Re: tunnelblick appears to connect but doesn't change my IP address using BTguard

[Jonathan K. Bullard]

Thanks for your very complete description of the problem, and for including the log and configuration file.

Three comments:

(1) The BTGuard server is "pushing" an invalid option: "redirect-gateway". That option must be followed by a flag or flags (usually the "def1" flag) and at one point OpenVPN on OS X did not behave correctly unless there was a flag value.

(2) The log shows the following errors, which sound like major problems to me:

2012-06-19 01:15:20 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
2012-06-19 01:15:20 OpenVPN ROUTE: failed to parse/resolve route for host/network: 10.10.0.1

-- It may be the second message is caused by the first; I don't know.

It would be interesting to know if the log on one of your computers that does work properly has the same error.

(3) Is it possible that BTGuard is limiting you to using a single instance of a VPN connection at a time? In other words, if you have three computers at home, and you connect computer A to the VPN, then B and C won't connect properly to the VPN until you disconnect A from the VPN? Or that, when it connects B (with A already connected) it somehow thinks that it is computer A reconnecting, and does something different? You can experiment, and/or ask BTGuard.

On Mon, Jun 18, 2012 at 8:49 PM, blue <rikkiin...@googlemail.com> wrote:

a bit of a novice here, using mac computers, and just signed up to btguard.
i have two desktops and a laptop in the house.
one of the desktops and the laptop are both working fine to anonymise using tunnelblick and my new btguard account.
but my main laptop isn't. i DID cock-up the installation the first time, and then tried trashing files and re-installing. for a while it wouldn't start up cos of a problem with the configuration, but then i found an 'openvpn' alias in application support and when i'd trashed that i could get the new install to launch ok again.
however, despite appearing to authorise and connect according to the tunnelblick info pane, my browser still keeps showing my IP un-anonymised.

i also use an app called little snitch to monitor and block certain connections. but i have this running on all three computers so i don't think that's the problem. when openvpn asks to connect i allow it "any connection" and this works fine on the other desktop and my laptop. they're now anonymised ok through the same router etc

so, i suspect there's still something i didn't clean out properly after screwing up the first installation - that's all i can think of.
anyway, below are the logs for you clever folk - i'm afraid i really don't understand most of what they describe. maybe there's something there that makes it clear to you what the problem might be and you can steer me to it in something resembling english.

2012-06-19 01:15:04 *Tunnelblick: OS X 10.6.8; Tunnelblick 3.2.6 (build 2891.3007)
2012-06-19 01:15:04 *Tunnelblick: Attempting connection with btguard; Set nameserver = 1; monitoring connection
2012-06-19 01:15:04 *Tunnelblick: /Applications/Tunnelblick.app/Contents/Resources/openvpnstart start btguard.conf 1338 1 0 0 0 49 -atDASNGWrdasngw
2012-06-19 01:15:04 *Tunnelblick: openvpnstart message: Loading tun.kext
2012-06-19 01:15:04 *Tunnelblick: Established communication with OpenVPN
2012-06-19 01:15:04 OpenVPN 2.2.1 i386-apple-darwin10.7.1 [SSL] [LZO2] [PKCS11] [eurephia] built on May  2 2012
2012-06-19 01:15:04 MANAGEMENT: TCP Socket listening on xxxxxxxxx:1338
2012-06-19 01:15:04 Need hold release from management interface, waiting...
2012-06-19 01:15:04 MANAGEMENT: Client connected from xxxxxxxx:1338
2012-06-19 01:15:04 MANAGEMENT: CMD 'pid'
2012-06-19 01:15:04 MANAGEMENT: CMD 'state on'
2012-06-19 01:15:04 MANAGEMENT: CMD 'state'
2012-06-19 01:15:04 NOTE: --mute triggered...
2012-06-19 01:15:04 *Tunnelblick: openvpnstart: /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.2.1/openvpn --cd /Users/xxxx/Library/Application Support/Tunnelblick/Configurations --daemon --management 127.0.0.1 1338 --config /Usersxxxx/Library/Application Support/Tunnelblick/Configurations/btguard.conf --log /Library/Application Support/Tunnelblick/Logs/-SUsers-Sxxxx-SLibrary-SApplication Support-STunnelblick-SConfigurations-Sbtguard.conf.1_0_0_0_49.1338.openvpn.log --management-query-passwords --management-hold --script-security 2 --up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -atDASNGWrdasngw --down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -atDASNGWrdasngw --up-restart
2012-06-19 01:15:13 3 variation(s) on previous 3 message(s) suppressed by --mute
2012-06-19 01:15:13 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2012-06-19 01:15:13 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2012-06-19 01:15:13 Control Channel MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:0 ]
2012-06-19 01:15:13 Socket Buffers: R=[262140->65536] S=[131070->65536]
2012-06-19 01:15:13 MANAGEMENT: >STATE:1340064913,RESOLVE,,,
2012-06-19 01:15:13 RESOLVE: NOTE: vpn.btguard.com resolves to 4 addresses
2012-06-19 01:15:13 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ]
2012-06-19 01:15:13 Local Options hash (VER=V4): 'db02a8f8'
2012-06-19 01:15:13 Expected Remote Options hash (VER=V4): '7e068940'
2012-06-19 01:15:13 Attempting to establish TCP connection with xxxxxxxxxxx:1194 [nonblock]
2012-06-19 01:15:13 MANAGEMENT: >STATE:1340064913,TCP_CONNECT,,,
2012-06-19 01:15:17 TCP connection established with xxxxxxxxxxx:1194
2012-06-19 01:15:17 TCPv4_CLIENT link local: [undef]
2012-06-19 01:15:17 TCPv4_CLIENT link remote: xxxxxxxxxxxxxx:1194
2012-06-19 01:15:17 MANAGEMENT: >STATE:1340064917,WAIT,,,
2012-06-19 01:15:17 MANAGEMENT: >STATE:1340064917,AUTH,,,
2012-06-19 01:15:17 TLS: Initial packet from xxxxxxxxxxx:1194, sid=106c7635 2b4a6e1e
2012-06-19 01:15:17 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2012-06-19 01:15:17 VERIFY OK: depth=1, /C=DE/ST=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
2012-06-19 01:15:17 VERIFY OK: depth=0, /C=DE/ST=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
2012-06-19 01:15:18 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
2012-06-19 01:15:18 NOTE: --mute triggered...
2012-06-19 01:15:18 4 variation(s) on previous 3 message(s) suppressed by --mute
2012-06-19 01:15:18 [server] Peer Connection Initiated with xxxxxxxxxxxxx:1194
2012-06-19 01:15:19 MANAGEMENT: >STATE:1340064919,GET_CONFIG,,,
2012-06-19 01:15:20 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2012-06-19 01:15:20 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 8.8.8.8,redirect-gateway,route 10.10.0.1,topology net30,ping 20,ping-restart 240'
2012-06-19 01:15:20 OPTIONS IMPORT: timers and/or timeouts modified
2012-06-19 01:15:20 NOTE: --mute triggered...
2012-06-19 01:15:20 3 variation(s) on previous 3 message(s) suppressed by --mute
2012-06-19 01:15:20 ROUTE default_gateway=xxxxxxxxxxxxxx
2012-06-19 01:15:20 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
2012-06-19 01:15:20 OpenVPN ROUTE: failed to parse/resolve route for host/network: 10.10.0.1
2012-06-19 01:15:20 TUN/TAP device /dev/tun0 opened
2012-06-19 01:15:20 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -atDASNGWrdasngw tun0 1500 1543   init
                                          No such key
2012-06-19 01:15:22 *Tunnelblick: Flushed the DNS cache
2012-06-19 01:15:22 NOTE: unable to redirect default gateway -- VPN gateway parameter (--route-gateway or --ifconfig) is missing
2012-06-19 01:15:22 Initialization Sequence Completed
2012-06-19 01:15:22 MANAGEMENT: >STATE:1340064922,CONNECTED,SUCCESS,,xxxxxxxxxxxxxxx
2012-06-19 01:15:22 *Tunnelblick client.up.tunnelblick.sh: Retrieved name server(s) [ 8.8.8.8 ] and WINS server(s) [ ] and using default domain name [ openvpn ]
2012-06-19 01:15:22 *Tunnelblick client.up.tunnelblick.sh: Up to two 'No such key' warnings are normal and may be ignored
2012-06-19 01:15:22 *Tunnelblick client.up.tunnelblick.sh: Saved the DNS and WINS configurations for later use
2012-06-19 01:15:22 *Tunnelblick client.up.tunnelblick.sh: Set up to monitor system configuration with process-network-changes
2012-06-19 01:15:27 *Tunnelblick process-network-changes: A system configuration change was ignored because it was not relevant


----------------

btguard.conf

client
dev tun
proto tcp
remote vpn.btguard.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca btguard.ca.crt
;comp-lzo
verb 3
mute 3
auth-user-pass
mute-replay-warnings
float
reneg-sec 0

-------------------------

thanks in advance for any help you can give. what's different with this desktop to the other and the laptop? my iphone works ok with PPTP too!

--
You received this message because you are subscribed to the Google Groups "tunnelblick-discuss" group.
To view this discussion on the web visit https://groups.google.com/d/msg/tunnelblick-discuss/-/QrAH4TrYcxMJ.
To post to this group, send email to tunnelbli...@googlegroups.com.
To unsubscribe from this group, send email to tunnelblick-dis...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/tunnelblick-discuss?hl=en.