iPhone works fine; Tunnelblick and Viscosity on Mac don't

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
Ramias
OpenVpn Newbie
Posts: 2
Joined: Sat Apr 01, 2017 12:23 am

iPhone works fine; Tunnelblick and Viscosity on Mac don't

Post by Ramias » Sat Apr 01, 2017 12:49 am

with the same config file.

With my iPhone I can hit internal resources just fine. The Mac connects but can't ping, can't http etc to internal resources.

OpenVPN server is running on my Ubiquity Edge Router. I understand it's config may appear different, but here it is:

Code: Select all

description OpenVPN
 encryption aes256
 hash sha256
 mode server
 openvpn-option --duplicate-cn
 openvpn-option "--comp-lzo no"
 openvpn-option "--tls-auth /config/auth/ta.key 0"
 openvpn-option "--user nobody"
 openvpn-option --persist-key
 openvpn-option --persist-tun
 openvpn-option "--group nogroup"
 replace-default-route {
     local
 }
 server {
     name-server 192.168.0.1
     push-route 192.168.0.0/24
     push-route 10.0.0.0/16
     subnet 10.99.99.0/24
 }
 tls {
     ca-cert-file /config/auth/cacert.pem
     cert-file /config/auth/server.pem
     dh-file /config/auth/dhp.pem
     key-file /config/auth/server.key
 }
Logs from /var/log/messages when the Mac connects:

Code: Select all

Mar 31 20:17:12 router openvpn[7880]: 172.56.x.x:47579 TLS: Initial packet from [AF_INET]172.56.x.x:47579, sid=d88b1538 92eba44e
Mar 31 20:17:13 router openvpn[7880]: 172.56.x.x:47579 VERIFY OK: depth=1, C=US, ST=State, O=home.local, OU=home, CN=Home Router Cert
Mar 31 20:17:13 router openvpn[7880]: 172.56.x.x:47579 VERIFY OK: depth=0, C=US, ST=State, L=City, O=Home Local, CN=Home
Mar 31 20:17:13 router openvpn[7880]: 172.56.x.x:47579 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mar 31 20:17:13 router openvpn[7880]: 172.56.x.x:47579 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Mar 31 20:17:13 router openvpn[7880]: 172.56.x.x:47579 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mar 31 20:17:13 router openvpn[7880]: 172.56.x.x:47579 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Mar 31 20:17:13 router openvpn[7880]: 172.56.x.x:47579 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mar 31 20:17:13 router openvpn[7880]: 172.56.x.x:47579 [Home] Peer Connection Initiated with [AF_INET]172.56.x.x:47579
Mar 31 20:17:13 router openvpn[7880]: Home/172.56.x.x:47579 MULTI_sva: pool returned IPv4=10.99.99.2, IPv6=(Not enabled)
Mar 31 20:17:13 router openvpn[7880]: Home/172.56.x.x:47579 MULTI: Learn: 10.99.99.2 -> Home/172.56.x.x:47579
Mar 31 20:17:13 router openvpn[7880]: Home/172.56.x.x:47579 MULTI: primary virtual IP for Home/172.56.x.x:47579: 10.99.99.2
Mar 31 20:17:16 router openvpn[7880]: Home/172.56.x.x:47579 PUSH: Received control message: 'PUSH_REQUEST'
Mar 31 20:17:16 router openvpn[7880]: Home/172.56.x.x:47579 send_push_reply(): safe_cap=940
Mar 31 20:17:16 router openvpn[7880]: Home/172.56.x.x:47579 SENT CONTROL [Home]: 'PUSH_REPLY,redirect-gateway local,dhcp-option DNS 192.168.0.1,route 192.168.0.0 255.255.255.0,route 10.0.0.0 255.255.0.0,route-gateway 10.99.99.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.99.99.2 255.255.255.0' (status=1)
Mar 31 20:19:16 router openvpn[7880]: Home/172.56.x.x:47579 [Home] Inactivity timeout (--ping-restart), restarting
Mar 31 20:19:16 router openvpn[7880]: Home/172.56.x.x:47579 SIGUSR1[soft,ping-restart] received, client-instance restarting
Client File:

Code: Select all

remote server.com 1194 udp
persist-key
tls-client
key-direction 1
pull
redirect-gateway def1
dev tun
persist-tun
comp-lzo no
nobind
cipher AES-256-CBC
auth sha256
resolv-retry
infinite
<tls-auth>
and the ca, cert, key files inline.

How can I troubleshoot this better?

Thanks

Post Reply