Dear fellows,
I'm sorry for my previous post, which was not in accordance with the forum rules, please accept my apologies.
Regarding my problem:
You can find my configuration and diagnostic info on the following address: http://txt.do/ojcn
The issue is very strange I'll explain shortly is a few steps:
1. I'm initiating the OpenVPN connection. Result: the initial connection is established, all of my traffic is routed via the VPN tunnel.
2. I disconnect my Macbook form the server. Result: All networks settings restored to Pre-VPN configuration. All working satisfactory.
3. I reconnect my Macbook to the server. Result: The connection is established successfully, but no network access. Can't open any page.
4. I disconnect my Macbook from the server. Result:everything is OK.
5. I wait about 10-15 minutes and reconnect to my OpenVPN server. Result: everything is OK, all traffic is routed via the VPN tunnel.
And so on...
I have two Windows machines, using the same configuration (different certificates of course) and I have never experienced any problem.
The question is: Why in step 3. I don't have any network access?
Thanks for spending time with my issue, I'm looking forward to hearing from you guys!
Regards,
Nick
Mac OS X OpenVPN Issue
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
nikolay.zhelev
- OpenVpn Newbie
- Posts: 12
- Joined: Thu Apr 25, 2013 9:49 am
Re: Mac OS X OpenVPN Issue
Hi fellows,
After extensive troubleshooting (I spent around 6 hours) I think I identified the problem.
I beleive OpenVPN for Mac OS X can't use "redirect-gateway def1" and "route-gateway xx.xx.xx.xx." at the same time. It omits one or the other.
A more detailed explanation regarding my case:
My OpenVPN configuration is bridged using tap interface. My clients are receiving their IP addresses, DNS servers and Gateway via my DHCP server located on my OpenVPN server platform. Since that's my case, when I try to use any OpenVPN client for Mac OS X (I tried the official OpenVPN Connect Client, Viscosity and Tunnelblick) it requires both "redirect-gateway def1" and "route-gateway xx.xx.xx.xx" in order to receive full network configuration from my DHCP server. There were some suggestions to try to use "route-delay 10" or more, but that didn't helped. The problem is still present.
I tried to perform the same thing on Windows - my configuration works great. Not a single issue. Apparantley the OpenVPN version for windows can execute both "redirect-gateway def1" and "route-gateway xx.xx.xx.xx." at the same time.
Please, can you advise me, how can I overcome the problem in Mac OS X?
I'm looking forward to hearing from you!
---
Regards,
Nick
After extensive troubleshooting (I spent around 6 hours) I think I identified the problem.
I beleive OpenVPN for Mac OS X can't use "redirect-gateway def1" and "route-gateway xx.xx.xx.xx." at the same time. It omits one or the other.
A more detailed explanation regarding my case:
My OpenVPN configuration is bridged using tap interface. My clients are receiving their IP addresses, DNS servers and Gateway via my DHCP server located on my OpenVPN server platform. Since that's my case, when I try to use any OpenVPN client for Mac OS X (I tried the official OpenVPN Connect Client, Viscosity and Tunnelblick) it requires both "redirect-gateway def1" and "route-gateway xx.xx.xx.xx" in order to receive full network configuration from my DHCP server. There were some suggestions to try to use "route-delay 10" or more, but that didn't helped. The problem is still present.
I tried to perform the same thing on Windows - my configuration works great. Not a single issue. Apparantley the OpenVPN version for windows can execute both "redirect-gateway def1" and "route-gateway xx.xx.xx.xx." at the same time.
Please, can you advise me, how can I overcome the problem in Mac OS X?
I'm looking forward to hearing from you!
---
Regards,
Nick
-
nikolay.zhelev
- OpenVpn Newbie
- Posts: 12
- Joined: Thu Apr 25, 2013 9:49 am
Re: Mac OS X OpenVPN Issue
Hi fellows,
A quick update to my case:
I tried to use manual routing instead of redirect-gateway, but no success. The issue was still present. After some diving in my routing tables I noticed that OpenVPN can't prioritise my OpenVPN default gateway over my LAN gateway. And I think that's my issue since I'm trying to route all of my traffic over the VPN tunnel.
Anyway this problem is still present with Tunelblick, but I managed to establish a good connection and route all of my traffic with the Viscosity client by intorducing route-delay 10 command. That gives me 10 seconds delay in order my tap adapter to receive IP address from my DHCP server on the OpenVPN platform.
I will appreciate some feedback from OpenVPN development team regarding the redirect-gateway command in Mac OS environment. Is it working the same way as under Windows or there is a real issue?
Thank you!
Regards,
Nick
A quick update to my case:
I tried to use manual routing instead of redirect-gateway, but no success. The issue was still present. After some diving in my routing tables I noticed that OpenVPN can't prioritise my OpenVPN default gateway over my LAN gateway. And I think that's my issue since I'm trying to route all of my traffic over the VPN tunnel.
Anyway this problem is still present with Tunelblick, but I managed to establish a good connection and route all of my traffic with the Viscosity client by intorducing route-delay 10 command. That gives me 10 seconds delay in order my tap adapter to receive IP address from my DHCP server on the OpenVPN platform.
I will appreciate some feedback from OpenVPN development team regarding the redirect-gateway command in Mac OS environment. Is it working the same way as under Windows or there is a real issue?
Thank you!
Regards,
Nick
-
nikolay.zhelev
- OpenVpn Newbie
- Posts: 12
- Joined: Thu Apr 25, 2013 9:49 am
Re: Mac OS X OpenVPN Issue
Dear fellows,
Problem Resolved!
Please be aware, that this solution is valid only for Mac users, trying to connect to OpenVPN server, which is bridged with a DHCP server using tap interface and UDP protocol. Also the final goal is to route all traffic via the VPN tunnel.
Tunnelblick now works. Finally I managed to solve my problem. Just for reference, today I installed security update 2014-005 for OS X Mavericks and disabled ipv6 protocol by typing the following command in Bash:
networksetup -setv6off wi-fi
I’m not sure whether this had any effect on my configuration or not, but it’s good to know what I’ve done.
In Tunnelblick my configuration works only with: Set nameserver (3.0b10)
The problem was that when I was using both redirect-gateway and route-gateway in my client configuration file, my tap adapter was not receiving any IP address from the DHCP server. Because of that OpenVPN was just skipping the fact that my tap adapter doesn’t have any IP address and proceeding to routing table modification, but since there was nothing to route, the client was proceeding to the next command –route-gateway.
Since my tap adapter didn’t have an IP address, the --route-gateway command was assigning the pre-defined gateway IP address to my Wi-Fi adapter.
Result: Complete mess.
When I introduced the –route-delay 10 command, I set a 10 seconds holding time, before the execution of –redirect-gateway and route-gateway commands. This holding time allowed my tap adapter to receive a proper network configuration from my DHCP server and from that point all other commands make sense.
Please if you see something, which is not right in the text above, feel free to correct me.
Good luck to all of you, trying to resolve similar cases!
Regards,
Nick
Problem Resolved!
Please be aware, that this solution is valid only for Mac users, trying to connect to OpenVPN server, which is bridged with a DHCP server using tap interface and UDP protocol. Also the final goal is to route all traffic via the VPN tunnel.
Tunnelblick now works. Finally I managed to solve my problem. Just for reference, today I installed security update 2014-005 for OS X Mavericks and disabled ipv6 protocol by typing the following command in Bash:
networksetup -setv6off wi-fi
I’m not sure whether this had any effect on my configuration or not, but it’s good to know what I’ve done.
In Tunnelblick my configuration works only with: Set nameserver (3.0b10)
The problem was that when I was using both redirect-gateway and route-gateway in my client configuration file, my tap adapter was not receiving any IP address from the DHCP server. Because of that OpenVPN was just skipping the fact that my tap adapter doesn’t have any IP address and proceeding to routing table modification, but since there was nothing to route, the client was proceeding to the next command –route-gateway.
Since my tap adapter didn’t have an IP address, the --route-gateway command was assigning the pre-defined gateway IP address to my Wi-Fi adapter.
Result: Complete mess.
When I introduced the –route-delay 10 command, I set a 10 seconds holding time, before the execution of –redirect-gateway and route-gateway commands. This holding time allowed my tap adapter to receive a proper network configuration from my DHCP server and from that point all other commands make sense.
Please if you see something, which is not right in the text above, feel free to correct me.
Good luck to all of you, trying to resolve similar cases!
Regards,
Nick