*Tunnelblick: OS X 10.9.4; Tunnelblick 3.4.2 (build 4055.4161); Admin user
"Sanitized" condensed configuration file for /Users/username/Library/Application Support/Tunnelblick/Configurations/scss.tblk:
client
dev tun
proto udp
remote vpnserver.scss.tcd.ie 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
ns-cert-type server
cipher BF-CBC
comp-lzo
verb 3
auth-user-pass
================================================================================
"Sanitized" full configuration file
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
####sk ;dev-node MyTap
# dev-node "Local Area Connection 2"
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
;proto tcp
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
####sk remote my-server-1 1194
;remote my-server-2 1194
remote vpnserver.scss.tcd.ie 1194
# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.
;remote-random
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Downgrade privileges after initialization (non-Windows only)
;user nobody
;group nogroup
# Try to preserve some state across restarts.
persist-key
persist-tun
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings
# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
ca ca.crt
####sk
####sk cert client.crt
####sk key client.key
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
ns-cert-type server
# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher x
####sk
cipher BF-CBC
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
# Set log file verbosity.
verb 3
# Silence repeating messages
;mute 20
####sk We're going to do username/password authentication,
####sk so this must appear here:
auth-user-pass
================================================================================
There are no unusual files in scss.tblk
================================================================================
Configuration preferences:
useDNS = 1
-lastConnectionSucceeded = 1
-tunnelDownSoundName = Tink
-tunnelUpSoundName = Tink
================================================================================
Wildcard preferences:
================================================================================
Program preferences:
launchAtNextLogin = 1
notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
askedUserIfOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
tunnelblickVersionHistory = (
"3.4.2 (build 4055.4161)"
)
lastLaunchTime = 441556999.088825
connectionWindowDisplayCriteria = showWhenConnecting
maxLogDisplaySize = 102400
lastConnectedDisplayName = scss
installationUID (not shown)
keyboardShortcutIndex = 1
updateCheckAutomatically = 1
updateSendProfileInfo = 1
NSWindow Frame ConnectingWindow = 754 689 412 260 0 0 1920 1178
detailsWindowFrameVersion = 4055.4161
detailsWindowFrame = {{502, 533}, {916, 468}}
detailsWindowLeftFrame = {{0, 0}, {163, 350}}
leftNavSelectedDisplayName = scss
haveDealtWithSparkle1dot5b6 = 1
haveDealtWithOldTunTapPreferences = 1
haveDealtWithOldLoginItem = 1
SUEnableAutomaticChecks = 1
SUFeedURL = https://www.tunnelblick.net/appcast-s.rss
SUScheduledCheckInterval = 86400
SUSendProfileInfo = 1
SULastCheckTime = 2014-12-29 14:43:18 +0000
SULastProfileSubmissionDate = 2014-12-28 17:28:32 +0000
SUHasLaunchedBefore = 1
WebKitDefaultFontSize = 16
WebKitStandardFont = Times
================================================================================
Tunnelblick Log:
2014-12-29 17:07:50 *Tunnelblick: OS X 10.9.4; Tunnelblick 3.4.2 (build 4055.4161)
2014-12-29 17:07:50 *Tunnelblick: Attempting connection with scss using shadow copy; Set nameserver = 1; monitoring connection
2014-12-29 17:07:50 *Tunnelblick: openvpnstart start scss.tblk 1338 1 0 1 0 16688 -ptADGNWradsgnw 2.3.6
2014-12-29 17:07:51 *Tunnelblick: openvpnstart log:
Tunnelblick:
OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.6/openvpn
--daemon
--log
/Library/Application Support/Tunnelblick/Logs/-SUsers-Susername-SLibrary-SApplication Support-STunnelblick-SConfigurations-Sscss.tblk-SContents-SResources-Sconfig.ovpn.1_0_1_0_16688.1338.openvpn.log
--cd
/Library/Application Support/Tunnelblick/Users/username/scss.tblk/Contents/Resources
--config
/Library/Application Support/Tunnelblick/Users/username/scss.tblk/Contents/Resources/config.ovpn
--cd
/Library/Application Support/Tunnelblick/Users/username/scss.tblk/Contents/Resources
--management
127.0.0.1
1338
--management-query-passwords
--management-hold
--script-security
2
--up
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -f -ptADGNWradsgnw
--down
/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -f -ptADGNWradsgnw
2014-12-29 17:07:50 *Tunnelblick: openvpnstart starting OpenVPN
2014-12-29 17:07:51 *Tunnelblick: Established communication with OpenVPN
2014-12-29 17:07:51 OpenVPN 2.3.6 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Dec 1 2014
2014-12-29 17:07:51 library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.08
2014-12-29 17:07:51 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1338
2014-12-29 17:07:51 Need hold release from management interface, waiting...
2014-12-29 17:07:51 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1338
2014-12-29 17:07:51 MANAGEMENT: CMD 'pid'
2014-12-29 17:07:51 MANAGEMENT: CMD 'state on'
2014-12-29 17:07:51 MANAGEMENT: CMD 'state'
2014-12-29 17:07:51 MANAGEMENT: CMD 'bytecount 1'
2014-12-29 17:07:51 MANAGEMENT: CMD 'hold release'
2014-12-29 17:08:15 MANAGEMENT: CMD 'username "Auth" "*********************"' (redacted by me)
2014-12-29 17:08:15 MANAGEMENT: CMD 'password [...]'
2014-12-29 17:08:15 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2014-12-29 17:08:15 Socket Buffers: R=[196724->65536] S=[9216->65536]
2014-12-29 17:08:15 MANAGEMENT: >STATE:1419872895,RESOLVE,,,
2014-12-29 17:08:19 UDPv4 link local: [undef]
2014-12-29 17:08:19 UDPv4 link remote: [AF_INET]134.226.56.5:1194
2014-12-29 17:08:19 MANAGEMENT: >STATE:1419872899,WAIT,,,
2014-12-29 17:08:20 MANAGEMENT: >STATE:1419872900,AUTH,,,
2014-12-29 17:08:20 TLS: Initial packet from [AF_INET]134.226.56.5:1194, sid=f695b218 9706aebe
2014-12-29 17:08:20 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2014-12-29 17:08:20 VERIFY OK: depth=1, C=IE, ST=Ireland, L=Dublin, O=Trinity College, OU=SCSS, CN=vpnserver.scss.tcd.ie, name=System Administrator, emailAddress=scss-unix-admins@scss.tcd.ie
2014-12-29 17:08:20 VERIFY OK: nsCertType=SERVER
2014-12-29 17:08:20 VERIFY OK: depth=0, C=IE, ST=Ireland, L=Dublin, O=Trinity College, OU=SCSS, CN=vpnserver.scss.tcd.ie, name=System Administrator, emailAddress=scss-unix-admins@scss.tcd.ie
2014-12-29 17:08:20 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
2014-12-29 17:08:20 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2014-12-29 17:08:20 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
2014-12-29 17:08:20 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2014-12-29 17:08:20 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
2014-12-29 17:08:20 [vpnserver.scss.tcd.ie] Peer Connection Initiated with [AF_INET]134.226.56.5:1194
2014-12-29 17:08:21 MANAGEMENT: >STATE:1419872901,GET_CONFIG,,,
2014-12-29 17:08:22 SENT CONTROL [vpnserver.scss.tcd.ie]: 'PUSH_REQUEST' (status=1)
2014-12-29 17:08:22 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 134.226.32.58,dhcp-option DNS 134.226.56.13,dhcp-option DOMAIN scss.tcd.ie,route 10.32.101.1,topology net30,ping 10,ping-restart 120,ifconfig 10.32.101.194 10.32.101.193'
2014-12-29 17:08:22 OPTIONS IMPORT: timers and/or timeouts modified
2014-12-29 17:08:22 OPTIONS IMPORT: --ifconfig/up options modified
2014-12-29 17:08:22 OPTIONS IMPORT: route options modified
2014-12-29 17:08:22 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2014-12-29 17:08:22 Opened utun device utun0
2014-12-29 17:08:22 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
2014-12-29 17:08:22 MANAGEMENT: >STATE:1419872902,ASSIGN_IP,,10.32.101.194,
2014-12-29 17:08:22 /sbin/ifconfig utun0 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2014-12-29 17:08:22 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2014-12-29 17:08:22 /sbin/ifconfig utun0 10.32.101.194 10.32.101.193 mtu 1500 netmask 255.255.255.255 up
2014-12-29 17:08:22 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -f -ptADGNWradsgnw utun0 1500 1542 10.32.101.194 10.32.101.193 init
**********************************************
Start of output from client.up.tunnelblick.sh
Retrieved from OpenVPN: name server(s) [ 134.226.32.58 134.226.56.13 ], domain name [ scss.tcd.ie ], search domain(s) [ ], and SMB server(s) [ ]
Not aggregating ServerAddresses because running on OS X 10.6 or higher
Setting search domains to 'scss.tcd.ie' because running under OS X 10.6 or higher and the search domains were not set manually and 'Prepend domain name to search domains' was not selected
Saved the DNS and SMB configurations so they can be restored
Set ServerAddresses to 134.226.32.58 134.226.56.13
Set SearchDomains to scss.tcd.ie
Set DomainName to scss.tcd.ie
Flushed the DNS cache via dscacheutil
Notified mDNSResponder that the DNS cache was flushed
Setting up to monitor system configuration with process-network-changes
End of output from client.up.tunnelblick.sh
**********************************************
2014-12-29 17:08:26 *Tunnelblick: No 'connected.sh' script to execute
2014-12-29 17:08:26 *Tunnelblick: Could not determine this computer's apparent public IP address before the connection was completed
2014-12-29 17:08:26 /sbin/route add -net 134.226.56.5 192.168.1.1 255.255.255.255
add net 134.226.56.5: gateway 192.168.1.1
2014-12-29 17:08:26 /sbin/route add -net 0.0.0.0 10.32.101.193 128.0.0.0
add net 0.0.0.0: gateway 10.32.101.193
2014-12-29 17:08:26 /sbin/route add -net 128.0.0.0 10.32.101.193 128.0.0.0
add net 128.0.0.0: gateway 10.32.101.193
2014-12-29 17:08:26 MANAGEMENT: >STATE:1419872906,ADD_ROUTES,,,
2014-12-29 17:08:26 /sbin/route add -net 10.32.101.1 10.32.101.193 255.255.255.255
add net 10.32.101.1: gateway 10.32.101.193
2014-12-29 17:08:26 Initialization Sequence Completed
2014-12-29 17:08:26 MANAGEMENT: >STATE:1419872906,CONNECTED,SUCCESS,10.32.101.194,134.226.56.5
2014-12-29 17:08:31 *Tunnelblick process-network-changes: A system configuration change was ignored
================================================================================
Console Log:
2014-12-29 14:43:18 Tunnelblick[487] Set program update feedURL to https://www.tunnelblick.net/appcast-s.rss
2014-12-29 16:17:16 Tunnelblick[487] currentIPInfo(Name): IP address info could not be fetched within 30.0 seconds
2014-12-29 16:17:16 Tunnelblick[487] After 30.0 seconds, gave up trying to fetch IP address information before connecting
2014-12-29 16:17:16 Tunnelblick[487] [QL] QLError(): +[QLSeamlessDocumentOpener seamlessDocumentOpenerForURL:] should only be called in the main thread
2014-12-29 16:17:16 Tunnelblick[487] [QL] QLError(): -[QLSeamlessDocumentOpener showWindow:contentFrame:withBlock:] should only be called in the main thread
2014-12-29 16:17:16 Tunnelblick[487] [QL] QLError(): +[QLSeamlessDocumentOpener seamlessDocumentOpenerForURL:] should only be called in the main thread
2014-12-29 16:17:16 Tunnelblick[487] [QL] QLError(): -[QLSeamlessDocumentOpener showWindow:contentFrame:withBlock:] should only be called in the main thread
2014-12-29 16:17:16 Tunnelblick[487] CoreAnimation: warning, deleted thread with uncommitted CATransaction; set CA_DEBUG_TRANSACTIONS=1 in environment to log backtraces.
2014-12-29 16:17:17 Tunnelblick[487] Couldn't contact spell checker for U.S. English
2014-12-29 16:20:09 Tunnelblick[487] startDisconnectingUserKnows: while already disconnecting 'scss'; OpenVPN state = 'DISCONNECTING'
2014-12-29 16:21:01 Tunnelblick[487] currentIPInfo(Name): IP address info could not be fetched within 30.0 seconds
2014-12-29 16:39:17 Tunnelblick[487] currentIPInfo(Name): IP address info could not be fetched within 30.0 seconds
2014-12-29 16:43:57 Tunnelblick[487] currentIPInfo(Name): IP address info could not be fetched within 30.0 seconds
2014-12-29 16:46:05 Tunnelblick[487] currentIPInfo(Name): IP address info could not be fetched within 30.0 seconds
2014-12-29 16:46:40 Tunnelblick[487] currentIPInfo(Name): IP address info could not be fetched within 30.0 seconds
2014-12-29 16:47:15 Tunnelblick[487] currentIPInfo(Name): IP address info could not be fetched within 30.0 seconds
2014-12-29 16:53:41 Tunnelblick[487] currentIPInfo(Name): IP address info could not be fetched within 30.0 seconds
2014-12-29 16:54:43 Tunnelblick[487] currentIPInfo(Name): IP address info could not be fetched within 30.0 seconds
2014-12-29 16:56:11 Tunnelblick[487] currentIPInfo(Name): IP address info could not be fetched within 30.0 seconds
2014-12-29 16:56:42 Tunnelblick[487] currentIPInfo(Name): IP address info could not be fetched within 30.0 seconds
2014-12-29 17:05:17 Tunnelblick[487] currentIPInfo(Name): IP address info could not be fetched within 30.0 seconds
2014-12-29 17:05:17 Tunnelblick[487] After 30.0 seconds, gave up trying to fetch IP address information before connecting
2014-12-29 17:05:17 Tunnelblick[487] [QL] QLError(): +[QLSeamlessDocumentOpener seamlessDocumentOpenerForURL:] should only be called in the main thread
2014-12-29 17:05:17 Tunnelblick[487] [QL] QLError(): -[QLSeamlessDocumentOpener showWindow:contentFrame:withBlock:] should only be called in the main thread
2014-12-29 17:05:17 Tunnelblick[487] [QL] QLError(): +[QLSeamlessDocumentOpener seamlessDocumentOpenerForURL:] should only be called in the main thread
2014-12-29 17:05:17 Tunnelblick[487] [QL] QLError(): -[QLSeamlessDocumentOpener showWindow:contentFrame:withBlock:] should only be called in the main thread
2014-12-29 17:05:17 Tunnelblick[487] CoreAnimation: warning, deleted thread with uncommitted CATransaction; set CA_DEBUG_TRANSACTIONS=1 in environment to log backtraces.
2014-12-29 17:07:32 Tunnelblick[487] currentIPInfo(Name): IP address info could not be fetched within 30.0 seconds
2014-12-29 17:08:20 Tunnelblick[487] currentIPInfo(Name): IP address info could not be fetched within 30.0 seconds
2014-12-29 17:08:20 Tunnelblick[487] After 30.0 seconds, gave up trying to fetch IP address information before connecting
2014-12-29 17:08:20 Tunnelblick[487] [QL] QLError(): +[QLSeamlessDocumentOpener seamlessDocumentOpenerForURL:] should only be called in the main thread
2014-12-29 17:08:20 Tunnelblick[487] [QL] QLError(): -[QLSeamlessDocumentOpener showWindow:contentFrame:withBlock:] should only be called in the main thread
2014-12-29 17:08:20 Tunnelblick[487] [QL] QLError(): +[QLSeamlessDocumentOpener seamlessDocumentOpenerForURL:] should only be called in the main thread
2014-12-29 17:08:20 Tunnelblick[487] [QL] QLError(): -[QLSeamlessDocumentOpener showWindow:contentFrame:withBlock:] should only be called in the main thread
2014-12-29 17:08:20 Tunnelblick[487] CoreAnimation: warning, deleted thread with uncommitted CATransaction; set CA_DEBUG_TRANSACTIONS=1 in environment to log backtraces.
================================================================================
Non-Apple kexts that are loaded:
Index Refs Address Size Wired Name (Version) <Linked Against>
120 0 0xffffff7f81cc2000 0x3000 0x3000 com.eltima.ElmediaPlayer.kext (1.0) <4 1>
aaa.bbb.ccc.ddd,nnnnn,205.233.73.116
...