tunnelblick incorrectly sets default gateway when "redirect-gateway def1" set on "tap" vpn

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Connect to a server using "tap" with "redirect-gateway def1" set
2. After connecting, try to access the Internet

What is the expected output? What do you see instead?
Internet web pages are expected, but Safari cannot connect.

What version of Tunnelblick are you using? On what version of OS X? PPC or
Intel?

Tunnelblick 3.0b16 build 575, Mac OS X 10.5.8, Intel (Unibody MacBook Pro)

Please provide any additional information below.

I am using the "tap" interface so that my Mac can access all services on my
home network.  Also, I'm using redirect-gateway to make sure that the hotel
doesn't know that I search for images of "Miranda Kerr smile" in my spare
time...

When I connect with tunnelblick, I have no IP address, and I use "ipconfig
set tap0 DHCP" to get one.  It would be cool if tunnelblick had an option
for this, similar to the DNS checkbox, but for now I can just put it in an
"up" script.  Once I have an IP address, I can access machines on my home
network but not on the Internet.

I noticed the following two lines in my netstat -nr output on my Mac after
connecting (10.0.0.1 is the gateway inside my home network):

Destination        Gateway            Flags    Refs      Use  Netif Expire
0/1                10.0.0.1           UGSc       49       68    en1
128.0/1            10.0.0.1           UGSc       10       12    en1

These two routes correspond to the "new default gateway" for the
"redirect-gateway def1" option as defined in the man page.  The problem is
the en1 network interface designation - it should be tap0.  If I issue the
following commands after I connect, everything works great:

sudo ipconfig set tap0 DHCP     // see above
sudo route delete 0/1
sudo route delete 128.0/1
sudo route add 0/1 10.0.0.1
sudo route add 128.0/1 10.0.0.1

Now those two lines look like this:

Destination        Gateway            Flags    Refs      Use  Netif Expire
0/1                10.0.0.1           UGSc       49       68   tap0
128.0/1            10.0.0.1           UGSc       10       12   tap0

Somehow, tunnelblick needs to ensure that the 0/1 and 128.0/1 routes are
associated with the tap0 interface when created, rather than the original
network interface.

Original issue reported on code.google.com by mikepel...@gmail.com on 11 Sep 2009 at 4:03

[GoogleCodeExporter]

After trying to create a custom up script to workaround this problem, I have 
some
more information.  "route add 0/1 10.0.0.1" will attach to en1 (in my setup) 
until an
entry like "10/24     link#9     UCS      1   0   tap0" exists in the route 
table. 
This is created once the DHCP command "ipconfig set tap0 DHCP" successfully 
gets an
IP address from the DHCP server.

It would appear that, in order for Tunnelbrick (or openvpn) to add these routes
correctly, they would have to integrate DHCP into the tap configuration so it 
can
wait until DHCP is complete before adding the routes.  Perhaps as an interim 
step
Tunnelbrick could move the "redirect-gateway def1" route creation into a shell
script.  If I can figure out how to create a "correct" up script that waits for 
DHCP
before adding the routes I will post it here.

Original comment by mikepel...@gmail.com on 11 Sep 2009 at 9:49

[GoogleCodeExporter]

Please try "Set nameserver (alternate 1)" in Tunnelblick 3.1beta18.

Original comment by jkbull...@gmail.com on 18 Oct 2010 at 10:49

[GoogleCodeExporter]

Original comment by jkbull...@gmail.com on 31 Oct 2010 at 12:43

• Changed state: Abandoned

[GoogleCodeExporter]

have similar issue. after I connect to vpn server I got default route. but the 
interface is not correct. in my case:
0/1                192.168.7.2        UGSc           18        0     en1
default            10.12.0.1          UGSc           16       41     en1

should be (I think)

0/1                192.168.7.2        UGSc           18        0     tap0
default            10.12.0.1          UGSc           16       41     en1

OS X: 10.8.4
Tunnelblick 3.3.0 (build 3518)

Original comment by artem.zo...@gmail.com on 6 Aug 2013 at 5:15

[GoogleCodeExporter]

Artem -

If you are having a problem with Tunnelblick, please include the following with 
your question.

     * The entire contents of the Tunnelblick log;
     * The contents of your configuration file; and
     * The end of the Console log.

Be sure to X out any sensitive information such as server IP addresses.

Use the "Copy Diagnostic Info to the Clipboard" button on the "Log" tab of the 
"Configurations" panel of the "VPN Details…" window to copy all of this to 
the Clipboard, then paste it into an email or web form and edit out sensitive 
information.

Original comment by jkbull...@gmail.com on 6 Aug 2013 at 8:25