DNS issue
99 views
Skip to first unread message
user213
Sep 21, 2016, 8:12:27 PM9/21/16
to tunnelblick-discuss
Hello,
After I've updated my mac to Sierra, Tunnelblick couldn't connect, so I have just uninstall-reinstalled tunnelblick and set the configurations once again with profile, but this time I m having DNS error.
Could you please help for my issue? Thanks!
------------------------------------------------------------------------
*Tunnelblick: OS X 10.12.0; Tunnelblick 3.6.7 (build 4602); prior version 3.6.8beta02 (build 4618);
Configuration client
"Sanitized" condensed configuration file for /Users/-----/Library/Application Support/Tunnelblick/Configurations/client.tblk:
[Lines that appear to be security-related have been omitted]
setenv FORWARD_COMPATIBLE 1
client
server-poll-timeout 4
nobind
remote 54.172.13.251 1194 udp
remote 54.172.13.251 1194 udp
remote 54.172.13.251 443 tcp
remote 54.172.13.251 1194 udp
remote 54.172.13.251 1194 udp
remote 54.172.13.251 1194 udp
remote 54.172.13.251 1194 udp
remote 54.172.13.251 1194 udp
dev tun
dev-type tun
ns-cert-type server
reneg-sec 604800
sndbuf 100000
rcvbuf 100000
auth-user-pass
comp-lzo no
verb 3
setenv PUSH_PEER_INFO
<ca>
[Security-related line(s) omitted]
</ca>
<cert>
[Security-related line(s) omitted]
</cert>
<key>
[Security-related line(s) omitted]
</key>
key-direction 1
<tls-auth>
[Security-related line(s) omitted]
</tls-auth>
[Lines that appear to be security-related have been omitted]
[Lines that appear to be security-related have been omitted]
[Lines that appear to be security-related have been omitted]
================================================================================
Non-Apple kexts that are loaded:
Index Refs Address Size Wired Name (Version) UUID <Linked Against>
146 0 0xffffff7f831ea000 0x3000 0x3000 com.avast.PacketForwarder (2.1) DF6C7E21-ED1D-328A-8285-4B2BB47556BA <4 1>
147 0 0xffffff7f831ed000 0x8000 0x8000 com.avast.AvastFileShield (3.0.0) 3AFBF1BE-DB0F-3F1E-B813-68B6F2F79283 <5 4 1>
================================================================================
There are no unusual files in client.tblk
================================================================================
Configuration preferences:
-keychainHasUsernameAndPassword = 1
-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
-lastConnectionSucceeded = 1
================================================================================
Wildcard preferences:
-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
================================================================================
Program preferences:
launchAtNextLogin = 1
notOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
askedUserIfOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
tunnelblickVersionHistory = (
"3.6.7 (build 4602)",
"3.6.8beta02 (build 4618)",
"3.6.7 (build 4602)"
)
lastLaunchTime = 496194211.210576
lastLanguageAtLaunchWasRTL = 0
connectionWindowDisplayCriteria = showWhenConnecting
maxLogDisplaySize = 102400
lastConnectedDisplayName = client
keyboardShortcutIndex = 1
updateCheckAutomatically = 0
updateCheckBetas = 1
updateSendProfileInfo = 1
NSWindow Frame ConnectingWindow = 434 361 412 297 0 0 1280 777
detailsWindowFrameVersion = 4618
detailsWindowFrame = {{203, 208}, {920, 468}}
detailsWindowLeftFrame = {{0, 0}, {165, 350}}
detailsWindowViewIndex = 0
detailsWindowConfigurationsTabIdentifier = log
leftNavSelectedDisplayName = client
AdvancedWindowTabIdentifier = connectingAndDisconnecting
haveDealtWithSparkle1dot5b6 = 1
haveDealtWithOldTunTapPreferences = 1
haveDealtWithOldLoginItem = 1
SUEnableAutomaticChecks = 0
SUFeedURL = https://www.tunnelblick.net/appcast-b.rss
SUScheduledCheckInterval = 86400
SUSendProfileInfo = 1
SULastCheckTime = 2016-09-21 23:04:14 +0000
SULastProfileSubmissionDate = 2016-09-21 17:41:58 +0000
SUHasLaunchedBefore = 1
WebKitDefaultFontSize = 16
WebKitStandardFont = Times
================================================================================
Tunnelblick Log:
*Tunnelblick: OS X 10.12.0; Tunnelblick 3.6.7 (build 4602); prior version 3.6.8beta02 (build 4618)
2016-09-22 02:57:40 *Tunnelblick: Attempting connection with client using shadow copy; Set nameserver = 769; monitoring connection
2016-09-22 02:57:40 *Tunnelblick: openvpnstart start client.tblk 1338 769 0 1 0 1065265 -ptADGNWradsgnw 2.3.12
2016-09-22 02:57:41 *Tunnelblick: openvpnstart log:
Loading tun-signed.kext
OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.12/openvpn
--daemon
--log
/Library/Application Support/Tunnelblick/Logs/-SUsers-S-----SLibrary-SApplication Support-STunnelblick-SConfigurations-Sclient.tblk-SContents-SResources-Sconfig.ovpn.769_0_1_0_1065265.1338.openvpn.log
--cd
/Library/Application Support/Tunnelblick/Users/-------/client.tblk/Contents/Resources
--verb
3
--config
/Library/Application Support/Tunnelblick/Users/-------/client.tblk/Contents/Resources/config.ovpn
--verb
3
--cd
/Library/Application Support/Tunnelblick/Users/----/client.tblk/Contents/Resources
--management
127.0.0.1
1338
--management-query-passwords
--management-hold
--script-security
2
--up
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
--down
/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
2016-09-22 02:57:41 *Tunnelblick: Established communication with OpenVPN
2016-09-22 02:57:41 *Tunnelblick: Obtained VPN username and password from the Keychain
2016-09-22 02:57:41 OpenVPN 2.3.12 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Sep 15 2016
2016-09-22 02:57:41 library versions: OpenSSL 1.0.2h 3 May 2016, LZO 2.09
2016-09-22 02:57:41 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1338
2016-09-22 02:57:41 Need hold release from management interface, waiting...
2016-09-22 02:57:41 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1338
2016-09-22 02:57:41 MANAGEMENT: CMD 'pid'
2016-09-22 02:57:41 MANAGEMENT: CMD 'state on'
2016-09-22 02:57:41 MANAGEMENT: CMD 'state'
2016-09-22 02:57:41 MANAGEMENT: CMD 'bytecount 1'
2016-09-22 02:57:41 MANAGEMENT: CMD 'hold release'
2016-09-22 02:57:41 MANAGEMENT: CMD 'username "Auth" "---"'
2016-09-22 02:57:41 MANAGEMENT: CMD 'password [...]'
2016-09-22 02:57:41 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2016-09-22 02:57:41 Control Channel Authentication: tls-auth using INLINE static key file
2016-09-22 02:57:41 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2016-09-22 02:57:41 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2016-09-22 02:57:41 Socket Buffers: R=[196724->100000] S=[9216->100000]
2016-09-22 02:57:41 UDPv4 link local: [undef]
2016-09-22 02:57:41 UDPv4 link remote: [AF_INET]54.172.13.251:1194
2016-09-22 02:57:41 MANAGEMENT: >STATE:1474502261,WAIT,,,
2016-09-22 02:57:41 MANAGEMENT: >STATE:1474502261,AUTH,,,
2016-09-22 02:57:41 TLS: Initial packet from [AF_INET]54.172.13.251:1194, sid=96fa4d7c 2643830f
2016-09-22 02:57:41 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2016-09-22 02:57:41 *Tunnelblick: openvpnstart starting OpenVPN
2016-09-22 02:57:42 VERIFY OK: depth=1, CN=OpenVPN CA
2016-09-22 02:57:42 VERIFY OK: nsCertType=SERVER
2016-09-22 02:57:42 VERIFY OK: depth=0, CN=OpenVPN Server
2016-09-22 02:57:43 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
2016-09-22 02:57:43 WARNING: this cipher's block size is less than 128 bit (64 bit). Consider using a --cipher with a larger block size.
2016-09-22 02:57:43 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2016-09-22 02:57:43 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
2016-09-22 02:57:43 WARNING: this cipher's block size is less than 128 bit (64 bit). Consider using a --cipher with a larger block size.
2016-09-22 02:57:43 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2016-09-22 02:57:43 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
2016-09-22 02:57:43 [OpenVPN Server] Peer Connection Initiated with [AF_INET]54.172.13.251:1194
2016-09-22 02:57:44 MANAGEMENT: >STATE:1474502264,GET_CONFIG,,,
2016-09-22 02:57:45 SENT CONTROL [OpenVPN Server]: 'PUSH_REQUEST' (status=1)
2016-09-22 02:57:45 PUSH: Received control message: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 12,ping-restart 50,auth-token SESS_ID,comp-lzo yes,redirect-private def1,redirect-private bypass-dhcp,redirect-private autolocal,route-gateway 172.27.232.1,route 172.27.224.0 255.255.240.0,route 10.1.0.0 255.255.0.0,dhcp-option DNS 10.1.0.2,register-dns,block-ipv6,ifconfig 172.27.237.90 255.255.248.0'
2016-09-22 02:57:45 Option 'explicit-exit-notify' in [PUSH-OPTIONS]:1 is ignored by previous <connection> blocks
2016-09-22 02:57:45 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: dhcp-pre-release (2.3.12)
2016-09-22 02:57:45 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:5: dhcp-renew (2.3.12)
2016-09-22 02:57:45 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:6: dhcp-release (2.3.12)
2016-09-22 02:57:45 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:19: register-dns (2.3.12)
2016-09-22 02:57:45 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:20: block-ipv6 (2.3.12)
2016-09-22 02:57:45 OPTIONS IMPORT: timers and/or timeouts modified
2016-09-22 02:57:45 OPTIONS IMPORT: explicit notify parm(s) modified
2016-09-22 02:57:45 OPTIONS IMPORT: LZO parms modified
2016-09-22 02:57:45 OPTIONS IMPORT: --ifconfig/up options modified
2016-09-22 02:57:45 OPTIONS IMPORT: route options modified
2016-09-22 02:57:45 OPTIONS IMPORT: route-related options modified
2016-09-22 02:57:45 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2016-09-22 02:57:45 Opening utun (connect(AF_SYS_CONTROL)): Resource busy
2016-09-22 02:57:45 Opened utun device utun1
2016-09-22 02:57:45 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
2016-09-22 02:57:45 MANAGEMENT: >STATE:1474502265,ASSIGN_IP,,172.27.237.90,
2016-09-22 02:57:45 /sbin/ifconfig utun1 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2016-09-22 02:57:45 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2016-09-22 02:57:45 /sbin/ifconfig utun1 172.27.237.90 172.27.237.90 netmask 255.255.248.0 mtu 1500 up
2016-09-22 02:57:45 /sbin/route add -net 172.27.232.0 172.27.237.90 255.255.248.0
add net 172.27.232.0: gateway 172.27.237.90
2016-09-22 02:57:45 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw utun1 1500 1542 172.27.237.90 255.255.248.0 init
**********************************************
Start of output from client.up.tunnelblick.sh
Retrieved from OpenVPN: name server(s) [ 10.1.0.2 ], search domain(s) [ ] and SMB server(s) [ ] and using default domain name [ openvpn ]
Not aggregating ServerAddresses because running on OS X 10.6 or higher
Setting search domains to 'openvpn' because running under OS X 10.6 or higher and the search domains were not set manually and 'Prepend domain name to search domains' was not selected
Saved the DNS and SMB configurations so they can be restored
Changed DNS ServerAddresses setting from '192.168.1.1' to '10.1.0.2'
Changed DNS SearchDomains setting from '' to 'openvpn'
Changed DNS DomainName setting from '' to 'openvpn'
Did not change SMB NetBIOSName setting of ''
Did not change SMB Workgroup setting of ''
Did not change SMB WINSAddresses setting of ''
DNS servers '10.1.0.2' will be used for DNS queries when the VPN is active
NOTE: The DNS servers do not include any free public DNS servers known to Tunnelblick. This may cause DNS queries to fail or be intercepted or falsified even if they are directed through the VPN. Specify only known public DNS servers or DNS servers located on the VPN network to avoid such problems.
Flushed the DNS cache via dscacheutil
/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
Notified mDNSResponder that the DNS cache was flushed
Setting up to monitor system configuration with process-network-changes
End of output from client.up.tunnelblick.sh
**********************************************
2016-09-22 02:57:54 *Tunnelblick: No 'connected.sh' script to execute
2016-09-22 02:57:54 /sbin/route add -net 54.172.13.251 192.168.1.1 255.255.255.255
add net 54.172.13.251: gateway 192.168.1.1
2016-09-22 02:57:54 MANAGEMENT: >STATE:1474502274,ADD_ROUTES,,,
2016-09-22 02:57:54 /sbin/route add -net 172.27.224.0 172.27.232.1 255.255.240.0
add net 172.27.224.0: gateway 172.27.232.1
2016-09-22 02:57:54 /sbin/route add -net 10.1.0.0 172.27.232.1 255.255.0.0
add net 10.1.0.0: gateway 172.27.232.1
2016-09-22 02:57:54 Initialization Sequence Completed
2016-09-22 02:57:54 MANAGEMENT: >STATE:1474502274,CONNECTED,SUCCESS,172.27.237.90,54.172.13.251
2016-09-22 02:57:57 *Tunnelblick process-network-changes: A system configuration change was ignored
2016-09-22 02:58:00 *Tunnelblick: This computer's apparent public IP address (78.185.76.238) was unchanged after the connection was made
2016-09-22 02:58:51 *Tunnelblick: Disconnecting; VPN Details… window disconnect button pressed
2016-09-22 02:58:51 *Tunnelblick: No 'pre-disconnect.sh' script to execute
2016-09-22 02:58:51 *Tunnelblick: Disconnecting using 'kill'
2016-09-22 02:58:51 event_wait : Interrupted system call (code=4)
2016-09-22 02:58:51 SIGTERM received, sending exit notification to peer
2016-09-22 02:58:53 /sbin/route delete -net 10.1.0.0 172.27.232.1 255.255.0.0
delete net 10.1.0.0: gateway 172.27.232.1
2016-09-22 02:58:53 /sbin/route delete -net 172.27.224.0 172.27.232.1 255.255.240.0
delete net 172.27.224.0: gateway 172.27.232.1
2016-09-22 02:58:53 /sbin/route delete -net 54.172.13.251 192.168.1.1 255.255.255.255
delete net 54.172.13.251: gateway 192.168.1.1
2016-09-22 02:58:53 Closing TUN/TAP interface
2016-09-22 02:58:53 /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw utun1 1500 1542 172.27.237.90 255.255.248.0 init
**********************************************
Start of output from client.down.tunnelblick.sh
Cancelled monitoring of system configuration changes
Restored the DNS and SMB configurations
Flushed the DNS cache via dscacheutil
/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
Notified mDNSResponder that the DNS cache was flushed
End of output from client.down.tunnelblick.sh
**********************************************
2016-09-22 02:58:53 SIGTERM[soft,exit-with-notification] received, process exiting
2016-09-22 02:58:53 MANAGEMENT: >STATE:1474502333,EXITING,exit-with-notification,,
2016-09-22 02:58:53 *Tunnelblick: No 'post-disconnect.sh' script to execute
2016-09-22 02:58:53 *Tunnelblick: Expected disconnection occurred.
================================================================================
"Sanitized" full configuration file
# Automatically generated OpenVPN client config file
# Generated on Wed Sep 21 17:02:06 2016 by openvpnas2
# Note: this config file contains inline private keys
# and therefore should be kept confidential!
# Note: this configuration is user-locked to the username below
# OVPN_ACCESS_SERVER_USERNAME=-----
# Define the profile name of this particular configuration file
# OVPN_ACCESS_SERVER_PROFILE=----@54.172.13.251
# OVPN_ACCESS_SERVER_CLI_PREF_ALLOW_WEB_IMPORT=True
# OVPN_ACCESS_SERVER_CLI_PREF_BASIC_CLIENT=False
# OVPN_ACCESS_SERVER_CLI_PREF_ENABLE_CONNECT=True
# OVPN_ACCESS_SERVER_CLI_PREF_ENABLE_XD_PROXY=True
# OVPN_ACCESS_SERVER_WSHOST=54.172.13.251:443
# OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_START
# -----BEGIN CERTIFICATE-----
[Lines that appear to be security-related have been omitted]
# -----END CERTIFICATE-----
# OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_STOP
# OVPN_ACCESS_SERVER_IS_OPENVPN_WEB_CA=1
# OVPN_ACCESS_SERVER_ORGANIZATION=OpenVPN Technologies, Inc.
setenv FORWARD_COMPATIBLE 1
client
server-poll-timeout 4
nobind
remote 54.172.13.251 1194 udp
remote 54.172.13.251 1194 udp
remote 54.172.13.251 443 tcp
remote 54.172.13.251 1194 udp
remote 54.172.13.251 1194 udp
remote 54.172.13.251 1194 udp
remote 54.172.13.251 1194 udp
remote 54.172.13.251 1194 udp
dev tun
dev-type tun
ns-cert-type server
reneg-sec 604800
sndbuf 100000
rcvbuf 100000
auth-user-pass
# NOTE: LZO commands are pushed by the Access Server at connect time.
# NOTE: The below line doesn't disable LZO.
comp-lzo no
verb 3
setenv PUSH_PEER_INFO
<ca>
[Security-related line(s) omitted]
</ca>
<cert>
[Security-related line(s) omitted]
</cert>
<key>
[Security-related line(s) omitted]
</key>
key-direction 1
<tls-auth>
[Security-related line(s) omitted]
</tls-auth>
## -----BEGIN RSA SIGNATURE-----
[Lines that appear to be security-related have been omitted]
## -----END RSA SIGNATURE-----
## -----BEGIN CERTIFICATE-----
[Lines that appear to be security-related have been omitted]
## -----END CERTIFICATE-----
## -----BEGIN CERTIFICATE-----
[Lines that appear to be security-related have been omitted]
## -----END CERTIFICATE-----
================================================================================
ifconfig output:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether d0:a6:37:eb:48:73
inet 192.168.1.46 netmask 0xffffff00 broadcast 192.168.1.255
media: autoselect
status: active
en1: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
options=60<TSO4,TSO6>
ether 4a:00:00:49:45:70
media: autoselect <full-duplex>
status: inactive
en2: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
options=60<TSO4,TSO6>
ether 4a:00:00:49:45:71
media: autoselect <full-duplex>
status: inactive
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=63<RXCSUM,TXCSUM,TSO4,TSO6>
ether 4a:00:00:49:45:70
Configuration:
id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
ipfilter disabled flags 0x2
member: en1 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 5 priority 0 path cost 0
member: en2 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 6 priority 0 path cost 0
media: <unknown type>
status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether 02:a6:37:eb:48:73
media: autoselect
status: inactive
awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1484
ether c6:35:6f:90:c5:80
inet6 fe80::c435:6fff:fe90:c580%awdl0 prefixlen 64 scopeid 0x9
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
inet6 fe80::60b9:db0e:b573:8132%utun0 prefixlen 64 scopeid 0xa
nd6 options=201<PERFORMNUD,DAD>
Reply all
Reply to author
Forward
0 new messages