Closed GoogleCodeExporter closed 9 years ago
GoogleCodeExporter
commented
9 years ago Same "SearchDomain" issue for me on 10.7.3 and Tunnelblick 3.2.3 (build
2891.2932) Unsigned - OpenVPN 2.2.1. Original comment by schapra...@gmail.com on 26 Apr 2012 at 1:41
GoogleCodeExporter
commented
9 years ago OS X 10.7.3 Tunnelblick 3.2.3 or 3.2.4 keeps reconnect even with disabled
"Monitor network settings" flag and restart. Is there any other known
workaround to make it work?Original comment by Sergi.Vl...@gmail.com on 29 Apr 2012 at 8:15
GoogleCodeExporter
commented
9 years ago 3.3beta04 the same issue.Original comment by Sergi.Vl...@gmail.com on 29 Apr 2012 at 8:29
GoogleCodeExporter
commented
9 years ago I have the same problem on Mountain Lion with the stable version of Tunnelblick.
It's the same with Viscosity. BUT, in the new beta of Viscosity
(http://www.thesparklabs.com/forum/viewtopic.php?f=7&t=34#p134) it's fixed! So
if anyone wants OpenVPN to work on Mountain Lion I can recommend the new beta
of Viscosity meanwhile.Original comment by nygg...@gmail.com on 28 May 2012 at 9:18
GoogleCodeExporter
commented
9 years ago @nygganh --
The workaround doesn't work for you? If not, it is a different problem (with
the same symptom) and will probably have a different solution. I would
encourage you to post the complete Tunnelblick log and your configuration file
to help solve your problem using Tunnelblick.Original comment by jkbull...@gmail.com on 28 May 2012 at 10:35
GoogleCodeExporter
commented
9 years ago @Sergei --
You are also having a different problem with the same symptom. Please post the
complete Tunnelblick log and your configuration file.Original comment by jkbull...@gmail.com on 28 May 2012 at 10:41
GoogleCodeExporter
commented
9 years ago I have similar problem. But I fixed it by set DNS to "Set nameserver (3.1)".
Original comment by Ranm...@gmail.com on 23 Jun 2012 at 5:08
GoogleCodeExporter
commented
9 years ago I have similar problem. Setting 'Search domains' to 'Ignore' in the 'While
Connected' tab prevents disconnects. However OS X Mountain Lion DP 4 looses
Internet connection entirely. Everything worked fine in OS X Lion.Original comment by nsk...@gmail.com on 27 Jun 2012 at 7:05
GoogleCodeExporter
commented
9 years ago To add a note, by implementing the workaround (either setting name servers to
ignore or using 3.1 as descibed above) I lost all DNS connectivity. Only after
manually adding DNS's to the OS X Network settings (I used Google's 8.8.8.8 and
8.8.4.4) did things start to work again.Original comment by mar...@ohsocool.org on 11 Jul 2012 at 11:44
GoogleCodeExporter
commented
9 years ago yes, I have the same problem. Once I set Advanced->Monitor Network settings->
Search Domain in right column to Ignore, it no longer disconnects but I lose
all network connectivity. I had set the DNS server manually to get accesss to
the Internet and use IP addresses of the company build servers to ssh into
them. DNS is no workee!!!! I updated to OSX mountain lion yesterday. Someone
please escalate a fix for this issue as it will affect a lot of people when the
mountain lion comes up in one week.
Original comment by a...@arista.com on 11 Jul 2012 at 6:52
GoogleCodeExporter
commented
9 years ago It would help fix the problem faster if people would post their configuration
files and logs (preferably both from Lion and from Mountain Lion using the same
configuration file):
To get the Tunnelblick log on the Clipboard so you can paste it into an email:
1. Click the Tunnelblick icon
2. Click "VPN Details…"
3. Select the "Configurations" panel if it is not already selected
4. Select the configuration whose file you want to look at in the list on the
left
5. Select the "Log" tab if it is not already selected
6. Click "Copy Log to Clipboard"
To put the contents of your configuration file on the Clipboard so you can
paste it into an email, open it in TextEdit as follows:
1. Click the Tunnelblick icon
2. Click "VPN Details…"
3. Select the "Configurations" panel if it is not already selected
4. Select the configuration whose file you want to look at in the list on the
left
5. Click the little "gear" icon at the bottom of the list on the left
6. Select "Edit OpenVPN Configuration File…" (or possibly "Examine OpenVPN
Configuration File…").
7. In TextEdit you can Edit : Select All and then Edit : Copy to get the
contents of the configuration file put into the clipboard.
Original comment by jkbull...@gmail.com on 11 Jul 2012 at 9:23
GoogleCodeExporter
commented
9 years ago Here's my TunnelBlk logs:
2012-07-11 14:33:26 *Tunnelblick: OS X 10.8.0; Tunnelblick 3.3beta06 (build
3028)
2012-07-11 14:33:26 *Tunnelblick: Attempting connection with Arista-TCP-Corp;
Set nameserver = 1; monitoring connection
2012-07-11 14:33:26 *Tunnelblick:
/Applications/Tunnelblick.app/Contents/Resources/openvpnstart start
Arista-TCP-Corp.conf 1337 1 0 0 0 49 -atDANGWrdasngw
2012-07-11 14:33:26 *Tunnelblick: openvpnstart message: Loading tun.kext
2012-07-11 14:33:26 OpenVPN 2.3-alpha1 i386-apple-darwin10.7.1 [SSL (OpenSSL)]
[LZO2] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110522-1 (2.2.0)] built on
May 3 2012
2012-07-11 14:33:26 WARNING: No server certificate verification method has been
enabled. See http://openvpn.net/howto.html#mitm for more info.
2012-07-11 14:33:26 NOTE: the current --script-security setting may allow this
configuration to call user-defined scripts
2012-07-11 14:33:26 WARNING: file 'Arista-TCP.p12' is group or others accessible
2012-07-11 14:33:26 Attempting to establish TCP connection with
[AF_INET]4.53.128.220:1194 [nonblock]
2012-07-11 14:33:26 TCP: connect to [AF_INET]4.53.128.220:1194 failed, will try
again in 5 seconds: No route to host
2012-07-11 14:33:26 *Tunnelblick: openvpnstart starting OpenVPN:
* /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3-alpha1/openvpn --cd /Users/asinha/Library/Application Support/Tunnelblick/Configurations --daemon --management 127.0.0.1 1337 --config /Users/asinha/Library/Application Support/Tunnelblick/Configurations/Arista-TCP-Corp.conf --log /Library/Application Support/Tunnelblick/Logs/-SUsers-Sani-SLibrary-SApplication Support-STunnelblick-SConfigurations-SArista--TCP--Corp.conf.1_0_0_0_49.1337.openvpn.log --management-query-passwords --management-hold --script-security 2 --up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -atDANGWrdasngw --down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -atDANGWrdasngw --up-restart --route-pre-down /Applications/Tunnelblick.app/Contents/Resources/client.route-pre-down.tunnelblick.sh -m -w -d -atDANGWrdasngw
2012-07-11 14:33:31 TCP: connect to [AF_INET]4.53.128.220:1194 failed, will try
again in 5 seconds: No route to host
2012-07-11 14:33:36 TCP: connect to [AF_INET]4.53.128.220:1194 failed, will try
again in 5 seconds: No route to host
2012-07-11 14:33:42 TCP connection established with [AF_INET]4.53.128.220:1194
2012-07-11 14:33:42 TCPv4_CLIENT link local: [undef]
2012-07-11 14:33:42 TCPv4_CLIENT link remote: [AF_INET]4.53.128.220:1194
2012-07-11 14:33:42 WARNING: this configuration may cache passwords in memory
-- use the auth-nocache option to prevent this
2012-07-11 14:33:45 [AristanetworksVPN] Peer Connection Initiated with
[AF_INET]4.53.128.220:1194
2012-07-11 14:33:48 TUN/TAP device /dev/tun0 opened
2012-07-11 14:33:48 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
2012-07-11 14:33:48 /sbin/ifconfig tun0 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2012-07-11 14:33:48 NOTE: Tried to delete pre-existing tun/tap instance -- No
Problem if failure
2012-07-11 14:33:48 /sbin/ifconfig tun0 172.22.128.254 172.22.128.253 mtu 1500
netmask 255.255.255.255 up
2012-07-11 14:33:48
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w
-d -atDANGWrdasngw tun0 1500 1560 172.22.128.254 172.22.128.253 init
No such key
add net 172.16.0.0: gateway 172.22.128.253
add net 10.0.0.0: gateway 172.22.128.253
add net 10.1.0.0: gateway 172.22.128.253
add net 10.60.20.0: gateway 172.22.128.253
add net 10.190.241.0: gateway 172.22.128.253
add net 10.255.252.0: gateway 172.22.128.253
add net 10.255.250.0: gateway 172.22.128.253
add net 172.22.128.0: gateway 172.22.128.253
2012-07-11 14:33:50 Initialization Sequence Completed
2012-07-11 14:40:17 event_wait : Interrupted system call (code=4)
2012-07-11 14:40:17
/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m
-w -d -atDANGWrdasngw tun0 1500 1560 172.22.128.254 172.22.128.253 restart
2012-07-11 14:40:17 SIGUSR1[hard,] received, process restarting
2012-07-11 14:40:17 WARNING: No server certificate verification method has been
enabled. See http://openvpn.net/howto.html#mitm for more info.
2012-07-11 14:40:17 NOTE: the current --script-security setting may allow this
configuration to call user-defined scripts
2012-07-11 14:40:17 Attempting to establish TCP connection with
[AF_INET]4.53.128.220:1194 [nonblock]
2012-07-11 14:40:18 TCP connection established with [AF_INET]4.53.128.220:1194
2012-07-11 14:40:18 TCPv4_CLIENT link local: [undef]
2012-07-11 14:40:18 TCPv4_CLIENT link remote: [AF_INET]4.53.128.220:1194
2012-07-11 14:40:20 [AristanetworksVPN] Peer Connection Initiated with
[AF_INET]4.53.128.220:1194
2012-07-11 14:40:22 Preserving previous TUN/TAP instance: tun0
2012-07-11 14:40:22
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w
-d -atDANGWrdasngw tun0 1500 1560 172.22.128.254 172.22.128.253 restart
No such key
2012-07-11 14:40:24 NOTE: Pulled options changed on restart, will need to close
and reopen TUN/TAP device.
2012-07-11 14:40:24
/Applications/Tunnelblick.app/Contents/Resources/client.route-pre-down.tunnelbli
ck.sh -m -w -d -atDANGWrdasngw tun0 1500 1560 172.22.128.254 172.22.128.253 init
delete net 172.22.128.0: gateway 172.22.128.253
delete net 10.255.250.0: gateway 172.22.128.253
delete net 10.255.252.0: gateway 172.22.128.253
delete net 10.190.241.0: gateway 172.22.128.253
delete net 10.60.20.0: gateway 172.22.128.253
delete net 10.1.0.0: gateway 172.22.128.253
delete net 10.0.0.0: gateway 172.22.128.253
delete net 172.16.0.0: gateway 172.22.128.253
2012-07-11 14:40:24
/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m
-w -d -atDANGWrdasngw tun0 1500 1560 172.22.128.254 172.22.128.253 init
2012-07-11 14:40:26 TUN/TAP device /dev/tun0 opened
2012-07-11 14:40:26 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
2012-07-11 14:40:26 /sbin/ifconfig tun0 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2012-07-11 14:40:26 NOTE: Tried to delete pre-existing tun/tap instance -- No
Problem if failure
2012-07-11 14:40:26 /sbin/ifconfig tun0 172.22.128.62 172.22.128.61 mtu 1500
netmask 255.255.255.255 up
2012-07-11 14:40:26
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w
-d -atDANGWrdasngw tun0 1500 1560 172.22.128.62 172.22.128.61 init
No such key
add net 172.16.0.0: gateway 172.22.128.61
add net 10.0.0.0: gateway 172.22.128.61
add net 10.1.0.0: gateway 172.22.128.61
add net 10.60.20.0: gateway 172.22.128.61
add net 10.190.241.0: gateway 172.22.128.61
add net 10.255.252.0: gateway 172.22.128.61
add net 10.255.250.0: gateway 172.22.128.61
add net 172.22.128.0: gateway 172.22.128.61
2012-07-11 14:40:28 Initialization Sequence Completed
OpenVPN started successfully. Command used to start OpenVPN (one argument per
displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3-alpha1/openvpn
--cd
/Users/asinha/Library/Application Support/Tunnelblick/Configurations
--daemon
--management
127.0.0.1
1337
--config
/Users/asinha/Library/Application Support/Tunnelblick/Configurations/Arista-TCP-Corp.conf
--log
/Library/Application Support/Tunnelblick/Logs/-SUsers-Sani-SLibrary-SApplication Support-STunnelblick-SConfigurations-SArista--TCP--Corp.conf.1_0_0_0_49.1337.openvpn.log
--management-query-passwords
--management-hold
--script-security
2
--up
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -atDANGWrdasngw
--down
/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -atDANGWrdasngw
--up-restart
--route-pre-down
/Applications/Tunnelblick.app/Contents/Resources/client.route-pre-down.tunnelblick.sh -m -w -d -atDANGWrdasngw
2012-07-11 14:33:26 *Tunnelblick: Established communication with OpenVPN
2012-07-11 14:33:26 *Tunnelblick: Obtained VPN username and password from the
Keychain
2012-07-11 14:33:50 *Tunnelblick: Flushed the DNS cache
2012-07-11 14:40:28 *Tunnelblick: Flushed the DNS cache
And here's the config file :
dev tun
persist-tun
persist-key
proto tcp-client
cipher AES-128-CBC
tls-client
client
resolv-retry infinite
remote 4.53.128.220 1194
auth-user-pass
pkcs12 Arista-TCP.p12
comp-lzo
Original comment by a...@arista.com on 11 Jul 2012 at 9:45
GoogleCodeExporter
commented
9 years ago @ani - Thanks. Two things:
(1) If you are using your IPS's DNS servers (for example, from home) and you
connect to a VPN, all your DNS queries will go through the VPN, and appear to
the ISP's DNS servers to be from outside their network. Many ISPs ignore such
requests, with the result that you appear to have lost all connectivity (but
pings would still work). In that case, since your VPN server isn't "pushing"
its own DNS servers to you, you will need to set DNS servers manually in your
System Preferences Network panel. You can, for example, use Google's public DNS
servers at 8.8.8.8 and 8.8.4.4, or use OpenDNS's, or whatever else you want.
(2) That said, it also looks possible that Tunnelblick's
"client.up.tunnelblick.sh" script is crashing. Can you check your console log
for any relevant messages? Thanks.Original comment by jkbull...@gmail.com on 11 Jul 2012 at 10:16
GoogleCodeExporter
commented
9 years ago I am pretty sure it used to. I never had to add DNS servers manually in
Lion.
When DNS stopped working, I had to add them manually. I now manually added
Google's DNS servers and our internal DNS server IPs.
Nop! nothing in console log yet!
AniOriginal comment by a...@arista.com on 11 Jul 2012 at 10:35
GoogleCodeExporter
commented
9 years ago I resolved this issue by adding the following on server side and without
modifying tunnelblick config (as people suggested):
push dhcp-option DOMAIN example.com
and then restart openvpn server
Now I can see that the correct DNS and domain are pushed, but it only does IP
resolution and not NAME resolution. For example, on terminal I can do "host
foo.example.com" and it shows the correct IP, and in Chrome/Safari I can go to
the site by entering the IP of foo.example.com but if I enter foo.example.com
in URL it does not resolve! I get the following error:
Error 105 (net::ERR_NAME_NOT_RESOLVED): Unable to resolve the server's DNS
address.
I am using Mountain Lion GM and the same configuration used to work on Lion and
they are currently working on Ubuntu and Windows (by other dev users for the
company). I have tried with Tunnelblick 3.2.6 stable. Does anyone have any
solutions?Original comment by moksh.kh...@gmail.com on 12 Jul 2012 at 4:27
GoogleCodeExporter
commented
9 years ago I have restored my Mac to Lion and the DNS works as before. Here's the log from
Tunnelblick ;
2012-07-12 10:33:47 *Tunnelblick: OS X 10.7.4; Tunnelblick 3.2.5 (build
2891.3004)
2012-07-12 10:33:47 *Tunnelblick: Attempting connection with Arista-TCP-Corp;
Set nameserver = 1; monitoring connection
2012-07-12 10:33:47 *Tunnelblick:
/Applications/Tunnelblick.app/Contents/Resources/openvpnstart start
Arista-TCP-Corp.conf 1337 1 0 0 0 49 -atDASNGWrdasngw
2012-07-12 10:33:47 *Tunnelblick: openvpnstart message: Loading tun.kext
2012-07-12 10:33:47 *Tunnelblick: Established communication with OpenVPN
2012-07-12 10:33:47 *Tunnelblick: Obtained VPN username and password from the
Keychain
2012-07-12 10:33:47 OpenVPN 2.2.1 i386-apple-darwin10.8.0 [SSL] [LZO2] [PKCS11]
[eurephia] built on Apr 27 2012
2012-07-12 10:33:47 WARNING: No server certificate verification method has been
enabled. See http://openvpn.net/howto.html#mitm for more info.
2012-07-12 10:33:47 NOTE: the current --script-security setting may allow this
configuration to call user-defined scripts
2012-07-12 10:33:47 WARNING: file 'Arista-TCP.p12' is group or others accessible
2012-07-12 10:33:47 LZO compression initialized
2012-07-12 10:33:47 *Tunnelblick: openvpnstart:
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.2.1/openvpn
--cd /Users/asinha/Library/Application Support/Tunnelblick/Configurations
--daemon --management 127.0.0.1 1337 --config /Users/asinha/Library/Application
Support/Tunnelblick/Configurations/Arista-TCP-Corp.conf --log
/Library/Application
Support/Tunnelblick/Logs/-SUsers-Sani-SLibrary-SApplication
Support-STunnelblick-SConfigurations-SArista--TCP--Corp.conf.1_0_0_0_49.1337.ope
nvpn.log --management-query-passwords --management-hold --script-security 2
--up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh
-m -w -d -atDASNGWrdasngw --down
/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m
-w -d -atDASNGWrdasngw --up-restart
2012-07-12 10:33:48 Attempting to establish TCP connection with
4.53.128.220:1194 [nonblock]
2012-07-12 10:33:49 TCP connection established with 4.53.128.220:1194
2012-07-12 10:33:49 TCPv4_CLIENT link local: [undef]
2012-07-12 10:33:49 TCPv4_CLIENT link remote: 4.53.128.220:1194
2012-07-12 10:33:49 WARNING: this configuration may cache passwords in memory
-- use the auth-nocache option to prevent this
2012-07-12 10:33:51 [AristanetworksVPN] Peer Connection Initiated with
4.53.128.220:1194
2012-07-12 10:33:54 TUN/TAP device /dev/tun0 opened
2012-07-12 10:33:54 /sbin/ifconfig tun0 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2012-07-12 10:33:54 NOTE: Tried to delete pre-existing tun/tap instance -- No
Problem if failure
2012-07-12 10:33:54 /sbin/ifconfig tun0 172.22.129.10 172.22.129.9 mtu 1500
netmask 255.255.255.255 up
2012-07-12 10:33:54
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w
-d -atDASNGWrdasngw tun0 1500 1560 172.22.129.10 172.22.129.9 init
No such key
add net 172.16.0.0: gateway 172.22.129.9
add net 10.0.0.0: gateway 172.22.129.9
add net 10.1.0.0: gateway 172.22.129.9
add net 10.60.20.0: gateway 172.22.129.9
add net 10.190.241.0: gateway 172.22.129.9
add net 10.255.252.0: gateway 172.22.129.9
add net 10.255.250.0: gateway 172.22.129.9
add net 172.22.128.0: gateway 172.22.129.9
2012-07-12 10:33:56 *Tunnelblick: Flushed the DNS cache
2012-07-12 10:33:56 Initialization Sequence Completed
Original comment by a...@arista.com on 12 Jul 2012 at 5:40
GoogleCodeExporter
commented
9 years ago Ah. Different version of Tunnelblick, too.
Can you get the log for 3.3beta06 on Lion? (You can just download the .dmg
and drag the Tunnelblick icon to the Desktop and run it from there; that
way you leave your existing 3.2.5 in /Applications uchanged.)Original comment by jkbull...@gmail.com on 12 Jul 2012 at 5:49
GoogleCodeExporter
commented
9 years ago Here goes :
2012-07-12 10:57:14 *Tunnelblick: OS X 10.7.4; Tunnelblick 3.3beta06 (build
3028)
2012-07-12 10:57:14 *Tunnelblick: Attempting connection with Arista-TCP-Corp;
Set nameserver = 1; monitoring connection
2012-07-12 10:57:14 *Tunnelblick:
/Users/asinha/Desktop/Tunnelblick.app/Contents/Resources/openvpnstart start
Arista-TCP-Corp.conf 1337 1 0 0 0 49 -atDASNGWrdasngw
2012-07-12 10:57:14 *Tunnelblick: openvpnstart message: Loading tun.kext
2012-07-12 10:57:14 OpenVPN 2.3-alpha1 i386-apple-darwin10.7.1 [SSL (OpenSSL)]
[LZO2] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110522-1 (2.2.0)] built on
May 3 2012
2012-07-12 10:57:14 *Tunnelblick: openvpnstart starting OpenVPN:
* /Users/asinha/Desktop/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3-alpha1/openvpn --cd /Users/asinha/Library/Application Support/Tunnelblick/Configurations --daemon --management 127.0.0.1 1337 --config /Users/asinha/Library/Application Support/Tunnelblick/Configurations/Arista-TCP-Corp.conf --log /Library/Application Support/Tunnelblick/Logs/-SUsers-Sani-SLibrary-SApplication Support-STunnelblick-SConfigurations-SArista--TCP--Corp.conf.1_0_0_0_49.1337.openvpn.log --management-query-passwords --management-hold --script-security 2 --up /Users/asinha/Desktop/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -atDASNGWrdasngw --down /Users/asinha/Desktop/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -atDASNGWrdasngw --up-restart --route-pre-down /Users/asinha/Desktop/Tunnelblick.app/Contents/Resources/client.route-pre-down.tunnelblick.sh -m -w -d -atDASNGWrdasngw
2012-07-12 10:57:15 WARNING: No server certificate verification method has been
enabled. See http://openvpn.net/howto.html#mitm for more info.
2012-07-12 10:57:15 NOTE: the current --script-security setting may allow this
configuration to call user-defined scripts
2012-07-12 10:57:15 WARNING: file 'Arista-TCP.p12' is group or others accessible
2012-07-12 10:57:15 Attempting to establish TCP connection with
[AF_INET]4.53.128.220:1194 [nonblock]
2012-07-12 10:57:16 TCP connection established with [AF_INET]4.53.128.220:1194
2012-07-12 10:57:16 TCPv4_CLIENT link local: [undef]
2012-07-12 10:57:16 TCPv4_CLIENT link remote: [AF_INET]4.53.128.220:1194
2012-07-12 10:57:16 WARNING: this configuration may cache passwords in memory
-- use the auth-nocache option to prevent this
2012-07-12 10:57:18 [AristanetworksVPN] Peer Connection Initiated with
[AF_INET]4.53.128.220:1194
2012-07-12 10:57:21 TUN/TAP device /dev/tun0 opened
2012-07-12 10:57:21 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
2012-07-12 10:57:21 /sbin/ifconfig tun0 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2012-07-12 10:57:21 NOTE: Tried to delete pre-existing tun/tap instance -- No
Problem if failure
2012-07-12 10:57:21 /sbin/ifconfig tun0 172.22.129.34 172.22.129.33 mtu 1500
netmask 255.255.255.255 up
2012-07-12 10:57:21
/Users/asinha/Desktop/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.s
h -m -w -d -atDASNGWrdasngw tun0 1500 1560 172.22.129.34 172.22.129.33 init
No such key
add net 172.16.0.0: gateway 172.22.129.33
add net 10.0.0.0: gateway 172.22.129.33
add net 10.1.0.0: gateway 172.22.129.33
add net 10.60.20.0: gateway 172.22.129.33
add net 10.190.241.0: gateway 172.22.129.33
add net 10.255.252.0: gateway 172.22.129.33
add net 10.255.250.0: gateway 172.22.129.33
add net 172.22.128.0: gateway 172.22.129.33
2012-07-12 10:57:23 Initialization Sequence Completed
OpenVPN started successfully. Command used to start OpenVPN (one argument per
displayed line):
/Users/asinha/Desktop/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3-alpha1/openvpn
--cd
/Users/asinha/Library/Application Support/Tunnelblick/Configurations
--daemon
--management
127.0.0.1
1337
--config
/Users/asinha/Library/Application Support/Tunnelblick/Configurations/Arista-TCP-Corp.conf
--log
/Library/Application Support/Tunnelblick/Logs/-SUsers-Sani-SLibrary-SApplication Support-STunnelblick-SConfigurations-SArista--TCP--Corp.conf.1_0_0_0_49.1337.openvpn.log
--management-query-passwords
--management-hold
--script-security
2
--up
/Users/asinha/Desktop/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -atDASNGWrdasngw
--down
/Users/asinha/Desktop/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -atDASNGWrdasngw
--up-restart
--route-pre-down
/Users/asinha/Desktop/Tunnelblick.app/Contents/Resources/client.route-pre-down.tunnelblick.sh -m -w -d -atDASNGWrdasngw
2012-07-12 10:57:15 *Tunnelblick: Established communication with OpenVPN
2012-07-12 10:57:15 *Tunnelblick: Obtained VPN username and password from the
Keychain
2012-07-12 10:57:23 *Tunnelblick: Flushed the DNS cache
DNS works on this beta version too, albeit on mac 10.7.4Original comment by a...@arista.com on 12 Jul 2012 at 5:59
GoogleCodeExporter
commented
9 years ago Thanks, ani.
The only thing that seem different about 10.8 is that it has trouble
connecting to the VPN server the first time:
2012-07-11 14:33:31 TCP: connect to [AF_INET]4.53.128.220:1194 failed, will
which seems odd, but doesn't really seem relevant to the problem.
I am also puzzled as to why client.up.tunnelblick.sh didn't output any
messages, but since it didn't output any in either log, nor did anything
show up the Console log, I don't know what that means.
So it looks like it may be something in OpenVPN, or possibly Tuntap.
Let me make sure I understand the problem (on 10.8):
- The VPN connects and stays connected (after setting Advanced->Monitor
Network settings-> Search Domain in right column to Ignore)
- You can't browse to anything, either by name (www.google.com) or by IP
address (173.194.75.104)
- Nothing shows up in the Console log.
Also, did you try OpenVPN 2.2.1 when on 10.8? (It's on the "Preference" tab
of the "VPN Details…" window.)
Thanks for all your help with this.
BTW, can you dual boot (10.7 and 10.8) or did you just revert to 10.7 on
your (single) setup?Original comment by jkbull...@gmail.com on 12 Jul 2012 at 6:48
GoogleCodeExporter
commented
9 years ago On your three points regarding 10.8 :
-yes, it does stay connected after that settings change.
- no, I can still browse using IP or if I set my /etc/hosts to resolve the
names to IPs. So it seems the issue is DNS specific.
- yes, no crash logs on the console log.
Unfortunately I only have my work mac and I have restored it to 10.7.4 from my
time machine. Don't want to much around with my work mac anymore.
Original comment by a...@arista.com on 12 Jul 2012 at 6:56
GoogleCodeExporter
commented
9 years ago OK, thanks for clarifying, and for all your help.Original comment by jkbull...@gmail.com on 12 Jul 2012 at 7:00
GoogleCodeExporter
commented
9 years ago Is there a way to verify from TunnelBlick logs that the vpn server is pushing
the DNS server IPs to the client? In the network settings, I do see that the
corporate DNS server IPS are populated but in Mountain Lion they were not.Original comment by a...@arista.com on 12 Jul 2012 at 7:09
GoogleCodeExporter
commented
9 years ago I assume you are talking about when the VPN is connected. If so, it looks
like that's the problem.
I see nothing in either the 10.7 or 10.8 logs that shows *anything* being
pushed.
Usually there would be a pair of log entries similar to the following:
2012-07-12 15:14:41 SENT CONTROL [*server-name*]: 'PUSH_REQUEST' (status=1)
I have no idea why 10.7 is setting the DNS servers and 10.8 isn't. It
could be that the network settings in 10.7 had the corporate DNS servers
set manually -- I would expect the corporate DHCP to treat 10.7 and 10.8
the same.
I wonder if it could have anything to do with IPv6? Does your Corporate
network use it at all? Maybe that's changed in 10.8.Original comment by jkbull...@gmail.com on 12 Jul 2012 at 7:31
GoogleCodeExporter
commented
9 years ago I have the exact same problem as above only on OS X 10.8 - I have tried with
both the beta and the stable versions and can not replicate the problem in OS X
10.7. I am not connecting to a corporate VPN. Setting 8.8.8.8 and 8.8.4.4
allows me to browse the internet as normal on OS X 10.8 while connected through
Tunnelblick.Original comment by mar...@ohsocool.org on 12 Jul 2012 at 7:50
GoogleCodeExporter
commented
9 years ago martin, thanks for your report. Does anything show up in the Console
log<http://code.google.com/p/tunnelblick/wiki/cConsoleLog>?
I'm particularly looking for anything from the program "
client.up.tunnelblick.sh".
Also, please post your configuration file and log on 10.7 and 10.8 if
possible. Do you know if your VPN server should be "pushing" anything to
the client?Original comment by jkbull...@gmail.com on 12 Jul 2012 at 7:56
GoogleCodeExporter
commented
9 years ago Just heard from a co-worker of mine that the same issue is hitting him too.
Looks like lot of people are seeing the same problem. Original comment by a...@arista.com on 12 Jul 2012 at 8:46
GoogleCodeExporter
commented
9 years ago May be there is a verbose mode that spits out more information?Original comment by a...@arista.com on 12 Jul 2012 at 8:58
GoogleCodeExporter
commented
9 years ago The default is "verb 3", which should log enough to see what is happening.
What's odd is that even though it is apparently at verb 3, it isn't showing
any "push" request or any "push" info coming back from the server.
Adding "verb 4" to the client's configuration file will log more, so it's
worth a try.Original comment by jkbull...@gmail.com on 12 Jul 2012 at 9:06
GoogleCodeExporter
commented
9 years ago Got something now :
2012-07-12 14:12:40 us=399672 PUSH: Received control message: 'PUSH_REPLY,route
172.16.0.0 255.240.0.0,dhcp-option DOMAIN sjc.aristanetworks.com,dhcp-optio\
n DNS 172.22.22.10,dhcp-option DNS 172.22.22.40,dhcp-option NTP 172.22.22.50,route 10.0.0.0 255.255.255.0,route 10.1.0.0 255.255.255.0,route 10.60.20.0 255\
.255.255.0,route 10.190.241.0 255.255.255.0,route 10.255.252.0 255.255.254.0,route 10.255.250.0 255.255.255.0,dhcp-option DOMAIN aristanetworks.com,dhcp-op\
tion DOMAIN sjc.aristanetworks.com,route 172.22.128.0 255.255.252.0,topology net30,ping 10,ping-restart 60,ifconfig 172.22.128.90 172.22.128.89'
Can't paste all the log without auditing - it might contain some sensitive
information. I think it's worthwhile to try the same with verb 4 on mountain
Lion and see what we get. Unfortunately, I am back on Lion.Original comment by a...@arista.com on 12 Jul 2012 at 9:19
GoogleCodeExporter
commented
9 years ago Thanks. Don't need the rest of the log (although a 10.8 log might help).
Maybe your VPN server sends a "verb 2" or something, and that's why you
didn't get it before. Maybe even if you did "verb 3" it would show up.
The other thing you should see in the log is something like
and
If your co-worker still has Mountain Lion, maybe they could see if their
log contains something similar. Or if their Console log has anything.
And when they check the Console log they should check "All Messages".
I just tried my test setups on Mountain Lion and they worked fine, so it
must have to do with some particular OpenVPN option that's being used.Original comment by jkbull...@gmail.com on 12 Jul 2012 at 10:09
GoogleCodeExporter
commented
9 years ago Hi I'm ani's coworker. I don't see anything interesting in the console log.
Here's my log on Mountain Lion using the same config:
2012-07-12 23:42:44 *Tunnelblick: OS X 10.8.0; Tunnelblick 3.3beta06 (build
3028) Unsigned
2012-07-12 23:42:44 *Tunnelblick: Attempting connection with Arista-TCP-Corp;
Set nameserver = 1; monitoring connection
2012-07-12 23:42:44 *Tunnelblick:
/Applications/Tunnelblick.app/Contents/Resources/openvpnstart start
Arista-TCP-Corp.conf 1338 1 0 0 0 49 -atDASNGWrdasngw
2012-07-12 23:42:44 *Tunnelblick: openvpnstart message: Loading tun.kext
2012-07-12 23:42:44 OpenVPN 2.3-alpha1 i386-apple-darwin10.7.1 [SSL (OpenSSL)]
[LZO2] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110522-1 (2.2.0)] built on
May 3 2012
2012-07-12 23:42:44 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1338
2012-07-12 23:42:44 Need hold release from management interface, waiting...
2012-07-12 23:42:44 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1338
2012-07-12 23:42:44 MANAGEMENT: CMD 'pid'
2012-07-12 23:42:44 MANAGEMENT: CMD 'state on'
2012-07-12 23:42:44 MANAGEMENT: CMD 'state'
2012-07-12 23:42:44 MANAGEMENT: CMD 'bytecount 1'
2012-07-12 23:42:44 MANAGEMENT: CMD 'hold release'
2012-07-12 23:42:44 MANAGEMENT: CMD 'username "Auth" "wei"'
2012-07-12 23:42:44 MANAGEMENT: CMD 'password [...]'
2012-07-12 23:42:44 WARNING: No server certificate verification method has been
enabled. See http://openvpn.net/howto.html#mitm for more info.
2012-07-12 23:42:44 NOTE: the current --script-security setting may allow this
configuration to call user-defined scripts
2012-07-12 23:42:44 Socket Buffers: R=[131072->65536] S=[131072->65536]
2012-07-12 23:42:44 Attempting to establish TCP connection with
[AF_INET]4.53.128.220:1194 [nonblock]
2012-07-12 23:42:44 MANAGEMENT: >STATE:1342161764,TCP_CONNECT,,,
2012-07-12 23:42:44 *Tunnelblick: openvpnstart starting OpenVPN:
* /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3-alpha1/openvpn --cd /Users/wei/Library/Application Support/Tunnelblick/Configurations --daemon --management 127.0.0.1 1338 --config /Users/wei/Library/Application Support/Tunnelblick/Configurations/Arista-TCP-Corp.conf --log /Library/Application Support/Tunnelblick/Logs/-SUsers-Swei-SLibrary-SApplication Support-STunnelblick-SConfigurations-SArista--TCP--Corp.conf.1_0_0_0_49.1338.openvpn.log --management-query-passwords --management-hold --script-security 2 --up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -atDASNGWrdasngw --down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -atDASNGWrdasngw --up-restart --route-pre-down /Applications/Tunnelblick.app/Contents/Resources/client.route-pre-down.tunnelblick.sh -m -w -d -atDASNGWrdasngw
2012-07-12 23:42:45 TCP connection established with [AF_INET]4.53.128.220:1194
2012-07-12 23:42:45 TCPv4_CLIENT link local: [undef]
2012-07-12 23:42:45 TCPv4_CLIENT link remote: [AF_INET]4.53.128.220:1194
2012-07-12 23:42:45 MANAGEMENT: >STATE:1342161765,WAIT,,,
2012-07-12 23:42:45 MANAGEMENT: >STATE:1342161765,AUTH,,,
2012-07-12 23:42:45 TLS: Initial packet from [AF_INET]4.53.128.220:1194,
sid=9e50ad00 9b54912a
2012-07-12 23:42:45 WARNING: this configuration may cache passwords in memory
-- use the auth-nocache option to prevent this
2012-07-12 23:42:46 VERIFY OK: depth=1, C=US, ST=California, L=Santa Clara,
O=Aristanetworks, emailAddress=it-support@aristanetworks.com,
CN=AristaNetworksVPN
2012-07-12 23:42:46 VERIFY OK: depth=0, C=US, ST=California, L=Santa Clara,
O=Aristanetworks, emailAddress=it-support@aristanetworks.com,
CN=AristanetworksVPN
2012-07-12 23:42:47 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with
128 bit key
2012-07-12 23:42:47 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for
HMAC authentication
2012-07-12 23:42:47 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with
128 bit key
2012-07-12 23:42:47 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for
HMAC authentication
2012-07-12 23:42:47 Control Channel: TLSv1, cipher TLSv1/SSLv3
DHE-RSA-AES256-SHA, 2048 bit RSA
2012-07-12 23:42:47 [AristanetworksVPN] Peer Connection Initiated with
[AF_INET]4.53.128.220:1194
2012-07-12 23:42:48 MANAGEMENT: >STATE:1342161768,GET_CONFIG,,,
2012-07-12 23:42:49 SENT CONTROL [AristanetworksVPN]: 'PUSH_REQUEST' (status=1)
2012-07-12 23:42:50 PUSH: Received control message: 'PUSH_REPLY,route
172.16.0.0 255.240.0.0,dhcp-option DOMAIN sjc.aristanetworks.com,dhcp-option
DNS 172.22.22.10,dhcp-option DNS 172.22.22.40,dhcp-option NTP
172.22.22.50,route 10.0.0.0 255.255.255.0,route 10.1.0.0 255.255.255.0,route
10.60.20.0 255.255.255.0,route 10.190.241.0 255.255.255.0,route 10.255.252.0
255.255.254.0,route 10.255.250.0 255.255.255.0,dhcp-option DOMAIN
aristanetworks.com,dhcp-option DOMAIN sjc.aristanetworks.com,route 172.22.128.0
255.255.252.0,topology net30,ping 10,ping-restart 60,ifconfig 172.22.128.54
172.22.128.53'
2012-07-12 23:42:50 OPTIONS IMPORT: timers and/or timeouts modified
2012-07-12 23:42:50 OPTIONS IMPORT: --ifconfig/up options modified
2012-07-12 23:42:50 OPTIONS IMPORT: route options modified
2012-07-12 23:42:50 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options
modified
2012-07-12 23:42:50 ROUTE_GATEWAY 192.168.11.1/255.255.255.0 IFACE=en1
HWADDR=e0:f8:47:07:ff:26
2012-07-12 23:42:50 TUN/TAP device /dev/tun0 opened
2012-07-12 23:42:50 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
2012-07-12 23:42:50 MANAGEMENT: >STATE:1342161770,ASSIGN_IP,,172.22.128.54,
2012-07-12 23:42:50 /sbin/ifconfig tun0 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2012-07-12 23:42:50 NOTE: Tried to delete pre-existing tun/tap instance -- No
Problem if failure
2012-07-12 23:42:50 /sbin/ifconfig tun0 172.22.128.54 172.22.128.53 mtu 1500
netmask 255.255.255.255 up
2012-07-12 23:42:50
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w
-d -atDASNGWrdasngw tun0 1500 1560 172.22.128.54 172.22.128.53 init
No such key
2012-07-12 23:42:52 MANAGEMENT: >STATE:1342161772,ADD_ROUTES,,,
2012-07-12 23:42:52 /sbin/route add -net 172.16.0.0 172.22.128.53 255.240.0.0
add net 172.16.0.0: gateway 172.22.128.53
2012-07-12 23:42:52 /sbin/route add -net 10.0.0.0 172.22.128.53 255.255.255.0
add net 10.0.0.0: gateway 172.22.128.53
2012-07-12 23:42:52 /sbin/route add -net 10.1.0.0 172.22.128.53 255.255.255.0
add net 10.1.0.0: gateway 172.22.128.53
2012-07-12 23:42:52 /sbin/route add -net 10.60.20.0 172.22.128.53 255.255.255.0
add net 10.60.20.0: gateway 172.22.128.53
2012-07-12 23:42:52 /sbin/route add -net 10.190.241.0 172.22.128.53
255.255.255.0
add net 10.190.241.0: gateway 172.22.128.53
2012-07-12 23:42:52 /sbin/route add -net 10.255.252.0 172.22.128.53
255.255.254.0
add net 10.255.252.0: gateway 172.22.128.53
2012-07-12 23:42:52 /sbin/route add -net 10.255.250.0 172.22.128.53
255.255.255.0
add net 10.255.250.0: gateway 172.22.128.53
2012-07-12 23:42:52 /sbin/route add -net 172.22.128.0 172.22.128.53
255.255.252.0
add net 172.22.128.0: gateway 172.22.128.53
2012-07-12 23:42:52 Initialization Sequence Completed
2012-07-12 23:42:52 MANAGEMENT:
>STATE:1342161772,CONNECTED,SUCCESS,172.22.128.54,4.53.128.220
2012-07-12 23:42:52 *Tunnelblick client.up.tunnelblick.sh: Unknown:
'foreign_option_4' = 'dhcp-option NTP 172.22.22.50'
2012-07-12 23:42:52 *Tunnelblick client.up.tunnelblick.sh: Retrieved name
server(s) [ 172.22.22.10 172.22.22.40 ], domain name [ sjc.aristanetworks.com
], and WINS server(s) [ ]
2012-07-12 23:42:52 *Tunnelblick client.up.tunnelblick.sh: Up to two 'No such
key' warnings are normal and may be ignored
2012-07-12 23:42:52 *Tunnelblick client.up.tunnelblick.sh: Saved the DNS and
WINS configurations for later use
2012-07-12 23:42:52 *Tunnelblick client.up.tunnelblick.sh: Set up to monitor
system configuration with process-network-changes
OpenVPN started successfully. Command used to start OpenVPN (one argument per
displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3-alpha1/openvpn
--cd
/Users/wei/Library/Application Support/Tunnelblick/Configurations
--daemon
--management
127.0.0.1
1338
--config
/Users/wei/Library/Application Support/Tunnelblick/Configurations/Arista-TCP-Corp.conf
--log
/Library/Application Support/Tunnelblick/Logs/-SUsers-Swei-SLibrary-SApplication Support-STunnelblick-SConfigurations-SArista--TCP--Corp.conf.1_0_0_0_49.1338.openvpn.log
--management-query-passwords
--management-hold
--script-security
2
--up
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -atDASNGWrdasngw
--down
/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -atDASNGWrdasngw
--up-restart
--route-pre-down
/Applications/Tunnelblick.app/Contents/Resources/client.route-pre-down.tunnelblick.sh -m -w -d -atDASNGWrdasngw
2012-07-12 23:42:44 *Tunnelblick: Established communication with OpenVPN
2012-07-12 23:42:44 *Tunnelblick: Obtained VPN username and password from the
Keychain
2012-07-12 23:42:52 *Tunnelblick: Flushed the DNS cache
2012-07-12 23:43:27 *Tunnelblick process-network-changes: SearchDomains changed
from
*
* to
* <array> {
* 0 : sjc.aristanetworks.com
* 1 : aristanetworks.com
* }
* pre-VPN was
*
2012-07-12 23:43:27 *Tunnelblick process-network-changes: SearchDomains
changed; sending USR1 to OpenVPN (process ID 17807) to restart the connection.
2012-07-12 23:43:28 event_wait : Interrupted system call (code=4)
2012-07-12 23:43:28
/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m
-w -d -atDASNGWrdasngw tun0 1500 1560 172.22.128.54 172.22.128.53 restart
2012-07-12 23:43:28 *Tunnelblick client.down.tunnelblick.sh: Cancelled
monitoring of system configuration changes
2012-07-12 23:43:28 *Tunnelblick client.down.tunnelblick.sh: Restored the DNS
and WINS configurations
2012-07-12 23:43:28 SIGUSR1[hard,] received, process restarting
2012-07-12 23:43:28 MANAGEMENT: >STATE:1342161808,RECONNECTING,SIGUSR1,,
2012-07-12 23:43:28 MANAGEMENT: CMD 'hold release'
2012-07-12 23:43:28 WARNING: No server certificate verification method has been
enabled. See http://openvpn.net/howto.html#mitm for more info.
2012-07-12 23:43:28 NOTE: the current --script-security setting may allow this
configuration to call user-defined scripts
2012-07-12 23:43:28 Socket Buffers: R=[131072->65536] S=[131072->65536]
2012-07-12 23:43:28 Attempting to establish TCP connection with
[AF_INET]4.53.128.220:1194 [nonblock]
2012-07-12 23:43:28 MANAGEMENT: >STATE:1342161808,TCP_CONNECT,,,
2012-07-12 23:43:29 TCP connection established with [AF_INET]4.53.128.220:1194
2012-07-12 23:43:29 TCPv4_CLIENT link local: [undef]
2012-07-12 23:43:29 TCPv4_CLIENT link remote: [AF_INET]4.53.128.220:1194
2012-07-12 23:43:29 MANAGEMENT: >STATE:1342161809,WAIT,,,
2012-07-12 23:43:29 MANAGEMENT: >STATE:1342161809,AUTH,,,
2012-07-12 23:43:29 TLS: Initial packet from [AF_INET]4.53.128.220:1194,
sid=ec30a08f 17475f04
2012-07-12 23:43:30 VERIFY OK: depth=1, C=US, ST=California, L=Santa Clara,
O=Aristanetworks, emailAddress=it-support@aristanetworks.com,
CN=AristaNetworksVPN
2012-07-12 23:43:30 VERIFY OK: depth=0, C=US, ST=California, L=Santa Clara,
O=Aristanetworks, emailAddress=it-support@aristanetworks.com,
CN=AristanetworksVPN
2012-07-12 23:43:31 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with
128 bit key
2012-07-12 23:43:31 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for
HMAC authentication
2012-07-12 23:43:31 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with
128 bit key
2012-07-12 23:43:31 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for
HMAC authentication
2012-07-12 23:43:31 Control Channel: TLSv1, cipher TLSv1/SSLv3
DHE-RSA-AES256-SHA, 2048 bit RSA
2012-07-12 23:43:31 [AristanetworksVPN] Peer Connection Initiated with
[AF_INET]4.53.128.220:1194
2012-07-12 23:43:32 MANAGEMENT: >STATE:1342161812,GET_CONFIG,,,
2012-07-12 23:43:33 SENT CONTROL [AristanetworksVPN]: 'PUSH_REQUEST' (status=1)
2012-07-12 23:43:33 PUSH: Received control message: 'PUSH_REPLY,route
172.16.0.0 255.240.0.0,dhcp-option DOMAIN sjc.aristanetworks.com,dhcp-option
DNS 172.22.22.10,dhcp-option DNS 172.22.22.40,dhcp-option NTP
172.22.22.50,route 10.0.0.0 255.255.255.0,route 10.1.0.0 255.255.255.0,route
10.60.20.0 255.255.255.0,route 10.190.241.0 255.255.255.0,route 10.255.252.0
255.255.254.0,route 10.255.250.0 255.255.255.0,dhcp-option DOMAIN
aristanetworks.com,dhcp-option DOMAIN sjc.aristanetworks.com,route 172.22.128.0
255.255.252.0,topology net30,ping 10,ping-restart 60,ifconfig 172.22.128.54
172.22.128.53'
2012-07-12 23:43:33 OPTIONS IMPORT: timers and/or timeouts modified
2012-07-12 23:43:33 OPTIONS IMPORT: --ifconfig/up options modified
2012-07-12 23:43:33 OPTIONS IMPORT: route options modified
2012-07-12 23:43:33 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options
modified
2012-07-12 23:43:33 Preserving previous TUN/TAP instance: tun0
2012-07-12 23:43:33
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w
-d -atDASNGWrdasngw tun0 1500 1560 172.22.128.54 172.22.128.53 restart
No such key
2012-07-12 23:43:35 *Tunnelblick client.up.tunnelblick.sh: Unknown:
'foreign_option_4' = 'dhcp-option NTP 172.22.22.50'
2012-07-12 23:43:35 *Tunnelblick client.up.tunnelblick.sh: Retrieved name
server(s) [ 172.22.22.10 172.22.22.40 ], domain name [ sjc.aristanetworks.com
], and WINS server(s) [ ]
2012-07-12 23:43:35 *Tunnelblick client.up.tunnelblick.sh: Up to two 'No such
key' warnings are normal and may be ignored
2012-07-12 23:43:35 *Tunnelblick client.up.tunnelblick.sh: Saved the DNS and
WINS configurations for later use
2012-07-12 23:43:35 *Tunnelblick client.up.tunnelblick.sh: Set up to monitor
system configuration with process-network-changes
2012-07-12 23:43:36 *Tunnelblick: Flushed the DNS cache
Original comment by wei....@gmail.com on 13 Jul 2012 at 6:46
GoogleCodeExporter
commented
9 years ago I followed the instructions to ignore the changes to "Search domain". Now it
doesn't disconnect and reconnect, but as ani pointed out DNS isn't working. But
I had some interesting findings. The file /etc/resolv.conf is correctly
populated, and nslookup works fine. Other programs presumably don't get DNS
servers from that file so are not working. When I looked at the DNS servers in
the Systems Settings program, the servers were listed but in grey color. As
soon as I clicked the + button, the servers disappeared and I had to add them
back manually. After I added them back everything was working fine.
Below is the log after I ignored the changes to "Search Domain":
2012-07-12 23:58:33 *Tunnelblick: OS X 10.8.0; Tunnelblick 3.3beta06 (build
3028) Unsigned
2012-07-12 23:58:33 *Tunnelblick: Attempting connection with Arista-UDP-Corp;
Set nameserver = 1; monitoring connection
2012-07-12 23:58:33 *Tunnelblick:
/Applications/Tunnelblick.app/Contents/Resources/openvpnstart start
Arista-UDP-Corp.conf 1338 1 0 0 0 49 -atDANGWrdasngw
2012-07-12 23:58:33 *Tunnelblick: openvpnstart message: Loading tun.kext
2012-07-12 23:58:33 OpenVPN 2.3-alpha1 i386-apple-darwin10.7.1 [SSL (OpenSSL)]
[LZO2] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110522-1 (2.2.0)] built on
May 3 2012
2012-07-12 23:58:33 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1338
2012-07-12 23:58:33 Need hold release from management interface, waiting...
2012-07-12 23:58:33 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1338
2012-07-12 23:58:33 MANAGEMENT: CMD 'pid'
2012-07-12 23:58:33 MANAGEMENT: CMD 'state on'
2012-07-12 23:58:33 MANAGEMENT: CMD 'state'
2012-07-12 23:58:33 MANAGEMENT: CMD 'bytecount 1'
2012-07-12 23:58:33 MANAGEMENT: CMD 'hold release'
2012-07-12 23:58:33 MANAGEMENT: CMD 'username "Auth" "wei@aristanetworks.com"'
2012-07-12 23:58:33 MANAGEMENT: CMD 'password [...]'
2012-07-12 23:58:33 WARNING: No server certificate verification method has been
enabled. See http://openvpn.net/howto.html#mitm for more info.
2012-07-12 23:58:33 NOTE: the current --script-security setting may allow this
configuration to call user-defined scripts
2012-07-12 23:58:33 Socket Buffers: R=[196724->65536] S=[9216->65536]
2012-07-12 23:58:33 UDPv4 link local (bound): [undef]
2012-07-12 23:58:33 UDPv4 link remote: [AF_INET]4.53.128.220:1196
2012-07-12 23:58:33 MANAGEMENT: >STATE:1342162713,WAIT,,,
2012-07-12 23:58:33 MANAGEMENT: >STATE:1342162713,AUTH,,,
2012-07-12 23:58:33 TLS: Initial packet from [AF_INET]4.53.128.220:1196,
sid=eab6d54e a021d91c
2012-07-12 23:58:33 WARNING: this configuration may cache passwords in memory
-- use the auth-nocache option to prevent this
2012-07-12 23:58:33 *Tunnelblick: openvpnstart starting OpenVPN:
* /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3-alpha1/openvpn --cd /Users/wei/Library/Application Support/Tunnelblick/Configurations --daemon --management 127.0.0.1 1338 --config /Users/wei/Library/Application Support/Tunnelblick/Configurations/Arista-UDP-Corp.conf --log /Library/Application Support/Tunnelblick/Logs/-SUsers-Swei-SLibrary-SApplication Support-STunnelblick-SConfigurations-SArista--UDP--Corp.conf.1_0_0_0_49.1338.openvpn.log --management-query-passwords --management-hold --script-security 2 --up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -atDANGWrdasngw --down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -atDANGWrdasngw --up-restart --route-pre-down /Applications/Tunnelblick.app/Contents/Resources/client.route-pre-down.tunnelblick.sh -m -w -d -atDANGWrdasngw
2012-07-12 23:58:34 VERIFY OK: depth=1, C=US, ST=California, L=Santa Clara,
O=Aristanetworks, emailAddress=it-support@aristanetworks.com,
CN=AristaNetworksVPN
2012-07-12 23:58:34 VERIFY OK: depth=0, C=US, ST=California, L=Santa Clara,
O=Aristanetworks, emailAddress=it-support@aristanetworks.com,
CN=AristanetworksVPN
2012-07-12 23:58:34 TLS Error: local/remote TLS keys are out of sync:
[AF_INET]4.53.128.220:1196 [0]
2012-07-12 23:58:34 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with
128 bit key
2012-07-12 23:58:34 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for
HMAC authentication
2012-07-12 23:58:34 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with
128 bit key
2012-07-12 23:58:34 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for
HMAC authentication
2012-07-12 23:58:34 Control Channel: TLSv1, cipher TLSv1/SSLv3
DHE-RSA-AES256-SHA, 2048 bit RSA
2012-07-12 23:58:34 [AristanetworksVPN] Peer Connection Initiated with
[AF_INET]4.53.128.220:1196
2012-07-12 23:58:35 MANAGEMENT: >STATE:1342162715,GET_CONFIG,,,
2012-07-12 23:58:36 SENT CONTROL [AristanetworksVPN]: 'PUSH_REQUEST' (status=1)
2012-07-12 23:58:36 PUSH: Received control message: 'PUSH_REPLY,route
172.16.0.0 255.240.0.0,dhcp-option DOMAIN sjc.aristanetworks.com,dhcp-option
DNS 172.22.22.10,dhcp-option DNS 172.22.22.40,dhcp-option NTP
172.22.22.50,route 10.0.0.0 255.255.255.0,route 10.1.0.0 255.255.255.0,route
10.60.20.0 255.255.255.0,route 10.190.241.0 255.255.255.0,route 10.255.250.0
255.255.255.0,route 10.255.252.0 255.255.254.0,dhcp-option DOMAIN
aristanetworks.com,dhcp-option DOMAIN sjc.aristanetworks.com,route 172.22.132.0
255.255.252.0,topology net30,ping 10,ping-restart 60,ifconfig 172.22.132.22
172.22.132.21'
2012-07-12 23:58:36 OPTIONS IMPORT: timers and/or timeouts modified
2012-07-12 23:58:36 OPTIONS IMPORT: --ifconfig/up options modified
2012-07-12 23:58:36 OPTIONS IMPORT: route options modified
2012-07-12 23:58:36 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options
modified
2012-07-12 23:58:36 ROUTE_GATEWAY 192.168.11.1/255.255.255.0 IFACE=en1
HWADDR=e0:f8:47:07:ff:26
2012-07-12 23:58:36 TUN/TAP device /dev/tun0 opened
2012-07-12 23:58:36 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
2012-07-12 23:58:36 MANAGEMENT: >STATE:1342162716,ASSIGN_IP,,172.22.132.22,
2012-07-12 23:58:36 /sbin/ifconfig tun0 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2012-07-12 23:58:36 NOTE: Tried to delete pre-existing tun/tap instance -- No
Problem if failure
2012-07-12 23:58:36 /sbin/ifconfig tun0 172.22.132.22 172.22.132.21 mtu 1500
netmask 255.255.255.255 up
2012-07-12 23:58:36
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w
-d -atDANGWrdasngw tun0 1500 1558 172.22.132.22 172.22.132.21 init
No such key
2012-07-12 23:58:38 MANAGEMENT: >STATE:1342162718,ADD_ROUTES,,,
2012-07-12 23:58:38 /sbin/route add -net 172.16.0.0 172.22.132.21 255.240.0.0
add net 172.16.0.0: gateway 172.22.132.21
2012-07-12 23:58:38 /sbin/route add -net 10.0.0.0 172.22.132.21 255.255.255.0
add net 10.0.0.0: gateway 172.22.132.21
2012-07-12 23:58:38 /sbin/route add -net 10.1.0.0 172.22.132.21 255.255.255.0
add net 10.1.0.0: gateway 172.22.132.21
2012-07-12 23:58:38 /sbin/route add -net 10.60.20.0 172.22.132.21 255.255.255.0
add net 10.60.20.0: gateway 172.22.132.21
2012-07-12 23:58:38 /sbin/route add -net 10.190.241.0 172.22.132.21
255.255.255.0
add net 10.190.241.0: gateway 172.22.132.21
2012-07-12 23:58:38 /sbin/route add -net 10.255.250.0 172.22.132.21
255.255.255.0
add net 10.255.250.0: gateway 172.22.132.21
2012-07-12 23:58:38 /sbin/route add -net 10.255.252.0 172.22.132.21
255.255.254.0
add net 10.255.252.0: gateway 172.22.132.21
2012-07-12 23:58:38 /sbin/route add -net 172.22.132.0 172.22.132.21
255.255.252.0
add net 172.22.132.0: gateway 172.22.132.21
2012-07-12 23:58:38 Initialization Sequence Completed
2012-07-12 23:58:38 MANAGEMENT:
>STATE:1342162718,CONNECTED,SUCCESS,172.22.132.22,4.53.128.220
2012-07-12 23:58:38 *Tunnelblick client.up.tunnelblick.sh: Unknown:
'foreign_option_4' = 'dhcp-option NTP 172.22.22.50'
2012-07-12 23:58:38 *Tunnelblick client.up.tunnelblick.sh: Retrieved name
server(s) [ 172.22.22.10 172.22.22.40 ], domain name [ sjc.aristanetworks.com
], and WINS server(s) [ ]
2012-07-12 23:58:38 *Tunnelblick client.up.tunnelblick.sh: Up to two 'No such
key' warnings are normal and may be ignored
2012-07-12 23:58:38 *Tunnelblick client.up.tunnelblick.sh: Saved the DNS and
WINS configurations for later use
2012-07-12 23:58:38 *Tunnelblick client.up.tunnelblick.sh: Set up to monitor
system configuration with process-network-changes
OpenVPN started successfully. Command used to start OpenVPN (one argument per
displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3-alpha1/openvpn
--cd
/Users/wei/Library/Application Support/Tunnelblick/Configurations
--daemon
--management
127.0.0.1
1338
--config
/Users/wei/Library/Application Support/Tunnelblick/Configurations/Arista-UDP-Corp.conf
--log
/Library/Application Support/Tunnelblick/Logs/-SUsers-Swei-SLibrary-SApplication Support-STunnelblick-SConfigurations-SArista--UDP--Corp.conf.1_0_0_0_49.1338.openvpn.log
--management-query-passwords
--management-hold
--script-security
2
--up
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -atDANGWrdasngw
--down
/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -atDANGWrdasngw
--up-restart
--route-pre-down
/Applications/Tunnelblick.app/Contents/Resources/client.route-pre-down.tunnelblick.sh -m -w -d -atDANGWrdasngw
2012-07-12 23:58:33 *Tunnelblick: Established communication with OpenVPN
2012-07-12 23:58:33 *Tunnelblick: Obtained VPN username and password from the
Keychain
2012-07-12 23:58:38 *Tunnelblick: Flushed the DNS cache
2012-07-12 23:59:13 *Tunnelblick process-network-changes: SearchDomains changed
from
*
* to
* <array> {
* 0 : sjc.aristanetworks.com
* 1 : aristanetworks.com
* }
* pre-VPN was
*
2012-07-12 23:59:13 *Tunnelblick process-network-changes: A system
configuration change was ignored because it was not relevant
2012-07-13 00:02:25 *Tunnelblick process-network-changes: SearchDomains changed
from
*
* to
* <array> {
* 0 : sjc.aristanetworks.com
* 1 : aristanetworks.com
* }
* pre-VPN was
*
2012-07-13 00:02:25 *Tunnelblick process-network-changes: A system
configuration change was ignored because it was not relevant
2012-07-13 00:02:35 *Tunnelblick process-network-changes: SearchDomains changed
from
*
* to
* <array> {
* 0 : sjc.aristanetworks.com
* 1 : aristanetworks.com
* }
* pre-VPN was
*
2012-07-13 00:02:35 *Tunnelblick process-network-changes: A system
configuration change was ignored because it was not relevant
Original comment by wei....@gmail.com on 13 Jul 2012 at 7:07
GoogleCodeExporter
commented
9 years ago yes, I reinstalled Mountain lion gold master on a different mac and I get the
same DNS push messages in the log. In the network advanced settings, I see the
DNS servers populated. Yet DNS does not seem to work. I have to manually add
google's DNS servers to browse the internet. Local company servers can't be
reached through their names. Only through IPs.Original comment by a...@arista.com on 16 Jul 2012 at 1:08
GoogleCodeExporter
commented
9 years ago yes, /etc/resolv.conf is correctly populated with the DNS server IPs. So I did
a tcpdump and I see lots of bad checksums on outgoing DNS queries :
18:31:10.707470 IP (tos 0x0, ttl 255, id 23459, offset 0, flags [none], proto
UDP (17), length 65, bad cksum 0 (->dcb5)!)
192.168.0.108.65105 > 172.22.22.40.domain: [bad udp cksum 7b4b!] 20474+ A? calendar.google.com. (37)
18:30:54.799146 IP (tos 0x0, ttl 255, id 33201, offset 0, flags [none], proto
UDP (17), length 71, bad cksum 0 (->b6a1)!)
192.168.0.108.65420 > 172.22.22.40.domain: [bad udp cksum 20de!] 60609+ A? caldav.calendar.yahoo.com. (43)
18:30:55.799332 IP (tos 0x0, ttl 255, id 36235, offset 0, flags [none], proto
UDP (17), length 74, bad cksum 0 (->aac4)!)
192.168.0.108.50339 > 172.22.22.40.domain: [bad udp cksum 6aeb!] 17985+ A? bs222.sjc.aristanetworks.com. (46)
18:30:56.978000 IP (tos 0x0, ttl 255, id 18687, offset 0, flags [none], proto
UDP (17), length 72, bad cksum 0 (->ef70)!)
192.168.0.108.57720 > 172.22.22.10.domain: [bad udp cksum ccb1!] 42665+ PTR? 108.0.168.192.in-addr.arpa. (44)
18:30:57.678893 IP (tos 0x0, ttl 255, id 8914, offset 0, flags [none], proto
UDP (17), length 65, bad cksum 0 (->15a5)!)
192.168.0.108.65105 > 172.22.22.10.domain: [bad udp cksum b74b!] 20474+ A? calendar.google.com. (37)
18:30:57.805769 IP (tos 0x0, ttl 255, id 39347, offset 0, flags [none], proto
UDP (17), length 71, bad cksum 0 (->9ebd)!)
192.168.0.108.65420 > 172.22.22.10.domain: [bad udp cksum 5cde!] 60609+ A? caldav.calendar.yahoo.com. (43)
18:30:57.981204 IP (tos 0x0, ttl 255, id 9902, offset 0, flags [none], proto
UDP (17), length 72, bad cksum 0 (->11c2)!)
192.168.0.108.57720 > 172.22.22.10.domain: [bad udp cksum ccb1!] 42665+ PTR? 108.0.168.192.in-addr.arpa. (44)
18:30:58.682282 IP (tos 0x0, ttl 255, id 44945, offset 0, flags [none], proto
UDP (17), length 65, bad cksum 0 (->88e5)!)
192.168.0.108.65105 > 172.22.22.10.domain: [bad udp cksum b74b!] 20474+ A? calendar.google.com. (37)
Original comment by a...@arista.com on 16 Jul 2012 at 1:41
GoogleCodeExporter
commented
9 years ago any updates on this?Original comment by a...@arista.com on 16 Jul 2012 at 6:57
GoogleCodeExporter
commented
9 years ago No, when there's news I'll post it here.
I thought the DNS problems may be related to specific options in the
configuration file or pushed from the server. But the bad checksums points
to OpenVPN or the tun/tap kexts.
Has everyone tried using OpenVPN 2.2.1? (It's on the Preferences panel of
the VPN Details… window.)Original comment by jkbull...@gmail.com on 16 Jul 2012 at 7:46
GoogleCodeExporter
commented
9 years ago does the tun/tap kos maintained by Apple or buy tunnelblick?Original comment by a...@arista.com on 16 Jul 2012 at 9:06
GoogleCodeExporter
commented
9 years ago Neither one. It is maintained by the TunTap
Project<http://tuntaposx.sourceforge.net/>
.Original comment by jkbull...@gmail.com on 16 Jul 2012 at 9:11
GoogleCodeExporter
commented
9 years ago I tried OpenVPN 2.2.1 and same result.Original comment by a...@arista.com on 17 Jul 2012 at 3:05
GoogleCodeExporter
commented
9 years ago Seems like tun/tap project does not even have a supported download for Lion!Original comment by a...@arista.com on 17 Jul 2012 at 3:13
GoogleCodeExporter
commented
9 years ago One another update. I am observing the same issue with viscocity as well. This
confirms that this issue is not related to TunnelBlick alone. What is a good
forum to discuss this problem?Original comment by a...@arista.com on 17 Jul 2012 at 3:33
GoogleCodeExporter
commented
9 years ago Tunnelblick uses the 2011-11-01 version, but creates a custom build for
PPC/Intel with 32/64-bit kernels. That build works on Lion without any
problem.
The major change from Snow Leopard to Lion was that the 64-bit kernel
became the default on most Macs. So the 64-bit Tuntap for Snow Leopard
works in Lion.Original comment by jkbull...@gmail.com on 17 Jul 2012 at 3:33
GoogleCodeExporter
commented
9 years ago Sorry, spoke too soon. Viscocity has a beta version for Mountain Lion (1.4b11
released 14 July 2012) that works perfectly for Mountain Lion.
Original comment by a...@arista.com on 17 Jul 2012 at 3:44
GoogleCodeExporter
commented
9 years ago So what broke between Lion and Mountain Lion?Original comment by a...@arista.com on 17 Jul 2012 at 3:45
GoogleCodeExporter
commented
9 years ago An observation: I noticed the traffic towards the DNS server doesn't look like
it's going through the tunnel, even though the routing table tells it to. This
only applies when using ping/telnet etc., not dig.
Original comment by fred...@skolmli.no on 25 Jul 2012 at 4:31
GoogleCodeExporter
commented
9 years ago now that mountain lion has been released officially, lot more people will start
to see this issue.
Original comment by a...@arista.com on 25 Jul 2012 at 6:26
GoogleCodeExporter
commented
9 years ago I can confirm that when I chose "Set Nameserver (3.0b10)" from vpn details
menu, my DNS is working. My tunnelblick version is Tunnelblick 3.3beta10
(build 3048)Original comment by a...@arista.com on 26 Jul 2012 at 3:44
GoogleCodeExporter
commented
9 years ago Same issue here :/Original comment by fprete...@gmail.com on 26 Jul 2012 at 6:14
GoogleCodeExporter
commented
9 years ago I can also confirm that it is working after I chose and applied "Set Nameserver
(3.0b10)" via the VPN details menu. DNS seems to resolve just fine now.
Running Tunnelblick 3.2.5 (build 2891.3004) - OpenVPN 2.2.1Original comment by bjo...@gmail.com on 26 Jul 2012 at 3:27
GoogleCodeExporter
commented
9 years ago This was working fine under Lion, just upgraded to ML and now it
connects/disconnects.
2012-07-26 13:37:47 OpenVPN 2.2.1 i386-apple-darwin10.7.1 [SSL] [LZO2] [PKCS11]
[eurephia] built on May 2 2012
2012-07-26 13:37:47 MANAGEMENT: TCP Socket listening on 127.0.0.1:1337
2012-07-26 13:37:47 NOTE: the current --script-security setting may allow this
configuration to call user-defined scripts
2012-07-26 13:37:47 WARNING: file 'user.key' is group or others accessible
2012-07-26 13:37:47 LZO compression initialized
2012-07-26 13:37:47 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0
EL:0 ]
2012-07-26 13:37:47 Socket Buffers: R=[196724->65536] S=[9216->65536]
2012-07-26 13:37:47 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0
EL:0 AF:3/1 ]
2012-07-26 13:37:47 Local Options hash (VER=V4): '22188c5b'
2012-07-26 13:37:47 Expected Remote Options hash (VER=V4): 'a8f55717'
2012-07-26 13:37:47 UDPv4 link local: [undef]
2012-07-26 13:37:47 UDPv4 link remote: 178.248.29.132:443
2012-07-26 13:37:47 write UDPv4: No route to host (code=65)
2012-07-26 13:37:47 *Tunnelblick: openvpnstart:
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.2.1/openvpn
--cd /Library/Application
Support/Tunnelblick/Shared/AirVPN.tblk/Contents/Resources --daemon --management
127.0.0.1 1337 --config /Library/Application
Support/Tunnelblick/Shared/AirVPN.tblk/Contents/Resources/config.ovpn --log
/Library/Application Support/Tunnelblick/Logs/-SLibrary-SApplication
Support-STunnelblick-SShared-SAirVPN.tblk-SContents-SResources-Sconfig.ovpn.1_0_
3_0_49.1337.openvpn.log --script-security 2 --up
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w
-d -atDASNGWrdasngw --down
/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m
-w -d -atDASNGWrdasngw --up-restart
2012-07-26 13:37:49 write UDPv4: No route to host (code=65)
2012-07-26 13:37:54 TLS: Initial packet from 178.248.29.132:443, sid=763c0569
e191ec80
2012-07-26 13:37:55 VERIFY OK: depth=1,
/C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org
2012-07-26 13:37:55 VERIFY OK: nsCertType=SERVER
2012-07-26 13:37:55 VERIFY OK: depth=0,
/C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org
2012-07-26 13:37:58 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with
256 bit key
2012-07-26 13:37:58 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for
HMAC authentication
2012-07-26 13:37:58 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with
256 bit key
2012-07-26 13:37:58 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for
HMAC authentication
2012-07-26 13:37:58 Control Channel: TLSv1, cipher TLSv1/SSLv3
DHE-RSA-AES256-SHA, 2048 bit RSA
2012-07-26 13:37:58 [server] Peer Connection Initiated with 178.248.29.132:443
2012-07-26 13:38:00 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2012-07-26 13:38:05 *Tunnelblick: OS X 10.8.0; Tunnelblick 3.2.6 (build
2891.3007) Unsigned
2012-07-26 13:38:05 MANAGEMENT: Client connected from 127.0.0.1:1337
2012-07-26 13:38:05 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2012-07-26 13:38:06 *Tunnelblick: Established communication with OpenVPN
2012-07-26 13:38:06 MANAGEMENT: CMD 'pid'
2012-07-26 13:38:06 MANAGEMENT: CMD 'state on'
2012-07-26 13:38:06 MANAGEMENT: CMD 'state'
2012-07-26 13:38:06 MANAGEMENT: CMD 'hold release'
2012-07-26 13:38:06 PUSH: Received control message:
'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.4.0.1,comp-lzo no,route
10.4.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.4.13.190
10.4.13.189'
2012-07-26 13:38:06 OPTIONS IMPORT: timers and/or timeouts modified
2012-07-26 13:38:06 OPTIONS IMPORT: LZO parms modified
2012-07-26 13:38:06 OPTIONS IMPORT: --ifconfig/up options modified
2012-07-26 13:38:06 OPTIONS IMPORT: route options modified
2012-07-26 13:38:06 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options
modified
2012-07-26 13:38:06 ROUTE default_gateway=192.168.15.1
2012-07-26 13:38:06 TUN/TAP device /dev/tun0 opened
2012-07-26 13:38:06 MANAGEMENT: >STATE:1343324286,ASSIGN_IP,,10.4.13.190,
2012-07-26 13:38:06 /sbin/ifconfig tun0 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2012-07-26 13:38:06 NOTE: Tried to delete pre-existing tun/tap instance -- No
Problem if failure
2012-07-26 13:38:06 /sbin/ifconfig tun0 10.4.13.190 10.4.13.189 mtu 1500
netmask 255.255.255.255 up
2012-07-26 13:38:06
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w
-d -atDASNGWrdasngw tun0 1500 1558 10.4.13.190 10.4.13.189 init
No such key
2012-07-26 13:38:08 *Tunnelblick: Flushed the DNS cache
2012-07-26 13:38:08 /sbin/route add -net 178.248.29.132 192.168.15.1
255.255.255.255
add net 178.248.29.132: gateway 192.168.15.1
2012-07-26 13:38:08 /sbin/route add -net 0.0.0.0 10.4.13.189 128.0.0.0
add net 0.0.0.0: gateway 10.4.13.189
2012-07-26 13:38:08 /sbin/route add -net 128.0.0.0 10.4.13.189 128.0.0.0
add net 128.0.0.0: gateway 10.4.13.189
2012-07-26 13:38:08 MANAGEMENT: >STATE:1343324288,ADD_ROUTES,,,
2012-07-26 13:38:08 /sbin/route add -net 10.4.0.1 10.4.13.189 255.255.255.255
add net 10.4.0.1: gateway 10.4.13.189
2012-07-26 13:38:08 Initialization Sequence Completed
2012-07-26 13:38:08 MANAGEMENT:
>STATE:1343324288,CONNECTED,SUCCESS,10.4.13.190,178.248.29.132
2012-07-26 13:38:08 *Tunnelblick client.up.tunnelblick.sh: Retrieved name
server(s) [ 10.4.0.1 ] and WINS server(s) [ ] and using default domain name [
openvpn ]
2012-07-26 13:38:08 *Tunnelblick client.up.tunnelblick.sh: Up to two 'No such
key' warnings are normal and may be ignored
2012-07-26 13:38:08 *Tunnelblick client.up.tunnelblick.sh: Saved the DNS and
WINS configurations for later use
2012-07-26 13:38:08 *Tunnelblick client.up.tunnelblick.sh: Set up to monitor
system configuration with process-network-changes
2012-07-26 13:38:22 PUSH: Received control message:
'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.4.0.1,comp-lzo no,route
10.4.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.4.13.190
10.4.13.189'
2012-07-26 13:39:12 *Tunnelblick process-network-changes: SearchDomains changed
from
*
* to
* <array> {
* 0 : openvpn
* }
* pre-VPN was
*
2012-07-26 13:39:12 *Tunnelblick process-network-changes: SearchDomains
changed; sending USR1 to OpenVPN (process ID 120) to restart the connection.
2012-07-26 13:39:13 event_wait : Interrupted system call (code=4)
2012-07-26 13:39:13 TCP/UDP: Closing socket
2012-07-26 13:39:13 /sbin/route delete -net 10.4.0.1 10.4.13.189 255.255.255.255
delete net 10.4.0.1: gateway 10.4.13.189
2012-07-26 13:39:13 /sbin/route delete -net 178.248.29.132 192.168.15.1
255.255.255.255
delete net 178.248.29.132: gateway 192.168.15.1
2012-07-26 13:39:13 /sbin/route delete -net 0.0.0.0 10.4.13.189 128.0.0.0
delete net 0.0.0.0: gateway 10.4.13.189
2012-07-26 13:39:13 /sbin/route delete -net 128.0.0.0 10.4.13.189 128.0.0.0
delete net 128.0.0.0: gateway 10.4.13.189
2012-07-26 13:39:13 Closing TUN/TAP interface
2012-07-26 13:39:13
/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m
-w -d -atDASNGWrdasngw tun0 1500 1558 10.4.13.190 10.4.13.189 init
2012-07-26 13:39:13 SIGUSR1[hard,] received, process restarting
2012-07-26 13:39:13 MANAGEMENT: >STATE:1343324353,RECONNECTING,SIGUSR1,,
2012-07-26 13:39:13 Restart pause, 2 second(s)
2012-07-26 13:39:13 MANAGEMENT: CMD 'hold release'
2012-07-26 13:39:13 *Tunnelblick client.down.tunnelblick.sh: Cancelled
monitoring of system configuration changes
2012-07-26 13:39:13 *Tunnelblick client.down.tunnelblick.sh: Restored the DNS
and WINS configurations
2012-07-26 13:39:15 NOTE: the current --script-security setting may allow this
configuration to call user-defined scripts
2012-07-26 13:39:15 WARNING: file 'user.key' is group or others accessible
2012-07-26 13:39:15 LZO compression initialized
2012-07-26 13:39:15 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0
EL:0 ]
2012-07-26 13:39:15 Socket Buffers: R=[196724->65536] S=[9216->65536]
2012-07-26 13:39:15 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0
EL:0 AF:3/1 ]
2012-07-26 13:39:15 Local Options hash (VER=V4): '22188c5b'
2012-07-26 13:39:15 Expected Remote Options hash (VER=V4): 'a8f55717'
2012-07-26 13:39:15 UDPv4 link local: [undef]
2012-07-26 13:39:15 UDPv4 link remote: 178.248.29.132:443
2012-07-26 13:39:15 MANAGEMENT: >STATE:1343324355,WAIT,,,
2012-07-26 13:39:15 MANAGEMENT: >STATE:1343324355,AUTH,,,
2012-07-26 13:39:15 TLS: Initial packet from 178.248.29.132:443, sid=13d69e89
29dd3e25
2012-07-26 13:39:16 VERIFY OK: depth=1,
/C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org
2012-07-26 13:39:16 VERIFY OK: nsCertType=SERVER
2012-07-26 13:39:16 VERIFY OK: depth=0,
/C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org
2012-07-26 13:39:23 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with
256 bit key
2012-07-26 13:39:23 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for
HMAC authentication
2012-07-26 13:39:23 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with
256 bit key
2012-07-26 13:39:23 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for
HMAC authentication
2012-07-26 13:39:23 Control Channel: TLSv1, cipher TLSv1/SSLv3
DHE-RSA-AES256-SHA, 2048 bit RSA
2012-07-26 13:39:23 [server] Peer Connection Initiated with 178.248.29.132:443
2012-07-26 13:39:24 MANAGEMENT: >STATE:1343324364,GET_CONFIG,,,
2012-07-26 13:39:26 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2012-07-26 13:39:26 AUTH: Received AUTH_FAILED control message
2012-07-26 13:39:26 SIGTERM received, sending exit notification to peer
2012-07-26 13:39:27 *Tunnelblick: Disconnecting; user cancelled authorization
or there was an error obtaining authorization
2012-07-26 13:39:27 event_wait : Interrupted system call (code=4)
2012-07-26 13:39:27 TCP/UDP: Closing socket
2012-07-26 13:39:27 SIGTERM[hard,] received, process exiting
2012-07-26 13:39:27 MANAGEMENT: >STATE:1343324367,EXITING,SIGTERM,,
2012-07-26 13:39:28 *Tunnelblick: Flushed the DNS cache
Original comment by trhud...@gmail.com on 26 Jul 2012 at 5:45
Original issue reported on code.google.com by
jkbull...@gmail.comon 26 Mar 2012 at 2:33