0 0 0 0 0 0 1500 0
stderr:

2026-01-17 19:48:45.495415 *Tunnelblick: Warning: DNS server Address 208.67.220.220 is a known public DNS server but is not being routed through the VPN
2026-01-17 19:48:46.494622 MANAGEMENT: CMD 'hold release'
2026-01-17 19:48:46.494755 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2026-01-17 19:48:46.494997 TCP/UDP: Preserving recently used remote address: [AF_INET]194.232.104.3:443
2026-01-17 19:48:46.495081 Socket Buffers: R=[131072->131072] S=[131072->131072]
2026-01-17 19:48:46.495100 Attempting to establish TCP connection with [AF_INET]194.232.104.3:443
2026-01-17 19:48:46.495117 MANAGEMENT: >STATE:1768675726,TCP_CONNECT,,,,,,
2026-01-17 19:48:46.508960 TCP connection established with [AF_INET]194.232.104.3:443
2026-01-17 19:48:46.509023 TCPv4_CLIENT link local: (not bound)
2026-01-17 19:48:46.509046 TCPv4_CLIENT link remote: [AF_INET]194.232.104.3:443
2026-01-17 19:48:46.509116 MANAGEMENT: >STATE:1768675726,WAIT,,,,,,
2026-01-17 19:48:46.528515 MANAGEMENT: >STATE:1768675726,AUTH,,,,,,
2026-01-17 19:48:46.528621 TLS: Initial packet from [AF_INET]194.232.104.3:443, sid=6a967690 59a9c897
2026-01-17 19:48:46.550533 VERIFY OK: depth=2, C=AT, O=KBC, OU=bla, CN=RCA
2026-01-17 19:48:46.552098 VERIFY OK: depth=1, C=AT, O=KBC, OU=bla, CN=VAULT
2026-01-17 19:48:46.553574 VERIFY KU OK
2026-01-17 19:48:46.553597 Validating certificate extended key usage
2026-01-17 19:48:46.553611 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2026-01-17 19:48:46.553623 VERIFY EKU OK
2026-01-17 19:48:46.553634 VERIFY X509NAME OK: C=AT, ST=Vienna, L=Vienna, O=KBC, OU=Cyber Defense Center, CN=gtec.bla
2026-01-17 19:48:46.553644 VERIFY OK: depth=0, C=AT, ST=Vienna, L=Vienna, O=KBC, OU=Cyber Defense Center, CN=gtec.bla
2026-01-17 19:48:46.594996 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 256 bits ECprime256v1, signature: ecdsa-with-SHA256, peer temporary key: 253 bits X25519
2026-01-17 19:48:46.595071 [gtec.bla] Peer Connection Initiated with [AF_INET]194.232.104.3:443
2026-01-17 19:48:46.595125 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2026-01-17 19:48:46.595203 TLS: tls_multi_process: initial untrusted session promoted to trusted
2026-01-17 19:48:46.661247 PUSH: Received control message: 'PUSH_REPLY,tun-ipv6,dhcp-option DNS fd00:bla:0:8:9920::1,dhcp-option DOMAIN bla,route-ipv6 fd00:bla::/32,route-ipv6 fd00:1ab::/32,route-gateway 13.37.0.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 fd00:bla:a:0:1::29/64 fd00:bla:0:1::1,ifconfig 13.37.0.229 255.255.0.0,peer-id 54,cipher AES-256-GCM,protocol-flags cc-exit tls-ekm dyn-tls-crypt,tun-mtu 1500'
2026-01-17 19:48:46.661410 OPTIONS IMPORT: --ifconfig/up options modified
2026-01-17 19:48:46.661427 OPTIONS IMPORT: route options modified
2026-01-17 19:48:46.661438 OPTIONS IMPORT: route-related options modified
2026-01-17 19:48:46.661450 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2026-01-17 19:48:46.661462 OPTIONS IMPORT: tun-mtu set to 1500
2026-01-17 19:48:46.661476 Preserving previous TUN/TAP instance: utun4
2026-01-17 19:48:46.661712 Initialization Sequence Completed
2026-01-17 19:48:46.661754 MANAGEMENT: >STATE:1768675726,CONNECTED,SUCCESS,13.37.0.229,194.232.104.3,443,192.168.1.234,50184,fd00:bla:a:0:1::29
2026-01-17 19:48:46.661773 Data Channel: cipher 'AES-256-GCM', peer-id: 54, compression: 'lzo'
2026-01-17 19:48:46.661786 Timers: ping 10, ping-restart 120
2026-01-17 19:48:46.661797 Protocol options: protocol-flags cc-exit tls-ekm dyn-tls-crypt
2026-01-17 19:48:47.783364 *Tunnelblick: Warning: Could not obtain a list of DNS addresses that are expected
2026-01-17 19:48:47.841933 Connection reset, restarting [0]
2026-01-17 19:48:47.842367 SIGUSR1[soft,connection-reset] received, process restarting
2026-01-17 19:48:47.842485 MANAGEMENT: >STATE:1768675727,RECONNECTING,connection-reset,,,,,
2026-01-17 19:48:47.988408 *Tunnelblick: Delaying HOLD release for 1.000 seconds
2026-01-17 19:48:47.991640 *Tunnelblick: Routing info stdout:
route to: 208.67.220.220
destination: default
mask: default
gateway: 192.168.1.1
interface: en0
flags: <UP,GATEWAY,DONE,STATIC,PRCLONING,GLOBAL>
recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire
0 0 0 0 0 0 1500 0
stderr:

2026-01-17 19:48:47.991944 *Tunnelblick: Warning: DNS server Address 208.67.220.220 is a known public DNS server but is not being routed through the VPN
2026-01-17 19:48:48.990217 MANAGEMENT: CMD 'hold release'
2026-01-17 19:48:48.990366 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2026-01-17 19:48:48.990621 TCP/UDP: Preserving recently used remote address: [AF_INET]194.232.104.3:443
2026-01-17 19:48:48.990709 Socket Buffers: R=[131072->131072] S=[131072->131072]
2026-01-17 19:48:48.990730 Attempting to establish TCP connection with [AF_INET]194.232.104.3:443
2026-01-17 19:48:48.990747 MANAGEMENT: >STATE:1768675728,TCP_CONNECT,,,,,,
2026-01-17 19:48:49.004232 TCP connection established with [AF_INET]194.232.104.3:443
2026-01-17 19:48:49.004290 TCPv4_CLIENT link local: (not bound)
2026-01-17 19:48:49.004312 TCPv4_CLIENT link remote: [AF_INET]194.232.104.3:443
2026-01-17 19:48:49.004384 MANAGEMENT: >STATE:1768675729,WAIT,,,,,,
2026-01-17 19:48:49.024628 MANAGEMENT: >STATE:1768675729,AUTH,,,,,,
2026-01-17 19:48:49.024706 TLS: Initial packet from [AF_INET]194.232.104.3:443, sid=fbce98bc 9aadc627
2026-01-17 19:48:49.046903 VERIFY OK: depth=2, C=AT, O=KBC, OU=bla, CN=RCA
2026-01-17 19:48:49.048438 VERIFY OK: depth=1, C=AT, O=KBC, OU=bla, CN=VAULT
2026-01-17 19:48:49.049922 VERIFY KU OK
2026-01-17 19:48:49.049956 Validating certificate extended key usage
2026-01-17 19:48:49.049971 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2026-01-17 19:48:49.049982 VERIFY EKU OK
2026-01-17 19:48:49.049992 VERIFY X509NAME OK: C=AT, ST=Vienna, L=Vienna, O=KBC, OU=Cyber Defense Center, CN=gtec.bla
2026-01-17 19:48:49.050002 VERIFY OK: depth=0, C=AT, ST=Vienna, L=Vienna, O=KBC, OU=Cyber Defense Center, CN=gtec.bla
2026-01-17 19:48:49.082963 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 256 bits ECprime256v1, signature: ecdsa-with-SHA256, peer temporary key: 253 bits X25519
2026-01-17 19:48:49.083063 [gtec.bla] Peer Connection Initiated with [AF_INET]194.232.104.3:443
2026-01-17 19:48:49.083093 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2026-01-17 19:48:49.083174 TLS: tls_multi_process: initial untrusted session promoted to trusted
2026-01-17 19:48:49.148814 PUSH: Received control message: 'PUSH_REPLY,tun-ipv6,dhcp-option DNS fd00:bla:0:8:9920::1,dhcp-option DOMAIN bla,route-ipv6 fd00:bla::/32,route-ipv6 fd00:1ab::/32,route-gateway 13.37.0.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 fd00:bla:a:0:1::29/64 fd00:bla:0:1::1,ifconfig 13.37.0.229 255.255.0.0,peer-id 54,cipher AES-256-GCM,protocol-flags cc-exit tls-ekm dyn-tls-crypt,tun-mtu 1500'
2026-01-17 19:48:49.149009 OPTIONS IMPORT: --ifconfig/up options modified
2026-01-17 19:48:49.149027 OPTIONS IMPORT: route options modified
2026-01-17 19:48:49.149038 OPTIONS IMPORT: route-related options modified
2026-01-17 19:48:49.149049 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2026-01-17 19:48:49.149061 OPTIONS IMPORT: tun-mtu set to 1500
2026-01-17 19:48:49.149071 Preserving previous TUN/TAP instance: utun4
2026-01-17 19:48:49.149286 Initialization Sequence Completed
2026-01-17 19:48:49.149323 MANAGEMENT: >STATE:1768675729,CONNECTED,SUCCESS,13.37.0.229,194.232.104.3,443,192.168.1.234,50185,fd00:bla:a:0:1::29
2026-01-17 19:48:49.149341 Data Channel: cipher 'AES-256-GCM', peer-id: 54, compression: 'lzo'
2026-01-17 19:48:49.149353 Timers: ping 10, ping-restart 120
2026-01-17 19:48:49.149365 Protocol options: protocol-flags cc-exit tls-ekm dyn-tls-crypt
2026-01-17 19:48:50.267839 *Tunnelblick: Warning: Could not obtain a list of DNS addresses that are expected
2026-01-17 19:48:50.340351 Connection reset, restarting [0]
2026-01-17 19:48:50.340862 SIGUSR1[soft,connection-reset] received, process restarting
2026-01-17 19:48:50.340965 MANAGEMENT: >STATE:1768675730,RECONNECTING,connection-reset,,,,,
2026-01-17 19:48:50.651639 *Tunnelblick: Routing info stdout:
route to: 208.67.220.220
destination: default
mask: default
gateway: 192.168.1.1
interface: en0
flags: <UP,GATEWAY,DONE,STATIC,PRCLONING,GLOBAL>
recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire
0 0 0 0 0 0 1500 0
stderr:

2026-01-17 19:48:50.651899 *Tunnelblick: Warning: DNS server Address 208.67.220.220 is a known public DNS server but is not being routed through the VPN
2026-01-17 19:48:50.652239 *Tunnelblick: Delaying HOLD release for 1.000 seconds
2026-01-17 19:48:51.654293 MANAGEMENT: CMD 'hold release'
2026-01-17 19:48:51.654439 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2026-01-17 19:48:51.654690 TCP/UDP: Preserving recently used remote address: [AF_INET]194.232.104.3:443
2026-01-17 19:48:51.654791 Socket Buffers: R=[131072->131072] S=[131072->131072]
2026-01-17 19:48:51.654811 Attempting to establish TCP connection with [AF_INET]194.232.104.3:443
2026-01-17 19:48:51.654827 MANAGEMENT: >STATE:1768675731,TCP_CONNECT,,,,,,
2026-01-17 19:48:51.668863 TCP connection established with [AF_INET]194.232.104.3:443
2026-01-17 19:48:51.668947 TCPv4_CLIENT link local: (not bound)
2026-01-17 19:48:51.668973 TCPv4_CLIENT link remote: [AF_INET]194.232.104.3:443
2026-01-17 19:48:51.669065 MANAGEMENT: >STATE:1768675731,WAIT,,,,,,
2026-01-17 19:48:51.687086 MANAGEMENT: >STATE:1768675731,AUTH,,,,,,
2026-01-17 19:48:51.687168 TLS: Initial packet from [AF_INET]194.232.104.3:443, sid=1ff28f09 0cafec3b
2026-01-17 19:48:51.707449 VERIFY OK: depth=2, C=AT, O=KBC, OU=bla, CN=RCA
2026-01-17 19:48:51.708467 VERIFY OK: depth=1, C=AT, O=KBC, OU=bla, CN=VAULT
2026-01-17 19:48:51.709945 VERIFY KU OK
2026-01-17 19:48:51.709973 Validating certificate extended key usage
2026-01-17 19:48:51.709986 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2026-01-17 19:48:51.709997 VERIFY EKU OK
2026-01-17 19:48:51.710008 VERIFY X509NAME OK: C=AT, ST=Vienna, L=Vienna, O=KBC, OU=Cyber Defense Center, CN=gtec.bla
2026-01-17 19:48:51.710019 VERIFY OK: depth=0, C=AT, ST=Vienna, L=Vienna, O=KBC, OU=Cyber Defense Center, CN=gtec.bla
2026-01-17 19:48:51.740616 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 256 bits ECprime256v1, signature: ecdsa-with-SHA256, peer temporary key: 253 bits X25519
2026-01-17 19:48:51.740681 [gtec.bla] Peer Connection Initiated with [AF_INET]194.232.104.3:443
2026-01-17 19:48:51.740705 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2026-01-17 19:48:51.740765 TLS: tls_multi_process: initial untrusted session promoted to trusted
2026-01-17 19:48:51.814690 PUSH: Received control message: 'PUSH_REPLY,tun-ipv6,dhcp-option DNS fd00:bla:0:8:9920::1,dhcp-option DOMAIN bla,route-ipv6 fd00:bla::/32,route-ipv6 fd00:1ab::/32,route-gateway 13.37.0.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 fd00:bla:a:0:1::29/64 fd00:bla:0:1::1,ifconfig 13.37.0.229 255.255.0.0,peer-id 54,cipher AES-256-GCM,protocol-flags cc-exit tls-ekm dyn-tls-crypt,tun-mtu 1500'
2026-01-17 19:48:51.814885 OPTIONS IMPORT: --ifconfig/up options modified
2026-01-17 19:48:51.814908 OPTIONS IMPORT: route options modified
2026-01-17 19:48:51.814920 OPTIONS IMPORT: route-related options modified
2026-01-17 19:48:51.814974 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2026-01-17 19:48:51.814985 OPTIONS IMPORT: tun-mtu set to 1500
2026-01-17 19:48:51.814996 Preserving previous TUN/TAP instance: utun4
2026-01-17 19:48:51.815252 Initialization Sequence Completed
2026-01-17 19:48:51.815299 MANAGEMENT: >STATE:1768675731,CONNECTED,SUCCESS,13.37.0.229,194.232.104.3,443,192.168.1.234,50187,fd00:bla:a:0:1::29
2026-01-17 19:48:51.815318 Data Channel: cipher 'AES-256-GCM', peer-id: 54, compression: 'lzo'
2026-01-17 19:48:51.815330 Timers: ping 10, ping-restart 120
2026-01-17 19:48:51.815343 Protocol options: protocol-flags cc-exit tls-ekm dyn-tls-crypt
2026-01-17 19:48:52.938545 *Tunnelblick: Warning: Could not obtain a list of DNS addresses that are expected
2026-01-17 19:48:53.007806 Connection reset, restarting [0]
2026-01-17 19:48:53.008393 SIGUSR1[soft,connection-reset] received, process restarting
2026-01-17 19:48:53.008464 MANAGEMENT: >STATE:1768675733,RECONNECTING,connection-reset,,,,,
2026-01-17 19:48:53.155030 *Tunnelblick: Delaying HOLD release for 1.000 seconds
2026-01-17 19:48:53.157658 *Tunnelblick: Routing info stdout:
route to: 208.67.220.220
destination: default
mask: default
gateway: 192.168.1.1
interface: en0
flags: <UP,GATEWAY,DONE,STATIC,PRCLONING,GLOBAL>
recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire
0 0 0 0 0 0 1500 0
stderr:

2026-01-17 19:48:53.157824 *Tunnelblick: Warning: DNS server Address 208.67.220.220 is a known public DNS server but is not being routed through the VPN
2026-01-17 19:48:54.479667 *Tunnelblick: Disconnecting; notification window disconnect button pressed
2026-01-17 19:48:54.627153 *Tunnelblick: Disconnecting using 'kill'
2026-01-17 19:48:54.798316 Closing TUN/TAP interface
2026-01-17 19:48:54.798337 /sbin/route delete -inet6 fd00:bla:a:0:1::29
delete host fd00:bla:a:0:1::29
2026-01-17 19:48:54.804340 /Library/Application Support/Tunnelblick/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -d -f -m -w -ptADGNWradsgnw utun4 0 0 13.37.0.229 255.255.0.0 init
19:48:55 *Tunnelblick: **********************************************
19:48:55 *Tunnelblick: Start of output from client.down.tunnelblick.sh
19:48:56 *Tunnelblick: WARNING: Not restoring network settings because no saved Tunnelblick DNS information was found.
19:48:56 *Tunnelblick: Flushed the DNS cache with dscacheutil -flushcache
19:48:56 *Tunnelblick: Notified mDNSResponder that the DNS cache was flushed
19:48:56 *Tunnelblick: Notified mDNSResponderHelper that the DNS cache was flushed
19:48:56 *Tunnelblick: End of output from client.down.tunnelblick.sh
19:48:56 *Tunnelblick: **********************************************
2026-01-17 19:48:56.211297 SIGTERM[hard,init_instance] received, process exiting
2026-01-17 19:48:56.211308 MANAGEMENT: >STATE:1768675736,EXITING,init_instance,,,,,
2026-01-17 19:48:56.694496 *Tunnelblick: Expected disconnection occurred.

================================================================================

Installer log:

2026-01-16 15:53:41.094022: Tunnelblick installer (build 6300) getuid() = 501; geteuid() = 0; getgid() = 20; getegid() = 20
currentDirectoryPath = '/'; 3 arguments:
0x0001 (ClearLog CopyConfig)
/Library/Application Support/Tunnelblick/Shared/bla.tblk
/private/var/folders/35/gfr5q8w17sv_x4chm7b5xqjh0000gn/T/net.tunnelblick.tunnelblick-JW5GsU/bla.tblk
2026-01-16 15:53:41.095922: Determined username 'meiksner' from getuid(): 501
2026-01-16 15:53:41.137717: renamex_np() succeeded renaming /Library/Application Support/Tunnelblick/installer-temp to /Library/Application Support/Tunnelblick/Shared/bla.tblk
2026-01-16 15:53:41.138840: Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Shared/bla.tblk
2026-01-16 15:53:41.139233: Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Shared/bla.tblk/Contents
2026-01-16 15:53:41.139468: Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Shared/bla.tblk/Contents/Resources
2026-01-16 15:53:41.139578: Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Shared/bla.tblk/Contents/Resources/client.crt
2026-01-16 15:53:41.139673: Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Shared/bla.tblk/Contents/Resources/ca.crt
2026-01-16 15:53:41.139763: Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Shared/bla.tblk/Contents/Resources/gtecdns6fix.sh
2026-01-16 15:53:41.139856: Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Shared/bla.tblk/Contents/Resources/config.ovpn
2026-01-16 15:53:41.139946: Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Shared/bla.tblk/Contents/Resources/client.key
2026-01-16 15:53:41.142975: Tunnelblick installer succeeded

================================================================================

Down log:

19:48:55 *Tunnelblick: **********************************************
19:48:55 *Tunnelblick: Start of output from client.down.tunnelblick.sh
19:48:56 *Tunnelblick: WARNING: Not restoring network settings because no saved Tunnelblick DNS information was found.
19:48:56 *Tunnelblick: Flushed the DNS cache with dscacheutil -flushcache
19:48:56 *Tunnelblick: Notified mDNSResponder that the DNS cache was flushed
19:48:56 *Tunnelblick: Notified mDNSResponderHelper that the DNS cache was flushed
19:48:56 *Tunnelblick: End of output from client.down.tunnelblick.sh
19:48:56 *Tunnelblick: **********************************************

================================================================================

Previous down log:

15:19:48 *Tunnelblick: **********************************************
15:19:48 *Tunnelblick: Start of output from client.down.tunnelblick.sh
15:19:49 *Tunnelblick: WARNING: Not restoring network settings because no saved Tunnelblick DNS information was found.
15:19:49 *Tunnelblick: Flushed the DNS cache with dscacheutil -flushcache
15:19:49 *Tunnelblick: Notified mDNSResponder that the DNS cache was flushed
15:19:49 *Tunnelblick: End of output from client.down.tunnelblick.sh
15:19:49 *Tunnelblick: **********************************************

================================================================================

Network services:

An asterisk (*) denotes that a network service is disabled.
USB 10/100/1000 LAN
Dell D3100 USB3.0 Dock
Thunderbolt Bridge
Wi-Fi

Wi-Fi Power (en0): On

================================================================================

ifconfig output:

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
anpi0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether c6:93:6d:83:b5:f5
media: none
status: inactive
anpi1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether c6:93:6d:83:b5:f6
media: none
status: inactive
en3: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether c6:93:6d:83:b5:d5
nd6 options=201<PERFORMNUD,DAD>
media: none
status: inactive
en4: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether c6:93:6d:83:b5:d6
nd6 options=201<PERFORMNUD,DAD>
media: none
status: inactive
en1: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=460<TSO4,TSO6,CHANNEL_IO>
ether 36:bb:5a:a9:25:c0
media: autoselect <full-duplex>
status: inactive
en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=460<TSO4,TSO6,CHANNEL_IO>
ether 36:bb:5a:a9:25:c4
media: autoselect <full-duplex>
status: inactive
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=63<RXCSUM,TXCSUM,TSO4,TSO6>
ether 36:bb:5a:a9:25:c0
Configuration:
id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
ipfilter disabled flags 0x0
member: en1 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 8 priority 0 path cost 0
member: en2 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 9 priority 0 path cost 0
nd6 options=201<PERFORMNUD,DAD>
media: <unknown type>
status: inactive
ap1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=6460<TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>
ether f2:3f:31:2f:6e:9e
nd6 options=201<PERFORMNUD,DAD>
media: autoselect (none)
status: inactive
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=6460<TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>
ether 66:4a:df:a1:5d:47
inet6 fe80::7c:6b58:cc4b:18da%en0 prefixlen 64 secured scopeid 0xb
inet6 fdcf:40b0:daf6:0:4a2:2d24:8d33:daaf prefixlen 64 autoconf secured
inet 192.168.1.234 netmask 0xffffff00 broadcast 192.168.1.255
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
awdl0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=6460<TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>
ether 12:ec:aa:cf:f7:26
inet6 fe80::10ec:aaff:fecf:f726%awdl0 prefixlen 64 scopeid 0xd
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
llw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether 12:ec:aa:cf:f7:26
inet6 fe80::10ec:aaff:fecf:f726%llw0 prefixlen 64 scopeid 0xe
nd6 options=201<PERFORMNUD,DAD>
media: autoselect (none)
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet6 fe80::c47b:3648:1ff6:ba8d%utun0 prefixlen 64 scopeid 0xf
nd6 options=201<PERFORMNUD,DAD>
utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
inet6 fe80::ad81:35:87bc:2d7e%utun1 prefixlen 64 scopeid 0x10
nd6 options=201<PERFORMNUD,DAD>
utun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
inet6 fe80::19da:d674:4f97:17ac%utun2 prefixlen 64 scopeid 0x11
nd6 options=201<PERFORMNUD,DAD>
utun3: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1000
inet6 fe80::ce81:b1c:bd2c:69e%utun3 prefixlen 64 scopeid 0x12
nd6 options=201<PERFORMNUD,DAD>

================================================================================

Non-Apple kexts that are loaded:

Index Refs Address Size Wired Name (Version) UUID <Linked Against>

================================================================================

Quit Log:

2026-01-16 16:14:30.986514 applicationShouldTerminate: termination because of Quit; delayed until 'shutdownTunnelblick' finishes)
2026-01-16 16:14:30.990288 shutDownTunnelblick: started.
2026-01-16 16:14:30.998899 shutDownTunnelblick: Starting cleanup.
2026-01-16 16:14:31.004650 cleanup: Entering cleanup
2026-01-16 16:14:31.010520 synchronized user defaults
2026-01-16 16:14:31.762916 shutDownTunnelblick: Cleanup finished.
2026-01-16 16:14:31.773295 Finished shutting down Tunnelblick; allowing termination

================================================================================

Traces Log:

================================================================================

Console Log:

bla

Tunnelblick Developer

unread,

3:08 PM (2 hours ago) 3:08 PM

to tunnelblick-discuss

1. Other things may have changed, in addition to macOS:

Your connection to the Internet,
The OpenVPN server's connection to the Internet,
The OpenVPN server,
The OpenVPN server's configuration.

2. You are using a non-Tunnelblick up/down script when the connection is made and un-made: "gtecdns6fix.sh". I don't know what's in that, but it's apparently writing out two messages:

2026-01-17 19:48:20.960889 GDG6: remote_host_ipv6=n/a
2026-01-17 19:48:20.960940 GDG6: problem writing to routing socket: No such process (errno=3)

either of them could indicate a problem (or not!). From the "dns6fix" part of the name, I'm guessing that the script does something with IPv6, so if there's no IPv6 address for the remote_host (the OpenVPN server), I imagine that could be a problem. Just speculation, but could the OpenVPN server's network changed and

3. However, I think this probably gives a clue to the immediate cause of the reconnection loop:

2026-01-17 19:48:21.037077 Connection reset, restarting [0]
2026-01-17 19:48:21.037499 SIGUSR1[soft,connection-reset] received, process restarting

So something is resetting the connection. It could be purposeful like the Great Firewall of China, or simply misbehaving network equipment, or something else.

The two warnings

"Warning: could not obtain a list of DNS addresses that are expected"

and

"Tunnelblick: Warning: DNS server Address 208.67.220.220 is a known public DNS server but is not being routed through the VPN"

would not cause the reset. They're just warnings, not errors, and may or may not indicate a problem, depending on a lot of other things.

Reply all

Reply to author

Forward

0 new messages