Re: Unable to start OpenVPN

[jkbull...gmail.com]

Thanks for providing your config file and log.

I suggest that you try connecting with Tunnelblick 3.3beta20, which provides better logging information.

If you don't want to do that, you will need to look at The Console Log for anything relevant. Easiest way is to start Tunnelblick (but not try to connect), open the Console application, clear the Console's log, then try to connect with Tunnelblick. That way you won't (usually) see much other than the Tunnelblick entries. You can post them here if you don't understand them.

Post the output from the 3.3beta20 log (or the Console log) if it isn't clear what the problem is.

Two other things (they aren't causing this problem, though):

(1) The two lines:

remote 192.168.1.2
remote 10.0.0.155

are not correct. I assume you modified them to hide the real IP addresses of the VPN servers, which is fine. But if not -- if the IT people gave you a configuration file that has those numbers -- it will not work. Those are "non-routable" IP addresses. What you need on those lines are the public IP addresses of your company's VPN server.

(2) I recommend that you use a "Tunnelblick VPN Configuration", instead of just putting files in the Configurations folder. See Creating and Installing a Tunnelblick VPN Configuration for instructions; it is pretty easy.

On Thursday, August 23, 2012 12:56:20 PM UTC-4, GardenK wrote:

Hi guys,

I'm trying to set up a VPN connection to my work server using Tunnelblick as I work remotely. The IT department sent me the configuration instructions and details, but they all work on PCs and use CyberRoam - the IT guy said he doesn't know much about Macs, so I'm not sure if the configurations are correct. I run OSX 10.6 on a MacBook Pro.

I downloaded and installed Tunnelblick, and tried to adapt the configurations they had sent me using the Tunnelblick sample configuration file, but when I try to connect I get the message that Tunnelblick was unable to start OpenVPN.

Here are my configurations and log file:

client

dev tun

proto tcp-client

remote 192.168.1.2

remote 10.0.0.155

resolv-retry infinite

nobind

persist-key

persist-tun

mute-replay-warnings

ca RootCertificate.pem

cert UserCertificate.pem

key UserPrivateKey.key

auth-user-pass

comp-lzo

verb 3

mute 20

2012-08-23 10:54:14 *Tunnelblick: OS X 10.6.8; Tunnelblick 3.2.8 (build 2891.3099)

2012-08-23 10:54:14 *Tunnelblick: Attempting connection with TTA; Set nameserver = 1; monitoring connection

2012-08-23 10:54:14 *Tunnelblick: /Applications/Tunnelblick.app/Contents/Resources/openvpnstart start TTA.tblk 1337 1 0 0 0 49 -atDASNGWrdasngw 

2012-08-23 10:54:15 *Tunnelblick: openvpnstart status #242: Error: OpenVPN returned with status 1. Possible error in configuration file. See "All Messages" in Console for details

Any suggestions would be greatly appreciated - note I'm pretty ignorant about all this stuff so please be patient :)

Thank you in advance.

[GardenK]

Hello,

Thank you for your very quick reply and for your suggestions!

In response to your two comments:

1) These were the actual IP addresses provided by the IT people - they were in the .crssl configuration file. Forgive my ignorance but what should a roaming IP address look like (so I can look for it in the other documentation!)

2) I did try following those instructions, but the problem is that the configuration package the IT department provided is for CyberRoam, and so it contains the following files:

RootCertificate.pem

UserCertificate.pem

UserPrivateKey.key

client.crssl

So it doesn't contain a .conf or .ovpn file. This is why I used the sample file created by Tunnelblick and just altered the info in it through textedit. Not sure if this might be part of the problem....! Though if I can get the correct server info that would certainly help....

Finally, I updated to 3.3beta20 as you suggested and here is the log information:

2012-08-23 11:18:25 *Tunnelblick: OS X 10.6.8; Tunnelblick 3.3beta20 (build 3105)

2012-08-23 11:18:25 *Tunnelblick: Attempting connection with TTA; Set nameserver = 1; monitoring connection

2012-08-23 11:18:25 *Tunnelblick: /Applications/Tunnelblick.app/Contents/Resources/openvpnstart start TTA.tblk 1337 1 0 0 0 49 -atADGNWradsgnw 

2012-08-23 11:18:25 *Tunnelblick:

Could not start OpenVPN (openvpnstart returned with status #242)

Contents of the openvpnstart log:

     OpenVPN returned with status 1, errno = 2:

          No such file or directory

     

     Command used to start OpenVPN (one argument per displayed line):

     

          /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3-alpha1/openvpn

          --cd

          /Users/KittyGarden/Library/Application Support/Tunnelblick/Configurations/TTA.tblk/Contents/Resources

          --daemon

          --management

          127.0.0.1

          1337

          --config

          /Users/KittyGarden/Library/Application Support/Tunnelblick/Configurations/TTA.tblk/Contents/Resources/config.ovpn

          --log

          /Library/Application Support/Tunnelblick/Logs/-SUsers-SKittyGarden-SLibrary-SApplication Support-STunnelblick-SConfigurations-STTA.tblk-SContents-SResources-Sconfig.ovpn.1_0_0_0_49.1337.openvpn.log

          --management-query-passwords

          --management-hold

          --script-security

          2

          --up

          /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -atADGNWradsgnw

          --down

          /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -atADGNWradsgnw

          --up-restart

          --route-pre-down

          /Applications/Tunnelblick.app/Contents/Resources/client.route-pre-down.tunnelblick.sh -m -w -d -atADGNWradsgnw

     

     Contents of the OpenVPN log:

     

          Options error: No client-side authentication method is specified.  You must use either --cert/--key, --pkcs12, or --auth-user-pass

          Use --help for more information.

          

     More details may be in the Console Log's "All Messages"

It's strange that it says no authenitication method is specified, as I included auth-user-pass in the configuration file. However Tunnelblick doesn't ask me for my username or password when I try to connect.

Thanks once again for your help, I'll be looking for the correct server IP address but if you have any other suggestions in the meantime.....

[GardenK]

Oh, and one more thing that may or may not be relevant.... I also use Cisco VPN Client to (successfully!) connect to my University VPN. I read something somewhere about Cisco interfering with Tunnelblick, so just thought I'd mention it in case it makes a difference :)

On Thursday, August 23, 2012 11:11:17 AM UTC-6, jkbull...gmail.com wrote:

[jkbull...gmail.com]

Ah. I hadn't focused on your mention of Cyberoam.

I don't think Cyberoam is compatible with OpenVPN, in which case it is not compatible with Tunnelblick.

Cyberoam sees to have their own client software. Looking at http://docs.cyberoam.com/default.asp?id=229&Lang=1&SID=, it appears that only the "Corporate Client" is available for a Mac. (They show their ignorance of Macs when they call them MACs, by the way! A "MAC" is something different.)

It looks like that client is available from http://www.cyberoam.com/cyberoamclients.html.

And yes, the Cisco VPN could interfere with Tunnelblick, but it all depends on the way your particular situation is set up. But I think that's moot, since I don't think you can use Tunnelblick/OpenVPN at all.

[GardenK]

Ah, ok, that'll be it then! I'll go back to the IT people and see if they can get me access to the cyberoam corporate client... it always amazes me how PC IT people are often completely stumped when it comes to Macs!

Thanks very much for all your help and keep up the great work!