Connected to AWS VPC resources but no local internet access while connected

1,282 views
Skip to first unread message

matt....@thefilter.com

unread,
Feb 8, 2019, 5:44:53 AM2/8/19
to tunnelblick-discuss
Hi all,

I have been struggling to get Tunnelblick connected to AWS Client VPN using certificates as authentication.
The connection establishes as expected I am able to connect (SSH/Curl) to my resources in AWS, however, local access no longer works.

I have tried:

 - Current Stable, Beta and legacy versions
 - Route All IPv4 Traffic over VPN (on/off)
 - Set DNS after connection (on/off)
 - Set DNS (all options tried) I am able to resolve DNS with this set to "Set Nameservers", it seems to use my firewalls DNS gateway.
 - 

Config

client
dev tun
proto udp
remote-random-hostname
resolv-retry infinite
nobind
persist-key
persist-tun
cert mycertificate.crt
key mykey.key
remote-cert-tls server
cipher AES-256-GCM
verb 3
<ca>

-----BEGIN CERTIFICATE-----
bla bla bla
-----END CERTIFICATE-----

</ca>

reneg-sec 0

Logs
*Tunnelblick: macOS 10.14.2; Tunnelblick 3.7.9beta02 (build 5200); prior version 3.7.9beta01 (build 5190); Admin user
git commit e776ee99c72f123303d71557a8a3d9f1f57a7f95


Configuration downloaded-client-config

"Sanitized" condensed configuration file for /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk:

client
dev tun
proto udp
remote-random-hostname
resolv-retry infinite
nobind
persist-key
persist-tun
cert mycert.crt
key mykey.key
remote-cert-tls server
cipher AES-256-GCM
verb 3
<ca>
[Security-related line(s) omitted]
</ca>
reneg-sec 0


================================================================================

Non-Apple kexts that are loaded:

Index Refs Address            Size       Wired      Name (Version) UUID <Linked Against>
  108    0 0xffffff7f83f90000 0x7000     0x7000     net.sf.tuntaposx.tun (1.0) 95DD963D-E23D-3B0F-8DE8-A4D2F6BFA5CC <8 6 5 1>
  109    0 0xffffff7f83f97000 0x7000     0x7000     net.sf.tuntaposx.tap (1.0) 23FDB715-3D0D-3A26-ACBA-E3794C231CB7 <8 6 5 1>
  112    0 0xffffff7f83fac000 0x5000     0x5000     org.pqrs.driver.Karabiner.VirtualHIDDevice.v060800 (6.8.0) 19C2E27F-C5B5-334B-9F70-8C9A51814EA3 <44 6 5 3 1>
  172    0 0xffffff7f84707000 0xc000     0xc000     com.displaylink.driver.DisplayLinkDriver (5.0 (42)) 4E4C9A34-2960-3AC0-8BB7-861686561DAB <113 13 6 5 3>
  173    0 0xffffff7f84713000 0x12000    0x12000    net.pulsesecure.PulseSecureFirewall (9.0.2f5) F5EB3488-092C-3EC1-9D32-7461A0A1A5C8 <6 5 3 2 1>

================================================================================

Files in downloaded-client-config.tblk:
      Contents/Resources/cli….crt
      Contents/Resources/cli….key
      Contents/Resources/config.ovpn

================================================================================

Configuration preferences:

-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
-lastConnectionSucceeded = 1

================================================================================

Wildcard preferences:

-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0

================================================================================

Program preferences:

launchAtNextLogin = 1
tunnelblickVersionHistory = (
    "3.7.9beta02 (build 5200)",
    "3.7.9beta01 (build 5190)",
    "3.7.8 (build 5180)"
)
statusDisplayNumber = 0
lastLaunchTime = 571305696.494301
lastLanguageAtLaunchWasRTL = 0
connectionWindowDisplayCriteria = showWhenConnecting
maxLogDisplaySize = 10485760
lastConnectedDisplayName = downloaded-client-config
keyboardShortcutIndex = 1
updateCheckAutomatically = 1
NSWindow Frame SettingsSheetWindow = 339 266 829 524 0 0 1440 877 
NSWindow Frame ConnectingWindow = 525 517 389 187 0 0 1440 877 
NSWindow Frame SUStatusFrame = -1696 485 400 129 -1920 0 1920 1057 
NSWindow Frame SUUpdateAlert = -1847 208 620 392 -1920 0 1920 1057 
NSWindow Frame ListingWindow = -3259 491 500 422 -3840 0 1920 1057 
detailsWindowFrameVersion = 5190
detailsWindowFrame = {{-1479, 323}, {920, 468}}
detailsWindowLeftFrame = {{0, 0}, {165, 350}}
detailsWindowViewIndex = 0
detailsWindowConfigurationsTabIdentifier = log
leftNavSelectedDisplayName = downloaded-client-config
AdvancedWindowTabIdentifier = connectingAndDisconnecting
haveDealtWithOldTunTapPreferences = 1
haveDealtWithOldLoginItem = 1
haveDealtWithAfterDisconnect = 1
SUEnableAutomaticChecks = 1
SUScheduledCheckInterval = 86400
SULastCheckTime = 2019-02-08 08:01:36 +0000
SUHasLaunchedBefore = 1
WebKitDefaultFontSize = 16
WebKitStandardFont = Times

================================================================================

Tunnelblick Log:

*Tunnelblick: macOS 10.14.2; Tunnelblick 3.7.9beta02 (build 5200); prior version 3.7.9beta01 (build 5190)
2019-02-08 10:21:43 *Tunnelblick: Attempting connection with downloaded-client-config; Set nameserver = 769; monitoring connection
2019-02-08 10:21:43 *Tunnelblick: openvpnstart start downloaded-client-config.tblk 54834 769 0 3 0 1065264 -ptADGNWradsgnw 2.4.6-openssl-1.0.2q
2019-02-08 10:21:43 *Tunnelblick: openvpnstart log:
     OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
     
          /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.4.6-openssl-1.0.2q/openvpn
          --daemon
          --log /Library/Application Support/Tunnelblick/Logs/-SLibrary-SApplication Support-STunnelblick-SShared-Sdownloaded--client--config.tblk-SContents-SResources-Sconfig.ovpn.769_0_3_0_1065264.54834.openvpn.log
          --cd /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk/Contents/Resources
          --setenv IV_GUI_VER "net.tunnelblick.tunnelblick 5200 3.7.9beta02 (build 5200)"
          --verb 3
          --config /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk/Contents/Resources/config.ovpn
          --setenv TUNNELBLICK_CONFIG_FOLDER /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk/Contents/Resources
          --verb 3
          --cd /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk/Contents/Resources
          --management 127.0.0.1 54834 /Library/Application Support/Tunnelblick/khejkncgkmkfjgjlcceflpagljmefklebbmmbkjj.mip
          --management-query-passwords
          --management-hold
          --script-security 2
          --up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
          --down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw

2019-02-08 10:21:43 OpenVPN 2.4.6 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Jan 10 2019
2019-02-08 10:21:43 library versions: OpenSSL 1.0.2q  20 Nov 2018, LZO 2.10
2019-02-08 10:21:43 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:54834
2019-02-08 10:21:43 Need hold release from management interface, waiting...
2019-02-08 10:21:43 *Tunnelblick: openvpnstart starting OpenVPN
2019-02-08 10:21:44 *Tunnelblick: Established communication with OpenVPN
2019-02-08 10:21:44 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:54834
2019-02-08 10:21:44 MANAGEMENT: CMD 'pid'
2019-02-08 10:21:44 MANAGEMENT: CMD 'auth-retry interact'
2019-02-08 10:21:44 MANAGEMENT: CMD 'state on'
2019-02-08 10:21:44 MANAGEMENT: CMD 'state'
2019-02-08 10:21:44 MANAGEMENT: CMD 'bytecount 1'
2019-02-08 10:21:44 >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
2019-02-08 10:21:44 MANAGEMENT: CMD 'hold release'
2019-02-08 10:21:44 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2019-02-08 10:21:44 MANAGEMENT: >STATE:1549621304,RESOLVE,,,,,,
2019-02-08 10:21:44 TCP/UDP: Preserving recently used remote address: [AF_INET]63.35.23.106:443
2019-02-08 10:21:44 Socket Buffers: R=[786896->786896] S=[9216->9216]
2019-02-08 10:21:44 UDP link local: (not bound)
2019-02-08 10:21:44 UDP link remote: [AF_INET]63.35.23.106:443
2019-02-08 10:21:44 MANAGEMENT: >STATE:1549621304,WAIT,,,,,,
2019-02-08 10:21:44 MANAGEMENT: >STATE:1549621304,AUTH,,,,,,
2019-02-08 10:21:44 TLS: Initial packet from [AF_INET]63.35.23.106:443, sid=6361e24d 3bbc2d1d
2019-02-08 10:21:44 VERIFY OK: depth=1, CN=mattharris
2019-02-08 10:21:44 VERIFY KU OK
2019-02-08 10:21:44 Validating certificate extended key usage
2019-02-08 10:21:44 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2019-02-08 10:21:44 VERIFY EKU OK
2019-02-08 10:21:44 VERIFY OK: depth=0, CN=server
2019-02-08 10:21:44 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
2019-02-08 10:21:44 [server] Peer Connection Initiated with [AF_INET]63.35.23.106:443
2019-02-08 10:21:45 MANAGEMENT: >STATE:1549621305,GET_CONFIG,,,,,,
2019-02-08 10:21:45 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2019-02-08 10:21:45 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,route-gateway 173.19.5.1,topology subnet,ping 1,ping-restart 20,auth-token,ifconfig 173.19.5.2 255.255.255.224,peer-id 0,cipher AES-256-GCM'
2019-02-08 10:21:45 OPTIONS IMPORT: timers and/or timeouts modified
2019-02-08 10:21:45 OPTIONS IMPORT: --ifconfig/up options modified
2019-02-08 10:21:45 OPTIONS IMPORT: route options modified
2019-02-08 10:21:45 OPTIONS IMPORT: route-related options modified
2019-02-08 10:21:45 OPTIONS IMPORT: peer-id set
2019-02-08 10:21:45 OPTIONS IMPORT: adjusting link_mtu to 1624
2019-02-08 10:21:45 OPTIONS IMPORT: data channel crypto options modified
2019-02-08 10:21:45 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2019-02-08 10:21:45 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2019-02-08 10:21:45 Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16)
2019-02-08 10:21:45 Opened utun device utun1
2019-02-08 10:21:45 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
2019-02-08 10:21:45 MANAGEMENT: >STATE:1549621305,ASSIGN_IP,,173.19.5.2,,,,
2019-02-08 10:21:45 /sbin/ifconfig utun1 delete
                                        ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2019-02-08 10:21:45 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2019-02-08 10:21:45 /sbin/ifconfig utun1 173.19.5.2 173.19.5.2 netmask 255.255.255.224 mtu 1500 up
2019-02-08 10:21:45 /sbin/route add -net 173.19.5.0 173.19.5.2 255.255.255.224
                                        add net 173.19.5.0: gateway 173.19.5.2
2019-02-08 10:21:45 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw utun1 1500 1552 173.19.5.2 255.255.255.224 init
                                        **********************************************
                                        Start of output from client.up.tunnelblick.sh
                                        NOTE: No network configuration changes need to be made.
                                        WARNING: Will NOT monitor for other network configuration changes.
                                        WARNING: Will NOT disable IPv6 settings.
                                        DNS servers '172.16.1.1' will be used for DNS queries when the VPN is active
                                        NOTE: The DNS servers do not include any free public DNS servers known to Tunnelblick. This may cause DNS queries to fail or be intercepted or falsified even if they are directed through the VPN. Specify only known public DNS servers or DNS servers located on the VPN network to avoid such problems.
                                        Flushed the DNS cache via dscacheutil
                                        /usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
                                        Notified mDNSResponder that the DNS cache was flushed
                                        Not notifying mDNSResponderHelper that the DNS cache was flushed because it is not running
                                        End of output from client.up.tunnelblick.sh
                                        **********************************************
2019-02-08 10:21:47 /sbin/route add -net 63.35.23.106 172.16.1.1 255.255.255.255
                                        add net 63.35.23.106: gateway 172.16.1.1
2019-02-08 10:21:47 /sbin/route add -net 0.0.0.0 173.19.5.1 128.0.0.0
                                        add net 0.0.0.0: gateway 173.19.5.1
2019-02-08 10:21:47 /sbin/route add -net 128.0.0.0 173.19.5.1 128.0.0.0
                                        add net 128.0.0.0: gateway 173.19.5.1
2019-02-08 10:21:47 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2019-02-08 10:21:47 Initialization Sequence Completed
2019-02-08 10:21:47 MANAGEMENT: >STATE:1549621307,CONNECTED,SUCCESS,173.19.5.2,63.35.23.106,443,,
2019-02-08 10:21:48 *Tunnelblick: No 'connected.sh' script to execute
2019-02-08 10:22:27 *Tunnelblick: After 30.0 seconds, gave up trying to fetch IP address information using the ipInfo host's name after connecting.
2019-02-08 10:23:00 *Tunnelblick: Disconnecting; VPN Details… window disconnect button pressed
2019-02-08 10:23:00 *Tunnelblick: No 'pre-disconnect.sh' script to execute
2019-02-08 10:23:00 *Tunnelblick: Disconnecting using 'kill'
2019-02-08 10:23:01 event_wait : Interrupted system call (code=4)
2019-02-08 10:23:01 /sbin/route delete -net 63.35.23.106 172.16.1.1 255.255.255.255
                                        delete net 63.35.23.106: gateway 172.16.1.1
2019-02-08 10:23:01 /sbin/route delete -net 0.0.0.0 173.19.5.1 128.0.0.0
                                        delete net 0.0.0.0: gateway 173.19.5.1
2019-02-08 10:23:01 /sbin/route delete -net 128.0.0.0 173.19.5.1 128.0.0.0
                                        delete net 128.0.0.0: gateway 173.19.5.1
2019-02-08 10:23:01 Closing TUN/TAP interface
2019-02-08 10:23:01 /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw utun1 1500 1552 173.19.5.2 255.255.255.224 init
                                        **********************************************
                                        Start of output from client.down.tunnelblick.sh
                                        WARNING: Not restoring DNS settings because no saved Tunnelblick DNS information was found.
                                        Flushed the DNS cache via dscacheutil
                                        /usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
                                        Notified mDNSResponder that the DNS cache was flushed
                                        Not notifying mDNSResponderHelper that the DNS cache was flushed because it is not running
                                        End of output from client.down.tunnelblick.sh
                                        **********************************************
2019-02-08 10:23:02 SIGTERM[hard,] received, process exiting
2019-02-08 10:23:02 MANAGEMENT: >STATE:1549621382,EXITING,SIGTERM,,,,,
2019-02-08 10:23:02 *Tunnelblick: No 'post-disconnect.sh' script to execute
2019-02-08 10:23:02 *Tunnelblick: Expected disconnection occurred.

================================================================================

"Sanitized" full configuration file

client
dev tun
proto udp
remote-random-hostname
resolv-retry infinite
nobind
persist-key
persist-tun
cert mycert.crt
key mykey.key
remote-cert-tls server
cipher AES-256-GCM
verb 3
<ca>
 [Security-related line(s) omitted]
</ca>

reneg-sec 0

================================================================================

Network services:

An asterisk (*) denotes that a network service is disabled.
Dell USB3.0 Dock
Wi-Fi
Bluetooth PAN
London
Woking

Wi-Fi Power (en0): On

================================================================================

ifconfig output:

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
inet 127.0.0.1 netmask 0xff000000 
inet6 ::1 prefixlen 128 
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 
inet 127.94.0.1 netmask 0xff000000 
nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
XHC20: flags=0<> mtu 0
XHC0: flags=0<> mtu 0
VHC128: flags=0<> mtu 0
en3: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether ac:de:48:00:11:22 
inet6 fe80::aede:48ff:fe00:1122%en3 prefixlen 64 scopeid 0x7 
nd6 options=201<PERFORMNUD,DAD>
media: autoselect (100baseTX <full-duplex>)
status: active
ap1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
ether 3a:f9:d3:1c:98:9c 
media: autoselect
status: inactive
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 38:f9:d3:1c:98:9c 
inet6 fe80::8bb:a614:fe9c:4ecf%en0 prefixlen 64 secured scopeid 0x9 
inet 172.16.18.98 netmask 0xffff0000 broadcast 172.16.255.255
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether 0a:f9:d3:1c:98:9c 
media: autoselect
status: inactive
awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1484
ether 26:3d:fb:01:3f:c3 
inet6 fe80::243d:fbff:fe01:3fc3%awdl0 prefixlen 64 scopeid 0xb 
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
en1: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=60<TSO4,TSO6>
ether 8a:00:e9:08:46:01 
media: autoselect <full-duplex>
status: inactive
en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=60<TSO4,TSO6>
ether 8a:00:e9:08:46:00 
media: autoselect <full-duplex>
status: inactive
bridge0: flags=8822<BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500
options=63<RXCSUM,TXCSUM,TSO4,TSO6>
ether 8a:00:e9:08:46:01 
Configuration:
id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
ipfilter disabled flags 0x2
member: en1 flags=3<LEARNING,DISCOVER>
        ifmaxaddr 0 port 12 priority 0 path cost 0
member: en2 flags=3<LEARNING,DISCOVER>
        ifmaxaddr 0 port 13 priority 0 path cost 0
media: <unknown type>
status: inactive
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
inet6 fe80::dcb:80eb:6d5b:a12f%utun0 prefixlen 64 scopeid 0xf 
nd6 options=201<PERFORMNUD,DAD>

================================================================================

Console Log:

2019-02-08 08:01:34 Tunnelblick[383] Tunnelblick: macOS 10.14.2; Tunnelblick 3.7.9beta02 (build 5200)
2019-02-08 08:01:35 Tunnelblick[383] DEPRECATED USE in libdispatch client: dispatch source activated with no event handler set; set a breakpoint on _dispatch_bug_deprecated to debug
2019-02-08 08:01:36 Tunnelblick[383] Sparkle: ===== Tunnelblick =====
2019-02-08 08:01:36 Tunnelblick[383] Sparkle: Verified appcast signature
2019-02-08 08:03:21 ksinstall[527] 2019-02-08 08:03:21.411 ksinstall[527/0x108c4c5c0] [lvl=2] -[KeystoneInstallTool main] Google Software Update installer started.
2019-02-08 08:03:21 ksinstall[527] 2019-02-08 08:03:21.419 ksinstall[527/0x108c4c5c0] [lvl=2] -[KeystoneInstallTool main] Google Software Update installer starting Installation.
2019-02-08 08:03:21 ksinstall[527] 2019-02-08 08:03:21.973 ksinstall[527/0x108c4c5c0] [lvl=2] -[KeystoneInstallTool main] Google Software Update installer ran successfully.
2019-02-08 10:03:48 Tunnelblick[383] Set 'expect disconnect 1 -SLibrary-SApplication Support-STunnelblick-SUsers-Smatthewharris-Sdownloaded--client--config-Dtblk-SContents-SResources'
2019-02-08 10:03:49 tunnelblickd[967] Status = 248 from tunnelblick-helper command 'kill 974'
2019-02-08 10:03:49 Tunnelblick[383] tunnelblickd status from kill: 248
                                       tunnelblickd stderr:
                                       'killOneOpenvpn(974): Process does not exist
                                       '
2019-02-08 10:10:36 Tunnelblick[383] Error returned from setAttributes: {
                                           NSFilePosixPermissions = 488;
                                       } ofItemAtPath: /private/var/folders/gr/csbcnzj10db1jwk_j_pclts00000gn/T; Error was Error Domain=NSCocoaErrorDomain Code=513 "You don’t have permission to save the file “T” in the folder “csbcnzj10db1jwk_j_pclts00000gn”." UserInfo={NSFilePath=/private/var/folders/gr/csbcnzj10db1jwk_j_pclts00000gn/T, NSUnderlyingError=0x600003c954a0 {Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted"}}; stack trace: (
                                        0   Tunnelblick                         0x000000010cb7bbf6 -[NSFileManager(TB) tbChangeFileAttributes:atPath:] + 161
                                        1   Tunnelblick                         0x000000010cbbc30c createDir + 303
                                        2   Tunnelblick                         0x000000010cbbc368 createDir + 395
                                        3   Tunnelblick                         0x000000010cb873b5 -[ConfigurationManager installConfigurations:skipConfirmationMessage:skipResultMessage:notifyDelegate:disallowCommands:] + 1578
                                        4   Tunnelblick                         0x000000010cb879f7 -[ConfigurationManager installConfigurations:skipMessages:notifyDelegate:disallowCommands:] + 77
                                        5   Tunnelblick                         0x000000010cb8ceed +[ConfigurationManager installConfigurationsShowMessagesNotifyDelegateOperation:] + 93
                                        6   Foundation                          0x00007fff2d970104 __NSThread__start__ + 1218
                                        7   libsystem_pthread.dylib             0x00007fff58a45305 _pthread_body + 126
                                        8   libsystem_pthread.dylib             0x00007fff58a4826f _pthread_start + 70
                                        9   libsystem_pthread.dylib             0x00007fff58a44415 thread_start + 13
                                       )
2019-02-08 10:10:36 Tunnelblick[383] Warning: Unable to change permissions from 700 to 750 on /private/var/folders/gr/csbcnzj10db1jwk_j_pclts00000gn/T
2019-02-08 10:10:36 Tunnelblick[383] Converting/Installing /Users/matthewharris/Downloads/downloaded-client-config.ovpn at line 10: Copied client1.domain.tld.crt
2019-02-08 10:10:36 Tunnelblick[383] Changed permissions from 644 to 740 on /private/var/folders/gr/csbcnzj10db1jwk_j_pclts00000gn/T/Tunnelblick-Tza5Hm/downloaded-client-config.tblk/Contents/Resources/client1.domain.tld.crt
2019-02-08 10:10:36 Tunnelblick[383] Converting/Installing /Users/matthewharris/Downloads/downloaded-client-config.ovpn at line 11: Copied client1.domain.tld.key
2019-02-08 10:10:36 Tunnelblick[383] Changed permissions from 644 to 740 on /private/var/folders/gr/csbcnzj10db1jwk_j_pclts00000gn/T/Tunnelblick-Tza5Hm/downloaded-client-config.tblk/Contents/Resources/client1.domain.tld.key
2019-02-08 10:10:36 Tunnelblick[383] Converting/Installing /Users/matthewharris/Downloads/downloaded-client-config.ovpn: Converted OpenVPN configuration
2019-02-08 10:10:41 Tunnelblick[383] Tunnelblick needs to perform an action that requires a computer administrator's authorization.
2019-02-08 10:10:41 Tunnelblick[383] Beginning installation or repair
2019-02-08 10:10:41 Tunnelblick[383] Installation or repair succeeded; Log:
                                       Tunnelblick installer started 2019-02-08 10:10:41. 3 arguments: 0x0001
                                            /Users/matthewharris/Library/Application Support/Tunnelblick/Configurations/downloaded-client-config.tblk
                                            /private/var/folders/gr/csbcnzj10db1jwk_j_pclts00000gn/T/Tunnelblick-Tza5Hm/downloaded-client-config.tblk
                                       Copied /private/var/folders/gr/csbcnzj10db1jwk_j_pclts00000gn/T/Tunnelblick-Tza5Hm/downloaded-client-config.tblk
                                           to /Users/matthewharris/Library/Application Support/Tunnelblick/Configurations/downloaded-client-config.tblk.temp
                                       Renamed /Users/matthewharris/Library/Application Support/Tunnelblick/Configurations/downloaded-client-config.tblk.temp
                                            to /Users/matthewharris/Library/Application Support/Tunnelblick/Configurations/downloaded-client-config.tblk
                                       Changed ownership of /Users/matthewharris/Library/Application Support/Tunnelblick/Configurations/downloaded-client-config.tblk and its contents from 501:20 to 501:80
                                       Deleted /Library/Application Support/Tunnelblick/Users/matthewharris/downloaded-client-config.tblk
                                       Copied /Users/matthewharris/Library/Application Support/Tunnelblick/Configurations/downloaded-client-config.tblk
                                           to /Library/Application Support/Tunnelblick/Users/matthewharris/downloaded-client-config.tblk.temp
                                       Renamed /Library/Application Support/Tunnelblick/Users/matthewharris/downloaded-client-config.tblk.temp
                                            to /Library/Application Support/Tunnelblick/Users/matthewharris/downloaded-client-config.tblk
                                       Changed ownership of /Library/Application Support/Tunnelblick/Users/matthewharris/downloaded-client-config.tblk and its contents from 501:80 to 0:0
                                       Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/matthewharris/downloaded-client-config.tblk
                                       Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/matthewharris/downloaded-client-config.tblk/Contents
                                       Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/matthewharris/downloaded-client-config.tblk/Contents/Resources
                                       Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/matthewharris/downloaded-client-config.tblk/Contents/Resources/client1.domain.tld.crt
                                       Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/matthewharris/downloaded-client-config.tblk/Contents/Resources/client1.domain.tld.key
                                       Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/matthewharris/downloaded-client-config.tblk/Contents/Resources/config.ovpn
                                       Updated secure (shadow) copy of downloaded-client-config.tblk
                                       Tunnelblick installer finished without error
2019-02-08 10:17:08 Tunnelblick[383] Cleared 'expect disconnect 0 -SLibrary-SApplication Support-STunnelblick-SUsers-Smatthewharris-Sdownloaded--client--config-Dtblk-SContents-SResources'
2019-02-08 10:17:23 Tunnelblick[383] Set 'expect disconnect 1 -SLibrary-SApplication Support-STunnelblick-SUsers-Smatthewharris-Sdownloaded--client--config-Dtblk-SContents-SResources'
2019-02-08 10:17:24 tunnelblickd[1129] Status = 248 from tunnelblick-helper command 'kill 1137'
2019-02-08 10:17:24 Tunnelblick[383] tunnelblickd status from kill: 248
                                       tunnelblickd stderr:
                                       'killOneOpenvpn(1137): Process does not exist
                                       '
2019-02-08 10:19:04 Tunnelblick[383] Cleared 'expect disconnect 0 -SLibrary-SApplication Support-STunnelblick-SUsers-Smatthewharris-Sdownloaded--client--config-Dtblk-SContents-SResources'
2019-02-08 10:21:14 Tunnelblick[383] Set 'expect disconnect 1 -SLibrary-SApplication Support-STunnelblick-SUsers-Smatthewharris-Sdownloaded--client--config-Dtblk-SContents-SResources'
2019-02-08 10:21:22 Tunnelblick[383] Tunnelblick needs to perform an action that requires a computer administrator's authorization.
2019-02-08 10:21:22 Tunnelblick[383] Beginning installation or repair
2019-02-08 10:21:23 Tunnelblick[383] Installation or repair succeeded; Log:
                                       Tunnelblick installer started 2019-02-08 10:21:22. 2 arguments: 0x2001
                                            /Users/matthewharris/Library/Application Support/Tunnelblick/Configurations/downloaded-client-config.tblk
                                       removed /Users/matthewharris/Library/Application Support/Tunnelblick/Configurations/downloaded-client-config.tblk
                                       removed /Library/Application Support/Tunnelblick/Users/matthewharris/downloaded-client-config.tblk
                                       Tunnelblick installer finished without error
2019-02-08 10:21:23 Tunnelblick[383] Uninstalled configuration file /Users/matthewharris/Library/Application Support/Tunnelblick/Configurations/downloaded-client-config.tblk
2019-02-08 10:21:23 Tunnelblick[383] localizedNameForDisplayName: 'downloaded-client-config' is not a known displayName; stack trace: (
                                        0   Tunnelblick                         0x000000010cbbbf5e callStack + 56
                                        1   Tunnelblick                         0x000000010cb49df5 -[MenuController localizedNameForDisplayName:] + 73
                                        2   Tunnelblick                         0x000000010cbab462 -[SettingsSheetWindowController setupSettingsFromPreferences] + 370
                                        3   Tunnelblick                         0x000000010cb98716 -[MyPrefsWindowController setupLeftNavigationToDisplayName:] + 2004
                                        4   Tunnelblick                         0x000000010cb98778 -[MyPrefsWindowController update] + 38
                                        5   Foundation                          0x00007fff2da0fbab __NSThreadPerformPerform + 327
                                        6   CoreFoundation                      0x00007fff2b631475 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
                                        7   CoreFoundation                      0x00007fff2b63141b __CFRunLoopDoSource0 + 108
                                        8   CoreFoundation                      0x00007fff2b614eb5 __CFRunLoopDoSources0 + 195
                                        9   CoreFoundation                      0x00007fff2b61445e __CFRunLoopRun + 1219
                                        10  CoreFoundation                      0x00007fff2b613d48 CFRunLoopRunSpecific + 463
                                        11  HIToolbox                           0x00007fff2a8aaab5 RunCurrentEventLoopInMode + 293
                                        12  HIToolbox                           0x00007fff2a8aa7eb ReceiveNextEventCommon + 618
                                        13  HIToolbox                           0x00007fff2a8aa568 _BlockUntilNextEventMatchingListInModeWithFilter + 64
                                        14  AppKit                              0x00007fff28b65363 _DPSNextEvent + 997
                                        15  AppKit                              0x00007fff28b64102 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 1362
                                        16  AppKit                              0x00007fff28b5e165 -[NSApplication run] + 699
                                        17  AppKit                              0x00007fff28b4d8a3 NSApplicationMain + 780
                                        18  Tunnelblick                         0x000000010cb376e4 start + 52
                                       )
2019-02-08 10:21:23 Tunnelblick[383] localizedNameForDisplayName: 'downloaded-client-config' is not a known displayName; stack trace: (
                                        0   Tunnelblick                         0x000000010cbbbf5e callStack + 56
                                        1   Tunnelblick                         0x000000010cb49df5 -[MenuController localizedNameForDisplayName:] + 73
                                        2   Tunnelblick                         0x000000010cbab462 -[SettingsSheetWindowController setupSettingsFromPreferences] + 370
                                        3   Foundation                          0x00007fff2da0fbab __NSThreadPerformPerform + 327
                                        4   CoreFoundation                      0x00007fff2b631475 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
                                        5   CoreFoundation                      0x00007fff2b63141b __CFRunLoopDoSource0 + 108
                                        6   CoreFoundation                      0x00007fff2b614f0d __CFRunLoopDoSources0 + 283
                                        7   CoreFoundation                      0x00007fff2b61445e __CFRunLoopRun + 1219
                                        8   CoreFoundation                      0x00007fff2b613d48 CFRunLoopRunSpecific + 463
                                        9   UIFoundation                        0x00007fff53aa2bf1 -[NSHTMLReader _loadUsingWebKit] + 1916
                                        10  UIFoundation                        0x00007fff53aa5bf7 -[NSHTMLReader attributedString] + 22
                                        11  UIFoundation                        0x00007fff53a2aa28 _NSReadAttributedStringFromURLOrData + 12698
                                        12  UIFoundation                        0x00007fff53a277fa -[NSAttributedString(NSAttributedStringUIFoundationAdditions) initWithData:options:documentAttributes:error:] + 117
                                        13  Tunnelblick                         0x000000010cb6e564 attributedStringFromHTML + 160
                                        14  Tunnelblick                         0x000000010cbabecf -[SettingsSheetWindowController setupSettingsFromPreferences] + 3039
                                        15  Tunnelblick                         0x000000010cb98716 -[MyPrefsWindowController setupLeftNavigationToDisplayName:] + 2004
                                        16  Tunnelblick                         0x000000010cb98778 -[MyPrefsWindowController update] + 38
                                        17  Foundation                          0x00007fff2da0fbab __NSThreadPerformPerform + 327
                                        18  CoreFoundation                      0x00007fff2b631475 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
                                        19  CoreFoundation                      0x00007fff2b63141b __CFRunLoopDoSource0 + 108
                                        20  CoreFoundation                      0x00007fff2b614eb5 __CFRunLoopDoSources0 + 195
                                        21  CoreFoundation                      0x00007fff2b61445e __CFRunLoopRun + 1219
                                        22  CoreFoundation                      0x00007fff2b613d48 CFRunLoopRunSpecific + 463
                                        23  HIToolbox                           0x00007fff2a8aaab5 RunCurrentEventLoopInMode + 293
                                        24  HIToolbox                           0x00007fff2a8aa7eb ReceiveNextEventCommon + 618
                                        25  HIToolbox                           0x00007fff2a8aa568 _BlockUntilNextEventMatchingListInModeWithFilter + 64
                                        26  AppKit                              0x00007fff28b65363 _DPSNextEvent + 997
                                        27  AppKit                              0x00007fff28b64102 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 1362
                                        28  AppKit                              0x00007fff28b5e165 -[NSApplication run] + 699
                                        29  AppKit                              0x00007fff28b4d8a3 NSApplicationMain + 780
                                        30  Tunnelblick                         0x000000010cb376e4 start + 52
                                       )
2019-02-08 10:21:35 Tunnelblick[383] Error returned from setAttributes: {
                                           NSFilePosixPermissions = 488;
                                       } ofItemAtPath: /private/var/folders/gr/csbcnzj10db1jwk_j_pclts00000gn/T; Error was Error Domain=NSCocoaErrorDomain Code=513 "You don’t have permission to save the file “T” in the folder “csbcnzj10db1jwk_j_pclts00000gn”." UserInfo={NSFilePath=/private/var/folders/gr/csbcnzj10db1jwk_j_pclts00000gn/T, NSUnderlyingError=0x600003de4a80 {Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted"}}; stack trace: (
                                        0   Tunnelblick                         0x000000010cb7bbf6 -[NSFileManager(TB) tbChangeFileAttributes:atPath:] + 161
                                        1   Tunnelblick                         0x000000010cbbc30c createDir + 303
                                        2   Tunnelblick                         0x000000010cbbc368 createDir + 395
                                        3   Tunnelblick                         0x000000010cb873b5 -[ConfigurationManager installConfigurations:skipConfirmationMessage:skipResultMessage:notifyDelegate:disallowCommands:] + 1578
                                        4   Tunnelblick                         0x000000010cb879f7 -[ConfigurationManager installConfigurations:skipMessages:notifyDelegate:disallowCommands:] + 77
                                        5   Tunnelblick                         0x000000010cb8ceed +[ConfigurationManager installConfigurationsShowMessagesNotifyDelegateOperation:] + 93
                                        6   Foundation                          0x00007fff2d970104 __NSThread__start__ + 1218
                                        7   libsystem_pthread.dylib             0x00007fff58a45305 _pthread_body + 126
                                        8   libsystem_pthread.dylib             0x00007fff58a4826f _pthread_start + 70
                                        9   libsystem_pthread.dylib             0x00007fff58a44415 thread_start + 13
                                       )
2019-02-08 10:21:35 Tunnelblick[383] Warning: Unable to change permissions from 700 to 750 on /private/var/folders/gr/csbcnzj10db1jwk_j_pclts00000gn/T
2019-02-08 10:21:35 Tunnelblick[383] Converting/Installing /Users/matthewharris/Downloads/downloaded-client-config.ovpn at line 10: Copied client1.domain.tld.crt
2019-02-08 10:21:35 Tunnelblick[383] Changed permissions from 644 to 740 on /private/var/folders/gr/csbcnzj10db1jwk_j_pclts00000gn/T/Tunnelblick-ftPbvJ/downloaded-client-config.tblk/Contents/Resources/client1.domain.tld.crt
2019-02-08 10:21:35 Tunnelblick[383] Converting/Installing /Users/matthewharris/Downloads/downloaded-client-config.ovpn at line 11: Copied client1.domain.tld.key
2019-02-08 10:21:35 Tunnelblick[383] Changed permissions from 644 to 740 on /private/var/folders/gr/csbcnzj10db1jwk_j_pclts00000gn/T/Tunnelblick-ftPbvJ/downloaded-client-config.tblk/Contents/Resources/client1.domain.tld.key
2019-02-08 10:21:35 Tunnelblick[383] Converting/Installing /Users/matthewharris/Downloads/downloaded-client-config.ovpn: Converted OpenVPN configuration
2019-02-08 10:21:40 Tunnelblick[383] Tunnelblick needs to perform an action that requires a computer administrator's authorization.
2019-02-08 10:21:40 Tunnelblick[383] Beginning installation or repair
2019-02-08 10:21:40 Tunnelblick[383] Installation or repair succeeded; Log:
                                       Tunnelblick installer started 2019-02-08 10:21:40. 3 arguments: 0x0001
                                            /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk
                                            /private/var/folders/gr/csbcnzj10db1jwk_j_pclts00000gn/T/Tunnelblick-ftPbvJ/downloaded-client-config.tblk
                                       Copied /private/var/folders/gr/csbcnzj10db1jwk_j_pclts00000gn/T/Tunnelblick-ftPbvJ/downloaded-client-config.tblk
                                           to /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk.temp
                                       Renamed /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk.temp
                                            to /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk
                                       Changed ownership of /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk and its contents from 501:20 to 0:0
                                       Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk
                                       Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk/Contents
                                       Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk/Contents/Resources
                                       Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk/Contents/Resources/client1.domain.tld.crt
                                       Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk/Contents/Resources/client1.domain.tld.key
                                       Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk/Contents/Resources/config.ovpn
                                       Tunnelblick installer finished without error
2019-02-08 10:22:27 Tunnelblick[383] currentIPInfo(Name): IP address info could not be fetched within 34.6 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={NSUnderlyingError=0x600003d1e790 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "The request timed out." UserInfo={NSErrorFailingURLStringKey=https://tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://tunnelblick.net/ipinfo, _kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4, NSLocalizedDescription=The request timed out.}}, NSErrorFailingURLStringKey=https://tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://tunnelblick.net/ipinfo, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-2102, NSLocalizedDescription=The request timed out.}'; the response was '(null)'
2019-02-08 10:23:01 Tunnelblick[383] Set 'expect disconnect 1 -SLibrary-SApplication Support-STunnelblick-SShared-Sdownloaded--client--config-Dtblk-SContents-SResources'
2019-02-08 10:23:02 Tunnelblick[383] currentIPInfo(Address): IP address info could not be fetched within 34.5 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={NSUnderlyingError=0x600003d314d0 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "The request timed out." UserInfo={NSErrorFailingURLStringKey=https://205.233.73.116/ipinfo, NSErrorFailingURLKey=https://205.233.73.116/ipinfo, _kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4, NSLocalizedDescription=The request timed out.}}, NSErrorFailingURLStringKey=https://205.233.73.116/ipinfo, NSErrorFailingURLKey=https://205.233.73.116/ipinfo, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-2102, NSLocalizedDescription=The request timed out.}'; the response was '(null)'
2019-02-08 10:23:02 tunnelblickd[1461] Status = 248 from tunnelblick-helper command 'kill 1395'
2019-02-08 10:23:02 Tunnelblick[383] tunnelblickd status from kill: 248
                                       tunnelblickd stderr:
                                       'killOneOpenvpn(1395): Process does not exist
                                       '


Route Tables

Before to connection

Internet:

Destination        Gateway            Flags        Refs      Use   Netif Expire

default            172.16.1.1         UGSc           95        0     en0       

127                127.0.0.1          UCS             0        0     lo0       

127.0.0.1          127.0.0.1          UH              1      444     lo0       

127.94.0.1         127.94.0.1         UH              0      130     lo0       

169.254            link#9             UCS             0        0     en0      !

172.16             link#9             UCS            26        0     en0      !

172.16.1.1/32      link#9             UCS             1        0     en0      !

172.16.1.1         0:18:a:11:53:d4    UHLWIir        38      321     en0   1191

172.16.2.1         54:60:9:fc:f5:94   UHLWI           0      210     en0    738

172.16.2.14        54:60:9:fc:f7:ae   UHLWI           0      113     en0   1166

172.16.2.15        54:60:9:fc:ff:30   UHLWI           0      102     en0   1166

172.16.2.63        ac:bc:32:cf:ea:b9  UHLWI           0        0     en0    760

172.16.2.64        3c:7:54:66:12:41   UHLWI           0        0     en0   1127

172.16.2.77        b4:9c:df:34:e4:37  UHLWIi          1        7     en0   1155

172.16.3.0         f4:5c:89:c6:ec:fd  UHLWI           0        0     en0    986

172.16.3.38        7c:fa:df:49:83:d0  UHLWI           0        0     en0    638

172.16.3.47        e0:c7:67:10:44:fe  UHLWI           0        0     en0    803

172.16.4.2         dc:a9:4:82:c2:a3   UHLWI           0        1     en0   1182

172.16.5.65        d0:2b:20:58:d4:c7  UHLWI           0       23     en0   1183

172.16.5.143       e4:f0:42:81:4d:8e  UHLWI           0       96     en0   1183

172.16.8.30        64:70:33:d4:91:4d  UHLWI           0       19     en0   1030

172.16.10.141      d8:31:34:b:ed:51   UHLWI           0        0     en0   1183

172.16.10.224      1c:5a:3e:ef:df:af  UHLWI           0        0     en0   1183

172.16.10.225      1c:5a:3e:f6:57:f5  UHLWI           0        0     en0   1183

172.16.12.67       c8:69:cd:ad:be:2   UHLWI           0        1     en0    972

172.16.13.136      b8:53:ac:a7:61:29  UHLWI           0        7     en0    289

172.16.17.174      58:e2:8f:64:4f:b0  UHLWI           0        3     en0    659

172.16.18.98/32    link#9             UCS             1        0     en0      !

172.16.18.98       38:f9:d3:1c:98:9c  UHLWI           0        8     lo0       

172.16.22.45       ac:92:32:5f:8f:4e  UHLWI           0        0     en0    685

172.16.22.90       6c:e8:5c:c9:b:71   UHLWI           0        4     en0    410

172.16.23.37       f8:2d:7c:de:6a:6b  UHLWI           0        3     en0    863

172.16.23.160      f4:5c:89:db:fb:ed  UHLWI           0        2     en0    811

172.16.24.24       14:10:9f:d0:fa:c7  UHLWI           0        2     en0    609

172.16.27.226      e4:2b:34:19:94:d4  UHLWI           0        4     en0    250

172.16.255.255     ff:ff:ff:ff:ff:ff  UHLWbI          0        3     en0      !

224.0.0/4          link#9             UmCS            2        0     en0      !

224.0.0.251        1:0:5e:0:0:fb      UHmLWI          0        0     en0       

239.255.255.250    1:0:5e:7f:ff:fa    UHmLWI          0       36     en0       

255.255.255.255/32 link#9             UCS             0        0     en0      !


After connection
Internet:

Destination        Gateway            Flags        Refs      Use   Netif Expire

0/1                173.19.6.193       UGSc           80        0   utun1       

default            172.16.1.1         UGSc           19        0     en0       

63.35.10.40/32     172.16.1.1         UGSc            1        0     en0       

127                127.0.0.1          UCS             0        0     lo0       

127.0.0.1          127.0.0.1          UH              3      492     lo0       

127.94.0.1         127.94.0.1         UH              0      130     lo0       

128.0/1            173.19.6.193       UGSc            0        0   utun1       

169.254            link#9             UCS             0        0     en0      !

172.16             link#9             UCS            27        0     en0      !

172.16.1.1/32      link#9             UCS             1        0     en0      !

172.16.1.1         0:18:a:11:53:d4    UHLWIir        10      358     en0   1195

172.16.2.1         54:60:9:fc:f5:94   UHLWI           0      222     en0    695

172.16.2.14        54:60:9:fc:f7:ae   UHLWI           0      115     en0   1123

172.16.2.15        54:60:9:fc:ff:30   UHLWI           0      104     en0   1123

172.16.2.63        ac:bc:32:cf:ea:b9  UHLWI           0        0     en0    717

172.16.2.64        3c:7:54:66:12:41   UHLWI           0        0     en0   1199

172.16.2.77        b4:9c:df:34:e4:37  UHLWI           0        8     en0   1172

172.16.3.0         f4:5c:89:c6:ec:fd  UHLWI           0        0     en0    943

172.16.3.38        7c:fa:df:49:83:d0  UHLWI           0        0     en0    595

172.16.3.47        e0:c7:67:10:44:fe  UHLWI           0        0     en0    760

172.16.4.2         dc:a9:4:82:c2:a3   UHLWI           0        1     en0   1174

172.16.5.65        d0:2b:20:58:d4:c7  UHLWI           0       26     en0   1184

172.16.5.143       e4:f0:42:81:4d:8e  UHLWI           0      104     en0   1180

172.16.8.30        64:70:33:d4:91:4d  UHLWI           0       20     en0    987

172.16.10.141      d8:31:34:b:ed:51   UHLWI           0        0     en0   1140

172.16.10.224      1c:5a:3e:ef:df:af  UHLWI           0        0     en0   1172

172.16.10.225      1c:5a:3e:f6:57:f5  UHLWI           0        0     en0   1140

172.16.12.67       c8:69:cd:ad:be:2   UHLWI           0        1     en0    929

172.16.13.136      b8:53:ac:a7:61:29  UHLWI           0        7     en0    246

172.16.17.174      58:e2:8f:64:4f:b0  UHLWI           0        3     en0    616

172.16.18.98/32    link#9             UCS             1        0     en0      !

172.16.18.98       38:f9:d3:1c:98:9c  UHLWI           0        9     lo0       

172.16.22.45       ac:92:32:5f:8f:4e  UHLWI           0        0     en0    642

172.16.22.90       6c:e8:5c:c9:b:71   UHLWI           0        4     en0    367

172.16.23.37       f8:2d:7c:de:6a:6b  UHLWI           0        3     en0    820

172.16.23.160      f4:5c:89:db:fb:ed  UHLWI           0        2     en0    768

172.16.24.24       14:10:9f:d0:fa:c7  UHLWI           0        2     en0    566

172.16.27.226      e4:2b:34:19:94:d4  UHLWI           0        4     en0    207

172.16.255.255     ff:ff:ff:ff:ff:ff  UHLWbI          0        3     en0      !

173.19.6.192/27    173.19.6.194       UGSc           12        0   utun1       

173.19.6.194       173.19.6.194       UH              1        0   utun1       

224.0.0/4          link#9             UmCS            2        0     en0      !

224.0.0.251        1:0:5e:0:0:fb      UHmLWI          0        0     en0       

239.255.255.250    1:0:5e:7f:ff:fa    UHmLWI          0       36     en0       

255.255.255.255/32 link#9             UCS             0        0     en0      !


The only thing I can think that's causing the internet to stop working is the addition of the 0/1 gateway at the top of the route table.


Would greatly appreciate any help you can offer.


Matt


Matt Harris

unread,
Feb 8, 2019, 6:33:48 AM2/8/19
to tunnelbli...@googlegroups.com
Since posting this, I have found that this could be a limitation of how AWS push the settings back to Tunnelblick.

Does AWS Client VPN support split tunnel?

A: No. All the VPN sessions are full-tunnel VPN. Once the VPN session is created, all the traffic from the device will traverse through the VPN session


Does anyone know of a way around this?


Matt

Tunnelblick developer

unread,
Feb 8, 2019, 12:09:53 PM2/8/19
to tunnelblick-discuss
The highlighted entry:

2019-02-08 10:21:45 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,route-gateway 173.19.5.1,topology subnet,ping 1,ping-restart 20,auth-token,ifconfig 173.19.5.2 255.255.255.224,peer-id 0,cipher AES-256-GCM'

means that the VPN Server is telling the client OpenVPN to route everything through the VPN, so even "local" IP addresses are sent to the VPN server, which means they will be ignored.

To get around that you may be able to have the client OpenVPN restrict which options it accepts when pushed by the server using OpenVPN's "pull-filter" option. (You'd put that option in the OpenVPN configuration file.) Consult sources of OpenVPN info:
However, Tunnelblick/OpenVPN does not do split tunnels "built-in", so you'd have to set up your own routing. By default, without "redirect-gateway def1 bypass-dhcp", only traffic destined for the VPN will go through the tunnel. I assume you want all traffic except "local" traffic to go through the tunnel, so you'd have to set up routing to do that. You could do that in scripts which you then set up to have Tunnelblick invoke at specific points in the connection process. See Using Scripts for details.
Message has been deleted

Matt Harris

unread,
Feb 12, 2019, 10:00:25 AM2/12/19
to tunnelblick-discuss
Thanks for getting back to me. I will take a look into scripts. It was confusing me for a while as Tunnelblick has the checkbox to select whether all traffic is routed via the VPN in my case to AWS or only traffic destined for AWS (essentially a split tunnel) but I guess the server side config is overriding this setting when connecting.

ony...@gmail.com

unread,
Feb 21, 2020, 7:40:04 AM2/21/20
to tunnelblick-discuss
Hi

How were you able to connect to you AWS resources? My VPN/Tunnel Brick is up and running and I followed these steps: https://medium.com/@Ahmed_Ansar/how-to-setup-aws-vpn-endpoint-8b15e78fd8b0 but I can't SSH or access port 80 on my instances. Can you please help?

Thank you.
...
Reply all
Reply to author
Forward
0 new messages