I have been struggling to get Tunnelblick connected to AWS Client VPN using certificates as authentication.
The connection establishes as expected I am able to connect (SSH/Curl) to my resources in AWS, however, local access no longer works.
- Set DNS (all options tried) I am able to resolve DNS with this set to "Set Nameservers", it seems to use my firewalls DNS gateway.
*Tunnelblick: macOS 10.14.2; Tunnelblick 3.7.9beta02 (build 5200); prior version 3.7.9beta01 (build 5190); Admin user
git commit e776ee99c72f123303d71557a8a3d9f1f57a7f95
Configuration downloaded-client-config
"Sanitized" condensed configuration file for /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk:
client
dev tun
proto udp
remote-random-hostname
resolv-retry infinite
nobind
persist-key
persist-tun
cert mycert.crt
key mykey.key
remote-cert-tls server
cipher AES-256-GCM
verb 3
<ca>
[Security-related line(s) omitted]
</ca>
reneg-sec 0
================================================================================
Non-Apple kexts that are loaded:
Index Refs Address Size Wired Name (Version) UUID <Linked Against>
108 0 0xffffff7f83f90000 0x7000 0x7000 net.sf.tuntaposx.tun (1.0) 95DD963D-E23D-3B0F-8DE8-A4D2F6BFA5CC <8 6 5 1>
109 0 0xffffff7f83f97000 0x7000 0x7000 net.sf.tuntaposx.tap (1.0) 23FDB715-3D0D-3A26-ACBA-E3794C231CB7 <8 6 5 1>
112 0 0xffffff7f83fac000 0x5000 0x5000 org.pqrs.driver.Karabiner.VirtualHIDDevice.v060800 (6.8.0) 19C2E27F-C5B5-334B-9F70-8C9A51814EA3 <44 6 5 3 1>
172 0 0xffffff7f84707000 0xc000 0xc000 com.displaylink.driver.DisplayLinkDriver (5.0 (42)) 4E4C9A34-2960-3AC0-8BB7-861686561DAB <113 13 6 5 3>
173 0 0xffffff7f84713000 0x12000 0x12000 net.pulsesecure.PulseSecureFirewall (9.0.2f5) F5EB3488-092C-3EC1-9D32-7461A0A1A5C8 <6 5 3 2 1>
================================================================================
Files in downloaded-client-config.tblk:
Contents/Resources/cli….crt
Contents/Resources/cli….key
Contents/Resources/config.ovpn
================================================================================
Configuration preferences:
-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
-lastConnectionSucceeded = 1
================================================================================
Wildcard preferences:
-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
================================================================================
Program preferences:
launchAtNextLogin = 1
tunnelblickVersionHistory = (
"3.7.9beta02 (build 5200)",
"3.7.9beta01 (build 5190)",
"3.7.8 (build 5180)"
)
statusDisplayNumber = 0
lastLaunchTime = 571305696.494301
lastLanguageAtLaunchWasRTL = 0
connectionWindowDisplayCriteria = showWhenConnecting
maxLogDisplaySize = 10485760
lastConnectedDisplayName = downloaded-client-config
keyboardShortcutIndex = 1
updateCheckAutomatically = 1
NSWindow Frame SettingsSheetWindow = 339 266 829 524 0 0 1440 877
NSWindow Frame ConnectingWindow = 525 517 389 187 0 0 1440 877
NSWindow Frame SUStatusFrame = -1696 485 400 129 -1920 0 1920 1057
NSWindow Frame SUUpdateAlert = -1847 208 620 392 -1920 0 1920 1057
NSWindow Frame ListingWindow = -3259 491 500 422 -3840 0 1920 1057
detailsWindowFrameVersion = 5190
detailsWindowFrame = {{-1479, 323}, {920, 468}}
detailsWindowLeftFrame = {{0, 0}, {165, 350}}
detailsWindowViewIndex = 0
detailsWindowConfigurationsTabIdentifier = log
leftNavSelectedDisplayName = downloaded-client-config
AdvancedWindowTabIdentifier = connectingAndDisconnecting
haveDealtWithOldTunTapPreferences = 1
haveDealtWithOldLoginItem = 1
haveDealtWithAfterDisconnect = 1
SUEnableAutomaticChecks = 1
SUScheduledCheckInterval = 86400
SULastCheckTime = 2019-02-08 08:01:36 +0000
SUHasLaunchedBefore = 1
WebKitDefaultFontSize = 16
WebKitStandardFont = Times
================================================================================
Tunnelblick Log:
*Tunnelblick: macOS 10.14.2; Tunnelblick 3.7.9beta02 (build 5200); prior version 3.7.9beta01 (build 5190)
2019-02-08 10:21:43 *Tunnelblick: Attempting connection with downloaded-client-config; Set nameserver = 769; monitoring connection
2019-02-08 10:21:43 *Tunnelblick: openvpnstart start downloaded-client-config.tblk 54834 769 0 3 0 1065264 -ptADGNWradsgnw 2.4.6-openssl-1.0.2q
2019-02-08 10:21:43 *Tunnelblick: openvpnstart log:
OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.4.6-openssl-1.0.2q/openvpn
--daemon
--log /Library/Application Support/Tunnelblick/Logs/-SLibrary-SApplication Support-STunnelblick-SShared-Sdownloaded--client--config.tblk-SContents-SResources-Sconfig.ovpn.769_0_3_0_1065264.54834.openvpn.log
--cd /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk/Contents/Resources
--setenv IV_GUI_VER "net.tunnelblick.tunnelblick 5200 3.7.9beta02 (build 5200)"
--verb 3
--config /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk/Contents/Resources/config.ovpn
--setenv TUNNELBLICK_CONFIG_FOLDER /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk/Contents/Resources
--verb 3
--cd /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk/Contents/Resources
--management 127.0.0.1 54834 /Library/Application Support/Tunnelblick/khejkncgkmkfjgjlcceflpagljmefklebbmmbkjj.mip
--management-query-passwords
--management-hold
--script-security 2
2019-02-08 10:21:43 OpenVPN 2.4.6 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Jan 10 2019
2019-02-08 10:21:43 library versions: OpenSSL 1.0.2q 20 Nov 2018, LZO 2.10
2019-02-08 10:21:43 MANAGEMENT: TCP Socket listening on [AF_INET]
127.0.0.1:548342019-02-08 10:21:43 Need hold release from management interface, waiting...
2019-02-08 10:21:43 *Tunnelblick: openvpnstart starting OpenVPN
2019-02-08 10:21:44 *Tunnelblick: Established communication with OpenVPN
2019-02-08 10:21:44 MANAGEMENT: Client connected from [AF_INET]
127.0.0.1:548342019-02-08 10:21:44 MANAGEMENT: CMD 'pid'
2019-02-08 10:21:44 MANAGEMENT: CMD 'auth-retry interact'
2019-02-08 10:21:44 MANAGEMENT: CMD 'state on'
2019-02-08 10:21:44 MANAGEMENT: CMD 'state'
2019-02-08 10:21:44 MANAGEMENT: CMD 'bytecount 1'
2019-02-08 10:21:44 >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
2019-02-08 10:21:44 MANAGEMENT: CMD 'hold release'
2019-02-08 10:21:44 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2019-02-08 10:21:44 MANAGEMENT: >STATE:1549621304,RESOLVE,,,,,,
2019-02-08 10:21:44 TCP/UDP: Preserving recently used remote address: [AF_INET]
63.35.23.106:4432019-02-08 10:21:44 Socket Buffers: R=[786896->786896] S=[9216->9216]
2019-02-08 10:21:44 UDP link local: (not bound)
2019-02-08 10:21:44 MANAGEMENT: >STATE:1549621304,WAIT,,,,,,
2019-02-08 10:21:44 MANAGEMENT: >STATE:1549621304,AUTH,,,,,,
2019-02-08 10:21:44 TLS: Initial packet from [AF_INET]
63.35.23.106:443, sid=6361e24d 3bbc2d1d
2019-02-08 10:21:44 VERIFY OK: depth=1, CN=mattharris
2019-02-08 10:21:44 VERIFY KU OK
2019-02-08 10:21:44 Validating certificate extended key usage
2019-02-08 10:21:44 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2019-02-08 10:21:44 VERIFY EKU OK
2019-02-08 10:21:44 VERIFY OK: depth=0, CN=server
2019-02-08 10:21:44 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
2019-02-08 10:21:44 [server] Peer Connection Initiated with [AF_INET]
63.35.23.106:4432019-02-08 10:21:45 MANAGEMENT: >STATE:1549621305,GET_CONFIG,,,,,,
2019-02-08 10:21:45 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2019-02-08 10:21:45 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,route-gateway 173.19.5.1,topology subnet,ping 1,ping-restart 20,auth-token,ifconfig 173.19.5.2 255.255.255.224,peer-id 0,cipher AES-256-GCM'
2019-02-08 10:21:45 OPTIONS IMPORT: timers and/or timeouts modified
2019-02-08 10:21:45 OPTIONS IMPORT: --ifconfig/up options modified
2019-02-08 10:21:45 OPTIONS IMPORT: route options modified
2019-02-08 10:21:45 OPTIONS IMPORT: route-related options modified
2019-02-08 10:21:45 OPTIONS IMPORT: peer-id set
2019-02-08 10:21:45 OPTIONS IMPORT: adjusting link_mtu to 1624
2019-02-08 10:21:45 OPTIONS IMPORT: data channel crypto options modified
2019-02-08 10:21:45 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2019-02-08 10:21:45 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2019-02-08 10:21:45 Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16)
2019-02-08 10:21:45 Opened utun device utun1
2019-02-08 10:21:45 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
2019-02-08 10:21:45 MANAGEMENT: >STATE:1549621305,ASSIGN_IP,,173.19.5.2,,,,
2019-02-08 10:21:45 /sbin/ifconfig utun1 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2019-02-08 10:21:45 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2019-02-08 10:21:45 /sbin/ifconfig utun1 173.19.5.2 173.19.5.2 netmask 255.255.255.224 mtu 1500 up
2019-02-08 10:21:45 /sbin/route add -net 173.19.5.0 173.19.5.2 255.255.255.224
2019-02-08 10:21:45 /Applications/Tunnelblick.app/Contents/Resources/
client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw utun1 1500 1552 173.19.5.2 255.255.255.224 init
**********************************************
NOTE: No network configuration changes need to be made.
WARNING: Will NOT monitor for other network configuration changes.
WARNING: Will NOT disable IPv6 settings.
DNS servers '172.16.1.1' will be used for DNS queries when the VPN is active
NOTE: The DNS servers do not include any free public DNS servers known to Tunnelblick. This may cause DNS queries to fail or be intercepted or falsified even if they are directed through the VPN. Specify only known public DNS servers or DNS servers located on the VPN network to avoid such problems.
Flushed the DNS cache via dscacheutil
/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
Notified mDNSResponder that the DNS cache was flushed
Not notifying mDNSResponderHelper that the DNS cache was flushed because it is not running
**********************************************
2019-02-08 10:21:47 /sbin/route add -net 63.35.23.106 172.16.1.1 255.255.255.255
2019-02-08 10:21:47 /sbin/route add -net 0.0.0.0 173.19.5.1 128.0.0.0
add net
0.0.0.0: gateway 173.19.5.1
2019-02-08 10:21:47 /sbin/route add -net 128.0.0.0 173.19.5.1 128.0.0.0
2019-02-08 10:21:47 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2019-02-08 10:21:47 Initialization Sequence Completed
2019-02-08 10:21:47 MANAGEMENT: >STATE:1549621307,CONNECTED,SUCCESS,173.19.5.2,63.35.23.106,443,,
2019-02-08 10:21:48 *Tunnelblick: No 'connected.sh' script to execute
2019-02-08 10:22:27 *Tunnelblick: After 30.0 seconds, gave up trying to fetch IP address information using the ipInfo host's name after connecting.
2019-02-08 10:23:00 *Tunnelblick: Disconnecting; VPN Details… window disconnect button pressed
2019-02-08 10:23:00 *Tunnelblick: No 'pre-disconnect.sh' script to execute
2019-02-08 10:23:00 *Tunnelblick: Disconnecting using 'kill'
2019-02-08 10:23:01 event_wait : Interrupted system call (code=4)
2019-02-08 10:23:01 /sbin/route delete -net 63.35.23.106 172.16.1.1 255.255.255.255
2019-02-08 10:23:01 /sbin/route delete -net 0.0.0.0 173.19.5.1 128.0.0.0
delete net
0.0.0.0: gateway 173.19.5.1
2019-02-08 10:23:01 /sbin/route delete -net 128.0.0.0 173.19.5.1 128.0.0.0
2019-02-08 10:23:01 Closing TUN/TAP interface
2019-02-08 10:23:01 /Applications/Tunnelblick.app/Contents/Resources/
client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw utun1 1500 1552 173.19.5.2 255.255.255.224 init
**********************************************
WARNING: Not restoring DNS settings because no saved Tunnelblick DNS information was found.
Flushed the DNS cache via dscacheutil
/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
Notified mDNSResponder that the DNS cache was flushed
Not notifying mDNSResponderHelper that the DNS cache was flushed because it is not running
**********************************************
2019-02-08 10:23:02 SIGTERM[hard,] received, process exiting
2019-02-08 10:23:02 MANAGEMENT: >STATE:1549621382,EXITING,SIGTERM,,,,,
2019-02-08 10:23:02 *Tunnelblick: No 'post-disconnect.sh' script to execute
2019-02-08 10:23:02 *Tunnelblick: Expected disconnection occurred.
================================================================================
"Sanitized" full configuration file
client
dev tun
proto udp
remote-random-hostname
resolv-retry infinite
nobind
persist-key
persist-tun
cert mycert.crt
key mykey.key
remote-cert-tls server
cipher AES-256-GCM
verb 3
<ca>
[Security-related line(s) omitted]
</ca>
reneg-sec 0
================================================================================
Network services:
An asterisk (*) denotes that a network service is disabled.
Dell USB3.0 Dock
Wi-Fi
Bluetooth PAN
London
Woking
Wi-Fi Power (en0): On
================================================================================
ifconfig output:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.94.0.1 netmask 0xff000000
nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
XHC20: flags=0<> mtu 0
XHC0: flags=0<> mtu 0
VHC128: flags=0<> mtu 0
en3: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether ac:de:48:00:11:22
inet6 fe80::aede:48ff:fe00:1122%en3 prefixlen 64 scopeid 0x7
nd6 options=201<PERFORMNUD,DAD>
media: autoselect (100baseTX <full-duplex>)
status: active
ap1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
ether 3a:f9:d3:1c:98:9c
media: autoselect
status: inactive
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 38:f9:d3:1c:98:9c
inet6 fe80::8bb:a614:fe9c:4ecf%en0 prefixlen 64 secured scopeid 0x9
inet 172.16.18.98 netmask 0xffff0000 broadcast 172.16.255.255
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether 0a:f9:d3:1c:98:9c
media: autoselect
status: inactive
awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1484
ether 26:3d:fb:01:3f:c3
inet6 fe80::243d:fbff:fe01:3fc3%awdl0 prefixlen 64 scopeid 0xb
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
en1: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=60<TSO4,TSO6>
ether 8a:00:e9:08:46:01
media: autoselect <full-duplex>
status: inactive
en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=60<TSO4,TSO6>
ether 8a:00:e9:08:46:00
media: autoselect <full-duplex>
status: inactive
bridge0: flags=8822<BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500
options=63<RXCSUM,TXCSUM,TSO4,TSO6>
ether 8a:00:e9:08:46:01
Configuration:
id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
ipfilter disabled flags 0x2
member: en1 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 12 priority 0 path cost 0
member: en2 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 13 priority 0 path cost 0
media: <unknown type>
status: inactive
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
inet6 fe80::dcb:80eb:6d5b:a12f%utun0 prefixlen 64 scopeid 0xf
nd6 options=201<PERFORMNUD,DAD>
================================================================================
Console Log:
2019-02-08 08:01:34 Tunnelblick[383] Tunnelblick: macOS 10.14.2; Tunnelblick 3.7.9beta02 (build 5200)
2019-02-08 08:01:35 Tunnelblick[383] DEPRECATED USE in libdispatch client: dispatch source activated with no event handler set; set a breakpoint on _dispatch_bug_deprecated to debug
2019-02-08 08:01:36 Tunnelblick[383] Sparkle: ===== Tunnelblick =====
2019-02-08 08:01:36 Tunnelblick[383] Sparkle: Verified appcast signature
2019-02-08 08:03:21 ksinstall[527] 2019-02-08 08:03:21.411 ksinstall[527/0x108c4c5c0] [lvl=2] -[KeystoneInstallTool main] Google Software Update installer started.
2019-02-08 08:03:21 ksinstall[527] 2019-02-08 08:03:21.419 ksinstall[527/0x108c4c5c0] [lvl=2] -[KeystoneInstallTool main] Google Software Update installer starting Installation.
2019-02-08 08:03:21 ksinstall[527] 2019-02-08 08:03:21.973 ksinstall[527/0x108c4c5c0] [lvl=2] -[KeystoneInstallTool main] Google Software Update installer ran successfully.
2019-02-08 10:03:48 Tunnelblick[383] Set 'expect disconnect 1 -SLibrary-SApplication Support-STunnelblick-SUsers-Smatthewharris-Sdownloaded--client--config-Dtblk-SContents-SResources'
2019-02-08 10:03:49 tunnelblickd[967] Status = 248 from tunnelblick-helper command 'kill 974'
2019-02-08 10:03:49 Tunnelblick[383] tunnelblickd status from kill: 248
tunnelblickd stderr:
'killOneOpenvpn(974): Process does not exist
'
2019-02-08 10:10:36 Tunnelblick[383] Error returned from setAttributes: {
NSFilePosixPermissions = 488;
} ofItemAtPath: /private/var/folders/gr/csbcnzj10db1jwk_j_pclts00000gn/T; Error was Error Domain=NSCocoaErrorDomain Code=513 "You don’t have permission to save the file “T” in the folder “csbcnzj10db1jwk_j_pclts00000gn”." UserInfo={NSFilePath=/private/var/folders/gr/csbcnzj10db1jwk_j_pclts00000gn/T, NSUnderlyingError=0x600003c954a0 {Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted"}}; stack trace: (
0 Tunnelblick 0x000000010cb7bbf6 -[NSFileManager(TB) tbChangeFileAttributes:atPath:] + 161
1 Tunnelblick 0x000000010cbbc30c createDir + 303
2 Tunnelblick 0x000000010cbbc368 createDir + 395
3 Tunnelblick 0x000000010cb873b5 -[ConfigurationManager installConfigurations:skipConfirmationMessage:skipResultMessage:notifyDelegate:disallowCommands:] + 1578
4 Tunnelblick 0x000000010cb879f7 -[ConfigurationManager installConfigurations:skipMessages:notifyDelegate:disallowCommands:] + 77
5 Tunnelblick 0x000000010cb8ceed +[ConfigurationManager installConfigurationsShowMessagesNotifyDelegateOperation:] + 93
6 Foundation 0x00007fff2d970104 __NSThread__start__ + 1218
7 libsystem_pthread.dylib 0x00007fff58a45305 _pthread_body + 126
8 libsystem_pthread.dylib 0x00007fff58a4826f _pthread_start + 70
9 libsystem_pthread.dylib 0x00007fff58a44415 thread_start + 13
)
2019-02-08 10:10:36 Tunnelblick[383] Warning: Unable to change permissions from 700 to 750 on /private/var/folders/gr/csbcnzj10db1jwk_j_pclts00000gn/T
2019-02-08 10:10:36 Tunnelblick[383] Converting/Installing /Users/matthewharris/Downloads/downloaded-client-config.ovpn at line 10: Copied client1.domain.tld.crt
2019-02-08 10:10:36 Tunnelblick[383] Changed permissions from 644 to 740 on /private/var/folders/gr/csbcnzj10db1jwk_j_pclts00000gn/T/Tunnelblick-Tza5Hm/downloaded-client-config.tblk/Contents/Resources/client1.domain.tld.crt
2019-02-08 10:10:36 Tunnelblick[383] Converting/Installing /Users/matthewharris/Downloads/downloaded-client-config.ovpn at line 11: Copied client1.domain.tld.key
2019-02-08 10:10:36 Tunnelblick[383] Changed permissions from 644 to 740 on /private/var/folders/gr/csbcnzj10db1jwk_j_pclts00000gn/T/Tunnelblick-Tza5Hm/downloaded-client-config.tblk/Contents/Resources/client1.domain.tld.key
2019-02-08 10:10:36 Tunnelblick[383] Converting/Installing /Users/matthewharris/Downloads/downloaded-client-config.ovpn: Converted OpenVPN configuration
2019-02-08 10:10:41 Tunnelblick[383] Tunnelblick needs to perform an action that requires a computer administrator's authorization.
2019-02-08 10:10:41 Tunnelblick[383] Beginning installation or repair
2019-02-08 10:10:41 Tunnelblick[383] Installation or repair succeeded; Log:
Tunnelblick installer started 2019-02-08 10:10:41. 3 arguments: 0x0001
/Users/matthewharris/Library/Application Support/Tunnelblick/Configurations/downloaded-client-config.tblk
/private/var/folders/gr/csbcnzj10db1jwk_j_pclts00000gn/T/Tunnelblick-Tza5Hm/downloaded-client-config.tblk
Copied /private/var/folders/gr/csbcnzj10db1jwk_j_pclts00000gn/T/Tunnelblick-Tza5Hm/downloaded-client-config.tblk
to /Users/matthewharris/Library/Application Support/Tunnelblick/Configurations/downloaded-client-config.tblk.temp
Renamed /Users/matthewharris/Library/Application Support/Tunnelblick/Configurations/downloaded-client-config.tblk.temp
to /Users/matthewharris/Library/Application Support/Tunnelblick/Configurations/downloaded-client-config.tblk
Changed ownership of /Users/matthewharris/Library/Application Support/Tunnelblick/Configurations/downloaded-client-config.tblk and its contents from 501:20 to 501:80
Deleted /Library/Application Support/Tunnelblick/Users/matthewharris/downloaded-client-config.tblk
Copied /Users/matthewharris/Library/Application Support/Tunnelblick/Configurations/downloaded-client-config.tblk
to /Library/Application Support/Tunnelblick/Users/matthewharris/downloaded-client-config.tblk.temp
Renamed /Library/Application Support/Tunnelblick/Users/matthewharris/downloaded-client-config.tblk.temp
to /Library/Application Support/Tunnelblick/Users/matthewharris/downloaded-client-config.tblk
Changed ownership of /Library/Application Support/Tunnelblick/Users/matthewharris/downloaded-client-config.tblk and its contents from 501:80 to 0:0
Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/matthewharris/downloaded-client-config.tblk
Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/matthewharris/downloaded-client-config.tblk/Contents
Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/matthewharris/downloaded-client-config.tblk/Contents/Resources
Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/matthewharris/downloaded-client-config.tblk/Contents/Resources/client1.domain.tld.crt
Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/matthewharris/downloaded-client-config.tblk/Contents/Resources/client1.domain.tld.key
Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/matthewharris/downloaded-client-config.tblk/Contents/Resources/config.ovpn
Updated secure (shadow) copy of downloaded-client-config.tblk
Tunnelblick installer finished without error
2019-02-08 10:17:08 Tunnelblick[383] Cleared 'expect disconnect 0 -SLibrary-SApplication Support-STunnelblick-SUsers-Smatthewharris-Sdownloaded--client--config-Dtblk-SContents-SResources'
2019-02-08 10:17:23 Tunnelblick[383] Set 'expect disconnect 1 -SLibrary-SApplication Support-STunnelblick-SUsers-Smatthewharris-Sdownloaded--client--config-Dtblk-SContents-SResources'
2019-02-08 10:17:24 tunnelblickd[1129] Status = 248 from tunnelblick-helper command 'kill 1137'
2019-02-08 10:17:24 Tunnelblick[383] tunnelblickd status from kill: 248
tunnelblickd stderr:
'killOneOpenvpn(1137): Process does not exist
'
2019-02-08 10:19:04 Tunnelblick[383] Cleared 'expect disconnect 0 -SLibrary-SApplication Support-STunnelblick-SUsers-Smatthewharris-Sdownloaded--client--config-Dtblk-SContents-SResources'
2019-02-08 10:21:14 Tunnelblick[383] Set 'expect disconnect 1 -SLibrary-SApplication Support-STunnelblick-SUsers-Smatthewharris-Sdownloaded--client--config-Dtblk-SContents-SResources'
2019-02-08 10:21:22 Tunnelblick[383] Tunnelblick needs to perform an action that requires a computer administrator's authorization.
2019-02-08 10:21:22 Tunnelblick[383] Beginning installation or repair
2019-02-08 10:21:23 Tunnelblick[383] Installation or repair succeeded; Log:
Tunnelblick installer started 2019-02-08 10:21:22. 2 arguments: 0x2001
/Users/matthewharris/Library/Application Support/Tunnelblick/Configurations/downloaded-client-config.tblk
removed /Users/matthewharris/Library/Application Support/Tunnelblick/Configurations/downloaded-client-config.tblk
removed /Library/Application Support/Tunnelblick/Users/matthewharris/downloaded-client-config.tblk
Tunnelblick installer finished without error
2019-02-08 10:21:23 Tunnelblick[383] Uninstalled configuration file /Users/matthewharris/Library/Application Support/Tunnelblick/Configurations/downloaded-client-config.tblk
2019-02-08 10:21:23 Tunnelblick[383] localizedNameForDisplayName: 'downloaded-client-config' is not a known displayName; stack trace: (
0 Tunnelblick 0x000000010cbbbf5e callStack + 56
1 Tunnelblick 0x000000010cb49df5 -[MenuController localizedNameForDisplayName:] + 73
2 Tunnelblick 0x000000010cbab462 -[SettingsSheetWindowController setupSettingsFromPreferences] + 370
3 Tunnelblick 0x000000010cb98716 -[MyPrefsWindowController setupLeftNavigationToDisplayName:] + 2004
4 Tunnelblick 0x000000010cb98778 -[MyPrefsWindowController update] + 38
5 Foundation 0x00007fff2da0fbab __NSThreadPerformPerform + 327
6 CoreFoundation 0x00007fff2b631475 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
7 CoreFoundation 0x00007fff2b63141b __CFRunLoopDoSource0 + 108
8 CoreFoundation 0x00007fff2b614eb5 __CFRunLoopDoSources0 + 195
9 CoreFoundation 0x00007fff2b61445e __CFRunLoopRun + 1219
10 CoreFoundation 0x00007fff2b613d48 CFRunLoopRunSpecific + 463
11 HIToolbox 0x00007fff2a8aaab5 RunCurrentEventLoopInMode + 293
12 HIToolbox 0x00007fff2a8aa7eb ReceiveNextEventCommon + 618
13 HIToolbox 0x00007fff2a8aa568 _BlockUntilNextEventMatchingListInModeWithFilter + 64
14 AppKit 0x00007fff28b65363 _DPSNextEvent + 997
15 AppKit 0x00007fff28b64102 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 1362
16 AppKit 0x00007fff28b5e165 -[NSApplication run] + 699
17 AppKit 0x00007fff28b4d8a3 NSApplicationMain + 780
18 Tunnelblick 0x000000010cb376e4 start + 52
)
2019-02-08 10:21:23 Tunnelblick[383] localizedNameForDisplayName: 'downloaded-client-config' is not a known displayName; stack trace: (
0 Tunnelblick 0x000000010cbbbf5e callStack + 56
1 Tunnelblick 0x000000010cb49df5 -[MenuController localizedNameForDisplayName:] + 73
2 Tunnelblick 0x000000010cbab462 -[SettingsSheetWindowController setupSettingsFromPreferences] + 370
3 Foundation 0x00007fff2da0fbab __NSThreadPerformPerform + 327
4 CoreFoundation 0x00007fff2b631475 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
5 CoreFoundation 0x00007fff2b63141b __CFRunLoopDoSource0 + 108
6 CoreFoundation 0x00007fff2b614f0d __CFRunLoopDoSources0 + 283
7 CoreFoundation 0x00007fff2b61445e __CFRunLoopRun + 1219
8 CoreFoundation 0x00007fff2b613d48 CFRunLoopRunSpecific + 463
9 UIFoundation 0x00007fff53aa2bf1 -[NSHTMLReader _loadUsingWebKit] + 1916
10 UIFoundation 0x00007fff53aa5bf7 -[NSHTMLReader attributedString] + 22
11 UIFoundation 0x00007fff53a2aa28 _NSReadAttributedStringFromURLOrData + 12698
12 UIFoundation 0x00007fff53a277fa -[NSAttributedString(NSAttributedStringUIFoundationAdditions) initWithData:options:documentAttributes:error:] + 117
13 Tunnelblick 0x000000010cb6e564 attributedStringFromHTML + 160
14 Tunnelblick 0x000000010cbabecf -[SettingsSheetWindowController setupSettingsFromPreferences] + 3039
15 Tunnelblick 0x000000010cb98716 -[MyPrefsWindowController setupLeftNavigationToDisplayName:] + 2004
16 Tunnelblick 0x000000010cb98778 -[MyPrefsWindowController update] + 38
17 Foundation 0x00007fff2da0fbab __NSThreadPerformPerform + 327
18 CoreFoundation 0x00007fff2b631475 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
19 CoreFoundation 0x00007fff2b63141b __CFRunLoopDoSource0 + 108
20 CoreFoundation 0x00007fff2b614eb5 __CFRunLoopDoSources0 + 195
21 CoreFoundation 0x00007fff2b61445e __CFRunLoopRun + 1219
22 CoreFoundation 0x00007fff2b613d48 CFRunLoopRunSpecific + 463
23 HIToolbox 0x00007fff2a8aaab5 RunCurrentEventLoopInMode + 293
24 HIToolbox 0x00007fff2a8aa7eb ReceiveNextEventCommon + 618
25 HIToolbox 0x00007fff2a8aa568 _BlockUntilNextEventMatchingListInModeWithFilter + 64
26 AppKit 0x00007fff28b65363 _DPSNextEvent + 997
27 AppKit 0x00007fff28b64102 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 1362
28 AppKit 0x00007fff28b5e165 -[NSApplication run] + 699
29 AppKit 0x00007fff28b4d8a3 NSApplicationMain + 780
30 Tunnelblick 0x000000010cb376e4 start + 52
)
2019-02-08 10:21:35 Tunnelblick[383] Error returned from setAttributes: {
NSFilePosixPermissions = 488;
} ofItemAtPath: /private/var/folders/gr/csbcnzj10db1jwk_j_pclts00000gn/T; Error was Error Domain=NSCocoaErrorDomain Code=513 "You don’t have permission to save the file “T” in the folder “csbcnzj10db1jwk_j_pclts00000gn”." UserInfo={NSFilePath=/private/var/folders/gr/csbcnzj10db1jwk_j_pclts00000gn/T, NSUnderlyingError=0x600003de4a80 {Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted"}}; stack trace: (
0 Tunnelblick 0x000000010cb7bbf6 -[NSFileManager(TB) tbChangeFileAttributes:atPath:] + 161
1 Tunnelblick 0x000000010cbbc30c createDir + 303
2 Tunnelblick 0x000000010cbbc368 createDir + 395
3 Tunnelblick 0x000000010cb873b5 -[ConfigurationManager installConfigurations:skipConfirmationMessage:skipResultMessage:notifyDelegate:disallowCommands:] + 1578
4 Tunnelblick 0x000000010cb879f7 -[ConfigurationManager installConfigurations:skipMessages:notifyDelegate:disallowCommands:] + 77
5 Tunnelblick 0x000000010cb8ceed +[ConfigurationManager installConfigurationsShowMessagesNotifyDelegateOperation:] + 93
6 Foundation 0x00007fff2d970104 __NSThread__start__ + 1218
7 libsystem_pthread.dylib 0x00007fff58a45305 _pthread_body + 126
8 libsystem_pthread.dylib 0x00007fff58a4826f _pthread_start + 70
9 libsystem_pthread.dylib 0x00007fff58a44415 thread_start + 13
)
2019-02-08 10:21:35 Tunnelblick[383] Warning: Unable to change permissions from 700 to 750 on /private/var/folders/gr/csbcnzj10db1jwk_j_pclts00000gn/T
2019-02-08 10:21:35 Tunnelblick[383] Converting/Installing /Users/matthewharris/Downloads/downloaded-client-config.ovpn at line 10: Copied client1.domain.tld.crt
2019-02-08 10:21:35 Tunnelblick[383] Changed permissions from 644 to 740 on /private/var/folders/gr/csbcnzj10db1jwk_j_pclts00000gn/T/Tunnelblick-ftPbvJ/downloaded-client-config.tblk/Contents/Resources/client1.domain.tld.crt
2019-02-08 10:21:35 Tunnelblick[383] Converting/Installing /Users/matthewharris/Downloads/downloaded-client-config.ovpn at line 11: Copied client1.domain.tld.key
2019-02-08 10:21:35 Tunnelblick[383] Changed permissions from 644 to 740 on /private/var/folders/gr/csbcnzj10db1jwk_j_pclts00000gn/T/Tunnelblick-ftPbvJ/downloaded-client-config.tblk/Contents/Resources/client1.domain.tld.key
2019-02-08 10:21:35 Tunnelblick[383] Converting/Installing /Users/matthewharris/Downloads/downloaded-client-config.ovpn: Converted OpenVPN configuration
2019-02-08 10:21:40 Tunnelblick[383] Tunnelblick needs to perform an action that requires a computer administrator's authorization.
2019-02-08 10:21:40 Tunnelblick[383] Beginning installation or repair
2019-02-08 10:21:40 Tunnelblick[383] Installation or repair succeeded; Log:
Tunnelblick installer started 2019-02-08 10:21:40. 3 arguments: 0x0001
/Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk
/private/var/folders/gr/csbcnzj10db1jwk_j_pclts00000gn/T/Tunnelblick-ftPbvJ/downloaded-client-config.tblk
Copied /private/var/folders/gr/csbcnzj10db1jwk_j_pclts00000gn/T/Tunnelblick-ftPbvJ/downloaded-client-config.tblk
to /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk.temp
Renamed /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk.temp
to /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk
Changed ownership of /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk and its contents from 501:20 to 0:0
Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk
Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk/Contents
Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk/Contents/Resources
Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk/Contents/Resources/client1.domain.tld.crt
Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk/Contents/Resources/client1.domain.tld.key
Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk/Contents/Resources/config.ovpn
Tunnelblick installer finished without error
2019-02-08 10:22:27 Tunnelblick[383] currentIPInfo(Name): IP address info could not be fetched within 34.6 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={NSUnderlyingError=0x600003d1e790 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "The request timed out." UserInfo={NSErrorFailingURLStringKey=
https://tunnelblick.net/ipinfo, NSErrorFailingURLKey=
https://tunnelblick.net/ipinfo, _kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4, NSLocalizedDescription=The request timed out.}}, NSErrorFailingURLStringKey=
https://tunnelblick.net/ipinfo, NSErrorFailingURLKey=
https://tunnelblick.net/ipinfo, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-2102, NSLocalizedDescription=The request timed out.}'; the response was '(null)'
2019-02-08 10:23:01 Tunnelblick[383] Set 'expect disconnect 1 -SLibrary-SApplication Support-STunnelblick-SShared-Sdownloaded--client--config-Dtblk-SContents-SResources'
2019-02-08 10:23:02 Tunnelblick[383] currentIPInfo(Address): IP address info could not be fetched within 34.5 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={NSUnderlyingError=0x600003d314d0 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "The request timed out." UserInfo={NSErrorFailingURLStringKey=
https://205.233.73.116/ipinfo, NSErrorFailingURLKey=
https://205.233.73.116/ipinfo, _kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4, NSLocalizedDescription=The request timed out.}}, NSErrorFailingURLStringKey=
https://205.233.73.116/ipinfo, NSErrorFailingURLKey=
https://205.233.73.116/ipinfo, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-2102, NSLocalizedDescription=The request timed out.}'; the response was '(null)'
2019-02-08 10:23:02 tunnelblickd[1461] Status = 248 from tunnelblick-helper command 'kill 1395'
2019-02-08 10:23:02 Tunnelblick[383] tunnelblickd status from kill: 248
tunnelblickd stderr:
'killOneOpenvpn(1395): Process does not exist
'