allow this incoming source address/port by removing --remote or adding --float

5,569 views
Skip to first unread message

Andrew Moser

unread,
Oct 24, 2011, 10:12:39 PM10/24/11
to tunnelbli...@googlegroups.com
Don't think this is upgrade related, but went from beta 30 to beta 32, and I can no longer connect.

I get the following in my tunnelblick log;

2011-10-24 21:07:37 TCP/UDP: Incoming packet rejected from 192.168.1.1:443[2], expected peer address: x.x.x.x:443 (allow this incoming source address/port by removing --remote or adding --float)

In my Open VPN log I can see the connection attempt being made but refused now instead of connecting.


20111024 21:01:46 N read UDPv4 [ECONNREFUSED]: Connection refused (code=146) 
20111024 21:01:48 N read UDPv4 [ECONNREFUSED]: Connection refused (code=146) 
20111024 21:01:50 N read UDPv4 [ECONNREFUSED]: Connection refused (code=146) 
20111024 21:01:52 N read UDPv4 [ECONNREFUSED]: Connection refused (code=146) 

Haven't changed or added anything to my network or Open VPN setup, other than upgrading to a new version of TunnelBlick, config below.


client

dev tap0

proto udp

remote myip 443

resolv-retry infinite

nobind

persist-key

persist-tun

ca ca.crt

cert mbpro.crt

key mbpro.key

ns-cert-type server

comp-lzo

verb 3


Thanks,  Andy

jkbull...gmail.com

unread,
Oct 24, 2011, 10:18:39 PM10/24/11
to tunnelbli...@googlegroups.com
Not much changed from 3.2beta30 to 3.2beta32; the main change was a new version of OpenSSL.

Why not try reverting to 3.2beta30?

If that works, complete logs would be helpful -- from both a 3.2beta30 successful connection and a 3.2beta32 unsuccessful connection.

Andrew Moser

unread,
Oct 24, 2011, 10:24:18 PM10/24/11
to tunnelbli...@googlegroups.com
Sorry, forgot to include everything.   I did try reverting to 30 and cannot connect, and the logs show the same thing for both.

Here is the complete log on 32.

2011-10-24 21:13:28 *Tunnelblick: OS X 10.7.2; Tunnelblick 3.2beta32 (build 2817)

2011-10-24 21:13:28 *Tunnelblick: Attempting connection with OpenVPN-Home; Set nameserver = 1; monitoring connection

2011-10-24 21:13:28 *Tunnelblick: /Applications/Tunnelblick.app/Contents/Resources/openvpnstart start OpenVPN-Home.tblk 1337 1 0 3 0 114  2.1.4

2011-10-24 21:13:28 *Tunnelblick: openvpnstart message: Loading tap.kext

2011-10-24 21:13:28 *Tunnelblick: Established communication with OpenVPN

2011-10-24 21:13:28 OpenVPN 2.1.4 i386-apple-darwin10.8.0 [SSL] [LZO2] [PKCS11] built on Sep 14 2011

2011-10-24 21:13:28 MANAGEMENT: TCP Socket listening on 127.0.0.1:1337

2011-10-24 21:13:28 Need hold release from management interface, waiting...

2011-10-24 21:13:28 MANAGEMENT: Client connected from 127.0.0.1:1337

2011-10-24 21:13:28 MANAGEMENT: CMD 'pid'

2011-10-24 21:13:28 MANAGEMENT: CMD 'state on'

2011-10-24 21:13:28 MANAGEMENT: CMD 'state'

2011-10-24 21:13:28 MANAGEMENT: CMD 'hold release'

2011-10-24 21:13:28 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2011-10-24 21:13:28 WARNING: file 'mbpro.key' is group or others accessible

2011-10-24 21:13:28 LZO compression initialized

2011-10-24 21:13:28 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]

2011-10-24 21:13:28 Socket Buffers: R=[42080->65536] S=[9216->65536]

2011-10-24 21:13:28 MANAGEMENT: >STATE:1319508808,RESOLVE,,,

2011-10-24 21:13:28 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]

2011-10-24 21:13:28 Local Options hash (VER=V4): 'd79ca330'

2011-10-24 21:13:28 Expected Remote Options hash (VER=V4): 'f7df56b8'

2011-10-24 21:13:28 UDPv4 link local: [undef]

2011-10-24 21:13:28 UDPv4 link remote: myip.com:443

2011-10-24 21:13:28 MANAGEMENT: >STATE:1319508808,WAIT,,,

2011-10-24 21:13:28 TCP/UDP: Incoming packet rejected from 192.168.1.1:443[2], expected peer address: myip.com:443 (allow this incoming source address/port by removing --remote or adding --float)

2011-10-24 21:13:28 *Tunnelblick: openvpnstart: /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.1.4/openvpn --cd /Library/Application Support/Tunnelblick/Shared/OpenVPN-Home.tblk/Contents/Resources --daemon --management 127.0.0.1 1337 --config /Library/Application Support/Tunnelblick/Shared/OpenVPN-Home.tblk/Contents/Resources/config.ovpn --log /Library/Application Support/Tunnelblick/Logs/-SLibrary-SApplication Support-STunnelblick-SShared-SOpenVPN--Home.tblk-SContents-SResources-Sconfig.ovpn.1_0_3_0_114.1337.openvpn.log --management-query-passwords --management-hold --script-security 2 --up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -a --down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -a --up-restart

2011-10-24 21:13:30 TCP/UDP: Incoming packet rejected from 192.168.1.1:443[2], expected peer address: myip.com:443 (allow this incoming source address/port by removing --remote or adding --float)

2011-10-24 21:13:33 TCP/UDP: Incoming packet rejected from 192.168.1.1:443[2], expected peer address: myip.com:443 (allow this incoming source address/port by removing --remote or adding --float)

2011-10-24 21:13:34 TCP/UDP: Incoming packet rejected from 192.168.1.1:443[2], expected peer address: myip.com:443 (allow this incoming source address/port by removing --remote or adding --float)

2011-10-24 21:13:35 TCP/UDP: Incoming packet rejected from 192.168.1.1:443[2], expected peer address: myip.com:443 (allow this incoming source address/port by removing --remote or adding --float)

2011-10-24 21:13:36 TCP/UDP: Incoming packet rejected from 192.168.1.1:443[2], expected peer address: myip.com:443 (allow this incoming source address/port by removing --remote or adding --float)

2011-10-24 21:13:39 TCP/UDP: Incoming packet rejected from 192.168.1.1:443[2], expected peer address: myip.com:443 (allow this incoming source address/port by removing --remote or adding --float)

2011-10-24 21:13:41 TCP/UDP: Incoming packet rejected from 192.168.1.1:443[2], expected peer address: myip.com:443 (allow this incoming source address/port by removing --remote or adding --float)

2011-10-24 21:13:42 TCP/UDP: Incoming packet rejected from 192.168.1.1:443[2], expected peer address: myip.com:443 (allow this incoming source address/port by removing --remote or adding --float)

2011-10-24 21:13:43 TCP/UDP: Incoming packet rejected from 192.168.1.1:443[2], expected peer address: myip.com:443 (allow this incoming source address/port by removing --remote or adding --float)

2011-10-24 21:13:46 TCP/UDP: Incoming packet rejected from 192.168.1.1:443[2], expected peer address: myip.com:443 (allow this incoming source address/port by removing --remote or adding --float)

2011-10-24 21:13:48 TCP/UDP: Incoming packet rejected from 192.168.1.1:443[2], expected peer address: myip.com:443 (allow this incoming source address/port by removing --remote or adding --float)

2011-10-24 21:13:50 TCP/UDP: Incoming packet rejected from 192.168.1.1:443[2], expected peer address: myip.com:443 (allow this incoming source address/port by removing --remote or adding --float)

2011-10-24 21:13:51 TCP/UDP: Incoming packet rejected from 192.168.1.1:443[2], expected peer address: myip.com:443 (allow this incoming source address/port by removing --remote or adding --float)

2011-10-24 21:13:53 TCP/UDP: Incoming packet rejected from 192.168.1.1:443[2], expected peer address: myip.com:443 (allow this incoming source address/port by removing --remote or adding --float)

2011-10-24 21:13:55 TCP/UDP: Incoming packet rejected from 192.168.1.1:443[2], expected peer address: myip.com:443 (allow this incoming source address/port by removing --remote or adding --float)

2011-10-24 21:13:58 TCP/UDP: Incoming packet rejected from 192.168.1.1:443[2], expected peer address: myip.com:443 (allow this incoming source address/port by removing --remote or adding --float)

2011-10-24 21:13:58 TCP/UDP: Incoming packet rejected from 192.168.1.1:443[2], expected peer address: myip.com:443 (allow this incoming source address/port by removing --remote or adding --float)

2011-10-24 21:13:58 event_wait : Interrupted system call (code=4)

2011-10-24 21:13:58 TCP/UDP: Closing socket

2011-10-24 21:13:58 SIGTERM[hard,] received, process exiting

2011-10-24 21:13:58 MANAGEMENT: >STATE:1319508838,EXITING,SIGTERM,,

2011-10-24 21:13:59 *Tunnelblick: Flushed the DNS cache

jkbull...gmail.com

unread,
Oct 25, 2011, 7:37:38 AM10/25/11
to tunnelbli...@googlegroups.com
An example of the problem is here:

2011-10-24 21:13:30 TCP/UDP: Incoming packet rejected from 192.168.1.1:443[2], expected peer address: myip.com:443 (allow this incoming source address/port by removing --remote or adding --float)

Which implies (to me) that myip.com isn't being translated to 192.168.1.1. But that's just my guess. That could be a DNS problem. You might try replacing "myip.com" (and "myip" in the configuration file) with the actual IP address of the server as a test.

Or it could be because you refer to "myip" in the configuration file, but this error message lists "myip.com", so maybe you should set everything to myip.com?

You can try the other "Set nameserver" options ( "3.0b10", "alternate 1"), etc.

If that doesn't help, you should try to get help from the OpenVPN Users Forum or the OpenVPN Users Mailing List.

Reply all
Reply to author
Forward
0 new messages