Tunnelblick is able to connect to OpenVPN server but i cannot see the Samba shares on the server side.
552 views
Skip to first unread message
Prograph
May 6, 2014, 2:11:08 PM5/6/14
to tunnelbli...@googlegroups.com
Below is a copy of the diagnostic info i printed from Tunnelblick. When i do connect to the OpenVPN server my Safari browser also stops working when the Tunnelblick VPN is active. I have changed certain information like user and server names to protect my data.
*Tunnelblick: OS X 10.9.2; Tunnelblick 3.4beta26 (build 3828); prior version 3.3.0 (build 3518); Admin user
"Sanitized" configuration file for /Users/username/Library/Application Support/Tunnelblick/Configurations/UserVPN.tblk:
# Automatically generated OpenVPN client config file
# Generated on Fri Nov 15 14:48:17 2013 by MyServer
# Note: this config file contains inline private keys
# and therefore should be kept confidential!
# Note: this configuration is user-locked to the username below
# OVPN_ACCESS_SERVER_USERNAME=username
# Define the profile name of this particular configuration file
# OVPN_ACCESS_SERVER_PROFILE=user...@myserver.com
# OVPN_ACCESS_SERVER_CLI_PREF_ALLOW_WEB_IMPORT=True
# OVPN_ACCESS_SERVER_CLI_PREF_ENABLE_CONNECT=True
# OVPN_ACCESS_SERVER_CLI_PREF_ENABLE_XD_PROXY=True
# OVPN_ACCESS_SERVER_WSHOST=myserver.com:443
# OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_START
# -----BEGIN CERTIFICATE-----
[Security-related line(s) omitted]
# -----END CERTIFICATE-----
# OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_STOP
# OVPN_ACCESS_SERVER_IS_OPENVPN_WEB_CA=1
# OVPN_ACCESS_SERVER_ORGANIZATION=OpenVPN Technologies, Inc.
setenv FORWARD_COMPATIBLE 1
client
server-poll-timeout 4
nobind
remote myserver.com 1194 udp
remote myserver.com 1194 udp
remote myserver.com 443 tcp
remote myserver.com 1194 udp
remote myserver.com 1194 udp
remote myserver.com 1194 udp
remote myserver.com 1194 udp
remote myserver.com 1194 udp
dev tun
dev-type tun
ns-cert-type server
reneg-sec 604800
sndbuf 100000
rcvbuf 100000
auth-user-pass
# NOTE: LZO commands are pushed by the Access Server at connect time.
# NOTE: The below line doesn't disable LZO.
comp-lzo no
verb 3
setenv PUSH_PEER_INFO
<ca>
[Security-related line(s) omitted]
</ca>
<cert>
[Security-related line(s) omitted]
</cert>
<key>
[Security-related line(s) omitted]
</key>
key-direction 1
<tls-auth>
[Security-related line(s) omitted]
</tls-auth>
## -----BEGIN RSA SIGNATURE-----
[Security-related line(s) omitted]
## -----END RSA SIGNATURE-----
## -----BEGIN CERTIFICATE-----
[Security-related line(s) omitted]
## -----END CERTIFICATE-----
## -----BEGIN CERTIFICATE-----
[Security-related line(s) omitted]
## -----END CERTIFICATE-----
================================================================================
There are no unusual files in UserVPN.tblk
================================================================================
Configuration preferences:
useDNS = 1
-routeAllTrafficThroughVpn = 1
-keychainHasUsernameAndPassword = 1
-lastConnectionSucceeded = 1
-tunnelDownSoundName = Glass
-tunnelUpSoundName = Glass
-prependDomainNameToSearchDomains = 0
================================================================================
Wildcard preferences:
================================================================================
Program preferences:
notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
askedUserIfOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
tunnelblickVersionHistory = (
"3.4beta26 (build 3828)",
"3.3.0 (build 3518)"
)
lastLaunchTime = 420978657.379863
showConnectedDurations = 1
connectionWindowDisplayCriteria = showWhenConnecting
maxLogDisplaySize = 102400
lastConnectedDisplayName = HowardVPN
installationUID (not shown)
keyboardShortcutIndex = 1
updateCheckAutomatically = 1
updateSendProfileInfo = 1
NSWindow Frame SettingsSheetWindow = 381 348 829 424 0 0 1280 778
NSWindow Frame ConnectingWindow = 434 405 412 260 0 0 1280 778
detailsWindowFrameVersion = 3828
detailsWindowFrame = {{276, 178}, {920, 468}}
detailsWindowLeftFrame = {{0, 0}, {164, 350}}
leftNavSelectedDisplayName = HowardVPN
haveDealtWithSparkle1dot5b6 = 1
haveDealtWithOldTunTapPreferences = 1
SUEnableAutomaticChecks = 1
SUFeedURL = https://www.tunnelblick.net/appcast-b.rss
SUScheduledCheckInterval = 86400
SUSendProfileInfo = 1
SULastCheckTime = 2014-05-05 10:30:57 +0000
SULastProfileSubmissionDate = 2014-05-05 10:30:57 +0000
SUHasLaunchedBefore = 1
WebKitDefaultFontSize = 11
WebKitStandardFont = Lucida Grande
================================================================================
Tunnelblick Log:
2014-05-06 19:34:23 *Tunnelblick: openvpnstart starting OpenVPN
2014-05-06 19:34:25 OpenVPN 2.2.1 i386-apple-darwin10.8.0 [SSL] [LZO2] [PKCS11] [eurephia] built on May 2 2014
2014-05-06 19:34:25 MANAGEMENT: TCP Socket listening on 127.0.0.1:1337
2014-05-06 19:34:25 Need hold release from management interface, waiting...
2014-05-06 19:34:25 MANAGEMENT: Client connected from 127.0.0.1:1337
2014-05-06 19:34:25 MANAGEMENT: CMD 'pid'
2014-05-06 19:34:25 MANAGEMENT: CMD 'state on'
2014-05-06 19:34:25 MANAGEMENT: CMD 'state'
2014-05-06 19:34:25 MANAGEMENT: CMD 'bytecount 1'
2014-05-06 19:34:25 MANAGEMENT: CMD 'hold release'
2014-05-06 19:34:25 *Tunnelblick: Established communication with OpenVPN
2014-05-06 19:34:25 *Tunnelblick: Obtained VPN username and password from the Keychain
2014-05-06 19:34:25 MANAGEMENT: CMD 'username "Auth" "[myusername]"'
2014-05-06 19:34:25 MANAGEMENT: CMD 'password [...]'
2014-05-06 19:34:25 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2014-05-06 19:34:25 Control Channel Authentication: tls-auth using INLINE static key file
2014-05-06 19:34:25 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2014-05-06 19:34:25 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2014-05-06 19:34:25 LZO compression initialized
2014-05-06 19:34:25 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
2014-05-06 19:34:25 Socket Buffers: R=[196724->100000] S=[9216->100000]
2014-05-06 19:34:25 MANAGEMENT: >STATE:1399397665,RESOLVE,,,
2014-05-06 19:34:25 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
2014-05-06 19:34:25 Local Options hash (VER=V4): '504e774e'
2014-05-06 19:34:25 Expected Remote Options hash (VER=V4): '14168603'
2014-05-06 19:34:25 UDPv4 link local: [undef]
2014-05-06 19:34:25 UDPv4 link remote: 105.225.92.106:1194
2014-05-06 19:34:25 MANAGEMENT: >STATE:1399397665,WAIT,,,
2014-05-06 19:34:26 MANAGEMENT: >STATE:1399397666,AUTH,,,
2014-05-06 19:34:26 TLS: Initial packet from 105.225.92.106:1194, sid=c55d6936 eff1f705
2014-05-06 19:34:26 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2014-05-06 19:34:26 VERIFY OK: depth=1, /CN=OpenVPN_CA
2014-05-06 19:34:26 VERIFY OK: nsCertType=SERVER
2014-05-06 19:34:26 VERIFY OK: depth=0, /CN=OpenVPN_Server
2014-05-06 19:34:37 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
2014-05-06 19:34:37 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2014-05-06 19:34:37 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
2014-05-06 19:34:37 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2014-05-06 19:34:37 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
2014-05-06 19:34:37 [OpenVPN_Server] Peer Connection Initiated with 105.225.92.106:1194
2014-05-06 19:34:38 MANAGEMENT: >STATE:1399397678,GET_CONFIG,,,
2014-05-06 19:34:39 SENT CONTROL [OpenVPN_Server]: 'PUSH_REQUEST' (status=1)
2014-05-06 19:34:45 SENT CONTROL [OpenVPN_Server]: 'PUSH_REQUEST' (status=1)
2014-05-06 19:34:50 SENT CONTROL [OpenVPN_Server]: 'PUSH_REQUEST' (status=1)
2014-05-06 19:34:51 PUSH: Received control message: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 12,ping-restart 50,auth-token SESS_ID_GmthRrIL3v8kD1UzKjZfvw==,comp-lzo no,redirect-private def1,redirect-private bypass-dhcp,redirect-private autolocal,redirect-private bypass-dns,route-gateway 172.27.232.1,route 192.168.25.0 255.255.255.0,route 172.27.224.0 255.255.240.0,block-ipv6,ifconfig 172.27.232.13 255.255.252.0'
2014-05-06 19:34:51 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: dhcp-pre-release (2.2.1)
2014-05-06 19:34:51 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:5: dhcp-renew (2.2.1)
2014-05-06 19:34:51 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:6: dhcp-release (2.2.1)
2014-05-06 19:34:51 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:10: auth-token (2.2.1)
2014-05-06 19:34:51 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:19: block-ipv6 (2.2.1)
2014-05-06 19:34:51 OPTIONS IMPORT: timers and/or timeouts modified
2014-05-06 19:34:51 OPTIONS IMPORT: explicit notify parm(s) modified
2014-05-06 19:34:51 OPTIONS IMPORT: LZO parms modified
2014-05-06 19:34:51 OPTIONS IMPORT: --ifconfig/up options modified
2014-05-06 19:34:51 OPTIONS IMPORT: route options modified
2014-05-06 19:34:51 OPTIONS IMPORT: route-related options modified
2014-05-06 19:34:51 ROUTE default_gateway=10.0.0.2
2014-05-06 19:34:51 TUN/TAP device /dev/tun0 opened
2014-05-06 19:34:51 MANAGEMENT: >STATE:1399397691,ASSIGN_IP,,172.27.232.13,
2014-05-06 19:34:51 /sbin/ifconfig tun0 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2014-05-06 19:34:51 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2014-05-06 19:34:51 /sbin/ifconfig tun0 172.27.232.13 172.27.232.13 netmask 255.255.252.0 mtu 1500 up
2014-05-06 19:34:51 /sbin/route add -net 172.27.232.0 172.27.232.13 255.255.252.0
add net 172.27.232.0: gateway 172.27.232.13
2014-05-06 19:34:51 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -f -ptADGNWradsgnw tun0 1500 1542 172.27.232.13 255.255.252.0 init
**********************************************
Start of output from client.up.tunnelblick.sh
No network configuration changes need to be made.
Will NOT monitor for other network configuration changes.
End of output from client.up.tunnelblick.sh
**********************************************
2014-05-06 19:34:58 /sbin/route add -net 105.225.92.106 10.0.0.2 255.255.255.255
add net 105.225.92.106: gateway 10.0.0.2
2014-05-06 19:34:58 /sbin/route add -net 0.0.0.0 172.27.232.1 128.0.0.0
add net 0.0.0.0: gateway 172.27.232.1
2014-05-06 19:34:58 /sbin/route add -net 128.0.0.0 172.27.232.1 128.0.0.0
add net 128.0.0.0: gateway 172.27.232.1
2014-05-06 19:34:58 MANAGEMENT: >STATE:1399397698,ADD_ROUTES,,,
2014-05-06 19:34:58 /sbin/route add -net 192.168.25.0 172.27.232.1 255.255.255.0
add net 192.168.25.0: gateway 172.27.232.1
2014-05-06 19:34:58 /sbin/route add -net 172.27.224.0 172.27.232.1 255.255.240.0
add net 172.27.224.0: gateway 172.27.232.1
2014-05-06 19:34:58 Initialization Sequence Completed
2014-05-06 19:34:58 MANAGEMENT: >STATE:1399397698,CONNECTED,SUCCESS,172.27.232.13,105.225.92.106
2014-05-06 19:34:58 *Tunnelblick: No 'connected.sh' script to execute
================================================================================
Console Log:
2014-05-06 19:34:25 Tunnelblick[8998] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-UserVPN' account = 'username'
2014-05-06 19:34:25 Tunnelblick[8998] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-UserVPN' account = 'password'
================================================================================
Non-Apple kexts that are loaded:
Index Refs Address Size Wired Name (Version) <Linked Against>
19 0 0xffffff7f80c99000 0x1a000 0x1a000 com.rim.driver.BlackBerryUSBDriverInt (0.0.97) <18 17 16 14 13 5 4 3 1>
272 0 0xffffff7f82422000 0x6000 0x6000 de.novamedia.driver.NMSmartplugSCSIDevice (1.0.1) <271 269 268 16 15 14 13 5 4 3 1>
343 0 0xffffff7f82322000 0x6000 0x6000 net.tunnelblick.tun (1.0) <7 5 4 1>
jkbull...gmail.com
May 6, 2014, 2:32:30 PM5/6/14
to tunnelbli...@googlegroups.com, how...@jansentarmac.co.za
Thanks for providing the diagnostic info. I have three comments/suggestions.
A. Your OpenVPN server is not "pushing" any DNS servers, which is unusual. You might want to look into that.
2014-05-06 19:34:51 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: dhcp-pre-release (2.2.1)2014-05-06 19:34:51 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:5: dhcp-renew (2.2.1)2014-05-06 19:34:51 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:6: dhcp-release (2.2.1)2014-05-06 19:34:51 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:10: auth-token (2.2.1)2014-05-06 19:34:51 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:19: block-ipv6 (2.2.1)
Try using OpenVPN 2.3.4.
(The OpenVPN version can be sspecified for each configuration on the "Settings" tab of the "VPN Details…" window: First select the configuration(s) you want to change, then select the version of OpenVPN you want the configuration(s) to use.)
C. Give Tunnelblick at least 90 seconds after connecting to check if the apparent public IP address changes when you connect. The Tunnelblick log should show an entry if it succeeds. If it doesn't, you should get a window telling you that it failed. There should also be Console log entries that give details of any problems that occur. It looks like you clicked the "Copy Diagnostic Info to Clipboard" button before it started the IP address checking process. (If there aren't problems, the IP address checking takes almost no time, but it can take a lot longer if there are routing or DNS problems, which I think is your situation.)
On Tuesday, May 6, 2014 2:11:08 PM UTC-4, Prograph wrote:
Below is a copy of the diagnostic info i printed from Tunnelblick. When i do connect to the OpenVPN server my Safari browser also stops working when the Tunnelblick VPN is active. I have changed certain information like user and server names to protect my data.*Tunnelblick: OS X 10.9.2; Tunnelblick 3.4beta26 (build 3828); prior version 3.3.0 (build 3518); Admin user"Sanitized" configuration file for /Users/username/Library/Application Support/Tunnelblick/Configurations/UserVPN.tblk:# Automatically generated OpenVPN client config file# Generated on Fri Nov 15 14:48:17 2013 by MyServer# Note: this config file contains inline private keys# and therefore should be kept confidential!# Note: this configuration is user-locked to the username below# OVPN_ACCESS_SERVER_USERNAME=username# Define the profile name of this particular configuration file
# OVPN_ACCESS_SERVER_PROFILE=usern...@myserver.com
Reply all
Reply to author
Forward
0 new messages