Connected but no access to internal network

[Yuchen Wang]

I installed Tunnelblick 3.2beta28 (build 2714) with OpenVPN 2.1.4 on my macbook, running Lion. 

When I tried to connect to my router running Tomato VPN firmware, it connects with no problem, but I can't never get access to another internal network resource. 

My home ip subnet is 192.168.2.0/255.255.255.0

VPN subnet is 192.168.1.0/255.255.255.0

Please help. Following is the log:

2011-08-03 18:25:14 *Tunnelblick: OS X 10.7.0; Tunnelblick 3.2beta28 (build 2714); OpenVPN 2.1.4

2011-08-03 18:25:14 *Tunnelblick: Attempting connection with home; Set nameserver = 1; monitoring connection

2011-08-03 18:25:14 *Tunnelblick: /Applications/Tunnelblick.app/Contents/Resources/openvpnstart start home.tblk 1337 1 0 0 0 114 

2011-08-03 18:25:14 OpenVPN 2.1.4 i386-apple-darwin10.8.0 [SSL] [LZO2] [PKCS11] built on Jul 31 2011

2011-08-03 18:25:14 MANAGEMENT: TCP Socket listening on 127.0.0.1:1337

2011-08-03 18:25:14 Need hold release from management interface, waiting...

2011-08-03 18:25:14 MANAGEMENT: Client connected from 127.0.0.1:1337

2011-08-03 18:25:14 MANAGEMENT: CMD 'pid'

2011-08-03 18:25:14 MANAGEMENT: CMD 'state on'

2011-08-03 18:25:14 MANAGEMENT: CMD 'state'

2011-08-03 18:25:14 MANAGEMENT: CMD 'hold release'

2011-08-03 18:25:14 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

2011-08-03 18:25:14 *Tunnelblick: openvpnstart: /Applications/Tunnelblick.app/Contents/Resources/openvpn --cd /Users/yuchen/Library/Application Support/Tunnelblick/Configurations/home.tblk/Contents/Resources --daemon --management 127.0.0.1 1337 --config /Users/yuchen/Library/Application Support/Tunnelblick/Configurations/home.tblk/Contents/Resources/config.ovpn --log /Library/Application Support/Tunnelblick/Logs/-SUsers-Syuchen-SLibrary-SApplication Support-STunnelblick-SConfigurations-Shome.tblk-SContents-SResources-Sconfig.ovpn.1_0_0_0_114.1337.openvpn.log --management-query-passwords --management-hold --script-security 2 --up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -a --down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -a --up-restart

2011-08-03 18:25:14 *Tunnelblick: Established communication with OpenVPN

2011-08-03 18:25:14 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2011-08-03 18:25:14 LZO compression initialized

2011-08-03 18:25:14 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]

2011-08-03 18:25:14 Socket Buffers: R=[42080->65536] S=[9216->65536]

2011-08-03 18:25:14 MANAGEMENT: >STATE:1312421114,RESOLVE,,,

2011-08-03 18:25:14 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]

2011-08-03 18:25:14 Local Options hash (VER=V4): 'd79ca330'

2011-08-03 18:25:14 Expected Remote Options hash (VER=V4): 'f7df56b8'

2011-08-03 18:25:14 UDPv4 link local: [undef]

2011-08-03 18:25:14 UDPv4 link remote: 64.201.xxx.xxx:1194

2011-08-03 18:25:14 MANAGEMENT: >STATE:1312421114,WAIT,,,

2011-08-03 18:25:14 MANAGEMENT: >STATE:1312421114,AUTH,,,

2011-08-03 18:25:14 TLS: Initial packet from 64.201.xxx.xxx:1194, sid=fc7a8585 ed84edd8

2011-08-03 18:25:14 VERIFY OK: depth=1, /C=US/ST=CA/L=SUNNYVALE/O=CLINGMARKS/OU=Home/CN=Tomato/emailAddress=ad...@clingmarks.com

2011-08-03 18:25:14 VERIFY OK: depth=0, /C=US/ST=CA/O=CLINGMARKS/OU=Home/CN=Tomato/emailAddress=ad...@clingmarks.com

2011-08-03 18:25:16 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key

2011-08-03 18:25:16 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

2011-08-03 18:25:16 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key

2011-08-03 18:25:16 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

2011-08-03 18:25:19 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA

2011-08-03 18:25:19 [Tomato] Peer Connection Initiated with 64.201.xxx.xxx:1194

2011-08-03 18:25:20 MANAGEMENT: >STATE:1312421120,GET_CONFIG,,,

2011-08-03 18:25:21 SENT CONTROL [Tomato]: 'PUSH_REQUEST' (status=1)

2011-08-03 18:25:21 PUSH: Received control message: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0,route 192.168.1.1,topology net30,ping 15,ping-restart 60,ifconfig 192.168.1.6 192.168.1.5'

2011-08-03 18:25:21 OPTIONS IMPORT: timers and/or timeouts modified

2011-08-03 18:25:21 OPTIONS IMPORT: --ifconfig/up options modified

2011-08-03 18:25:21 OPTIONS IMPORT: route options modified

2011-08-03 18:25:21 WARNING: Since you are using --dev tap, the second argument to --ifconfig must be a netmask, for example something like 255.255.255.0. (silence this warning with --ifconfig-nowarn)

2011-08-03 18:25:21 ROUTE default_gateway=192.168.188.254

2011-08-03 18:25:21 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options

2011-08-03 18:25:21 OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.2.0

2011-08-03 18:25:21 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options

2011-08-03 18:25:21 OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.1.1

2011-08-03 18:25:21 TUN/TAP device /dev/tap0 opened

2011-08-03 18:25:21 MANAGEMENT: >STATE:1312421121,ASSIGN_IP,,192.168.1.6,

2011-08-03 18:25:21 /sbin/ifconfig tap0 delete

                                        ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address

2011-08-03 18:25:21 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure

2011-08-03 18:25:21 /sbin/ifconfig tap0 192.168.1.6 netmask 192.168.1.5 mtu 1500 up

2011-08-03 18:25:21 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -a tap0 1500 1574 192.168.1.6 192.168.1.5 init

2011-08-03 18:25:23 Initialization Sequence Completed

2011-08-03 18:25:23 MANAGEMENT: >STATE:1312421123,CONNECTED,SUCCESS,192.168.1.6,64.201.xxx.xxx

2011-08-03 18:25:23 *Tunnelblick: Flushed the DNS cache

2011-08-03 18:25:26 *Tunnelblick client.up.tunnelblick.sh: Sleeping for 0 seconds to wait for DHCP to finish setup.

2011-08-03 18:25:26 *Tunnelblick client.up.tunnelblick.sh: Sleeping for 1 seconds to wait for DHCP to finish setup.

2011-08-03 18:25:27 *Tunnelblick client.up.tunnelblick.sh: Sleeping for 2 seconds to wait for DHCP to finish setup.

2011-08-03 18:25:29 *Tunnelblick client.up.tunnelblick.sh: Sleeping for 3 seconds to wait for DHCP to finish setup.

2011-08-03 18:25:33 *Tunnelblick client.up.tunnelblick.sh: Sleeping for 4 seconds to wait for DHCP to finish setup.

[jkbull...gmail.com]

There seem to be some problems with the OpenVPN configuration info being pushed by Tomato:

2011-08-03 18:25:21 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options

2011-08-03 18:25:21 OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.2.0

I think the second message is a result of the first.

I think the repeated

2011-08-03 18:25:26 *Tunnelblick client.up.tunnelblick.sh: Sleeping for 0 seconds to wait for DHCP to finish setup.

messages are a result of the original problem, since the routing isn't correct, although it is possible it is some other problem. Fix the routing issue first and see if this disappears.

You might want to consult the OpenVPN Documentation, or ask on the OpenVPN Users Forum.