Tunnelbrick works for hotspot but not for home wifi
William Shi
2024-04-29 18:51:47.996347 *Tunnelblick: macOS 14.4.1 (23E224); Tunnelblick 4.0.1 (build 5971); prior version 3.8.8g (build 5779.3)
2024-04-29 18:51:48.305045 *Tunnelblick: Attempting connection with current-openvpn-config; Set nameserver = 0x00000301; monitoring connection
2024-04-29 18:51:48.306697 *Tunnelblick: openvpnstart start current-openvpn-config.tblk 54658 0x00000301 0 3 0 0x0211c330 -ptADGNWradsgnw 2.6.9-openssl-3.0.13 <password>
2024-04-29 18:51:48.327791 *Tunnelblick: openvpnstart starting OpenVPN
2024-04-29 18:51:48.712892 OpenVPN 2.6.9 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD]
2024-04-29 18:51:48.713014 library versions: OpenSSL 3.0.13 30 Jan 2024, LZO 2.10
2024-04-29 18:51:48.714752 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:54658
2024-04-29 18:51:48.714795 Need hold release from management interface, waiting...
2024-04-29 18:51:48.932693 *Tunnelblick: openvpnstart log:
OpenVPN started successfully.
Command used to start OpenVPN (one argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.6.9-openssl-3.0.13/openvpn
--daemon
--log-append /Library/Application Support/Tunnelblick/Logs/-SLibrary-SApplication Support-STunnelblick-SShared-Scurrent--openvpn--config.tblk-SContents-SResources-Sconfig.ovpn.769_0_3_0_34718512.54658.openvpn.log
--cd /Library/Application Support/Tunnelblick/Shared/current-openvpn-config.tblk/Contents/Resources
--machine-readable-output
--setenv IV_GUI_VER "net.tunnelblick.tunnelblick 5971 4.0.1 (build 5971)"
--verb 3
--config /Library/Application Support/Tunnelblick/Shared/current-openvpn-config.tblk/Contents/Resources/config.ovpn
--setenv TUNNELBLICK_CONFIG_FOLDER /Library/Application Support/Tunnelblick/Shared/current-openvpn-config.tblk/Contents/Resources
--verb 3
--cd /Library/Application Support/Tunnelblick/Shared/current-openvpn-config.tblk/Contents/Resources
--management 127.0.0.1 54658 /Library/Application Support/Tunnelblick/Mips/current-openvpn-config.tblk.mip
--setenv IV_SSO webauth
--management-query-passwords
--management-hold
--redirect-gateway def1
--script-security 2
--route-up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -o -w -ptADGNWradsgnw
--down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -o -w -ptADGNWradsgnw
2024-04-29 18:51:48.940246 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:52131
2024-04-29 18:51:48.948484 MANAGEMENT: CMD 'pid'
2024-04-29 18:51:48.948544 MANAGEMENT: CMD 'auth-retry interact'
2024-04-29 18:51:48.948576 MANAGEMENT: CMD 'state on'
2024-04-29 18:51:48.948597 MANAGEMENT: CMD 'state'
2024-04-29 18:51:48.948632 MANAGEMENT: CMD 'bytecount 1'
2024-04-29 18:51:48.949129 *Tunnelblick: Established communication with OpenVPN
2024-04-29 18:51:48.958405 *Tunnelblick: >INFO:OpenVPN Management Interface Version 5 -- type 'help' for more info
2024-04-29 18:51:48.958995 MANAGEMENT: CMD 'hold release'
2024-04-29 18:51:48.961642 *Tunnelblick: Obtained VPN username and password from the Keychain
2024-04-29 18:51:48.962150 MANAGEMENT: CMD 'username "Auth" "william.shi"'
2024-04-29 18:51:48.962209 MANAGEMENT: CMD 'password [...]'
2024-04-29 18:51:48.962321 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2024-04-29 18:51:48.964579 MANAGEMENT: >STATE:1714380708,RESOLVE,,,,,,
2024-04-29 18:51:48.995141 TCP/UDP: Preserving recently used remote address: [AF_INET]13.236.34.143:443
2024-04-29 18:51:48.995232 Socket Buffers: R=[786896->786896] S=[9216->9216]
2024-04-29 18:51:48.995252 UDPv4 link local: (not bound)
2024-04-29 18:51:48.995267 UDPv4 link remote: [AF_INET]13.236.34.143:443
2024-04-29 18:51:48.995296 MANAGEMENT: >STATE:1714380708,WAIT,,,,,,
2024-04-29 18:51:49.020298 MANAGEMENT: >STATE:1714380709,AUTH,,,,,,
2024-04-29 18:51:49.020361 TLS: Initial packet from [AF_INET]13.236.34.143:443, sid=f3de723d 032d8b78
2024-04-29 18:51:49.020408 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2024-04-29 18:51:49.045275 VERIFY OK: depth=3, C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
2024-04-29 18:51:49.045606 VERIFY OK: depth=2, C=US, O=Amazon, CN=Amazon Root CA 1
2024-04-29 18:51:49.045839 VERIFY OK: depth=1, C=US, O=Amazon, CN=Amazon RSA 2048 M03
2024-04-29 18:51:49.046056 VERIFY KU OK
2024-04-29 18:51:49.046069 Validating certificate extended key usage
2024-04-29 18:51:49.046077 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2024-04-29 18:51:49.046085 VERIFY EKU OK
2024-04-29 18:51:49.046093 VERIFY OK: depth=0, CN=alwayson.ignitetravel.com
2024-04-29 18:51:49.101026 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, peer certificate: 2048 bits RSA, signature: RSA-SHA256, peer temporary key: 256 bits ECprime256v1
2024-04-29 18:51:49.101144 [alwayson.ignitetravel.com] Peer Connection Initiated with [AF_INET]13.236.34.143:443
2024-04-29 18:51:49.101170 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2024-04-29 18:51:49.101268 TLS: tls_multi_process: initial untrusted session promoted to trusted
2024-04-29 18:51:50.055551 MANAGEMENT: >STATE:1714380710,GET_CONFIG,,,,,,
2024-04-29 18:51:50.055730 SENT CONTROL [alwayson.ignitetravel.com]: 'PUSH_REQUEST' (status=1)
2024-04-29 18:51:50.055815 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.10.1.10,dhcp-option DNS 192.168.1.10,redirect-gateway def1 bypass-dhcp,block-outside-dns,dhcp-option DOMAIN-ROUTE .,route-gateway 172.16.0.33,topology subnet,ping 1,ping-restart 20,echo,echo,echo,ifconfig 172.16.0.34 255.255.255.224,peer-id 0,cipher AES-256-GCM,protocol-flags cc-exit tls-ekm dyn-tls-crypt,tun-mtu 1500'
2024-04-29 18:51:50.055916 WARNING: You have specified redirect-gateway and redirect-private at the same time (or the same option multiple times). This is not well supported and may lead to unexpected results
2024-04-29 18:51:50.055939 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:4: block-outside-dns (2.6.9)
2024-04-29 18:51:50.056006 OPTIONS IMPORT: --ifconfig/up options modified
2024-04-29 18:51:50.056017 OPTIONS IMPORT: route options modified
2024-04-29 18:51:50.056026 OPTIONS IMPORT: route-related options modified
2024-04-29 18:51:50.056033 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2024-04-29 18:51:50.056096 OPTIONS IMPORT: tun-mtu set to 1500
2024-04-29 18:51:50.057022 Opened utun device utun4
2024-04-29 18:51:50.057102 MANAGEMENT: >STATE:1714380710,ASSIGN_IP,,172.16.0.34,,,,
2024-04-29 18:51:50.057140 /sbin/ifconfig utun4 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2024-04-29 18:51:50.067459 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2024-04-29 18:51:50.067526 /sbin/ifconfig utun4 172.16.0.34 172.16.0.34 netmask 255.255.255.224 mtu 1500 up
2024-04-29 18:51:50.074390 /sbin/route add -net 172.16.0.32 172.16.0.34 255.255.255.224
add net 172.16.0.32: gateway 172.16.0.34
2024-04-29 18:51:50.082846 /sbin/route add -net 13.236.34.143 192.168.1.1 255.255.255.255
add net 13.236.34.143: gateway 192.168.1.1
2024-04-29 18:51:50.093137 /sbin/route add -net 0.0.0.0 172.16.0.33 128.0.0.0
add net 0.0.0.0: gateway 172.16.0.33
2024-04-29 18:51:50.097703 /sbin/route add -net 128.0.0.0 172.16.0.33 128.0.0.0
add net 128.0.0.0: gateway 172.16.0.33
18:51:50 *Tunnelblick: **********************************************
18:51:50 *Tunnelblick: Start of output from client.up.tunnelblick.sh
18:51:52 *Tunnelblick: Disabled IPv6 for 'USB 10/100/1000 LAN'
18:51:52 *Tunnelblick: Disabled IPv6 for 'USB 10/100/1000 LAN 2'
18:51:52 *Tunnelblick: Disabled IPv6 for 'AX88179A'
18:51:52 *Tunnelblick: Disabled IPv6 for 'Thunderbolt Bridge'
18:51:52 *Tunnelblick: Disabled IPv6 for 'Wi-Fi'
18:51:52 *Tunnelblick: Disabled IPv6 for 'iPhone USB'
18:51:52 *Tunnelblick: WARNING: 'foreign_option_4' = 'dhcp-option DOMAIN-ROUTE .' ignored
18:51:52 *Tunnelblick: Retrieved from OpenVPN: name server(s) [ 10.10.1.10 192.168.1.10 ], search domain(s) [ rewardscorp.local ] and SMB server(s) [ ] and using default domain name [ openvpn ]
18:51:52 *Tunnelblick: Will allow changes to manually-set ServerAddresses '8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220'
18:51:52 *Tunnelblick: Prepending 'rewardscorp.local' to search domains '' because the search domains were not set manually (or are allowed to be changed) but were set via OpenVPN and 'Prepend domain name to search domains' was not selected
18:51:53 *Tunnelblick: Saved the DNS and SMB configurations so they can be restored
18:51:53 *Tunnelblick: Changed DNS ServerAddresses setting from '8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220' to '10.10.1.10 192.168.1.10'
18:51:53 *Tunnelblick: Changed DNS SearchDomains setting from '' to 'rewardscorp.local'
18:51:53 *Tunnelblick: Changed DNS DomainName setting from '' to 'openvpn'
18:51:53 *Tunnelblick: Did not change SMB NetBIOSName setting of 'M-C2KD766MYP'
18:51:53 *Tunnelblick: Did not change SMB Workgroup setting of 'REWARDSCORP'
18:51:53 *Tunnelblick: Did not change SMB WINSAddresses setting of ''
18:51:53 *Tunnelblick: DNS servers '10.10.1.10 192.168.1.10' will be used for DNS queries when the VPN is active
18:51:53 *Tunnelblick: NOTE: The DNS servers do not include any free public DNS servers known to Tunnelblick. This may cause DNS queries to fail or be intercepted or falsified even if they are directed through the VPN. Specify only known public DNS servers or DNS servers located on the VPN network to avoid such problems.
18:51:53 *Tunnelblick: Flushed the DNS cache via dscacheutil
18:51:53 *Tunnelblick: /usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
18:51:53 *Tunnelblick: Notified mDNSResponder that the DNS cache was flushed
18:51:53 *Tunnelblick: Not notifying mDNSResponderHelper that the DNS cache was flushed because it is not running
18:51:53 *Tunnelblick: Setting up to monitor system configuration with process-network-changes
18:51:53 *Tunnelblick: End of output from client.up.tunnelblick.sh
18:51:53 *Tunnelblick: **********************************************
2024-04-29 18:51:53.936844 Initialization Sequence Completed
2024-04-29 18:51:53.936860 MANAGEMENT: >STATE:1714380713,CONNECTED,SUCCESS,172.16.0.34,13.236.34.143,443,,
2024-04-29 18:51:53.936867 Data Channel: cipher 'AES-256-GCM', peer-id: 0
2024-04-29 18:51:53.936870 Timers: ping 1, ping-restart 20
2024-04-29 18:51:53.936881 Protocol options: protocol-flags cc-exit tls-ekm dyn-tls-crypt
2024-04-29 18:51:55.153667 *Tunnelblick: DNS address 10.10.1.10 is being routed through the VPN
2024-04-29 18:51:55.262250 *Tunnelblick: Routing info stdout:
route to: 192.168.1.10
destination: 192.168.1.10
interface: en0
flags: <UP,HOST,REJECT,DONE,LLINFO,WASCLONED,IFSCOPE,IFREF>
recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire
0 0 0 0 0 0 1500 18
stderr:
2024-04-29 18:51:55.263370 *Tunnelblick: Warning: DNS server address 192.168.1.10 is not a public IP address and is not being routed through the VPN.
2024-04-29 18:52:37.157331 *Tunnelblick: After 30.0 seconds, gave up trying to fetch IP address information using the ipInfo host's name after connecting.
