Connected to AWS VPC resources but no local internet access while connected
1,282 views
Skip to first unread message
matt....@thefilter.com
Feb 8, 2019, 5:44:53 AM2/8/19
to tunnelblick-discuss
Hi all,
I have been struggling to get Tunnelblick connected to AWS Client VPN using certificates as authentication.
The connection establishes as expected I am able to connect (SSH/Curl) to my resources in AWS, however, local access no longer works.
I have tried:
- Current Stable, Beta and legacy versions
- Route All IPv4 Traffic over VPN (on/off)
- Set DNS after connection (on/off)
- Set DNS (all options tried) I am able to resolve DNS with this set to "Set Nameservers", it seems to use my firewalls DNS gateway.
-
Config
client
dev tun
proto udp
remote-random-hostname
resolv-retry infinite
nobind
persist-key
persist-tun
cert mycertificate.crt
key mykey.key
remote-cert-tls server
cipher AES-256-GCM
verb 3
<ca>
-----BEGIN CERTIFICATE-----
bla bla bla
-----END CERTIFICATE-----
</ca>
reneg-sec 0
Logs
*Tunnelblick: macOS 10.14.2; Tunnelblick 3.7.9beta02 (build 5200); prior version 3.7.9beta01 (build 5190); Admin user
git commit e776ee99c72f123303d71557a8a3d9f1f57a7f95
Configuration downloaded-client-config
"Sanitized" condensed configuration file for /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk:
client
dev tun
proto udp
remote-random-hostname
resolv-retry infinite
nobind
persist-key
persist-tun
cert mycert.crt
key mykey.key
remote-cert-tls server
cipher AES-256-GCM
verb 3
<ca>
[Security-related line(s) omitted]
</ca>
reneg-sec 0
================================================================================
Non-Apple kexts that are loaded:
Index Refs Address Size Wired Name (Version) UUID <Linked Against>
108 0 0xffffff7f83f90000 0x7000 0x7000 net.sf.tuntaposx.tun (1.0) 95DD963D-E23D-3B0F-8DE8-A4D2F6BFA5CC <8 6 5 1>
109 0 0xffffff7f83f97000 0x7000 0x7000 net.sf.tuntaposx.tap (1.0) 23FDB715-3D0D-3A26-ACBA-E3794C231CB7 <8 6 5 1>
112 0 0xffffff7f83fac000 0x5000 0x5000 org.pqrs.driver.Karabiner.VirtualHIDDevice.v060800 (6.8.0) 19C2E27F-C5B5-334B-9F70-8C9A51814EA3 <44 6 5 3 1>
172 0 0xffffff7f84707000 0xc000 0xc000 com.displaylink.driver.DisplayLinkDriver (5.0 (42)) 4E4C9A34-2960-3AC0-8BB7-861686561DAB <113 13 6 5 3>
173 0 0xffffff7f84713000 0x12000 0x12000 net.pulsesecure.PulseSecureFirewall (9.0.2f5) F5EB3488-092C-3EC1-9D32-7461A0A1A5C8 <6 5 3 2 1>
================================================================================
Files in downloaded-client-config.tblk:
Contents/Resources/cli….crt
Contents/Resources/cli….key
Contents/Resources/config.ovpn
================================================================================
Configuration preferences:
-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
-lastConnectionSucceeded = 1
================================================================================
Wildcard preferences:
-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
================================================================================
Program preferences:
launchAtNextLogin = 1
tunnelblickVersionHistory = (
"3.7.9beta02 (build 5200)",
"3.7.9beta01 (build 5190)",
"3.7.8 (build 5180)"
)
statusDisplayNumber = 0
lastLaunchTime = 571305696.494301
lastLanguageAtLaunchWasRTL = 0
connectionWindowDisplayCriteria = showWhenConnecting
maxLogDisplaySize = 10485760
lastConnectedDisplayName = downloaded-client-config
keyboardShortcutIndex = 1
updateCheckAutomatically = 1
NSWindow Frame SettingsSheetWindow = 339 266 829 524 0 0 1440 877
NSWindow Frame ConnectingWindow = 525 517 389 187 0 0 1440 877
NSWindow Frame SUStatusFrame = -1696 485 400 129 -1920 0 1920 1057
NSWindow Frame SUUpdateAlert = -1847 208 620 392 -1920 0 1920 1057
NSWindow Frame ListingWindow = -3259 491 500 422 -3840 0 1920 1057
detailsWindowFrameVersion = 5190
detailsWindowFrame = {{-1479, 323}, {920, 468}}
detailsWindowLeftFrame = {{0, 0}, {165, 350}}
detailsWindowViewIndex = 0
detailsWindowConfigurationsTabIdentifier = log
leftNavSelectedDisplayName = downloaded-client-config
AdvancedWindowTabIdentifier = connectingAndDisconnecting
haveDealtWithOldTunTapPreferences = 1
haveDealtWithOldLoginItem = 1
haveDealtWithAfterDisconnect = 1
SUEnableAutomaticChecks = 1
SUScheduledCheckInterval = 86400
SULastCheckTime = 2019-02-08 08:01:36 +0000
SUHasLaunchedBefore = 1
WebKitDefaultFontSize = 16
WebKitStandardFont = Times
================================================================================
Tunnelblick Log:
*Tunnelblick: macOS 10.14.2; Tunnelblick 3.7.9beta02 (build 5200); prior version 3.7.9beta01 (build 5190)
2019-02-08 10:21:43 *Tunnelblick: Attempting connection with downloaded-client-config; Set nameserver = 769; monitoring connection
2019-02-08 10:21:43 *Tunnelblick: openvpnstart start downloaded-client-config.tblk 54834 769 0 3 0 1065264 -ptADGNWradsgnw 2.4.6-openssl-1.0.2q
2019-02-08 10:21:43 *Tunnelblick: openvpnstart log:
OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.4.6-openssl-1.0.2q/openvpn
--daemon
--log /Library/Application Support/Tunnelblick/Logs/-SLibrary-SApplication Support-STunnelblick-SShared-Sdownloaded--client--config.tblk-SContents-SResources-Sconfig.ovpn.769_0_3_0_1065264.54834.openvpn.log
--cd /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk/Contents/Resources
--setenv IV_GUI_VER "net.tunnelblick.tunnelblick 5200 3.7.9beta02 (build 5200)"
--verb 3
--config /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk/Contents/Resources/config.ovpn
--setenv TUNNELBLICK_CONFIG_FOLDER /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk/Contents/Resources
--verb 3
--cd /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk/Contents/Resources
--management 127.0.0.1 54834 /Library/Application Support/Tunnelblick/khejkncgkmkfjgjlcceflpagljmefklebbmmbkjj.mip
--management-query-passwords
--management-hold
--script-security 2
--up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
--down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
2019-02-08 10:21:43 OpenVPN 2.4.6 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Jan 10 2019
2019-02-08 10:21:43 library versions: OpenSSL 1.0.2q 20 Nov 2018, LZO 2.10
2019-02-08 10:21:43 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:54834
2019-02-08 10:21:43 Need hold release from management interface, waiting...
2019-02-08 10:21:43 *Tunnelblick: openvpnstart starting OpenVPN
2019-02-08 10:21:44 *Tunnelblick: Established communication with OpenVPN
2019-02-08 10:21:44 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:54834
2019-02-08 10:21:44 MANAGEMENT: CMD 'pid'
2019-02-08 10:21:44 MANAGEMENT: CMD 'auth-retry interact'
2019-02-08 10:21:44 MANAGEMENT: CMD 'state on'
2019-02-08 10:21:44 MANAGEMENT: CMD 'state'
2019-02-08 10:21:44 MANAGEMENT: CMD 'bytecount 1'
2019-02-08 10:21:44 >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
2019-02-08 10:21:44 MANAGEMENT: CMD 'hold release'
2019-02-08 10:21:44 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2019-02-08 10:21:44 MANAGEMENT: >STATE:1549621304,RESOLVE,,,,,,
2019-02-08 10:21:44 TCP/UDP: Preserving recently used remote address: [AF_INET]63.35.23.106:443
2019-02-08 10:21:44 Socket Buffers: R=[786896->786896] S=[9216->9216]
2019-02-08 10:21:44 UDP link local: (not bound)
2019-02-08 10:21:44 UDP link remote: [AF_INET]63.35.23.106:443
2019-02-08 10:21:44 MANAGEMENT: >STATE:1549621304,WAIT,,,,,,
2019-02-08 10:21:44 MANAGEMENT: >STATE:1549621304,AUTH,,,,,,
2019-02-08 10:21:44 TLS: Initial packet from [AF_INET]63.35.23.106:443, sid=6361e24d 3bbc2d1d
2019-02-08 10:21:44 VERIFY OK: depth=1, CN=mattharris
2019-02-08 10:21:44 VERIFY KU OK
2019-02-08 10:21:44 Validating certificate extended key usage
2019-02-08 10:21:44 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2019-02-08 10:21:44 VERIFY EKU OK
2019-02-08 10:21:44 VERIFY OK: depth=0, CN=server
2019-02-08 10:21:44 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
2019-02-08 10:21:44 [server] Peer Connection Initiated with [AF_INET]63.35.23.106:443
2019-02-08 10:21:45 MANAGEMENT: >STATE:1549621305,GET_CONFIG,,,,,,
2019-02-08 10:21:45 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2019-02-08 10:21:45 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,route-gateway 173.19.5.1,topology subnet,ping 1,ping-restart 20,auth-token,ifconfig 173.19.5.2 255.255.255.224,peer-id 0,cipher AES-256-GCM'
2019-02-08 10:21:45 OPTIONS IMPORT: timers and/or timeouts modified
2019-02-08 10:21:45 OPTIONS IMPORT: --ifconfig/up options modified
2019-02-08 10:21:45 OPTIONS IMPORT: route options modified
2019-02-08 10:21:45 OPTIONS IMPORT: route-related options modified
2019-02-08 10:21:45 OPTIONS IMPORT: peer-id set
2019-02-08 10:21:45 OPTIONS IMPORT: adjusting link_mtu to 1624
2019-02-08 10:21:45 OPTIONS IMPORT: data channel crypto options modified
2019-02-08 10:21:45 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2019-02-08 10:21:45 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2019-02-08 10:21:45 Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16)
2019-02-08 10:21:45 Opened utun device utun1
2019-02-08 10:21:45 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
2019-02-08 10:21:45 MANAGEMENT: >STATE:1549621305,ASSIGN_IP,,173.19.5.2,,,,
2019-02-08 10:21:45 /sbin/ifconfig utun1 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2019-02-08 10:21:45 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2019-02-08 10:21:45 /sbin/ifconfig utun1 173.19.5.2 173.19.5.2 netmask 255.255.255.224 mtu 1500 up
2019-02-08 10:21:45 /sbin/route add -net 173.19.5.0 173.19.5.2 255.255.255.224
add net 173.19.5.0: gateway 173.19.5.2
2019-02-08 10:21:45 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw utun1 1500 1552 173.19.5.2 255.255.255.224 init
**********************************************
Start of output from client.up.tunnelblick.sh
NOTE: No network configuration changes need to be made.
WARNING: Will NOT monitor for other network configuration changes.
WARNING: Will NOT disable IPv6 settings.
DNS servers '172.16.1.1' will be used for DNS queries when the VPN is active
NOTE: The DNS servers do not include any free public DNS servers known to Tunnelblick. This may cause DNS queries to fail or be intercepted or falsified even if they are directed through the VPN. Specify only known public DNS servers or DNS servers located on the VPN network to avoid such problems.
Flushed the DNS cache via dscacheutil
/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
Notified mDNSResponder that the DNS cache was flushed
Not notifying mDNSResponderHelper that the DNS cache was flushed because it is not running
End of output from client.up.tunnelblick.sh
**********************************************
2019-02-08 10:21:47 /sbin/route add -net 63.35.23.106 172.16.1.1 255.255.255.255
add net 63.35.23.106: gateway 172.16.1.1
2019-02-08 10:21:47 /sbin/route add -net 0.0.0.0 173.19.5.1 128.0.0.0
add net 0.0.0.0: gateway 173.19.5.1
2019-02-08 10:21:47 /sbin/route add -net 128.0.0.0 173.19.5.1 128.0.0.0
add net 128.0.0.0: gateway 173.19.5.1
2019-02-08 10:21:47 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2019-02-08 10:21:47 Initialization Sequence Completed
2019-02-08 10:21:47 MANAGEMENT: >STATE:1549621307,CONNECTED,SUCCESS,173.19.5.2,63.35.23.106,443,,
2019-02-08 10:21:48 *Tunnelblick: No 'connected.sh' script to execute
2019-02-08 10:22:27 *Tunnelblick: After 30.0 seconds, gave up trying to fetch IP address information using the ipInfo host's name after connecting.
2019-02-08 10:23:00 *Tunnelblick: Disconnecting; VPN Details… window disconnect button pressed
2019-02-08 10:23:00 *Tunnelblick: No 'pre-disconnect.sh' script to execute
2019-02-08 10:23:00 *Tunnelblick: Disconnecting using 'kill'
2019-02-08 10:23:01 event_wait : Interrupted system call (code=4)
2019-02-08 10:23:01 /sbin/route delete -net 63.35.23.106 172.16.1.1 255.255.255.255
delete net 63.35.23.106: gateway 172.16.1.1
2019-02-08 10:23:01 /sbin/route delete -net 0.0.0.0 173.19.5.1 128.0.0.0
delete net 0.0.0.0: gateway 173.19.5.1
2019-02-08 10:23:01 /sbin/route delete -net 128.0.0.0 173.19.5.1 128.0.0.0
delete net 128.0.0.0: gateway 173.19.5.1
2019-02-08 10:23:01 Closing TUN/TAP interface
2019-02-08 10:23:01 /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw utun1 1500 1552 173.19.5.2 255.255.255.224 init
**********************************************
Start of output from client.down.tunnelblick.sh
WARNING: Not restoring DNS settings because no saved Tunnelblick DNS information was found.
Flushed the DNS cache via dscacheutil
/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
Notified mDNSResponder that the DNS cache was flushed
Not notifying mDNSResponderHelper that the DNS cache was flushed because it is not running
End of output from client.down.tunnelblick.sh
**********************************************
2019-02-08 10:23:02 SIGTERM[hard,] received, process exiting
2019-02-08 10:23:02 MANAGEMENT: >STATE:1549621382,EXITING,SIGTERM,,,,,
2019-02-08 10:23:02 *Tunnelblick: No 'post-disconnect.sh' script to execute
2019-02-08 10:23:02 *Tunnelblick: Expected disconnection occurred.
================================================================================
"Sanitized" full configuration file
client
dev tun
proto udp
remote-random-hostname
resolv-retry infinite
nobind
persist-key
persist-tun
cert mycert.crt
key mykey.key
remote-cert-tls server
cipher AES-256-GCM
verb 3
<ca>
[Security-related line(s) omitted]
</ca>
reneg-sec 0
================================================================================
Network services:
An asterisk (*) denotes that a network service is disabled.
Dell USB3.0 Dock
Wi-Fi
Bluetooth PAN
London
Woking
Wi-Fi Power (en0): On
================================================================================
ifconfig output:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.94.0.1 netmask 0xff000000
nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
XHC20: flags=0<> mtu 0
XHC0: flags=0<> mtu 0
VHC128: flags=0<> mtu 0
en3: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether ac:de:48:00:11:22
inet6 fe80::aede:48ff:fe00:1122%en3 prefixlen 64 scopeid 0x7
nd6 options=201<PERFORMNUD,DAD>
media: autoselect (100baseTX <full-duplex>)
status: active
ap1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
ether 3a:f9:d3:1c:98:9c
media: autoselect
status: inactive
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 38:f9:d3:1c:98:9c
inet6 fe80::8bb:a614:fe9c:4ecf%en0 prefixlen 64 secured scopeid 0x9
inet 172.16.18.98 netmask 0xffff0000 broadcast 172.16.255.255
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether 0a:f9:d3:1c:98:9c
media: autoselect
status: inactive
awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1484
ether 26:3d:fb:01:3f:c3
inet6 fe80::243d:fbff:fe01:3fc3%awdl0 prefixlen 64 scopeid 0xb
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
en1: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=60<TSO4,TSO6>
ether 8a:00:e9:08:46:01
media: autoselect <full-duplex>
status: inactive
en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=60<TSO4,TSO6>
ether 8a:00:e9:08:46:00
media: autoselect <full-duplex>
status: inactive
bridge0: flags=8822<BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500
options=63<RXCSUM,TXCSUM,TSO4,TSO6>
ether 8a:00:e9:08:46:01
Configuration:
id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
ipfilter disabled flags 0x2
member: en1 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 12 priority 0 path cost 0
member: en2 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 13 priority 0 path cost 0
media: <unknown type>
status: inactive
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
inet6 fe80::dcb:80eb:6d5b:a12f%utun0 prefixlen 64 scopeid 0xf
nd6 options=201<PERFORMNUD,DAD>
================================================================================
Console Log:
2019-02-08 08:01:34 Tunnelblick[383] Tunnelblick: macOS 10.14.2; Tunnelblick 3.7.9beta02 (build 5200)
2019-02-08 08:01:35 Tunnelblick[383] DEPRECATED USE in libdispatch client: dispatch source activated with no event handler set; set a breakpoint on _dispatch_bug_deprecated to debug
2019-02-08 08:01:36 Tunnelblick[383] Sparkle: ===== Tunnelblick =====
2019-02-08 08:01:36 Tunnelblick[383] Sparkle: Verified appcast signature
2019-02-08 08:03:21 ksinstall[527] 2019-02-08 08:03:21.411 ksinstall[527/0x108c4c5c0] [lvl=2] -[KeystoneInstallTool main] Google Software Update installer started.
2019-02-08 08:03:21 ksinstall[527] 2019-02-08 08:03:21.419 ksinstall[527/0x108c4c5c0] [lvl=2] -[KeystoneInstallTool main] Google Software Update installer starting Installation.
2019-02-08 08:03:21 ksinstall[527] 2019-02-08 08:03:21.973 ksinstall[527/0x108c4c5c0] [lvl=2] -[KeystoneInstallTool main] Google Software Update installer ran successfully.
2019-02-08 10:03:48 Tunnelblick[383] Set 'expect disconnect 1 -SLibrary-SApplication Support-STunnelblick-SUsers-Smatthewharris-Sdownloaded--client--config-Dtblk-SContents-SResources'
2019-02-08 10:03:49 tunnelblickd[967] Status = 248 from tunnelblick-helper command 'kill 974'
2019-02-08 10:03:49 Tunnelblick[383] tunnelblickd status from kill: 248
tunnelblickd stderr:
'killOneOpenvpn(974): Process does not exist
'
2019-02-08 10:10:36 Tunnelblick[383] Error returned from setAttributes: {
NSFilePosixPermissions = 488;
} ofItemAtPath: /private/var/folders/gr/csbcnzj10db1jwk_j_pclts00000gn/T; Error was Error Domain=NSCocoaErrorDomain Code=513 "You don’t have permission to save the file “T” in the folder “csbcnzj10db1jwk_j_pclts00000gn”." UserInfo={NSFilePath=/private/var/folders/gr/csbcnzj10db1jwk_j_pclts00000gn/T, NSUnderlyingError=0x600003c954a0 {Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted"}}; stack trace: (
0 Tunnelblick 0x000000010cb7bbf6 -[NSFileManager(TB) tbChangeFileAttributes:atPath:] + 161
1 Tunnelblick 0x000000010cbbc30c createDir + 303
2 Tunnelblick 0x000000010cbbc368 createDir + 395
3 Tunnelblick 0x000000010cb873b5 -[ConfigurationManager installConfigurations:skipConfirmationMessage:skipResultMessage:notifyDelegate:disallowCommands:] + 1578
4 Tunnelblick 0x000000010cb879f7 -[ConfigurationManager installConfigurations:skipMessages:notifyDelegate:disallowCommands:] + 77
5 Tunnelblick 0x000000010cb8ceed +[ConfigurationManager installConfigurationsShowMessagesNotifyDelegateOperation:] + 93
6 Foundation 0x00007fff2d970104 __NSThread__start__ + 1218
7 libsystem_pthread.dylib 0x00007fff58a45305 _pthread_body + 126
8 libsystem_pthread.dylib 0x00007fff58a4826f _pthread_start + 70
9 libsystem_pthread.dylib 0x00007fff58a44415 thread_start + 13
)
2019-02-08 10:10:36 Tunnelblick[383] Warning: Unable to change permissions from 700 to 750 on /private/var/folders/gr/csbcnzj10db1jwk_j_pclts00000gn/T
2019-02-08 10:10:36 Tunnelblick[383] Converting/Installing /Users/matthewharris/Downloads/downloaded-client-config.ovpn at line 10: Copied client1.domain.tld.crt
2019-02-08 10:10:36 Tunnelblick[383] Changed permissions from 644 to 740 on /private/var/folders/gr/csbcnzj10db1jwk_j_pclts00000gn/T/Tunnelblick-Tza5Hm/downloaded-client-config.tblk/Contents/Resources/client1.domain.tld.crt
2019-02-08 10:10:36 Tunnelblick[383] Converting/Installing /Users/matthewharris/Downloads/downloaded-client-config.ovpn at line 11: Copied client1.domain.tld.key
2019-02-08 10:10:36 Tunnelblick[383] Changed permissions from 644 to 740 on /private/var/folders/gr/csbcnzj10db1jwk_j_pclts00000gn/T/Tunnelblick-Tza5Hm/downloaded-client-config.tblk/Contents/Resources/client1.domain.tld.key
2019-02-08 10:10:36 Tunnelblick[383] Converting/Installing /Users/matthewharris/Downloads/downloaded-client-config.ovpn: Converted OpenVPN configuration
2019-02-08 10:10:41 Tunnelblick[383] Tunnelblick needs to perform an action that requires a computer administrator's authorization.
2019-02-08 10:10:41 Tunnelblick[383] Beginning installation or repair
2019-02-08 10:10:41 Tunnelblick[383] Installation or repair succeeded; Log:
Tunnelblick installer started 2019-02-08 10:10:41. 3 arguments: 0x0001
/Users/matthewharris/Library/Application Support/Tunnelblick/Configurations/downloaded-client-config.tblk
/private/var/folders/gr/csbcnzj10db1jwk_j_pclts00000gn/T/Tunnelblick-Tza5Hm/downloaded-client-config.tblk
Copied /private/var/folders/gr/csbcnzj10db1jwk_j_pclts00000gn/T/Tunnelblick-Tza5Hm/downloaded-client-config.tblk
to /Users/matthewharris/Library/Application Support/Tunnelblick/Configurations/downloaded-client-config.tblk.temp
Renamed /Users/matthewharris/Library/Application Support/Tunnelblick/Configurations/downloaded-client-config.tblk.temp
to /Users/matthewharris/Library/Application Support/Tunnelblick/Configurations/downloaded-client-config.tblk
Changed ownership of /Users/matthewharris/Library/Application Support/Tunnelblick/Configurations/downloaded-client-config.tblk and its contents from 501:20 to 501:80
Deleted /Library/Application Support/Tunnelblick/Users/matthewharris/downloaded-client-config.tblk
Copied /Users/matthewharris/Library/Application Support/Tunnelblick/Configurations/downloaded-client-config.tblk
to /Library/Application Support/Tunnelblick/Users/matthewharris/downloaded-client-config.tblk.temp
Renamed /Library/Application Support/Tunnelblick/Users/matthewharris/downloaded-client-config.tblk.temp
to /Library/Application Support/Tunnelblick/Users/matthewharris/downloaded-client-config.tblk
Changed ownership of /Library/Application Support/Tunnelblick/Users/matthewharris/downloaded-client-config.tblk and its contents from 501:80 to 0:0
Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/matthewharris/downloaded-client-config.tblk
Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/matthewharris/downloaded-client-config.tblk/Contents
Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/matthewharris/downloaded-client-config.tblk/Contents/Resources
Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/matthewharris/downloaded-client-config.tblk/Contents/Resources/client1.domain.tld.crt
Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/matthewharris/downloaded-client-config.tblk/Contents/Resources/client1.domain.tld.key
Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/matthewharris/downloaded-client-config.tblk/Contents/Resources/config.ovpn
Updated secure (shadow) copy of downloaded-client-config.tblk
Tunnelblick installer finished without error
2019-02-08 10:17:08 Tunnelblick[383] Cleared 'expect disconnect 0 -SLibrary-SApplication Support-STunnelblick-SUsers-Smatthewharris-Sdownloaded--client--config-Dtblk-SContents-SResources'
2019-02-08 10:17:23 Tunnelblick[383] Set 'expect disconnect 1 -SLibrary-SApplication Support-STunnelblick-SUsers-Smatthewharris-Sdownloaded--client--config-Dtblk-SContents-SResources'
2019-02-08 10:17:24 tunnelblickd[1129] Status = 248 from tunnelblick-helper command 'kill 1137'
2019-02-08 10:17:24 Tunnelblick[383] tunnelblickd status from kill: 248
tunnelblickd stderr:
'killOneOpenvpn(1137): Process does not exist
'
2019-02-08 10:19:04 Tunnelblick[383] Cleared 'expect disconnect 0 -SLibrary-SApplication Support-STunnelblick-SUsers-Smatthewharris-Sdownloaded--client--config-Dtblk-SContents-SResources'
2019-02-08 10:21:14 Tunnelblick[383] Set 'expect disconnect 1 -SLibrary-SApplication Support-STunnelblick-SUsers-Smatthewharris-Sdownloaded--client--config-Dtblk-SContents-SResources'
2019-02-08 10:21:22 Tunnelblick[383] Tunnelblick needs to perform an action that requires a computer administrator's authorization.
2019-02-08 10:21:22 Tunnelblick[383] Beginning installation or repair
2019-02-08 10:21:23 Tunnelblick[383] Installation or repair succeeded; Log:
Tunnelblick installer started 2019-02-08 10:21:22. 2 arguments: 0x2001
/Users/matthewharris/Library/Application Support/Tunnelblick/Configurations/downloaded-client-config.tblk
removed /Users/matthewharris/Library/Application Support/Tunnelblick/Configurations/downloaded-client-config.tblk
removed /Library/Application Support/Tunnelblick/Users/matthewharris/downloaded-client-config.tblk
Tunnelblick installer finished without error
2019-02-08 10:21:23 Tunnelblick[383] Uninstalled configuration file /Users/matthewharris/Library/Application Support/Tunnelblick/Configurations/downloaded-client-config.tblk
2019-02-08 10:21:23 Tunnelblick[383] localizedNameForDisplayName: 'downloaded-client-config' is not a known displayName; stack trace: (
0 Tunnelblick 0x000000010cbbbf5e callStack + 56
1 Tunnelblick 0x000000010cb49df5 -[MenuController localizedNameForDisplayName:] + 73
2 Tunnelblick 0x000000010cbab462 -[SettingsSheetWindowController setupSettingsFromPreferences] + 370
3 Tunnelblick 0x000000010cb98716 -[MyPrefsWindowController setupLeftNavigationToDisplayName:] + 2004
4 Tunnelblick 0x000000010cb98778 -[MyPrefsWindowController update] + 38
5 Foundation 0x00007fff2da0fbab __NSThreadPerformPerform + 327
6 CoreFoundation 0x00007fff2b631475 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
7 CoreFoundation 0x00007fff2b63141b __CFRunLoopDoSource0 + 108
8 CoreFoundation 0x00007fff2b614eb5 __CFRunLoopDoSources0 + 195
9 CoreFoundation 0x00007fff2b61445e __CFRunLoopRun + 1219
10 CoreFoundation 0x00007fff2b613d48 CFRunLoopRunSpecific + 463
11 HIToolbox 0x00007fff2a8aaab5 RunCurrentEventLoopInMode + 293
12 HIToolbox 0x00007fff2a8aa7eb ReceiveNextEventCommon + 618
13 HIToolbox 0x00007fff2a8aa568 _BlockUntilNextEventMatchingListInModeWithFilter + 64
14 AppKit 0x00007fff28b65363 _DPSNextEvent + 997
15 AppKit 0x00007fff28b64102 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 1362
16 AppKit 0x00007fff28b5e165 -[NSApplication run] + 699
17 AppKit 0x00007fff28b4d8a3 NSApplicationMain + 780
18 Tunnelblick 0x000000010cb376e4 start + 52
)
2019-02-08 10:21:23 Tunnelblick[383] localizedNameForDisplayName: 'downloaded-client-config' is not a known displayName; stack trace: (
0 Tunnelblick 0x000000010cbbbf5e callStack + 56
1 Tunnelblick 0x000000010cb49df5 -[MenuController localizedNameForDisplayName:] + 73
2 Tunnelblick 0x000000010cbab462 -[SettingsSheetWindowController setupSettingsFromPreferences] + 370
3 Foundation 0x00007fff2da0fbab __NSThreadPerformPerform + 327
4 CoreFoundation 0x00007fff2b631475 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
5 CoreFoundation 0x00007fff2b63141b __CFRunLoopDoSource0 + 108
6 CoreFoundation 0x00007fff2b614f0d __CFRunLoopDoSources0 + 283
7 CoreFoundation 0x00007fff2b61445e __CFRunLoopRun + 1219
8 CoreFoundation 0x00007fff2b613d48 CFRunLoopRunSpecific + 463
9 UIFoundation 0x00007fff53aa2bf1 -[NSHTMLReader _loadUsingWebKit] + 1916
10 UIFoundation 0x00007fff53aa5bf7 -[NSHTMLReader attributedString] + 22
11 UIFoundation 0x00007fff53a2aa28 _NSReadAttributedStringFromURLOrData + 12698
12 UIFoundation 0x00007fff53a277fa -[NSAttributedString(NSAttributedStringUIFoundationAdditions) initWithData:options:documentAttributes:error:] + 117
13 Tunnelblick 0x000000010cb6e564 attributedStringFromHTML + 160
14 Tunnelblick 0x000000010cbabecf -[SettingsSheetWindowController setupSettingsFromPreferences] + 3039
15 Tunnelblick 0x000000010cb98716 -[MyPrefsWindowController setupLeftNavigationToDisplayName:] + 2004
16 Tunnelblick 0x000000010cb98778 -[MyPrefsWindowController update] + 38
17 Foundation 0x00007fff2da0fbab __NSThreadPerformPerform + 327
18 CoreFoundation 0x00007fff2b631475 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
19 CoreFoundation 0x00007fff2b63141b __CFRunLoopDoSource0 + 108
20 CoreFoundation 0x00007fff2b614eb5 __CFRunLoopDoSources0 + 195
21 CoreFoundation 0x00007fff2b61445e __CFRunLoopRun + 1219
22 CoreFoundation 0x00007fff2b613d48 CFRunLoopRunSpecific + 463
23 HIToolbox 0x00007fff2a8aaab5 RunCurrentEventLoopInMode + 293
24 HIToolbox 0x00007fff2a8aa7eb ReceiveNextEventCommon + 618
25 HIToolbox 0x00007fff2a8aa568 _BlockUntilNextEventMatchingListInModeWithFilter + 64
26 AppKit 0x00007fff28b65363 _DPSNextEvent + 997
27 AppKit 0x00007fff28b64102 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 1362
28 AppKit 0x00007fff28b5e165 -[NSApplication run] + 699
29 AppKit 0x00007fff28b4d8a3 NSApplicationMain + 780
30 Tunnelblick 0x000000010cb376e4 start + 52
)
2019-02-08 10:21:35 Tunnelblick[383] Error returned from setAttributes: {
NSFilePosixPermissions = 488;
} ofItemAtPath: /private/var/folders/gr/csbcnzj10db1jwk_j_pclts00000gn/T; Error was Error Domain=NSCocoaErrorDomain Code=513 "You don’t have permission to save the file “T” in the folder “csbcnzj10db1jwk_j_pclts00000gn”." UserInfo={NSFilePath=/private/var/folders/gr/csbcnzj10db1jwk_j_pclts00000gn/T, NSUnderlyingError=0x600003de4a80 {Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted"}}; stack trace: (
0 Tunnelblick 0x000000010cb7bbf6 -[NSFileManager(TB) tbChangeFileAttributes:atPath:] + 161
1 Tunnelblick 0x000000010cbbc30c createDir + 303
2 Tunnelblick 0x000000010cbbc368 createDir + 395
3 Tunnelblick 0x000000010cb873b5 -[ConfigurationManager installConfigurations:skipConfirmationMessage:skipResultMessage:notifyDelegate:disallowCommands:] + 1578
4 Tunnelblick 0x000000010cb879f7 -[ConfigurationManager installConfigurations:skipMessages:notifyDelegate:disallowCommands:] + 77
5 Tunnelblick 0x000000010cb8ceed +[ConfigurationManager installConfigurationsShowMessagesNotifyDelegateOperation:] + 93
6 Foundation 0x00007fff2d970104 __NSThread__start__ + 1218
7 libsystem_pthread.dylib 0x00007fff58a45305 _pthread_body + 126
8 libsystem_pthread.dylib 0x00007fff58a4826f _pthread_start + 70
9 libsystem_pthread.dylib 0x00007fff58a44415 thread_start + 13
)
2019-02-08 10:21:35 Tunnelblick[383] Warning: Unable to change permissions from 700 to 750 on /private/var/folders/gr/csbcnzj10db1jwk_j_pclts00000gn/T
2019-02-08 10:21:35 Tunnelblick[383] Converting/Installing /Users/matthewharris/Downloads/downloaded-client-config.ovpn at line 10: Copied client1.domain.tld.crt
2019-02-08 10:21:35 Tunnelblick[383] Changed permissions from 644 to 740 on /private/var/folders/gr/csbcnzj10db1jwk_j_pclts00000gn/T/Tunnelblick-ftPbvJ/downloaded-client-config.tblk/Contents/Resources/client1.domain.tld.crt
2019-02-08 10:21:35 Tunnelblick[383] Converting/Installing /Users/matthewharris/Downloads/downloaded-client-config.ovpn at line 11: Copied client1.domain.tld.key
2019-02-08 10:21:35 Tunnelblick[383] Changed permissions from 644 to 740 on /private/var/folders/gr/csbcnzj10db1jwk_j_pclts00000gn/T/Tunnelblick-ftPbvJ/downloaded-client-config.tblk/Contents/Resources/client1.domain.tld.key
2019-02-08 10:21:35 Tunnelblick[383] Converting/Installing /Users/matthewharris/Downloads/downloaded-client-config.ovpn: Converted OpenVPN configuration
2019-02-08 10:21:40 Tunnelblick[383] Tunnelblick needs to perform an action that requires a computer administrator's authorization.
2019-02-08 10:21:40 Tunnelblick[383] Beginning installation or repair
2019-02-08 10:21:40 Tunnelblick[383] Installation or repair succeeded; Log:
Tunnelblick installer started 2019-02-08 10:21:40. 3 arguments: 0x0001
/Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk
/private/var/folders/gr/csbcnzj10db1jwk_j_pclts00000gn/T/Tunnelblick-ftPbvJ/downloaded-client-config.tblk
Copied /private/var/folders/gr/csbcnzj10db1jwk_j_pclts00000gn/T/Tunnelblick-ftPbvJ/downloaded-client-config.tblk
to /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk.temp
Renamed /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk.temp
to /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk
Changed ownership of /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk and its contents from 501:20 to 0:0
Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk
Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk/Contents
Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk/Contents/Resources
Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk/Contents/Resources/client1.domain.tld.crt
Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk/Contents/Resources/client1.domain.tld.key
Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk/Contents/Resources/config.ovpn
Tunnelblick installer finished without error
2019-02-08 10:22:27 Tunnelblick[383] currentIPInfo(Name): IP address info could not be fetched within 34.6 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={NSUnderlyingError=0x600003d1e790 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "The request timed out." UserInfo={NSErrorFailingURLStringKey=https://tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://tunnelblick.net/ipinfo, _kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4, NSLocalizedDescription=The request timed out.}}, NSErrorFailingURLStringKey=https://tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://tunnelblick.net/ipinfo, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-2102, NSLocalizedDescription=The request timed out.}'; the response was '(null)'
2019-02-08 10:23:01 Tunnelblick[383] Set 'expect disconnect 1 -SLibrary-SApplication Support-STunnelblick-SShared-Sdownloaded--client--config-Dtblk-SContents-SResources'
2019-02-08 10:23:02 Tunnelblick[383] currentIPInfo(Address): IP address info could not be fetched within 34.5 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={NSUnderlyingError=0x600003d314d0 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "The request timed out." UserInfo={NSErrorFailingURLStringKey=https://205.233.73.116/ipinfo, NSErrorFailingURLKey=https://205.233.73.116/ipinfo, _kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4, NSLocalizedDescription=The request timed out.}}, NSErrorFailingURLStringKey=https://205.233.73.116/ipinfo, NSErrorFailingURLKey=https://205.233.73.116/ipinfo, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-2102, NSLocalizedDescription=The request timed out.}'; the response was '(null)'
2019-02-08 10:23:02 tunnelblickd[1461] Status = 248 from tunnelblick-helper command 'kill 1395'
2019-02-08 10:23:02 Tunnelblick[383] tunnelblickd status from kill: 248
tunnelblickd stderr:
'killOneOpenvpn(1395): Process does not exist
'
Route Tables
Before to connection
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 172.16.1.1 UGSc 95 0 en0
127 127.0.0.1 UCS 0 0 lo0
127.0.0.1 127.0.0.1 UH 1 444 lo0
127.94.0.1 127.94.0.1 UH 0 130 lo0
169.254 link#9 UCS 0 0 en0 !
172.16 link#9 UCS 26 0 en0 !
172.16.1.1/32 link#9 UCS 1 0 en0 !
172.16.1.1 0:18:a:11:53:d4 UHLWIir 38 321 en0 1191
172.16.2.1 54:60:9:fc:f5:94 UHLWI 0 210 en0 738
172.16.2.14 54:60:9:fc:f7:ae UHLWI 0 113 en0 1166
172.16.2.15 54:60:9:fc:ff:30 UHLWI 0 102 en0 1166
172.16.2.63 ac:bc:32:cf:ea:b9 UHLWI 0 0 en0 760
172.16.2.64 3c:7:54:66:12:41 UHLWI 0 0 en0 1127
172.16.2.77 b4:9c:df:34:e4:37 UHLWIi 1 7 en0 1155
172.16.3.0 f4:5c:89:c6:ec:fd UHLWI 0 0 en0 986
172.16.3.38 7c:fa:df:49:83:d0 UHLWI 0 0 en0 638
172.16.3.47 e0:c7:67:10:44:fe UHLWI 0 0 en0 803
172.16.4.2 dc:a9:4:82:c2:a3 UHLWI 0 1 en0 1182
172.16.5.65 d0:2b:20:58:d4:c7 UHLWI 0 23 en0 1183
172.16.5.143 e4:f0:42:81:4d:8e UHLWI 0 96 en0 1183
172.16.8.30 64:70:33:d4:91:4d UHLWI 0 19 en0 1030
172.16.10.141 d8:31:34:b:ed:51 UHLWI 0 0 en0 1183
172.16.10.224 1c:5a:3e:ef:df:af UHLWI 0 0 en0 1183
172.16.10.225 1c:5a:3e:f6:57:f5 UHLWI 0 0 en0 1183
172.16.12.67 c8:69:cd:ad:be:2 UHLWI 0 1 en0 972
172.16.13.136 b8:53:ac:a7:61:29 UHLWI 0 7 en0 289
172.16.17.174 58:e2:8f:64:4f:b0 UHLWI 0 3 en0 659
172.16.18.98/32 link#9 UCS 1 0 en0 !
172.16.18.98 38:f9:d3:1c:98:9c UHLWI 0 8 lo0
172.16.22.45 ac:92:32:5f:8f:4e UHLWI 0 0 en0 685
172.16.22.90 6c:e8:5c:c9:b:71 UHLWI 0 4 en0 410
172.16.23.37 f8:2d:7c:de:6a:6b UHLWI 0 3 en0 863
172.16.23.160 f4:5c:89:db:fb:ed UHLWI 0 2 en0 811
172.16.24.24 14:10:9f:d0:fa:c7 UHLWI 0 2 en0 609
172.16.27.226 e4:2b:34:19:94:d4 UHLWI 0 4 en0 250
172.16.255.255 ff:ff:ff:ff:ff:ff UHLWbI 0 3 en0 !
224.0.0/4 link#9 UmCS 2 0 en0 !
224.0.0.251 1:0:5e:0:0:fb UHmLWI 0 0 en0
239.255.255.250 1:0:5e:7f:ff:fa UHmLWI 0 36 en0
255.255.255.255/32 link#9 UCS 0 0 en0 !
After connection
Internet:
Destination Gateway Flags Refs Use Netif Expire
0/1 173.19.6.193 UGSc 80 0 utun1
default 172.16.1.1 UGSc 19 0 en0
63.35.10.40/32 172.16.1.1 UGSc 1 0 en0
127 127.0.0.1 UCS 0 0 lo0
127.0.0.1 127.0.0.1 UH 3 492 lo0
127.94.0.1 127.94.0.1 UH 0 130 lo0
128.0/1 173.19.6.193 UGSc 0 0 utun1
169.254 link#9 UCS 0 0 en0 !
172.16 link#9 UCS 27 0 en0 !
172.16.1.1/32 link#9 UCS 1 0 en0 !
172.16.1.1 0:18:a:11:53:d4 UHLWIir 10 358 en0 1195
172.16.2.1 54:60:9:fc:f5:94 UHLWI 0 222 en0 695
172.16.2.14 54:60:9:fc:f7:ae UHLWI 0 115 en0 1123
172.16.2.15 54:60:9:fc:ff:30 UHLWI 0 104 en0 1123
172.16.2.63 ac:bc:32:cf:ea:b9 UHLWI 0 0 en0 717
172.16.2.64 3c:7:54:66:12:41 UHLWI 0 0 en0 1199
172.16.2.77 b4:9c:df:34:e4:37 UHLWI 0 8 en0 1172
172.16.3.0 f4:5c:89:c6:ec:fd UHLWI 0 0 en0 943
172.16.3.38 7c:fa:df:49:83:d0 UHLWI 0 0 en0 595
172.16.3.47 e0:c7:67:10:44:fe UHLWI 0 0 en0 760
172.16.4.2 dc:a9:4:82:c2:a3 UHLWI 0 1 en0 1174
172.16.5.65 d0:2b:20:58:d4:c7 UHLWI 0 26 en0 1184
172.16.5.143 e4:f0:42:81:4d:8e UHLWI 0 104 en0 1180
172.16.8.30 64:70:33:d4:91:4d UHLWI 0 20 en0 987
172.16.10.141 d8:31:34:b:ed:51 UHLWI 0 0 en0 1140
172.16.10.224 1c:5a:3e:ef:df:af UHLWI 0 0 en0 1172
172.16.10.225 1c:5a:3e:f6:57:f5 UHLWI 0 0 en0 1140
172.16.12.67 c8:69:cd:ad:be:2 UHLWI 0 1 en0 929
172.16.13.136 b8:53:ac:a7:61:29 UHLWI 0 7 en0 246
172.16.17.174 58:e2:8f:64:4f:b0 UHLWI 0 3 en0 616
172.16.18.98/32 link#9 UCS 1 0 en0 !
172.16.18.98 38:f9:d3:1c:98:9c UHLWI 0 9 lo0
172.16.22.45 ac:92:32:5f:8f:4e UHLWI 0 0 en0 642
172.16.22.90 6c:e8:5c:c9:b:71 UHLWI 0 4 en0 367
172.16.23.37 f8:2d:7c:de:6a:6b UHLWI 0 3 en0 820
172.16.23.160 f4:5c:89:db:fb:ed UHLWI 0 2 en0 768
172.16.24.24 14:10:9f:d0:fa:c7 UHLWI 0 2 en0 566
172.16.27.226 e4:2b:34:19:94:d4 UHLWI 0 4 en0 207
172.16.255.255 ff:ff:ff:ff:ff:ff UHLWbI 0 3 en0 !
173.19.6.192/27 173.19.6.194 UGSc 12 0 utun1
173.19.6.194 173.19.6.194 UH 1 0 utun1
224.0.0/4 link#9 UmCS 2 0 en0 !
224.0.0.251 1:0:5e:0:0:fb UHmLWI 0 0 en0
239.255.255.250 1:0:5e:7f:ff:fa UHmLWI 0 36 en0
255.255.255.255/32 link#9 UCS 0 0 en0 !
The only thing I can think that's causing the internet to stop working is the addition of the 0/1 gateway at the top of the route table.
Would greatly appreciate any help you can offer.
Matt
Matt Harris
Feb 8, 2019, 6:33:48 AM2/8/19
to tunnelbli...@googlegroups.com
Since posting this, I have found that this could be a limitation of how AWS push the settings back to Tunnelblick.
Does AWS Client VPN support split tunnel?
A: No. All the VPN sessions are full-tunnel VPN. Once the VPN session is created, all the traffic from the device will traverse through the VPN session
Does anyone know of a way around this?
Matt
Tunnelblick developer
Feb 8, 2019, 12:09:53 PM2/8/19
to tunnelblick-discuss
The highlighted entry:
2019-02-08 10:21:45 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,route-gateway 173.19.5.1,topology subnet,ping 1,ping-restart 20,auth-token,ifconfig 173.19.5.2 255.255.255.224,peer-id 0,cipher AES-256-GCM'
To get around that you may be able to have the client OpenVPN restrict which options it accepts when pushed by the server using OpenVPN's "pull-filter" option. (You'd put that option in the OpenVPN configuration file.) Consult sources of OpenVPN info:
However, Tunnelblick/OpenVPN does not do split tunnels "built-in", so you'd have to set up your own routing. By default, without "redirect-gateway def1 bypass-dhcp", only traffic destined for the VPN will go through the tunnel. I assume you want all traffic except "local" traffic to go through the tunnel, so you'd have to set up routing to do that. You could do that in scripts which you then set up to have Tunnelblick invoke at specific points in the connection process. See Using Scripts for details.
Message has been deleted
Matt Harris
Feb 12, 2019, 10:00:25 AM2/12/19
to tunnelblick-discuss
Thanks for getting back to me. I will take a look into scripts. It was confusing me for a while as Tunnelblick has the checkbox to select whether all traffic is routed via the VPN in my case to AWS or only traffic destined for AWS (essentially a split tunnel) but I guess the server side config is overriding this setting when connecting.
ony...@gmail.com
Feb 21, 2020, 7:40:04 AM2/21/20
to tunnelblick-discuss
Hi
How were you able to connect to you AWS resources? My VPN/Tunnel Brick is up and running and I followed these steps: https://medium.com/@Ahmed_Ansar/how-to-setup-aws-vpn-endpoint-8b15e78fd8b0 but I can't SSH or access port 80 on my instances. Can you please help?
Thank you.
...
Reply all
Reply to author
Forward
0 new messages