OpenVPN connected but no traffic goes thorough

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
User avatar
Pippin
Forum Team
Posts: 1201
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: OpenVPN connected but no traffic goes thorough

Post by Pippin » Mon Aug 03, 2020 5:22 pm

And what about
2020-08-03 20:22:12.339284 /sbin/ifconfig utun8 10.8.0.2 10.8.0.2 netmask 255.255.255.0 mtu 1500 up
?
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp
Top
TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN connected but no traffic goes thorough

Post by TinCanTech » Mon Aug 03, 2020 5:46 pm

Pippin wrote:
Mon Aug 03, 2020 5:22 pm
 And what about
2020-08-03 20:22:12.339284 /sbin/ifconfig utun8 10.8.0.2 10.8.0.2 netmask 255.255.255.0 mtu 1500 up
?
Yes but:
houmie75 wrote:
Mon Aug 03, 2020 3:55 pm
 2020-08-03 20:22:12.328151 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 84.200.69.80,dhcp-option DNS 84.200.70.40,redirect-gateway def1 bypass-dhcp,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-128-GCM'
soooo ... I guess it's a Mac thing ?
Top
houmie75
OpenVPN Power User
Posts: 72
Joined: Wed Jul 22, 2020 7:46 pm

Re: OpenVPN connected but no traffic goes thorough

Post by houmie75 » Mon Aug 03, 2020 6:29 pm

TinCanTech wrote:
Mon Aug 03, 2020 5:01 pm
 Odd .. ;) -- Do both machines use the same internet connection ?
Yes, both are connected to the same Wifi. I can replicate the same issue on both Mac and iPhone, but Windows is fine. I have a theory. When I installed openVPN on Windows, I activated the recommended Tap. But on iOS/Mac I'm using Tun. Maybe there is a problem with that?

OpenVPN seems a lot more friendlier towards Windows it seems. :cry:
Top
TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN connected but no traffic goes thorough

Post by TinCanTech » Mon Aug 03, 2020 6:37 pm

On Windows the device is called a "TAP device driver" but it is used in TUN Mode.

If your server uses --dev tun (which it does if you use angristan) then all your clients must use --dev tun.

See --dev-type in the manual for details. And make sure that all your configs use --dev tun.
Top
houmie75
OpenVPN Power User
Posts: 72
Joined: Wed Jul 22, 2020 7:46 pm

Re: OpenVPN connected but no traffic goes thorough

Post by houmie75 » Sun Aug 16, 2020 11:55 am

Hey guys,

Hope all is well with you in these difficult times.

I'm now back in UK and was hoping to continue with my testing.
Once I connect to OpenVPN on Mac or iOS internet browsing is entirely stuck, so I continue digging into this issue, where we left it off.

Server Log:

Code: Select all

Sun Aug 16 11:35:23 2020 89.32.xxx.xxx:13704 PLUGIN_CALL: POST /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Sun Aug 16 11:35:23 2020 89.32.xxx.xxx:13704 TLS: Username/Password authentication succeeded for username 'myUser'
Sun Aug 16 11:35:23 2020 89.32.xxx.xxx:13704 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit EC, curve: prime256v1
Sun Aug 16 11:35:23 2020 89.32.xxx.xxx:13704 [clientx2] Peer Connection Initiated with [AF_INET6]::ffff:89.32.xxx.xxx:13704
Sun Aug 16 11:35:23 2020 clientx2/89.32.xxx.xxx:13704 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=fd42:42:42:42::1000
Sun Aug 16 11:35:23 2020 clientx2/89.32.xxx.xxx:13704 MULTI: Learn: 10.8.0.2 -> clientx2/89.32.xxx.xxx:13704
Sun Aug 16 11:35:23 2020 clientx2/89.32.xxx.xxx:13704 MULTI: primary virtual IP for clientx2/89.32.xxx.xxx:13704: 10.8.0.2
Sun Aug 16 11:35:23 2020 clientx2/89.32.xxx.xxx:13704 MULTI: Learn: fd42:42:42:42::1000 -> clientx2/89.32.xxx.xxx:13704
Sun Aug 16 11:35:23 2020 clientx2/89.32.xxx.xxx:13704 MULTI: primary virtual IPv6 for clientx2/89.32.xxx.xxx:13704: fd42:42:42:42::1000
Sun Aug 16 11:35:24 2020 clientx2/89.32.xxx.xxx:13704 PUSH: Received control message: 'PUSH_REQUEST'
Sun Aug 16 11:35:24 2020 clientx2/89.32.xxx.xxx:13704 SENT CONTROL [clientx2]: 'PUSH_REPLY,dhcp-option DNS 1.0.0.1,dhcp-option DNS 1.1.1.1,redirect-gateway def1 bypass-dhcp,tun-ipv6,route-ipv6 2000::/3,redirect-gateway ipv6,tun-ipv6,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 fd42:42:42:42::1000/112 fd42:42:42:42::1,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-128-GCM' (status=1)
Sun Aug 16 11:35:24 2020 clientx2/89.32.xxx.xxx:13704 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Sun Aug 16 11:35:24 2020 clientx2/89.32.xxx.xxx:13704 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Sun Aug 16 11:36:51 2020 clientx2/89.32.xxx.xxx:13704 SIGTERM[soft,remote-exit] received, client-instance exiting
Sun Aug 16 11:38:00 2020 89.32.xxx.xxx:13748 TLS: Initial packet from [AF_INET6]::ffff:89.32.xxx.xxx:13748, sid=ce751769 00d32882
Sun Aug 16 11:38:00 2020 89.32.xxx.xxx:13748 VERIFY OK: depth=1, CN=cn_Lq3Va8mQlXIRpI64
Sun Aug 16 11:38:00 2020 89.32.xxx.xxx:13748 VERIFY OK: depth=0, CN=clientx2
Sun Aug 16 11:38:00 2020 89.32.xxx.xxx:13748 peer info: IV_VER=2.4.9
Sun Aug 16 11:38:00 2020 89.32.xxx.xxx:13748 peer info: IV_PLAT=mac
Sun Aug 16 11:38:00 2020 89.32.xxx.xxx:13748 peer info: IV_PROTO=2
Sun Aug 16 11:38:00 2020 89.32.xxx.xxx:13748 peer info: IV_NCP=2
Sun Aug 16 11:38:00 2020 89.32.xxx.xxx:13748 peer info: IV_LZ4=1
Sun Aug 16 11:38:00 2020 89.32.xxx.xxx:13748 peer info: IV_LZ4v2=1
Sun Aug 16 11:38:00 2020 89.32.xxx.xxx:13748 peer info: IV_LZO=1
Sun Aug 16 11:38:00 2020 89.32.xxx.xxx:13748 peer info: IV_COMP_STUB=1
Sun Aug 16 11:38:00 2020 89.32.xxx.xxx:13748 peer info: IV_COMP_STUBv2=1
Sun Aug 16 11:38:00 2020 89.32.xxx.xxx:13748 peer info: IV_TCPNL=1
Sun Aug 16 11:38:00 2020 89.32.xxx.xxx:13748 peer info: IV_GUI_VER="net.tunnelblick.tunnelblick_5520_3.8.3__build_5520)"
Sun Aug 16 11:38:00 2020 89.32.xxx.xxx:13748 PLUGIN_CALL: POST /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Sun Aug 16 11:38:00 2020 89.32.xxx.xxx:13748 TLS: Username/Password authentication succeeded for username 'myUser'
Sun Aug 16 11:38:00 2020 89.32.xxx.xxx:13748 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit EC, curve: prime256v1
Sun Aug 16 11:38:00 2020 89.32.xxx.xxx:13748 [clientx2] Peer Connection Initiated with [AF_INET6]::ffff:89.32.xxx.xxx:13748
Sun Aug 16 11:38:00 2020 clientx2/89.32.xxx.xxx:13748 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=fd42:42:42:42::1000
Sun Aug 16 11:38:00 2020 clientx2/89.32.xxx.xxx:13748 MULTI: Learn: 10.8.0.2 -> clientx2/89.32.xxx.xxx:13748
Sun Aug 16 11:38:00 2020 clientx2/89.32.xxx.xxx:13748 MULTI: primary virtual IP for clientx2/89.32.xxx.xxx:13748: 10.8.0.2
Sun Aug 16 11:38:00 2020 clientx2/89.32.xxx.xxx:13748 MULTI: Learn: fd42:42:42:42::1000 -> clientx2/89.32.xxx.xxx:13748
Sun Aug 16 11:38:00 2020 clientx2/89.32.xxx.xxx:13748 MULTI: primary virtual IPv6 for clientx2/89.32.xxx.xxx:13748: fd42:42:42:42::1000
Sun Aug 16 11:38:01 2020 clientx2/89.32.xxx.xxx:13748 PUSH: Received control message: 'PUSH_REQUEST'
Sun Aug 16 11:38:01 2020 clientx2/89.32.xxx.xxx:13748 SENT CONTROL [clientx2]: 'PUSH_REPLY,dhcp-option DNS 1.0.0.1,dhcp-option DNS 1.1.1.1,redirect-gateway def1 bypass-dhcp,tun-ipv6,route-ipv6 2000::/3,redirect-gateway ipv6,tun-ipv6,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 fd42:42:42:42::1000/112 fd42:42:42:42::1,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-128-GCM' (status=1)
Sun Aug 16 11:38:01 2020 clientx2/89.32.xxx.xxx:13748 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Sun Aug 16 11:38:01 2020 clientx2/89.32.xxx.xxx:13748 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Sun Aug 16 11:39:01 2020 clientx2/89.32.xxx.xxx:13748 SIGTERM[soft,remote-exit] received, client-instance exiting

Client (Mac) log:
(one hour time difference is due to UTC vs BST)

Code: Select all

*Tunnelblick: macOS 10.15.6 (19G73); Tunnelblick 3.8.3 (build 5520); prior version 3.8.2a (build 5481); Admin user
git commit 603990d52feebdc721461b48c7512c888cb9d899


Configuration de-fsn-x-m2

"Sanitized" condensed configuration file for /Users/houmie/Library/Application Support/Tunnelblick/Configurations/de-fsn-x-m2.tblk:

auth-user-pass pass.txt.unknown
client
proto udp
explicit-exit-notify
remote 78.46.xx.xxx 1789
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_bsYaxxVlmDocafex name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
<ca>
[Security-related line(s) omitted]
</ca>
<cert>
[Security-related line(s) omitted]
</cert>
<key>
[Security-related line(s) omitted]
</key>
<tls-crypt>
[Security-related line(s) omitted]
</tls-crypt>


================================================================================

Files in de-fsn-x-m2.tblk:
      Contents/Resources/pas….unknown
      Contents/Resources/config.ovpn

================================================================================

Configuration preferences:

-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
-lastConnectionSucceeded = 1

================================================================================

Wildcard preferences:

-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0

================================================================================

Program preferences:

skipWarningThatIPANotFetchedBeforeConnection = 1
launchAtNextLogin = 1
tunnelblickVersionHistory = (
    "3.8.3 (build 5520)",
    "3.8.2a (build 5481)"
)
statusDisplayNumber = 0
lastLaunchTime = 618842655.581849
lastLanguageAtLaunchWasRTL = 0
connectionWindowDisplayCriteria = showWhenConnecting
maxLogDisplaySize = 102400
lastConnectedDisplayName = de-fsn-x-m2
keyboardShortcutIndex = 1
updateCheckAutomatically = 1
NSWindow Frame ConnectingWindow = 525 517 389 187 0 0 1440 877 
NSWindow Frame SUUpdateAlert = 410 363 620 392 0 0 1440 877 
detailsWindowFrameVersion = 5520
detailsWindowFrame = {{168, 262}, {920, 468}}
detailsWindowLeftFrame = {{0, 0}, {167, 350}}
detailsWindowViewIndex = 0
detailsWindowConfigurationsTabIdentifier = log
leftNavSelectedDisplayName = de-fsn-x-m2
AdvancedWindowTabIdentifier = connectingAndDisconnecting
haveDealtWithOldTunTapPreferences = 1
haveDealtWithOldLoginItem = 1
haveDealtWithAfterDisconnect = 1
SUEnableAutomaticChecks = 1
SUScheduledCheckInterval = 86400
SULastCheckTime = 2020-08-14 02:47:50 +0000
SUHasLaunchedBefore = 1
WebKitDefaultFontSize = 16
WebKitStandardFont = Times

================================================================================

Forced preferences:

(None)

================================================================================

Deployed forced preferences:

(None)

================================================================================

Tunnelblick Log:

2020-08-16 12:37:59.042781 *Tunnelblick: macOS 10.15.6 (19G73); Tunnelblick 3.8.3 (build 5520); prior version 3.8.2a (build 5481)
2020-08-16 12:37:59.500813 *Tunnelblick: Attempting connection with de-fsn-x-m2 using shadow copy; Set nameserver = 769; monitoring connection
2020-08-16 12:37:59.501056 *Tunnelblick: openvpnstart start de-fsn-x-m2.tblk 51139 769 0 1 0 1098032 -ptADGNWradsgnw 2.4.9-openssl-1.1.1g
2020-08-16 12:37:59.521201 *Tunnelblick: openvpnstart starting OpenVPN
2020-08-16 12:37:59.694171 Unrecognized option or missing or extra parameter(s) in /Library/Application Support/Tunnelblick/Users/houmie/de-fsn-x-m2.tblk/Contents/Resources/config.ovpn:20: block-outside-dns (2.4.9)
2020-08-16 12:37:59.694721 OpenVPN 2.4.9 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jul 24 2020
2020-08-16 12:37:59.694740 library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10
2020-08-16 12:37:59.695650 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:51139
2020-08-16 12:37:59.695672 Need hold release from management interface, waiting...
2020-08-16 12:38:00.124483 *Tunnelblick: openvpnstart log:
     OpenVPN started successfully.
     Command used to start OpenVPN (one argument per displayed line):
          /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.4.9-openssl-1.1.1g/openvpn
          --daemon
          --log /Library/Application Support/Tunnelblick/Logs/-SUsers-Shoumie-SLibrary-SApplication Support-STunnelblick-SConfigurations-Sde--fsn--x--m2.tblk-SContents-SResources-Sconfig.ovpn.769_0_1_0_1098032.51139.openvpn.log
          --cd /Library/Application Support/Tunnelblick/Users/houmie/de-fsn-x-m2.tblk/Contents/Resources
          --machine-readable-output
          --setenv IV_GUI_VER "net.tunnelblick.tunnelblick 5520 3.8.3 (build 5520)"
          --verb 3
          --config /Library/Application Support/Tunnelblick/Users/houmie/de-fsn-x-m2.tblk/Contents/Resources/config.ovpn
          --setenv TUNNELBLICK_CONFIG_FOLDER /Library/Application Support/Tunnelblick/Users/houmie/de-fsn-x-m2.tblk/Contents/Resources
          --verb 3
          --cd /Library/Application Support/Tunnelblick/Users/houmie/de-fsn-x-m2.tblk/Contents/Resources
          --management 127.0.0.1 51139 /Library/Application Support/Tunnelblick/dpldianofjndlnlmephklpdjdjanalngiefgnlac.mip
          --management-query-passwords
          --management-hold
          --script-security 2
          --route-up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
          --down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
2020-08-16 12:38:00.128756 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:51139
2020-08-16 12:38:00.157388 MANAGEMENT: CMD 'pid'
2020-08-16 12:38:00.157448 MANAGEMENT: CMD 'auth-retry interact'
2020-08-16 12:38:00.157467 MANAGEMENT: CMD 'state on'
2020-08-16 12:38:00.157480 MANAGEMENT: CMD 'state'
2020-08-16 12:38:00.157501 MANAGEMENT: CMD 'bytecount 1'
2020-08-16 12:38:00.163797 *Tunnelblick: Established communication with OpenVPN
2020-08-16 12:38:00.177731 *Tunnelblick: >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
2020-08-16 12:38:00.179858 MANAGEMENT: CMD 'hold release'
2020-08-16 12:38:00.180014 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2020-08-16 12:38:00.181801 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2020-08-16 12:38:00.181832 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2020-08-16 12:38:00.181841 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2020-08-16 12:38:00.181850 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2020-08-16 12:38:00.181958 TCP/UDP: Preserving recently used remote address: [AF_INET]78.46.xx.xxx:1789
2020-08-16 12:38:00.182006 Socket Buffers: R=[786896->786896] S=[9216->9216]
2020-08-16 12:38:00.182016 UDP link local: (not bound)
2020-08-16 12:38:00.182025 UDP link remote: [AF_INET]78.46.xx.xxx:1789
2020-08-16 12:38:00.182043 MANAGEMENT: >STATE:1597577880,WAIT,,,,,,
2020-08-16 12:38:00.213046 MANAGEMENT: >STATE:1597577880,AUTH,,,,,,
2020-08-16 12:38:00.213117 TLS: Initial packet from [AF_INET]78.46.xx.xxx:1789, sid=225bcecf 918e160f
2020-08-16 12:38:00.268574 VERIFY OK: depth=1, CN=cn_Lq3Va8mQlXIRpI64
2020-08-16 12:38:00.270302 VERIFY KU OK
2020-08-16 12:38:00.270376 Validating certificate extended key usage
2020-08-16 12:38:00.270395 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2020-08-16 12:38:00.270407 VERIFY EKU OK
2020-08-16 12:38:00.270418 VERIFY X509NAME OK: CN=server_bsYaxxVlmDocafex
2020-08-16 12:38:00.270428 VERIFY OK: depth=0, CN=server_bsYaxxVlmDocafex
2020-08-16 12:38:00.668279 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit EC, curve: prime256v1
2020-08-16 12:38:00.668449 [server_bsYaxxVlmDocafex] Peer Connection Initiated with [AF_INET]78.46.xx.xxx:1789
2020-08-16 12:38:01.916693 MANAGEMENT: >STATE:1597577881,GET_CONFIG,,,,,,
2020-08-16 12:38:01.916914 SENT CONTROL [server_bsYaxxVlmDocafex]: 'PUSH_REQUEST' (status=1)
2020-08-16 12:38:01.969892 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 1.0.0.1,dhcp-option DNS 1.1.1.1,redirect-gateway def1 bypass-dhcp,tun-ipv6,route-ipv6 2000::/3,redirect-gateway ipv6,tun-ipv6,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 fd42:42:42:42::1000/112 fd42:42:42:42::1,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-128-GCM'
2020-08-16 12:38:01.970263 OPTIONS IMPORT: timers and/or timeouts modified
2020-08-16 12:38:01.970311 OPTIONS IMPORT: --ifconfig/up options modified
2020-08-16 12:38:01.970334 OPTIONS IMPORT: route options modified
2020-08-16 12:38:01.970355 OPTIONS IMPORT: route-related options modified
2020-08-16 12:38:01.970375 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2020-08-16 12:38:01.970395 OPTIONS IMPORT: peer-id set
2020-08-16 12:38:01.970414 OPTIONS IMPORT: adjusting link_mtu to 1624
2020-08-16 12:38:01.970434 OPTIONS IMPORT: data channel crypto options modified
2020-08-16 12:38:01.970638 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
2020-08-16 12:38:01.970721 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
2020-08-16 12:38:01.972387 GDG6: remote_host_ipv6=n/a
2020-08-16 12:38:01.972728 Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16)
2020-08-16 12:38:01.972765 Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16)
2020-08-16 12:38:01.972787 Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16)
2020-08-16 12:38:01.972807 Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16)
2020-08-16 12:38:01.972826 Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16)
2020-08-16 12:38:01.972845 Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16)
2020-08-16 12:38:01.972864 Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16)
2020-08-16 12:38:01.972883 Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16)
2020-08-16 12:38:01.973093 Opened utun device utun8
2020-08-16 12:38:01.973137 MANAGEMENT: >STATE:1597577881,ASSIGN_IP,,10.8.0.2,,,,,fd42:42:42:42::1000
2020-08-16 12:38:01.973157 /sbin/ifconfig utun8 delete
                           ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2020-08-16 12:38:01.976484 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2020-08-16 12:38:01.976545 /sbin/ifconfig utun8 10.8.0.2 10.8.0.2 netmask 255.255.255.0 mtu 1500 up
2020-08-16 12:38:01.979457 /sbin/route add -net 10.8.0.0 10.8.0.2 255.255.255.0
                           add net 10.8.0.0: gateway 10.8.0.2
2020-08-16 12:38:01.984407 /sbin/ifconfig utun8 inet6 fd42:42:42:42::1000/112
2020-08-16 12:38:01.988144 add_route_ipv6(fd42:42:42:42::/112 -> fd42:42:42:42::1000 metric 0) dev utun8
2020-08-16 12:38:01.988195 /sbin/route add -inet6 fd42:42:42:42:: -prefixlen 112 -iface utun8
                           route: writing to routing socket: File exists
                           add net fd42:42:42:42::: gateway utun8: File exists
2020-08-16 12:38:01.991520 /sbin/route add -net 78.46.xx.xxx 192.168.1.1 255.255.255.255
                           add net 78.46.xx.xxx: gateway 192.168.1.1
2020-08-16 12:38:01.993398 /sbin/route add -net 0.0.0.0 10.8.0.1 128.0.0.0
                           add net 0.0.0.0: gateway 10.8.0.1
2020-08-16 12:38:01.994948 /sbin/route add -net 128.0.0.0 10.8.0.1 128.0.0.0
                           add net 128.0.0.0: gateway 10.8.0.1
2020-08-16 12:38:01.996492 add_route_ipv6(2000::/3 -> fd42:42:42:42::1 metric -1) dev utun8
2020-08-16 12:38:01.996525 /sbin/route add -inet6 2000:: -prefixlen 3 -iface utun8
                           add net 2000::: gateway utun8
2020-08-16 12:38:01.998677 add_route_ipv6(::/3 -> fd42:42:42:42::1 metric -1) dev utun8
2020-08-16 12:38:01.998790 /sbin/route add -inet6 :: -prefixlen 3 -iface utun8
                           add net ::: gateway utun8
2020-08-16 12:38:02.001076 add_route_ipv6(2000::/4 -> fd42:42:42:42::1 metric -1) dev utun8
2020-08-16 12:38:02.001108 /sbin/route add -inet6 2000:: -prefixlen 4 -iface utun8
                           add net 2000::: gateway utun8
2020-08-16 12:38:02.003569 add_route_ipv6(3000::/4 -> fd42:42:42:42::1 metric -1) dev utun8
2020-08-16 12:38:02.003612 /sbin/route add -inet6 3000:: -prefixlen 4 -iface utun8
                           add net 3000::: gateway utun8
2020-08-16 12:38:02.006097 add_route_ipv6(fc00::/7 -> fd42:42:42:42::1 metric -1) dev utun8
2020-08-16 12:38:02.006134 /sbin/route add -inet6 fc00:: -prefixlen 7 -iface utun8
                           add net fc00::: gateway utun8
                           12:38:02 *Tunnelblick:  **********************************************
                           12:38:02 *Tunnelblick:  Start of output from client.up.tunnelblick.sh
                           12:38:04 *Tunnelblick:  Disabled IPv6 for 'USB 10/100/1000 LAN'
                           12:38:04 *Tunnelblick:  Disabled IPv6 for 'Wi-Fi'
                           12:38:04 *Tunnelblick:  Disabled IPv6 for 'Bluetooth PAN'
                           12:38:04 *Tunnelblick:  Disabled IPv6 for 'Thunderbolt Bridge'
                           12:38:04 *Tunnelblick:  Retrieved from OpenVPN: name server(s) [ 1.0.0.1 1.1.1.1 ], search domain(s) [ ] and SMB server(s) [ ] and using default domain name [ openvpn ]
                           12:38:04 *Tunnelblick:  Not aggregating ServerAddresses because running on macOS 10.6 or higher
                           12:38:04 *Tunnelblick:  Setting search domains to 'openvpn' because the search domains were not set manually (or are allowed to be changed) and 'Prepend domain name to search domains' was not selected
                           12:38:05 *Tunnelblick:  Saved the DNS and SMB configurations so they can be restored
                           12:38:05 *Tunnelblick:  Changed DNS ServerAddresses setting from '192.168.1.1' to '1.0.0.1 1.1.1.1'
                           12:38:05 *Tunnelblick:  Changed DNS SearchDomains setting from '' to 'openvpn'
                           12:38:05 *Tunnelblick:  Changed DNS DomainName setting from 'mynet' to 'openvpn'
                           12:38:05 *Tunnelblick:  Did not change SMB NetBIOSName setting of ''
                           12:38:05 *Tunnelblick:  Did not change SMB Workgroup setting of ''
                           12:38:05 *Tunnelblick:  Did not change SMB WINSAddresses setting of ''
                           12:38:05 *Tunnelblick:  DNS servers '1.0.0.1 1.1.1.1' will be used for DNS queries when the VPN is active
                           12:38:05 *Tunnelblick:  The DNS servers include only free public DNS servers known to Tunnelblick.
                           12:38:05 *Tunnelblick:  Flushed the DNS cache via dscacheutil
                           12:38:05 *Tunnelblick:  /usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
                           12:38:05 *Tunnelblick:  Notified mDNSResponder that the DNS cache was flushed
                           12:38:05 *Tunnelblick:  Not notifying mDNSResponderHelper that the DNS cache was flushed because it is not running
                           12:38:05 *Tunnelblick:  Setting up to monitor system configuration with process-network-changes
                           12:38:05 *Tunnelblick:  End of output from client.up.tunnelblick.sh
                           12:38:05 *Tunnelblick:  **********************************************
2020-08-16 12:38:05.848901 Initialization Sequence Completed
2020-08-16 12:38:05.848980 MANAGEMENT: >STATE:1597577885,CONNECTED,SUCCESS,10.8.0.2,78.46.xx.xxx,1789,,,fd42:42:42:42::1000
2020-08-16 12:38:07.066963 *Tunnelblick: DNS address 1.0.0.1 is being routed through the VPN
2020-08-16 12:38:07.174453 *Tunnelblick: DNS address 1.1.1.1 is being routed through the VPN

================================================================================

Down log:

12:36:52 *Tunnelblick:  **********************************************
12:36:52 *Tunnelblick:  Start of output from client.down.tunnelblick.sh
12:36:52 *Tunnelblick:  Cancelled monitoring system configuration changes
12:36:52 *Tunnelblick:  Restored State:DNS
12:36:52 *Tunnelblick:  Removed Setup:DNS
12:36:52 *Tunnelblick:  Removed State:SMB
12:36:52 *Tunnelblick:  Restored DNS and SMB settings
12:36:52 *Tunnelblick:  Re-enabled IPv6 (automatic) for "USB 10/100/1000 LAN"
12:36:52 *Tunnelblick:  Re-enabled IPv6 (automatic) for "Wi-Fi"
12:36:52 *Tunnelblick:  Re-enabled IPv6 (automatic) for "Bluetooth PAN"
12:36:52 *Tunnelblick:  Re-enabled IPv6 (automatic) for "Thunderbolt Bridge"
12:36:52 *Tunnelblick:  Flushed the DNS cache with dscacheutil -flushcache
12:36:52 *Tunnelblick:  Notified mDNSResponder that the DNS cache was flushed
12:36:52 *Tunnelblick:  End of output from client.down.tunnelblick.sh
12:36:52 *Tunnelblick:  **********************************************

================================================================================

Previous down log:

19:02:38 *Tunnelblick:  **********************************************
19:02:38 *Tunnelblick:  Start of output from client.down.tunnelblick.sh
19:02:38 *Tunnelblick:  Cancelled monitoring system configuration changes
19:02:38 *Tunnelblick:  Restored State:DNS
19:02:38 *Tunnelblick:  Removed Setup:DNS
19:02:38 *Tunnelblick:  Removed State:SMB
19:02:38 *Tunnelblick:  Restored DNS and SMB settings
19:02:38 *Tunnelblick:  Re-enabled IPv6 (automatic) for "USB 10/100/1000 LAN"
19:02:38 *Tunnelblick:  Re-enabled IPv6 (automatic) for "Wi-Fi"
19:02:38 *Tunnelblick:  Re-enabled IPv6 (automatic) for "Bluetooth PAN"
19:02:38 *Tunnelblick:  Re-enabled IPv6 (automatic) for "Thunderbolt Bridge"
19:02:38 *Tunnelblick:  Flushed the DNS cache with dscacheutil -flushcache
19:02:38 *Tunnelblick:  Notified mDNSResponder that the DNS cache was flushed
19:02:38 *Tunnelblick:  End of output from client.down.tunnelblick.sh
19:02:38 *Tunnelblick:  **********************************************

================================================================================

Network services:

An asterisk (*) denotes that a network service is disabled.
USB 10/100/1000 LAN
Wi-Fi
Bluetooth PAN
Thunderbolt Bridge

Wi-Fi Power (en0): On

================================================================================

ifconfig output:

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
	options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
	inet 127.0.0.1 netmask 0xff000000 
	inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 
	nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en5: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	ether ac:de:48:00:11:22 
	inet6 fe80::aede:48ff:fe00:1122%en5 prefixlen 64 scopeid 0x4 
	nd6 options=201<PERFORMNUD,DAD>
	media: autoselect (100baseTX <full-duplex>)
	status: active
ap1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
	options=400<CHANNEL_IO>
	ether f2:18:98:21:2e:c7 
	media: autoselect
	status: inactive
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=400<CHANNEL_IO>
	ether f0:18:98:21:2e:c7 
	inet 192.168.1.105 netmask 0xffffff00 broadcast 192.168.1.255
	nd6 options=201<PERFORMNUD,DAD>
	media: autoselect
	status: active
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
	options=400<CHANNEL_IO>
	ether 02:18:98:21:2e:c7 
	media: autoselect
	status: inactive
awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1484
	options=400<CHANNEL_IO>
	ether 52:b6:a6:4d:16:d6 
	inet6 fe80::50b6:a6ff:fe4d:16d6%awdl0 prefixlen 64 scopeid 0x8 
	nd6 options=201<PERFORMNUD,DAD>
	media: autoselect
	status: active
llw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=400<CHANNEL_IO>
	ether 52:b6:a6:4d:16:d6 
	inet6 fe80::50b6:a6ff:fe4d:16d6%llw0 prefixlen 64 scopeid 0x9 
	nd6 options=201<PERFORMNUD,DAD>
	media: autoselect
	status: active
en1: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
	options=460<TSO4,TSO6,CHANNEL_IO>
	ether 82:39:d6:02:b0:01 
	media: autoselect <full-duplex>
	status: inactive
en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
	options=460<TSO4,TSO6,CHANNEL_IO>
	ether 82:39:d6:02:b0:00 
	media: autoselect <full-duplex>
	status: inactive
en3: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
	options=460<TSO4,TSO6,CHANNEL_IO>
	ether 82:39:d6:02:b0:05 
	media: autoselect <full-duplex>
	status: inactive
en4: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
	options=460<TSO4,TSO6,CHANNEL_IO>
	ether 82:39:d6:02:b0:04 
	media: autoselect <full-duplex>
	status: inactive
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=63<RXCSUM,TXCSUM,TSO4,TSO6>
	ether 82:39:d6:02:b0:01 
	Configuration:
		id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
		maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
		root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
		ipfilter disabled flags 0x0
	member: en1 flags=3<LEARNING,DISCOVER>
	        ifmaxaddr 0 port 10 priority 0 path cost 0
	member: en2 flags=3<LEARNING,DISCOVER>
	        ifmaxaddr 0 port 11 priority 0 path cost 0
	member: en3 flags=3<LEARNING,DISCOVER>
	        ifmaxaddr 0 port 12 priority 0 path cost 0
	member: en4 flags=3<LEARNING,DISCOVER>
	        ifmaxaddr 0 port 13 priority 0 path cost 0
	nd6 options=201<PERFORMNUD,DAD>
	media: <unknown type>
	status: inactive
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
	inet6 fe80::2154:16a2:bd4:d510%utun0 prefixlen 64 scopeid 0xf 
	nd6 options=201<PERFORMNUD,DAD>
utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
	inet6 fe80::8919:30d6:7df0:ee44%utun1 prefixlen 64 scopeid 0x10 
	nd6 options=201<PERFORMNUD,DAD>
utun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
	inet6 fe80::c182:48c6:c4b7:9206%utun2 prefixlen 64 scopeid 0x13 
	nd6 options=201<PERFORMNUD,DAD>
utun3: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
	inet6 fe80::1aa:5461:bf33:fcc4%utun3 prefixlen 64 scopeid 0x14 
	nd6 options=201<PERFORMNUD,DAD>
utun4: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
	inet6 fe80::5847:44fe:4cab:3876%utun4 prefixlen 64 scopeid 0x15 
	nd6 options=201<PERFORMNUD,DAD>
utun5: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
	inet6 fe80::fcba:107:77f0:1229%utun5 prefixlen 64 scopeid 0x16 
	nd6 options=201<PERFORMNUD,DAD>
utun6: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
	inet6 fe80::ee35:cc8e:f619:c986%utun6 prefixlen 64 scopeid 0x17 
	nd6 options=201<PERFORMNUD,DAD>
utun7: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
	inet6 fe80::9d22:4ea4:9d8c:fbb5%utun7 prefixlen 64 scopeid 0x18 
	nd6 options=201<PERFORMNUD,DAD>
utun8: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
	inet 10.8.0.2 --> 10.8.0.2 netmask 0xffffff00 
	inet6 fe80::aede:48ff:fe00:1122%utun8 prefixlen 64 scopeid 0x1a 
	inet6 fd42:42:42:42::1000 prefixlen 112 
	nd6 options=201<PERFORMNUD,DAD>

================================================================================

Non-Apple kexts that are loaded:

Index Refs Address            Size       Wired      Name (Version) UUID <Linked Against>

================================================================================

Quit Log:

2020-08-11 16:58:23.464886 applicationShouldTerminate: termination because of restart; delayed until 'shutdownTunnelblick' finishes)
2020-08-11 16:58:23.471692 shutDownTunnelblick: started.
2020-08-11 16:58:23.472707 shutDownTunnelblick: Starting cleanup.
2020-08-11 16:58:23.478380 cleanup: Entering cleanup
2020-08-11 16:58:23.479768 synchronized user defaults
2020-08-11 16:58:24.745228 Set up flag files for shutting down the computer and expecting all configurations to be disconnected
2020-08-11 16:58:24.745729 doDisconnectionsForShuttingDownComputer: Set 'expect disconnect 1 ALL'
2020-08-11 16:58:24.746501 Started disconnecting all configurations
2020-08-11 16:58:24.747518 Skipping cleanup because computer is shutting down or restarting
2020-08-11 16:58:24.747887 shutDownTunnelblick: Cleanup finished.
2020-08-11 16:58:24.748252 Finished shutting down Tunnelblick; allowing termination

================================================================================

Console Log:

2020-08-16 12:33:22.647899 Tunnelblick[3122] The OpenVPN log contains the following message: 
                                       
                                       "Unrecognized option or missing or extra parameter(s)".
                                       
                                       This error means that an option that is contained in the OpenVPN configuration file or was "pushed" by the OpenVPN server:
                                       
                                            • has been misspelled,
                                       
                                            • has missing or extra arguments, or
                                       
                                            • is not implemented by the version of OpenVPN which is being used for this configuration. It may be a new option that is not implemented in an old version of OpenVPN, or an old option that has been removed in a new version of OpenVPN. You can choose what version of OpenVPN to use with this configuration in the "Settings" tab of the "Configurations" panel of Tunnelblick's "VPN Details" window.
                                       
                                       See the VPN log in the "Log" tab of the "Configurations" panel of Tunnelblick's "VPN Details" window for details.
2020-08-16 12:33:26.629297 Tunnelblick[3122] The OpenVPN log contains the following message: 
                                       
                                       "Unrecognized option or missing or extra parameter(s)".
                                       
                                       This error means that an option that is contained in the OpenVPN configuration file or was "pushed" by the OpenVPN server:
                                       
                                            • has been misspelled,
                                       
                                            • has missing or extra arguments, or
                                       
                                            • is not implemented by the version of OpenVPN which is being used for this configuration. It may be a new option that is not implemented in an old version of OpenVPN, or an old option that has been removed in a new version of OpenVPN. You can choose what version of OpenVPN to use with this configuration in the "Settings" tab of the "Configurations" panel of Tunnelblick's "VPN Details" window.
                                       
                                       See the VPN log in the "Log" tab of the "Configurations" panel of Tunnelblick's "VPN Details" window for details.
2020-08-16 12:33:32.707216 Tunnelblick[3122] Tunnelblick needs to perform an action that requires a computer administrator's authorization.
2020-08-16 12:33:32.707298 Tunnelblick[3122] Beginning installation or repair
2020-08-16 12:33:32.929585 Tunnelblick[3122] Installation or repair succeeded; Log:
                                       Tunnelblick installer started 2020-08-16 12:33:32.783361. 2 arguments: 0x2001
                                            /Users/houmie/Library/Application Support/Tunnelblick/Configurations/client13.tblk
                                       getuid() = 501; getgid() = 20; geteuid() = 0; getegid() = 20
                                       Created or checked '/Users/houmie/Library/Application Support/Tunnelblick'; owner = 501:80; permissions = 488
                                       Changed ownership of /Users/houmie/Library/Application Support/Tunnelblick/Configurations from 0:0 to 501:80
                                       Changed permissions from 755 to 750 on /Users/houmie/Library/Application Support/Tunnelblick/Configurations
                                       Created or checked '/Users/houmie/Library/Application Support/Tunnelblick/Configurations'; owner = 501:80; permissions = 488
                                       removed /Users/houmie/Library/Application Support/Tunnelblick/Configurations/client13.tblk
                                       removed /Library/Application Support/Tunnelblick/Users/houmie/client13.tblk
                                       Tunnelblick installer finished without error
2020-08-16 12:33:32.929734 Tunnelblick[3122] Deleted '/Users/houmie/Library/Application Support/Tunnelblick/Configurations/client13.tblk'
2020-08-16 12:33:32.937033 Tunnelblick[3122] Tunnelblick needs to perform an action that requires a computer administrator's authorization.
2020-08-16 12:33:32.937094 Tunnelblick[3122] Beginning installation or repair
2020-08-16 12:33:33.124035 Tunnelblick[3122] Installation or repair succeeded; Log:
                                       Tunnelblick installer started 2020-08-16 12:33:32.978798. 2 arguments: 0x2001
                                            /Users/houmie/Library/Application Support/Tunnelblick/Configurations/client14.tblk
                                       getuid() = 501; getgid() = 20; geteuid() = 0; getegid() = 20
                                       Created or checked '/Users/houmie/Library/Application Support/Tunnelblick'; owner = 501:80; permissions = 488
                                       Created or checked '/Users/houmie/Library/Application Support/Tunnelblick/Configurations'; owner = 501:80; permissions = 488
                                       removed /Users/houmie/Library/Application Support/Tunnelblick/Configurations/client14.tblk
                                       removed /Library/Application Support/Tunnelblick/Users/houmie/client14.tblk
                                       Tunnelblick installer finished without error
2020-08-16 12:33:33.124254 Tunnelblick[3122] Deleted '/Users/houmie/Library/Application Support/Tunnelblick/Configurations/client14.tblk'
2020-08-16 12:35:12.143858 Tunnelblick[3122] isOnRemoteVolume: will check parent of '/private/var/folders/56/_c8rw0g563x2bd_8skf57wnw0000gn/T/Tunnelblick-0YuK8N'
2020-08-16 12:35:12.145166 Tunnelblick[3122] isOnRemoteVolume: will check parent of '/private/var/folders/56/_c8rw0g563x2bd_8skf57wnw0000gn/T/Tunnelblick-0YuK8N/de-fsn-x-m2.tblk/Contents/Resources'
2020-08-16 12:35:12.191489 Tunnelblick[3122] Converting/Installing /Users/houmie/Downloads/de-fsn-x-m2.ovpn at line 1: Added a '.unknown' extension to pass.txt so it will be secured properly
2020-08-16 12:35:12.192152 Tunnelblick[3122] Converting/Installing /Users/houmie/Downloads/de-fsn-x-m2.ovpn at line 1: Copied pass.txt.unknown
2020-08-16 12:35:12.192372 Tunnelblick[3122] Changed permissions from 644 to 740 on /private/var/folders/56/_c8rw0g563x2bd_8skf57wnw0000gn/T/Tunnelblick-0YuK8N/de-fsn-x-m2.tblk/Contents/Resources/pass.txt.unknown
2020-08-16 12:35:12.192526 Tunnelblick[3122] isOnRemoteVolume: will check parent of '/private/var/folders/56/_c8rw0g563x2bd_8skf57wnw0000gn/T/Tunnelblick-0YuK8N/de-fsn-x-m2.tblk/Contents/Resources/config.ovpn'
2020-08-16 12:35:12.193099 Tunnelblick[3122] Converting/Installing /Users/houmie/Downloads/de-fsn-x-m2.ovpn: Converted OpenVPN configuration
2020-08-16 12:35:16.467343 Tunnelblick[3122] Tunnelblick needs to perform an action that requires a computer administrator's authorization.
2020-08-16 12:35:16.467424 Tunnelblick[3122] Beginning installation or repair
2020-08-16 12:35:16.557913 Tunnelblick[3122] Installation or repair succeeded; Log:
                                       Tunnelblick installer started 2020-08-16 12:35:16.512344. 3 arguments: 0x0001
                                            /Users/houmie/Library/Application Support/Tunnelblick/Configurations/de-fsn-x-m2.tblk
                                            /private/var/folders/56/_c8rw0g563x2bd_8skf57wnw0000gn/T/Tunnelblick-0YuK8N/de-fsn-x-m2.tblk
                                       getuid() = 501; getgid() = 20; geteuid() = 0; getegid() = 20
                                       Created or checked '/Users/houmie/Library/Application Support/Tunnelblick'; owner = 501:80; permissions = 488
                                       Created or checked '/Users/houmie/Library/Application Support/Tunnelblick/Configurations'; owner = 501:80; permissions = 488
                                       Changed ownership of /Users/houmie/Library/Application Support/Tunnelblick/Configurations from 501:80 to 0:0
                                       Changed permissions from 750 to 755 on /Users/houmie/Library/Application Support/Tunnelblick/Configurations
                                       Copied /private/var/folders/56/_c8rw0g563x2bd_8skf57wnw0000gn/T/Tunnelblick-0YuK8N/de-fsn-x-m2.tblk
                                           to /Users/houmie/Library/Application Support/Tunnelblick/Configurations/de-fsn-x-m2.tblk.temp
                                       Renamed /Users/houmie/Library/Application Support/Tunnelblick/Configurations/de-fsn-x-m2.tblk.temp
                                            to /Users/houmie/Library/Application Support/Tunnelblick/Configurations/de-fsn-x-m2.tblk
                                       Changed ownership of /Users/houmie/Library/Application Support/Tunnelblick/Configurations/de-fsn-x-m2.tblk and its contents from 501:20 to 501:80
                                       Copied /Users/houmie/Library/Application Support/Tunnelblick/Configurations/de-fsn-x-m2.tblk
                                           to /Library/Application Support/Tunnelblick/Users/houmie/de-fsn-x-m2.tblk.temp
                                       Renamed /Library/Application Support/Tunnelblick/Users/houmie/de-fsn-x-m2.tblk.temp
                                            to /Library/Application Support/Tunnelblick/Users/houmie/de-fsn-x-m2.tblk
                                       Changed ownership of /Library/Application Support/Tunnelblick/Users/houmie/de-fsn-x-m2.tblk and its contents from 501:80 to 0:0
                                       Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/houmie/de-fsn-x-m2.tblk
                                       Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/houmie/de-fsn-x-m2.tblk/Contents
                                       Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/houmie/de-fsn-x-m2.tblk/Contents/Resources
                                       Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/houmie/de-fsn-x-m2.tblk/Contents/Resources/pass.txt.unknown
                                       Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/houmie/de-fsn-x-m2.tblk/Contents/Resources/config.ovpn
                                       Created secure (shadow) copy of de-fsn-x-m2.tblk
                                       Tunnelblick installer finished without error
2020-08-16 12:36:12.200925 Tunnelblick[3122] currentIPInfo(Name): IP address info could not be fetched within 38.3 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={NSUnderlyingError=0x60000205d5f0 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "The request timed out." UserInfo={NSErrorFailingURLStringKey=https://tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://tunnelblick.net/ipinfo, _kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4, NSLocalizedDescription=The request timed out.}}, NSErrorFailingURLStringKey=https://tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://tunnelblick.net/ipinfo, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-2102, NSLocalizedDescription=The request timed out.}'; the response was '(null)'
2020-08-16 12:36:44.288752 Tunnelblick[3122] The OpenVPN log contains the following message: 
                                       
                                       "Unrecognized option or missing or extra parameter(s)".
                                       
                                       This error means that an option that is contained in the OpenVPN configuration file or was "pushed" by the OpenVPN server:
                                       
                                            • has been misspelled,
                                       
                                            • has missing or extra arguments, or
                                       
                                            • is not implemented by the version of OpenVPN which is being used for this configuration. It may be a new option that is not implemented in an old version of OpenVPN, or an old option that has been removed in a new version of OpenVPN. You can choose what version of OpenVPN to use with this configuration in the "Settings" tab of the "Configurations" panel of Tunnelblick's "VPN Details" window.
                                       
                                       See the VPN log in the "Log" tab of the "Configurations" panel of Tunnelblick's "VPN Details" window for details.
2020-08-16 12:36:51.065281 Tunnelblick[3122] currentIPInfo(Address): IP address info could not be fetched within 38.9 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={NSUnderlyingError=0x60000206d860 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "The request timed out." UserInfo={NSErrorFailingURLStringKey=https://205.233.73.116/ipinfo, NSErrorFailingURLKey=https://205.233.73.116/ipinfo, _kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4, NSLocalizedDescription=The request timed out.}}, NSErrorFailingURLStringKey=https://205.233.73.116/ipinfo, NSErrorFailingURLKey=https://205.233.73.116/ipinfo, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-2102, NSLocalizedDescription=The request timed out.}'; the response was '(null)'
2020-08-16 12:36:51.065658 Tunnelblick[3122] An error occurred fetching IP address information after connecting
2020-08-16 12:36:51.694554 Tunnelblick[3122] Set 'expect disconnect 1 -SLibrary-SApplication Support-STunnelblick-SUsers-Shoumie-Sde--fsn--x--m2-Dtblk-SContents-SResources'
2020-08-16 12:38:00.159216 Tunnelblick[3122] The OpenVPN log contains the following message: 
                                       
                                       "Unrecognized option or missing or extra parameter(s)".
                                       
                                       This error means that an option that is contained in the OpenVPN configuration file or was "pushed" by the OpenVPN server:
                                       
                                            • has been misspelled,
                                       
                                            • has missing or extra arguments, or
                                       
                                            • is not implemented by the version of OpenVPN which is being used for this configuration. It may be a new option that is not implemented in an old version of OpenVPN, or an old option that has been removed in a new version of OpenVPN. You can choose what version of OpenVPN to use with this configuration in the "Settings" tab of the "Configurations" panel of Tunnelblick's "VPN Details" window.
                                       
                                       See the VPN log in the "Log" tab of the "Configurations" panel of Tunnelblick's "VPN Details" window for details.

Based on these log files, Is there any hope to get OpenVPN working on my Mac/iOS?
Many thanks,
Top
TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN connected but no traffic goes thorough

Post by TinCanTech » Sun Aug 16, 2020 12:43 pm

There is nothing bad in your logs.

Do other devices work via the same server ?
Top
houmie75
OpenVPN Power User
Posts: 72
Joined: Wed Jul 22, 2020 7:46 pm

Re: OpenVPN connected but no traffic goes thorough

Post by houmie75 » Sun Aug 16, 2020 7:00 pm

I have good news. Not so much good but consistent. I have installed WIndows 10 Pro on VirtualBox. Then I installed openVPN client and connected to the same VPN server. And it behaves the same way. I can't browse, as it times out.

But maybe that's not a good test, since virtual machines are restricted to the host. If the Mac as host has problems with it, VM won't be good either. :(

Code: Select all

2020-08-16 19:56:38 OpenVPN 2.5_beta1 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Aug 14 2020
2020-08-16 19:56:38 Windows version 10.0 (Windows 10 or greater) 64bit
2020-08-16 19:56:38 library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10
Enter Management Password:
2020-08-16 19:56:38 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
2020-08-16 19:56:38 Need hold release from management interface, waiting...
2020-08-16 19:56:39 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
2020-08-16 19:56:39 MANAGEMENT: CMD 'state on'
2020-08-16 19:56:39 MANAGEMENT: CMD 'log all on'
2020-08-16 19:56:39 MANAGEMENT: CMD 'echo all on'
2020-08-16 19:56:39 MANAGEMENT: CMD 'bytecount 5'
2020-08-16 19:56:39 MANAGEMENT: CMD 'hold off'
2020-08-16 19:56:39 MANAGEMENT: CMD 'hold release'
2020-08-16 19:56:39 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2020-08-16 19:56:39 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2020-08-16 19:56:39 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2020-08-16 19:56:39 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2020-08-16 19:56:39 TCP/UDP: Preserving recently used remote address: [AF_INET]78.46.xx.xxx:1789
2020-08-16 19:56:39 Socket Buffers: R=[65536->65536] S=[65536->65536]
2020-08-16 19:56:39 UDP link local: (not bound)
2020-08-16 19:56:39 UDP link remote: [AF_INET]78.46.xx.xxx:1789
2020-08-16 19:56:39 MANAGEMENT: >STATE:1597604199,WAIT,,,,,,
2020-08-16 19:56:39 MANAGEMENT: >STATE:1597604199,AUTH,,,,,,
2020-08-16 19:56:39 TLS: Initial packet from [AF_INET]78.46.xx.xxx:1789, sid=19037af6 9ca01994
2020-08-16 19:56:39 VERIFY OK: depth=1, CN=cn_Lq3Va8mQlXIRpI64
2020-08-16 19:56:39 VERIFY KU OK
2020-08-16 19:56:39 Validating certificate extended key usage
2020-08-16 19:56:39 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2020-08-16 19:56:39 VERIFY EKU OK
2020-08-16 19:56:39 VERIFY X509NAME OK: CN=server_bsYaxxVlmDocafex
2020-08-16 19:56:39 VERIFY OK: depth=0, CN=server_bsYaxxVlmDocafex
2020-08-16 19:56:39 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit EC, curve: prime256v1
2020-08-16 19:56:39 [server_bsYaxxVlmDocafex] Peer Connection Initiated with [AF_INET]78.46.xx.xxx:1789
2020-08-16 19:56:40 MANAGEMENT: >STATE:1597604200,GET_CONFIG,,,,,,
2020-08-16 19:56:40 SENT CONTROL [server_bsYaxxVlmDocafex]: 'PUSH_REQUEST' (status=1)
2020-08-16 19:56:40 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 1.0.0.1,dhcp-option DNS 1.1.1.1,redirect-gateway def1 bypass-dhcp,tun-ipv6,route-ipv6 2000::/3,redirect-gateway ipv6,tun-ipv6,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 fd42:42:42:42::1000/112 fd42:42:42:42::1,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-128-GCM'
2020-08-16 19:56:40 WARNING: You have specified redirect-gateway and redirect-private at the same time (or the same option multiple times). This is not well supported and may lead to unexpected results
2020-08-16 19:56:40 OPTIONS IMPORT: timers and/or timeouts modified
2020-08-16 19:56:40 OPTIONS IMPORT: --ifconfig/up options modified
2020-08-16 19:56:40 OPTIONS IMPORT: route options modified
2020-08-16 19:56:40 OPTIONS IMPORT: route-related options modified
2020-08-16 19:56:40 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2020-08-16 19:56:40 OPTIONS IMPORT: peer-id set
2020-08-16 19:56:40 OPTIONS IMPORT: adjusting link_mtu to 1624
2020-08-16 19:56:40 OPTIONS IMPORT: data channel crypto options modified
2020-08-16 19:56:40 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
2020-08-16 19:56:40 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
2020-08-16 19:56:40 interactive service msg_channel=616
2020-08-16 19:56:40 ROUTE_GATEWAY 10.0.2.2/255.255.255.0 I=16 HWADDR=08:00:27:c8:46:ab
2020-08-16 19:56:40 GDG6: remote_host_ipv6=n/a
2020-08-16 19:56:40 NOTE: GetBestInterfaceEx returned error: Element not found.   (code=1168)
2020-08-16 19:56:40 ROUTE6: default_gateway=UNDEF
2020-08-16 19:56:40 open_tun
2020-08-16 19:56:40 tap-windows6 device [OpenVPN TAP-Windows6] opened
2020-08-16 19:56:40 TAP-Windows Driver Version 9.24 
2020-08-16 19:56:40 Set TAP-Windows TUN subnet mode network/local/netmask = 10.8.0.0/10.8.0.2/255.255.255.0 [SUCCEEDED]
2020-08-16 19:56:40 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.2/255.255.255.0 on interface {6217A70A-8529-4A79-82DE-14D5F0F174B1} [DHCP-serv: 10.8.0.254, lease-time: 31536000]
2020-08-16 19:56:40 Successful ARP Flush on interface [8] {6217A70A-8529-4A79-82DE-14D5F0F174B1}
2020-08-16 19:56:40 MANAGEMENT: >STATE:1597604200,ASSIGN_IP,,10.8.0.2,,,,,fd42:42:42:42::1000
2020-08-16 19:56:40 IPv4 MTU set to 1500 on interface 8 using service
2020-08-16 19:56:40 add_route_ipv6(fd42:42:42:42::/112 -> fd42:42:42:42::1000 metric 0) dev OpenVPN TAP-Windows6
2020-08-16 19:56:40 IPv6 route addition via service succeeded
2020-08-16 19:56:40 IPv6 MTU set to 1500 on interface 8 using service
2020-08-16 19:56:40 Blocking outside dns using service succeeded.
2020-08-16 19:56:45 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
2020-08-16 19:56:45 C:\Windows\system32\route.exe ADD 78.46.xx.xxx MASK 255.255.255.255 10.0.2.2
2020-08-16 19:56:45 Route addition via service succeeded
2020-08-16 19:56:45 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.1
2020-08-16 19:56:45 Route addition via service succeeded
2020-08-16 19:56:45 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.1
2020-08-16 19:56:45 Route addition via service succeeded
2020-08-16 19:56:45 add_route_ipv6(2000::/3 -> fd42:42:42:42::1 metric -1) dev OpenVPN TAP-Windows6
2020-08-16 19:56:45 IPv6 route addition via service succeeded
2020-08-16 19:56:45 add_route_ipv6(::/3 -> fd42:42:42:42::1 metric -1) dev OpenVPN TAP-Windows6
2020-08-16 19:56:45 IPv6 route addition via service succeeded
2020-08-16 19:56:45 add_route_ipv6(2000::/4 -> fd42:42:42:42::1 metric -1) dev OpenVPN TAP-Windows6
2020-08-16 19:56:45 IPv6 route addition via service succeeded
2020-08-16 19:56:45 add_route_ipv6(3000::/4 -> fd42:42:42:42::1 metric -1) dev OpenVPN TAP-Windows6
2020-08-16 19:56:45 IPv6 route addition via service succeeded
2020-08-16 19:56:45 add_route_ipv6(fc00::/7 -> fd42:42:42:42::1 metric -1) dev OpenVPN TAP-Windows6
2020-08-16 19:56:45 IPv6 route addition via service succeeded
2020-08-16 19:56:45 Initialization Sequence Completed
2020-08-16 19:56:45 MANAGEMENT: >STATE:1597604205,CONNECTED,SUCCESS,10.8.0.2,78.46.xx.xxx,1789,,,fd42:42:42:42::1000
Top
TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN connected but no traffic goes thorough

Post by TinCanTech » Sun Aug 16, 2020 7:40 pm

VMs are totally out-of-scope .. unless you know hoe to setup a VM correctly.
Top
houmie75
OpenVPN Power User
Posts: 72
Joined: Wed Jul 22, 2020 7:46 pm

Re: OpenVPN connected but no traffic goes thorough

Post by houmie75 » Mon Aug 17, 2020 7:21 am

Yeah I thought so. No worries, back to Mac.

I noticed Tunnelblick is throwing this into the logs after 30 seconds, hence it wasn't included in my previous post.

Code: Select all

>STATE:1597648092,CONNECTED,SUCCESS,10.8.0.2,78.46.xx.xxx,1789,,,fd42:42:42:42::1000
2020-08-17 08:08:14.024657 *Tunnelblick: DNS address 1.0.0.1 is being routed through the VPN
2020-08-17 08:08:14.129163 *Tunnelblick: DNS address 1.1.1.1 is being routed through the VPN
2020-08-17 08:08:56.294939 *Tunnelblick: After 30.0 seconds, gave up trying to fetch IP address information using the ipInfo host's name after connecting.
2020-08-17 08:09:34.731850 *Tunnelblick: An error occurred fetching IP address information using the ipInfo host's IP address after connecting
I asked a friend with a mac to use my ovpn config files. He connected to the server and experienced the exact same problem. I'm using Angrestan's script to install the OpenVPN server automatically. below is the server and client setting:

server
port 1789
proto udp6
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 1.0.0.1"
push "dhcp-option DNS 1.1.1.1"
push "redirect-gateway def1 bypass-dhcp"
server-ipv6 fd42:42:42:42::/112
tun-ipv6
push tun-ipv6
push "route-ipv6 2000::/3"
push "redirect-gateway ipv6"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key 0
crl-verify crl.pem
ca ca.crt
cert server_bsYaxxVlmDocafex.crt
key server_bsYaxxVlmDocafex.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3
log /var/log/openvpn/openvpn.log
log-append /var/log/openvpn/openvpn.log


client
auth-user-pass pass.txt
client
proto udp
explicit-exit-notify
remote 78.46.xx.xxx 1789
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_bsYaxxVlmDocafex name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3


Any idea why the error is thrown?
Top
300000
OpenVPN Expert
Posts: 685
Joined: Tue May 01, 2012 9:30 pm

Re: OpenVPN connected but no traffic goes thorough

Post by 300000 » Mon Aug 17, 2020 10:40 am

Can you type this on terminal and post here to see how NAT go

Sudo su iptables -t nat -L

At the moment NAT not working so everything stopped at server address .


Add this command to see if it work or not

iptables -t nat -I POSTROUTING -o br0 -j MASQUERADE

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Top
TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN connected but no traffic goes thorough

Post by TinCanTech » Mon Aug 17, 2020 11:32 am

300000 wrote:
Mon Aug 17, 2020 10:40 am
 At the moment NAT not working
NAT is fine.

eg:
TinCanTech wrote:
Mon Aug 03, 2020 3:50 pm
houmie75 wrote:
Mon Aug 03, 2020 3:18 pm
 Allow me to share the new config
Config looks good.
houmie75 wrote:
Mon Aug 03, 2020 3:18 pm
 I just borrowed a Windows Laptop and tried the client.ovpn there and it works fine. No issues with DNS.
Good.
houmie75 wrote:
Mon Aug 03, 2020 3:18 pm
 But it doesn't seem to work on iPhone and Mac.
Do you mean DNS doesn't work or the VPN ? -- Need to see client logs..
The problem is DNS on the MAC .. we haven't even looked at the iPhone.

I don't know much about MAC but I see this in your Tunnelblick log:
12:38:05 *Tunnelblick: Flushed the DNS cache via dscacheutil
12:38:05 *Tunnelblick: /usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
12:38:05 *Tunnelblick: Notified mDNSResponder that the DNS cache was flushed
12:38:05 *Tunnelblick: Not notifying mDNSResponderHelper that the DNS cache was flushed because it is not running
would find out if that is important. It does not look important because the TunnelBlick developer is very thorough and so I would expect to see WARNING or ERROR if it was important .. but best to find out.
Top
houmie75
OpenVPN Power User
Posts: 72
Joined: Wed Jul 22, 2020 7:46 pm

Re: OpenVPN connected but no traffic goes thorough

Post by houmie75 » Mon Aug 17, 2020 7:12 pm

Hey guys,

I really appreciate your help on this. I have made further progress.
It was actually a great idea checking the firewall setting again. I can't quite explain why, but a reboot helped. I wished I could say more.

Nonetheless here are the firewall output you had requested after reboot:

Code: Select all

# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  10.8.0.0/24          anywhere
# iptables-save

Code: Select all

# Generated by iptables-save v1.8.4 on Mon Aug 17 19:08:52 2020
*filter
:INPUT DROP [10792:777927]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [578876:523180309]
-A INPUT -i enp2s0 -p udp -m udp --dport 1789 -j ACCEPT
-A INPUT -i tun0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2022 -j ACCEPT
-A FORWARD -i tun0 -o enp2s0 -j ACCEPT
-A FORWARD -i enp2s0 -o tun0 -j ACCEPT
COMMIT
# Completed on Mon Aug 17 19:08:52 2020
# Generated by iptables-save v1.8.4 on Mon Aug 17 19:08:52 2020
*nat
:PREROUTING ACCEPT [19208:1375477]
:INPUT ACCEPT [1115:68503]
:OUTPUT ACCEPT [1114:70441]
:POSTROUTING ACCEPT [1114:70441]
-A POSTROUTING -s 10.8.0.0/24 -o enp2s0 -j MASQUERADE
COMMIT
# Completed on Mon Aug 17 19:08:52 2020
# Generated by iptables-save v1.8.4 on Mon Aug 17 19:08:52 2020
*mangle
:PREROUTING ACCEPT [1544577:1558658116]
:INPUT ACCEPT [583282:553482922]
:FORWARD ACCEPT [961175:1005152669]
:OUTPUT ACCEPT [579653:523276795]
:POSTROUTING ACCEPT [1540828:1528429464]
COMMIT
I managed for the first time getting a connection and be able to surf the internet while openvpn is active. However after some time the connection crashes and I'm back to the initial problem. However I have logs to show for.

For about 5 minutes I was very happy but then a TLS Error happened out of the blue. What made the connection go unstable?

Code: Select all

2020-08-17 19:52:49.143021 MANAGEMENT: >STATE:1597690369,CONNECTED,SUCCESS,10.8.0.2,78.46.xx.xxx,1789,,,fd42:42:42:42::1000
2020-08-17 19:52:50.358841 *Tunnelblick: DNS address 1.0.0.1 is being routed through the VPN
2020-08-17 19:52:50.465120 *Tunnelblick: DNS address 1.1.1.1 is being routed through the VPN
2020-08-17 19:52:56.167726 *Tunnelblick: This computer's apparent public IP address changed from 89.32.123.107 before connection to 78.46.xx.xxx after connection
2020-08-17 19:57:20.008640 [server_bsYaxxVlmDocafex] Inactivity timeout (--ping-restart), restarting
2020-08-17 19:57:20.009021 SIGUSR1[soft,ping-restart] received, process restarting
2020-08-17 19:57:20.009093 MANAGEMENT: >STATE:1597690640,RECONNECTING,ping-restart,,,,,
2020-08-17 19:57:20.318346 MANAGEMENT: CMD 'hold release'
2020-08-17 19:57:20.319249 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2020-08-17 19:57:20.319396 TCP/UDP: Preserving recently used remote address: [AF_INET]78.46.xx.xxx:1789
2020-08-17 19:57:20.319446 Socket Buffers: R=[786896->786896] S=[9216->9216]
2020-08-17 19:57:20.319459 UDP link local: (not bound)
2020-08-17 19:57:20.319470 UDP link remote: [AF_INET]78.46.xx.xxx:1789
2020-08-17 19:57:20.319489 MANAGEMENT: >STATE:1597690640,WAIT,,,,,,
2020-08-17 19:57:20.319849 MANAGEMENT: CMD 'hold release'
2020-08-17 19:57:20.352257 MANAGEMENT: >STATE:1597690640,AUTH,,,,,,
2020-08-17 19:57:20.352320 TLS: Initial packet from [AF_INET]78.46.xx.xxx:1789, sid=e2531cb9 780c1c44
2020-08-17 19:57:20.412227 VERIFY OK: depth=1, CN=cn_Lq3Va8mQlXIRpI64
2020-08-17 19:57:20.413468 VERIFY KU OK
2020-08-17 19:57:20.413485 Validating certificate extended key usage
2020-08-17 19:57:20.413494 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2020-08-17 19:57:20.413501 VERIFY EKU OK
2020-08-17 19:57:20.413507 VERIFY X509NAME OK: CN=server_bsYaxxVlmDocafex
2020-08-17 19:57:20.413514 VERIFY OK: depth=0, CN=server_bsYaxxVlmDocafex
2020-08-17 19:57:20.893393 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit EC, curve: prime256v1
2020-08-17 19:57:20.893499 [server_bsYaxxVlmDocafex] Peer Connection Initiated with [AF_INET]78.46.xx.xxx:1789
2020-08-17 19:57:21.043218 MANAGEMENT: >STATE:1597690641,GET_CONFIG,,,,,,
2020-08-17 19:57:21.043319 SENT CONTROL [server_bsYaxxVlmDocafex]: 'PUSH_REQUEST' (status=1)
2020-08-17 19:57:21.069461 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 1.0.0.1,dhcp-option DNS 1.1.1.1,redirect-gateway def1 bypass-dhcp,tun-ipv6,route-ipv6 2000::/3,redirect-gateway ipv6,tun-ipv6,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 fd42:42:42:42::1000/112 fd42:42:42:42::1,ifconfig 10.8.0.2 255.255.255.0,peer-id 1,cipher AES-128-GCM'
2020-08-17 19:57:21.069620 OPTIONS IMPORT: timers and/or timeouts modified
2020-08-17 19:57:21.069647 OPTIONS IMPORT: --ifconfig/up options modified
2020-08-17 19:57:21.069691 OPTIONS IMPORT: route options modified
2020-08-17 19:57:21.069715 OPTIONS IMPORT: route-related options modified
2020-08-17 19:57:21.069725 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2020-08-17 19:57:21.069734 OPTIONS IMPORT: peer-id set
2020-08-17 19:57:21.069743 OPTIONS IMPORT: adjusting link_mtu to 1624
2020-08-17 19:57:21.069751 OPTIONS IMPORT: data channel crypto options modified
2020-08-17 19:57:21.069882 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
2020-08-17 19:57:21.069896 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
2020-08-17 19:57:21.069908 Preserving previous TUN/TAP instance: utun8
2020-08-17 19:57:21.069946 Initialization Sequence Completed
2020-08-17 19:57:21.069972 MANAGEMENT: >STATE:1597690641,CONNECTED,SUCCESS,10.8.0.2,78.46.xx.xxx,1789,,,fd42:42:42:42::1000
2020-08-17 19:57:22.298223 *Tunnelblick: DNS address 1.0.0.1 is being routed through the VPN
2020-08-17 19:57:22.406502 *Tunnelblick: DNS address 1.1.1.1 is being routed through the VPN
2020-08-17 19:57:27.887963 *Tunnelblick: This computer's apparent public IP address changed from 89.32.123.107 before connection to 78.46.xx.xxx after connection
2020-08-17 19:58:36.035352 TLS Error: Unroutable control packet received from [AF_INET]78.46.xx.xxx:1789 (si=3 op=P_CONTROL_V1)
2020-08-17 19:58:40.190629 TLS Error: Unroutable control packet received from [AF_INET]78.46.xx.xxx:1789 (si=3 op=P_CONTROL_V1)
2020-08-17 19:58:48.073801 TLS Error: Unroutable control packet received from [AF_INET]78.46.xx.xxx:1789 (si=3 op=P_CONTROL_V1)
2020-08-17 19:59:04.058475 TLS Error: Unroutable control packet received from [AF_INET]78.46.xx.xxx:1789 (si=3 op=P_CONTROL_V1)
2020-08-17 19:59:59.107337 TLS: new session incoming connection from [AF_INET]78.46.xx.xxx:1789
2020-08-17 19:59:59.107386 MANAGEMENT: >STATE:1597690799,WAIT,,,,,,
2020-08-17 19:59:59.132901 TLS: new session incoming connection from [AF_INET]78.46.xx.xxx:1789
2020-08-17 20:00:01.128860 VERIFY OK: depth=1, CN=cn_Lq3Va8mQlXIRpI64
2020-08-17 20:00:01.130639 VERIFY KU OK
2020-08-17 20:00:01.130683 Validating certificate extended key usage
2020-08-17 20:00:01.130702 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2020-08-17 20:00:01.130752 VERIFY EKU OK
2020-08-17 20:00:01.130762 VERIFY X509NAME OK: CN=server_bsYaxxVlmDocafex
2020-08-17 20:00:01.130772 VERIFY OK: depth=0, CN=server_bsYaxxVlmDocafex
2020-08-17 20:00:01.429466 TLS: move_session: dest=TM_ACTIVE src=TM_UNTRUSTED reinit_src=1
2020-08-17 20:00:01.429669 TLS: tls_multi_process: untrusted session promoted to semi-trusted
2020-08-17 20:00:01.429741 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit EC, curve: prime256v1
Top
TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN connected but no traffic goes thorough

Post by TinCanTech » Mon Aug 17, 2020 7:51 pm

You need the server log :roll:
Top
houmie75
OpenVPN Power User
Posts: 72
Joined: Wed Jul 22, 2020 7:46 pm

Re: OpenVPN connected but no traffic goes thorough

Post by houmie75 » Mon Aug 17, 2020 8:26 pm

:-) Fair enough.

First thing first, the date time on server is:

#date
Mon 17 Aug 2020 08:21:50 PM UTC

But in server log I have so many of these:

Code: Select all

Mon Aug 17 19:43:44 2020 89.32.xxx.xxx:15443 TLS Error: local/remote TLS keys are out of sync: [AF_INET6]::ffff:89.32.xxx.xxx:15443 [0]
The date is entirely off. I don't understand.

I even have installed ntp.
Top
TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN connected but no traffic goes thorough

Post by TinCanTech » Mon Aug 17, 2020 8:52 pm

What is your server OS and version ?

Code: Select all

cat /proc/version
As for the out-of-sync keys, the best option is usually to add to both your server and client:

Code: Select all

explicit-exit-notify 3
which the server can also --push.

The error is generally caused by one side restarting without notifying the other. ;)
Top
houmie75
OpenVPN Power User
Posts: 72
Joined: Wed Jul 22, 2020 7:46 pm

Re: OpenVPN connected but no traffic goes thorough

Post by houmie75 » Wed Aug 19, 2020 1:27 pm

Amazing. This has finally fixed it.

Code: Select all

explicit-exit-notify 3
duplicate-cn
I also added the duplicate-cn to allow multiple clients with the same certs and config to connect to the server.

Everything seems to work. I can hardly believe it, how long it took me to get it working. Thank you for your help.

Regarding your question:
I have Ubuntu 20.04 installed.

Code: Select all

Linux version 5.4.0-42-generic (buildd@lgw01-amd64-038) (gcc version 9.3.0 (Ubuntu 9.3.0-10ubuntu2)) #46-Ubuntu SMP Fri Jul 10 00:24:02 UTC 2020
Top
Post Reply

Return to “Configuration”