Astaro.org

Hello there,

I am using SSL VPN (with Tunnelblick 3.5.3) to connect myself with an ASG 220 (9.315-2).

For some reason, I do not have an internet connection anymore when connected to the VPN. I can hardly do anything when connected.

No changes were made in the firewall.

Tunnelblick keeps spitting out this:

2015-08-13 03:10:44 DEPRECATED OPTION: --tls-remote, please update your configuration

2015-08-13 03:10:44 OpenVPN 2.3.6 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Jul 10 2015

2015-08-13 03:10:44 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08

2015-08-13 03:10:44 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337

2015-08-13 03:10:44 Need hold release from management interface, waiting...

2015-08-13 03:10:43 *Tunnelblick: OS X 10.10.4; Tunnelblick 3.5.3 (build 4270.4371); prior version 3.4.3 (build 4055.4198)

2015-08-13 03:10:43 *Tunnelblick: Attempting connection with S.Adler; Set nameserver = 1; not monitoring connection

2015-08-13 03:10:43 *Tunnelblick: openvpnstart start S.Adler.tblk 1337 1 0 3 1 16688 -ptADGNWradsgnw 2.3.6

2015-08-13 03:10:45 *Tunnelblick: openvpnstart log:

OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):

/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.6/openvpn

--daemon

--log

/Library/Application Support/Tunnelblick/Logs/-SLibrary-SApplication Support-STunnelblick-SShared-SS.Adler.tblk-SContents-SResources-Sconfig.ovpn.1_0_3_1_16688.1337.openvpn.log

--cd

/Library/Application Support/Tunnelblick/Shared/S.Adler.tblk/Contents/Resources

--config

/Library/Application Support/Tunnelblick/Shared/S.Adler.tblk/Contents/Resources/config.ovpn

--cd

/Library/Application Support/Tunnelblick/Shared/S.Adler.tblk/Contents/Resources

--management

127.0.0.1

1337

--management-query-passwords

--management-hold

--script-security

2

--up

/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -d -f -w -ptADGNWradsgnw

--down

/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -d -f -w -ptADGNWradsgnw

2015-08-13 03:10:43 *Tunnelblick: openvpnstart starting OpenVPN

2015-08-13 03:10:45 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337

2015-08-13 03:10:45 *Tunnelblick: Established communication with OpenVPN

2015-08-13 03:10:45 *Tunnelblick: Obtained VPN username and password from the Keychain

2015-08-13 03:10:45 MANAGEMENT: CMD 'pid'

2015-08-13 03:10:45 MANAGEMENT: CMD 'state on'

2015-08-13 03:10:45 MANAGEMENT: CMD 'state'

2015-08-13 03:10:45 MANAGEMENT: CMD 'bytecount 1'

2015-08-13 03:10:45 MANAGEMENT: CMD 'hold release'

2015-08-13 03:10:45 MANAGEMENT: CMD 'username "Auth" "s.adler"'

2015-08-13 03:10:45 MANAGEMENT: CMD 'password [...]'

2015-08-13 03:10:45 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2015-08-13 03:10:45 Socket Buffers: R=[131072->65536] S=[131072->65536]

2015-08-13 03:10:45 MANAGEMENT: >STATE:1439428245,RESOLVE,,,

2015-08-13 03:10:45 Attempting to establish TCP connection with [AF_INET]80.152.160.50:4447 [nonblock]

2015-08-13 03:10:45 MANAGEMENT: >STATE:1439428245,TCP_CONNECT,,,

2015-08-13 03:10:46 TCP connection established with [AF_INET]80.152.160.50:4447

2015-08-13 03:10:46 TCPv4_CLIENT link local: [undef]

2015-08-13 03:10:46 TCPv4_CLIENT link remote: [AF_INET]80.152.160.50:4447

2015-08-13 03:10:46 MANAGEMENT: >STATE:1439428246,WAIT,,,

2015-08-13 03:10:46 MANAGEMENT: >STATE:1439428246,AUTH,,,

2015-08-13 03:10:46 TLS: Initial packet from [AF_INET]80.152.160.50:4447, sid=30aff5f7 6c5dea90

2015-08-13 03:10:46 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

2015-08-13 03:10:47 VERIFY OK: depth=1, /C=de/L=Koeln/O=ACE_International/CN=ACE_International_VPN_CA/emailAddress=info@ace-int.com

2015-08-13 03:10:47 VERIFY X509NAME OK: /C=de/L=Koeln/O=ACE_International/CN=gw01.ACE-Int.com/emailAddress=info@ace-int.com

2015-08-13 03:10:47 VERIFY OK: depth=0, /C=de/L=Koeln/O=ACE_International/CN=gw01.ACE-Int.com/emailAddress=info@ace-int.com

2015-08-13 03:10:48 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key

2015-08-13 03:10:48 Data Channel Encrypt: Using 128 bit message hash 'MD5' for HMAC authentication

2015-08-13 03:10:48 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key

2015-08-13 03:10:48 Data Channel Decrypt: Using 128 bit message hash 'MD5' for HMAC authentication

2015-08-13 03:10:48 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA

2015-08-13 03:10:48 [gw01.ACE-Int.com] Peer Connection Initiated with [AF_INET]80.152.160.50:4447

2015-08-13 03:10:49 MANAGEMENT: >STATE:1439428249,GET_CONFIG,,,

2015-08-13 03:10:50 SENT CONTROL [gw01.ACE-Int.com]: 'PUSH_REQUEST' (status=1)

2015-08-13 03:10:50 PUSH: Received control message: 'PUSH_REPLY,route 10.242.2.1,topology net30,ping 10,ping-restart 120,redirect-gateway def1,dhcp-option DNS 192.168.1.22,dhcp-option DNS 192.168.1.254,dhcp-option DOMAIN ace-int.com,ifconfig 10.242.2.6 10.242.2.5'

2015-08-13 03:10:50 OPTIONS IMPORT: timers and/or timeouts modified

2015-08-13 03:10:50 OPTIONS IMPORT: --ifconfig/up options modified

2015-08-13 03:10:50 OPTIONS IMPORT: route options modified

2015-08-13 03:10:50 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

2015-08-13 03:10:50 Opening utun (connect(AF_SYS_CONTROL)): Resource busy

2015-08-13 03:10:50 Opened utun device utun1

2015-08-13 03:10:50 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0

2015-08-13 03:10:50 MANAGEMENT: >STATE:1439428250,ASSIGN_IP,,10.242.2.6,

2015-08-13 03:10:50 /sbin/ifconfig utun1 delete

ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address

2015-08-13 03:10:50 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure

2015-08-13 03:10:50 /sbin/ifconfig utun1 10.242.2.6 10.242.2.5 mtu 1500 netmask 255.255.255.255 up

2015-08-13 03:10:50 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -d -f -w -ptADGNWradsgnw utun1 1500 1556 10.242.2.6 10.242.2.5 init

**********************************************

Start of output from client.up.tunnelblick.sh

Retrieved from OpenVPN: name server(s) [ 192.168.1.22 192.168.1.254 ], domain name [ ace-int.com ], search domain(s) [ ], and SMB server(s) [ ]

Not aggregating ServerAddresses because running on OS X 10.6 or higher

Setting search domains to 'ace-int.com' because running under OS X 10.6 or higher and the search domains were not set manually and 'Prepend domain name to search domains' was not selected

Saved the DNS and SMB configurations so they can be restored

Changed DNS ServerAddresses setting from '192.168.2.1 fe80::1' to '192.168.1.22 192.168.1.254'

Changed DNS SearchDomains setting from '' to 'ace-int.com'

Changed DNS DomainName setting from 'Speedport_W_724V_Typ_A_05011603_00_003' to 'ace-int.com'

Did not change SMB NetBIOSName setting of ''

Did not change SMB Workgroup setting of ''

Did not change SMB WINSAddresses setting of ''

DNS servers '192.168.1.22 192.168.1.254' will be used for DNS queries when the VPN is active

The DNS servers do not include any free public DNS servers known to Tunnelblick. This may cause DNS queries to fail or be intercepted or falsified even if they are directed through the VPN. Specify only known public DNS servers or DNS servers located on the VPN network to avoid such problems.

Flushed the DNS cache via dscacheutil

/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil

Notified mDNSResponder that the DNS cache was flushed

End of output from client.up.tunnelblick.sh

**********************************************

2015-08-13 03:10:58 /sbin/route add -net 80.152.160.50 192.168.2.1 255.255.255.255

add net 80.152.160.50: gateway 192.168.2.1

2015-08-13 03:10:58 /sbin/route add -net 0.0.0.0 10.242.2.5 128.0.0.0

add net 0.0.0.0: gateway 10.242.2.5

2015-08-13 03:10:58 /sbin/route add -net 128.0.0.0 10.242.2.5 128.0.0.0

2015-08-13 03:10:58 *Tunnelblick: No 'connected.sh' script to execute

add net 128.0.0.0: gateway 10.242.2.5

2015-08-13 03:10:58 MANAGEMENT: >STATE:1439428258,ADD_ROUTES,,,

2015-08-13 03:10:58 /sbin/route add -net 80.152.160.50 192.168.2.1 255.255.255.255

route: writing to routing socket: File exists

add net 80.152.160.50: gateway 192.168.2.1: File exists

2015-08-13 03:10:58 /sbin/route add -net 10.242.2.1 10.242.2.5 255.255.255.255

add net 10.242.2.1: gateway 10.242.2.5

2015-08-13 03:10:58 Initialization Sequence Completed

2015-08-13 03:10:58 MANAGEMENT: >STATE:1439428258,CONNECTED,SUCCESS,10.242.2.6,80. 152.160.50

2015-08-13 03:12:15 *Tunnelblick: After 30.0 seconds, gave up trying to fetch IP address information using the ipInfo host's IP address after connecting.

Especially the last line might be interesting.

Does anyone have an idea? I am going insane on this.

Thank you very much in advance!

BR

Sebastian