Mac OS 11.5.2 - No Internet after connection
Madhukar Kopalle
2021-09-09 18:20:59.775093 *Tunnelblick: macOS 11.5.2 (20G95); Tunnelblick 3.8.7beta02 (build 5730); prior version 3.8.6a (build 5711)
2021-09-09 18:20:59.931504 *Tunnelblick: Attempting connection with PNS; Set nameserver = 769; monitoring connection
2021-09-09 18:20:59.931674 *Tunnelblick: openvpnstart start PNS.tblk 57222 769 0 3 0 44089648 -ptDGNWrdsgnw 2.5.3-openssl-1.1.1l
2021-09-09 18:20:59.951980 *Tunnelblick: openvpnstart starting OpenVPN
2021-09-09 18:21:00.485359 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2021-09-09 18:21:00.485629 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2021-09-09 18:21:00.485892 OpenVPN 2.5.3 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Sep 1 2021
2021-09-09 18:21:00.485913 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
2021-09-09 18:21:00.487673 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:57222
2021-09-09 18:21:00.487700 Need hold release from management interface, waiting...
2021-09-09 18:21:01.193010 *Tunnelblick: openvpnstart log:
OpenVPN started successfully.
Command used to start OpenVPN (one argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.5.3-openssl-1.1.1l/openvpn
--daemon
--log /Library/Application Support/Tunnelblick/Logs/-SLibrary-SApplication Support-STunnelblick-SShared-SPNS.tblk-SContents-SResources-Sconfig.ovpn.769_0_3_0_44089648.57222.openvpn.log
--cd /Library/Application Support/Tunnelblick/Shared/PNS.tblk/Contents/Resources
--machine-readable-output
--setenv IV_GUI_VER "net.tunnelblick.tunnelblick 5730 3.8.7beta02 (build 5730)"
--verb 3
--config /Library/Application Support/Tunnelblick/Shared/PNS.tblk/Contents/Resources/config.ovpn
--setenv TUNNELBLICK_CONFIG_FOLDER /Library/Application Support/Tunnelblick/Shared/PNS.tblk/Contents/Resources
--verb 3
--cd /Library/Application Support/Tunnelblick/Shared/PNS.tblk/Contents/Resources
--management 127.0.0.1 57222 /Library/Application Support/Tunnelblick/cdeapdedgkegbiecinhpopciglanglfffilgecdo.mip
--management-query-passwords
--management-hold
--script-security 2
--route-up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -d -f -m -r -ru -w -ptDGNWrdsgnw
--down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -d -f -m -r -ru -w -ptDGNWrdsgnw
2021-09-09 18:21:01.194741 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:57222
2021-09-09 18:21:01.323057 MANAGEMENT: CMD 'pid'
2021-09-09 18:21:01.323107 MANAGEMENT: CMD 'auth-retry interact'
2021-09-09 18:21:01.323133 MANAGEMENT: CMD 'state on'
2021-09-09 18:21:01.323154 MANAGEMENT: CMD 'state'
2021-09-09 18:21:01.323187 MANAGEMENT: CMD 'bytecount 1'
2021-09-09 18:21:01.323562 *Tunnelblick: Established communication with OpenVPN
2021-09-09 18:21:01.324506 *Tunnelblick: >INFO:OpenVPN Management Interface Version 3 -- type 'help' for more info
2021-09-09 18:21:01.325102 MANAGEMENT: CMD 'hold release'
2021-09-09 18:21:01.361679 *Tunnelblick: Obtained VPN username and password from the Keychain
2021-09-09 18:21:01.362725 MANAGEMENT: CMD 'username "Auth" "I077186"'
2021-09-09 18:21:01.362808 MANAGEMENT: CMD 'password [...]'
2021-09-09 18:21:01.362950 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2021-09-09 18:21:01.364950 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2021-09-09 18:21:01.364978 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2021-09-09 18:21:01.365135 TCP/UDP: Preserving recently used remote address: [AF_INET]20.151.31.250:1194
2021-09-09 18:21:01.365228 Socket Buffers: R=[786896->786896] S=[9216->9216]
2021-09-09 18:21:01.365242 UDP link local: (not bound)
2021-09-09 18:21:01.365251 UDP link remote: [AF_INET]20.151.31.250:1194
2021-09-09 18:21:01.365277 MANAGEMENT: >STATE:1631226061,WAIT,,,,,,
2021-09-09 18:21:01.389213 MANAGEMENT: >STATE:1631226061,AUTH,,,,,,
2021-09-09 18:21:01.389253 TLS: Initial packet from [AF_INET]20.151.31.250:1194, sid=af27ab65 4c07da93
2021-09-09 18:21:01.422663 VERIFY OK: depth=1, CN=OpenVPN-CA-127.0.0.1
2021-09-09 18:21:01.422857 VERIFY KU OK
2021-09-09 18:21:01.422871 Validating certificate extended key usage
2021-09-09 18:21:01.422880 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-09-09 18:21:01.422887 VERIFY EKU OK
2021-09-09 18:21:01.422894 VERIFY OK: depth=0, CN=OpenVPN-Server-127.0.0.1
2021-09-09 18:21:01.525369 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2021-09-09 18:21:01.525434 [OpenVPN-Server-127.0.0.1] Peer Connection Initiated with [AF_INET]20.151.31.250:1194
2021-09-09 18:21:02.610455 MANAGEMENT: >STATE:1631226062,GET_CONFIG,,,,,,
2021-09-09 18:21:02.610595 SENT CONTROL [OpenVPN-Server-127.0.0.1]: 'PUSH_REQUEST' (status=1)
2021-09-09 18:21:02.633376 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,route 10.232.64.64 255.255.255.192,route 10.232.66.0 255.255.255.0,route 10.232.65.0 255.255.255.128,dhcp-option DNS 1.0.0.1,dhcp-option DNS 1.1.1.1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.9.0.1,topology net30,ping 5,ping-restart 30,ifconfig 10.9.0.22 10.9.0.21,peer-id 4,cipher AES-256-GCM'
2021-09-09 18:21:02.633479 OPTIONS IMPORT: timers and/or timeouts modified
2021-09-09 18:21:02.633492 OPTIONS IMPORT: --ifconfig/up options modified
2021-09-09 18:21:02.633500 OPTIONS IMPORT: route options modified
2021-09-09 18:21:02.633508 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2021-09-09 18:21:02.633515 OPTIONS IMPORT: peer-id set
2021-09-09 18:21:02.633523 OPTIONS IMPORT: adjusting link_mtu to 1625
2021-09-09 18:21:02.633530 OPTIONS IMPORT: data channel crypto options modified
2021-09-09 18:21:02.633560 Data Channel: using negotiated cipher 'AES-256-GCM'
2021-09-09 18:21:02.633651 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-09-09 18:21:02.633662 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-09-09 18:21:02.634166 Opened utun device utun2
2021-09-09 18:21:02.634188 MANAGEMENT: >STATE:1631226062,ASSIGN_IP,,10.9.0.22,,,,
2021-09-09 18:21:02.634244 /sbin/ifconfig utun2 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2021-09-09 18:21:02.639129 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2021-09-09 18:21:02.639250 /sbin/ifconfig utun2 10.9.0.22 10.9.0.21 mtu 1500 netmask 255.255.255.255 up
2021-09-09 18:21:04.739682 /sbin/route add -net 20.151.31.250 192.168.1.1 255.255.255.255
add net 20.151.31.250: gateway 192.168.1.1
2021-09-09 18:21:04.746659 /sbin/route add -net 0.0.0.0 10.9.0.21 128.0.0.0
add net 0.0.0.0: gateway 10.9.0.21
2021-09-09 18:21:04.749648 /sbin/route add -net 128.0.0.0 10.9.0.21 128.0.0.0
add net 128.0.0.0: gateway 10.9.0.21
2021-09-09 18:21:04.752067 MANAGEMENT: >STATE:1631226064,ADD_ROUTES,,,,,,
2021-09-09 18:21:04.752116 /sbin/route add -net 10.232.64.64 10.9.0.21 255.255.255.192
add net 10.232.64.64: gateway 10.9.0.21
2021-09-09 18:21:04.754810 /sbin/route add -net 10.232.66.0 10.9.0.21 255.255.255.0
add net 10.232.66.0: gateway 10.9.0.21
2021-09-09 18:21:04.757644 /sbin/route add -net 10.232.65.0 10.9.0.21 255.255.255.128
add net 10.232.65.0: gateway 10.9.0.21
2021-09-09 18:21:04.759958 /sbin/route add -net 10.9.0.1 10.9.0.21 255.255.255.255
add net 10.9.0.1: gateway 10.9.0.21
18:21:04 *Tunnelblick: **********************************************
18:21:04 *Tunnelblick: Start of output from client.up.tunnelblick.sh
18:21:06 *Tunnelblick: Retrieved from OpenVPN: name server(s) [ 1.0.0.1 1.1.1.1 8.8.8.8 8.8.4.4 ], search domain(s) [ ] and SMB server(s) [ ] and using default domain name [ openvpn ]
18:21:07 *Tunnelblick: WARNING: Ignoring ServerAddresses '1.0.0.1 1.1.1.1 8.8.8.8 8.8.4.4' because ServerAddresses was set manually and '-allowChangesToManuallySetNetworkSettings' was not specified
18:21:07 *Tunnelblick: Setting search domains to 'openvpn' because the search domains were not set manually (or are allowed to be changed) and 'Prepend domain name to search domains' was not selected
18:21:09 *Tunnelblick: Saved the DNS and SMB configurations so they can be restored
18:21:09 *Tunnelblick: Did not change DNS ServerAddresses setting of '127.0.0.1' (but re-set it)
18:21:09 *Tunnelblick: Changed DNS SearchDomains setting from '' to 'openvpn'
18:21:09 *Tunnelblick: Changed DNS DomainName setting from '' to 'openvpn'
18:21:09 *Tunnelblick: Did not change SMB NetBIOSName setting of ''
18:21:09 *Tunnelblick: Did not change SMB Workgroup setting of ''
18:21:09 *Tunnelblick: Did not change SMB WINSAddresses setting of ''
18:21:09 *Tunnelblick: DNS servers '127.0.0.1' were set manually
18:21:09 *Tunnelblick: DNS servers '127.0.0.1' will be used for DNS queries when the VPN is active
18:21:09 *Tunnelblick: NOTE: DNS server 127.0.0.1 often is used inside virtual machines (e.g., 'VirtualBox', 'Parallels', or 'VMWare'). The actual VPN server may be specified by the host machine. This DNS server setting may cause DNS queries to fail or be intercepted or falsified. Specify only known public DNS servers or DNS servers located on the VPN network to avoid such problems.
18:21:09 *Tunnelblick: Flushed the DNS cache via dscacheutil
18:21:09 *Tunnelblick: /usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
18:21:09 *Tunnelblick: Notified mDNSResponder that the DNS cache was flushed
18:21:09 *Tunnelblick: Not notifying mDNSResponderHelper that the DNS cache was flushed because it is not running
18:21:09 *Tunnelblick: Setting up to monitor system configuration with process-network-changes
18:21:09 *Tunnelblick: End of output from client.up.tunnelblick.sh
18:21:09 *Tunnelblick: **********************************************
2021-09-09 18:21:09.353531 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2021-09-09 18:21:09.353608 Initialization Sequence Completed
2021-09-09 18:21:09.353671 MANAGEMENT: >STATE:1631226069,CONNECTED,SUCCESS,10.9.0.22,20.151.31.250,1194,,
2021-09-09 18:21:09.499226 *Tunnelblick: Could not determine this computer's apparent public IP address before the connection was completed
2021-09-09 18:21:20.809007 *Tunnelblick: Routing info stdout:
route to: 127.0.0.1
destination: 127.0.0.1
interface: lo0
flags: <UP,HOST,DONE,LOCAL>
recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire
49152 49152 0 9 18 0 16384 0
stderr:
2021-09-09 18:21:20.812230 *Tunnelblick: Warning: DNS server address 127.0.0.1 is not a public IP address and is not being routed through the VPN.
