Window requests to insert token but there is no editing field !

[denis99999]

Describe the bug Trying to connect to a VPN requiring PIN code of my PKI (i.e. USB dongle with safenet authentication client of Gemalto), a window is displayed saying me to enter my token but there is no editing field for that, so regardless of the button I click after that (i.e. cancel or OK), it leads to a failure. Note that it works fine while using openvpn (i.e. brew install openvpn) in a terminal window: I can edit my PIN code and the connection is established.

To Reproduce See my configuration in Diagnostic information (I changed some authentication information by XXX...)

Expected behavior Tunnelblick should provide the way to edit my PIN code

Screenshots

Using Tunnelblick:

Using openvpn:

Additional context I installed tuntap extension (i.e. brew cask install tuntap) and allowed developer extension in Security & Privacy settings.

Diagnostic information *Tunnelblick: macOS 10.15.5 (19F101); Tunnelblick 3.8.3beta02 (build 5500); prior version 3.8.1 (build 5400); Admin user git commit 97ea201da254dba002bf331b1fde3dd270ddbbd8

Configuration client

"Sanitized" condensed configuration file for /Users/barbaron/Library/Application Support/Tunnelblick/Configurations/client.tblk:

remote 161.X.X.X 1194 udp remote 161.X.X.X 1194 udp remote 161.X.X.X 1194 udp remote 161.X.X.X 1194 udp nobind dev tap tun-mtu 9000 compress lzo pull tls-client ca ca.crt pkcs11-providers /Library/Frameworks/eToken.framework/Versions/A/libeToken.dylib pkcs11-id 'SafeNet\x2C\x20Inc\x2E/eToken/02726d8a/pr_odbi6201_02726d8a/XXXX...' tls-auth ta.key 1 dhcp-option WPAD http://proxypac.si.francetelecom.fr:8080 dhcp-option WINS 10.100.77.3 dhcp-option WINS 10.197.116.104 resolv-retry infinite remote-cert-eku "TLS Web Server Authentication" push "dhcp-option DOMAIN rd.francetelecom.fr" explicit-exit-notify hand-window 10 mssfix 1464 comp-lzo adaptive rcvbuf 524288 tls-version-max 1.1 sndbuf 524288 mute 20 remote-random

================================================================================

Files in client.tblk: Contents/Resources/ta.key Contents/Resources/ca.crt Contents/Resources/config.ovpn

================================================================================

Configuration preferences:

-authenticateOnConnect = 0 (forced) -loadTap = never -credentialsGroup = -openvpnVersion = 2.5_git_cc76e17-openssl-1.0.2u -notOKToCheckThatIPAddressDidNotChangeAfterConnection = 1 -loggingLevel = 6 -lastConnectionSucceeded = 0

================================================================================

Wildcard preferences:

-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 1

================================================================================

Program preferences:

launchAtNextLogin = 1 notOKToCheckThatIPAddressDidNotChangeAfterConnection = 1 tunnelblickVersionHistory = ( "3.8.3beta02 (build 5500)", "3.8.1 (build 5400)", "3.7.2a (build 4851)", "3.7.0 (build 4790)" ) lastLaunchTime = 614605638.6643929 lastLanguageAtLaunchWasRTL = 0 connectionWindowDisplayCriteria = showWhenConnecting maxLogDisplaySize = 102400 lastConnectedDisplayName = client-rdt-10.193.13.150.bridge keyboardShortcutIndex = 1 updateCheckAutomatically = 0 NSWindow Frame SettingsSheetWindow = 323 215 829 542 0 0 1920 1177 NSWindow Frame ConnectingWindow = 765 757 389 187 0 0 1920 1177 NSWindow Frame SUUpdateAlert = 410 378 620 392 0 0 1440 877 detailsWindowFrameVersion = 5500 detailsWindowFrame = {{451, 223}, {1208, 784}} detailsWindowLeftFrame = {{0, 0}, {221.5, 666}} detailsWindowViewIndex = 0 detailsWindowConfigurationsTabIdentifier = log leftNavSelectedDisplayName = client AdvancedWindowTabIdentifier = connectingAndDisconnecting haveDealtWithOldTunTapPreferences = 1 haveDealtWithOldLoginItem = 1 haveDealtWithAfterDisconnect = 1 SUEnableAutomaticChecks = 0 SUScheduledCheckInterval = 86400 SUSendProfileInfo = 0 SULastCheckTime = 2017-10-04 08:49:13 +0000 SUHasLaunchedBefore = 1 WebKitDefaultFontSize = 16 WebKitStandardFont = Times askedUserIfOKToCheckThatIPAddressDidNotChangeAfterConnection = 1 haveDealtWithSparkle1dot5b6 = 1 updateSendProfileInfo = 0

================================================================================

Tunnelblick Log:

2020-06-23 13:48:09.979641 Tunnelblick: macOS 10.15.5 (19F101); Tunnelblick 3.8.3beta02 (build 5500); prior version 3.8.1 (build 5400) 2020-06-23 13:48:10.307034 Tunnelblick: Attempting connection with client using shadow copy; Set nameserver = 1537; monitoring connection 2020-06-23 13:48:10.307607 Tunnelblick: openvpnstart start client.tblk 50549 1537 0 1 0 1098096 -ptADGNWradsgnw 2.5_git_cc76e17-openssl-1.0.2u 2020-06-23 13:48:10.324629 Tunnelblick: openvpnstart starting OpenVPN 2020-06-23 13:48:10.481416 Current Parameter Settings: 2020-06-23 13:48:10.481460 config = '/Library/Application Support/Tunnelblick/Users/barbaron/client.tblk/Contents/Resources/config.ovpn' 2020-06-23 13:48:10.481485 mode = 0 2020-06-23 13:48:10.481493 show_ciphers = DISABLED 2020-06-23 13:48:10.481501 show_digests = DISABLED 2020-06-23 13:48:10.481507 show_engines = DISABLED 2020-06-23 13:48:10.481513 genkey = DISABLED 2020-06-23 13:48:10.481520 genkey_filename = '[UNDEF]' 2020-06-23 13:48:10.481526 key_pass_file = '[UNDEF]' 2020-06-23 13:48:10.481532 show_tls_ciphers = DISABLED 2020-06-23 13:48:10.481538 connect_retry_max = 0 2020-06-23 13:48:10.481544 Connection profiles [0]: 2020-06-23 13:48:10.481551 proto = udp 2020-06-23 13:48:10.481557 local = '[UNDEF]' 2020-06-23 13:48:10.481563 local_port = '[UNDEF]' 2020-06-23 13:48:10.481569 remote = '161.X.X.X' 2020-06-23 13:48:10.481575 remote_port = '1194' 2020-06-23 13:48:10.481582 remote_float = DISABLED 2020-06-23 13:48:10.481588 bind_defined = DISABLED 2020-06-23 13:48:10.481602 bind_local = DISABLED 2020-06-23 13:48:10.481619 NOTE: --mute triggered... 2020-06-23 13:48:10.481658 363 variation(s) on previous 20 message(s) suppressed by --mute 2020-06-23 13:48:10.481665 OpenVPN 2.5_git_cc76e17 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on May 22 2020 2020-06-23 13:48:10.481674 library versions: OpenSSL 1.0.2u 20 Dec 2019, LZO 2.10 2020-06-23 13:48:10.482791 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:50549 2020-06-23 13:48:10.482811 Need hold release from management interface, waiting... 2020-06-23 13:48:10.931028 Tunnelblick: openvpnstart log: OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line): /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.5_git_cc76e17-openssl-1.0.2u/openvpn --daemon --log /Library/Application Support/Tunnelblick/Logs/-SUsers-Sbarbaron-SLibrary-SApplication Support-STunnelblick-SConfigurations-Sclient.tblk-SContents-SResources-Sconfig.ovpn.1537_0_1_0_1098096.50549.openvpn.log --cd /Library/Application Support/Tunnelblick/Users/barbaron/client.tblk/Contents/Resources --machine-readable-output --setenv IV_GUI_VER "net.tunnelblick.tunnelblick 5500 3.8.3beta02 (build 5500)" --verb 6 --config /Library/Application Support/Tunnelblick/Users/barbaron/client.tblk/Contents/Resources/config.ovpn --setenv TUNNELBLICK_CONFIG_FOLDER /Library/Application Support/Tunnelblick/Users/barbaron/client.tblk/Contents/Resources --verb 6 --cd /Library/Application Support/Tunnelblick/Users/barbaron/client.tblk/Contents/Resources --management 127.0.0.1 50549 /Library/Application Support/Tunnelblick/iinpnineeiamakijiokphjhnhnddimljlopbdafa.mip --management-query-passwords --management-hold --script-security 2 --route-up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -a -d -f -m -w -ptADGNWradsgnw --down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -a -d -f -m -w -ptADGNWradsgnw --route-pre-down /Applications/Tunnelblick.app/Contents/Resources/client.route-pre-down.tunnelblick.sh -9 -a -d -f -m -w -ptADGNWradsgnw 2020-06-23 13:48:10.938535 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:50549 2020-06-23 13:48:10.975449 MANAGEMENT: CMD 'pid' 2020-06-23 13:48:10.975498 MANAGEMENT: CMD 'auth-retry interact' 2020-06-23 13:48:10.975535 MANAGEMENT: CMD 'state on' 2020-06-23 13:48:10.975567 MANAGEMENT: CMD 'state' 2020-06-23 13:48:10.975607 MANAGEMENT: CMD 'bytecount 1' 2020-06-23 13:48:10.976134 Tunnelblick: Established communication with OpenVPN 2020-06-23 13:48:10.977227 Tunnelblick: >INFO:OpenVPN Management Interface Version 3 -- type 'help' for more info 2020-06-23 13:48:10.978993 MANAGEMENT: CMD 'hold release' 2020-06-23 13:48:10.979804 PKCS#11: Adding PKCS#11 provider '/Library/Frameworks/eToken.framework/Versions/A/libeToken.dylib' 2020-06-23 13:48:11.166976 PKCS#11: Cannot initialize provider '/Library/Frameworks/eToken.framework/Versions/A/libeToken.dylib' 6-'CKR_FUNCTION_FAILED' 2020-06-23 13:48:11.167090 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2020-06-23 13:48:29.013353 MANAGEMENT: CMD 'needok token-insertion-request cancel' 2020-06-23 13:48:29.013537 PKCS#11: Cannot get certificate object 2020-06-23 13:48:29.013579 PKCS#11: Cannot get certificate object 2020-06-23 13:48:29.013592 PKCS#11: Unable get evp object 2020-06-23 13:48:29.013604 Cannot load certificate "SafeNet\x2C\x20Inc\x2E/eToken/02726d8a/pr_odbi6201_02726d8a/XXX..." using PKCS#11 interface 2020-06-23 13:48:29.013777 SIGUSR1[soft,private-key-password-failure] received, process restarting 2020-06-23 13:48:29.013790 MANAGEMENT: >STATE:1592912909,RECONNECTING,private-key-password-failure,,,,, 2020-06-23 13:48:30.019156 Tunnelblick: Disconnecting; user cancelled authorization or there was an error obtaining authorization 2020-06-23 13:48:30.164899 Tunnelblick: Disconnecting using 'kill' 2020-06-23 13:48:30.309130 MANAGEMENT: CMD 'hold release' 2020-06-23 13:48:30.309230 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2020-06-23 13:48:30.323012 PKCS#11: Cannot get certificate object 2020-06-23 13:48:30.323042 PKCS#11: Cannot get certificate object 2020-06-23 13:48:30.323055 PKCS#11: Unable get evp object 2020-06-23 13:48:30.323077 Cannot load certificate "SafeNet\x2C\x20Inc\x2E/eToken/02726d8a/pr_odbi6201_02726d8a/XXX..." using PKCS#11 interface 2020-06-23 13:48:30.323148 SIGHUP[hard,close_context usr1 to hup] received, process restarting 2020-06-23 13:48:30.323169 MANAGEMENT: >STATE:1592912910,RECONNECTING,close_context usr1 to hup,,,,, 2020-06-23 13:48:30.323640 Current Parameter Settings: 2020-06-23 13:48:30.323661 config = '/Library/Application Support/Tunnelblick/Users/barbaron/client.tblk/Contents/Resources/config.ovpn' 2020-06-23 13:48:30.323673 mode = 0 2020-06-23 13:48:30.323680 show_ciphers = DISABLED 2020-06-23 13:48:30.323702 show_digests = DISABLED 2020-06-23 13:48:30.323707 show_engines = DISABLED 2020-06-23 13:48:30.323712 genkey = DISABLED 2020-06-23 13:48:30.323717 genkey_filename = '[UNDEF]' 2020-06-23 13:48:30.323721 key_pass_file = '[UNDEF]' 2020-06-23 13:48:30.323734 show_tls_ciphers = DISABLED 2020-06-23 13:48:30.323739 connect_retry_max = 0 2020-06-23 13:48:30.323743 Connection profiles [0]: 2020-06-23 13:48:30.323748 proto = udp 2020-06-23 13:48:30.323752 local = '[UNDEF]' 2020-06-23 13:48:30.323756 local_port = '[UNDEF]' 2020-06-23 13:48:30.323761 remote = '161.X.X.X' 2020-06-23 13:48:30.323765 remote_port = '1194' 2020-06-23 13:48:30.323769 remote_float = DISABLED 2020-06-23 13:48:30.323774 bind_defined = DISABLED 2020-06-23 13:48:30.323778 bind_local = DISABLED 2020-06-23 13:48:30.323782 NOTE: --mute triggered... 2020-06-23 13:48:30.323795 363 variation(s) on previous 20 message(s) suppressed by --mute 2020-06-23 13:48:30.323800 OpenVPN 2.5_git_cc76e17 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on May 22 2020 2020-06-23 13:48:30.323805 library versions: OpenSSL 1.0.2u 20 Dec 2019, LZO 2.10 2020-06-23 13:48:31.481928 MANAGEMENT: CMD 'needok token-insertion-request cancel' 2020-06-23 13:48:31.483967 MANAGEMENT: CMD 'hold release' 2020-06-23 13:48:31.484226 Restart pause, 5 second(s) 2020-06-23 13:48:31.484270 MANAGEMENT: CMD 'hold release' 2020-06-23 13:48:31.501192 SIGTERM[hard,init_instance] received, process exiting 2020-06-23 13:48:31.501295 MANAGEMENT: >STATE:1592912911,EXITING,init_instance,,,,, 2020-06-23 13:48:31.928098 Tunnelblick: Expected disconnection occurred.

================================================================================

Down log:

(Not found)

Previous down log:

(Not found)

Network services:

An asterisk (*) denotes that a network service is disabled. Wi-Fi Bluetooth PAN Thunderbolt Bridge Thunderbolt Ethernet AX88179 USB 3.0 to Gigabit Ethernet

Wi-Fi Power (en0): Off

================================================================================

ifconfig output:

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP> inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 nd6 options=201<PERFORMNUD,DAD> gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280 stf0: flags=0<> mtu 1280 en4: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=50b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV,CHANNEL_IO> ether 38:c9:86:48:b0:7c inet6 fe80::1c0f:4e3d:a382:143f%en4 prefixlen 64 secured scopeid 0x4 inet 192.168.1.25 netmask 0xffffff00 broadcast 192.168.1.255 nd6 options=201<PERFORMNUD,DAD> media: autoselect (100baseTX <full-duplex,flow-control>) status: active en0: flags=8823<UP,BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500 options=400 ether c4:b3:01:d0:b9:c7 nd6 options=201<PERFORMNUD,DAD> media: autoselect () status: inactive en1: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 options=460<TSO4,TSO6,CHANNEL_IO> ether 82:17:0a:7a:06:80 media: autoselect status: inactive en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 options=460<TSO4,TSO6,CHANNEL_IO> ether 82:17:0a:7a:06:81 media: autoselect status: inactive bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=63<RXCSUM,TXCSUM,TSO4,TSO6> ether 82:17:0a:7a:06:80 Configuration: id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0 maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200 root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0 ipfilter disabled flags 0x0 member: en1 flags=3<LEARNING,DISCOVER> ifmaxaddr 0 port 6 priority 0 path cost 0 member: en2 flags=3<LEARNING,DISCOVER> ifmaxaddr 0 port 7 priority 0 path cost 0 nd6 options=201<PERFORMNUD,DAD> media: status: inactive p2p0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 2304 options=400 ether 06:b3:01:d0:b9:c7 media: autoselect status: inactive awdl0: flags=8903<UP,BROADCAST,PROMISC,SIMPLEX,MULTICAST> mtu 1484 options=400 ether f2:ec:3b:db:85:9f nd6 options=201<PERFORMNUD,DAD> media: autoselect status: inactive llw0: flags=8822<BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500 options=400 ether f2:ec:3b:db:85:9f utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380 inet6 fe80::b425:c3b0:be51:f16b%utun0 prefixlen 64 scopeid 0xc nd6 options=201<PERFORMNUD,DAD> utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000 inet6 fe80::993e:c54b:440a:b2b0%utun1 prefixlen 64 scopeid 0xd nd6 options=201<PERFORMNUD,DAD>

================================================================================

Non-Apple kexts that are loaded:

Index Refs Address Size Wired Name (Version) UUID 22 0 0xffffff7f811b0000 0x16000 0x16000 com.virtualhere.vhhcd (1.0.97) 58ECD881-BFD6-3477-B1F2-9C91F0A3D640 <21 6 5 3> 162 0 0xffffff7f81327000 0x5000 0x5000 com.Apowersoft.driver.AudioDevice (1.6.7) EDEB490C-96A8-34E2-BC40-D74C2AACEFF2 <77 6 5 3> 176 0 0xffffff7f84e09000 0x7000 0x7000 net.sf.tuntaposx.tap (1.0) 23FDB715-3D0D-3A26-ACBA-E3794C231CB7 <8 6 5 1> 177 0 0xffffff7f84e10000 0x7000 0x7000 net.sf.tuntaposx.tun (1.0) 95DD963D-E23D-3B0F-8DE8-A4D2F6BFA5CC <8 6 5 1> 183 0 0xffffff7f84e17000 0x4000 0x4000 com.eltima.kext.elogger (82.85) 0077B7E0-1D33-3DE7-B2A4-BE7607C0140A <8 6 5 3 1> 184 3 0xffffff7f84e1b000 0xf0000 0xf0000 org.virtualbox.kext.VBoxDrv (6.0.20) 98009F61-669E-3E29-B4B5-056DE18D4290 <8 6 5 3 1> 185 0 0xffffff7f84f0b000 0x3000 0x3000 com.eltima.kext.vic (82.85) 60028844-A7B0-3AE5-9DF2-01D27D6AAF0D <13 8 6 5 3 1> 187 0 0xffffff7f84f0e000 0x8000 0x8000 org.virtualbox.kext.VBoxUSB (6.0.20) 6DAB3586-BB19-33ED-95FF-81FFF3FD91D0 <186 184 21 8 6 5 3 1> 188 0 0xffffff7f84f16000 0x14000 0x14000 com.intel.kext.intelhaxm (6.0.3) 50449AFC-F7C6-38A0-B820-233E8A050FD6 <8 6 5 3 1> 189 0 0xffffff7f84f2a000 0x23000 0x23000 com.eltima.kext.vusb (82.85) AFCF5B1D-7E21-39DF-8BE8-19B75B7D1C4C <21 20 13 8 6 5 3 1> 193 0 0xffffff7f84f4d000 0x5000 0x5000 org.virtualbox.kext.VBoxNetFlt (6.0.20) A214DB5D-70DA-3C65-8B28-805230B6B845 <184 8 6 5 3 1> 194 0 0xffffff7f84f52000 0x6000 0x6000 org.virtualbox.kext.VBoxNetAdp (6.0.20) ED027A37-965E-33D1-BDF4-0E9930DC1733 <184 6 5 1>

================================================================================

Quit Log:

2020-06-23 13:38:58.934316 applicationShouldTerminate: termination because of Quit; delayed until 'shutdownTunnelblick' finishes) 2020-06-23 13:38:58.936221 shutDownTunnelblick: started. 2020-06-23 13:38:58.936815 shutDownTunnelblick: Starting cleanup. 2020-06-23 13:38:58.937130 cleanup: Entering cleanup 2020-06-23 13:38:58.937390 synchronized user defaults 2020-06-23 13:38:59.732169 shutDownTunnelblick: Cleanup finished. 2020-06-23 13:38:59.732653 Finished shutting down Tunnelblick; allowing termination

================================================================================

Console Log:

2020-06-23 10:12:32.313001 Tunnelblick[65151] Tunnelblick: macOS 10.15.5; Tunnelblick 3.8.3beta02 (build 5500) 2020-06-23 10:15:42.884319 tunnelblickd[65180] Status = 252 from tunnelblick-helper command 'compareShadowCopy client' 2020-06-23 10:15:42.893650 Tunnelblick[65151] tunnelblickd status from compareShadowCopy: 252 2020-06-23 10:16:03.219650 Tunnelblick[65151] Tunnelblick needs to perform an action that requires a computer administrator's authorization. 2020-06-23 10:16:03.219706 Tunnelblick[65151] Beginning installation or repair 2020-06-23 10:16:03.328016 Tunnelblick[65151] Installation or repair succeeded; Log: Tunnelblick installer started 2020-06-23 10:16:03.284316. 3 arguments: 0x0001 /Library/Application Support/Tunnelblick/Users/barbaron/client.tblk /Users/barbaron/Library/Application Support/Tunnelblick/Configurations/client.tblk getuid() = 501; getgid() = 20; geteuid() = 0; getegid() = 20 Copied /Users/barbaron/Library/Application Support/Tunnelblick/Configurations/client.tblk to /Library/Application Support/Tunnelblick/Users/barbaron/client.tblk.temp Renamed /Library/Application Support/Tunnelblick/Users/barbaron/client.tblk.temp to /Library/Application Support/Tunnelblick/Users/barbaron/client.tblk Changed ownership of /Library/Application Support/Tunnelblick/Users/barbaron/client.tblk and its contents from 501:80 to 0:0 Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/barbaron/client.tblk Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/barbaron/client.tblk/Contents Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/barbaron/client.tblk/Contents/Resources Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/barbaron/client.tblk/Contents/Resources/ta.key Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/barbaron/client.tblk/Contents/Resources/ca.crt Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/barbaron/client.tblk/Contents/Resources/config.ovpn Tunnelblick installer finished without error 2020-06-23 10:16:03.328087 Tunnelblick[65151] Created or updated secure (shadow) copy of configuration file /Users/barbaron/Library/Application Support/Tunnelblick/Configurations/client.tblk 2020-06-23 10:16:11.284773 Tunnelblick[65151] Connecting client using OpenVPN 2.4.9 - OpenSSL v1.0.2u which has deprecated options. To see them, reset disabled warnings on the 'Preferences' panel of the 'VPN Details' window and then try again. 2020-06-23 10:17:49.062998 Tunnelblick[65151] Set 'expect disconnect 1 -SLibrary-SApplication Support-STunnelblick-SUsers-Sbarbaron-Sclient-Dtblk-SContents-SResources' 2020-06-23 10:18:52.387973 Tunnelblick[65151] Cleared 'expect disconnect 0 -SLibrary-SApplication Support-STunnelblick-SUsers-Sbarbaron-Sclient-Dtblk-SContents-SResources' 2020-06-23 10:18:52.689763 Tunnelblick[65151] Connecting client using OpenVPN 2.5 git cc76e17 - OpenSSL v1.0.2u which has deprecated options. To see them, reset disabled warnings on the 'Preferences' panel of the 'VPN Details' window and then try again. 2020-06-23 10:19:17.245656 Tunnelblick[65151] Set 'expect disconnect 1 -SLibrary-SApplication Support-STunnelblick-SUsers-Sbarbaron-Sclient-Dtblk-SContents-SResources' 2020-06-23 10:19:37.051860 Tunnelblick[65151] Cleared 'expect disconnect 0 -SLibrary-SApplication Support-STunnelblick-SUsers-Sbarbaron-Sclient-Dtblk-SContents-SResources' 2020-06-23 10:19:37.353176 Tunnelblick[65151] Connecting client using OpenVPN 2.5 git cc76e17 - OpenSSL v1.1.1g which has deprecated options. To see them, reset disabled warnings on the 'Preferences' panel of the 'VPN Details' window and then try again. 2020-06-23 10:19:38.349005 tunnelblickd[65213] Status = 251 from tunnelblick-helper command 'start client.tblk 51134 769 0 1 0 1098098 -ptADGNWradsgnw 2.5_git_cc76e17-openssl-1.1.1g' 2020-06-23 10:19:38.620027 Tunnelblick[65151] tunnelblickd status from start: 251 2020-06-23 10:19:38.626904 Tunnelblick[65151] The OpenVPN log contains the following message:

                                   "Unrecognized option or missing or extra parameter(s)".

                                   This error means that an option that is contained in the OpenVPN configuration file or was "pushed" by the OpenVPN server:

                                        • has been misspelled,

                                        • has missing or extra arguments, or

                                        • is not implemented by the version of OpenVPN which is being used for this configuration. It may be a new option that is not implemented in an old version of OpenVPN, or an old option that has been removed in a new version of OpenVPN. You can choose what version of OpenVPN to use with this configuration in the "Settings" tab of the "Configurations" panel of Tunnelblick's "VPN Details" window.

                                   See the VPN log in the "Log" tab of the "Configurations" panel of Tunnelblick's "VPN Details" window for details.

2020-06-23 10:20:04.320865 Tunnelblick[65151] Connecting client using OpenVPN 2.5 git cc76e17 - OpenSSL v1.0.2u which has deprecated options. To see them, reset disabled warnings on the 'Preferences' panel of the 'VPN Details' window and then try again. 2020-06-23 10:20:42.487833 Tunnelblick[65151] Set 'expect disconnect 1 -SLibrary-SApplication Support-STunnelblick-SUsers-Sbarbaron-Sclient-Dtblk-SContents-SResources' 2020-06-23 10:30:06.039708 Tunnelblick[65151] Cleared 'expect disconnect 0 -SLibrary-SApplication Support-STunnelblick-SUsers-Sbarbaron-Sclient-Dtblk-SContents-SResources' 2020-06-23 10:30:06.342178 Tunnelblick[65151] Connecting client using OpenVPN 2.5 git cc76e17 - OpenSSL v1.0.2u which has deprecated options. To see them, reset disabled warnings on the 'Preferences' panel of the 'VPN Details' window and then try again. 2020-06-23 10:30:39.807962 Tunnelblick[65151] Set 'expect disconnect 1 -SLibrary-SApplication Support-STunnelblick-SUsers-Sbarbaron-Sclient-Dtblk-SContents-SResources' 2020-06-23 10:31:05.884453 Tunnelblick[65151] Cleared 'expect disconnect 0 -SLibrary-SApplication Support-STunnelblick-SUsers-Sbarbaron-Sclient-Dtblk-SContents-SResources' 2020-06-23 10:31:06.182297 Tunnelblick[65151] Connecting client using OpenVPN 2.5 git cc76e17 - OpenSSL v1.0.2u which has deprecated options. To see them, reset disabled warnings on the 'Preferences' panel of the 'VPN Details' window and then try again. 2020-06-23 10:31:59.756626 Tunnelblick[65151] Set 'expect disconnect 1 -SLibrary-SApplication Support-STunnelblick-SUsers-Sbarbaron-Sclient-Dtblk-SContents-SResources' 2020-06-23 10:33:19.813713 Tunnelblick[65151] Cleared 'expect disconnect 0 -SLibrary-SApplication Support-STunnelblick-SUsers-Sbarbaron-Sclient-Dtblk-SContents-SResources' 2020-06-23 10:33:20.115776 Tunnelblick[65151] Connecting client using OpenVPN 2.5 git cc76e17 - OpenSSL v1.0.2u which has deprecated options. To see them, reset disabled warnings on the 'Preferences' panel of the 'VPN Details' window and then try again. 2020-06-23 10:37:36.313029 Tunnelblick[65151] Set 'expect disconnect 1 -SLibrary-SApplication Support-STunnelblick-SUsers-Sbarbaron-Sclient-Dtblk-SContents-SResources' 2020-06-23 10:37:52.397082 Tunnelblick[65151] Cleared 'expect disconnect 0 -SLibrary-SApplication Support-STunnelblick-SUsers-Sbarbaron-Sclient-Dtblk-SContents-SResources' 2020-06-23 10:37:52.698235 Tunnelblick[65151] Connecting client using OpenVPN 2.5 git cc76e17 - OpenSSL v1.0.2u which has deprecated options. To see them, reset disabled warnings on the 'Preferences' panel of the 'VPN Details' window and then try again. 2020-06-23 10:39:07.666885 Tunnelblick[65151] Set 'expect disconnect 1 -SLibrary-SApplication Support-STunnelblick-SUsers-Sbarbaron-Sclient-Dtblk-SContents-SResources' 2020-06-23 10:45:00.522642 Tunnelblick[683] Tunnelblick: macOS 10.15.5; Tunnelblick 3.8.3beta02 (build 5500) 2020-06-23 10:45:28.573098 Tunnelblick[683] Connecting client using OpenVPN 2.5 git cc76e17 - OpenSSL v1.0.2u which has deprecated options. To see them, reset disabled warnings on the 'Preferences' panel of the 'VPN Details' window and then try again. 2020-06-23 10:47:17.168277 Tunnelblick[683] Set 'expect disconnect 1 -SLibrary-SApplication Support-STunnelblick-SUsers-Sbarbaron-Sclient-Dtblk-SContents-SResources' 2020-06-23 11:17:15.820025 com.apple.xpc.launchd[1] Failed to bootstrap path: path = /usr/sbin/installer, error = 2: No such file or directory 2020-06-23 11:39:30.032845 Tunnelblick[683] Cleared 'expect disconnect 0 -SLibrary-SApplication Support-STunnelblick-SUsers-Sbarbaron-Sclient-Dtblk-SContents-SResources' 2020-06-23 11:39:30.334191 Tunnelblick[683] Connecting client using OpenVPN 2.5 git cc76e17 - OpenSSL v1.0.2u which has deprecated options. To see them, reset disabled warnings on the 'Preferences' panel of the 'VPN Details' window and then try again. 2020-06-23 11:39:35.442596 Tunnelblick[683] runTunnelblickd: no data available from tunnelblickd socket; sleeping 5.000000 seconds... 2020-06-23 11:39:38.089988 tunnelblickd[3451] Status = 247 from tunnelblick-helper command 'start client.tblk 55536 1537 0 1 0 1098098 -ptADGNWradsgnw 2.5_git_cc76e17-openssl-1.0.2u' 2020-06-23 11:39:40.443643 Tunnelblick[683] tunnelblickd status from start: 247 2020-06-23 11:44:35.761695 Tunnelblick[683] Connecting client using OpenVPN 2.5 git cc76e17 - OpenSSL v1.0.2u which has deprecated options. To see them, reset disabled warnings on the 'Preferences' panel of the 'VPN Details' window and then try again. 2020-06-23 11:44:40.867540 Tunnelblick[683] runTunnelblickd: no data available from tunnelblickd socket; sleeping 5.000000 seconds... 2020-06-23 11:44:44.165374 tunnelblickd[3472] Status = 247 from tunnelblick-helper command 'start client.tblk 51302 1537 0 1 0 1098098 -ptADGNWradsgnw 2.5_git_cc76e17-openssl-1.0.2u' 2020-06-23 11:44:45.867893 Tunnelblick[683] tunnelblickd status from start: 247 2020-06-23 11:45:44.264526 Tunnelblick[683] Connecting client using OpenVPN 2.5 git cc76e17 - OpenSSL v1.0.2u which has deprecated options. To see them, reset disabled warnings on the 'Preferences' panel of the 'VPN Details' window and then try again. 2020-06-23 11:45:49.374424 Tunnelblick[683] runTunnelblickd: no data available from tunnelblickd socket; sleeping 5.000000 seconds... 2020-06-23 11:45:51.968418 tunnelblickd[3492] Status = 247 from tunnelblick-helper command 'start client.tblk 64280 1537 0 1 0 1098098 -ptADGNWradsgnw 2.5_git_cc76e17-openssl-1.0.2u' 2020-06-23 11:45:54.374840 Tunnelblick[683] tunnelblickd status from start: 247 2020-06-23 11:48:17.269062 Tunnelblick[683] Connecting client using OpenVPN 2.4.9 - OpenSSL v1.0.2u which has deprecated options. To see them, reset disabled warnings on the 'Preferences' panel of the 'VPN Details' window and then try again. 2020-06-23 11:48:22.379660 Tunnelblick[683] runTunnelblickd: no data available from tunnelblickd socket; sleeping 5.000000 seconds... 2020-06-23 11:48:24.665768 tunnelblickd[3507] Status = 247 from tunnelblick-helper command 'start client.tblk 50601 1537 0 1 0 1098098 -ptADGNWradsgnw 2.4.9-openssl-1.0.2u' 2020-06-23 11:48:27.380980 Tunnelblick[683] tunnelblickd status from start: 247 2020-06-23 11:51:11.621887 Tunnelblick[683] cleanup: Entering cleanup 2020-06-23 11:51:11.622162 Tunnelblick[683] synchronized user defaults 2020-06-23 11:51:11.764144 Tunnelblick[683] Set up flag files for shutting down the computer and expecting all configurations to be disconnected 2020-06-23 11:51:11.764557 Tunnelblick[683] doDisconnectionsForShuttingDownComputer: Set 'expect disconnect 1 ALL' 2020-06-23 11:51:11.764867 Tunnelblick[683] Started disconnecting all configurations 2020-06-23 11:51:11.765177 Tunnelblick[683] Skipping cleanup because computer is shutting down or restarting 2020-06-23 11:51:11.765724 Tunnelblick[683] Finished shutting down Tunnelblick; allowing termination 2020-06-23 11:51:58.080427 Tunnelblick[584] Tunnelblick: macOS 10.15.5; Tunnelblick 3.8.3beta02 (build 5500) 2020-06-23 11:54:51.482237 Tunnelblick[584] Connecting client using OpenVPN 2.4.9 - OpenSSL v1.0.2u which has deprecated options. To see them, reset disabled warnings on the 'Preferences' panel of the 'VPN Details' window and then try again. 2020-06-23 11:54:56.598590 Tunnelblick[584] runTunnelblickd: no data available from tunnelblickd socket; sleeping 5.000000 seconds... 2020-06-23 11:54:59.017877 tunnelblickd[762] Status = 247 from tunnelblick-helper command 'start client.tblk 59377 1537 0 1 0 1098098 -ptADGNWradsgnw 2.4.9-openssl-1.0.2u' 2020-06-23 11:55:01.599965 Tunnelblick[584] tunnelblickd status from start: 247 2020-06-23 11:55:26.769101 Tunnelblick[584] Connecting client using OpenVPN 2.4.9 - OpenSSL v1.0.2u which has deprecated options. To see them, reset disabled warnings on the 'Preferences' panel of the 'VPN Details' window and then try again. 2020-06-23 11:55:31.876116 Tunnelblick[584] runTunnelblickd: no data available from tunnelblickd socket; sleeping 5.000000 seconds... 2020-06-23 11:55:34.010945 tunnelblickd[762] Status = 247 from tunnelblick-helper command 'start client.tblk 57982 1537 0 1 0 1098098 -ptADGNWradsgnw 2.4.9-openssl-1.0.2u' 2020-06-23 11:55:36.877425 Tunnelblick[584] tunnelblickd status from start: 247 2020-06-23 11:56:12.108880 Tunnelblick[584] Connecting client using OpenVPN 2.5 git cc76e17 - OpenSSL v1.0.2u which has deprecated options. To see them, reset disabled warnings on the 'Preferences' panel of the 'VPN Details' window and then try again. 2020-06-23 11:56:17.215754 Tunnelblick[584] runTunnelblickd: no data available from tunnelblickd socket; sleeping 5.000000 seconds... 2020-06-23 11:56:19.618020 tunnelblickd[791] Status = 247 from tunnelblick-helper command 'start client.tblk 51129 1537 0 1 0 1098098 -ptADGNWradsgnw 2.5_git_cc76e17-openssl-1.0.2u' 2020-06-23 11:56:22.217119 Tunnelblick[584] tunnelblickd status from start: 247 2020-06-23 11:59:25.375219 Tunnelblick[584] Connecting client using OpenVPN 2.5 git cc76e17 - OpenSSL v1.0.2u which has deprecated options. To see them, reset disabled warnings on the 'Preferences' panel of the 'VPN Details' window and then try again. 2020-06-23 11:59:30.487582 Tunnelblick[584] runTunnelblickd: no data available from tunnelblickd socket; sleeping 5.000000 seconds... 2020-06-23 11:59:34.079326 tunnelblickd[847] Status = 247 from tunnelblick-helper command 'start client.tblk 56595 1537 0 1 0 1098098 -ptADGNWradsgnw 2.5_git_cc76e17-openssl-1.0.2u' 2020-06-23 11:59:35.488992 Tunnelblick[584] tunnelblickd status from start: 247 2020-06-23 12:17:03.359940 Tunnelblick[584] Connecting client using OpenVPN 2.5 git cc76e17 - OpenSSL v1.0.2u which has deprecated options. To see them, reset disabled warnings on the 'Preferences' panel of the 'VPN Details' window and then try again. 2020-06-23 12:17:20.097288 Tunnelblick[584] Set 'expect disconnect 1 -SLibrary-SApplication Support-STunnelblick-SUsers-Sbarbaron-Sclient-Dtblk-SContents-SResources' 2020-06-23 12:19:21.457095 Tunnelblick[584] Tunnelblick needs to perform an action that requires a computer administrator's authorization. 2020-06-23 12:19:21.457196 Tunnelblick[584] Beginning installation or repair 2020-06-23 12:19:21.662166 Tunnelblick[584] Installation or repair succeeded; Log: Tunnelblick installer started 2020-06-23 12:19:21.519404. 2 arguments: 0x3001 /private/var/folders/dl/z021zxhs12sdcv8cz5yjjd7h0000gn/T/Tunnelblick-uuINoz/forced-preferences.plist getuid() = 501; getgid() = 20; geteuid() = 0; getegid() = 20 copied /private/var/folders/dl/z021zxhs12sdcv8cz5yjjd7h0000gn/T/Tunnelblick-uuINoz/forced-preferences.plist to /Library/Application Support/Tunnelblick/forced-preferences.plist Changed ownership of /Library/Application Support/Tunnelblick/forced-preferences.plist from 501:20 to 0:0 Tunnelblick installer finished without error 2020-06-23 12:20:18.124096 Tunnelblick[584] Tunnelblick needs to perform an action that requires a computer administrator's authorization. 2020-06-23 12:20:18.124159 Tunnelblick[584] Beginning installation or repair 2020-06-23 12:20:18.316175 Tunnelblick[584] Installation or repair succeeded; Log: Tunnelblick installer started 2020-06-23 12:20:18.166446. 2 arguments: 0x3001 /private/var/folders/dl/z021zxhs12sdcv8cz5yjjd7h0000gn/T/Tunnelblick-aN7f7p/forced-preferences.plist getuid() = 501; getgid() = 20; geteuid() = 0; getegid() = 20 copied /private/var/folders/dl/z021zxhs12sdcv8cz5yjjd7h0000gn/T/Tunnelblick-aN7f7p/forced-preferences.plist to /Library/Application Support/Tunnelblick/forced-preferences.plist Changed ownership of /Library/Application Support/Tunnelblick/forced-preferences.plist from 501:20 to 0:0 Tunnelblick installer finished without error 2020-06-23 12:22:20.803817 Tunnelblick[584] Cleared 'expect disconnect 0 -SLibrary-SApplication Support-STunnelblick-SUsers-Sbarbaron-Sclient-Dtblk-SContents-SResources' 2020-06-23 12:22:21.107144 Tunnelblick[584] Connecting client using OpenVPN 2.5 git cc76e17 - OpenSSL v1.0.2u which has deprecated options. To see them, reset disabled warnings on the 'Preferences' panel of the 'VPN Details' window and then try again. 2020-06-23 12:22:50.221151 Tunnelblick[584] Set 'expect disconnect 1 -SLibrary-SApplication Support-STunnelblick-SUsers-Sbarbaron-Sclient-Dtblk-SContents-SResources' 2020-06-23 12:23:18.492906 Tunnelblick[584] Cleared 'expect disconnect 0 -SLibrary-SApplication Support-STunnelblick-SUsers-Sbarbaron-Sclient-Dtblk-SContents-SResources' 2020-06-23 12:23:18.793174 Tunnelblick[584] Connecting client using OpenVPN 2.5 git cc76e17 - OpenSSL v1.0.2u which has deprecated options. To see them, reset disabled warnings on the 'Preferences' panel of the 'VPN Details' window and then try again. 2020-06-23 12:24:36.142445 Tunnelblick[584] Set 'expect disconnect 1 -SLibrary-SApplication Support-STunnelblick-SUsers-Sbarbaron-Sclient-Dtblk-SContents-SResources' 2020-06-23 13:16:49.505986 Tunnelblick[584] Cleared 'expect disconnect 0 -SLibrary-SApplication Support-STunnelblick-SUsers-Sbarbaron-Sclient-Dtblk-SContents-SResources' 2020-06-23 13:16:49.807016 Tunnelblick[584] Connecting client using OpenVPN 2.5 git cc76e17 - OpenSSL v1.1.1g which has deprecated options. To see them, reset disabled warnings on the 'Preferences' panel of the 'VPN Details' window and then try again. 2020-06-23 13:16:50.136455 tunnelblickd[1092] Status = 251 from tunnelblick-helper command 'start client.tblk 49602 1537 0 1 0 1098098 -ptADGNWradsgnw 2.5_git_cc76e17-openssl-1.1.1g' 2020-06-23 13:16:50.436027 Tunnelblick[584] tunnelblickd status from start: 251 2020-06-23 13:16:50.442826 Tunnelblick[584] The OpenVPN log contains the following message:

                                   "Unrecognized option or missing or extra parameter(s)".

                                   This error means that an option that is contained in the OpenVPN configuration file or was "pushed" by the OpenVPN server:

                                        • has been misspelled,

                                        • has missing or extra arguments, or

                                        • is not implemented by the version of OpenVPN which is being used for this configuration. It may be a new option that is not implemented in an old version of OpenVPN, or an old option that has been removed in a new version of OpenVPN. You can choose what version of OpenVPN to use with this configuration in the "Settings" tab of the "Configurations" panel of Tunnelblick's "VPN Details" window.

                                   See the VPN log in the "Log" tab of the "Configurations" panel of Tunnelblick's "VPN Details" window for details.

2020-06-23 13:17:46.697173 Tunnelblick[584] Connecting client using OpenVPN 2.4.9 - OpenSSL v1.0.2u which has deprecated options. To see them, reset disabled warnings on the 'Preferences' panel of the 'VPN Details' window and then try again. 2020-06-23 13:18:23.545877 Tunnelblick[584] Set 'expect disconnect 1 -SLibrary-SApplication Support-STunnelblick-SUsers-Sbarbaron-Sclient-Dtblk-SContents-SResources' 2020-06-23 13:26:19.855467 Tunnelblick[584] Cleared 'expect disconnect 0 -SLibrary-SApplication Support-STunnelblick-SUsers-Sbarbaron-Sclient-Dtblk-SContents-SResources' 2020-06-23 13:26:19.969726 tunnelblickd[1149] Status = 252 from tunnelblick-helper command 'compareShadowCopy client' 2020-06-23 13:26:20.999881 Tunnelblick[584] tunnelblickd status from compareShadowCopy: 252 2020-06-23 13:26:29.214666 Tunnelblick[584] Tunnelblick needs to perform an action that requires a computer administrator's authorization. 2020-06-23 13:26:29.214783 Tunnelblick[584] Beginning installation or repair 2020-06-23 13:26:29.301482 Tunnelblick[584] Installation or repair succeeded; Log: Tunnelblick installer started 2020-06-23 13:26:29.258871. 3 arguments: 0x0001 /Library/Application Support/Tunnelblick/Users/barbaron/client.tblk /Users/barbaron/Library/Application Support/Tunnelblick/Configurations/client.tblk getuid() = 501; getgid() = 20; geteuid() = 0; getegid() = 20 Copied /Users/barbaron/Library/Application Support/Tunnelblick/Configurations/client.tblk to /Library/Application Support/Tunnelblick/Users/barbaron/client.tblk.temp Renamed /Library/Application Support/Tunnelblick/Users/barbaron/client.tblk.temp to /Library/Application Support/Tunnelblick/Users/barbaron/client.tblk Changed ownership of /Library/Application Support/Tunnelblick/Users/barbaron/client.tblk and its contents from 501:80 to 0:0 Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/barbaron/client.tblk Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/barbaron/client.tblk/Contents Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/barbaron/client.tblk/Contents/Resources Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/barbaron/client.tblk/Contents/Resources/ta.key Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/barbaron/client.tblk/Contents/Resources/ca.crt Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/barbaron/client.tblk/Contents/Resources/config.ovpn Tunnelblick installer finished without error 2020-06-23 13:26:29.301557 Tunnelblick[584] Created or updated secure (shadow) copy of configuration file /Users/barbaron/Library/Application Support/Tunnelblick/Configurations/client.tblk 2020-06-23 13:26:38.575579 Tunnelblick[584] Connecting client using OpenVPN 2.5 git cc76e17 - OpenSSL v1.0.2u which has deprecated options. To see them, reset disabled warnings on the 'Preferences' panel of the 'VPN Details' window and then try again. 2020-06-23 13:27:20.080726 Tunnelblick[584] Set 'expect disconnect 1 -SLibrary-SApplication Support-STunnelblick-SUsers-Sbarbaron-Sclient-Dtblk-SContents-SResources' 2020-06-23 13:38:58.937074 Tunnelblick[584] cleanup: Entering cleanup 2020-06-23 13:38:58.937351 Tunnelblick[584] synchronized user defaults 2020-06-23 13:38:59.381998 Tunnelblick[584] Set 'expect disconnect 0 ALL' 2020-06-23 13:38:59.732561 Tunnelblick[584] Finished shutting down Tunnelblick; allowing termination 2020-06-23 13:47:17.007547 Tunnelblick[805] Tunnelblick: macOS 10.15.5; Tunnelblick 3.8.3beta02 (build 5500) 2020-06-23 13:48:10.297554 Tunnelblick[805] Connecting client using OpenVPN 2.5 git cc76e17 - OpenSSL v1.0.2u which has deprecated options. To see them, reset disabled warnings on the 'Preferences' panel of the 'VPN Details' window and then try again. 2020-06-23 13:48:30.308392 Tunnelblick[805] Set 'expect disconnect 1 -SLibrary-SApplication Support-STunnelblick-SUsers-Sbarbaron-Sclient-Dtblk-SContents-SResources'

[jkbullard]

@denis99999 - Thanks for your report, and for including the diagnostic and other info.

Tunnelblick is apparently thinks you are using an authentication system that uses a dongle without a PIN code. That is, the dongle must be inserted into a USB socket, but that's all.

I'm not familiar with the "USB dongle with safenet authentication client of Gemalto". Am I correct that

1. The dongle must be inserted into the computer which is doing the authentication; AND
2. The dongle displays a PIN code that must be entered; AND
3. The PIN code changes over time or each time the dongle is plugged in?

[denis99999]

Hi @jkbullard ,

Thanks for your quick response,

1. yes,
2. launching manually openVPN as shown in the joined picture, I am requested first for a PIN code, and then for the token (i.e. value the same as PIN code),
3. no, the PIN code does not change, never.

For information, I know this configuration works fine also with "viscosity" client but it is not free as tunnelblick :-)

[jkbullard]

@denis99999 - I'm sorry, but Tunnelblick doesn't work for your setup. The only PKCS#11 setup that it supports is one in which there is no PIN code; only a dongle. (As I understand it, "token" is referring to the dongle, so it is asking you to insert the dongle into your computer, not to type in a PIN code.)

PKCS#11 support must be built into the OpenVPN binary, and Tunnelblick's OpenVPN binaries are built with an old version of PKCS#11 which apparently does not support your setup. The person who contributed code for PKCS#11 support to Tunnelblick no longer has access to hardware needed to update it (nor do I), so there is little chance it will be updated unless someone else does that.

However, you may be able use your brew version of OpenVPN in Tunnelblick, and I think that will work. See Using Custom OpenVPN Binaries for details.

Two points:

• It isn't clear to me that the brew binary contains/includes an SSL library. If it doesn't, it probably uses whatever macOS provides, or perhaps brew updates openssl or libressl, too. Tunnelblick requires a folder name that includes the SSL name and version; just use what seems correct to you.
• I'm not sure, but you might be able to symlink to your brew OpenVPN binary instead of copying it.

[denis99999]

@jkbullard , Thank for this work around, I will try it ASAP, waiting for that I found that link on a similar issue, is Tunnelblick running in daemon mode ?

[jkbullard]

@denis99999 - Tunnelblick itself doesn't run "in daemon mode", nor does it use the --daemon option to make OpenVPN run in daemon mode. However, I think OpenVPN does run as a daemon, so maybe OpenVPN now defaults to --daemon.

You should try adding --daemon to your OpenVPN command line and see if it still works.

[denis99999]

@jkbullard , I tried with the openvpn binary of brew and there is the same behavior as with your binaries, so it does not seem due to the version of openvpn ? Moreover, I also tried to launch manually an openvpn binary of Tunnelblick, that also failed but I have been required to insert my token (see below)

pc64:~ barbaron$ sudo /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.5_git_cc76e17-openssl-1.0.2u/openvpn --config ./config.ovpn
Password:
Wed Jun 24 11:06:00 2020 WARNING: file 'ta.key' is group or others accessible
Wed Jun 24 11:06:00 2020 WARNING: file 'ta.key' is group or others accessible
Wed Jun 24 11:06:00 2020 WARNING: file 'ta.key' is group or others accessible
Wed Jun 24 11:06:00 2020 WARNING: file 'ta.key' is group or others accessible
Wed Jun 24 11:06:00 2020 OpenVPN 2.5_git_cc76e17 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on May 22 2020
Wed Jun 24 11:06:00 2020 library versions: OpenSSL 1.0.2u  20 Dec 2019, LZO 2.10
Wed Jun 24 11:06:00 2020 PKCS#11: Adding PKCS#11 provider '/Library/Frameworks/eToken.framework/Versions/A/libeToken.dylib'
Wed Jun 24 11:06:01 2020 PKCS#11: Cannot initialize provider '/Library/Frameworks/eToken.framework/Versions/A/libeToken.dylib' 6-'CKR_FUNCTION_FAILED'
NEED-OK|token-insertion-request|Please insert pr_odbi6201_02726d8a token:
Wed Jun 24 11:06:07 2020 PKCS#11: Cannot get certificate object
Wed Jun 24 11:06:07 2020 PKCS#11: Cannot get certificate object
Wed Jun 24 11:06:07 2020 PKCS#11: Unable get evp object
Wed Jun 24 11:06:07 2020 Cannot load certificate "SafeNet\x2C\x20Inc\x2E/eToken/02726d8a/pr_odbi6201_02726d8a/546F6B656E5F4B65795F4E6F745F56697369626C650162C85CE68B29319C86" using PKCS#11 interface
Wed Jun 24 11:06:07 2020 Error: private key password verification failed
Wed Jun 24 11:06:07 2020 Exiting due to fatal error

[jkbullard]

@denis99999 - Tunnelblick's OpenVPN binary isn't initializing PKCS#11 properly:

Wed Jun 24 11:06:01 2020 PKCS#11: Cannot initialize provider '/Library/Frameworks/eToken.framework/Versions/A/libeToken.dylib' 6-'CKR_FUNCTION_FAILED'

So it isn't surprising that it doesn't ask you for the passcode for the dongle.

This might be fixed by using a newer version of pkcs11-helper than 1.22 (which is what Tunnelblick uses), but I don't have a way to test that, and it isn't clear what version should be used.

Or does macOS include a "pkcs11-helper" and that's what the brew OpenVPNs use? If so, it might be possible to get Tunnelblick to do that.

[daio]

Any updates on this issue? Seems like Tunnelblick still doesn't support pin code for pkcs smart cards.