Tunnelblick doesn`t allow me to connect my vpn with mavericks

289 views

Skip to first unread message

jhonnyg...@gmail.com

unread,

Dec 27, 2013, 11:35:15 AM12/27/13

to tunnelbli...@googlegroups.com

Hi I have this similar problem, I already read almost very comment and try everything but I still can't connect to the vpn server. I am using mavericks and Tunnelblick 3.4beta18 (build 3704). I can connect to the tunnelblick with my username and password, also see on endian server that I am connected from my mac, but when I try to make a ping to the server it doesn't. The weird thing is that this only happens with wifi connection through adsl router. When I connect through USB 3g modem it works perfect also if I use my phone as a hotspot. Here is my configuration file and my log. Thanks

###############################

# Sample client-side OpenVPN 2.0 config file #

# for connecting to multi-client server. #

# #

# This configuration can be used by multiple #

# clients, however each client should have #

# its own cert and key files. #

# #

# On Windows, you might want to rename this #

# file so it has a .ovpn extension #

###############################

# Specify that we are a client and that we

# will be pulling certain config file directives

# from the server.

client

# Use the same setting as you are using on

# the server.

# On most systems, the VPN will not function

# unless you partially or fully disable

# the firewall for the TUN/TAP interface.

dev tap

# Windows needs the TAP-Win32 adapter name

# from the Network Connections panel

# if you have more than one. On XP SP2,

# you may need to disable the firewall

# for the TAP adapter.

;dev-node MyTap

# Are we connecting to a TCP or

# UDP server? Use the same setting as

# on the server.

proto tcp

#proto udp

# The hostname/IP and port of the server.

# You can have multiple remote entries

# to load balance between the servers.

remote (i.e. mail.hhhh.ggg) 1194

- mostrar texto citado -

ca xxxxxxxx.pem

# Use Username and Password Authentication

auth-user-pass

# Verify server certificate by checking

# that the certicate has the nsCertType

# field set to "server". This is an

# important precaution to protect against

# a potential attack discussed here:

# http://openvpn.net/howto.html#mitm

# To use this feature, you will need to generate

# your server certificates with the nsCertType

# field set to "server". The build-key-server

# script in the easy-rsa folder will do this.

;ns-cert-type server

# If a tls-auth key is used on the server

# then every client must also have the key.

;tls-auth ta.key 1

# Select a cryptographic cipher.

# If the cipher option is used on the server

# then you must also specify it here.

;cipher x

# Enable compression on the VPN link.

# Don't enable this unless it is also

# enabled in the server config file.

comp-lzo

# Set log file verbosity.

verb 3

# Silence repeating messages

;mute 20

;verb 6

2013-12-27 00:51:26 OpenVPN 2.3.2 i386-apple-darwin10.8.0 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [MH] [IPv6] built on Oct 25 2013

2013-12-27 00:51:26 MANAGEMENT: TCP Socket listening on [AF_INET]xx.x.xx.xx:1338

2013-12-27 00:51:26 Need hold release from management interface, waiting...

2013-12-27 00:51:26 MANAGEMENT: Client connected from [AF_INET]xx.x.xx.xx:1338

2013-12-27 00:51:26 MANAGEMENT: CMD 'pid'

2013-12-27 00:51:26 MANAGEMENT: CMD 'state on'

2013-12-27 00:51:26 MANAGEMENT: CMD 'state'

2013-12-27 00:51:26 MANAGEMENT: CMD 'bytecount 1'

2013-12-27 00:51:26 MANAGEMENT: CMD 'hold release'

2013-12-27 00:51:26 *Tunnelblick: openvpnstart starting OpenVPN

2013-12-27 00:51:26 *Tunnelblick: Established communication with OpenVPN

2013-12-27 00:51:30 MANAGEMENT: CMD 'username "Auth" "jhonny"'

2013-12-27 00:51:30 MANAGEMENT: CMD 'password [...]'

2013-12-27 00:51:30 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

2013-12-27 00:51:30 Socket Buffers: R=[131072->65536] S=[131072->65536]

2013-12-27 00:51:30 MANAGEMENT: >STATE:1388123490,RESOLVE,,,

2013-12-27 00:51:30 Attempting to establish TCP connection with [AF_INET]xx.xx.xx.xx:1194 [nonblock]

2013-12-27 00:51:30 MANAGEMENT: >STATE:1388123490,TCP_CONNECT,,,

2013-12-27 00:51:31 TCP connection established with [AF_INET]1x.xx.xx.xx:1194

2013-12-27 00:51:31 TCPv4_CLIENT link local: [undef]

2013-12-27 00:51:31 TCPv4_CLIENT link remote: [AF_INET]x.xx.xx.xx:1194

2013-12-27 00:51:31 MANAGEMENT: >STATE:1388123491,WAIT,,,

2013-12-27 00:51:31 MANAGEMENT: >STATE:1388123491,AUTH,,,

2013-12-27 00:51:31 TLS: Initial packet from [AF_INET]1x.xx.xx.xx:1194, sid=18b16339 fc65d196

2013-12-27 00:51:31 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

2013-12-27 00:51:32 VERIFY OK: depth=1, C=IT, O=efw, CN=efw CA

2013-12-27 00:51:32 VERIFY OK: depth=0, C=IT, O=efw, CN=127.0.0.1

2013-12-27 00:51:33 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key

2013-12-27 00:51:33 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

2013-12-27 00:51:33 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key

2013-12-27 00:51:33 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

2013-12-27 00:51:33 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA

2013-12-27 00:51:33 [127.0.0.1] Peer Connection Initiated with [AF_INET]x.xx.xx.xx:1194

2013-12-27 00:51:34 MANAGEMENT: >STATE:1388123494,GET_CONFIG,,,

2013-12-27 00:51:35 SENT CONTROL [127.0.0.1]: 'PUSH_REQUEST' (status=1)

2013-12-27 00:51:35 PUSH: Received control message: 'PUSH_REPLY,route-gateway 192.168.1.1,route-gateway 192.168.1.1,ping 8,ping-restart 30,ifconfig 192.168.1.163 255.255.255.0'

2013-12-27 00:51:35 OPTIONS IMPORT: timers and/or timeouts modified

2013-12-27 00:51:35 OPTIONS IMPORT: --ifconfig/up options modified

2013-12-27 00:51:35 OPTIONS IMPORT: route-related options modified

2013-12-27 00:51:35 TUN/TAP device /dev/tap0 opened

2013-12-27 00:51:35 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0

2013-12-27 00:51:35 MANAGEMENT: >STATE:1388123495,ASSIGN_IP,,192.168.1.163,

2013-12-27 00:51:35 /sbin/ifconfig tap0 delete

ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address

2013-12-27 00:51:35 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure

2013-12-27 00:51:35 /sbin/ifconfig tap0 x.xx.xx.xxxx netmask 255.255.255.0 mtu 1500 up

2013-12-27 00:51:35 *Tunnelblick: No 'connected.sh' script to execute

2013-12-27 00:51:35 /sbin/route add -net x.xx.xx.xx 192.168.1.1 255.255.255.255

add net xx.xx.xx.xx: gateway 192.168.1.1

2013-12-27 00:51:35 /sbin/route add -net 0.0.0.0 192.168.1.1 128.0.0.0

add net 0.0.0.0: gateway 192.168.1.1

2013-12-27 00:51:35 /sbin/route add -net 128.0.0.0 192.168.1.1 128.0.0.0

add net 128.0.0.0: gateway 192.168.1.1

2013-12-27 00:51:35 Initialization Sequence Completed

2013-12-27 00:51:35 MANAGEMENT: >STATE:1388123495,CONNECTED,SUCCESS,xx.xxx.xxx.xx,xxx.xx.xx.xx

jkbull...gmail.com

unread,

Dec 27, 2013, 11:47:34 AM12/27/13

to tunnelbli...@googlegroups.com, jhonnyg...@gmail.com

You are using Tunnelblick 3.4beta18, so please post the "diagnostic info" as describe in PLEASE READ BEFORE YOU POST.
You have not set "Set DNS/WINS" to "Set nameserver", which is usually the best option, and is the best way to diagnose problems. Without it, whatever DNS server your computer is set to use (probably by DHCP) will be used. That DNS server may not respond to requests from your computer if it is connected to the VPN.
You may want to put a check in "Check if the apparent public IP address changed after connecting" on the "Advanced" window. That allow Tunnelblick to diagnose some problems.
You should be aware that ping (and many other Terminal commands) does not do name resolution the same way that most of OS X does, so it can give results.

Reply all

Reply to author

Forward

0 new messages