DNS Problem in El Capitan
1,396 views
Skip to first unread message
saarfuc...@googlemail.com
Feb 13, 2016, 7:35:41 AM2/13/16
to tunnelblick-discuss
Hi folks,
I'm new to Mac OS... I came from Windows und Ubuntu and I try to connect my MacBook Air (2015) with El Capitan (10.11.3) to my OpenVPN-Server with tunnelblick 3.6beta20 build 4505.
For the nameserver setting, I have to use alternative 1 to get nslookup working in the right way.
Here is the last part of the the log:
2016-02-13 09:22:15 PUSH: Received control message: 'PUSH_REPLY,route 192.168.192.0 255.255.255.0 192.168.193.1,dhcp-option DNS 192.168.192.240,dhcp-option DOMAIN homenet.local,ping 10,ping-restart 120,ifconfig 192.168.193.5 255.255.255.0'
2016-02-13 09:22:15 OPTIONS IMPORT: timers and/or timeouts modified
2016-02-13 09:22:15 OPTIONS IMPORT: --ifconfig/up options modified
2016-02-13 09:22:15 OPTIONS IMPORT: route options modified
2016-02-13 09:22:15 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2016-02-13 09:22:15 TUN/TAP device /dev/tap0 opened
2016-02-13 09:22:15 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
2016-02-13 09:22:15 MANAGEMENT: >STATE:1455351735,ASSIGN_IP,,192.168.193.5,
2016-02-13 09:22:15 /sbin/ifconfig tap0 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2016-02-13 09:22:15 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2016-02-13 09:22:15 /sbin/ifconfig tap0 192.168.193.5 netmask 255.255.255.0 mtu 1492 up
2016-02-13 09:22:15 MANAGEMENT: >STATE:1455351735,ADD_ROUTES,,,
2016-02-13 09:22:15 /sbin/route add -net 192.168.192.0 192.168.193.1 255.255.255.0
add net 192.168.192.0: gateway 192.168.193.1
No such key
2016-02-13 09:22:17 *Tunnelblick client.3.up.tunnelblick.sh: Up to two 'No such key' warnings are normal and may be ignored
2016-02-13 09:22:17 *Tunnelblick client.3.up.tunnelblick.sh: Saved the DNS and WINS configurations for later use
2016-02-13 09:22:18 *Tunnelblick: No 'connected.sh' script to execute
2016-02-13 09:22:18 Initialization Sequence Completed
2016-02-13 09:22:18 MANAGEMENT: >STATE:1455351738,CONNECTED,SUCCESS,192.168.193.5,87.xxx.xxx.xxx
Now comes my problem:
1) accessing theservers behind the vpn network with ip adresses work
2) querying merlin (internal vpn server name) with nslookup works - shows right ip and internal dns server
3) ping merlin results in error: ping: cannot resolve merlin: Unknown host
DNS resolution to internal names behind vpn does not work in firefox also...
Any idea what I should do or how to analyse further?
Thanks in advance,
Joerg
I'm new to Mac OS... I came from Windows und Ubuntu and I try to connect my MacBook Air (2015) with El Capitan (10.11.3) to my OpenVPN-Server with tunnelblick 3.6beta20 build 4505.
For the nameserver setting, I have to use alternative 1 to get nslookup working in the right way.
Here is the last part of the the log:
2016-02-13 09:22:15 PUSH: Received control message: 'PUSH_REPLY,route 192.168.192.0 255.255.255.0 192.168.193.1,dhcp-option DNS 192.168.192.240,dhcp-option DOMAIN homenet.local,ping 10,ping-restart 120,ifconfig 192.168.193.5 255.255.255.0'
2016-02-13 09:22:15 OPTIONS IMPORT: timers and/or timeouts modified
2016-02-13 09:22:15 OPTIONS IMPORT: --ifconfig/up options modified
2016-02-13 09:22:15 OPTIONS IMPORT: route options modified
2016-02-13 09:22:15 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2016-02-13 09:22:15 TUN/TAP device /dev/tap0 opened
2016-02-13 09:22:15 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
2016-02-13 09:22:15 MANAGEMENT: >STATE:1455351735,ASSIGN_IP,,192.168.193.5,
2016-02-13 09:22:15 /sbin/ifconfig tap0 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2016-02-13 09:22:15 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2016-02-13 09:22:15 /sbin/ifconfig tap0 192.168.193.5 netmask 255.255.255.0 mtu 1492 up
2016-02-13 09:22:15 MANAGEMENT: >STATE:1455351735,ADD_ROUTES,,,
2016-02-13 09:22:15 /sbin/route add -net 192.168.192.0 192.168.193.1 255.255.255.0
add net 192.168.192.0: gateway 192.168.193.1
No such key
2016-02-13 09:22:17 *Tunnelblick client.3.up.tunnelblick.sh: Up to two 'No such key' warnings are normal and may be ignored
2016-02-13 09:22:17 *Tunnelblick client.3.up.tunnelblick.sh: Saved the DNS and WINS configurations for later use
2016-02-13 09:22:18 *Tunnelblick: No 'connected.sh' script to execute
2016-02-13 09:22:18 Initialization Sequence Completed
2016-02-13 09:22:18 MANAGEMENT: >STATE:1455351738,CONNECTED,SUCCESS,192.168.193.5,87.xxx.xxx.xxx
Now comes my problem:
1) accessing theservers behind the vpn network with ip adresses work
2) querying merlin (internal vpn server name) with nslookup works - shows right ip and internal dns server
3) ping merlin results in error: ping: cannot resolve merlin: Unknown host
DNS resolution to internal names behind vpn does not work in firefox also...
Any idea what I should do or how to analyse further?
Thanks in advance,
Joerg
jkbull...gmail.com
Feb 13, 2016, 7:59:37 AM2/13/16
to tunnelblick-discuss, saarfuc...@googlemail.com
DNS on OS X is "different":
- Unlike Windows, specifying two DNS servers results in the first one being used exclusively until it fails to respond (within something like 30 seconds), at which point OS X starts using the second server until and unless it fails, whereupon the first server is used again until it times out. (On Windows, DNS queries will be sent to both servers and the results from the first response will be used.
- Unlike Linux/Unix, some command-line tools, including ping, do not use the DNS resolution that all apps (including browsers) and some other command-line programs use. OS X does not use /etc/resolv.conf, and that trips up many Linux/Unix to Mac transferees.
So I think your goal should probably not be to get nslookup and ping working properly with names instead of IP address.
The default "Set Nameserver" setting works for 95% of situations, and has logging about what is going on with DNS, so it is highly recommended, especially when debugging DNS problems. Using "Check if the apparent public IP address changes" and "Route all traffic through the VPN" also help because together they can do some simple DNS and routing testing. Again, try them for diagnostic purposes even if you don't want them in your final setup.
If you want more help, please follow the instructions at Read Before You Post to get the info needed for diagnosing your problem.
Joerg Janes
Feb 13, 2016, 10:07:24 AM2/13/16
to tunnelblick-discuss, saarfuc...@googlemail.com
Thanks for you help so far!
Before starting the VPN - there ist the ip adress of the DNS of the WLAN in the left box.
After starting the VPN - there is the ip adress of my internal DNS Server (VPN Server) in the left box. On the right box, the right domain is displayed.
After stopping the VPN, there is again the ip adress of the WLAN in the left box.
BUT during VPN - there is no name resolution working???
Here is my log:
*Tunnelblick: OS X 10.11.3; Tunnelblick 3.6beta20 (build 4505); Admin user
Configuration macbook-air
"Sanitized" condensed configuration file for /Library/Application Support/Tunnelblick/Shared/macbook-air.tblk:
client
dev tap
proto tcp-client
float
nobind
resolv-retry infinite
connect-retry 10
connect-retry-max 10
keepalive 10 60
remote xxxxxxx 1194
tls-client
ca ca.crt
cert macbook-air.crt
key macbook-air.key
pull
tun-mtu 1492
cipher AES-256-CBC
comp-lzo
persist-key
persist-tun
verb 3
================================================================================
Non-Apple kexts that are loaded:
Index Refs Address Size Wired Name (Version) UUID <Linked Against>
136 3 0xffffff7f82d2d000 0x60000 0x60000 org.virtualbox.kext.VBoxDrv (5.0.14) A272EAA2-9920-3F34-A32A-F2FD5C05D271 <7 5 4 3 1>
142 0 0xffffff7f82d8d000 0x8000 0x8000 org.virtualbox.kext.VBoxUSB (5.0.14) 8EF141D6-6B87-39BA-9D4F-6EDDF6C68B5F <141 136 39 7 5 4 3 1>
145 0 0xffffff7f82d95000 0x5000 0x5000 org.virtualbox.kext.VBoxNetFlt (5.0.14) 8F0FC629-CCC2-371E-A682-09040D9B8AB5 <136 7 5 4 3 1>
146 0 0xffffff7f82d9a000 0x6000 0x6000 org.virtualbox.kext.VBoxNetAdp (5.0.14) A92ACCED-E21F-36CF-A7F7-921F3B76B080 <136 5 4 1>
150 0 0xffffff7f82da7000 0x6000 0x6000 net.tunnelblick.tap (4505.3) 0C467657-D2BF-C083-A710-349CF5B5BDE5 <7 5 4 1>
================================================================================
There are no unusual files in macbook-air.tblk
================================================================================
Configuration preferences:
useDNS = 1
-resetPrimaryInterfaceAfterDisconnect = 1
-useRouteUpInsteadOfUp = 0
-openvpnVersion =
-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
-keepConnected = 0
-lastConnectionSucceeded = 1
-prependDomainNameToSearchDomains = 1
================================================================================
Wildcard preferences:
-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
================================================================================
Program preferences:
launchAtNextLogin = 1
notOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
askedUserIfOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
tunnelblickVersionHistory = (
"3.6beta20 (build 4505)"
)
lastLaunchTime = 477067872.745434
connectionWindowDisplayCriteria = showWhenConnecting
maxLogDisplaySize = 102400
lastConnectedDisplayName = macbook-air
keyboardShortcutIndex = 1
updateCheckAutomatically = 1
updateSendProfileInfo = 0
NSWindow Frame SettingsSheetWindow = 90 142 829 524 0 0 1440 877
NSWindow Frame ConnectingWindow = 551 517 389 187 0 0 1440 877
detailsWindowFrameVersion = 4505
detailsWindowFrame = {{65, 34}, {920, 843}}
detailsWindowLeftFrame = {{0, 0}, {165, 725}}
detailsWindowViewIndex = 0
detailsWindowConfigurationsTabIdentifier = log
leftNavSelectedDisplayName = macbook-air
AdvancedWindowTabIdentifier = connectingAndDisconnecting
haveDealtWithSparkle1dot5b6 = 1
haveDealtWithOldTunTapPreferences = 1
haveDealtWithOldLoginItem = 1
SUEnableAutomaticChecks = 1
SUFeedURL = https://www.tunnelblick.net/appcast-b.rss
SUScheduledCheckInterval = 86400
SUSendProfileInfo = 0
SULastCheckTime = 2016-02-13 14:51:12 +0000
SUHasLaunchedBefore = 1
WebKitDefaultFontSize = 16
WebKitStandardFont = Times
================================================================================
Tunnelblick Log:
2016-02-13 15:52:45 OpenVPN 2.3.10 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Feb 1 2016
2016-02-13 15:52:45 library versions: OpenSSL 1.0.2f 28 Jan 2016, LZO 2.09
2016-02-13 15:52:45 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337
2016-02-13 15:52:45 Need hold release from management interface, waiting...
2016-02-13 15:52:45 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337
2016-02-13 15:52:45 MANAGEMENT: CMD 'pid'
2016-02-13 15:52:45 MANAGEMENT: CMD 'state on'
2016-02-13 15:52:45 MANAGEMENT: CMD 'state'
2016-02-13 15:52:45 MANAGEMENT: CMD 'bytecount 1'
2016-02-13 15:52:45 MANAGEMENT: CMD 'hold release'
2016-02-13 15:52:45 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2016-02-13 15:52:45 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2016-02-13 15:52:45 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1492)
2016-02-13 15:52:45 Socket Buffers: R=[131072->131072] S=[131072->131072]
2016-02-13 15:52:45 MANAGEMENT: >STATE:1455375165,RESOLVE,,,
2016-02-13 15:52:45 *Tunnelblick: openvpnstart starting OpenVPN
2016-02-13 15:52:46 *Tunnelblick: Established communication with OpenVPN
2016-02-13 15:52:46 Attempting to establish TCP connection with [AF_INET]87.154.7.153:1194 [nonblock]
2016-02-13 15:52:46 MANAGEMENT: >STATE:1455375166,TCP_CONNECT,,,
2016-02-13 15:52:47 TCP connection established with [AF_INET]87.154.7.153:1194
2016-02-13 15:52:47 TCPv4_CLIENT link local: [undef]
2016-02-13 15:52:47 TCPv4_CLIENT link remote: [AF_INET]87.154.7.153:1194
2016-02-13 15:52:47 MANAGEMENT: >STATE:1455375167,WAIT,,,
2016-02-13 15:52:47 MANAGEMENT: >STATE:1455375167,AUTH,,,
2016-02-13 15:52:47 TLS: Initial packet from [AF_INET]87.154.7.153:1194, sid=e216aba3 79974189
2016-02-13 15:52:47 VERIFY OK: xxxxxxxxxxxxxx
2016-02-13 15:52:47 VERIFY OK: xxxxxxxxxxxxxx
2016-02-13 15:52:47 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
2016-02-13 15:52:47 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2016-02-13 15:52:47 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
2016-02-13 15:52:47 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2016-02-13 15:52:47 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
2016-02-13 15:52:47 [merlin] Peer Connection Initiated with [AF_INET]87.154.7.153:1194
2016-02-13 15:52:48 MANAGEMENT: >STATE:1455375168,GET_CONFIG,,,
2016-02-13 15:52:49 SENT CONTROL [merlin]: 'PUSH_REQUEST' (status=1)
2016-02-13 15:52:49 PUSH: Received control message: 'PUSH_REPLY,route 192.168.192.0 255.255.255.0 192.168.193.1,dhcp-option DNS 192.168.192.240,dhcp-option DOMAIN homenet.local,ping 10,ping-restart 120,ifconfig 192.168.193.5 255.255.255.0'
2016-02-13 15:52:49 OPTIONS IMPORT: timers and/or timeouts modified
2016-02-13 15:52:49 OPTIONS IMPORT: --ifconfig/up options modified
2016-02-13 15:52:49 OPTIONS IMPORT: route options modified
2016-02-13 15:52:49 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2016-02-13 15:52:49 TUN/TAP device /dev/tap0 opened
2016-02-13 15:52:49 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
2016-02-13 15:52:49 MANAGEMENT: >STATE:1455375169,ASSIGN_IP,,192.168.193.5,
2016-02-13 15:52:49 /sbin/ifconfig tap0 delete
Before starting the VPN - there ist the ip adress of the DNS of the WLAN in the left box.
After starting the VPN - there is the ip adress of my internal DNS Server (VPN Server) in the left box. On the right box, the right domain is displayed.
After stopping the VPN, there is again the ip adress of the WLAN in the left box.
BUT during VPN - there is no name resolution working???
Here is my log:
*Tunnelblick: OS X 10.11.3; Tunnelblick 3.6beta20 (build 4505); Admin user
Configuration macbook-air
"Sanitized" condensed configuration file for /Library/Application Support/Tunnelblick/Shared/macbook-air.tblk:
client
dev tap
proto tcp-client
float
nobind
resolv-retry infinite
connect-retry 10
connect-retry-max 10
keepalive 10 60
remote xxxxxxx 1194
tls-client
ca ca.crt
cert macbook-air.crt
key macbook-air.key
pull
tun-mtu 1492
cipher AES-256-CBC
comp-lzo
persist-key
persist-tun
verb 3
================================================================================
Non-Apple kexts that are loaded:
Index Refs Address Size Wired Name (Version) UUID <Linked Against>
136 3 0xffffff7f82d2d000 0x60000 0x60000 org.virtualbox.kext.VBoxDrv (5.0.14) A272EAA2-9920-3F34-A32A-F2FD5C05D271 <7 5 4 3 1>
142 0 0xffffff7f82d8d000 0x8000 0x8000 org.virtualbox.kext.VBoxUSB (5.0.14) 8EF141D6-6B87-39BA-9D4F-6EDDF6C68B5F <141 136 39 7 5 4 3 1>
145 0 0xffffff7f82d95000 0x5000 0x5000 org.virtualbox.kext.VBoxNetFlt (5.0.14) 8F0FC629-CCC2-371E-A682-09040D9B8AB5 <136 7 5 4 3 1>
146 0 0xffffff7f82d9a000 0x6000 0x6000 org.virtualbox.kext.VBoxNetAdp (5.0.14) A92ACCED-E21F-36CF-A7F7-921F3B76B080 <136 5 4 1>
150 0 0xffffff7f82da7000 0x6000 0x6000 net.tunnelblick.tap (4505.3) 0C467657-D2BF-C083-A710-349CF5B5BDE5 <7 5 4 1>
================================================================================
There are no unusual files in macbook-air.tblk
================================================================================
Configuration preferences:
useDNS = 1
-resetPrimaryInterfaceAfterDisconnect = 1
-useRouteUpInsteadOfUp = 0
-openvpnVersion =
-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
-keepConnected = 0
-lastConnectionSucceeded = 1
-prependDomainNameToSearchDomains = 1
================================================================================
Wildcard preferences:
-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
================================================================================
Program preferences:
launchAtNextLogin = 1
notOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
askedUserIfOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
tunnelblickVersionHistory = (
"3.6beta20 (build 4505)"
)
lastLaunchTime = 477067872.745434
connectionWindowDisplayCriteria = showWhenConnecting
maxLogDisplaySize = 102400
lastConnectedDisplayName = macbook-air
keyboardShortcutIndex = 1
updateCheckAutomatically = 1
updateSendProfileInfo = 0
NSWindow Frame SettingsSheetWindow = 90 142 829 524 0 0 1440 877
NSWindow Frame ConnectingWindow = 551 517 389 187 0 0 1440 877
detailsWindowFrameVersion = 4505
detailsWindowFrame = {{65, 34}, {920, 843}}
detailsWindowLeftFrame = {{0, 0}, {165, 725}}
detailsWindowViewIndex = 0
detailsWindowConfigurationsTabIdentifier = log
leftNavSelectedDisplayName = macbook-air
AdvancedWindowTabIdentifier = connectingAndDisconnecting
haveDealtWithSparkle1dot5b6 = 1
haveDealtWithOldTunTapPreferences = 1
haveDealtWithOldLoginItem = 1
SUEnableAutomaticChecks = 1
SUFeedURL = https://www.tunnelblick.net/appcast-b.rss
SUScheduledCheckInterval = 86400
SUSendProfileInfo = 0
SULastCheckTime = 2016-02-13 14:51:12 +0000
SUHasLaunchedBefore = 1
WebKitDefaultFontSize = 16
WebKitStandardFont = Times
================================================================================
Tunnelblick Log:
2016-02-13 15:52:45 OpenVPN 2.3.10 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Feb 1 2016
2016-02-13 15:52:45 library versions: OpenSSL 1.0.2f 28 Jan 2016, LZO 2.09
2016-02-13 15:52:45 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337
2016-02-13 15:52:45 Need hold release from management interface, waiting...
2016-02-13 15:52:45 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337
2016-02-13 15:52:45 MANAGEMENT: CMD 'pid'
2016-02-13 15:52:45 MANAGEMENT: CMD 'state on'
2016-02-13 15:52:45 MANAGEMENT: CMD 'state'
2016-02-13 15:52:45 MANAGEMENT: CMD 'bytecount 1'
2016-02-13 15:52:45 MANAGEMENT: CMD 'hold release'
2016-02-13 15:52:45 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2016-02-13 15:52:45 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2016-02-13 15:52:45 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1492)
2016-02-13 15:52:45 Socket Buffers: R=[131072->131072] S=[131072->131072]
2016-02-13 15:52:45 MANAGEMENT: >STATE:1455375165,RESOLVE,,,
2016-02-13 15:52:45 *Tunnelblick: openvpnstart starting OpenVPN
2016-02-13 15:52:46 *Tunnelblick: Established communication with OpenVPN
2016-02-13 15:52:46 Attempting to establish TCP connection with [AF_INET]87.154.7.153:1194 [nonblock]
2016-02-13 15:52:46 MANAGEMENT: >STATE:1455375166,TCP_CONNECT,,,
2016-02-13 15:52:47 TCP connection established with [AF_INET]87.154.7.153:1194
2016-02-13 15:52:47 TCPv4_CLIENT link local: [undef]
2016-02-13 15:52:47 TCPv4_CLIENT link remote: [AF_INET]87.154.7.153:1194
2016-02-13 15:52:47 MANAGEMENT: >STATE:1455375167,WAIT,,,
2016-02-13 15:52:47 MANAGEMENT: >STATE:1455375167,AUTH,,,
2016-02-13 15:52:47 TLS: Initial packet from [AF_INET]87.154.7.153:1194, sid=e216aba3 79974189
2016-02-13 15:52:47 VERIFY OK: xxxxxxxxxxxxxx
2016-02-13 15:52:47 VERIFY OK: xxxxxxxxxxxxxx
2016-02-13 15:52:47 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
2016-02-13 15:52:47 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2016-02-13 15:52:47 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
2016-02-13 15:52:47 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2016-02-13 15:52:47 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
2016-02-13 15:52:47 [merlin] Peer Connection Initiated with [AF_INET]87.154.7.153:1194
2016-02-13 15:52:48 MANAGEMENT: >STATE:1455375168,GET_CONFIG,,,
2016-02-13 15:52:49 SENT CONTROL [merlin]: 'PUSH_REQUEST' (status=1)
2016-02-13 15:52:49 PUSH: Received control message: 'PUSH_REPLY,route 192.168.192.0 255.255.255.0 192.168.193.1,dhcp-option DNS 192.168.192.240,dhcp-option DOMAIN homenet.local,ping 10,ping-restart 120,ifconfig 192.168.193.5 255.255.255.0'
2016-02-13 15:52:49 OPTIONS IMPORT: timers and/or timeouts modified
2016-02-13 15:52:49 OPTIONS IMPORT: --ifconfig/up options modified
2016-02-13 15:52:49 OPTIONS IMPORT: route options modified
2016-02-13 15:52:49 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2016-02-13 15:52:49 TUN/TAP device /dev/tap0 opened
2016-02-13 15:52:49 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
2016-02-13 15:52:49 MANAGEMENT: >STATE:1455375169,ASSIGN_IP,,192.168.193.5,
2016-02-13 15:52:49 /sbin/ifconfig tap0 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2016-02-13 15:52:49 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2016-02-13 15:52:49 /sbin/ifconfig tap0 192.168.193.5 netmask 255.255.255.0 mtu 1492 up
2016-02-13 15:52:49 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -a -d -f -m -p -r -w -ptADGNWradsgnw tap0 1492 1584 192.168.193.5 255.255.255.0 init
**********************************************
Start of output from client.up.tunnelblick.sh
Did 'ipconfig set "tap0" DHCP'
Configuring tap DNS via DHCP asynchronously
End of output from client.up.tunnelblick.sh
**********************************************
2016-02-13 15:52:51 MANAGEMENT: >STATE:1455375171,ADD_ROUTES,,,
2016-02-13 15:52:51 /sbin/route add -net 192.168.192.0 192.168.193.1 255.255.255.0
route: writing to routing socket: File exists
add net 192.168.192.0: gateway 192.168.193.1: File exists
2016-02-13 15:52:51 Initialization Sequence Completed
2016-02-13 15:52:51 MANAGEMENT: >STATE:1455375171,CONNECTED,SUCCESS,192.168.193.5,xxxxxxxxxxxx
Sleeping for 3 seconds to wait for DHCP to finish setup.
Sleeping for 4 seconds to wait for DHCP to finish setup.
WARNING: No DNS information received from OpenVPN via DHCP, so no network/DNS configuration changes need to be made.
WARNING: Will NOT monitor for other network configuration changes.
DNS servers '192.168.192.240' will be used for DNS queries when the VPN is active
NOTE: The DNS servers do not include any free public DNS servers known to Tunnelblick. This may cause DNS queries to fail or be intercepted or falsified even if they are directed through the VPN. Specify only known public DNS servers or DNS servers located on the VPN network to avoid such problems.
Flushed the DNS cache via dscacheutil
/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
Notified mDNSResponder that the DNS cache was flushed
2016-02-13 15:52:51 *Tunnelblick: No 'connected.sh' script to execute
Sleeping for 0 seconds to wait for DHCP to finish setup.
Sleeping for 1 seconds to wait for DHCP to finish setup.
Sleeping for 2 seconds to wait for DHCP to finish setup.
2016-02-13 15:52:57 *Tunnelblick: This computer's apparent public IP address (87.154.7.153) was unchanged after the connection was made
================================================================================
"Sanitized" full configuration file
client
dev tap
proto tcp-client
float
nobind
resolv-retry infinite
connect-retry 10
connect-retry-max 10
keepalive 10 60
#Server IP
remote xxxxxxxxxxx 1194
tls-client
ca ca.crt
cert macbook-air.crt
key macbook-air.key
pull
#MTU
tun-mtu 1492
cipher AES-256-CBC
comp-lzo
persist-key
persist-tun
verb 3
================================================================================
ifconfig output:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=1<PERFORMNUD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether a4:d1:8c:d2:23:74
inet6 fe80::a6d1:8cff:fed2:2374%en0 prefixlen 64 scopeid 0x4
inet 192.168.192.85 netmask 0xffffff00 broadcast 192.168.192.255
nd6 options=1<PERFORMNUD>
media: autoselect
status: active
en1: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
options=60<TSO4,TSO6>
ether 9a:00:06:3c:07:00
media: autoselect <full-duplex>
status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether 06:d1:8c:d2:23:74
media: autoselect
status: inactive
awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1484
ether 96:48:67:b7:07:17
inet6 fe80::9448:67ff:feb7:717%awdl0 prefixlen 64 scopeid 0x7
nd6 options=1<PERFORMNUD>
media: autoselect
status: active
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=63<RXCSUM,TXCSUM,TSO4,TSO6>
ether a6:d1:8c:2d:46:00
Configuration:
id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
ipfilter disabled flags 0x2
member: en1 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 5 priority 0 path cost 0
nd6 options=1<PERFORMNUD>
media: <unknown type>
status: inactive
tap0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1492
ether 36:69:16:b6:2f:04
inet 192.168.193.5 netmask 0xffffff00 broadcast 192.168.193.255
inet 169.254.108.237 netmask 0xffff0000 broadcast 169.254.255.255
media: autoselect
status: active
open (pid 867)
================================================================================
Console Log:
2016-02-13 15:11:31 Tunnelblick[348] Tunnelblick: OS X 10.11.3; Tunnelblick 3.6beta20 (build 4505)
2016-02-13 15:11:33 Tunnelblick[348] Set program update feedURL to https://www.tunnelblick.net/appcast-b.rss
2016-02-13 15:30:01 Tunnelblick[348] runTunnelblickd: no data available from tunnelblickd socket; sleeping 5.000000 seconds...
2016-02-13 15:33:24 Tunnelblick[348] applicationShouldTerminate: termination because of Quit; delayed until 'shutdownTunnelblick' finishes
2016-02-13 15:33:25 Tunnelblick[348] pthread_mutex_lock( &unloadKextsMutex ) failed; status = 16, errno = 2
2016-02-13 15:33:26 Tunnelblick[348] Finished shutting down Tunnelblick; allowing termination
2016-02-13 15:33:44 Tunnelblick[672] Tunnelblick: OS X 10.11.3; Tunnelblick 3.6beta20 (build 4505)
2016-02-13 15:33:45 Tunnelblick[672] Set program update feedURL to https://www.tunnelblick.net/appcast-b.rss
2016-02-13 15:50:25 Tunnelblick[672] applicationShouldTerminate: termination because of Quit; delayed until 'shutdownTunnelblick' finishes
2016-02-13 15:50:30 Tunnelblick[672] runTunnelblickd: no data available from tunnelblickd socket; sleeping 5.000000 seconds...
2016-02-13 15:50:35 Tunnelblick[672] pthread_mutex_lock( &unloadKextsMutex ) failed; status = 16, errno = 2
2016-02-13 15:50:36 Tunnelblick[672] Finished shutting down Tunnelblick; allowing termination
2016-02-13 15:51:12 Tunnelblick[853] Tunnelblick: OS X 10.11.3; Tunnelblick 3.6beta20 (build 4505)
2016-02-13 15:51:12 Tunnelblick[853] Set program update feedURL to https://www.tunnelblick.net/appcast-b.rss
2016-02-13 15:52:49 /sbin/ifconfig tap0 192.168.193.5 netmask 255.255.255.0 mtu 1492 up
2016-02-13 15:52:49 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -a -d -f -m -p -r -w -ptADGNWradsgnw tap0 1492 1584 192.168.193.5 255.255.255.0 init
**********************************************
Start of output from client.up.tunnelblick.sh
Did 'ipconfig set "tap0" DHCP'
Configuring tap DNS via DHCP asynchronously
End of output from client.up.tunnelblick.sh
**********************************************
2016-02-13 15:52:51 MANAGEMENT: >STATE:1455375171,ADD_ROUTES,,,
2016-02-13 15:52:51 /sbin/route add -net 192.168.192.0 192.168.193.1 255.255.255.0
route: writing to routing socket: File exists
add net 192.168.192.0: gateway 192.168.193.1: File exists
2016-02-13 15:52:51 Initialization Sequence Completed
2016-02-13 15:52:51 MANAGEMENT: >STATE:1455375171,CONNECTED,SUCCESS,192.168.193.5,xxxxxxxxxxxx
Sleeping for 3 seconds to wait for DHCP to finish setup.
Sleeping for 4 seconds to wait for DHCP to finish setup.
WARNING: No DNS information received from OpenVPN via DHCP, so no network/DNS configuration changes need to be made.
WARNING: Will NOT monitor for other network configuration changes.
DNS servers '192.168.192.240' will be used for DNS queries when the VPN is active
NOTE: The DNS servers do not include any free public DNS servers known to Tunnelblick. This may cause DNS queries to fail or be intercepted or falsified even if they are directed through the VPN. Specify only known public DNS servers or DNS servers located on the VPN network to avoid such problems.
Flushed the DNS cache via dscacheutil
/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
Notified mDNSResponder that the DNS cache was flushed
2016-02-13 15:52:51 *Tunnelblick: No 'connected.sh' script to execute
Sleeping for 0 seconds to wait for DHCP to finish setup.
Sleeping for 1 seconds to wait for DHCP to finish setup.
Sleeping for 2 seconds to wait for DHCP to finish setup.
2016-02-13 15:52:57 *Tunnelblick: This computer's apparent public IP address (87.154.7.153) was unchanged after the connection was made
================================================================================
"Sanitized" full configuration file
client
dev tap
proto tcp-client
float
nobind
resolv-retry infinite
connect-retry 10
connect-retry-max 10
keepalive 10 60
#Server IP
remote xxxxxxxxxxx 1194
tls-client
ca ca.crt
cert macbook-air.crt
key macbook-air.key
pull
#MTU
tun-mtu 1492
cipher AES-256-CBC
comp-lzo
persist-key
persist-tun
verb 3
================================================================================
ifconfig output:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=1<PERFORMNUD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether a4:d1:8c:d2:23:74
inet6 fe80::a6d1:8cff:fed2:2374%en0 prefixlen 64 scopeid 0x4
inet 192.168.192.85 netmask 0xffffff00 broadcast 192.168.192.255
nd6 options=1<PERFORMNUD>
media: autoselect
status: active
en1: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
options=60<TSO4,TSO6>
ether 9a:00:06:3c:07:00
media: autoselect <full-duplex>
status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether 06:d1:8c:d2:23:74
media: autoselect
status: inactive
awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1484
ether 96:48:67:b7:07:17
inet6 fe80::9448:67ff:feb7:717%awdl0 prefixlen 64 scopeid 0x7
nd6 options=1<PERFORMNUD>
media: autoselect
status: active
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=63<RXCSUM,TXCSUM,TSO4,TSO6>
ether a6:d1:8c:2d:46:00
Configuration:
id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
ipfilter disabled flags 0x2
member: en1 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 5 priority 0 path cost 0
nd6 options=1<PERFORMNUD>
media: <unknown type>
status: inactive
tap0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1492
ether 36:69:16:b6:2f:04
inet 192.168.193.5 netmask 0xffffff00 broadcast 192.168.193.255
inet 169.254.108.237 netmask 0xffff0000 broadcast 169.254.255.255
media: autoselect
status: active
open (pid 867)
================================================================================
Console Log:
2016-02-13 15:11:31 Tunnelblick[348] Tunnelblick: OS X 10.11.3; Tunnelblick 3.6beta20 (build 4505)
2016-02-13 15:11:33 Tunnelblick[348] Set program update feedURL to https://www.tunnelblick.net/appcast-b.rss
2016-02-13 15:30:01 Tunnelblick[348] runTunnelblickd: no data available from tunnelblickd socket; sleeping 5.000000 seconds...
2016-02-13 15:33:24 Tunnelblick[348] applicationShouldTerminate: termination because of Quit; delayed until 'shutdownTunnelblick' finishes
2016-02-13 15:33:25 Tunnelblick[348] pthread_mutex_lock( &unloadKextsMutex ) failed; status = 16, errno = 2
2016-02-13 15:33:26 Tunnelblick[348] Finished shutting down Tunnelblick; allowing termination
2016-02-13 15:33:44 Tunnelblick[672] Tunnelblick: OS X 10.11.3; Tunnelblick 3.6beta20 (build 4505)
2016-02-13 15:33:45 Tunnelblick[672] Set program update feedURL to https://www.tunnelblick.net/appcast-b.rss
2016-02-13 15:50:25 Tunnelblick[672] applicationShouldTerminate: termination because of Quit; delayed until 'shutdownTunnelblick' finishes
2016-02-13 15:50:30 Tunnelblick[672] runTunnelblickd: no data available from tunnelblickd socket; sleeping 5.000000 seconds...
2016-02-13 15:50:35 Tunnelblick[672] pthread_mutex_lock( &unloadKextsMutex ) failed; status = 16, errno = 2
2016-02-13 15:50:36 Tunnelblick[672] Finished shutting down Tunnelblick; allowing termination
2016-02-13 15:51:12 Tunnelblick[853] Tunnelblick: OS X 10.11.3; Tunnelblick 3.6beta20 (build 4505)
2016-02-13 15:51:12 Tunnelblick[853] Set program update feedURL to https://www.tunnelblick.net/appcast-b.rss
jkbull...gmail.com
Feb 13, 2016, 11:15:20 AM2/13/16
to tunnelblick-discuss, saarfuc...@googlemail.com
If you look at the log, you can see
2016-02-13 15:52:51 /sbin/route add -net 192.168.192.0 192.168.193.1 255.255.255.0
route: writing to routing socket: File exists
add net 192.168.192.0: gateway 192.168.193.1: File exists
which seems to be talking about a routing problem.
You can also try putting a check in the box next to "Set DNS after routes are set instead of before routes are set" on the "Connecting & Disconnecting" tab of Tunnelblick's "Advanced Settings" window. (Changes to settings affect all configurations that are selected on the left side of the "Configurations" panel of Tunneblick's "VPN Details" window, so select the configuration first, then click the "Advanced" button.)
Joerg Janes
Feb 14, 2016, 11:39:28 AM2/14/16
to tunnelblick-discuss, saarfuc...@googlemail.com
I'm sorry - the log was wrong - it was from my internal wlan, therefore the route was existing...
My test scenario is a hotspot on my android mobile to check if the vpn is working. There I can see, that the DNS is not changed after connecting the VPN. Here ist the correct log:
2016-02-14 17:21:21 *Tunnelblick: openvpnstart starting OpenVPN
2016-02-14 17:21:22 OpenVPN 2.3.6 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Feb 1 2016
2016-02-14 17:21:22 library versions: OpenSSL 1.0.1r 28 Jan 2016, LZO 2.08
2016-02-14 17:21:22 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1338
2016-02-14 17:21:22 Need hold release from management interface, waiting...
2016-02-14 17:21:23 *Tunnelblick: Established communication with OpenVPN
2016-02-14 17:21:23 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1338
2016-02-14 17:21:23 MANAGEMENT: CMD 'pid'
2016-02-14 17:21:23 MANAGEMENT: CMD 'state on'
2016-02-14 17:21:23 MANAGEMENT: CMD 'state'
2016-02-14 17:21:23 MANAGEMENT: CMD 'bytecount 1'
2016-02-14 17:21:23 MANAGEMENT: CMD 'hold release'
2016-02-14 17:21:23 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2016-02-14 17:21:23 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2016-02-14 17:21:23 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1492)
2016-02-14 17:21:23 Socket Buffers: R=[131072->65536] S=[131072->65536]
2016-02-14 17:21:23 MANAGEMENT: >STATE:1455466883,RESOLVE,,,
2016-02-14 17:21:24 Attempting to establish TCP connection with [AF_INET]79.232.225.97:1194 [nonblock]
2016-02-14 17:21:24 MANAGEMENT: >STATE:1455466884,TCP_CONNECT,,,
2016-02-14 17:21:25 TCP connection established with [AF_INET]79.232.225.97:1194
2016-02-14 17:21:25 TCPv4_CLIENT link local: [undef]
2016-02-14 17:21:25 TCPv4_CLIENT link remote: [AF_INET]79.232.225.97:1194
2016-02-14 17:21:25 MANAGEMENT: >STATE:1455466885,WAIT,,,
2016-02-14 17:21:25 MANAGEMENT: >STATE:1455466885,AUTH,,,
2016-02-14 17:21:25 TLS: Initial packet from [AF_INET]79.232.225.97:1194, sid=620a2890 5d7fbddc
2016-02-14 17:21:31 VERIFY OK: depth=1, C=DE, ST=Saarland, L=Neunkirchen/Saar, O=HomeNET, CN=HomeNET CA, emailAddress=xxxxxx
2016-02-14 17:21:31 VERIFY OK: depth=0, C=DE, ST=Saarland, L=Neunkirchen/Saar, O=HomeNET, CN=merlin, emailAddress=xxxxxx
2016-02-14 17:21:37 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
2016-02-14 17:21:37 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2016-02-14 17:21:37 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
2016-02-14 17:21:37 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2016-02-14 17:21:37 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
2016-02-14 17:21:37 [merlin] Peer Connection Initiated with [AF_INET]79.232.225.97:1194
2016-02-14 17:21:38 MANAGEMENT: >STATE:1455466898,GET_CONFIG,,,
2016-02-14 17:21:39 SENT CONTROL [merlin]: 'PUSH_REQUEST' (status=1)
2016-02-14 17:21:40 PUSH: Received control message: 'PUSH_REPLY,route 192.168.192.0 255.255.255.0 192.168.193.1,dhcp-option DNS 192.168.192.240,dhcp-option DOMAIN homenet.local,ping 10,ping-restart 120,ifconfig 192.168.193.5 255.255.255.0'
2016-02-14 17:21:40 OPTIONS IMPORT: timers and/or timeouts modified
2016-02-14 17:21:40 OPTIONS IMPORT: --ifconfig/up options modified
2016-02-14 17:21:40 OPTIONS IMPORT: route options modified
2016-02-14 17:21:40 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2016-02-14 17:21:40 TUN/TAP device /dev/tap0 opened
2016-02-14 17:21:40 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
2016-02-14 17:21:40 MANAGEMENT: >STATE:1455466900,ASSIGN_IP,,192.168.193.5,
2016-02-14 17:21:40 /sbin/ifconfig tap0 delete
My test scenario is a hotspot on my android mobile to check if the vpn is working. There I can see, that the DNS is not changed after connecting the VPN. Here ist the correct log:
2016-02-14 17:21:21 *Tunnelblick: openvpnstart starting OpenVPN
2016-02-14 17:21:22 OpenVPN 2.3.6 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Feb 1 2016
2016-02-14 17:21:22 library versions: OpenSSL 1.0.1r 28 Jan 2016, LZO 2.08
2016-02-14 17:21:22 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1338
2016-02-14 17:21:22 Need hold release from management interface, waiting...
2016-02-14 17:21:23 *Tunnelblick: Established communication with OpenVPN
2016-02-14 17:21:23 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1338
2016-02-14 17:21:23 MANAGEMENT: CMD 'pid'
2016-02-14 17:21:23 MANAGEMENT: CMD 'state on'
2016-02-14 17:21:23 MANAGEMENT: CMD 'state'
2016-02-14 17:21:23 MANAGEMENT: CMD 'bytecount 1'
2016-02-14 17:21:23 MANAGEMENT: CMD 'hold release'
2016-02-14 17:21:23 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2016-02-14 17:21:23 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2016-02-14 17:21:23 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1492)
2016-02-14 17:21:23 Socket Buffers: R=[131072->65536] S=[131072->65536]
2016-02-14 17:21:23 MANAGEMENT: >STATE:1455466883,RESOLVE,,,
2016-02-14 17:21:24 Attempting to establish TCP connection with [AF_INET]79.232.225.97:1194 [nonblock]
2016-02-14 17:21:24 MANAGEMENT: >STATE:1455466884,TCP_CONNECT,,,
2016-02-14 17:21:25 TCP connection established with [AF_INET]79.232.225.97:1194
2016-02-14 17:21:25 TCPv4_CLIENT link local: [undef]
2016-02-14 17:21:25 TCPv4_CLIENT link remote: [AF_INET]79.232.225.97:1194
2016-02-14 17:21:25 MANAGEMENT: >STATE:1455466885,WAIT,,,
2016-02-14 17:21:25 MANAGEMENT: >STATE:1455466885,AUTH,,,
2016-02-14 17:21:25 TLS: Initial packet from [AF_INET]79.232.225.97:1194, sid=620a2890 5d7fbddc
2016-02-14 17:21:31 VERIFY OK: depth=1, C=DE, ST=Saarland, L=Neunkirchen/Saar, O=HomeNET, CN=HomeNET CA, emailAddress=xxxxxx
2016-02-14 17:21:31 VERIFY OK: depth=0, C=DE, ST=Saarland, L=Neunkirchen/Saar, O=HomeNET, CN=merlin, emailAddress=xxxxxx
2016-02-14 17:21:37 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
2016-02-14 17:21:37 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2016-02-14 17:21:37 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
2016-02-14 17:21:37 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2016-02-14 17:21:37 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
2016-02-14 17:21:37 [merlin] Peer Connection Initiated with [AF_INET]79.232.225.97:1194
2016-02-14 17:21:38 MANAGEMENT: >STATE:1455466898,GET_CONFIG,,,
2016-02-14 17:21:39 SENT CONTROL [merlin]: 'PUSH_REQUEST' (status=1)
2016-02-14 17:21:40 PUSH: Received control message: 'PUSH_REPLY,route 192.168.192.0 255.255.255.0 192.168.193.1,dhcp-option DNS 192.168.192.240,dhcp-option DOMAIN homenet.local,ping 10,ping-restart 120,ifconfig 192.168.193.5 255.255.255.0'
2016-02-14 17:21:40 OPTIONS IMPORT: timers and/or timeouts modified
2016-02-14 17:21:40 OPTIONS IMPORT: --ifconfig/up options modified
2016-02-14 17:21:40 OPTIONS IMPORT: route options modified
2016-02-14 17:21:40 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2016-02-14 17:21:40 TUN/TAP device /dev/tap0 opened
2016-02-14 17:21:40 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
2016-02-14 17:21:40 MANAGEMENT: >STATE:1455466900,ASSIGN_IP,,192.168.193.5,
2016-02-14 17:21:40 /sbin/ifconfig tap0 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2016-02-14 17:21:40 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2016-02-14 17:21:40 /sbin/ifconfig tap0 192.168.193.5 netmask 255.255.255.0 mtu 1492 up
2016-02-14 17:21:40 MANAGEMENT: >STATE:1455466900,ADD_ROUTES,,,
2016-02-14 17:21:40 /sbin/route add -net 192.168.192.0 192.168.193.1 255.255.255.0
2016-02-14 17:21:40 /sbin/ifconfig tap0 192.168.193.5 netmask 255.255.255.0 mtu 1492 up
2016-02-14 17:21:40 MANAGEMENT: >STATE:1455466900,ADD_ROUTES,,,
2016-02-14 17:21:40 /sbin/route add -net 192.168.192.0 192.168.193.1 255.255.255.0
Configuring tap DNS via DHCP asynchronously
End of output from client.up.tunnelblick.sh
**********************************************
End of output from client.up.tunnelblick.sh
**********************************************
2016-02-14 17:21:42 Initialization Sequence Completed
2016-02-14 17:21:42 MANAGEMENT: >STATE:1455466902,CONNECTED,SUCCESS,192.168.193.5,79.232.225.97
2016-02-14 17:21:42 *Tunnelblick: No 'connected.sh' script to execute
2016-02-14 17:21:42 MANAGEMENT: >STATE:1455466902,CONNECTED,SUCCESS,192.168.193.5,79.232.225.97
2016-02-14 17:21:42 *Tunnelblick: No 'connected.sh' script to execute
Sleeping for 0 seconds to wait for DHCP to finish setup.
Sleeping for 1 seconds to wait for DHCP to finish setup.
Sleeping for 2 seconds to wait for DHCP to finish setup.
Sleeping for 3 seconds to wait for DHCP to finish setup.
Sleeping for 4 seconds to wait for DHCP to finish setup.
WARNING: No DNS information received from OpenVPN via DHCP, so no network/DNS configuration changes need to be made.
Sleeping for 4 seconds to wait for DHCP to finish setup.
WARNING: No DNS information received from OpenVPN via DHCP, so no network/DNS configuration changes need to be made.
Will NOT monitor for other network configuration changes.
DNS servers '192.168.43.1' will be used for DNS queries when the VPN is active
The DNS servers do not include any free public DNS servers known to Tunnelblick. This may cause DNS queries to fail or be intercepted or falsified even if they are directed through the VPN. Specify only known public DNS servers or DNS servers located on the VPN network to avoid such problems.
Flushed the DNS cache via dscacheutil
/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
Notified mDNSResponder that the DNS cache was flushed
I wonder that I can read
2016-02-14 17:21:40 PUSH: Received control message: 'PUSH_REPLY,route 192.168.192.0 255.255.255.0 192.168.193.1,dhcp-option DNS 192.168.192.240,dhcp-option DOMAIN homenet.local,ping 10,ping-restart 120,ifconfig 192.168.193.5 255.255.255.0'
and later in the log
2016-02-14 17:21:40 PUSH: Received control message: 'PUSH_REPLY,route 192.168.192.0 255.255.255.0 192.168.193.1,dhcp-option DNS 192.168.192.240,dhcp-option DOMAIN homenet.local,ping 10,ping-restart 120,ifconfig 192.168.193.5 255.255.255.0'
and later in the log
WARNING: No DNS information received from OpenVPN via DHCP, so no network/DNS configuration changes need to be made.
For me, these two lines do not fit together?
The routes are correct - netstat -rn shows that the correct routes are set??? But why not setting the DNS?
At the end of the log, I found:
The routes are correct - netstat -rn shows that the correct routes are set??? But why not setting the DNS?
At the end of the log, I found:
Flushed the DNS cache via dscacheutil
/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
Notified mDNSResponder that the DNS cache was flushed
How do I install discoveryutil? Are my problems related to the change in El Capitan from mDNSResponder to discoveryd?
Any suggestion how to get the vpn running?
Thanks in advance,
Joerg
Any suggestion how to get the vpn running?
Thanks in advance,
Joerg
Reply all
Reply to author
Forward
Message has been deleted
Message has been deleted
Message has been deleted
Message has been deleted
0 new messages