TLS Error: TLS handshake failed

381 views
Skip to first unread message

hat...@gmail.com

unread,
Feb 16, 2016, 6:13:38 AM2/16/16
to tunnelblick-discuss

I can connect to my OpenVPN by iPhone or Android Phone but I cannot connect from my MAC or PC.   Does anyone have the same problem?


Client config:

verb 4

dev tun0

persist-tun

persist-key

proto udp

cipher AES-256-CBC

auth SHA512

remote-cert-tls server

ns-cert-type server

tls-client

client

remote 122.2.1.11194

link-mtu 1601




Log:


2016-02-16 18:24:51 *Tunnelblick: Established communication with OpenVPN

2016-02-16 18:24:51 us=722798 Current Parameter Settings:

2016-02-16 18:24:51 us=722992   config = '/Library/Application Support/Tunnelblick/Users/ha/xxx.tblk/Contents/Resources/config.ovpn'

2016-02-16 18:24:51 us=723002   mode = 0

2016-02-16 18:24:51 us=723007   show_ciphers = DISABLED

2016-02-16 18:24:51 us=723012   show_digests = DISABLED

2016-02-16 18:24:51 us=723017   show_engines = DISABLED

2016-02-16 18:24:51 us=723021   genkey = DISABLED

2016-02-16 18:24:51 us=723026   key_pass_file = '[UNDEF]'

2016-02-16 18:24:51 us=723030   show_tls_ciphers = DISABLED

2016-02-16 18:24:51 us=723035 Connection profiles [default]:

2016-02-16 18:24:51 us=723040   proto = udp

2016-02-16 18:24:51 us=723044   local = '[UNDEF]'

2016-02-16 18:24:51 us=723049   local_port = 1194

2016-02-16 18:24:51 us=723053   remote = '122.2.1.1'

2016-02-16 18:24:51 us=723058   remote_port = 1194

2016-02-16 18:24:51 us=723063   remote_float = DISABLED

2016-02-16 18:24:51 us=723067   bind_defined = DISABLED

2016-02-16 18:24:51 us=723072   bind_local = ENABLED

2016-02-16 18:24:51 us=723076   connect_retry_seconds = 5

2016-02-16 18:24:51 us=723081   connect_timeout = 10

2016-02-16 18:24:51 us=723085   connect_retry_max = 0

2016-02-16 18:24:51 us=723090   xormethod = 0

2016-02-16 18:24:51 us=723096   xormask = ''

2016-02-16 18:24:51 us=723101   xormasklen = 0

2016-02-16 18:24:51 us=723105   socks_proxy_server = '[UNDEF]'

2016-02-16 18:24:51 us=723110   socks_proxy_port = 0

2016-02-16 18:24:51 us=723114   socks_proxy_retry = DISABLED

2016-02-16 18:24:51 us=723119   tun_mtu = 1500

2016-02-16 18:24:51 us=723123   tun_mtu_defined = DISABLED

2016-02-16 18:24:51 us=723128   link_mtu = 1601

2016-02-16 18:24:51 us=723132   link_mtu_defined = ENABLED

2016-02-16 18:24:51 us=723136   tun_mtu_extra = 0

2016-02-16 18:24:51 us=723141   tun_mtu_extra_defined = DISABLED

2016-02-16 18:24:51 us=723145   mtu_discover_type = -1

2016-02-16 18:24:51 us=723150   fragment = 0

2016-02-16 18:24:51 us=723154   mssfix = 1450

2016-02-16 18:24:51 us=723159   explicit_exit_notification = 0

2016-02-16 18:24:51 us=723163 Connection profiles END

2016-02-16 18:24:51 us=723178   remote_random = DISABLED

2016-02-16 18:24:51 us=723183   ipchange = '[UNDEF]'

2016-02-16 18:24:51 us=723187   dev = 'tun0'

2016-02-16 18:24:51 us=723191   dev_type = '[UNDEF]'

2016-02-16 18:24:51 us=723196   dev_node = '[UNDEF]'

2016-02-16 18:24:51 us=723200   lladdr = '[UNDEF]'

2016-02-16 18:24:51 us=723204   topology = 1

2016-02-16 18:24:51 us=723209   tun_ipv6 = DISABLED

2016-02-16 18:24:51 us=723213   ifconfig_local = '[UNDEF]'

2016-02-16 18:24:51 us=723218   ifconfig_remote_netmask = '[UNDEF]'

2016-02-16 18:24:51 us=723222   ifconfig_noexec = DISABLED

2016-02-16 18:24:51 us=723226   ifconfig_nowarn = DISABLED

2016-02-16 18:24:51 us=723231   ifconfig_ipv6_local = '[UNDEF]'

2016-02-16 18:24:51 us=723235   ifconfig_ipv6_netbits = 0

2016-02-16 18:24:51 us=723239   ifconfig_ipv6_remote = '[UNDEF]'

2016-02-16 18:24:51 us=723244   shaper = 0

2016-02-16 18:24:51 us=723248   mtu_test = 1

2016-02-16 18:24:51 us=723252   mlock = DISABLED

2016-02-16 18:24:51 us=723257   keepalive_ping = 0

2016-02-16 18:24:51 us=723261   keepalive_timeout = 0

2016-02-16 18:24:51 us=723265   inactivity_timeout = 0

2016-02-16 18:24:51 us=723270   ping_send_timeout = 0

2016-02-16 18:24:51 us=723274   ping_rec_timeout = 0

2016-02-16 18:24:51 us=723278   ping_rec_timeout_action = 0

2016-02-16 18:24:51 us=723283   ping_timer_remote = DISABLED

2016-02-16 18:24:51 us=723287   remap_sigusr1 = 0

2016-02-16 18:24:51 us=723291   persist_tun = ENABLED

2016-02-16 18:24:51 us=723296   persist_local_ip = DISABLED

2016-02-16 18:24:51 us=723300   persist_remote_ip = DISABLED

2016-02-16 18:24:51 us=723304   persist_key = ENABLED

2016-02-16 18:24:51 us=723315   passtos = DISABLED

2016-02-16 18:24:51 us=723320   resolve_retry_seconds = 1000000000

2016-02-16 18:24:51 us=723324   username = '[UNDEF]'

2016-02-16 18:24:51 us=723329   groupname = '[UNDEF]'

2016-02-16 18:24:51 us=723333   chroot_dir = '[UNDEF]'

2016-02-16 18:24:51 us=723338   cd_dir = '/Library/Application Support/Tunnelblick/Users/ha/xxx.tblk/Contents/Resources'

2016-02-16 18:24:51 us=723342   writepid = '[UNDEF]'

2016-02-16 18:24:51 us=723346   up_script = '[UNDEF]'

2016-02-16 18:24:51 us=723351   down_script = '/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -p -r -w -ptADGNWradsgnw'

2016-02-16 18:24:51 us=723355   down_pre = DISABLED

2016-02-16 18:24:51 us=723360   up_restart = DISABLED

2016-02-16 18:24:51 us=723364   up_delay = DISABLED

2016-02-16 18:24:51 us=723368   daemon = ENABLED

2016-02-16 18:24:51 us=723373   inetd = 0

2016-02-16 18:24:51 us=723377   log = ENABLED

2016-02-16 18:24:51 us=723381   suppress_timestamps = DISABLED

2016-02-16 18:24:51 us=723386   nice = 0

2016-02-16 18:24:51 us=723390   verbosity = 4

2016-02-16 18:24:51 us=723394   mute = 0

2016-02-16 18:24:51 us=723399   status_file = '[UNDEF]'

2016-02-16 18:24:51 us=723403   status_file_version = 1

2016-02-16 18:24:51 us=723408   status_file_update_freq = 60

2016-02-16 18:24:51 us=723412   occ = ENABLED

2016-02-16 18:24:51 us=723416   rcvbuf = 0

2016-02-16 18:24:51 us=723421   sndbuf = 0

2016-02-16 18:24:51 us=723425   sockflags = 0

2016-02-16 18:24:51 us=723429   fast_io = DISABLED

2016-02-16 18:24:51 us=723434   lzo = 0

2016-02-16 18:24:51 us=723438   route_script = '/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -p -r -w -ptADGNWradsgnw'

2016-02-16 18:24:51 us=723443   route_default_gateway = '[UNDEF]'

2016-02-16 18:24:51 us=723447   route_default_metric = 0

2016-02-16 18:24:51 us=723451   route_noexec = DISABLED

2016-02-16 18:24:51 us=723466   route_delay = 0

2016-02-16 18:24:51 us=723471   route_delay_window = 30

2016-02-16 18:24:51 us=723476   route_delay_defined = DISABLED

2016-02-16 18:24:51 us=723481   route_nopull = DISABLED

2016-02-16 18:24:51 us=723485   route_gateway_via_dhcp = DISABLED

2016-02-16 18:24:51 us=723490   max_routes = 100

2016-02-16 18:24:51 us=723495   allow_pull_fqdn = DISABLED

2016-02-16 18:24:51 us=723510   [redirect_default_gateway local=0]

2016-02-16 18:24:51 us=723515   management_addr = '127.0.0.1'

2016-02-16 18:24:51 us=723519   management_port = 1337

2016-02-16 18:24:51 us=723524   management_user_pass = '[UNDEF]'

2016-02-16 18:24:51 us=723529   management_log_history_cache = 250

2016-02-16 18:24:51 us=723534   management_echo_buffer_size = 100

2016-02-16 18:24:51 us=723539   management_write_peer_info_file = '[UNDEF]'

2016-02-16 18:24:51 us=723544   management_client_user = '[UNDEF]'

2016-02-16 18:24:51 us=723549   management_client_group = '[UNDEF]'

2016-02-16 18:24:51 us=723553   management_flags = 6

2016-02-16 18:24:51 us=723558   shared_secret_file = '[UNDEF]'

2016-02-16 18:24:51 us=723563   key_direction = 0

2016-02-16 18:24:51 us=723568   ciphername_defined = ENABLED

2016-02-16 18:24:51 us=723572   ciphername = 'AES-256-CBC'

2016-02-16 18:24:51 us=723577   authname_defined = ENABLED

2016-02-16 18:24:51 us=723582   authname = 'SHA512'

2016-02-16 18:24:51 us=723587   prng_hash = 'SHA1'

2016-02-16 18:24:51 us=723592   prng_nonce_secret_len = 16

2016-02-16 18:24:51 us=723596   keysize = 0

2016-02-16 18:24:51 us=723601   engine = DISABLED

2016-02-16 18:24:51 us=723606   replay = ENABLED

2016-02-16 18:24:51 us=723611   mute_replay_warnings = DISABLED

2016-02-16 18:24:51 us=723615   replay_window = 64

2016-02-16 18:24:51 us=723620   replay_time = 15

2016-02-16 18:24:51 us=723629   packet_id_file = '[UNDEF]'

2016-02-16 18:24:51 us=723634   use_iv = ENABLED

2016-02-16 18:24:51 us=723639   test_crypto = DISABLED

2016-02-16 18:24:51 us=723644   tls_server = DISABLED

2016-02-16 18:24:51 us=723648   tls_client = ENABLED

2016-02-16 18:24:51 us=723653   key_method = 2

2016-02-16 18:24:51 us=723658   ca_file = '[[INLINE]]'

2016-02-16 18:24:51 us=723663   ca_path = '[UNDEF]'

2016-02-16 18:24:51 us=723667   dh_file = '[UNDEF]'

2016-02-16 18:24:51 us=723672   cert_file = '[[INLINE]]'

2016-02-16 18:24:51 us=723677   extra_certs_file = '[UNDEF]'

2016-02-16 18:24:51 us=723682   priv_key_file = '[[INLINE]]'

2016-02-16 18:24:51 us=723686   pkcs12_file = '[UNDEF]'

2016-02-16 18:24:51 us=723691   cipher_list = '[UNDEF]'

2016-02-16 18:24:51 us=723696   tls_verify = '[UNDEF]'

2016-02-16 18:24:51 us=723700   tls_export_cert = '[UNDEF]'

2016-02-16 18:24:51 us=723705   verify_x509_type = 0

2016-02-16 18:24:51 us=723710   verify_x509_name = '[UNDEF]'

2016-02-16 18:24:51 us=723715   crl_file = '[UNDEF]'

2016-02-16 18:24:51 us=723719   ns_cert_type = 0

2016-02-16 18:24:51 us=723724   remote_cert_ku[i] = 160

2016-02-16 18:24:51 us=723729   remote_cert_ku[i] = 136

2016-02-16 18:24:51 us=723733   remote_cert_ku[i] = 0

2016-02-16 18:24:51 us=723738   remote_cert_ku[i] = 0

2016-02-16 18:24:51 us=723743   remote_cert_ku[i] = 0

2016-02-16 18:24:51 us=723747   remote_cert_ku[i] = 0

2016-02-16 18:24:51 us=723752   remote_cert_ku[i] = 0

2016-02-16 18:24:51 us=723757   remote_cert_ku[i] = 0

2016-02-16 18:24:51 us=723761   remote_cert_ku[i] = 0

2016-02-16 18:24:51 us=723766   remote_cert_ku[i] = 0

2016-02-16 18:24:51 us=723770   remote_cert_ku[i] = 0

2016-02-16 18:24:51 us=723775   remote_cert_ku[i] = 0

2016-02-16 18:24:51 us=723780   remote_cert_ku[i] = 0

2016-02-16 18:24:51 us=723784   remote_cert_ku[i] = 0

2016-02-16 18:24:51 us=723789   remote_cert_ku[i] = 0

2016-02-16 18:24:51 us=723793   remote_cert_ku[i] = 0

2016-02-16 18:24:51 us=723798   remote_cert_eku = 'TLS Web Server Authentication'

2016-02-16 18:24:51 us=723803   ssl_flags = 0

2016-02-16 18:24:51 us=723808   tls_timeout = 2

2016-02-16 18:24:51 us=723813   renegotiate_bytes = 0

2016-02-16 18:24:51 us=723817   renegotiate_packets = 0

2016-02-16 18:24:51 us=723822   renegotiate_seconds = 3600

2016-02-16 18:24:51 us=723827   handshake_window = 60

2016-02-16 18:24:51 us=723831   transition_window = 3600

2016-02-16 18:24:51 us=723836   single_session = DISABLED

2016-02-16 18:24:51 us=723851   push_peer_info = DISABLED

2016-02-16 18:24:51 us=723856   tls_exit = DISABLED

2016-02-16 18:24:51 us=723860   tls_auth_file = '[UNDEF]'

2016-02-16 18:24:51 us=723865   pkcs11_protected_authentication = DISABLED

2016-02-16 18:24:51 us=723870   pkcs11_protected_authentication = DISABLED

2016-02-16 18:24:51 us=723875   pkcs11_protected_authentication = DISABLED

2016-02-16 18:24:51 us=723879   pkcs11_protected_authentication = DISABLED

2016-02-16 18:24:51 us=723884   pkcs11_protected_authentication = DISABLED

2016-02-16 18:24:51 us=723889   pkcs11_protected_authentication = DISABLED

2016-02-16 18:24:51 us=723893   pkcs11_protected_authentication = DISABLED

2016-02-16 18:24:51 us=723898   pkcs11_protected_authentication = DISABLED

2016-02-16 18:24:51 us=723903   pkcs11_protected_authentication = DISABLED

2016-02-16 18:24:51 us=723908   pkcs11_protected_authentication = DISABLED

2016-02-16 18:24:51 us=723912   pkcs11_protected_authentication = DISABLED

2016-02-16 18:24:51 us=723917   pkcs11_protected_authentication = DISABLED

2016-02-16 18:24:51 us=723922   pkcs11_protected_authentication = DISABLED

2016-02-16 18:24:51 us=723927   pkcs11_protected_authentication = DISABLED

2016-02-16 18:24:51 us=723931   pkcs11_protected_authentication = DISABLED

2016-02-16 18:24:51 us=723940   pkcs11_protected_authentication = DISABLED

2016-02-16 18:24:51 us=723946   pkcs11_private_mode = 00000000

2016-02-16 18:24:51 us=723950   pkcs11_private_mode = 00000000

2016-02-16 18:24:51 us=723955   pkcs11_private_mode = 00000000

2016-02-16 18:24:51 us=723960   pkcs11_private_mode = 00000000

2016-02-16 18:24:51 us=723965   pkcs11_private_mode = 00000000

2016-02-16 18:24:51 us=723969   pkcs11_private_mode = 00000000

2016-02-16 18:24:51 us=723974   pkcs11_private_mode = 00000000

2016-02-16 18:24:51 us=723979   pkcs11_private_mode = 00000000

2016-02-16 18:24:51 us=723983   pkcs11_private_mode = 00000000

2016-02-16 18:24:51 us=723988   pkcs11_private_mode = 00000000

2016-02-16 18:24:51 us=723993   pkcs11_private_mode = 00000000

2016-02-16 18:24:51 us=723998   pkcs11_private_mode = 00000000

2016-02-16 18:24:51 us=724002   pkcs11_private_mode = 00000000

2016-02-16 18:24:51 us=724007   pkcs11_private_mode = 00000000

2016-02-16 18:24:51 us=724012   pkcs11_private_mode = 00000000

2016-02-16 18:24:51 us=724016   pkcs11_private_mode = 00000000

2016-02-16 18:24:51 us=724021   pkcs11_cert_private = DISABLED

2016-02-16 18:24:51 us=724026   pkcs11_cert_private = DISABLED

2016-02-16 18:24:51 us=724030   pkcs11_cert_private = DISABLED

2016-02-16 18:24:51 us=724035   pkcs11_cert_private = DISABLED

2016-02-16 18:24:51 us=724039   pkcs11_cert_private = DISABLED

2016-02-16 18:24:51 us=724044   pkcs11_cert_private = DISABLED

2016-02-16 18:24:51 us=724049   pkcs11_cert_private = DISABLED

2016-02-16 18:24:51 us=724053   pkcs11_cert_private = DISABLED

2016-02-16 18:24:51 us=724058   pkcs11_cert_private = DISABLED

2016-02-16 18:24:51 us=724062   pkcs11_cert_private = DISABLED

2016-02-16 18:24:51 us=724067   pkcs11_cert_private = DISABLED

2016-02-16 18:24:51 us=724072   pkcs11_cert_private = DISABLED

2016-02-16 18:24:51 us=724079   pkcs11_cert_private = DISABLED

2016-02-16 18:24:51 us=724084   pkcs11_cert_private = DISABLED

2016-02-16 18:24:51 us=724088   pkcs11_cert_private = DISABLED

2016-02-16 18:24:51 us=724093   pkcs11_cert_private = DISABLED

2016-02-16 18:24:51 us=724098   pkcs11_pin_cache_period = -1

2016-02-16 18:24:51 us=724103   pkcs11_id = '[UNDEF]'

2016-02-16 18:24:51 us=724107   pkcs11_id_management = DISABLED

2016-02-16 18:24:51 us=724126   server_network = 0.0.0.0

2016-02-16 18:24:51 us=724132   server_netmask = 0.0.0.0

2016-02-16 18:24:51 us=724140   server_network_ipv6 = ::

2016-02-16 18:24:51 us=724145   server_netbits_ipv6 = 0

2016-02-16 18:24:51 us=724150   server_bridge_ip = 0.0.0.0

2016-02-16 18:24:51 us=724155   server_bridge_netmask = 0.0.0.0

2016-02-16 18:24:51 us=724161   server_bridge_pool_start = 0.0.0.0

2016-02-16 18:24:51 us=724166   server_bridge_pool_end = 0.0.0.0

2016-02-16 18:24:51 us=724171   ifconfig_pool_defined = DISABLED

2016-02-16 18:24:51 us=724176   ifconfig_pool_start = 0.0.0.0

2016-02-16 18:24:51 us=724182   ifconfig_pool_end = 0.0.0.0

2016-02-16 18:24:51 us=724187   ifconfig_pool_netmask = 0.0.0.0

2016-02-16 18:24:51 us=724192   ifconfig_pool_persist_filename = '[UNDEF]'

2016-02-16 18:24:51 us=724197   ifconfig_pool_persist_refresh_freq = 600

2016-02-16 18:24:51 us=724201   ifconfig_ipv6_pool_defined = DISABLED

2016-02-16 18:24:51 us=724206   ifconfig_ipv6_pool_base = ::

2016-02-16 18:24:51 us=724211   ifconfig_ipv6_pool_netbits = 0

2016-02-16 18:24:51 us=724216   n_bcast_buf = 256

2016-02-16 18:24:51 us=724221   tcp_queue_limit = 64

2016-02-16 18:24:51 us=724225   real_hash_size = 256

2016-02-16 18:24:51 us=724230   virtual_hash_size = 256

2016-02-16 18:24:51 us=724235   client_connect_script = '[UNDEF]'

2016-02-16 18:24:51 us=724240   learn_address_script = '[UNDEF]'

2016-02-16 18:24:51 us=724245   client_disconnect_script = '[UNDEF]'

2016-02-16 18:24:51 us=724249   client_config_dir = '[UNDEF]'

2016-02-16 18:24:51 us=724258   ccd_exclusive = DISABLED

2016-02-16 18:24:51 us=724264   tmp_dir = '/var/folders/jp/lvts0d2j043c_h649fmmss500000gn/T/'

2016-02-16 18:24:51 us=724268   push_ifconfig_defined = DISABLED

2016-02-16 18:24:51 us=724274   push_ifconfig_local = 0.0.0.0

2016-02-16 18:24:51 us=724279   push_ifconfig_remote_netmask = 0.0.0.0

2016-02-16 18:24:51 us=724284   push_ifconfig_ipv6_defined = DISABLED

2016-02-16 18:24:51 us=724289   push_ifconfig_ipv6_local = ::/0

2016-02-16 18:24:51 us=724294   push_ifconfig_ipv6_remote = ::

2016-02-16 18:24:51 us=724299   enable_c2c = DISABLED

2016-02-16 18:24:51 us=724304   duplicate_cn = DISABLED

2016-02-16 18:24:51 us=724308   cf_max = 0

2016-02-16 18:24:51 us=724313   cf_per = 0

2016-02-16 18:24:51 us=724318   max_clients = 1024

2016-02-16 18:24:51 us=724322   max_routes_per_client = 256

2016-02-16 18:24:51 us=724327   auth_user_pass_verify_script = '[UNDEF]'

2016-02-16 18:24:51 us=724332   auth_user_pass_verify_script_via_file = DISABLED

2016-02-16 18:24:51 us=724337   port_share_host = '[UNDEF]'

2016-02-16 18:24:51 us=724342   port_share_port = 0

2016-02-16 18:24:51 us=724346   client = DISABLED

2016-02-16 18:24:51 us=724351   pull = DISABLED

2016-02-16 18:24:51 us=724356   auth_user_pass_file = '[UNDEF]'

2016-02-16 18:24:51 us=724364 OpenVPN 2.3.10 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Feb  1 2016

2016-02-16 18:24:51 us=724371 library versions: OpenSSL 1.0.2f  28 Jan 2016, LZO 2.09

2016-02-16 18:24:51 us=725094 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337

2016-02-16 18:24:51 us=725205 Need hold release from management interface, waiting...

2016-02-16 18:24:51 us=882559 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337

2016-02-16 18:24:51 us=883628 MANAGEMENT: CMD 'pid'

2016-02-16 18:24:51 us=883815 MANAGEMENT: CMD 'state on'

2016-02-16 18:24:51 us=883896 MANAGEMENT: CMD 'state'

2016-02-16 18:24:51 us=883984 MANAGEMENT: CMD 'bytecount 1'

2016-02-16 18:24:51 us=884055 MANAGEMENT: CMD 'hold release'

2016-02-16 18:24:51 us=884400 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2016-02-16 18:24:51 us=885515 WARNING: Your certificate is not yet valid!

2016-02-16 18:24:51 us=885718 Control Channel MTU parms [ L:1601 D:1212 EF:38 EB:0 ET:0 EL:3 ]

2016-02-16 18:24:51 us=885804 Socket Buffers: R=[196724->196724] S=[9216->9216]

2016-02-16 18:24:51 us=886124 Opened utun device utun0

2016-02-16 18:24:51 us=886251 NOTE: unable to redirect default gateway -- VPN gateway parameter (--route-gateway or --ifconfig) is missing

                                        **********************************************

                                        Start of output from client.up.tunnelblick.sh

2016-02-16 18:24:51 *Tunnelblick: openvpnstart starting OpenVPN

                                        NOTE: No network configuration changes need to be made.

                                        WARNING: Will NOT monitor for other network configuration changes.

                                        WARNING: Will NOT disable IPv6 settings.

                                        DNS servers '192.168.2.245 192.168.2.249 8.8.8.8 8.8.4.4' were set manually

                                        DNS servers '192.168.2.245 192.168.2.249 8.8.8.8 8.8.4.4' will be used for DNS queries when the VPN is active

                                        NOTE: The DNS servers include one or more free public DNS servers known to Tunnelblick and one or more DNS servers not known to Tunnelblick. If used, the DNS servers not known to Tunnelblick may cause DNS queries to fail or be intercepted or falsified even if they are directed through the VPN. Specify only known public DNS servers or DNS servers located on the VPN network to avoid such problems.

                                        Flushed the DNS cache via dscacheutil

                                        /usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil

                                        Notified mDNSResponder that the DNS cache was flushed

                                        End of output from client.up.tunnelblick.sh

                                        **********************************************

2016-02-16 18:24:54 us=28120 Data Channel MTU parms [ L:1601 D:1450 EF:101 EB:12 ET:0 EL:3 ]

2016-02-16 18:24:54 us=28323 Local Options String: 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'

2016-02-16 18:24:54 us=28432 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-server'

2016-02-16 18:24:54 us=28524 Local Options hash (VER=V4): 'fdf9820a'

2016-02-16 18:24:54 us=28610 Expected Remote Options hash (VER=V4): 'aafdd1dc'

2016-02-16 18:24:54 us=28728 UDPv4 link local (bound): [undef]

2016-02-16 18:24:54 us=28812 UDPv4 link remote: [AF_INET]122.2.1.1:1194

2016-02-16 18:24:54 us=28948 MANAGEMENT: >STATE:1455618294,WAIT,,,

2016-02-16 18:25:54 us=518623 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

2016-02-16 18:25:54 us=518795 TLS Error: TLS handshake failed

2016-02-16 18:25:54 us=519216 TCP/UDP: Closing socket

2016-02-16 18:25:54 us=519693 SIGUSR1[soft,tls-error] received, process restarting

2016-02-16 18:25:54 us=519803 MANAGEMENT: >STATE:1455618354,RECONNECTING,tls-error,,

2016-02-16 18:25:54 us=524083 MANAGEMENT: CMD 'hold release'

2016-02-16 18:25:54 us=524409 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2016-02-16 18:25:54 us=524555 Re-using SSL/TLS context

2016-02-16 18:25:54 us=524847 Control Channel MTU parms [ L:1601 D:1212 EF:38 EB:0 ET:0 EL:3 ]

2016-02-16 18:25:54 us=525103 Socket Buffers: R=[196724->196724] S=[9216->9216]

2016-02-16 18:25:54 us=525292 Preserving previous TUN/TAP instance: utun0

2016-02-16 18:25:54 us=525419 Data Channel MTU parms [ L:1601 D:1450 EF:101 EB:12 ET:0 EL:3 ]

2016-02-16 18:25:54 us=525518 Local Options String: 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'

2016-02-16 18:25:54 us=525610 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-server'

2016-02-16 18:25:54 us=525712 Local Options hash (VER=V4): 'fdf9820a'

2016-02-16 18:25:54 us=525809 Expected Remote Options hash (VER=V4): 'aafdd1dc'

2016-02-16 18:25:54 us=526009 UDPv4 link local (bound): [undef]

2016-02-16 18:25:54 us=526073 UDPv4 link remote: [AF_INET]122.2.1.1:1194

2016-02-16 18:25:54 us=526176 MANAGEMENT: >STATE:1455618354,WAIT,,,

2016-02-16 18:26:54 us=237964 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

2016-02-16 18:26:54 us=238232 TLS Error: TLS handshake failed

2016-02-16 18:26:54 us=238555 TCP/UDP: Closing socket

2016-02-16 18:26:54 us=238924 SIGUSR1[soft,tls-error] received, process restarting

2016-02-16 18:26:54 us=239104 MANAGEMENT: >STATE:1455618414,RECONNECTING,tls-error,,

2016-02-16 18:26:54 us=243565 MANAGEMENT: CMD 'hold release'

2016-02-16 18:26:54 us=243815 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2016-02-16 18:26:54 us=243942 Re-using SSL/TLS context

2016-02-16 18:26:54 us=244179 Control Channel MTU parms [ L:1601 D:1212 EF:38 EB:0 ET:0 EL:3 ]

2016-02-16 18:26:54 us=244365 Socket Buffers: R=[196724->196724] S=[9216->9216]

2016-02-16 18:26:54 us=244477 Preserving previous TUN/TAP instance: utun0

2016-02-16 18:26:54 us=244573 Data Channel MTU parms [ L:1601 D:1450 EF:101 EB:12 ET:0 EL:3 ]

2016-02-16 18:26:54 us=244638 Local Options String: 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'

2016-02-16 18:26:54 us=244776 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-server'

2016-02-16 18:26:54 us=244946 Local Options hash (VER=V4): 'fdf9820a'

2016-02-16 18:26:54 us=245016 Expected Remote Options hash (VER=V4): 'aafdd1dc'

2016-02-16 18:26:54 us=246170 UDPv4 link local (bound): [undef]

2016-02-16 18:26:54 us=250799 UDPv4 link remote: [AF_INET]122.2.1.1:1194

2016-02-16 18:26:54 us=251027 MANAGEMENT: >STATE:1455618414,WAIT,,,

2016-02-16 18:27:54 us=61783 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

2016-02-16 18:27:54 us=62060 TLS Error: TLS handshake failed

2016-02-16 18:27:54 us=62375 TCP/UDP: Closing socket

2016-02-16 18:27:54 us=62675 SIGUSR1[soft,tls-error] received, process restarting

2016-02-16 18:27:54 us=62996 MANAGEMENT: >STATE:1455618474,RECONNECTING,tls-error,,

2016-02-16 18:27:54 us=68656 MANAGEMENT: CMD 'hold release'

2016-02-16 18:27:54 us=68818 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2016-02-16 18:27:54 us=68898 Re-using SSL/TLS context

2016-02-16 18:27:54 us=68987 Control Channel MTU parms [ L:1601 D:1212 EF:38 EB:0 ET:0 EL:3 ]

2016-02-16 18:27:54 us=69080 Socket Buffers: R=[196724->196724] S=[9216->9216]

2016-02-16 18:27:54 us=69152 Preserving previous TUN/TAP instance: utun0

2016-02-16 18:27:54 us=69212 Data Channel MTU parms [ L:1601 D:1450 EF:101 EB:12 ET:0 EL:3 ]

2016-02-16 18:27:54 us=69274 Local Options String: 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'

2016-02-16 18:27:54 us=69328 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-server'

2016-02-16 18:27:54 us=69388 Local Options hash (VER=V4): 'fdf9820a'

2016-02-16 18:27:54 us=69447 Expected Remote Options hash (VER=V4): 'aafdd1dc'

2016-02-16 18:27:54 us=69506 UDPv4 link local (bound): [undef]

2016-02-16 18:27:54 us=69563 UDPv4 link remote: [AF_INET]122.2.1.1:1194

2016-02-16 18:27:54 us=69626 MANAGEMENT: >STATE:1455618474,WAIT,,,

2016-02-16 18:28:49 *Tunnelblick: Disconnecting; VPN Details… window disconnect button pressed

2016-02-16 18:28:49 *Tunnelblick: No 'pre-disconnect.sh' script to execute

2016-02-16 18:28:49 *Tunnelblick: Disconnecting using 'kill'

2016-02-16 18:28:49 us=564433 event_wait : Interrupted system call (code=4)

2016-02-16 18:28:49 us=564850 TCP/UDP: Closing socket

2016-02-16 18:28:49 us=565115 Closing TUN/TAP interface

2016-02-16 18:28:49 us=565484 /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -p -r -w -ptADGNWradsgnw utun0 1500 1601   init

                                        **********************************************

                                        Start of output from client.down.tunnelblick.sh

                                        WARNING: Not restoring DNS settings because no saved Tunnelblick DNS information was found.

                                        Flushed the DNS cache via dscacheutil

                                        /usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil

                                        Notified mDNSResponder that the DNS cache was flushed

                                        Resetting primary interface 'en0' via networksetup -setairportpower en0 off/on...

                                        End of output from client.down.tunnelblick.sh

                                        **********************************************

2016-02-16 18:28:53 us=431740 SIGTERM[hard,] received, process exiting

2016-02-16 18:28:53 us=431997 MANAGEMENT: >STATE:1455618533,EXITING,SIGTERM,,

jkbull...gmail.com

unread,
Feb 16, 2016, 6:17:49 AM2/16/16
to tunnelblick-discuss, hat...@gmail.com
Please set your configuration to "verb 3" and post the info described in Read Before You Post.

hat...@gmail.com

unread,
Feb 16, 2016, 6:43:57 AM2/16/16
to tunnelblick-discuss, hat...@gmail.com
Hi jkbull.
Thanks for your reply.  I set it to verb3 and got the below log.

2016-02-16 19:34:11 *Tunnelblick: Established communication with OpenVPN
2016-02-16 19:34:11 OpenVPN 2.3.10 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Feb  1 2016
2016-02-16 19:34:11 library versions: OpenSSL 1.0.2f  28 Jan 2016, LZO 2.09
2016-02-16 19:34:11 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337
2016-02-16 19:34:11 Need hold release from management interface, waiting...
2016-02-16 19:34:11 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337
2016-02-16 19:34:11 MANAGEMENT: CMD 'pid'
2016-02-16 19:34:11 MANAGEMENT: CMD 'state on'
2016-02-16 19:34:11 MANAGEMENT: CMD 'state'
2016-02-16 19:34:11 MANAGEMENT: CMD 'bytecount 1'
2016-02-16 19:34:11 MANAGEMENT: CMD 'hold release'
2016-02-16 19:34:11 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2016-02-16 19:34:11 WARNING: Your certificate is not yet valid!
2016-02-16 19:34:11 Socket Buffers: R=[196724->196724] S=[9216->9216]
2016-02-16 19:34:11 Opened utun device utun0
2016-02-16 19:34:11 NOTE: unable to redirect default gateway -- VPN gateway parameter (--route-gateway or --ifconfig) is missing
                                        **********************************************
                                        Start of output from client.up.tunnelblick.sh
2016-02-16 19:34:11 *Tunnelblick: openvpnstart starting OpenVPN
                                        NOTE: No network configuration changes need to be made.
                                        WARNING: Will NOT monitor for other network configuration changes.
                                        WARNING: Will NOT disable IPv6 settings
                                        DNS servers '192.168.2.249 192.168.2.245 8.8.8.8' will be used for DNS queries when the VPN is active
                                        NOTE: The DNS servers include one or more free public DNS servers known to Tunnelblick and one or more DNS servers not known to Tunnelblick. If used, the DNS servers not known to Tunnelblick may cause DNS queries to fail or be intercepted or falsified even if they are directed through the VPN. Specify only known public DNS servers or DNS servers located on the VPN network to avoid such problems.
                                        Flushed the DNS cache via dscacheutil
                                        /usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
                                        Notified mDNSResponder that the DNS cache was flushed
                                        End of output from client.up.tunnelblick.sh
                                        **********************************************
2016-02-16 19:34:14 UDPv4 link local (bound): [undef]
2016-02-16 19:34:14 UDPv4 link remote: [AF_INET]122.2.1.1:1194
2016-02-16 19:34:14 MANAGEMENT: >STATE:1455622454,WAIT,,,
2016-02-16 19:35:14 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2016-02-16 19:35:14 TLS Error: TLS handshake failed
2016-02-16 19:35:14 SIGUSR1[soft,tls-error] received, process restarting
2016-02-16 19:35:14 MANAGEMENT: >STATE:1455622514,RECONNECTING,tls-error,,
2016-02-16 19:35:14 MANAGEMENT: CMD 'hold release'
2016-02-16 19:35:14 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2016-02-16 19:35:14 Socket Buffers: R=[196724->196724] S=[9216->9216]
2016-02-16 19:35:14 Preserving previous TUN/TAP instance: utun0
2016-02-16 19:35:14 UDPv4 link local (bound): [undef]
2016-02-16 19:35:14 UDPv4 link remote: [AF_INET]122.2.1.1:1194
2016-02-16 19:35:14 MANAGEMENT: >STATE:1455622514,WAIT,,,

jkbull...gmail.com

unread,
Feb 16, 2016, 7:00:10 AM2/16/16
to tunnelblick-discuss, hat...@gmail.com
Not too helpful because you only posted a partial log, instead of all the diagnostic info, which was the point of my earlier post.

However, some messages stand out in the log:

(1)
2016-02-16 19:34:11 NOTE: unable to redirect default gateway -- VPN gateway parameter (--route-gateway or --ifconfig) is missing

This looks like an OpenVPN configuration problem. Consult OpenVPN experts:

(2)
NOTE: No network configuration changes need to be made.
WARNING: Will NOT monitor for other network configuration changes.
WARNING: Will NOT disable IPv6 settings
All of these are very unusual unless you have specifically want them. (If you are trying to create your own OpenVPN configuration I would suggest that you start with a sample configuration from "the Internet" instead of trying to create one from scratch. OpenVPN has literally hundreds of options and they have complex interactions. It's difficult to get them right.)

(3) 
DNS servers '192.168.2.249 192.168.2.245 8.8.8.8' will be used for DNS queries when the VPN is active

This may be a problem if you get connected. On OS X, only the first DNS server will be used until it fails, then the second will be used until it fails, etc. On Windows, all DNS servers are queried at once. So '8.8.8.8 192.168.2.249 192.168.2.245' might work better.
Reply all
Reply to author
Forward
0 new messages