Tunnelblick won't connect to OpenVPN server on Windows 7 PC

159 views

Skip to first unread message

JARMAR

unread,

Mar 21, 2015, 11:29:11 PM3/21/15

to tunnelbli...@googlegroups.com

I have a Windows 7 computer hosting the OpenVPN server. Everything works fine from Windows computers. Took the same config file and certificates and tried to connect to same server from Mac OS 10.8.5. Tunnelblick indicates that it is connected yet I am unable to ping the server. Turned off the firewall but no change. Not sure if something different needs to be done on a Mac than from a PC. My client config file is:

The log file from Tunnelblick is as follows, hopefully someone can read this and determine what is going wrong. Also every time I disconnect the session I loose my network connection and have to reboot my computer.

*Tunnelblick: OS X 10.8.5; Tunnelblick 3.5beta08 (build 4236); Admin user

Configuration office

================================================================================

"Sanitized" full configuration file

client

dev tun

proto udp

remote x.x.x.x 1194

resolv-retry infinite

nobind

persist-key

persist-tun

ca "ca-cas.crt"

cert "laura.crt"

key "laura.key"

tls-auth "ta-cas.key" 1

comp-lzo

verb 3

mute 20

================================================================================

There are no unusual files in office.tblk

================================================================================

Configuration preferences:

-lastConnectionSucceeded = 1

================================================================================

Wildcard preferences:

================================================================================

Program preferences:

launchAtNextLogin = 1

notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0 askedUserIfOKToCheckThatIPAddressDidNotChangeAfterConnection = 1 tunnelblickVersionHistory = (

"3.5beta08 (build 4236)"

)

lastLaunchTime = 448663670.875487

connectionWindowDisplayCriteria = showWhenConnecting maxLogDisplaySize = 102400 lastConnectedDisplayName = office keyboardShortcutIndex = 1 updateCheckAutomatically = 0 updateSendProfileInfo = 0 NSWindow Frame ConnectingWindow = 765 654 389 187 0 0 1920 1058 leftNavSelectedDisplayName = office

haveDealtWithSparkle1dot5b6 = 1

haveDealtWithOldTunTapPreferences = 1

haveDealtWithOldLoginItem = 1

SUEnableAutomaticChecks = 0

SUFeedURL = https://www.tunnelblick.net/appcast-b.rss

SUScheduledCheckInterval = 86400

SUSendProfileInfo = 0

SULastCheckTime = 2015-03-21 20:47:30 +0000 SUHasLaunchedBefore = 1 WebKitDefaultFontSize = 16 WebKitStandardFont = Times

================================================================================

Tunnelblick Log:

2015-03-21 13:48:43 *Tunnelblick: OS X 10.8.5; Tunnelblick 3.5beta08 (build 4236)

2015-03-21 13:48:44 *Tunnelblick: Attempting connection with office using shadow copy; Set nameserver = 1; monitoring connection

2015-03-21 13:48:44 *Tunnelblick: openvpnstart start office.tblk 1337 1 0 1 0 16688 -ptADGNWradsgnw 2.3.6

2015-03-21 13:48:44 *Tunnelblick: openvpnstart starting OpenVPN

2015-03-21 13:48:45 OpenVPN 2.3.6 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Mar 19 2015

2015-03-21 13:48:45 library versions: OpenSSL 1.0.1m 19 Mar 2015, LZO 2.08

2015-03-21 13:48:45 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337

2015-03-21 13:48:45 Need hold release from management interface, waiting...

2015-03-21 13:48:46 *Tunnelblick: openvpnstart log:

OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):

/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.6/openvpn

--daemon

--log

/Library/Application Support/Tunnelblick/Logs/-SUsers-Slaurie-SLibrary-SApplication Support-STunnelblick-SConfigurations-Soffice.tblk-SContents-SResources-Sconfig.ovpn.1_0_1_0_16688.1337.openvpn.log

--cd

/Library/Application Support/Tunnelblick/Users/laurie/office.tblk/Contents/Resources

--config

/Library/Application Support/Tunnelblick/Users/laurie/office.tblk/Contents/Resources/config.ovpn

--cd

/Library/Application Support/Tunnelblick/Users/laurie/office.tblk/Contents/Resources

--management

127.0.0.1

1337

--management-query-passwords

--management-hold

--script-security

--up

/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -d -f -m -w -ptADGNWradsgnw

--down

/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -d -f -m -w -ptADGNWradsgnw

2015-03-21 13:48:46 *Tunnelblick: Established communication with OpenVPN

2015-03-21 13:48:46 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337

2015-03-21 13:48:46 MANAGEMENT: CMD 'pid'

2015-03-21 13:48:46 MANAGEMENT: CMD 'state on'

2015-03-21 13:48:46 MANAGEMENT: CMD 'state'

2015-03-21 13:48:46 MANAGEMENT: CMD 'bytecount 1'

2015-03-21 13:48:46 MANAGEMENT: CMD 'hold release'

2015-03-21 13:48:46 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

2015-03-21 13:48:46 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2015-03-21 13:48:46 Control Channel Authentication: using 'ta-cas.key' as a OpenVPN static key file

2015-03-21 13:48:46 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

2015-03-21 13:48:46 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

2015-03-21 13:48:46 Socket Buffers: R=[196724->65536] S=[9216->65536]

2015-03-21 13:48:46 UDPv4 link local: [undef]

2015-03-21 13:48:46 UDPv4 link remote: [AF_INET]x.x.x.x:1194

2015-03-21 13:48:46 MANAGEMENT: >STATE:1426970926,WAIT,,,

2015-03-21 13:48:46 MANAGEMENT: >STATE:1426970926,AUTH,,,

2015-03-21 13:48:46 TLS: Initial packet from [AF_INET]x.x.x.x:1194, sid=702bbd78 b34b2f7b

2015-03-21 13:48:46 VERIFY OK: depth=1, C=US, ST=WA, L=City, O=office, OU=LEGAL, CN=Office, name=Office-Key, emailAddress=off...@Office.com

2015-03-21 13:48:46 VERIFY OK: depth=0, C=US, ST=WA, L=City, O=office, OU=LEGAL, CN=Office, name=Office-Key, emailAddress=off...@Office.com

2015-03-21 13:48:47 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key

2015-03-21 13:48:47 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

2015-03-21 13:48:47 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key

2015-03-21 13:48:47 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

2015-03-21 13:48:47 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA

2015-03-21 13:48:47 [Office] Peer Connection Initiated with [AF_INET]x.x.x.x:1194

2015-03-21 13:48:49 MANAGEMENT: >STATE:1426970929,GET_CONFIG,,,

2015-03-21 13:48:50 SENT CONTROL [Office]: 'PUSH_REQUEST' (status=1)

2015-03-21 13:48:50 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.10 10.8.0.9'

2015-03-21 13:48:50 OPTIONS IMPORT: timers and/or timeouts modified

2015-03-21 13:48:50 OPTIONS IMPORT: --ifconfig/up options modified

2015-03-21 13:48:50 OPTIONS IMPORT: route options modified

2015-03-21 13:48:50 Opened utun device utun0

2015-03-21 13:48:50 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0

2015-03-21 13:48:50 MANAGEMENT: >STATE:1426970930,ASSIGN_IP,,10.8.0.10,

2015-03-21 13:48:50 /sbin/ifconfig utun0 delete

ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address

2015-03-21 13:48:50 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure

2015-03-21 13:48:50 /sbin/ifconfig utun0 10.8.0.10 10.8.0.9 mtu 1500 netmask 255.255.255.255 up

2015-03-21 13:48:50 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -d -f -m -w -ptADGNWradsgnw utun0 1500 1542 10.8.0.10 10.8.0.9 init

**********************************************

Start of output from client.up.tunnelblick.sh

No network configuration changes need to be made.

Will NOT monitor for other network configuration changes.

There are no DNS servers in this computer's new network configuration. This computer or a DHCP server that this computer uses may be configured incorrectly.

Flushed the DNS cache via dscacheutil

/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil

Notified mDNSResponder that the DNS cache was flushed

End of output from client.up.tunnelblick.sh

**********************************************

2015-03-21 13:48:52 *Tunnelblick: No 'connected.sh' script to execute

2015-03-21 13:48:52 MANAGEMENT: >STATE:1426970932,ADD_ROUTES,,,

2015-03-21 13:48:52 /sbin/route add -net 192.168.1.0 10.8.0.9 255.255.255.0

route: writing to routing socket: File exists

add net 192.168.1.0: gateway 10.8.0.9: File exists

2015-03-21 13:48:52 /sbin/route add -net 10.8.0.1 10.8.0.9 255.255.255.255

add net 10.8.0.1: gateway 10.8.0.9

2015-03-21 13:48:52 Initialization Sequence Completed

2015-03-21 13:48:52 MANAGEMENT: >STATE:1426970932,CONNECTED,SUCCESS,10.8.0.10,x.x.x.x

2015-03-21 13:48:58 *Tunnelblick: This computer's apparent public IP address (y.y.y.y) was unchanged after the connection was made

jkbull...gmail.com

unread,

Mar 22, 2015, 9:28:07 AM3/22/15

to tunnelbli...@googlegroups.com

Thanks for providing the diagnostic info.

Several comments:

1. You should probably set up to route everything through the VPN:

Select the configuration(s) you want to apply the change to on the left side of the "VPN Details…" window.
Click the "Advanced" button.
Click the "While Connected" tab.
Make sure there is a check next to "Route all IPv4 traffic through the VPN".

2. You should probably set up to reset the primary interface after disconnecting:

Select the configuration(s) you want to apply the change to on the left side of the "VPN Details…" window.
Click the "Advanced" button.
Click the "Connecting & Disconnecting" tab.
Make sure there is a check next to "Reset the primary interface after disconnecting".

3. Many commands on OS X (including "ping") do not use the standard OS X DNS resolution used throughout the system, so they can give misleading results.

4. This entry is interesting:

2015-03-21 13:48:52 /sbin/route add -net 192.168.1.0 10.8.0.9 255.255.255.0

route: writing to routing socket: File exists

It means that the routing may not being done properly.

5. This is OK:

No network configuration changes need to be made.
Will NOT monitor for other network configuration changes.

6. The following message is incorrect and is caused by a bug in Tunnelblick, so it can be ignored:

There are no DNS servers in this computer's new network configuration. This computer or a DHCP server that this computer uses may be configured incorrectly.

There are DNS servers, but because Tunnelblick isn't making any network configuration changes, Tunnelblick didn't detect them properly.

JARMAR

unread,

Mar 22, 2015, 2:47:57 PM3/22/15

to tunnelbli...@googlegroups.com

Thanks for the response, I tried as you indicated and still no success. The network still breaks when closing the tunnel even after making the change indicated. I do think the error has something to do with the routing table but not sure what. I am attaching the output of the routing table and also the interface config. Hopefully this may shed some more light as to if there is a problem with the routing table or something else.

% netstat -rn

Routing tables

Internet:

Destination Gateway Flags Refs Use Netif Expire

0/1 10.8.0.9 UGSc 10 0 utun0

default 192.168.1.1 UGSc 1 0 en1

10.8.0.1/32 10.8.0.9 UGSc 0 0 utun0

10.8.0.9 10.8.0.10 UHr 21 0 utun0

127 127.0.0.1 UCS 0 0 lo0

127.0.0.1 127.0.0.1 UH 4 1216 lo0

128.0/1 10.8.0.9 UGSc 8 0 utun0

169.254 link#5 UCS 0 0 en1

192.168.1 link#5 UC 7 0 en1

192.168.1.1 c0:c1:c0:a2:73:9e UHLWIir 3 50 en1 1089

192.168.1.100 0:80:77:d6:2b:a3 UHLWIi 0 0 en1 925

192.168.1.104 link#5 UHRLWIi 0 9 en1

192.168.1.118 0:c6:10:f2:31:a9 UHLWIi 0 0 en1 680

192.168.1.124 a8:fa:d8:28:46:f UHLWIi 0 0 en1 1064

192.168.1.125 127.0.0.1 UHS 0 482 lo0

192.168.1.144 bc:77:37:4c:c6:fb UHLWIi 0 0 en1 1169

192.168.1.255 ff:ff:ff:ff:ff:ff UHLWbI 0 12 en1

207.14.34.31/32 192.168.1.1 UGSc 1 0 en1

% ifconfig

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384

options=3<RXCSUM,TXCSUM>

inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1

inet 127.0.0.1 netmask 0xff000000

inet6 ::1 prefixlen 128

gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280

stf0: flags=0<> mtu 1280

en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

options=27<RXCSUM,TXCSUM,VLAN_MTU,TSO4>

ether d4:9a:20:da:b3:ce

media: autoselect

status: inactive

en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

ether d4:9a:20:60:ae:27

inet6 fe80::d69a:20ff:fe60:ae27%en1 prefixlen 64 scopeid 0x5

inet 192.168.1.125 netmask 0xffffff00 broadcast 192.168.1.255

media: autoselect

status: active

p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304

ether 06:9a:20:60:ae:27

media: autoselect

status: active

fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078

lladdr d4:9a:20:ff:fe:da:b3:ce

media: autoselect <full-duplex>

status: inactive

utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500

inet 10.8.0.10 --> 10.8.0.9 netmask 0xffffffff

Reply all

Reply to author

Forward

0 new messages