An error (status 173) ocurred while trying to check the security

406 views
Skip to first unread message

laszlo.d...@gmail.com

unread,
Jun 28, 2016, 11:01:22 PM6/28/16
to tunnelblick-discuss
Hi,

An error (status 173) ocurred while trying to check the security of the [vpn-name] configuration.
Please quit and relaunch Tunnelblick. If the problem persists, please reinstall Tunnelblick.


The error above can be seen when I try to connect to a VPN server. 
If I sign in on the same computer with a different user using the same configuration files then all works fine.

What I did so far: uninstalled (following these steps) and reinstalled, didn't help.

Any ideas?

Thank you!
Laszlo

László Dánielisz

unread,
Jun 28, 2016, 11:13:41 PM6/28/16
to tunnelblick-discuss
In /var/log/syslog I've found the following:

'If present, the HOME environment variable must be set to '/Users/europe'; it is '/Users/europe/'
Complete environment = {
   "COMMAND_MODE" = unix2003;
   HOME = "/Users/europe/";
   LOGNAME = europe;
   PATH = "/usr/bin:/bin:/usr/sbin:/sbin";
   SHELL = "/bin/bash";
   TMPDIR = "/var/folders/yn/qglgrw25125b6fkkz0rdhj0m0000gn/T/";
   USER = europe;
   "__CF_USER_TEXT_ENCODING" = "0x0:0:0";
}
'

Though if I do a:
~$ echo $HOME
/Users/europe

The "/" at the end of the line isn't there.

jkbull...gmail.com

unread,
Jun 28, 2016, 11:44:01 PM6/28/16
to tunnelblick-discuss
This is very odd; I've never seen it before.

This is a problem with the environment variables that Tunnelblick's privileged helper program is started with. The values for these variables are supplied by OS X's "launchd" program, and each one should have a specific value. One of the checks that Tunnelblick performs is that the $HOME value matches the value returned by NSHomeDirectory(). So basically, one part of OS X is saying that $HOME is "/Users/europe" and another part is saying that it is "Users/europe/". They don't match, so Tunnelblick complains and refuses to proceed. (The checks are performed to help prevent attacks like the Bourne-Again Shell (Bash) Remote Code Execution Vulnerability.)

I gather you have logged in and out and that didn't fix this. Perhaps restarting your computer would help. Otherwise, I think that OS itself or the user's system data is corrupted. (Not Tunnelblick's data for the user, but the data that OS X holds about the user.)

László Dánielisz

unread,
Jun 29, 2016, 9:38:23 AM6/29/16
to tunnelblick-discuss
As part of uninstalling Tunnelblick I restarted the computer. Because I've reinstalled a couple of times I also rebooted the computer couple of times :)
Btw, with a different user Tunnelblick does work.

László Dánielisz

unread,
Jul 2, 2016, 8:40:30 AM7/2/16
to tunnelblick-discuss
I've found a solution, it turned out there is a bug in El Capitan when you change a user's home directory, here is the fix:

  1. Create a new directory under /Users/temporarily
  2. Create a new admin user if you don’t have one already
  3. Sing out from the user with issues and log in to the other user
  4. Go to System Preferences -> Users&Groups -> hit the lock icon -> right click on the troubled user name then Advanced Options
  5. Choose the directory you’ve created in step 1 (/Users/temporarily) -> click OK
  6. Click the lock again to lock it
  7. Right click again on the troubled user name and click Advanced Options -> Type in the correct home directory without the forward slash at the end /Users/username -> click OK
  8. Login with the user you had issues and you should be done, and you can remove /Users/temporarily directory

jkbull...gmail.com

unread,
Jul 2, 2016, 10:02:05 AM7/2/16
to tunnelblick-discuss
Thank you very much for sharing the solution.


On Saturday, July 2, 2016 at 8:40:30 AM UTC-4, László Dánielisz wrote:
I've found a solution, it turned out there is a bug in El Capitan when you change a user's home directory, here is the fix:

  1. Create a new directory under /Users/temporarily
  2. Create a new admin user if you don’t have one already
  3. Sing out from the user with issues and log in to the other user
  4. Go to System Preferences -> Users&Groups -> hit the lock icon -> right click on the troubled user name then Advanced Options
  5. Choose the directory you’ve created in step 1 (/Users/temporarily) -> click OK
  6. Click the lock again to lock it
  7. Right click again on the troubled user name and click Advanced Options -> Type in the correct home directory without the forward slash at the end /Users/username -> click OK
  8. Login with the user you had issues and you should be done, and you can remove /Users/temporarily directory
On Tuesday, June 28, 2016 at 11:01:22 PM UTC-4, László Dánielisz wrote:
Reply all
Reply to author
Forward
0 new messages