Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 10319 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

No internet connection when connected via SSL VPN (Tunnelblick for Mac)

aceint
Hello there,

I am using SSL VPN (with Tunnelblick 3.5.3) to connect myself with an ASG 220 (9.315-2). 
For some reason, I do not have an internet connection anymore when connected to the VPN. I can hardly do anything when connected.

No changes were made in the firewall.
Tunnelblick keeps spitting out this:

2015-08-13 03:10:44 DEPRECATED OPTION: --tls-remote, please update your configuration
2015-08-13 03:10:44 OpenVPN 2.3.6 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Jul 10 2015
2015-08-13 03:10:44 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08
2015-08-13 03:10:44 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337
2015-08-13 03:10:44 Need hold release from management interface, waiting...
2015-08-13 03:10:43 *Tunnelblick: OS X 10.10.4; Tunnelblick 3.5.3 (build 4270.4371); prior version 3.4.3 (build 4055.4198)
2015-08-13 03:10:43 *Tunnelblick: Attempting connection with S.Adler; Set nameserver = 1; not monitoring connection
2015-08-13 03:10:43 *Tunnelblick: openvpnstart start S.Adler.tblk 1337 1 0 3 1 16688 -ptADGNWradsgnw 2.3.6
2015-08-13 03:10:45 *Tunnelblick: openvpnstart log:
     OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
     
          /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.6/openvpn
          --daemon
          --log
          /Library/Application Support/Tunnelblick/Logs/-SLibrary-SApplication Support-STunnelblick-SShared-SS.Adler.tblk-SContents-SResources-Sconfig.ovpn.1_0_3_1_16688.1337.openvpn.log
          --cd
          /Library/Application Support/Tunnelblick/Shared/S.Adler.tblk/Contents/Resources
          --config
          /Library/Application Support/Tunnelblick/Shared/S.Adler.tblk/Contents/Resources/config.ovpn
          --cd
          /Library/Application Support/Tunnelblick/Shared/S.Adler.tblk/Contents/Resources
          --management
          127.0.0.1
          1337
          --management-query-passwords
          --management-hold
          --script-security
          2
          --up
          /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -d -f -w -ptADGNWradsgnw
          --down
          /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -d -f -w -ptADGNWradsgnw

2015-08-13 03:10:43 *Tunnelblick: openvpnstart starting OpenVPN
2015-08-13 03:10:45 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337
2015-08-13 03:10:45 *Tunnelblick: Established communication with OpenVPN
2015-08-13 03:10:45 *Tunnelblick: Obtained VPN username and password from the Keychain
2015-08-13 03:10:45 MANAGEMENT: CMD 'pid'
2015-08-13 03:10:45 MANAGEMENT: CMD 'state on'
2015-08-13 03:10:45 MANAGEMENT: CMD 'state'
2015-08-13 03:10:45 MANAGEMENT: CMD 'bytecount 1'
2015-08-13 03:10:45 MANAGEMENT: CMD 'hold release'
2015-08-13 03:10:45 MANAGEMENT: CMD 'username "Auth" "s.adler"'
2015-08-13 03:10:45 MANAGEMENT: CMD 'password [...]'
2015-08-13 03:10:45 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2015-08-13 03:10:45 Socket Buffers: R=[131072->65536] S=[131072->65536]
2015-08-13 03:10:45 MANAGEMENT: >STATE:1439428245,RESOLVE,,,
2015-08-13 03:10:45 Attempting to establish TCP connection with [AF_INET]80.152.160.50:4447 [nonblock]
2015-08-13 03:10:45 MANAGEMENT: >STATE:1439428245,TCP_CONNECT,,,
2015-08-13 03:10:46 TCP connection established with [AF_INET]80.152.160.50:4447
2015-08-13 03:10:46 TCPv4_CLIENT link local: [undef]
2015-08-13 03:10:46 TCPv4_CLIENT link remote: [AF_INET]80.152.160.50:4447
2015-08-13 03:10:46 MANAGEMENT: >STATE:1439428246,WAIT,,,
2015-08-13 03:10:46 MANAGEMENT: >STATE:1439428246,AUTH,,,
2015-08-13 03:10:46 TLS: Initial packet from [AF_INET]80.152.160.50:4447, sid=30aff5f7 6c5dea90
2015-08-13 03:10:46 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2015-08-13 03:10:47 VERIFY OK: depth=1, /C=de/L=Koeln/O=ACE_International/CN=ACE_International_VPN_CA/emailAddress=info@ace-int.com
2015-08-13 03:10:47 VERIFY X509NAME OK: /C=de/L=Koeln/O=ACE_International/CN=gw01.ACE-Int.com/emailAddress=info@ace-int.com
2015-08-13 03:10:47 VERIFY OK: depth=0, /C=de/L=Koeln/O=ACE_International/CN=gw01.ACE-Int.com/emailAddress=info@ace-int.com
2015-08-13 03:10:48 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
2015-08-13 03:10:48 Data Channel Encrypt: Using 128 bit message hash 'MD5' for HMAC authentication
2015-08-13 03:10:48 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
2015-08-13 03:10:48 Data Channel Decrypt: Using 128 bit message hash 'MD5' for HMAC authentication
2015-08-13 03:10:48 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
2015-08-13 03:10:48 [gw01.ACE-Int.com] Peer Connection Initiated with [AF_INET]80.152.160.50:4447
2015-08-13 03:10:49 MANAGEMENT: >STATE:1439428249,GET_CONFIG,,,
2015-08-13 03:10:50 SENT CONTROL [gw01.ACE-Int.com]: 'PUSH_REQUEST' (status=1)
2015-08-13 03:10:50 PUSH: Received control message: 'PUSH_REPLY,route 10.242.2.1,topology net30,ping 10,ping-restart 120,redirect-gateway def1,dhcp-option DNS 192.168.1.22,dhcp-option DNS 192.168.1.254,dhcp-option DOMAIN ace-int.com,ifconfig 10.242.2.6 10.242.2.5'
2015-08-13 03:10:50 OPTIONS IMPORT: timers and/or timeouts modified
2015-08-13 03:10:50 OPTIONS IMPORT: --ifconfig/up options modified
2015-08-13 03:10:50 OPTIONS IMPORT: route options modified
2015-08-13 03:10:50 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2015-08-13 03:10:50 Opening utun (connect(AF_SYS_CONTROL)): Resource busy
2015-08-13 03:10:50 Opened utun device utun1
2015-08-13 03:10:50 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
2015-08-13 03:10:50 MANAGEMENT: >STATE:1439428250,ASSIGN_IP,,10.242.2.6,
2015-08-13 03:10:50 /sbin/ifconfig utun1 delete
                                        ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2015-08-13 03:10:50 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2015-08-13 03:10:50 /sbin/ifconfig utun1 10.242.2.6 10.242.2.5 mtu 1500 netmask 255.255.255.255 up
2015-08-13 03:10:50 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -d -f -w -ptADGNWradsgnw utun1 1500 1556 10.242.2.6 10.242.2.5 init
                                        **********************************************
                                        Start of output from client.up.tunnelblick.sh
                                        Retrieved from OpenVPN: name server(s) [ 192.168.1.22 192.168.1.254 ], domain name [ ace-int.com ], search domain(s) [  ], and SMB server(s) [  ]
                                        Not aggregating ServerAddresses because running on OS X 10.6 or higher
                                        Setting search domains to 'ace-int.com' because running under OS X 10.6 or higher and the search domains were not set manually and 'Prepend domain name to search domains' was not selected
                                        Saved the DNS and SMB configurations so they can be restored
                                        Changed DNS ServerAddresses setting from '192.168.2.1 fe80::1' to '192.168.1.22 192.168.1.254'
                                        Changed DNS SearchDomains setting from '' to 'ace-int.com'
                                        Changed DNS DomainName setting from 'Speedport_W_724V_Typ_A_05011603_00_003' to 'ace-int.com'
                                        Did not change SMB NetBIOSName setting of ''
                                        Did not change SMB Workgroup setting of ''
                                        Did not change SMB WINSAddresses setting of ''
                                        DNS servers '192.168.1.22 192.168.1.254' will be used for DNS queries when the VPN is active
                                        The DNS servers do not include any free public DNS servers known to Tunnelblick. This may cause DNS queries to fail or be intercepted or falsified even if they are directed through the VPN. Specify only known public DNS servers or DNS servers located on the VPN network to avoid such problems.
                                        Flushed the DNS cache via dscacheutil
                                        /usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
                                        Notified mDNSResponder that the DNS cache was flushed
                                        End of output from client.up.tunnelblick.sh
                                        **********************************************
2015-08-13 03:10:58 /sbin/route add -net 80.152.160.50 192.168.2.1 255.255.255.255
                                        add net 80.152.160.50: gateway 192.168.2.1
2015-08-13 03:10:58 /sbin/route add -net 0.0.0.0 10.242.2.5 128.0.0.0
                                        add net 0.0.0.0: gateway 10.242.2.5
2015-08-13 03:10:58 /sbin/route add -net 128.0.0.0 10.242.2.5 128.0.0.0
2015-08-13 03:10:58 *Tunnelblick: No 'connected.sh' script to execute
                                        add net 128.0.0.0: gateway 10.242.2.5
2015-08-13 03:10:58 MANAGEMENT: >STATE:1439428258,ADD_ROUTES,,,
2015-08-13 03:10:58 /sbin/route add -net 80.152.160.50 192.168.2.1 255.255.255.255
                                        route: writing to routing socket: File exists
                                        add net 80.152.160.50: gateway 192.168.2.1: File exists
2015-08-13 03:10:58 /sbin/route add -net 10.242.2.1 10.242.2.5 255.255.255.255
                                        add net 10.242.2.1: gateway 10.242.2.5
2015-08-13 03:10:58 Initialization Sequence Completed
2015-08-13 03:10:58 MANAGEMENT: >STATE:1439428258,CONNECTED,SUCCESS,10.242.2.6,80.152.160.50
2015-08-13 03:12:15 *Tunnelblick: After 30.0 seconds, gave up trying to fetch IP address information using the ipInfo host's IP address after connecting.



Especially the last line might be interesting.
Does anyone have an idea? I am going insane on this.

Thank you very much in advance!

BR
Sebastian


This thread was automatically locked due to age.
  • 0
    This is a tunnelblink issue and not a UTM issue, if it works on windows it's a issue with Tunnelblink
  • 0
    Sebastian, in the next-to-the-last line, I see "80. 152.160.50" - with a space in it.  Is that just an error of display by Tunnelblick, or is there perhaps an error in your configuration?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Good catch Bob-

    Also when connected i assume you can get to everything else internal to the VPN correct? It appears you are getting 10.242.2.5 as your gateway - Typically it's 10.242.2.1.

    Can you ping anything on the 192.168.1.x network?
    Subsequently can you ping anything on the 192.168.1.x network using a dns name?

    Noteworthy
    UserVPN network appears to be 192.168.2.0/24

    Internal network appears to be 192.168.1.0/24

    PUSH: Received control message: 'PUSH_REPLY,route **10.242.2.1**,

    DNS 192.168.1.22,dhcp-option DNS 192.168.1.254

    Changed DNS ServerAddresses setting from '192.168.2.1 fe80::1' to '192.168.1.22 192.168.1.254
Unfiltered HTML