Bugfinders VPN keeps disconnecting
Posted: Thu Apr 13, 2017 1:53 pm
My VPN keeps disconnecting (on all my devices). Please help
This is the config from last connection.
Let me know if I need to do any settings for it work. Thanks.
*Tunnelblick: OS X 10.12.1; Tunnelblick 3.7.0 (build 4790); prior version 3.6.7 (build 4602); Admin user
git commit 8c2e63a08fd49c4b4881925fea8282547bf2de25
Configuration config
"Sanitized" condensed configuration file for /Users/Ram/Library/Application Support/Tunnelblick/Configurations/config.tblk:
dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA256
tls-client
client
resolv-retry infinite
remote x.x.x.x 1194 udp
setenv opt block-outside-dns
lport 0
auth-user-pass
ns-cert-type server
ca ca.crt
tls-auth ta.key 1
================================================================================
Non-Apple kexts that are loaded:
Index Refs Address Size Wired Name (Version) UUID <Linked Against>
================================================================================
There are no unusual files in config.tblk
================================================================================
Configuration preferences:
autoConnect = 1
-onSystemStart = 0
useDNS = 1
-resetPrimaryInterfaceAfterDisconnect = 0
-routeAllTrafficThroughVpn = 1
-useRouteUpInsteadOfUp = 1
-keychainHasUsernameAndPassword = 1
-loadTun =
-openvpnVersion = -
-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
-keepConnected = 1
-doNotDisconnectOnSleep = 1
-loggingLevel = 3
-lastConnectionSucceeded = 1
================================================================================
Wildcard preferences:
-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
================================================================================
Program preferences:
placeIconInStandardPositionInStatusBar = 1
launchAtNextLogin = 1
notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
askedUserIfOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
tunnelblickVersionHistory = (
"3.7.0 (build 4790)",
"3.6.7 (build 4602)",
"3.4beta20 (build 3727)"
)
lastLaunchTime = 513733763.345525
showConnectedDurations = 1
lastLanguageAtLaunchWasRTL = 0
connectionWindowDisplayCriteria = showWhenConnecting
maxLogDisplaySize = 102400
lastConnectedDisplayName = config
keyboardShortcutIndex = 1
updateCheckAutomatically = 0
updateSendProfileInfo = 1
NSWindow Frame ConnectingWindow = 525 518 389 187 0 0 1440 877
detailsWindowFrameVersion = 4790
detailsWindowFrame = {{260, 307}, {920, 468}}
detailsWindowLeftFrame = {{0, 0}, {165, 350}}
detailsWindowViewIndex = 0
detailsWindowConfigurationsTabIdentifier = log
leftNavSelectedDisplayName = config
AdvancedWindowTabIdentifier = whileConnected
haveDealtWithSparkle1dot5b6 = 1
haveDealtWithOldTunTapPreferences = 1
haveDealtWithOldLoginItem = 1
SUEnableAutomaticChecks = 0
SUFeedURL = https://www.tunnelblick.net/appcast-s.rss
SUScheduledCheckInterval = 86400
SUSendProfileInfo = 1
SULastCheckTime = 2014-03-10 01:03:04 +0000
SUHasLaunchedBefore = 1
WebKitDefaultFontSize = 16
WebKitStandardFont = Times
================================================================================
Tunnelblick Log:
2017-04-13 09:47:44 Unrecognized option or missing or extra parameter(s) in /Library/Application Support/Tunnelblick/Users/Ram/config.tblk/Contents/Resources/config.ovpn:17: block-outside-dns (2.4.0)
2017-04-13 09:47:44 OpenVPN 2.4.0 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Jan 28 2017
2017-04-13 09:47:44 library versions: LibreSSL 2.5.0, LZO 2.09
2017-04-13 09:47:44 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337
2017-04-13 09:47:44 Need hold release from management interface, waiting...
*Tunnelblick: OS X 10.12.1; Tunnelblick 3.7.0 (build 4790); prior version 3.6.7 (build 4602)
2017-04-13 09:47:44 *Tunnelblick: Attempting connection with config using shadow copy; Set nameserver = 769; monitoring connection
2017-04-13 09:47:44 *Tunnelblick: openvpnstart start config.tblk 1337 769 0 1 0 1098544 -ptADGNWradsgnw 2.4.0-libressl-2.5.0
2017-04-13 09:47:45 *Tunnelblick: openvpnstart log:
OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.4.0-libressl-2.5.0/openvpn
--daemon
--log
/Library/Application Support/Tunnelblick/Logs/-SUsers-SRam-SLibrary-SApplication Support-STunnelblick-SConfigurations-Sconfig.tblk-SContents-SResources-Sconfig.ovpn.769_0_1_0_1098544.1337.openvpn.log
--cd
/Library/Application Support/Tunnelblick/Users/Ram/config.tblk/Contents/Resources
--verb
3
--config
/Library/Application Support/Tunnelblick/Users/Ram/config.tblk/Contents/Resources/config.ovpn
--verb
3
--cd
/Library/Application Support/Tunnelblick/Users/Ram/config.tblk/Contents/Resources
--management
127.0.0.1
1337
--management-query-passwords
--management-hold
--redirect-gateway
def1
--script-security
2
--route-up
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
--down
/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
2017-04-13 09:47:44 *Tunnelblick: openvpnstart starting OpenVPN
2017-04-13 09:47:45 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337
2017-04-13 09:47:45 MANAGEMENT: CMD 'pid'
2017-04-13 09:47:45 *Tunnelblick: Established communication with OpenVPN
2017-04-13 09:47:45 MANAGEMENT: CMD 'state on'
2017-04-13 09:47:45 MANAGEMENT: CMD 'state'
2017-04-13 09:47:45 MANAGEMENT: CMD 'bytecount 1'
2017-04-13 09:47:45 MANAGEMENT: CMD 'hold release'
2017-04-13 09:47:45 *Tunnelblick: Obtained VPN username and password from the Keychain
2017-04-13 09:47:45 MANAGEMENT: CMD 'username "Auth" "divs_288"'
2017-04-13 09:47:45 MANAGEMENT: CMD 'password [...]'
2017-04-13 09:47:45 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2017-04-13 09:47:45 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2017-04-13 09:47:45 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2017-04-13 09:47:45 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
2017-04-13 09:47:45 Socket Buffers: R=[196724->196724] S=[9216->9216]
2017-04-13 09:47:45 UDP link local (bound): [AF_INET][undef]:0
2017-04-13 09:47:45 UDP link remote: [AF_INET]x.x.x.x:1194
2017-04-13 09:47:45 MANAGEMENT: >STATE:1492091265,WAIT,,,,,,
2017-04-13 09:47:45 MANAGEMENT: >STATE:1492091265,AUTH,,,,,,
2017-04-13 09:47:45 TLS: Initial packet from [AF_INET]x.x.x.x:1194, sid=be4d7b30 44edbc4c
2017-04-13 09:47:45 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2017-04-13 09:47:45 VERIFY OK: depth=1, C=GB, ST=Gloucestershire, L=Cheltenham, O=IT, emailAddress=support@bugfinders.com, CN=Bugfinders Limited
2017-04-13 09:47:45 VERIFY OK: nsCertType=SERVER
2017-04-13 09:47:45 VERIFY OK: depth=0, C=GB, ST=Gloucestershire, L=Cheltenham, O=IT, emailAddress=support@bugfinders.com, CN=Bugfinders Testers
2017-04-13 09:47:45 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
2017-04-13 09:47:45 [Bugfinders Testers] Peer Connection Initiated with [AF_INET]x.x.x.x:1194
2017-04-13 09:47:47 MANAGEMENT: >STATE:1492091267,GET_CONFIG,,,,,,
2017-04-13 09:47:47 SENT CONTROL [Bugfinders Testers]: 'PUSH_REQUEST' (status=1)
2017-04-13 09:47:47 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,register-dns,dhcp-option NTP 185.103.117.60,dhcp-option NTP 185.103.119.60,redirect-gateway def1,route-gateway 10.178.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.178.0.201 255.255.252.0'
2017-04-13 09:47:47 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:3: register-dns (2.4.0)
2017-04-13 09:47:47 OPTIONS IMPORT: timers and/or timeouts modified
2017-04-13 09:47:47 OPTIONS IMPORT: --ifconfig/up options modified
2017-04-13 09:47:47 OPTIONS IMPORT: route options modified
2017-04-13 09:47:47 OPTIONS IMPORT: route-related options modified
2017-04-13 09:47:47 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2017-04-13 09:47:47 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
2017-04-13 09:47:47 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
2017-04-13 09:47:47 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
2017-04-13 09:47:47 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
2017-04-13 09:47:47 Opening utun (connect(AF_SYS_CONTROL)): Resource busy
2017-04-13 09:47:47 Opening utun (connect(AF_SYS_CONTROL)): Resource busy
2017-04-13 09:47:47 Opened utun device utun2
2017-04-13 09:47:47 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
2017-04-13 09:47:47 MANAGEMENT: >STATE:1492091267,ASSIGN_IP,,10.178.0.201,,,,
2017-04-13 09:47:47 /sbin/ifconfig utun2 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2017-04-13 09:47:47 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2017-04-13 09:47:47 /sbin/ifconfig utun2 10.178.0.201 10.178.0.201 netmask 255.255.252.0 mtu 1500 up
2017-04-13 09:47:47 /sbin/route add -net 10.178.0.0 10.178.0.201 255.255.252.0
add net 10.178.0.0: gateway 10.178.0.201
2017-04-13 09:47:47 /sbin/route add -net x.x.x.x 192.168.2.1 255.255.255.255
add net x.x.x.x: gateway 192.168.2.1
2017-04-13 09:47:47 /sbin/route add -net 0.0.0.0 10.178.0.1 128.0.0.0
add net 0.0.0.0: gateway 10.178.0.1
2017-04-13 09:47:47 /sbin/route add -net 128.0.0.0 10.178.0.1 128.0.0.0
add net 128.0.0.0: gateway 10.178.0.1
**********************************************
Start of output from client.up.tunnelblick.sh
Disabled IPv6 for 'HUAWEI_MOBILE'
Disabled IPv6 for 'Bluetooth PAN'
Disabled IPv6 for 'Thunderbolt Bridge'
Disabled IPv6 for 'ZTE WCDMA Technologies MSM'
Disabled IPv6 for 'Thunderbolt Ethernet'
Disabled IPv6 for 'Ethernet Adaptor (en1)'
WARNING: 'foreign_option_3' = 'dhcp-option NTP 185.103.117.60' ignored
WARNING: 'foreign_option_4' = 'dhcp-option NTP 185.103.119.60' ignored
Retrieved from OpenVPN: name server(s) [ 208.67.222.222 208.67.220.220 ], search domain(s) [ ] and SMB server(s) [ ] and using default domain name [ openvpn ]
Not aggregating ServerAddresses because running on OS X 10.6 or higher
Setting search domains to 'openvpn' because running under OS X 10.6 or higher and the search domains were not set manually and 'Prepend domain name to search domains' was not selected
Saved the DNS and SMB configurations so they can be restored
Changed DNS ServerAddresses setting from '192.168.2.1' to '208.67.222.222 208.67.220.220'
Changed DNS SearchDomains setting from '' to 'openvpn'
Changed DNS DomainName setting from 'home' to 'openvpn'
Did not change SMB NetBIOSName setting of ''
Did not change SMB Workgroup setting of ''
Did not change SMB WINSAddresses setting of ''
DNS servers '208.67.222.222 208.67.220.220' will be used for DNS queries when the VPN is active
The DNS servers include only free public DNS servers known to Tunnelblick.
Flushed the DNS cache via dscacheutil
/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
Notified mDNSResponder that the DNS cache was flushed
Setting up to monitor system configuration with process-network-changes
End of output from client.up.tunnelblick.sh
**********************************************
2017-04-13 09:47:52 Initialization Sequence Completed
2017-04-13 09:47:52 MANAGEMENT: >STATE:1492091272,CONNECTED,SUCCESS,10.178.0.201,x.x.x.x,1194,,
2017-04-13 09:47:52 *Tunnelblick: No 'connected.sh' script to execute
2017-04-13 09:47:56 *Tunnelblick process-network-changes: A system configuration change was ignored
2017-04-13 09:49:39 [Bugfinders Testers] Inactivity timeout (--ping-restart), restarting
2017-04-13 09:49:39 SIGUSR1[soft,ping-restart] received, process restarting
2017-04-13 09:49:39 MANAGEMENT: >STATE:1492091379,RECONNECTING,ping-restart,,,,,
2017-04-13 09:49:39 *Tunnelblick: No 'reconnecting.sh' script to execute
2017-04-13 09:49:39 MANAGEMENT: CMD 'hold release'
2017-04-13 09:49:39 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2017-04-13 09:49:39 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
2017-04-13 09:49:39 Socket Buffers: R=[196724->196724] S=[9216->9216]
2017-04-13 09:49:39 UDP link local (bound): [AF_INET][undef]:0
2017-04-13 09:49:39 UDP link remote: [AF_INET]x.x.x.x:1194
2017-04-13 09:49:39 MANAGEMENT: >STATE:1492091379,WAIT,,,,,,
2017-04-13 09:49:39 MANAGEMENT: >STATE:1492091379,AUTH,,,,,,
2017-04-13 09:49:39 TLS: Initial packet from [AF_INET]x.x.x.x:1194, sid=75771674 a3dcdfa9
2017-04-13 09:49:39 VERIFY OK: depth=1, C=GB, ST=Gloucestershire, L=Cheltenham, O=IT, emailAddress=support@bugfinders.com, CN=Bugfinders Limited
2017-04-13 09:49:39 VERIFY OK: nsCertType=SERVER
2017-04-13 09:49:39 VERIFY OK: depth=0, C=GB, ST=Gloucestershire, L=Cheltenham, O=IT, emailAddress=support@bugfinders.com, CN=Bugfinders Testers
2017-04-13 09:49:40 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
2017-04-13 09:49:40 [Bugfinders Testers] Peer Connection Initiated with [AF_INET]x.x.x.x:1194
2017-04-13 09:49:41 MANAGEMENT: >STATE:1492091381,GET_CONFIG,,,,,,
2017-04-13 09:49:41 SENT CONTROL [Bugfinders Testers]: 'PUSH_REQUEST' (status=1)
2017-04-13 09:49:41 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,register-dns,dhcp-option NTP 185.103.117.60,dhcp-option NTP 185.103.119.60,redirect-gateway def1,route-gateway 10.178.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.178.0.201 255.255.252.0'
2017-04-13 09:49:41 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:3: register-dns (2.4.0)
2017-04-13 09:49:41 OPTIONS IMPORT: timers and/or timeouts modified
2017-04-13 09:49:41 OPTIONS IMPORT: --ifconfig/up options modified
2017-04-13 09:49:41 OPTIONS IMPORT: route options modified
2017-04-13 09:49:41 OPTIONS IMPORT: route-related options modified
2017-04-13 09:49:41 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2017-04-13 09:49:41 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
2017-04-13 09:49:41 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
2017-04-13 09:49:41 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
2017-04-13 09:49:41 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
2017-04-13 09:49:41 Preserving previous TUN/TAP instance: utun2
2017-04-13 09:49:41 Initialization Sequence Completed
2017-04-13 09:49:41 MANAGEMENT: >STATE:1492091381,CONNECTED,SUCCESS,10.178.0.201,x.x.x.x,1194,,
2017-04-13 09:49:41 *Tunnelblick: No 'connected.sh' script to execute
================================================================================
"Sanitized" full configuration file
#-- Config Auto Generated By pfSense for Viscosity --#
#viscosity startonopen false
#viscosity dhcp true
#viscosity dnssupport true
#viscosity name TestersVPN
dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA256
tls-client
client
resolv-retry infinite
remote x.x.x.x 1194 udp
setenv opt block-outside-dns
lport 0
auth-user-pass
ns-cert-type server
ca ca.crt
tls-auth ta.key 1
================================================================================
ifconfig output:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 28:37:37:18:a5:40
inet 192.168.2.11 netmask 0xffffff00 broadcast 192.168.2.255
media: autoselect
status: active
en1: flags=863<UP,BROADCAST,SMART,RUNNING,SIMPLEX> mtu 1500
options=60<TSO4,TSO6>
ether b2:00:11:6c:5f:60
media: autoselect <full-duplex>
status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether 0a:37:37:18:a5:40
media: autoselect
status: inactive
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=63<RXCSUM,TXCSUM,TSO4,TSO6>
ether b2:00:11:6c:5f:60
Configuration:
id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
ipfilter disabled flags 0x2
nd6 options=201<PERFORMNUD,DAD>
media: <unknown type>
status: inactive
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
inet6 fe80::41f4:468f:8736:f9d2%utun0 prefixlen 64 scopeid 0x8
nd6 options=201<PERFORMNUD,DAD>
utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
inet6 fe80::248e:3de6:16bb:42fc%utun1 prefixlen 64 scopeid 0x9
inet6 fd36:58bf:2055:e25:248e:3de6:16bb:42fc prefixlen 64
nd6 options=201<PERFORMNUD,DAD>
utun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 10.178.0.201 --> 10.178.0.201 netmask 0xfffffc00
================================================================================
Console Log:
2017-04-13 06:48:23 Tunnelblick[399] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-config' account = 'username'
2017-04-13 06:48:23 Tunnelblick[399] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-config' account = 'password'
2017-04-13 08:18:40 Tunnelblick[399] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-config' account = 'username'
2017-04-13 08:18:40 Tunnelblick[399] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-config' account = 'password'
2017-04-13 08:24:35 Tunnelblick[399] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-config' account = 'username'
2017-04-13 08:24:35 Tunnelblick[399] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-config' account = 'password'
2017-04-13 09:47:45 Tunnelblick[399] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-config' account = 'username'
2017-04-13 09:47:45 Tunnelblick[399] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-config' account = 'password'
This is the config from last connection.
Let me know if I need to do any settings for it work. Thanks.
*Tunnelblick: OS X 10.12.1; Tunnelblick 3.7.0 (build 4790); prior version 3.6.7 (build 4602); Admin user
git commit 8c2e63a08fd49c4b4881925fea8282547bf2de25
Configuration config
"Sanitized" condensed configuration file for /Users/Ram/Library/Application Support/Tunnelblick/Configurations/config.tblk:
dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA256
tls-client
client
resolv-retry infinite
remote x.x.x.x 1194 udp
setenv opt block-outside-dns
lport 0
auth-user-pass
ns-cert-type server
ca ca.crt
tls-auth ta.key 1
================================================================================
Non-Apple kexts that are loaded:
Index Refs Address Size Wired Name (Version) UUID <Linked Against>
================================================================================
There are no unusual files in config.tblk
================================================================================
Configuration preferences:
autoConnect = 1
-onSystemStart = 0
useDNS = 1
-resetPrimaryInterfaceAfterDisconnect = 0
-routeAllTrafficThroughVpn = 1
-useRouteUpInsteadOfUp = 1
-keychainHasUsernameAndPassword = 1
-loadTun =
-openvpnVersion = -
-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
-keepConnected = 1
-doNotDisconnectOnSleep = 1
-loggingLevel = 3
-lastConnectionSucceeded = 1
================================================================================
Wildcard preferences:
-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
================================================================================
Program preferences:
placeIconInStandardPositionInStatusBar = 1
launchAtNextLogin = 1
notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
askedUserIfOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
tunnelblickVersionHistory = (
"3.7.0 (build 4790)",
"3.6.7 (build 4602)",
"3.4beta20 (build 3727)"
)
lastLaunchTime = 513733763.345525
showConnectedDurations = 1
lastLanguageAtLaunchWasRTL = 0
connectionWindowDisplayCriteria = showWhenConnecting
maxLogDisplaySize = 102400
lastConnectedDisplayName = config
keyboardShortcutIndex = 1
updateCheckAutomatically = 0
updateSendProfileInfo = 1
NSWindow Frame ConnectingWindow = 525 518 389 187 0 0 1440 877
detailsWindowFrameVersion = 4790
detailsWindowFrame = {{260, 307}, {920, 468}}
detailsWindowLeftFrame = {{0, 0}, {165, 350}}
detailsWindowViewIndex = 0
detailsWindowConfigurationsTabIdentifier = log
leftNavSelectedDisplayName = config
AdvancedWindowTabIdentifier = whileConnected
haveDealtWithSparkle1dot5b6 = 1
haveDealtWithOldTunTapPreferences = 1
haveDealtWithOldLoginItem = 1
SUEnableAutomaticChecks = 0
SUFeedURL = https://www.tunnelblick.net/appcast-s.rss
SUScheduledCheckInterval = 86400
SUSendProfileInfo = 1
SULastCheckTime = 2014-03-10 01:03:04 +0000
SUHasLaunchedBefore = 1
WebKitDefaultFontSize = 16
WebKitStandardFont = Times
================================================================================
Tunnelblick Log:
2017-04-13 09:47:44 Unrecognized option or missing or extra parameter(s) in /Library/Application Support/Tunnelblick/Users/Ram/config.tblk/Contents/Resources/config.ovpn:17: block-outside-dns (2.4.0)
2017-04-13 09:47:44 OpenVPN 2.4.0 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Jan 28 2017
2017-04-13 09:47:44 library versions: LibreSSL 2.5.0, LZO 2.09
2017-04-13 09:47:44 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337
2017-04-13 09:47:44 Need hold release from management interface, waiting...
*Tunnelblick: OS X 10.12.1; Tunnelblick 3.7.0 (build 4790); prior version 3.6.7 (build 4602)
2017-04-13 09:47:44 *Tunnelblick: Attempting connection with config using shadow copy; Set nameserver = 769; monitoring connection
2017-04-13 09:47:44 *Tunnelblick: openvpnstart start config.tblk 1337 769 0 1 0 1098544 -ptADGNWradsgnw 2.4.0-libressl-2.5.0
2017-04-13 09:47:45 *Tunnelblick: openvpnstart log:
OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.4.0-libressl-2.5.0/openvpn
--daemon
--log
/Library/Application Support/Tunnelblick/Logs/-SUsers-SRam-SLibrary-SApplication Support-STunnelblick-SConfigurations-Sconfig.tblk-SContents-SResources-Sconfig.ovpn.769_0_1_0_1098544.1337.openvpn.log
--cd
/Library/Application Support/Tunnelblick/Users/Ram/config.tblk/Contents/Resources
--verb
3
--config
/Library/Application Support/Tunnelblick/Users/Ram/config.tblk/Contents/Resources/config.ovpn
--verb
3
--cd
/Library/Application Support/Tunnelblick/Users/Ram/config.tblk/Contents/Resources
--management
127.0.0.1
1337
--management-query-passwords
--management-hold
--redirect-gateway
def1
--script-security
2
--route-up
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
--down
/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
2017-04-13 09:47:44 *Tunnelblick: openvpnstart starting OpenVPN
2017-04-13 09:47:45 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337
2017-04-13 09:47:45 MANAGEMENT: CMD 'pid'
2017-04-13 09:47:45 *Tunnelblick: Established communication with OpenVPN
2017-04-13 09:47:45 MANAGEMENT: CMD 'state on'
2017-04-13 09:47:45 MANAGEMENT: CMD 'state'
2017-04-13 09:47:45 MANAGEMENT: CMD 'bytecount 1'
2017-04-13 09:47:45 MANAGEMENT: CMD 'hold release'
2017-04-13 09:47:45 *Tunnelblick: Obtained VPN username and password from the Keychain
2017-04-13 09:47:45 MANAGEMENT: CMD 'username "Auth" "divs_288"'
2017-04-13 09:47:45 MANAGEMENT: CMD 'password [...]'
2017-04-13 09:47:45 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2017-04-13 09:47:45 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2017-04-13 09:47:45 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2017-04-13 09:47:45 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
2017-04-13 09:47:45 Socket Buffers: R=[196724->196724] S=[9216->9216]
2017-04-13 09:47:45 UDP link local (bound): [AF_INET][undef]:0
2017-04-13 09:47:45 UDP link remote: [AF_INET]x.x.x.x:1194
2017-04-13 09:47:45 MANAGEMENT: >STATE:1492091265,WAIT,,,,,,
2017-04-13 09:47:45 MANAGEMENT: >STATE:1492091265,AUTH,,,,,,
2017-04-13 09:47:45 TLS: Initial packet from [AF_INET]x.x.x.x:1194, sid=be4d7b30 44edbc4c
2017-04-13 09:47:45 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2017-04-13 09:47:45 VERIFY OK: depth=1, C=GB, ST=Gloucestershire, L=Cheltenham, O=IT, emailAddress=support@bugfinders.com, CN=Bugfinders Limited
2017-04-13 09:47:45 VERIFY OK: nsCertType=SERVER
2017-04-13 09:47:45 VERIFY OK: depth=0, C=GB, ST=Gloucestershire, L=Cheltenham, O=IT, emailAddress=support@bugfinders.com, CN=Bugfinders Testers
2017-04-13 09:47:45 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
2017-04-13 09:47:45 [Bugfinders Testers] Peer Connection Initiated with [AF_INET]x.x.x.x:1194
2017-04-13 09:47:47 MANAGEMENT: >STATE:1492091267,GET_CONFIG,,,,,,
2017-04-13 09:47:47 SENT CONTROL [Bugfinders Testers]: 'PUSH_REQUEST' (status=1)
2017-04-13 09:47:47 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,register-dns,dhcp-option NTP 185.103.117.60,dhcp-option NTP 185.103.119.60,redirect-gateway def1,route-gateway 10.178.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.178.0.201 255.255.252.0'
2017-04-13 09:47:47 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:3: register-dns (2.4.0)
2017-04-13 09:47:47 OPTIONS IMPORT: timers and/or timeouts modified
2017-04-13 09:47:47 OPTIONS IMPORT: --ifconfig/up options modified
2017-04-13 09:47:47 OPTIONS IMPORT: route options modified
2017-04-13 09:47:47 OPTIONS IMPORT: route-related options modified
2017-04-13 09:47:47 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2017-04-13 09:47:47 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
2017-04-13 09:47:47 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
2017-04-13 09:47:47 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
2017-04-13 09:47:47 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
2017-04-13 09:47:47 Opening utun (connect(AF_SYS_CONTROL)): Resource busy
2017-04-13 09:47:47 Opening utun (connect(AF_SYS_CONTROL)): Resource busy
2017-04-13 09:47:47 Opened utun device utun2
2017-04-13 09:47:47 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
2017-04-13 09:47:47 MANAGEMENT: >STATE:1492091267,ASSIGN_IP,,10.178.0.201,,,,
2017-04-13 09:47:47 /sbin/ifconfig utun2 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2017-04-13 09:47:47 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2017-04-13 09:47:47 /sbin/ifconfig utun2 10.178.0.201 10.178.0.201 netmask 255.255.252.0 mtu 1500 up
2017-04-13 09:47:47 /sbin/route add -net 10.178.0.0 10.178.0.201 255.255.252.0
add net 10.178.0.0: gateway 10.178.0.201
2017-04-13 09:47:47 /sbin/route add -net x.x.x.x 192.168.2.1 255.255.255.255
add net x.x.x.x: gateway 192.168.2.1
2017-04-13 09:47:47 /sbin/route add -net 0.0.0.0 10.178.0.1 128.0.0.0
add net 0.0.0.0: gateway 10.178.0.1
2017-04-13 09:47:47 /sbin/route add -net 128.0.0.0 10.178.0.1 128.0.0.0
add net 128.0.0.0: gateway 10.178.0.1
**********************************************
Start of output from client.up.tunnelblick.sh
Disabled IPv6 for 'HUAWEI_MOBILE'
Disabled IPv6 for 'Bluetooth PAN'
Disabled IPv6 for 'Thunderbolt Bridge'
Disabled IPv6 for 'ZTE WCDMA Technologies MSM'
Disabled IPv6 for 'Thunderbolt Ethernet'
Disabled IPv6 for 'Ethernet Adaptor (en1)'
WARNING: 'foreign_option_3' = 'dhcp-option NTP 185.103.117.60' ignored
WARNING: 'foreign_option_4' = 'dhcp-option NTP 185.103.119.60' ignored
Retrieved from OpenVPN: name server(s) [ 208.67.222.222 208.67.220.220 ], search domain(s) [ ] and SMB server(s) [ ] and using default domain name [ openvpn ]
Not aggregating ServerAddresses because running on OS X 10.6 or higher
Setting search domains to 'openvpn' because running under OS X 10.6 or higher and the search domains were not set manually and 'Prepend domain name to search domains' was not selected
Saved the DNS and SMB configurations so they can be restored
Changed DNS ServerAddresses setting from '192.168.2.1' to '208.67.222.222 208.67.220.220'
Changed DNS SearchDomains setting from '' to 'openvpn'
Changed DNS DomainName setting from 'home' to 'openvpn'
Did not change SMB NetBIOSName setting of ''
Did not change SMB Workgroup setting of ''
Did not change SMB WINSAddresses setting of ''
DNS servers '208.67.222.222 208.67.220.220' will be used for DNS queries when the VPN is active
The DNS servers include only free public DNS servers known to Tunnelblick.
Flushed the DNS cache via dscacheutil
/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
Notified mDNSResponder that the DNS cache was flushed
Setting up to monitor system configuration with process-network-changes
End of output from client.up.tunnelblick.sh
**********************************************
2017-04-13 09:47:52 Initialization Sequence Completed
2017-04-13 09:47:52 MANAGEMENT: >STATE:1492091272,CONNECTED,SUCCESS,10.178.0.201,x.x.x.x,1194,,
2017-04-13 09:47:52 *Tunnelblick: No 'connected.sh' script to execute
2017-04-13 09:47:56 *Tunnelblick process-network-changes: A system configuration change was ignored
2017-04-13 09:49:39 [Bugfinders Testers] Inactivity timeout (--ping-restart), restarting
2017-04-13 09:49:39 SIGUSR1[soft,ping-restart] received, process restarting
2017-04-13 09:49:39 MANAGEMENT: >STATE:1492091379,RECONNECTING,ping-restart,,,,,
2017-04-13 09:49:39 *Tunnelblick: No 'reconnecting.sh' script to execute
2017-04-13 09:49:39 MANAGEMENT: CMD 'hold release'
2017-04-13 09:49:39 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2017-04-13 09:49:39 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
2017-04-13 09:49:39 Socket Buffers: R=[196724->196724] S=[9216->9216]
2017-04-13 09:49:39 UDP link local (bound): [AF_INET][undef]:0
2017-04-13 09:49:39 UDP link remote: [AF_INET]x.x.x.x:1194
2017-04-13 09:49:39 MANAGEMENT: >STATE:1492091379,WAIT,,,,,,
2017-04-13 09:49:39 MANAGEMENT: >STATE:1492091379,AUTH,,,,,,
2017-04-13 09:49:39 TLS: Initial packet from [AF_INET]x.x.x.x:1194, sid=75771674 a3dcdfa9
2017-04-13 09:49:39 VERIFY OK: depth=1, C=GB, ST=Gloucestershire, L=Cheltenham, O=IT, emailAddress=support@bugfinders.com, CN=Bugfinders Limited
2017-04-13 09:49:39 VERIFY OK: nsCertType=SERVER
2017-04-13 09:49:39 VERIFY OK: depth=0, C=GB, ST=Gloucestershire, L=Cheltenham, O=IT, emailAddress=support@bugfinders.com, CN=Bugfinders Testers
2017-04-13 09:49:40 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
2017-04-13 09:49:40 [Bugfinders Testers] Peer Connection Initiated with [AF_INET]x.x.x.x:1194
2017-04-13 09:49:41 MANAGEMENT: >STATE:1492091381,GET_CONFIG,,,,,,
2017-04-13 09:49:41 SENT CONTROL [Bugfinders Testers]: 'PUSH_REQUEST' (status=1)
2017-04-13 09:49:41 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,register-dns,dhcp-option NTP 185.103.117.60,dhcp-option NTP 185.103.119.60,redirect-gateway def1,route-gateway 10.178.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.178.0.201 255.255.252.0'
2017-04-13 09:49:41 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:3: register-dns (2.4.0)
2017-04-13 09:49:41 OPTIONS IMPORT: timers and/or timeouts modified
2017-04-13 09:49:41 OPTIONS IMPORT: --ifconfig/up options modified
2017-04-13 09:49:41 OPTIONS IMPORT: route options modified
2017-04-13 09:49:41 OPTIONS IMPORT: route-related options modified
2017-04-13 09:49:41 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2017-04-13 09:49:41 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
2017-04-13 09:49:41 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
2017-04-13 09:49:41 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
2017-04-13 09:49:41 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
2017-04-13 09:49:41 Preserving previous TUN/TAP instance: utun2
2017-04-13 09:49:41 Initialization Sequence Completed
2017-04-13 09:49:41 MANAGEMENT: >STATE:1492091381,CONNECTED,SUCCESS,10.178.0.201,x.x.x.x,1194,,
2017-04-13 09:49:41 *Tunnelblick: No 'connected.sh' script to execute
================================================================================
"Sanitized" full configuration file
#-- Config Auto Generated By pfSense for Viscosity --#
#viscosity startonopen false
#viscosity dhcp true
#viscosity dnssupport true
#viscosity name TestersVPN
dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA256
tls-client
client
resolv-retry infinite
remote x.x.x.x 1194 udp
setenv opt block-outside-dns
lport 0
auth-user-pass
ns-cert-type server
ca ca.crt
tls-auth ta.key 1
================================================================================
ifconfig output:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 28:37:37:18:a5:40
inet 192.168.2.11 netmask 0xffffff00 broadcast 192.168.2.255
media: autoselect
status: active
en1: flags=863<UP,BROADCAST,SMART,RUNNING,SIMPLEX> mtu 1500
options=60<TSO4,TSO6>
ether b2:00:11:6c:5f:60
media: autoselect <full-duplex>
status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether 0a:37:37:18:a5:40
media: autoselect
status: inactive
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=63<RXCSUM,TXCSUM,TSO4,TSO6>
ether b2:00:11:6c:5f:60
Configuration:
id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
ipfilter disabled flags 0x2
nd6 options=201<PERFORMNUD,DAD>
media: <unknown type>
status: inactive
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
inet6 fe80::41f4:468f:8736:f9d2%utun0 prefixlen 64 scopeid 0x8
nd6 options=201<PERFORMNUD,DAD>
utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
inet6 fe80::248e:3de6:16bb:42fc%utun1 prefixlen 64 scopeid 0x9
inet6 fd36:58bf:2055:e25:248e:3de6:16bb:42fc prefixlen 64
nd6 options=201<PERFORMNUD,DAD>
utun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 10.178.0.201 --> 10.178.0.201 netmask 0xfffffc00
================================================================================
Console Log:
2017-04-13 06:48:23 Tunnelblick[399] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-config' account = 'username'
2017-04-13 06:48:23 Tunnelblick[399] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-config' account = 'password'
2017-04-13 08:18:40 Tunnelblick[399] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-config' account = 'username'
2017-04-13 08:18:40 Tunnelblick[399] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-config' account = 'password'
2017-04-13 08:24:35 Tunnelblick[399] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-config' account = 'username'
2017-04-13 08:24:35 Tunnelblick[399] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-config' account = 'password'
2017-04-13 09:47:45 Tunnelblick[399] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-config' account = 'username'
2017-04-13 09:47:45 Tunnelblick[399] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-config' account = 'password'