Tunnelblick: Warning: DNS server address 192.168.1.1 is not a public IP address and is not being routed through the VPN

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
projectarms
OpenVpn Newbie
Posts: 1
Joined: Tue Mar 24, 2020 2:44 pm

Tunnelblick: Warning: DNS server address 192.168.1.1 is not a public IP address and is not being routed through the VPN

Post by projectarms » Tue Mar 24, 2020 3:00 pm

Good morning, it's my first post. I have a problem with the configuration of the VPN on the MAC, Tunnelblink gives me an error, establishes the connection but does not change the IP and DNS, so I am not in the corporate network, while on pc windows everything works. I am trying to connect on the office VPN.


Code: Select all

2020-03-24 15:46:27.124891 *Tunnelblick: macOS 10.13.6 (17G11023); Tunnelblick 3.8.1 (build 5400); prior version 3.8.2 (build 5480)
2020-03-24 15:46:27.426270 *Tunnelblick: Attempting connection with Giuseppe using shadow copy; Set nameserver = 769; monitoring connection
2020-03-24 15:46:27.426805 *Tunnelblick: openvpnstart start Giuseppe.tblk 53901 769 0 1 0 1065842 -ptaADGNWrdsgnw 2.4.7-openssl-1.0.2t
2020-03-24 15:46:27.445146 *Tunnelblick: openvpnstart starting OpenVPN
2020-03-24 15:46:28.014125 OpenVPN 2.4.7 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Sep 11 2019
2020-03-24 15:46:28.014156 library versions: OpenSSL 1.0.2t  10 Sep 2019, LZO 2.10
2020-03-24 15:46:28.015109 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:53901
2020-03-24 15:46:28.015129 Need hold release from management interface, waiting...
2020-03-24 15:46:28.693007 *Tunnelblick: openvpnstart log:
     Loading tap-notarized.kext
     OpenVPN started successfully.
     Command used to start OpenVPN (one argument per displayed line):
          /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.4.7-openssl-1.0.2t/openvpn
          --daemon
          --log /Library/Application Support/Tunnelblick/Logs/-SUsers-Scaravaggio-SLibrary-SApplication Support-STunnelblick-SConfigurations-SGiuseppe.tblk-SContents-SResources-Sconfig.ovpn.769_0_1_0_1065842.53901.openvpn.log
          --cd /Library/Application Support/Tunnelblick/Users/caravaggio/Giuseppe.tblk/Contents/Resources
          --machine-readable-output
          --setenv IV_GUI_VER "net.tunnelblick.tunnelblick 5400 3.8.1 (build 5400)"
          --verb 3
          --config /Library/Application Support/Tunnelblick/Users/caravaggio/Giuseppe.tblk/Contents/Resources/config.ovpn
          --setenv TUNNELBLICK_CONFIG_FOLDER /Library/Application Support/Tunnelblick/Users/caravaggio/Giuseppe.tblk/Contents/Resources
          --verb 3
          --cd /Library/Application Support/Tunnelblick/Users/caravaggio/Giuseppe.tblk/Contents/Resources
          --management 127.0.0.1 53901 /Library/Application Support/Tunnelblick/ialeohhmkomijpfkkinhgfjphpdmikpebillbhje.mip
          --management-query-passwords
          --management-hold
          --redirect-gateway def1
          --script-security 2
          --up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -a -d -f -m -w -ptaADGNWrdsgnw
          --down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -a -d -f -m -w -ptaADGNWrdsgnw
          --route-pre-down /Applications/Tunnelblick.app/Contents/Resources/client.route-pre-down.tunnelblick.sh -9 -a -d -f -m -w -ptaADGNWrdsgnw
2020-03-24 15:46:28.700849 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:53901
2020-03-24 15:46:28.765900 MANAGEMENT: CMD 'pid'
2020-03-24 15:46:28.765956 MANAGEMENT: CMD 'auth-retry interact'
2020-03-24 15:46:28.766018 MANAGEMENT: CMD 'state on'
2020-03-24 15:46:28.766059 MANAGEMENT: CMD 'state'
2020-03-24 15:46:28.766141 MANAGEMENT: CMD 'bytecount 1'
2020-03-24 15:46:28.770547 *Tunnelblick: Established communication with OpenVPN
2020-03-24 15:46:28.772949 *Tunnelblick: >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
2020-03-24 15:46:28.775010 MANAGEMENT: CMD 'hold release'
2020-03-24 15:46:28.775961 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2020-03-24 15:46:28.775975 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2020-03-24 15:46:28.776779 TCP/UDP: Preserving recently used remote address: [AF_INET]87.27.220.122:1194
2020-03-24 15:46:28.776818 Socket Buffers: R=[196724->196724] S=[9216->9216]
2020-03-24 15:46:28.776827 UDP link local: (not bound)
2020-03-24 15:46:28.776836 UDP link remote: [AF_INET]87.27.220.122:1194
2020-03-24 15:46:28.776863 MANAGEMENT: >STATE:1585061188,WAIT,,,,,,
2020-03-24 15:46:28.799136 MANAGEMENT: >STATE:1585061188,AUTH,,,,,,
2020-03-24 15:46:28.799172 TLS: Initial packet from [AF_INET]87.27.220.122:1194, sid=92f1ff26 05449ff4
2020-03-24 15:46:28.838337 VERIFY OK: depth=0, CN=NethServer, O=Example Org, ST=SomeState, OU=Main, emailAddress=root@localhost.localdomain, C=--, L=Hometown
2020-03-24 15:46:28.893620 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
2020-03-24 15:46:28.893661 [NethServer] Peer Connection Initiated with [AF_INET]87.27.220.122:1194
2020-03-24 15:46:30.125784 MANAGEMENT: >STATE:1585061190,GET_CONFIG,,,,,,
2020-03-24 15:46:30.125840 SENT CONTROL [NethServer]: 'PUSH_REQUEST' (status=1)
2020-03-24 15:46:30.154856 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DOMAIN local.domain,dhcp-option DNS 192.168.1.1,dhcp-option WINS 192.168.1.1,dhcp-option NBDD 192.168.1.1,dhcp-option NBT 2,route-gateway 192.168.1.1,ping 20,ping-restart 120,ifconfig 192.168.1.203 255.255.255.0,peer-id 3,cipher AES-256-GCM'
2020-03-24 15:46:30.154978 OPTIONS IMPORT: timers and/or timeouts modified
2020-03-24 15:46:30.154986 OPTIONS IMPORT: --ifconfig/up options modified
2020-03-24 15:46:30.154991 OPTIONS IMPORT: route-related options modified
2020-03-24 15:46:30.154995 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2020-03-24 15:46:30.154999 OPTIONS IMPORT: peer-id set
2020-03-24 15:46:30.155003 OPTIONS IMPORT: adjusting link_mtu to 1656
2020-03-24 15:46:30.155007 OPTIONS IMPORT: data channel crypto options modified
2020-03-24 15:46:30.155012 Data Channel: using negotiated cipher 'AES-256-GCM'
2020-03-24 15:46:30.155148 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2020-03-24 15:46:30.155173 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2020-03-24 15:46:30.156366 TUN/TAP device /dev/tap0 opened
2020-03-24 15:46:30.156416 MANAGEMENT: >STATE:1585061190,ASSIGN_IP,,192.168.1.203,,,,
2020-03-24 15:46:30.156428 /sbin/ifconfig tap0 delete
                           ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2020-03-24 15:46:30.166654 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2020-03-24 15:46:30.166722 /sbin/ifconfig tap0 192.168.1.203 netmask 255.255.255.0 mtu 1500 up
2020-03-24 15:46:30.169602 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -a -d -f -m -w -ptaADGNWrdsgnw tap0 1500 1584 192.168.1.203 255.255.255.0 init
                           15:46:30 *Tunnelblick:  **********************************************
                           15:46:30 *Tunnelblick:  Start of output from client.up.tunnelblick.sh
                           15:46:32 *Tunnelblick:  Configuring tap DNS via OpenVPN
                           15:46:32 *Tunnelblick:  WARNING: 'foreign_option_4' = 'dhcp-option NBDD 192.168.1.1' ignored
                           15:46:32 *Tunnelblick:  WARNING: 'foreign_option_5' = 'dhcp-option NBT 2' ignored
                           15:46:32 *Tunnelblick:  Retrieved from OpenVPN: name server(s) [ 192.168.1.1 ], domain name [ local.domain ], search domain(s) [ ], and SMB server(s) [ 192.168.1.1 ]
                           15:46:32 *Tunnelblick:  WARNING: Ignoring ServerAddresses '192.168.1.1' because ServerAddresses was set manually and '-allowChangesToManuallySetNetworkSettings' was not specified
                           15:46:32 *Tunnelblick:  WARNING: Ignoring WINSAddresses '192.168.1.1' because WINSAddresses was set manually and '-allowChangesToManuallySetNetworkSettings' was not specified
                           15:46:32 *Tunnelblick:  Setting search domains to 'local.domain' because the search domains were not set manually (or are allowed to be changed) and 'Prepend domain name to search domains' was not selected
                           15:46:33 *Tunnelblick:  Saved the DNS and SMB configurations so they can be restored
                           15:46:33 *Tunnelblick:  Did not change DNS ServerAddresses setting of '192.168.1.1' (but re-set it)
                           15:46:33 *Tunnelblick:  Changed DNS SearchDomains setting from '' to 'local.domain'
                           15:46:33 *Tunnelblick:  Changed DNS DomainName setting from '' to 'local.domain'
                           15:46:33 *Tunnelblick:  Did not change SMB NetBIOSName setting of 'CARAVAGGIO'
                           15:46:33 *Tunnelblick:  Did not change SMB Workgroup setting of 'WORKGROUP'
                           15:46:33 *Tunnelblick:  Did not change SMB WINSAddresses setting of '208.67.222.222'
                           15:46:33 *Tunnelblick:  DNS servers '192.168.1.1' were set manually
                           15:46:33 *Tunnelblick:  DNS servers '192.168.1.1' will be used for DNS queries when the VPN is active
                           15:46:33 *Tunnelblick:  NOTE: The DNS servers do not include any free public DNS servers known to Tunnelblick. This may cause DNS queries to fail or be intercepted or falsified even if they are directed through the VPN. Specify only known public DNS servers or DNS servers located on the VPN network to avoid such problems.
                           15:46:33 *Tunnelblick:  Flushed the DNS cache via dscacheutil
                           15:46:33 *Tunnelblick:  /usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
                           15:46:33 *Tunnelblick:  Notified mDNSResponder that the DNS cache was flushed
                           15:46:33 *Tunnelblick:  Not notifying mDNSResponderHelper that the DNS cache was flushed because it is not running
                           15:46:33 *Tunnelblick:  Setting up to monitor system configuration with process-network-changes
                           15:46:33 *Tunnelblick:  End of output from client.up.tunnelblick.sh
                           15:46:33 *Tunnelblick:  **********************************************
2020-03-24 15:46:33.938598 /sbin/route add -net 87.27.220.122 192.168.1.1 255.255.255.255
                           add net 87.27.220.122: gateway 192.168.1.1
2020-03-24 15:46:33.942104 /sbin/route add -net 0.0.0.0 192.168.1.1 128.0.0.0
                           add net 0.0.0.0: gateway 192.168.1.1
2020-03-24 15:46:33.948089 /sbin/route add -net 128.0.0.0 192.168.1.1 128.0.0.0
                           add net 128.0.0.0: gateway 192.168.1.1
2020-03-24 15:46:33.950466 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2020-03-24 15:46:33.950556 Initialization Sequence Completed
2020-03-24 15:46:33.951597 MANAGEMENT: >STATE:1585061193,CONNECTED,SUCCESS,192.168.1.203,87.27.220.122,1194,,
2020-03-24 15:46:34.165869 *Tunnelblick: Warning: DNS server address 192.168.1.1 is not a public IP address and is not being routed through the VPN.


2020-03-24 15:46:38.408881 *Tunnelblick: process-network-changes: A system configuration change was ignored
2020-03-24 15:46:40.782061 *Tunnelblick: This computer's apparent public IP address (151.53.212.23) was unchanged after the connection was made

IcarusVPN
OpenVpn Newbie
Posts: 8
Joined: Sat Mar 19, 2016 3:14 am

Re: Tunnelblick: Warning: DNS server address 192.168.1.1 is not a public IP address and is not being routed through the

Post by IcarusVPN » Tue Jun 02, 2020 12:46 pm

Did you ever solve this? We are experiencing this with our ONE mac user. :roll:

Post Reply