*Tunnelblick: OS X 10.12.5; Tunnelblick 3.7.2beta03 (build 4840); prior version 3.7.2beta02 (build 4830); Admin user git commit 7f26fa2ea825c4ddbcde7d4c4bd8cc6de9673c0a Configuration XXXXX-ldap "Sanitized" condensed configuration file for /Users/enricocavalli/Library/Application Support/Tunnelblick/Configurations/XXXXX-ldap.tblk: dev tun persist-tun cipher AES-256-CBC persist-key tls-client client comp-lzo resolv-retry infinite remote 131.175.1.21 1195 udp lport 0 auth-user-pass ca ca.crt tls-auth static.key 1 ns-cert-type server ================================================================================ Non-Apple kexts that are loaded: Index Refs Address Size Wired Name (Version) UUID 140 3 0xffffff7f83371000 0x61000 0x61000 org.virtualbox.kext.VBoxDrv (5.1.22) 93316754-E074-3CE2-9464-DDA4356FF02E <7 5 4 3 1> 143 0 0xffffff7f833d2000 0x8000 0x8000 org.virtualbox.kext.VBoxUSB (5.1.22) D956DCFA-4E4F-320A-BEBC-E4823501B1FF <142 140 39 7 5 4 3 1> 144 0 0xffffff7f833da000 0x5000 0x5000 org.virtualbox.kext.VBoxNetFlt (5.1.22) 446923A0-E855-3E75-9173-66FA4CE2474A <140 7 5 4 3 1> 145 0 0xffffff7f833df000 0x6000 0x6000 org.virtualbox.kext.VBoxNetAdp (5.1.22) 4A6C39E1-5D90-3E34-9673-57B0DD779CD7 <140 5 4 1> ================================================================================ There are no unusual files in XXXXX-ldap.tblk ================================================================================ Configuration preferences: useDNS = 1 -routeAllTrafficThroughVpn = 0 -useRouteUpInsteadOfUp = 0 -keychainHasUsernameAndPassword = 1 -openvpnVersion = -notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0 -keepConnected = 1 -loggingLevel = 3 -lastConnectionSucceeded = 1 -prependDomainNameToSearchDomains = 1 ================================================================================ Wildcard preferences: ================================================================================ Program preferences: launchAtNextLogin = 1 menuIconSet = TunnelBlick-black-white.TBMenuIcons notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0 askedUserIfOKToCheckThatIPAddressDidNotChangeAfterConnection = 1 tunnelblickVersionHistory = ( "3.7.2beta03 (build 4840)", "3.7.2beta02 (build 4830)", "3.7.1a (build 4812)" ) statusDisplayNumber = 0 lastLaunchTime = 519888885.574192 lastLanguageAtLaunchWasRTL = 0 connectionWindowDisplayCriteria = showWhenConnecting maxLogDisplaySize = 102400 lastConnectedDisplayName = XXXXX-ldap keyboardShortcutIndex = 1 updateCheckAutomatically = 1 updateCheckBetas = 1 updateSendProfileInfo = 0 NSWindow Frame SettingsSheetWindow = 457 317 829 524 0 0 1440 877 NSWindow Frame ConnectingWindow = 525 530 389 187 0 0 1440 877 NSWindow Frame SUUpdateAlert = 650 515 620 392 0 0 1920 1057 detailsWindowFrameVersion = 4840 detailsWindowFrame = {{500, 458}, {920, 468}} detailsWindowLeftFrame = {{0, 0}, {165, 350}} detailsWindowViewIndex = 0 detailsWindowConfigurationsTabIdentifier = log leftNavSelectedDisplayName = XXXXX-ldap AdvancedWindowTabIdentifier = sounds haveDealtWithSparkle1dot5b6 = 1 haveDealtWithOldTunTapPreferences = 1 haveDealtWithOldLoginItem = 1 SUEnableAutomaticChecks = 1 SUScheduledCheckInterval = 86400 SUSendProfileInfo = 0 SULastCheckTime = 2017-06-23 05:34:47 +0000 SULastProfileSubmissionDate = 2017-06-16 21:57:35 +0000 SUHasLaunchedBefore = 1 WebKitDefaultFontSize = 16 WebKitStandardFont = Times ================================================================================ Tunnelblick Log: *Tunnelblick: OS X 10.12.5; Tunnelblick 3.7.2beta03 (build 4840); prior version 3.7.2beta02 (build 4830) 2017-06-23 07:38:08 *Tunnelblick: Attempting connection with XXXXX-ldap using shadow copy; Set nameserver = 769; monitoring connection 2017-06-23 07:38:08 *Tunnelblick: openvpnstart start XXXXX-ldap.tblk 1337 769 0 1 0 1065392 -ptADGNWradsgnw 2.3.17-openssl-1.0.2k 2017-06-23 07:38:08 *Tunnelblick: openvpnstart log: OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line): /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.17-openssl-1.0.2k/openvpn --daemon --log /Library/Application Support/Tunnelblick/Logs/-SUsers-Senricocavalli-SLibrary-SApplication Support-STunnelblick-SConfigurations-SXXXXX--ldap.tblk-SContents-SResources-Sconfig.ovpn.769_0_1_0_1065392.1337.openvpn.log --cd /Library/Application Support/Tunnelblick/Users/enricocavalli/XXXXX-ldap.tblk/Contents/Resources --verb 3 --config /Library/Application Support/Tunnelblick/Users/enricocavalli/XXXXX-ldap.tblk/Contents/Resources/config.ovpn --verb 3 --cd /Library/Application Support/Tunnelblick/Users/enricocavalli/XXXXX-ldap.tblk/Contents/Resources --management 127.0.0.1 1337 --management-query-passwords --management-hold --script-security 2 --up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -p -w -ptADGNWradsgnw --down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -p -w -ptADGNWradsgnw 2017-06-23 07:38:08 *Tunnelblick: Established communication with OpenVPN 2017-06-23 07:38:08 *Tunnelblick: Obtained VPN username and password from the Keychain 2017-06-23 07:38:08 OpenVPN 2.3.17 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Jun 21 2017 2017-06-23 07:38:08 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09 2017-06-23 07:38:08 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337 2017-06-23 07:38:08 Need hold release from management interface, waiting... 2017-06-23 07:38:08 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337 2017-06-23 07:38:08 MANAGEMENT: CMD 'pid' 2017-06-23 07:38:08 MANAGEMENT: CMD 'state on' 2017-06-23 07:38:08 MANAGEMENT: CMD 'state' 2017-06-23 07:38:08 MANAGEMENT: CMD 'bytecount 1' 2017-06-23 07:38:08 MANAGEMENT: CMD 'hold release' 2017-06-23 07:38:08 MANAGEMENT: CMD 'username "Auth" "e.cavalli@XXXXX.it"' 2017-06-23 07:38:08 MANAGEMENT: CMD 'password [...]' 2017-06-23 07:38:08 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2017-06-23 07:38:08 Control Channel Authentication: using 'static.key' as a OpenVPN static key file 2017-06-23 07:38:08 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 2017-06-23 07:38:08 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 2017-06-23 07:38:08 Socket Buffers: R=[196724->196724] S=[9216->9216] 2017-06-23 07:38:08 UDPv4 link local (bound): [undef] 2017-06-23 07:38:08 UDPv4 link remote: [AF_INET]131.175.1.21:1195 2017-06-23 07:38:08 MANAGEMENT: >STATE:1498196288,WAIT,,, 2017-06-23 07:38:08 MANAGEMENT: >STATE:1498196288,AUTH,,, 2017-06-23 07:38:08 TLS: Initial packet from [AF_INET]131.175.1.21:1195, sid=16a328ba ed202d97 2017-06-23 07:38:08 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this 2017-06-23 07:38:08 VERIFY OK: depth=1, C=IT, ST=MI, L=Segrate, O=XXXXX, OU=DSET, CN=XXXXX CA, name=EasyRSA, emailAddress=noc@XXXXX.it 2017-06-23 07:38:08 VERIFY OK: nsCertType=SERVER 2017-06-23 07:38:08 VERIFY OK: depth=0, C=IT, ST=MI, L=Segrate, O=XXXXX, OU=DSET, CN=ghisa, name=ghisa, emailAddress=noc@XXXXX.it 2017-06-23 07:38:08 *Tunnelblick: openvpnstart starting OpenVPN 2017-06-23 07:38:09 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key 2017-06-23 07:38:09 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication 2017-06-23 07:38:09 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key 2017-06-23 07:38:09 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication 2017-06-23 07:38:09 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA 2017-06-23 07:38:09 [ghisa] Peer Connection Initiated with [AF_INET]131.175.1.21:1195 2017-06-23 07:38:10 MANAGEMENT: >STATE:1498196290,GET_CONFIG,,, 2017-06-23 07:38:11 SENT CONTROL [ghisa]: 'PUSH_REQUEST' (status=1) 2017-06-23 07:38:11 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.250.1.23,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,dhcp-option DOMAIN private.XXXXX.it,redirect-gateway def1,route 192.168.22.1,topology net30,ping 10,ping-restart 60,ifconfig 192.168.22.6 192.168.22.5,peer-id 0' 2017-06-23 07:38:11 OPTIONS IMPORT: timers and/or timeouts modified 2017-06-23 07:38:11 OPTIONS IMPORT: --ifconfig/up options modified 2017-06-23 07:38:11 OPTIONS IMPORT: route options modified 2017-06-23 07:38:11 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified 2017-06-23 07:38:11 OPTIONS IMPORT: peer-id set 2017-06-23 07:38:11 OPTIONS IMPORT: adjusting link_mtu to 1561 2017-06-23 07:38:11 Opening utun (connect(AF_SYS_CONTROL)): Resource busy 2017-06-23 07:38:11 Opening utun (connect(AF_SYS_CONTROL)): Resource busy 2017-06-23 07:38:11 Opened utun device utun2 2017-06-23 07:38:11 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 2017-06-23 07:38:11 MANAGEMENT: >STATE:1498196291,ASSIGN_IP,,192.168.22.6, 2017-06-23 07:38:11 /sbin/ifconfig utun2 delete ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address 2017-06-23 07:38:11 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure 2017-06-23 07:38:11 /sbin/ifconfig utun2 192.168.22.6 192.168.22.5 mtu 1500 netmask 255.255.255.255 up 2017-06-23 07:38:11 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -p -w -ptADGNWradsgnw utun2 1500 1561 192.168.22.6 192.168.22.5 init ********************************************** Start of output from client.up.tunnelblick.sh Disabled IPv6 for 'Wi-Fi' Disabled IPv6 for 'Apple USB Ethernet Adapter' Disabled IPv6 for 'iPhone' Disabled IPv6 for 'Bluetooth PAN' Disabled IPv6 for 'Thunderbolt Bridge' Retrieved from OpenVPN: name server(s) [ 10.250.1.23 8.8.8.8 8.8.4.4 ], domain name [ private.XXXXX.it ], search domain(s) [ ], and SMB server(s) [ ] Not aggregating ServerAddresses because running on OS X 10.6 or higher Prepending 'private.XXXXX.it' to search domains '' because the search domains were not set manually (or are allowed to be changed) and 'Prepend domain name to search domains' was selected Saved the DNS and SMB configurations so they can be restored Changed DNS ServerAddresses setting from 'fe80::3291:8fff:fe69:30c6 192.168.1.254 62.101.93.101 83.103.25.250' to '10.250.1.23 8.8.8.8 8.8.4.4' Changed DNS SearchDomains setting from '' to 'private.XXXXX.it' Changed DNS DomainName setting from 'lan' to 'private.XXXXX.it' Did not change SMB NetBIOSName setting of '' Did not change SMB Workgroup setting of '' Did not change SMB WINSAddresses setting of '' DNS servers '10.250.1.23 8.8.8.8 8.8.4.4' will be used for DNS queries when the VPN is active NOTE: The DNS servers include one or more free public DNS servers known to Tunnelblick and one or more DNS servers not known to Tunnelblick. If used, the DNS servers not known to Tunnelblick may cause DNS queries to fail or be intercepted or falsified even if they are directed through the VPN. Specify only known public DNS servers or DNS servers located on the VPN network to avoid such problems. Flushed the DNS cache via dscacheutil /usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil Notified mDNSResponder that the DNS cache was flushed Setting up to monitor system configuration with process-network-changes End of output from client.up.tunnelblick.sh ********************************************** 2017-06-23 07:38:15 *Tunnelblick: No 'connected.sh' script to execute 2017-06-23 07:38:15 /sbin/route add -net 131.175.1.21 192.168.1.254 255.255.255.255 add net 131.175.1.21: gateway 192.168.1.254 2017-06-23 07:38:15 /sbin/route add -net 0.0.0.0 192.168.22.5 128.0.0.0 add net 0.0.0.0: gateway 192.168.22.5 2017-06-23 07:38:15 /sbin/route add -net 128.0.0.0 192.168.22.5 128.0.0.0 add net 128.0.0.0: gateway 192.168.22.5 2017-06-23 07:38:15 MANAGEMENT: >STATE:1498196295,ADD_ROUTES,,, 2017-06-23 07:38:15 /sbin/route add -net 192.168.22.1 192.168.22.5 255.255.255.255 add net 192.168.22.1: gateway 192.168.22.5 2017-06-23 07:38:15 Initialization Sequence Completed 2017-06-23 07:38:15 MANAGEMENT: >STATE:1498196295,CONNECTED,SUCCESS,192.168.22.6,131.175.1.21 2017-06-23 07:38:35 *Tunnelblick: Disconnecting; VPN Details… window disconnect button pressed 2017-06-23 07:38:35 *Tunnelblick: No 'pre-disconnect.sh' script to execute 2017-06-23 07:38:35 *Tunnelblick: Disconnecting using 'kill' 2017-06-23 07:38:35 event_wait : Interrupted system call (code=4) 2017-06-23 07:38:35 /sbin/route delete -net 192.168.22.1 192.168.22.5 255.255.255.255 delete net 192.168.22.1: gateway 192.168.22.5 2017-06-23 07:38:35 /sbin/route delete -net 131.175.1.21 192.168.1.254 255.255.255.255 delete net 131.175.1.21: gateway 192.168.1.254 2017-06-23 07:38:35 /sbin/route delete -net 0.0.0.0 192.168.22.5 128.0.0.0 delete net 0.0.0.0: gateway 192.168.22.5 2017-06-23 07:38:35 /sbin/route delete -net 128.0.0.0 192.168.22.5 128.0.0.0 delete net 128.0.0.0: gateway 192.168.22.5 2017-06-23 07:38:35 Closing TUN/TAP interface 2017-06-23 07:38:35 /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -p -w -ptADGNWradsgnw utun2 1500 1561 192.168.22.6 192.168.22.5 init ********************************************** Start of output from client.down.tunnelblick.sh Cancelled monitoring of system configuration changes No such key Restored the DNS and SMB configurations Re-enabled IPv6 (automatic) for 'Wi-Fi' Re-enabled IPv6 (automatic) for 'Apple USB Ethernet Adapter' Re-enabled IPv6 (automatic) for 'iPhone' Re-enabled IPv6 (automatic) for 'Bluetooth PAN' Re-enabled IPv6 (automatic) for 'Thunderbolt Bridge' Flushed the DNS cache via dscacheutil /usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil Notified mDNSResponder that the DNS cache was flushed End of output from client.down.tunnelblick.sh ********************************************** 2017-06-23 07:38:36 SIGTERM[hard,] received, process exiting 2017-06-23 07:38:36 MANAGEMENT: >STATE:1498196316,EXITING,SIGTERM,, 2017-06-23 07:38:36 *Tunnelblick: No 'post-disconnect.sh' script to execute 2017-06-23 07:38:36 *Tunnelblick: Expected disconnection occurred. ================================================================================ "Sanitized" full configuration file dev tun persist-tun cipher AES-256-CBC persist-key tls-client client comp-lzo resolv-retry infinite remote 131.175.1.21 1195 udp lport 0 auth-user-pass ca ca.crt tls-auth static.key 1 ns-cert-type server ================================================================================ ifconfig output: lo0: flags=8049 mtu 16384 options=1203 inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 nd6 options=201 gif0: flags=8010 mtu 1280 stf0: flags=0<> mtu 1280 en0: flags=8863 mtu 1500 ether dc:a9:04:72:5a:fa inet 192.168.1.74 netmask 0xffffff00 broadcast 192.168.1.255 inet6 fe80::452:144f:2c14:1c89%en0 prefixlen 64 secured scopeid 0x4 inet6 2001:b07:6452:e8e8:1c63:5b4e:90cf:6a15 prefixlen 64 autoconf secured inet6 2001:b07:6452:e8e8:2920:6e94:28d7:e474 prefixlen 64 autoconf temporary nd6 options=201 media: autoselect status: active en1: flags=963 mtu 1500 options=60 ether 1a:00:a1:38:c3:00 media: autoselect status: inactive en3: flags=963 mtu 1500 options=60 ether 1a:00:a1:38:c3:01 media: autoselect status: inactive en2: flags=963 mtu 1500 options=60 ether 1a:00:a1:38:c3:04 media: autoselect status: inactive en4: flags=963 mtu 1500 options=60 ether 1a:00:a1:38:c3:05 media: autoselect status: inactive bridge0: flags=8863 mtu 1500 options=63 ether 1a:00:a1:38:c3:00 Configuration: id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0 maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200 root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0 ipfilter disabled flags 0x2 member: en1 flags=3 ifmaxaddr 0 port 5 priority 0 path cost 0 member: en2 flags=3 ifmaxaddr 0 port 7 priority 0 path cost 0 member: en3 flags=3 ifmaxaddr 0 port 6 priority 0 path cost 0 member: en4 flags=3 ifmaxaddr 0 port 8 priority 0 path cost 0 nd6 options=201 media: status: inactive p2p0: flags=8843 mtu 2304 ether 0e:a9:04:72:5a:fa media: autoselect status: inactive awdl0: flags=8943 mtu 1484 ether 1e:bf:11:4d:5a:c1 inet6 fe80::1cbf:11ff:fe4d:5ac1%awdl0 prefixlen 64 scopeid 0xb nd6 options=201 media: autoselect status: active utun0: flags=8051 mtu 1380 inet6 fe80::e4c5:c483:19e5:3f5f%utun0 prefixlen 64 scopeid 0xd inet6 fd31:265f:699:729f:e4c5:c483:19e5:3f5f prefixlen 64 nd6 options=201 utun1: flags=8051 mtu 2000 inet6 fe80::fac0:d844:48ea:fb92%utun1 prefixlen 64 scopeid 0xe nd6 options=201 en5: flags=8863 mtu 1500 ether ac:de:48:00:11:22 inet6 fe80::aede:48ff:fe00:1122%en5 prefixlen 64 scopeid 0xc nd6 options=281 media: autoselect status: active ================================================================================ Console Log: 2017-06-23 07:34:44 Tunnelblick[27384] Tunnelblick: OS X 10.12.5; Tunnelblick 3.7.2beta03 (build 4840) 2017-06-23 07:34:45 Tunnelblick[27384] Using icon set 'TunnelBlick-black-white.TBMenuIcons' without Retina images 2017-06-23 07:34:47 Tunnelblick[27384] Sparkle: ===== Tunnelblick.app ===== 2017-06-23 07:34:47 Tunnelblick[27384] Sparkle: Verified appcast signature 2017-06-23 07:36:17 Tunnelblick[27384] Using icon set 'TunnelBlick-black-white.TBMenuIcons' without Retina images 2017-06-23 07:38:08 Tunnelblick[27384] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-XXXXX-ldap' account = 'username' 2017-06-23 07:38:08 Tunnelblick[27384] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-XXXXX-ldap' account = 'password'