blocked connection "event_wait : Interrupted system call (code=4)"
7,452 views
Skip to first unread message
nicolas galeazzi
Jun 9, 2010, 12:19:53 AM6/9/10
to tunnelblick-discuss
Hi
Since I changed my MacBook Pro, the access to my proxy is not working
anymore. It tries to enter but after a while tunellblick gets dark
gray!
The support service of my proxy is saying the crucial line in my
logfile is the following: "event_wait : Interrupted system call
(code=4)"
Any idea how to solve the problem?
Below you find the whole logfile.
Thanks for help!
Peter
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
2010-06-09 06:11:00 *Tunnelblick: OS X 10.6.3; Tunnelblick 3.0 (build
1437); OpenVPN 2.1.1
2010-06-09 06:11:01 *Tunnelblick: Attempting connection with
trackbuster.conf; Set nameserver = 1; monitoring connection
2010-06-09 06:11:01 *Tunnelblick: /Applications/Tunnelblick.app/
Contents/Resources/openvpnstart start trackbuster.conf 1337 1 0 0 0
2010-06-09 06:11:01 *Tunnelblick: /Applications/Tunnelblick.app/
Contents/Resources/openvpn --management-query-passwords --cd /Users/
nyg/Library/Application Support/Tunnelblick/Configurations --daemon --
management-hold --management 127.0.0.1 1337 --config /Users/nyg/
Library/Application Support/Tunnelblick/Configurations/
trackbuster.conf --script-security 2 --up "/Applications/
Tunnelblick.app/Contents/Resources/client.up.osx.sh" --down "/
Applications/Tunnelblick.app/Contents/Resources/client.down.osx.sh" --
up-restart
2010-06-09 06:11:02 SUCCESS: pid=23451
2010-06-09 06:11:02 SUCCESS: real-time state notification set to ON
2010-06-09 06:11:02 SUCCESS: real-time log notification set to ON
2010-06-09 06:11:01 OpenVPN 2.1.1 i386-apple-darwin10.2.0 [SSL] [LZO2]
[PKCS11] built on Feb 24 2010
2010-06-09 06:11:02 END
2010-06-09 06:11:02 SUCCESS: hold release succeeded
2010-06-09 06:11:02 but not yet verified
2010-06-09 06:11:02 but not yet verified
2010-06-09 06:11:02 based on an official port number assignment by
IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
2010-06-09 06:11:02 WARNING: No server certificate verification method
has been enabled. See http://openvpn.net/howto.html#mitm for more
info.
2010-06-09 06:11:02 NOTE: the current --script-security setting may
allow this configuration to call user-defined scripts
2010-06-09 06:11:03 WARNING: file 'client.key' is group or others
accessible
2010-06-09 06:11:03 WARNING: file 'ta.key' is group or others
accessible
2010-06-09 06:11:03 Control Channel Authentication: using 'ta.key' as
a OpenVPN static key file
2010-06-09 06:11:03 LZO compression initialized
2010-06-09 06:11:03 choosing one by random
2010-06-09 06:11:03 UDPv4 link local (bound): [undef]:1194
2010-06-09 06:11:03 UDPv4 link remote: 87.118.116.196:1194
2010-06-09 06:12:03 TLS Error: TLS key negotiation failed to occur
within 60 seconds (check your network connectivity)
2010-06-09 06:12:03 TLS Error: TLS handshake failed
2010-06-09 06:12:03 process restarting
2010-06-09 06:12:03 SUCCESS: hold release succeeded
2010-06-09 06:12:03 based on an official port number assignment by
IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
2010-06-09 06:12:03 WARNING: No server certificate verification method
has been enabled. See http://openvpn.net/howto.html#mitm for more
info.
2010-06-09 06:12:03 NOTE: the current --script-security setting may
allow this configuration to call user-defined scripts
2010-06-09 06:12:03 Re-using SSL/TLS context
2010-06-09 06:12:03 LZO compression initialized
2010-06-09 06:12:03 choosing one by random
2010-06-09 06:12:03 UDPv4 link local (bound): [undef]:1194
2010-06-09 06:12:03 UDPv4 link remote: 62.141.54.181:1194
2010-06-09 06:13:03 TLS Error: TLS key negotiation failed to occur
within 60 seconds (check your network connectivity)
2010-06-09 06:13:03 TLS Error: TLS handshake failed
2010-06-09 06:13:03 process restarting
2010-06-09 06:13:03 SUCCESS: hold release succeeded
2010-06-09 06:13:03 based on an official port number assignment by
IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
2010-06-09 06:13:03 WARNING: No server certificate verification method
has been enabled. See http://openvpn.net/howto.html#mitm for more
info.
2010-06-09 06:13:03 NOTE: the current --script-security setting may
allow this configuration to call user-defined scripts
2010-06-09 06:13:03 Re-using SSL/TLS context
2010-06-09 06:13:03 LZO compression initialized
2010-06-09 06:13:03 choosing one by random
Since I changed my MacBook Pro, the access to my proxy is not working
anymore. It tries to enter but after a while tunellblick gets dark
gray!
The support service of my proxy is saying the crucial line in my
logfile is the following: "event_wait : Interrupted system call
(code=4)"
Any idea how to solve the problem?
Below you find the whole logfile.
Thanks for help!
Peter
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
2010-06-09 06:11:00 *Tunnelblick: OS X 10.6.3; Tunnelblick 3.0 (build
1437); OpenVPN 2.1.1
2010-06-09 06:11:01 *Tunnelblick: Attempting connection with
trackbuster.conf; Set nameserver = 1; monitoring connection
2010-06-09 06:11:01 *Tunnelblick: /Applications/Tunnelblick.app/
Contents/Resources/openvpnstart start trackbuster.conf 1337 1 0 0 0
2010-06-09 06:11:01 *Tunnelblick: /Applications/Tunnelblick.app/
Contents/Resources/openvpn --management-query-passwords --cd /Users/
nyg/Library/Application Support/Tunnelblick/Configurations --daemon --
management-hold --management 127.0.0.1 1337 --config /Users/nyg/
Library/Application Support/Tunnelblick/Configurations/
trackbuster.conf --script-security 2 --up "/Applications/
Tunnelblick.app/Contents/Resources/client.up.osx.sh" --down "/
Applications/Tunnelblick.app/Contents/Resources/client.down.osx.sh" --
up-restart
2010-06-09 06:11:02 SUCCESS: pid=23451
2010-06-09 06:11:02 SUCCESS: real-time state notification set to ON
2010-06-09 06:11:02 SUCCESS: real-time log notification set to ON
2010-06-09 06:11:01 OpenVPN 2.1.1 i386-apple-darwin10.2.0 [SSL] [LZO2]
[PKCS11] built on Feb 24 2010
2010-06-09 06:11:02 END
2010-06-09 06:11:02 SUCCESS: hold release succeeded
2010-06-09 06:11:02 but not yet verified
2010-06-09 06:11:02 but not yet verified
2010-06-09 06:11:02 based on an official port number assignment by
IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
2010-06-09 06:11:02 WARNING: No server certificate verification method
has been enabled. See http://openvpn.net/howto.html#mitm for more
info.
2010-06-09 06:11:02 NOTE: the current --script-security setting may
allow this configuration to call user-defined scripts
2010-06-09 06:11:03 WARNING: file 'client.key' is group or others
accessible
2010-06-09 06:11:03 WARNING: file 'ta.key' is group or others
accessible
2010-06-09 06:11:03 Control Channel Authentication: using 'ta.key' as
a OpenVPN static key file
2010-06-09 06:11:03 LZO compression initialized
2010-06-09 06:11:03 choosing one by random
2010-06-09 06:11:03 UDPv4 link local (bound): [undef]:1194
2010-06-09 06:11:03 UDPv4 link remote: 87.118.116.196:1194
2010-06-09 06:12:03 TLS Error: TLS key negotiation failed to occur
within 60 seconds (check your network connectivity)
2010-06-09 06:12:03 TLS Error: TLS handshake failed
2010-06-09 06:12:03 process restarting
2010-06-09 06:12:03 SUCCESS: hold release succeeded
2010-06-09 06:12:03 based on an official port number assignment by
IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
2010-06-09 06:12:03 WARNING: No server certificate verification method
has been enabled. See http://openvpn.net/howto.html#mitm for more
info.
2010-06-09 06:12:03 NOTE: the current --script-security setting may
allow this configuration to call user-defined scripts
2010-06-09 06:12:03 Re-using SSL/TLS context
2010-06-09 06:12:03 LZO compression initialized
2010-06-09 06:12:03 choosing one by random
2010-06-09 06:12:03 UDPv4 link local (bound): [undef]:1194
2010-06-09 06:12:03 UDPv4 link remote: 62.141.54.181:1194
2010-06-09 06:13:03 TLS Error: TLS key negotiation failed to occur
within 60 seconds (check your network connectivity)
2010-06-09 06:13:03 TLS Error: TLS handshake failed
2010-06-09 06:13:03 process restarting
2010-06-09 06:13:03 SUCCESS: hold release succeeded
2010-06-09 06:13:03 based on an official port number assignment by
IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
2010-06-09 06:13:03 WARNING: No server certificate verification method
has been enabled. See http://openvpn.net/howto.html#mitm for more
info.
2010-06-09 06:13:03 NOTE: the current --script-security setting may
allow this configuration to call user-defined scripts
2010-06-09 06:13:03 Re-using SSL/TLS context
2010-06-09 06:13:03 LZO compression initialized
2010-06-09 06:13:03 choosing one by random
jkbull...gmail.com
Jun 9, 2010, 7:46:14 AM6/9/10
to tunnelblick-discuss
Actually, the problem is here:
TLS Error: TLS key negotiation failed to occur within 60 seconds
(check your network connectivity)
This says that the connection failed, and it is being attempted again.
(Note: the "event_wait : Interrupted system call (code=4)" message
appears when you "disconnect" the configuration. It appears because of
the method that Tunnelblick uses to disconnect. It doesn't appear in
the log extract that you submitted, so I can't be sure, but I don't
think this has anything to do with your problem.)
The TLS handshake failure is usually a problem with UPD being blocked
by a firewall somewhere between your computer and the VPN server
(which you are calling a "proxy").
You didn't post your configuration file, but if it has a line like
"proto udp", try changing that to "proto tcp". If not, please post
your configuration file, but if actual keys and certificates are
included, X them out. (You don't need to X out the name of files that
have keys or certificates, though.)
Please post whether or not any of this helps.
------------------------------------
The following are some comments found on the web about this error
message, perhaps one of these apply here:
"We switched to TCP and commented out the 'tls-auth ta.key 1' and
changed the 'remote' host / port."
"It is not uncommon that some cheap home ADSL routers does not like
UDP, and that TCP works better."
"If you're sure you have solid Internet connectivity and no firewall
(on your local network or router) is blocking, then the culprit is
likely third party security software on your computer. List of some
problematic software: http://wiki.witopia.net/wiki/Conflicting_Software"
"Set the port to be 53 (rather than 1194)"
"The only explanation I can come up with is your router has a bug with
UDP streaming. You would have to try to deploy a firmware update on
the router to see if it was fixed. Otherwise you'll have to replace
the router."
TLS Error: TLS key negotiation failed to occur within 60 seconds
(check your network connectivity)
TLS Error: TLS handshake failed
process restarting
This says that the connection failed, and it is being attempted again.
(Note: the "event_wait : Interrupted system call (code=4)" message
appears when you "disconnect" the configuration. It appears because of
the method that Tunnelblick uses to disconnect. It doesn't appear in
the log extract that you submitted, so I can't be sure, but I don't
think this has anything to do with your problem.)
The TLS handshake failure is usually a problem with UPD being blocked
by a firewall somewhere between your computer and the VPN server
(which you are calling a "proxy").
You didn't post your configuration file, but if it has a line like
"proto udp", try changing that to "proto tcp". If not, please post
your configuration file, but if actual keys and certificates are
included, X them out. (You don't need to X out the name of files that
have keys or certificates, though.)
Please post whether or not any of this helps.
------------------------------------
The following are some comments found on the web about this error
message, perhaps one of these apply here:
"We switched to TCP and commented out the 'tls-auth ta.key 1' and
changed the 'remote' host / port."
"It is not uncommon that some cheap home ADSL routers does not like
UDP, and that TCP works better."
"If you're sure you have solid Internet connectivity and no firewall
(on your local network or router) is blocking, then the culprit is
likely third party security software on your computer. List of some
problematic software: http://wiki.witopia.net/wiki/Conflicting_Software"
"Set the port to be 53 (rather than 1194)"
"The only explanation I can come up with is your router has a bug with
UDP streaming. You would have to try to deploy a firmware update on
the router to see if it was fixed. Otherwise you'll have to replace
the router."
nicolas galeazzi
Jun 12, 2010, 4:12:04 AM6/12/10
to tunnelblick-discuss
Hi,
Thanks for that!!!
I replaced proto tcp, but i still have the problem.
I also use the computer in many different networks, but Tunnelblick
doesn't find access.
I don't find the problem....
So , I place here, as you sugested, my configuration file. I hope I XX
out the right stuff....
client
dev tap
proto tcp
float
remote anonymous.trackbuster.com 1194
resolv-retry infinite
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
cipher XXXXXXXXX
tls-auth ta.key 1
comp-lzo
verb 1
mute 20
auth-user-pass
tls-client
fragment 1300
Thansk for any reply!!
Thanks for that!!!
I replaced proto tcp, but i still have the problem.
I also use the computer in many different networks, but Tunnelblick
doesn't find access.
I don't find the problem....
So , I place here, as you sugested, my configuration file. I hope I XX
out the right stuff....
client
dev tap
proto tcp
float
remote anonymous.trackbuster.com 1194
resolv-retry infinite
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
cipher XXXXXXXXX
tls-auth ta.key 1
comp-lzo
verb 1
mute 20
auth-user-pass
tls-client
fragment 1300
Thansk for any reply!!
jkbull...gmail.com
Jun 12, 2010, 7:40:04 AM6/12/10
to tunnelblick-discuss
Question: In your first post you mention that this problem is "Since I
changed my MacBook Pro". What changes did you make?
Since you are paying trackbuster.com to provide you with VPN service,
they should provide tech support to you and should be helping you with
this problem.
However, here are some things you can try. Be sure to make a backup
copy of your configuration file and key and certificate files before
making changes.
If you have "Little Snitch" or other firewall software running, you
need to add a rule to allow UDP and TCP 1194 to
anonymous.trackbuster.com
Try getting new .crt and .key files from trackbuster.com -- download
them again and replace the existing ones.
Since the connection worked before the changes to your computer, the
following shouldn't be necessary unless something changed at
trackbuster.com:
Try changing the tls-auth direction parameter by changing
> tls-auth ta.key 1
so it looks like
> tls-auth ta.key 0
and also try it without any number after the "ta.key":
> tls-auth ta.key
Try skipping the tls-auth option by commenting out
> tls-auth ta.key 1
so it looks like
> # tls-auth ta.key 1
Try skipping the fragment option by commenting out
> fragment 1300
so it looks like
> # fragment 1300
Try using tun instead of tap by changing
> dev tap
to
> dev tun
Try each of the above with "proto udp" and with "proto tcp"
Please let us know how it goes.
PS - If you click the star just above the first post on this page, it
will turn yellow (if you are logged in) and you will get an email when
anyone posts a reply to this thread.
changed my MacBook Pro". What changes did you make?
Since you are paying trackbuster.com to provide you with VPN service,
they should provide tech support to you and should be helping you with
this problem.
However, here are some things you can try. Be sure to make a backup
copy of your configuration file and key and certificate files before
making changes.
If you have "Little Snitch" or other firewall software running, you
need to add a rule to allow UDP and TCP 1194 to
anonymous.trackbuster.com
Try getting new .crt and .key files from trackbuster.com -- download
them again and replace the existing ones.
Since the connection worked before the changes to your computer, the
following shouldn't be necessary unless something changed at
trackbuster.com:
Try changing the tls-auth direction parameter by changing
> tls-auth ta.key 1
so it looks like
> tls-auth ta.key 0
and also try it without any number after the "ta.key":
> tls-auth ta.key
Try skipping the tls-auth option by commenting out
> tls-auth ta.key 1
so it looks like
> # tls-auth ta.key 1
Try skipping the fragment option by commenting out
> fragment 1300
so it looks like
> # fragment 1300
Try using tun instead of tap by changing
> dev tap
to
> dev tun
Try each of the above with "proto udp" and with "proto tcp"
Please let us know how it goes.
PS - If you click the star just above the first post on this page, it
will turn yellow (if you are logged in) and you will get an email when
anyone posts a reply to this thread.
Reply all
Reply to author
Forward
0 new messages