Cannot change route table
181 views
Skip to first unread message
rotem
Apr 12, 2009, 6:06:41 AM4/12/09
to tunnelblick-discuss
Hi,
I'm trying to use Tunnelblick and have set up everything
(configuration file, ca, certificate and key files).
I had it working, but now it doesn't work any more. Probably due to
some changes in file ownerships.
What happens is when I connect, Tunnelblick's log shows the following
errors:
Sun 04/12/09 11:20 AM: ROUTE: problem writing to routing socket
Sun 04/12/09 11:20 AM: /sbin/route add -net 192.168.49.0
10.100.254.254 255.255.255.0
Sun 04/12/09 11:20 AM: ROUTE: problem writing to routing socket
Sun 04/12/09 11:20 AM: /sbin/route add -net 192.168.50.0
10.100.254.254 255.255.255.0
Sun 04/12/09 11:20 AM: ROUTE: problem writing to routing socket
Sun 04/12/09 11:20 AM: /sbin/route add -net 192.168.51.0
10.100.254.254 255.255.255.0
Sun 04/12/09 11:20 AM: ROUTE: problem writing to routing socket
Sun 04/12/09 11:20 AM: /sbin/route add -net 192.168.53.0
10.100.254.254 255.255.255.0
Sun 04/12/09 11:20 AM: ROUTE: problem writing to routing socket
Sun 04/12/09 11:20 AM: /sbin/route add -net 192.168.59.0
10.100.254.254 255.255.255.0
Sun 04/12/09 11:20 AM: ROUTE: problem writing to routing socket
Sun 04/12/09 11:20 AM: /sbin/route add -net 172.18.0.0 10.100.254.254
255.255.0.0
Sun 04/12/09 11:20 AM: ROUTE: problem writing to routing socket
Sun 04/12/09 11:20 AM: /sbin/route add -net 172.19.0.0 10.100.253.144
255.255.0.0
Sun 04/12/09 11:20 AM: ROUTE: problem writing to routing socket
Sun 04/12/09 11:20 AM: /sbin/route add -net 10.123.0.0 10.100.254.254
255.255.0.0
Sun 04/12/09 11:20 AM: ROUTE: problem writing to routing socket
Sun 04/12/09 11:20 AM: /sbin/route add -net 10.101.0.0 10.100.254.254
255.255.0.0
Sun 04/12/09 11:20 AM: ROUTE: problem writing to routing socket
Sun 04/12/09 11:20 AM: /sbin/route add -net 10.117.0.0 10.100.254.254
255.255.0.0
Sun 04/12/09 11:20 AM: Initialization Sequence Completed
...and no data is transmitted. In fact, I no longer have internet
access until I disconnect Tunnelblick.
I know that in order to change routing table you need to be root, but
I cannot figure out how to set it up so that Tunnelblick has
permission to change the routing table.
Thanks for the help.
Rotem
I'm trying to use Tunnelblick and have set up everything
(configuration file, ca, certificate and key files).
I had it working, but now it doesn't work any more. Probably due to
some changes in file ownerships.
What happens is when I connect, Tunnelblick's log shows the following
errors:
Sun 04/12/09 11:20 AM: ROUTE: problem writing to routing socket
Sun 04/12/09 11:20 AM: /sbin/route add -net 192.168.49.0
10.100.254.254 255.255.255.0
Sun 04/12/09 11:20 AM: ROUTE: problem writing to routing socket
Sun 04/12/09 11:20 AM: /sbin/route add -net 192.168.50.0
10.100.254.254 255.255.255.0
Sun 04/12/09 11:20 AM: ROUTE: problem writing to routing socket
Sun 04/12/09 11:20 AM: /sbin/route add -net 192.168.51.0
10.100.254.254 255.255.255.0
Sun 04/12/09 11:20 AM: ROUTE: problem writing to routing socket
Sun 04/12/09 11:20 AM: /sbin/route add -net 192.168.53.0
10.100.254.254 255.255.255.0
Sun 04/12/09 11:20 AM: ROUTE: problem writing to routing socket
Sun 04/12/09 11:20 AM: /sbin/route add -net 192.168.59.0
10.100.254.254 255.255.255.0
Sun 04/12/09 11:20 AM: ROUTE: problem writing to routing socket
Sun 04/12/09 11:20 AM: /sbin/route add -net 172.18.0.0 10.100.254.254
255.255.0.0
Sun 04/12/09 11:20 AM: ROUTE: problem writing to routing socket
Sun 04/12/09 11:20 AM: /sbin/route add -net 172.19.0.0 10.100.253.144
255.255.0.0
Sun 04/12/09 11:20 AM: ROUTE: problem writing to routing socket
Sun 04/12/09 11:20 AM: /sbin/route add -net 10.123.0.0 10.100.254.254
255.255.0.0
Sun 04/12/09 11:20 AM: ROUTE: problem writing to routing socket
Sun 04/12/09 11:20 AM: /sbin/route add -net 10.101.0.0 10.100.254.254
255.255.0.0
Sun 04/12/09 11:20 AM: ROUTE: problem writing to routing socket
Sun 04/12/09 11:20 AM: /sbin/route add -net 10.117.0.0 10.100.254.254
255.255.0.0
Sun 04/12/09 11:20 AM: Initialization Sequence Completed
...and no data is transmitted. In fact, I no longer have internet
access until I disconnect Tunnelblick.
I know that in order to change routing table you need to be root, but
I cannot figure out how to set it up so that Tunnelblick has
permission to change the routing table.
Thanks for the help.
Rotem
rotem
Apr 30, 2009, 3:42:34 AM4/30/09
to tunnelblick-discuss
No response from anyone yet...
Does someone know how to fix this issue?
Thanks
Rotem
Does someone know how to fix this issue?
Thanks
Rotem
Jon
May 1, 2009, 8:14:21 AM5/1/09
to tunnelblick-discuss
Have you tried re-installing Tunnelblick?
To uninstall Tunnelblick, move Tunnelblick.app to the trash AND delete
~/Library/Preferences/com.openvpn.tunnelblick.plist, to force the
"first time run" sequence. That should ask you for your admin username/
password and use that to setuid root on one of the Tunnelblick
executables.
Then reinstall it normally, i.e., drag Tunnelblick.app from the .dmg
to your Applications folder.
To uninstall Tunnelblick, move Tunnelblick.app to the trash AND delete
~/Library/Preferences/com.openvpn.tunnelblick.plist, to force the
"first time run" sequence. That should ask you for your admin username/
password and use that to setuid root on one of the Tunnelblick
executables.
Then reinstall it normally, i.e., drag Tunnelblick.app from the .dmg
to your Applications folder.
rotem
May 6, 2009, 3:59:26 PM5/6/09
to tunnelblick-discuss
Thanks for the reply :-)
I've tried to uninstall as you said but this didn't resolve the issue.
I'm still getting the "ROUTE: problem writing to routing socket" for
each "route add -net..." Tunnelblick is trying (as I quoted earlier in
this thread).
Any other suggestions?
I've tried to uninstall as you said but this didn't resolve the issue.
I'm still getting the "ROUTE: problem writing to routing socket" for
each "route add -net..." Tunnelblick is trying (as I quoted earlier in
this thread).
Any other suggestions?
Jonathan K. Bullard
May 8, 2009, 3:17:17 PM5/8/09
to tunnelbli...@googlegroups.com
Do you have the "Set Nameserver" checkbox checked?
Does the config file set the "user" to a non-privileged user?
Does the config file set the "user" to a non-privileged user?
rotem rubnov
May 8, 2009, 4:27:34 PM5/8/09
to tunnelbli...@googlegroups.com
Hi,
"Set Nameserver" set or unset, doesn't make a difference.
I don't have "user" command in the config file.
here it is:
client
dev tun
proto udp
remote XX.XXX.XXX.X XXXX
resolv-retry infinite
nobind
ca ca.crt
cert client.crt
key client.key
comp-lzo
verb 3
Thanks
Jonathan K. Bullard
May 8, 2009, 8:50:04 PM5/8/09
to tunnelbli...@googlegroups.com
"resolv-retry infinite" is the default, so that line isn't needed.
You might try it without the "nobind" line. If I understand it correctly (and I don't have much confidence that I do), it means the VPN won't connect to any device. If it isn't connected to a device, then it can't set routes through that device.
You might try it without the "nobind" line. If I understand it correctly (and I don't have much confidence that I do), it means the VPN won't connect to any device. If it isn't connected to a device, then it can't set routes through that device.
rotem rubnov
May 9, 2009, 6:22:17 AM5/9/09
to tunnelbli...@googlegroups.com
I've tried it, but it didn't resolve the issue.
It must have to do with permissions. I tried this from a shell window: "/sbin/route add -net 192.168.49.0 10.100.254.254 255.255.255.0" and got an error: "route: must be root to alter routing table". Then I tried it with "sudo" and it worked.
I'm suspecting the same happens for the Tunnelblick app. Could it be that it doesn't have root permissions when calling "route" command? How do I verify that?
Thanks!
rotem rubnov
May 9, 2009, 8:31:34 AM5/9/09
to tunnelbli...@googlegroups.com
Hi,
I just noticed the following 3 lines in the Tunnelblick log:
/sbin/route add -net 82.210.235.1 192.168.1.1 255.255.255.255
/sbin/route delete -net 0.0.0.0 192.168.1.1 0.0.0.0
/sbin/route add -net 0.0.0.0 10.100.254.254 0.0.0.0
The last line always returns an error. I
I am using a router at home which serves as my gateway, with address 192.168.1.1.
Why does Tunnelblick start OK with correct gateway address, but then, in the 3rd line above, uses 10.100.254.254 as a gateway to add new route entries to the route table? All entries that it tries to add later are also through gateway address 10.100.254.254?
Is this some kind of openvpn default? I didn't see anything in the configuration script that sets this gateway address.
Is there any way to configure openvpn to use my current gateway 192.168.1.1?
Thanks
Reply all
Reply to author
Forward
0 new messages