I have been really trying to figure out a solution but I can't really find one apparently tailored to my exact situation. So my VPN connects just fine (running off of a raspberrypi) but once I am connected I can no longer connect to the internet and Tunnelblick (3.5.5) states
After connecting to client, the Internet does not appear to be reachable.
I removed my firewall just for testing purposes to see if that was the issue but I haven’t been able to connect still.
I found a few things from adding a cipher to setting the nameserver to topic14286.html and I have yet to find a solution so I am here to ask for some help. Maybe I'm missing something completely obvious, I don't know, but I'm hoping someone can point me in the right direction. Thank you!
Here's all the info I have. Please ask if anything else is needed.
server.conf
Code: Select all
port 1194
proto udp
dev tun
ca ca.crt
cert phungyou.crt
key phungyou.key
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
Client
Code: Select all
client
dev tun
proto udp
remote my_public_ip 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ca ca.crt
cert Marylyn.crt
key Marylyn.key
ns-cert-type server
comp-lzo
verb 3
<cert>
Code: Select all
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- c-My-public-ip.hsd1.ut.comcast.net anywhere
Code: Select all
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -p udp -m udp --dport 1194 -j ACCEPT
-A INPUT -i tun+ -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i tun+ -j ACCEPT
-A FORWARD -o eth0 -m state --state NEW -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -m state --state NEW -j ACCEPT
-A OUTPUT -o eth0 -m state --state NEW -j ACCEPT
Code: Select all
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:openvpn
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state NEW
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state NEW
ACCEPT all -- anywhere anywhere state NEW
Code: Select all
net.ipv4.ip_forward = 1
Code: Select all
Jan 7 01:17:55 phungyoubich ovpn-server[1033]: Marylyn/My.Public.Ip.Add:47663 [Marylyn] Inactivity timeoVT (--ping-restart), restarting
Jan 7 01:17:55 phungyoubich ovpn-server[1033]: Marylyn/My.Public.Ip.Add:47663 SIGUSR1[soft,ping-restart] received, client-instance restarting
Jan 7 01:18:31 phungyoubich ovpn-server[1033]: My.Public.Ip.Add:43408 TLS: Initial packet from [AF_INET]My.Public.Ip.Add:43408, sid=7ea1255e 26607b7f
Jan 7 01:18:31 phungyoubich rsyslogd-2007: action 'action 18' suspended, next retry is Thu Jan 7 01:19:31 2016 [try http://www.rsyslog.com/e/2007 ]
Jan 7 01:18:31 phungyoubich ovpn-server[1033]: My.Public.Ip.Add:43408 VERIFY OK: depth=1, C=US, ST=VT, L=NN, O=organi, OU=MyOrganizationalUnit, CN=organi CA, name=phungyou, emailAddress=email@mail.com
Jan 7 01:18:31 phungyoubich ovpn-server[1033]: My.Public.Ip.Add:43408 VERIFY OK: depth=0, C=US, ST=VT, L=NN, O=organi, OU=MyOrganizationalUnit, CN=Marylyn, name=phungyou, emailAddress=email@mail.com
Jan 7 01:18:32 phungyoubich ovpn-server[1033]: My.Public.Ip.Add:43408 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jan 7 01:18:32 phungyoubich ovpn-server[1033]: My.Public.Ip.Add:43408 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC aVThentication
Jan 7 01:18:32 phungyoubich ovpn-server[1033]: My.Public.Ip.Add:43408 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jan 7 01:18:32 phungyoubich ovpn-server[1033]: My.Public.Ip.Add:43408 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC aVThentication
Jan 7 01:18:32 phungyoubich ovpn-server[1033]: My.Public.Ip.Add:43408 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Jan 7 01:18:32 phungyoubich ovpn-server[1033]: My.Public.Ip.Add:43408 [Marylyn] Peer Connection Initiated with [AF_INET]My.Public.Ip.Add:43408
Jan 7 01:18:32 phungyoubich ovpn-server[1033]: Marylyn/My.Public.Ip.Add:43408 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Jan 7 01:18:32 phungyoubich ovpn-server[1033]: Marylyn/My.Public.Ip.Add:43408 MULTI: Learn: 10.8.0.6 -> Marylyn/My.Public.Ip.Add:43408
Jan 7 01:18:32 phungyoubich ovpn-server[1033]: Marylyn/My.Public.Ip.Add:43408 MULTI: primary virtual IP for Marylyn/My.Public.Ip.Add:43408: 10.8.0.6
Jan 7 01:18:34 phungyoubich ovpn-server[1033]: Marylyn/My.Public.Ip.Add:43408 PUSH: Received control message: 'PUSH_REQUEST'
Jan 7 01:18:34 phungyoubich ovpn-server[1033]: Marylyn/My.Public.Ip.Add:43408 send_push_reply(): safe_cap=940
Jan 7 01:18:34 phungyoubich ovpn-server[1033]: Marylyn/My.Public.Ip.Add:43408 SENT CONTROL [Marylyn]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,roVTe 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Jan 7 01:35:24 phungyoubich ovpn-server[1033]: My.Public.Ip.Add:44381 TLS: Initial packet from [AF_INET]My.Public.Ip.Add:44381, sid=1137e709 e1ee093e
Jan 7 01:35:24 phungyoubich rsyslogd-2007: action 'action 18' suspended, next retry is Thu Jan 7 01:36:24 2016 [try http://www.rsyslog.com/e/2007 ]
Jan 7 01:35:25 phungyoubich ovpn-server[1033]: My.Public.Ip.Add:44381 VERIFY OK: depth=1, C=US, ST=VT, L=NN, O=organi, OU=MyOrganizationalUnit, CN=organi CA, name=phungyou, emailAddress=email@mail.com
Jan 7 01:35:25 phungyoubich ovpn-server[1033]: My.Public.Ip.Add:44381 VERIFY OK: depth=0, C=US, ST=VT, L=NN, O=organi, OU=MyOrganizationalUnit, CN=Marylyn, name=phungyou, emailAddress=email@mail.com
Jan 7 01:35:25 phungyoubich ovpn-server[1033]: My.Public.Ip.Add:44381 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jan 7 01:35:25 phungyoubich ovpn-server[1033]: My.Public.Ip.Add:44381 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC aVThentication
Jan 7 01:35:25 phungyoubich ovpn-server[1033]: My.Public.Ip.Add:44381 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jan 7 01:35:25 phungyoubich ovpn-server[1033]: My.Public.Ip.Add:44381 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC aVThentication
Jan 7 01:35:25 phungyoubich ovpn-server[1033]: My.Public.Ip.Add:44381 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Jan 7 01:35:25 phungyoubich ovpn-server[1033]: My.Public.Ip.Add:44381 [Marylyn] Peer Connection Initiated with [AF_INET]My.Public.Ip.Add:44381
Jan 7 01:35:25 phungyoubich ovpn-server[1033]: MULTI: new connection by client 'Marylyn' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Jan 7 01:35:25 phungyoubich ovpn-server[1033]: MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Jan 7 01:35:25 phungyoubich ovpn-server[1033]: MULTI: Learn: 10.8.0.6 -> Marylyn/My.Public.Ip.Add:44381
Jan 7 01:35:25 phungyoubich ovpn-server[1033]: MULTI: primary virtual IP for Marylyn/My.Public.Ip.Add:44381: 10.8.0.6
Jan 7 01:35:27 phungyoubich ovpn-server[1033]: Marylyn/My.Public.Ip.Add:44381 PUSH: Received control message: 'PUSH_REQUEST'
Jan 7 01:35:27 phungyoubich ovpn-server[1033]: Marylyn/My.Public.Ip.Add:44381 send_push_reply(): safe_cap=940
Jan 7 01:35:27 phungyoubich ovpn-server[1033]: Marylyn/My.Public.Ip.Add:44381 SENT CONTROL [Marylyn]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,roVTe 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Code: Select all
2016-01-07 01:35:23 *Tunnelblick: OS X 10.11.2; Tunnelblick 3.5.5 (build 4270.4461)
2016-01-07 01:35:23 *Tunnelblick: Attempting connection with client; Set nameserver = 0; not monitoring connection
2016-01-07 01:35:23 *Tunnelblick: openvpnstart start client.tblk 1337 0 0 3 1 16688 -ptADGNWradsgnw 2.3.6
2016-01-07 01:35:24 *Tunnelblick: openvpnstart log:
OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.6/openvpn
--daemon
--log
/Library/Application Support/Tunnelblick/Logs/-SLibrary-SApplication Support-STunnelblick-SShared-Sclient.tblk-SContents-SResources-Sconfig.ovpn.0_0_3_1_16688.1337.openvpn.log
--cd
/Library/Application Support/Tunnelblick/Shared/client.tblk/Contents/Resources
--config
/Library/Application Support/Tunnelblick/Shared/client.tblk/Contents/Resources/config.ovpn
--cd
/Library/Application Support/Tunnelblick/Shared/client.tblk/Contents/Resources
--management
127.0.0.1
1337
--management-query-passwords
--management-hold
--script-security
2
2016-01-07 01:35:23 *Tunnelblick: openvpnstart starting OpenVPN
2016-01-07 01:35:24 OpenVPN 2.3.6 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Dec 4 2015
2016-01-07 01:35:24 library versions: OpenSSL 1.0.1q 3 Dec 2015, LZO 2.08
2016-01-07 01:35:24 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337
2016-01-07 01:35:24 Need hold release from management interface, waiting...
2016-01-07 01:35:24 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337
2016-01-07 01:35:24 MANAGEMENT: CMD 'pid'
2016-01-07 01:35:24 MANAGEMENT: CMD 'state on'
2016-01-07 01:35:24 MANAGEMENT: CMD 'state'
2016-01-07 01:35:24 MANAGEMENT: CMD 'bytecount 1'
2016-01-07 01:35:24 MANAGEMENT: CMD 'hold release'
2016-01-07 01:35:24 Socket Buffers: R=[196724->65536] S=[9216->65536]
2016-01-07 01:35:24 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
2016-01-07 01:35:24 UDPv4 link local: [undef]
2016-01-07 01:35:24 UDPv4 link remote: [AF_INET]my.public.ip.add:1194
2016-01-07 01:35:24 MANAGEMENT: >STATE:1452155724,WAIT,,,
2016-01-07 01:35:24 MANAGEMENT: >STATE:1452155724,AVTH,,,
2016-01-07 01:35:24 TLS: Initial packet from [AF_INET]my.public.ip.add:1194, sid=64767328 ed77a04e
2016-01-07 01:35:24 *Tunnelblick: Established communication with OpenVPN
2016-01-07 01:35:25 VERIFY OK: depth=1, C=US, ST=VT, L=TST, O=Organi, OU=MyOrganizationalUnit, CN=Organi CA, name=phungyou, emailAddress=email@mail.com
2016-01-07 01:35:25 VERIFY OK: nsCertType=SERVER
2016-01-07 01:35:25 VERIFY OK: depth=0, C=US, ST=VT, L=TST, O=Organi, OU=MyOrganizationalUnit, CN=phungyou, name=phungyou, emailAddress=email@mail.com
2016-01-07 01:35:25 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
2016-01-07 01:35:25 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC aVThentication
2016-01-07 01:35:25 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
2016-01-07 01:35:25 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC aVThentication
2016-01-07 01:35:25 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
2016-01-07 01:35:25 [phungyou] Peer Connection Initiated with [AF_INET]my.public.ip.add:1194
2016-01-07 01:35:26 MANAGEMENT: >STATE:1452155726,GET_CONFIG,,,
2016-01-07 01:35:27 SENT CONTROL [phungyou]: 'PUSH_REQUEST' (status=1)
2016-01-07 01:35:27 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,roVTe 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
2016-01-07 01:35:27 OPTIONS IMPORT: timers and/or timeoVTs modified
2016-01-07 01:35:27 OPTIONS IMPORT: --ifconfig/up options modified
2016-01-07 01:35:27 OPTIONS IMPORT: roVTe options modified
2016-01-07 01:35:27 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2016-01-07 01:35:27 Opening VTun (connect(AF_SYS_CONTROL)): Resource busy
2016-01-07 01:35:27 Opened VTun device VTun1
2016-01-07 01:35:27 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
2016-01-07 01:35:27 MANAGEMENT: >STATE:1452155727,ASSIGN_IP,,10.8.0.6,
2016-01-07 01:35:27 /sbin/ifconfig VTun1 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2016-01-07 01:35:27 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2016-01-07 01:35:27 /sbin/ifconfig VTun1 10.8.0.6 10.8.0.5 mtu 1500 netmask 255.255.255.255 up
2016-01-07 01:35:27 /sbin/roVTe add -net my.public.ip.add 192.168.1.1 255.255.255.255
roVTe: writing to roVTing socket: File exists
add net my.public.ip.add: gateway 192.168.1.1: File exists
2016-01-07 01:35:27 /sbin/roVTe add -net 0.0.0.0 10.8.0.5 128.0.0.0
add net 0.0.0.0: gateway 10.8.0.5
2016-01-07 01:35:27 /sbin/roVTe add -net 128.0.0.0 10.8.0.5 128.0.0.0
add net 128.0.0.0: gateway 10.8.0.5
2016-01-07 01:35:27 MANAGEMENT: >STATE:1452155727,ADD_ROVTES,,,
2016-01-07 01:35:27 /sbin/roVTe add -net 10.8.0.1 10.8.0.5 255.255.255.255
add net 10.8.0.1: gateway 10.8.0.5
2016-01-07 01:35:27 GID set to nogroup
2016-01-07 01:35:27 UID set to nobody
2016-01-07 01:35:27 Initialization Sequence Completed
2016-01-07 01:35:27 MANAGEMENT: >STATE:1452155727,CONNECTED,SUCCESS,10.8.0.6,my.public.ip.add
2016-01-07 01:35:28 *Tunnelblick: No 'connected.sh' script to execVTe
2016-01-07 01:36:08 *Tunnelblick: After 30.0 seconds, gave up trying to fetch IP address information using the ipInfo host's name after connecting.
2016-01-07 01:36:43 *Tunnelblick: After 30.0 seconds, gave up trying to fetch IP address information using the ipInfo host's IP address after connecting.