Help with OpenVPN and Tunnelblick

This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Post Reply
AbeB
OpenVpn Newbie
Posts: 1
Joined: Fri Apr 04, 2014 5:55 pm

Help with OpenVPN and Tunnelblick

Post by AbeB » Fri Apr 04, 2014 6:01 pm

Hi, I'm not quite sure what exactly is happening here. I used to get TLS Handshake Failed, but i set DNS/WINS to "Do not set nameserver" and that fixed it, but it shot me a new error.

Client Log:

Code: Select all

2014-04-04 13:52:44 *Tunnelblick: OS X 10.9.0; Tunnelblick 3.4beta20 (build 3727)
2014-04-04 13:52:44 *Tunnelblick: Attempting connection with vpn; Set nameserver = 0; not monitoring connection
2014-04-04 13:52:44 *Tunnelblick: openvpnstart start vpn.tblk 1337 0 0 3 1 370 -ptADGNWradsgnw 2.2.1
2014-04-04 13:52:45 *Tunnelblick: openvpnstart log:
     Loading tap-signed.kext
     
     OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
     
          /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.2.1/openvpn
          --cd
          /Library/Application Support/Tunnelblick/Shared/vpn.tblk/Contents/Resources
          --daemon
          --management
          127.0.0.1
          1337
          --config
          /Library/Application Support/Tunnelblick/Shared/vpn.tblk/Contents/Resources/config.ovpn
          --log
          /Library/Application Support/Tunnelblick/Logs/-SLibrary-SApplication Support-STunnelblick-SShared-Svpn.tblk-SContents-SResources-Sconfig.ovpn.0_0_3_1_370.1337.openvpn.log
          --management-query-passwords
          --management-hold
          --script-security
          2

2014-04-04 13:52:44 *Tunnelblick: openvpnstart starting OpenVPN
2014-04-04 13:52:45 *Tunnelblick: Established communication with OpenVPN
2014-04-04 13:52:45 OpenVPN 2.2.1 i386-apple-darwin10.8.0 [SSL] [LZO2] [PKCS11] [eurephia] built on Jan  6 2014
2014-04-04 13:52:45 MANAGEMENT: TCP Socket listening on 127.0.0.1:1337
2014-04-04 13:52:45 Need hold release from management interface, waiting...
2014-04-04 13:52:45 MANAGEMENT: Client connected from 127.0.0.1:1337
2014-04-04 13:52:45 MANAGEMENT: CMD 'pid'
2014-04-04 13:52:45 MANAGEMENT: CMD 'state on'
2014-04-04 13:52:45 MANAGEMENT: CMD 'state'
2014-04-04 13:52:45 MANAGEMENT: CMD 'bytecount 1'
2014-04-04 13:52:45 MANAGEMENT: CMD 'hold release'
2014-04-04 13:52:45 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2014-04-04 13:52:45 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2014-04-04 13:52:45 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
2014-04-04 13:52:45 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2014-04-04 13:52:45 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2014-04-04 13:52:45 LZO compression initialized
2014-04-04 13:52:45 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ]
2014-04-04 13:52:45 Socket Buffers: R=[196724->65536] S=[9216->65536]
2014-04-04 13:52:45 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
2014-04-04 13:52:45 Local Options hash (VER=V4): '13a273ba'
2014-04-04 13:52:45 Expected Remote Options hash (VER=V4): '360696c5'
2014-04-04 13:52:45 UDPv4 link local: [undef]
2014-04-04 13:52:45 UDPv4 link remote: 162.243.87.109:80
2014-04-04 13:52:45 MANAGEMENT: >STATE:1396633965,WAIT,,,
It just stays like that forever.

server.conf:

Code: Select all

mode server
tls-server

local 162.243.87.109 ## ip/hostname of server
port 80 ## default openvpn port
proto udp

#bridging directive
dev tap0 ## If you need multiple tap devices, add them here
up "/etc/openvpn/up.sh br0 tap0 1500"
down "/etc/openvpn/down.sh br0 tap0"

persist-key
persist-tun

#certificates and encryption
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh1024.pem
tls-auth ta.key 0 # This file is secret

cipher BF-CBC        # Blowfish (default)
comp-lzo

#DHCP Information
ifconfig-pool-persist ipp.txt
server-bridge 162.243.87.109 255.255.255.0 192.168.1.100 192.168.1.110
push “dhcp-option DNS 8.8.4.4”
push “dhcp-option DOMAIN 162.243.87.109”
max-clients 20 ## set this to the max number of clients that should be connected at a time

#log and security
user nobody
group nogroup
keepalive 10 120
status openvpn-status.log
verb 3
client.conf

Code: Select all

### Client configuration file for OpenVPN

# Specify that this is a client
client

# Bridge device setting
dev tap

# Host name and port for the server (default port is 1194)
# note: replace with the correct values your server set up
remote 162.243.87.109 80

# Client does not need to bind to a specific local port
nobind

# Keep trying to resolve the host name of OpenVPN server.
## The windows GUI seems to dislike the following rule. 
##You may need to comment it out.
resolv-retry infinite

# Preserve state across restarts
persist-key
persist-tun

# SSL/TLS parameters - files created previously
ca ca.crt
cert client.crt
key client.key

# Since we specified the tls-auth for server, we need it for the client
# note: 0 = server, 1 = client
tls-auth ta.key 1

# Specify same cipher as server
cipher BF-CBC

# Use compression
comp-lzo

# Log verbosity (to help if there are problems)
verb 3
Please let me know if you need any more info. Also, I'm hosting on a digitalocean droplet. The reason I'm on port 80 is because 1194 is blocked and 80 is one of the few ports open at my work. Please help.
Top
Post Reply

Return to “Installation Help”