This computer's apparent public IP address was not different after connecting to client1.

rocke...@gmail.com

unread,

Apr 10, 2017, 12:15:09 AM4/10/17

to tunnelblick-discuss

Hi,

I am hoping someone can help me to resolve "Why my public ip address aren't change after I connected to VPN". I am running the server and client at home (locally). And I am using this site to review my public ip (https://www.dnsleaktest.com/)

Thank you for taking the time to look into this for me.

---------

Background :

* Installed and Configure openvpn on ubuntu server 16.04 as openvpn server

* linksys x6200 as router connected with my belongs technicolor TG797n v3 as NBN modem.

* installed Tunnelblick on my MacPro with osx v 10.11.6 as VPN client

----------

More background info :

* Both Ubuntu and MacPro connect via wireless to access internet

* Ubuntu server ip : 192.168.1.102

* MacPro ip : 192.168.1.101

* tun0 on Ubuntu ip : 10.8.0.1

----------

Things I've done :

* Set portfoward on x6200 router : external port : 1194, internal port : 1194, Protocol : UDP, To IP Address : 192.168.1.102

* I added "redirect-gateway def1" on server.conf and client1.ovpn

* I follow the doco produced by DigitalOcean (https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-16-04)

* Both MacPro and Ubuntu enable "ipv4/ip_forward"

* The server.conf on Ubuntu openvpn I uncommented the 2 lines and updated the ip address to match my local address :

push "route 192.168.0.0 255.255.255.0"

push "route 192.168.1.0 255.255.255.0"

* On the Ubuntu firewall > rules.before file, I've put down:

NAT section

-A POSTROUTING -s 10.8.0.0/24 -o <mywireless name> -j MASQUERADE

* additional rule

-A ufw-before-forward -i tun0 -o <mywireless name> -s 10.8.0.0/24 -m conntrack --ctstate NEW -j ACCEPT

the rest un-touch.

-----------

Things I can see :

* On my MacPro after connected to Ubuntu openvpn. (I believe this indicated I am routing the traffic via the VPN tunnel)

192.168.0 10.8.0.5 UGSc 0 0 utun0

192.168.1 10.8.0.5 UGSc 0 0 utun0

* I've done a traceroute once it connected to VPN and shows it is through the vpn tunnel.

$traceroute www.google.com

traceroute to www.google.com (216.58.196.132), 64 hops max, 52 byte packets

1 10.8.0.1 (10.8.0.1) 21.141 ms 5.053 ms 3.980 ms

2 192.168.1.1 (192.168.1.1) 4.263 ms 5.615 ms 5.275 ms

and so on...

-----------

On my Tunnelblick log file, I can see the route has been redirected. The only thing I can see it show error is ("2017-04-10 13:12:17 us=731021 /sbin/ifconfig utun0 delete

ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address")

2017-04-10 13:12:17 us=726751 PUSH: Received control message: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,route 192.168.1.0 255.255.255.0,redirect-gateway def1,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'

2017-04-10 13:12:17 us=727076 OPTIONS IMPORT: timers and/or timeouts modified

2017-04-10 13:12:17 us=727268 OPTIONS IMPORT: --ifconfig/up options modified

2017-04-10 13:12:17 us=727450 OPTIONS IMPORT: route options modified

2017-04-10 13:12:17 us=727629 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

2017-04-10 13:12:17 us=730355 Opened utun device utun0

2017-04-10 13:12:17 us=730620 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0

2017-04-10 13:12:17 us=730817 MANAGEMENT: >STATE:1491793937,ASSIGN_IP,,10.8.0.6,

2017-04-10 13:12:17 us=731021 /sbin/ifconfig utun0 delete

ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address

2017-04-10 13:12:17 us=768034 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure

2017-04-10 13:12:17 us=768362 /sbin/ifconfig utun0 10.8.0.6 10.8.0.5 mtu 1500 netmask 255.255.255.255 up

2017-04-10 13:12:17 us=778143 ARGV[0] = '/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.14-openssl-1.0.2k/openvpn-down-root.so'

2017-04-10 13:12:17 us=778505 ARGV[1] = 'utun0'

2017-04-10 13:12:17 us=778667 ARGV[2] = '1500'

2017-04-10 13:12:17 us=779913 ARGV[3] = '1570'

2017-04-10 13:12:17 us=780069 ARGV[4] = '10.8.0.6'

2017-04-10 13:12:17 us=780212 ARGV[5] = '10.8.0.5'

2017-04-10 13:12:17 us=780372 ARGV[6] = 'init'

2017-04-10 13:12:17 us=780515 ENVP[0] = 'dev_type=tun'

2017-04-10 13:12:17 us=780656 ENVP[1] = 'dev=utun0'

2017-04-10 13:12:17 us=780797 ENVP[2] = 'link_mtu=1570'

2017-04-10 13:12:17 us=781100 ENVP[3] = 'tun_mtu=1500'

2017-04-10 13:12:17 us=781247 ENVP[4] = 'script_context=init'

2017-04-10 13:12:17 us=781389 ENVP[5] = 'route_gateway_3=10.8.0.5'

2017-04-10 13:12:17 us=781518 ENVP[6] = 'route_netmask_3=255.255.255.255'

2017-04-10 13:12:17 us=781624 ENVP[7] = 'route_network_3=10.8.0.1'

2017-04-10 13:12:17 us=781728 ENVP[8] = 'route_gateway_2=10.8.0.5'

2017-04-10 13:12:17 us=781839 ENVP[9] = 'route_netmask_2=255.255.255.0'

2017-04-10 13:12:17 us=781945 ENVP[10] = 'route_network_2=192.168.1.0'

2017-04-10 13:12:17 us=782049 ENVP[11] = 'route_gateway_1=10.8.0.5'

2017-04-10 13:12:17 us=782153 ENVP[12] = 'route_netmask_1=255.255.255.0'

2017-04-10 13:12:17 us=782260 ENVP[13] = 'route_network_1=192.168.0.0'

2017-04-10 13:12:17 us=782365 ENVP[14] = 'route_vpn_gateway=10.8.0.5'

2017-04-10 13:12:17 us=782472 ENVP[15] = 'route_net_gateway=192.168.1.1'

2017-04-10 13:12:17 us=782576 ENVP[16] = 'ifconfig_remote=10.8.0.5'

2017-04-10 13:12:17 us=782681 ENVP[17] = 'ifconfig_local=10.8.0.6'

2017-04-10 13:12:17 us=782787 ENVP[18] = 'foreign_option_2=dhcp-option DNS 208.67.220.220'

2017-04-10 13:12:17 us=782892 ENVP[19] = 'foreign_option_1=dhcp-option DNS 208.67.222.222'

2017-04-10 13:12:17 us=782996 ENVP[20] = 'common_name=VPN-Server'

2017-04-10 13:12:17 us=783100 ENVP[21] = 'trusted_port=1194'

2017-04-10 13:12:17 us=783205 ENVP[22] = 'trusted_ip=192.168.1.102'

2017-04-10 13:12:17 us=783310 ENVP[23] = 'untrusted_port=1194'

2017-04-10 13:12:17 us=783414 ENVP[24] = 'untrusted_ip=192.168.1.102'

2017-04-10 13:12:17 us=783516 ENVP[25] = 'tls_serial_hex_0=01'

2017-04-10 13:12:17 us=783619 ENVP[26] = 'tls_serial_0=1'

Tunnelblick developer

unread,

Apr 10, 2017, 3:03:20 AM4/10/17

to tunnelblick-discuss

You provided a lot of information, but please follow the instructions at Read Before You Post to get the info needed to diagnose problems and then post that info.

Rocket

unread,

Apr 10, 2017, 5:41:05 AM4/10/17

to tunnelblick-discuss

Thank you for your response. I've followed the "Read Before You Post" page and review all my setting. The only thing I cannot make the change is the first one :

Make sure you do not have manually set DNS server addresses in OS X System Preferences : Network (select the primary interface, click the "Advanced..." button, then the DNS tab; there should be no addresses on the left that are not dimmed).

I am using wireless connection with Belong as the NBN provider, the DNS server address is automatic populate on my MacPro which is 10.0.0.138, domain: Ian and cannot be delete.

But I do notice as soon as I connect the VPN using Tunnelblick, the DNS server address changed to 208.67.222.222 and 208.67.220.220 and domain openvpn.

------

Here's the log I've adjusted the verbose level from 6 to 3 from the Tunnelblick. I really hope someone can shed some light on this topic, it's dark and cold here =( thank you.

------

Tunnelblick Log:

*Tunnelblick: OS X 10.11.6; Tunnelblick 3.7.0 (build 4790)

2017-04-10 19:17:52 *Tunnelblick: Attempting connection with client1 using shadow copy; Set nameserver = 771; monitoring connection

2017-04-10 19:17:52 *Tunnelblick: openvpnstart start client1.tblk 1337 771 0 1 0 1065264 -ptADGNWradsgnw 2.3.14-openssl-1.0.2k

2017-04-10 19:17:53 *Tunnelblick: openvpnstart log:

Warning: Tunnelblick is using 'openvpn-down-root.so', so the route-pre-down script will not be used. You can override this by providing a custom route-pre-down script (which may be a copy of Tunnelblick's standard route-pre-down script) in a Tunnelblick VPN Configuration. However, that script will not be executed as root unless the 'user' and 'group' options are removed from the OpenVPN configuration file. If the 'user' and 'group' options are removed, then you don't need to use a custom route-pre-down script.OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):

/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.14-openssl-1.0.2k/openvpn

--daemon

--log

/Library/Application Support/Tunnelblick/Logs/-SUsers-SMe-SLibrary-SApplication Support-STunnelblick-SConfigurations-Sclient1.tblk-SContents-SResources-Sconfig.ovpn.771_0_1_0_1065264.1337.openvpn.log

--cd

/Library/Application Support/Tunnelblick/Users/Me/client1.tblk/Contents/Resources

--verb

3

--config

/Library/Application Support/Tunnelblick/Users/Me/client1.tblk/Contents/Resources/config.ovpn

--verb

3

--cd

/Library/Application Support/Tunnelblick/Users/Me/client1.tblk/Contents/Resources

--management

127.0.0.1

1337

--management-query-passwords

--management-hold

--script-security

2

--up

/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw

--plugin

/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.14-openssl-1.0.2k/openvpn-down-root.so

/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw

2017-04-10 19:17:52 *Tunnelblick: openvpnstart starting OpenVPN

2017-04-10 19:17:53 *Tunnelblick: Established communication with OpenVPN

2017-04-10 19:17:53 OpenVPN 2.3.14 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Jan 28 2017

2017-04-10 19:17:53 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09

2017-04-10 19:17:53 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337

2017-04-10 19:17:53 Need hold release from management interface, waiting...

2017-04-10 19:17:53 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337

2017-04-10 19:17:53 MANAGEMENT: CMD 'pid'

2017-04-10 19:17:53 MANAGEMENT: CMD 'state on'

2017-04-10 19:17:53 MANAGEMENT: CMD 'state'

2017-04-10 19:17:53 MANAGEMENT: CMD 'bytecount 1'

2017-04-10 19:17:53 MANAGEMENT: CMD 'hold release'

2017-04-10 19:17:53 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2017-04-10 19:17:53 PLUGIN_INIT: POST /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.14-openssl-1.0.2k/openvpn-down-root.so '[/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.14-openssl-1.0.2k/openvpn-down-root.so] [/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh] [-9] [-d] [-f] [-m] [-w] [-ptADGNWradsgnw]' intercepted=PLUGIN_UP|PLUGIN_DOWN

2017-04-10 19:17:53 Control Channel Authentication: tls-auth using INLINE static key file

2017-04-10 19:17:53 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication

2017-04-10 19:17:53 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication

2017-04-10 19:17:53 Socket Buffers: R=[196724->196724] S=[9216->9216]

2017-04-10 19:17:53 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay

2017-04-10 19:17:53 UDPv4 link local: [undef]

2017-04-10 19:17:53 UDPv4 link remote: [AF_INET]192.168.1.102:1194

2017-04-10 19:17:53 MANAGEMENT: >STATE:1491815873,WAIT,,,

2017-04-10 19:17:53 MANAGEMENT: >STATE:1491815873,AUTH,,,

2017-04-10 19:17:53 TLS: Initial packet from [AF_INET]192.168.1.102:1194, sid=2b2088fa e18ff565

2017-04-10 19:17:53 VERIFY OK: < I removed that>

2017-04-10 19:17:53 Validating certificate key usage

2017-04-10 19:17:53 ++ Certificate has key usage 00a0, expects 00a0

2017-04-10 19:17:53 VERIFY KU OK

2017-04-10 19:17:53 Validating certificate extended key usage

2017-04-10 19:17:53 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication

2017-04-10 19:17:53 VERIFY EKU OK

2017-04-10 19:17:53 VERIFY OK: < I removed that>

2017-04-10 19:17:53 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key

2017-04-10 19:17:53 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication

2017-04-10 19:17:53 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key

2017-04-10 19:17:53 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication

2017-04-10 19:17:53 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA

2017-04-10 19:17:53 [VPN-Server] Peer Connection Initiated with [AF_INET]192.168.1.102:1194

2017-04-10 19:17:54 MANAGEMENT: >STATE:1491815874,GET_CONFIG,,,

2017-04-10 19:17:56 SENT CONTROL [VPN-Server]: 'PUSH_REQUEST' (status=1)

2017-04-10 19:17:56 PUSH: Received control message: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,route 192.168.1.0 255.255.255.0,redirect-gateway def1,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'

2017-04-10 19:17:56 OPTIONS IMPORT: timers and/or timeouts modified

2017-04-10 19:17:56 OPTIONS IMPORT: --ifconfig/up options modified

2017-04-10 19:17:56 OPTIONS IMPORT: route options modified

2017-04-10 19:17:56 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

2017-04-10 19:17:56 Opened utun device utun0

2017-04-10 19:17:56 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0

2017-04-10 19:17:56 MANAGEMENT: >STATE:1491815876,ASSIGN_IP,,10.8.0.6,

2017-04-10 19:17:56 /sbin/ifconfig utun0 delete

ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address

2017-04-10 19:17:56 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure

2017-04-10 19:17:56 /sbin/ifconfig utun0 10.8.0.6 10.8.0.5 mtu 1500 netmask 255.255.255.255 up

2017-04-10 19:17:56 PLUGIN_CALL: POST /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.14-openssl-1.0.2k/openvpn-down-root.so/PLUGIN_UP status=0

2017-04-10 19:17:56 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw utun0 1500 1570 10.8.0.6 10.8.0.5 init

**********************************************

Start of output from client.up.tunnelblick.sh

Retrieved from OpenVPN: name server(s) [ 208.67.222.222 208.67.220.220 ], search domain(s) [ ] and SMB server(s) [ ] and using default domain name [ openvpn ]

Not aggregating ServerAddresses because running on OS X 10.6 or higher

Setting search domains to 'openvpn' because running under OS X 10.6 or higher and the search domains were not set manually and 'Prepend domain name to search domains' was not selected

Saved the DNS and SMB configurations so they can be restored

Changed DNS ServerAddresses setting from '10.0.0.138' to '208.67.222.222 208.67.220.220'

Changed DNS SearchDomains setting from '' to 'openvpn'

Changed DNS DomainName setting from 'lan' to 'openvpn'

Did not change SMB NetBIOSName setting of ''

Did not change SMB Workgroup setting of 'WORKGROUP'

Did not change SMB WINSAddresses setting of ''

DNS servers '208.67.222.222 208.67.220.220' will be used for DNS queries when the VPN is active

The DNS servers include only free public DNS servers known to Tunnelblick.

Flushed the DNS cache via dscacheutil

/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil

Notified mDNSResponder that the DNS cache was flushed

Setting up to monitor system configuration with process-network-changes

End of output from client.up.tunnelblick.sh

**********************************************

2017-04-10 19:17:59 /sbin/route add -cloning -net 192.168.1.102 -netmask 255.255.255.255 -interface en1

route: writing to routing socket: File exists

add net 192.168.1.102: gateway en1: File exists

2017-04-10 19:17:59 /sbin/route add -net 0.0.0.0 10.8.0.5 128.0.0.0

add net 0.0.0.0: gateway 10.8.0.5

2017-04-10 19:17:59 /sbin/route add -net 128.0.0.0 10.8.0.5 128.0.0.0

add net 128.0.0.0: gateway 10.8.0.5

2017-04-10 19:17:59 MANAGEMENT: >STATE:1491815879,ADD_ROUTES,,,

2017-04-10 19:17:59 /sbin/route add -net 192.168.0.0 10.8.0.5 255.255.255.0

add net 192.168.0.0: gateway 10.8.0.5

2017-04-10 19:17:59 /sbin/route add -net 192.168.1.0 10.8.0.5 255.255.255.0

route: writing to routing socket: File exists

add net 192.168.1.0: gateway 10.8.0.5: File exists

2017-04-10 19:17:59 /sbin/route add -net 10.8.0.1 10.8.0.5 255.255.255.255

add net 10.8.0.1: gateway 10.8.0.5

2017-04-10 19:17:59 GID set to nogroup

2017-04-10 19:17:59 UID set to nobody

2017-04-10 19:17:59 Initialization Sequence Completed

2017-04-10 19:17:59 MANAGEMENT: >STATE:1491815879,CONNECTED,SUCCESS,10.8.0.6,192.168.1.102

2017-04-10 19:18:00 *Tunnelblick: No 'connected.sh' script to execute

2017-04-10 19:18:04 *Tunnelblick process-network-changes: A system configuration change was ignored

2017-04-10 19:18:08 *Tunnelblick: This computer's apparent public IP address (my public ip address shows here) was unchanged after the connection was made

================================================================================

Tunnelblick developer

unread,

Apr 11, 2017, 6:40:15 AM4/11/17

to tunnelblick-discuss

Please post all of the diagnostic info, not just the log.

Rocket

unread,

Apr 12, 2017, 10:30:31 AM4/12/17

to tunnelblick-discuss

Thank you for your response. Can you tell me how I can get all the diagnostic info ?

Tunnelblick developer

unread,

Apr 12, 2017, 10:42:59 AM4/12/17

to tunnelblick-discuss

As it says on Read Before You Post:

14. Click on the "Copy Diagnostic Info to the Clipboard" button.
15. Close Tunnelblick.
16. Paste into an email or web form.
17. Remove any sensitive information before sending the email or the form.

(But of course you also need to follow the first 13 instructions.)

Reply all

Reply to author

Forward