mache DD-WRT User
Joined: 11 Apr 2010 Posts: 319 Location: San Francisco Bay Area
|
Posted: Mon Oct 15, 2018 0:35 Post subject: Getting OpenVPN, Tunnelblick, OpenVPN for Android to Work |
|
I have a Netgear R7000 router running DD-WRT v3.0-r36527 std 08 / 09 / 18 and want to connect remotely to its OpenVPN server with my MacBook Pro running Tunnelblick. I want the remote MacBook Pro to be a first class citizen on the DD-WRT local LAN and be able to make full use of its DNS to resolve public and private domain names accessing LAN servers and printers. I have not been having good luck so far and to date am only able to only access local LAN IPv4 addresses, like the router web configuration page, once the VPN tunnel is established. I cannot resolve any public or private (LAN) domains nor access any public website. I have been talking to the Tunnelblick forum and they have not been able to help. Perhaps someone here can help. Details and logs are listed below.
Thanks for any help.
============================
The local LAN on my Netgear R7000 DD-WRT router is 192.168.133.0, 255.255.2550. The DNS is at 192.168.133.1. The OpenVPN server on DD-WRT is configured as: Start Type: WAN Up, Config: Server, Server Mode: Router (Tun), Network: 10.0.2.0, Netmask 255.255.255.0, Port 80, Tunnel Protocol: UDP, Encryption Cypher: AES-256 CBC, Hash Algorithm: SHA256, Advanced Options: Disabled. I have in place a Public Server Cert, CA Cert, Private Server Key, DH PEM, and a TLS Auth Key.
Additional Config:
Code: | proto udp
dev tun0
push "redirect-gateway def1"
push "route 192.168.133.0 255.255.255.0"
push "dhcp-option DNS 10.0.2.1"
keepalive 10 120
daemon
verb 5 |
Firewall:
Code: | iptables -I INPUT -i `get_wanface` -dport 22 -j ACCEPT
iptables -I OUTPUT -i `get_wanface` -dport 53 -j ACCEPT
iptables -I FORWARD --source 192.168.133.1/24 -j ACCEPT
iptables -I INPUT -p udp --dport 80 -j ACCEPT
iptables -I INPUT -i tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o tun0 -j ACCEPT
iptables -I FORWARD 1 --source 10.0.2.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.0.2.0/24 -j MASQUERADE
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
|
The client is a MacBook Pro running macOS 10.13.6 and Tunnelblick 3.7.8beta01 (build 5160) - Set DNS/WINS: Set Nameserver and OpenVPN version: 2.4.6 - OpenSSL v1.0.2p. Its config file is:
Code: | client
auth RSA-SHA256
auth-nocache
# Use the same setting as you are using on
# the server.
dev tun0
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
proto udp
# The hostname/IP and port of the server.
remote XX.YY.XX 80
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# SSL/TLS parms.
ca ca.crt
cert bucky.crt
key bucky.key
tls-auth ta.key 1
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
# ns-cert-type server
remote-cert-tls server
# Enable compression on the VPN link.
# comp-lzo
compress lzo
# Allow me to change my IP address
# and/or port number (if I get a new
# local IP address at Starbucks).
float
|
Before I start Tunnelblick I access a the WiFi link from my Verizon Wireless Smartphone as a hotspot for a remote network. Here is Network information from the MacBook Pro:
Code: | Wi-Fi:
Type: AirPort
Hardware: AirPort
BSD Device Name: en0
IPv4 Addresses: 192.168.43.117
IPv4:
AdditionalRoutes:
DestinationAddress: 192.168.43.117
SubnetMask: 255.255.255.255
DestinationAddress: 169.254.0.0
SubnetMask: 255.255.0.0
Addresses: 192.168.43.117
ARPResolvedHardwareAddress: 40:4e:36:1e:cf:7b
ARPResolvedIPAddress: 192.168.43.143
Configuration Method: DHCP
ConfirmedInterfaceName: en0
Interface Name: en0
Network Signature: IPv4.Router=192.168.43.143;IPv4.RouterHardwareAddress=40:4e:36:1e:cf:7b
Router: 192.168.43.143
Subnet Masks: 255.255.255.0
IPv6:
Addresses: 2600:1010:b016:c49b:893:44a:dfe:9691, 2600:1010:b016:c49b:dc59:d7ba:59e9:1e43
Configuration Method: Automatic
ConfirmedInterfaceName: en0
Interface Name: en0
Network Signature: IPv6.Prefix=2600:1010:b016:c49b::/64;IPv6.RouterHardwareAddress=40:4e:36:1e:cf:7b
Prefix Length: 64, 64
Router: fe80::424e:36ff:fe1e:cf7b
DNS:
Server Addresses: 192.168.43.143, 2600:1010:b016:c49b::64
DHCP Server Responses:
Domain Name Servers: 192.168.43.143
Lease Duration (seconds): 0
DHCP Message Type: 0x05
Routers: 192.168.43.143
Server Identifier: 192.168.43.143
Subnet Mask: 255.255.255.0
Ethernet:
MAC Address: 8c:85:90:b4:3a:23
Media Options:
Media Subtype: Auto Select
Proxies:
Exceptions List: *.local, 169.254/16
FTP Passive Mode: Yes
Service Order: 1
|
Code: | $ scutil --dns
DNS configuration
resolver #1
nameserver[0] : 2600:1010:b016:c49b::64
nameserver[1] : 192.168.43.143
if_index : 8 (en0)
flags : Request A records, Request AAAA records
reach : 0x00020002 (Reachable,Directly Reachable Address)
resolver #2
domain : local
options : mdns
timeout : 5
flags : Request A records, Request AAAA records
reach : 0x00000000 (Not Reachable)
order : 300000
resolver #3
domain : 254.169.in-addr.arpa
options : mdns
timeout : 5
flags : Request A records, Request AAAA records
reach : 0x00000000 (Not Reachable)
order : 300200
resolver #4
domain : 8.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records, Request AAAA records
reach : 0x00000000 (Not Reachable)
order : 300400
resolver #5
domain : 9.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records, Request AAAA records
reach : 0x00000000 (Not Reachable)
order : 300600
resolver #6
domain : a.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records, Request AAAA records
reach : 0x00000000 (Not Reachable)
order : 300800
resolver #7
domain : b.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records, Request AAAA records
reach : 0x00000000 (Not Reachable)
order : 301000
DNS configuration (for scoped queries)
resolver #1
nameserver[0] : 2600:1010:b016:c49b::64
nameserver[1] : 192.168.43.143
if_index : 8 (en0)
flags : Scoped, Request A records, Request AAAA records
reach : 0x00020002 (Reachable,Directly Reachable Address)
|
When I run Tunnelblick and setup the OpenVPN tunnel here is Network information from the MacBook Pro:
Code: | Wi-Fi:
Type: AirPort
Hardware: AirPort
BSD Device Name: en0
IPv4 Addresses: 192.168.43.117
IPv4:
AdditionalRoutes:
DestinationAddress: 192.168.43.117
SubnetMask: 255.255.255.255
DestinationAddress: 169.254.0.0
SubnetMask: 255.255.0.0
Addresses: 192.168.43.117
ARPResolvedHardwareAddress: 40:4e:36:1e:cf:7b
ARPResolvedIPAddress: 192.168.43.143
Configuration Method: DHCP
ConfirmedInterfaceName: en0
Interface Name: en0
Network Signature: IPv4.Router=192.168.43.143;IPv4.RouterHardwareAddress=40:4e:36:1e:cf:7b
Router: 192.168.43.143
Subnet Masks: 255.255.255.0
IPv6:
Addresses: 2600:1010:b016:c49b:893:44a:dfe:9691, 2600:1010:b016:c49b:dc59:d7ba:59e9:1e43
Configuration Method: Automatic
ConfirmedInterfaceName: en0
Interface Name: en0
Network Signature: IPv6.Prefix=2600:1010:b016:c49b::/64;IPv6.RouterHardwareAddress=40:4e:36:1e:cf:7b
Prefix Length: 64, 64
Router: fe80::424e:36ff:fe1e:cf7b
DNS:
Domain Name: openvpn
Search Domains: openvpn
Server Addresses: 10.0.2.1
DHCP Server Responses:
Domain Name Servers: 192.168.43.143
Lease Duration (seconds): 0
DHCP Message Type: 0x05
Routers: 192.168.43.143
Server Identifier: 192.168.43.143
Subnet Mask: 255.255.255.0
Ethernet:
MAC Address: 8c:85:90:b4:3a:23
Media Options:
Media Subtype: Auto Select
Proxies:
Exceptions List: *.local, 169.254/16
FTP Passive Mode: Yes
Service Order: 1
|
Code: | $ scutil --dns
DNS configuration
resolver #1
search domain[0] : openvpn
nameserver[0] : 10.0.2.1
flags : Request A records, Request AAAA records
reach : 0x00000002 (Reachable)
resolver #2
domain : local
options : mdns
timeout : 5
flags : Request A records, Request AAAA records
reach : 0x00000000 (Not Reachable)
order : 300000
resolver #3
domain : 254.169.in-addr.arpa
options : mdns
timeout : 5
flags : Request A records, Request AAAA records
reach : 0x00000000 (Not Reachable)
order : 300200
resolver #4
domain : 8.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records, Request AAAA records
reach : 0x00000000 (Not Reachable)
order : 300400
resolver #5
domain : 9.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records, Request AAAA records
reach : 0x00000000 (Not Reachable)
order : 300600
resolver #6
domain : a.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records, Request AAAA records
reach : 0x00000000 (Not Reachable)
order : 300800
resolver #7
domain : b.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records, Request AAAA records
reach : 0x00000000 (Not Reachable)
order : 301000
DNS configuration (for scoped queries)
resolver #1
search domain[0] : openvpn
nameserver[0] : 10.0.2.1
if_index : 8 (en0)
flags : Scoped, Request A records, Request AAAA records
reach : 0x00000002 (Reachable)
|
Its interesting that before the OpenVPN tunnel is established, the IPv4 address assigned to the MacBook Pro is 192.168.43.117 and the DNS is 192.168.43.143. After the OpenVPN tunnel is established, the IPv4 address of the Mac is unchanged and the DNS is 10.0.2.1. neither the Mac or the DNS are re-assigned to the 192.168.133.x LAN.
Here is the TunnelBlick log of the session
Code: | *Tunnelblick: OS X 10.13.6; Tunnelblick 3.7.8beta01 (build 5160); prior version 3.7.7beta04 (build 5120); Admin user
git commit fc572c89d58d4ad4b515f37a14639c03b609bd35
Configuration Home
"Sanitized" condensed configuration file for /Users/xyz/Library/Application Support/Tunnelblick/Configurations/Home.tblk:
client
auth RSA-SHA256
auth-nocache
dev tun0
proto udp
remote XX.YY.ZZ 80
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert bucky.crt
key bucky.key
tls-auth ta.key 1
remote-cert-tls server
compress lzo
float
================================================================================
Non-Apple kexts that are loaded:
Index Refs Address Size Wired Name (Version) UUID <Linked Against>
156 3 0xffffff7f85cd6000 0x64000 0x64000 org.virtualbox.kext.VBoxDrv (5.2.18) 4B812769-A078-3E16-B9D1-DCAB645482E4 <7 5 4 3 1>
162 0 0xffffff7f85d3a000 0x8000 0x8000 org.virtualbox.kext.VBoxUSB (5.2.18) 38AC00F1-4F4C-3101-B8E0-4F07161A728E <161 156 50 7 5 4 3 1>
163 0 0xffffff7f85d42000 0x5000 0x5000 org.virtualbox.kext.VBoxNetFlt (5.2.18) 80DA38DE-39E0-3DE7-A207-73D55CF17079 <156 7 5 4 3 1>
164 0 0xffffff7f85d47000 0x6000 0x6000 org.virtualbox.kext.VBoxNetAdp (5.2.18) CC938DAD-56D8-3616-B7B0-709D040CE41B <156 5 4 1>
================================================================================
Files in Home.tblk:
Contents/Resources/ta.key
Contents/Resources/buc….key
Contents/Resources/ca.crt
Contents/Resources/config.ovpn
Contents/Resources/buc….crt
================================================================================
Configuration preferences:
autoConnect = 0
-onSystemStart = 0
useDNS = 1
-routeAllTrafficThroughVpn = 0
-runMtuTest = 0
-useRouteUpInsteadOfUp = 1
-openvpnVersion = 2.4.6-openssl-1.0.2p
-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 1
-keepConnected = 1
-doNotDisableIpv6onTun = 1
-loggingLevel = 3
-allowChangesToManuallySetNetworkSettings = 1
-lastConnectionSucceeded = 1
-prependDomainNameToSearchDomains = 1
================================================================================
Wildcard preferences:
-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
================================================================================
Program preferences:
launchAtNextLogin = 1
tunnelblickVersionHistory = (
"3.7.8beta01 (build 5160)",
"3.7.7beta04 (build 5120)",
"3.7.7beta01 (build 5070)",
"3.7.6beta04 (build 5050)",
"3.7.6beta03 (build 5031)",
"3.7.5a (build 5011)"
)
lastLaunchTime = 561232189.812816
showConnectedDurations = 1
lastLanguageAtLaunchWasRTL = 0
connectionWindowDisplayCriteria = showWhenConnecting
maxLogDisplaySize = 102400
lastConnectedDisplayName = Home
keyboardShortcutIndex = 1
updateCheckAutomatically = 1
updateCheckBetas = 1
NSWindow Frame SettingsSheetWindow = 228 0 829 524 0 0 1280 777
NSWindow Frame ConnectingWindow = 445 442 389 187 0 0 1280 777
NSWindow Frame SUUpdateAlert = 330 288 620 392 0 0 1280 777
NSWindow Frame ListingWindow = 374 138 500 422 0 0 1280 777
detailsWindowFrameVersion = 5160
detailsWindowFrame = {{360, 211}, {920, 468}}
detailsWindowLeftFrame = {{0, 0}, {165, 350}}
detailsWindowViewIndex = 0
detailsWindowConfigurationsTabIdentifier = settings
leftNavSelectedDisplayName = Home
AdvancedWindowTabIdentifier = connectingAndDisconnecting
haveDealtWithOldTunTapPreferences = 1
haveDealtWithOldLoginItem = 1
haveDealtWithAfterDisconnect = 1
SUEnableAutomaticChecks = 1
SUScheduledCheckInterval = 86400
SULastCheckTime = 2018-10-14 17:49:50 +0000
SUHasLaunchedBefore = 1
WebKitDefaultFontSize = 16
WebKitStandardFont = Times
================================================================================
Tunnelblick Log:
2018-10-14 17:12:42 *Tunnelblick: openvpnstart starting OpenVPN
*Tunnelblick: OS X 10.13.6; Tunnelblick 3.7.8beta01 (build 5160); prior version 3.7.7beta04 (build 5120)
2018-10-14 17:12:42 *Tunnelblick: Attempting connection with Home using shadow copy; Set nameserver = 769; monitoring connection
2018-10-14 17:12:42 *Tunnelblick: openvpnstart start Home.tblk 62782 769 0 1 0 115120 -ptADGNWradsgnw 2.4.6-openssl-1.0.2p
2018-10-14 17:12:43 *Tunnelblick: openvpnstart log:
OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.4.6-openssl-1.0.2p/openvpn
--daemon
--log
/Library/Application Support/Tunnelblick/Logs/-SUsers-Sxyz-SLibrary-SApplication Support-STunnelblick-SConfigurations-SHome.tblk-SContents-SResources-Sconfig.ovpn.769_0_1_0_115120.62782.openvpn.log
--cd
/Library/Application Support/Tunnelblick/Users/xyz/Home.tblk/Contents/Resources
--setenv
IV_GUI_VER
"net.tunnelblick.tunnelblick 5160 3.7.8beta01 (build 5160)"
--verb
3
--config
/Library/Application Support/Tunnelblick/Users/xyz/Home.tblk/Contents/Resources/config.ovpn
--verb
3
--cd
/Library/Application Support/Tunnelblick/Users/xyz/Home.tblk/Contents/Resources
--management
127.0.0.1
62782
/Library/Application Support/Tunnelblick/fappejolpgdhnojhdblhfggbkjfjedkjlcphkfkb.mip
--management-query-passwords
--management-hold
--script-security
2
--route-up
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -d -f -m -o -p -w -ptADGNWradsgnw
--down
/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -d -f -m -o -p -w -ptADGNWradsgnw
2018-10-14 17:12:42 OpenVPN 2.4.6 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Sep 29 2018
2018-10-14 17:12:42 library versions: OpenSSL 1.0.2p 14 Aug 2018, LZO 2.10
2018-10-14 17:12:42 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:62782
2018-10-14 17:12:42 Need hold release from management interface, waiting...
2018-10-14 17:12:43 *Tunnelblick: Established communication with OpenVPN
2018-10-14 17:12:43 >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
2018-10-14 17:12:43 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:62782
2018-10-14 17:12:43 MANAGEMENT: CMD 'pid'
2018-10-14 17:12:43 MANAGEMENT: CMD 'auth-retry interact'
2018-10-14 17:12:43 MANAGEMENT: CMD 'state on'
2018-10-14 17:12:43 MANAGEMENT: CMD 'state'
2018-10-14 17:12:43 MANAGEMENT: CMD 'bytecount 1'
2018-10-14 17:12:43 MANAGEMENT: CMD 'hold release'
2018-10-14 17:12:43 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2018-10-14 17:12:43 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2018-10-14 17:12:43 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2018-10-14 17:12:43 MANAGEMENT: >STATE:1539562363,RESOLVE,,,,,,
2018-10-14 17:12:43 TCP/UDP: Preserving recently used remote address: [AF_INET]69.181.41.219:80
2018-10-14 17:12:43 Socket Buffers: R=[196724->196724] S=[9216->9216]
2018-10-14 17:12:43 UDP link local: (not bound)
2018-10-14 17:12:43 UDP link remote: [AF_INET]69.181.41.219:80
2018-10-14 17:12:43 MANAGEMENT: >STATE:1539562363,WAIT,,,,,,
2018-10-14 17:12:43 MANAGEMENT: >STATE:1539562363,AUTH,,,,,,
2018-10-14 17:12:43 TLS: Initial packet from [AF_INET]69.181.41.219:80, sid=1fa47464 45a394ee
2018-10-14 17:12:44 VERIFY OK: depth=1, CN=DD-WRT CA
2018-10-14 17:12:44 VERIFY KU OK
2018-10-14 17:12:44 Validating certificate extended key usage
2018-10-14 17:12:44 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2018-10-14 17:12:44 VERIFY EKU OK
2018-10-14 17:12:44 VERIFY OK: depth=0, CN=server
2018-10-14 17:12:44 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1554', remote='link-mtu 1570'
2018-10-14 17:12:44 WARNING: 'cipher' is used inconsistently, local='cipher BF-CBC', remote='cipher AES-256-CBC'
2018-10-14 17:12:44 WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256'
2018-10-14 17:12:44 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
2018-10-14 17:12:44 [server] Peer Connection Initiated with [AF_INET]69.181.41.219:80
2018-10-14 17:12:45 MANAGEMENT: >STATE:1539562365,GET_CONFIG,,,,,,
2018-10-14 17:12:45 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2018-10-14 17:12:45 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,redirect-gateway def1,route 192.168.133.0 255.255.255.0,dhcp-option DNS 10.0.2.1,route-gateway 10.0.2.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.0.2.2 255.255.255.0,peer-id 1,cipher AES-256-GCM'
2018-10-14 17:12:45 OPTIONS IMPORT: timers and/or timeouts modified
2018-10-14 17:12:45 OPTIONS IMPORT: --ifconfig/up options modified
2018-10-14 17:12:45 OPTIONS IMPORT: route options modified
2018-10-14 17:12:45 OPTIONS IMPORT: route-related options modified
2018-10-14 17:12:45 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2018-10-14 17:12:45 OPTIONS IMPORT: peer-id set
2018-10-14 17:12:45 OPTIONS IMPORT: adjusting link_mtu to 1625
2018-10-14 17:12:45 OPTIONS IMPORT: data channel crypto options modified
2018-10-14 17:12:45 Data Channel: using negotiated cipher 'AES-256-GCM'
2018-10-14 17:12:45 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2018-10-14 17:12:45 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2018-10-14 17:12:45 Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16)
2018-10-14 17:12:45 Opened utun device utun1
2018-10-14 17:12:45 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
2018-10-14 17:12:45 MANAGEMENT: >STATE:1539562365,ASSIGN_IP,,10.0.2.2,,,,
2018-10-14 17:12:45 /sbin/ifconfig utun1 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2018-10-14 17:12:45 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2018-10-14 17:12:45 /sbin/ifconfig utun1 10.0.2.2 10.0.2.2 netmask 255.255.255.0 mtu 1500 up
2018-10-14 17:12:45 /sbin/route add -net 10.0.2.0 10.0.2.2 255.255.255.0
add net 10.0.2.0: gateway 10.0.2.2
2018-10-14 17:12:45 /sbin/route add -net 69.181.41.219 192.168.43.143 255.255.255.255
add net 69.181.41.219: gateway 192.168.43.143
2018-10-14 17:12:45 /sbin/route add -net 0.0.0.0 10.0.2.1 128.0.0.0
add net 0.0.0.0: gateway 10.0.2.1
2018-10-14 17:12:45 /sbin/route add -net 128.0.0.0 10.0.2.1 128.0.0.0
add net 128.0.0.0: gateway 10.0.2.1
2018-10-14 17:12:45 MANAGEMENT: >STATE:1539562365,ADD_ROUTES,,,,,,
2018-10-14 17:12:45 /sbin/route add -net 192.168.133.0 10.0.2.1 255.255.255.0
add net 192.168.133.0: gateway 10.0.2.1
**********************************************
Start of output from client.up.tunnelblick.sh
Retrieved from OpenVPN: name server(s) [ 10.0.2.1 ], search domain(s) [ ] and SMB server(s) [ ] and using default domain name [ openvpn ]
Not aggregating ServerAddresses because running on OS X 10.6 or higher
Prepending 'openvpn' to search domains '' because the search domains were not set manually (or are allowed to be changed) and 'Prepend domain name to search domains' was selected
Saved the DNS and SMB configurations so they can be restored
Changed DNS ServerAddresses setting from '2600:1010:b016:c49b::64 192.168.43.143' to '10.0.2.1'
Changed DNS SearchDomains setting from '' to 'openvpn'
Changed DNS DomainName setting from '' to 'openvpn'
Did not change SMB NetBIOSName setting of ''
Did not change SMB Workgroup setting of ''
Did not change SMB WINSAddresses setting of ''
DNS servers '10.0.2.1' will be used for DNS queries when the VPN is active
NOTE: The DNS servers do not include any free public DNS servers known to Tunnelblick. This may cause DNS queries to fail or be intercepted or falsified even if they are directed through the VPN. Specify only known public DNS servers or DNS servers located on the VPN network to avoid such problems.
Flushed the DNS cache via dscacheutil
/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
Notified mDNSResponder that the DNS cache was flushed
Setting up to monitor system configuration with process-network-changes
End of output from client.up.tunnelblick.sh
**********************************************
2018-10-14 17:12:49 *Tunnelblick: No 'connected.sh' script to execute
2018-10-14 17:12:49 Initialization Sequence Completed
2018-10-14 17:12:49 MANAGEMENT: >STATE:1539562369,CONNECTED,SUCCESS,10.0.2.2,69.181.41.219,80,,
================================================================================
"Sanitized" full configuration file
client
auth RSA-SHA256
auth-nocache
# Use the same setting as you are using on
# the server.
dev tun0
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
proto udp
# The hostname/IP and port of the server.
remote XX.YY.ZZ 80
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# SSL/TLS parms.
ca ca.crt
cert bucky.crt
key bucky.key
tls-auth ta.key 1
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
# ns-cert-type server
remote-cert-tls server
# Enable compression on the VPN link.
# comp-lzo
compress lzo
# Allow me to change my IP address
# and/or port number (if I get a new
# local IP address at Starbucks).
float
================================================================================
ifconfig output:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
XHC1: flags=0<> mtu 0
XHC20: flags=0<> mtu 0
XHC0: flags=0<> mtu 0
en5: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether ac:de:48:00:11:22
inet6 fe80::aede:48ff:fe00:1122%en5 prefixlen 64 scopeid 0x7
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 8c:85:90:b4:3a:23
inet6 fe80::86e:782f:2796:ebb2%en0 prefixlen 64 secured scopeid 0x8
inet6 2600:1010:b016:c49b:893:44a:dfe:9691 prefixlen 64 autoconf secured
inet6 2600:1010:b016:c49b:dc59:d7ba:59e9:1e43 prefixlen 64 autoconf temporary
inet 192.168.43.117 netmask 0xffffff00 broadcast 192.168.43.255
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether 0e:85:90:b4:3a:23
media: autoselect
status: inactive
awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1484
ether 52:95:b2:08:78:91
inet6 fe80::5095:b2ff:fe08:7891%awdl0 prefixlen 64 scopeid 0xa
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
en3: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=60<TSO4,TSO6>
ether 76:00:54:d8:ae:05
media: autoselect <full-duplex>
status: inactive
en4: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=60<TSO4,TSO6>
ether 76:00:54:d8:ae:04
media: autoselect <full-duplex>
status: inactive
en1: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=60<TSO4,TSO6>
ether 76:00:54:d8:ae:01
media: autoselect <full-duplex>
status: inactive
en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=60<TSO4,TSO6>
ether 76:00:54:d8:ae:00
media: autoselect <full-duplex>
status: inactive
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=63<RXCSUM,TXCSUM,TSO4,TSO6>
ether 76:00:54:d8:ae:01
Configuration:
id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
ipfilter disabled flags 0x2
member: en1 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 13 priority 0 path cost 0
member: en2 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 14 priority 0 path cost 0
member: en3 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 11 priority 0 path cost 0
member: en4 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 12 priority 0 path cost 0
nd6 options=201<PERFORMNUD,DAD>
media: <unknown type>
status: inactive
vboxnet0: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 0a:00:27:00:00:00
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
inet6 fe80::3111:cf48:55b7:d286%utun0 prefixlen 64 scopeid 0x10
nd6 options=201<PERFORMNUD,DAD>
utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 10.0.2.2 --> 10.0.2.2 netmask 0xffffff00
================================================================================
Console Log:
2018-10-14 11:27:50 Tunnelblick[75493] Set 'expect disconnect' flag
2018-10-14 11:34:37 Tunnelblick[75493] Set 'expect disconnect' flag
2018-10-14 11:37:57 Tunnelblick[75493] Set 'expect disconnect' flag
2018-10-14 11:39:03 Tunnelblick[75493] Cleared 'expect disconnect' flag
2018-10-14 11:39:53 Tunnelblick[75493] Set 'expect disconnect' flag
2018-10-14 11:46:11 Tunnelblick[75493] Set 'expect disconnect' flag
2018-10-14 11:46:39 Tunnelblick[75493] Set 'expect disconnect' flag
2018-10-14 11:48:55 Tunnelblick[75493] Set 'expect disconnect' flag
2018-10-14 13:26:01 Tunnelblick[75493] Set 'expect disconnect' flag
2018-10-14 13:28:06 Tunnelblick[75493] Set 'expect disconnect' flag
2018-10-14 13:35:58 Tunnelblick[75493] Set 'expect disconnect' flag
2018-10-14 16:19:49 ksinstall[79784] 2018-10-14 16:19:49.556 ksinstall[79784/0x7fffac2a1380] [lvl=2] -[KeystoneInstallTool main] Google Software Update installer started.
2018-10-14 16:19:49 ksinstall[79784] 2018-10-14 16:19:49.566 ksinstall[79784/0x7fffac2a1380] [lvl=2] -[KeystoneInstallTool main] Google Software Update installer starting Installation.
2018-10-14 16:19:49 ksinstall[79784] 2018-10-14 16:19:49.980 ksinstall[79784/0x7fffac2a1380] [lvl=2] -[KeystoneInstallTool main] Google Software Update installer ran successfully.
2018-10-14 16:54:46 Tunnelblick[75493] Set 'expect disconnect' flag
2018-10-14 17:10:00 Tunnelblick[75493] Set 'expect disconnect' flag
|
Last edited by mache on Wed Oct 24, 2018 14:11; edited 1 time in total |
|