Comments on: Tunnelblick http://erdelynet.com/tech/mac-os-x/tunnelblick/ Mike Erdely's website (still faster than Scott's blog) Wed, 10 Feb 2010 22:55:02 +0000 http://wordpress.org/?v=2.9.1 hourly 1 By: Zvi http://erdelynet.com/tech/mac-os-x/tunnelblick/comment-page-1/#comment-7019 Zvi Sat, 26 Apr 2008 00:16:09 +0000 http://erdelynet.com/2006/04/16/mac-os-x/tunnelblick/#comment-7019 Newbie question.... Trying to run Tunnelblick on MacBook Pro Leopard. Copied the config files that worked on Windows. Do I need to do something equivalent to creating a TAPI adapter (whatever that means) like I did on Windows and if so how? So far I just get these errors in the Tunnelblick log. Any help appreciated please? Are there good instructions anywhere or a more organized discussion group besides this long thread? Thanks! Sat 04/26/08 03:10 AM: IMPORTANT: OpenVPN's default port number is now 1194 Sat 04/26/08 03:10 AM: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Sat 04/26/08 03:10 AM: Cannot load certificate file client.crt: error:02001002:system library:fopen:No such file or directory: error:20074002:BIO routines:FILE_CTRL:system lib: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib Newbie question…. Trying to run Tunnelblick on MacBook Pro Leopard. Copied the config files that worked on Windows. Do I need to do something equivalent to creating a TAPI adapter (whatever that means) like I did on Windows and if so how? So far I just get these errors in the Tunnelblick log. Any help appreciated please? Are there good instructions anywhere or a more organized discussion group besides this long thread? Thanks!

Sat 04/26/08 03:10 AM: IMPORTANT: OpenVPN’s default port number is now 1194
Sat 04/26/08 03:10 AM: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sat 04/26/08 03:10 AM: Cannot load certificate file client.crt: error:02001002:system library:fopen:No such file or directory: error:20074002:BIO routines:FILE_CTRL:system lib: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib

]]> By: wioota http://erdelynet.com/tech/mac-os-x/tunnelblick/comment-page-1/#comment-6865 wioota Thu, 17 Apr 2008 10:16:53 +0000 http://erdelynet.com/2006/04/16/mac-os-x/tunnelblick/#comment-6865 I am also affected with this problem - and after much battling to get Tunnelblick working under 10.5.2 at the office I find I am still caught short when accessing from home through my wrt54g. The two previous posts seem to describe the situation exactly. I am also affected with this problem – and after much battling to get Tunnelblick working under 10.5.2 at the office I find I am still caught short when accessing from home through my wrt54g.

The two previous posts seem to describe the situation exactly.

]]> By: Nicolas http://erdelynet.com/tech/mac-os-x/tunnelblick/comment-page-1/#comment-6544 Nicolas Wed, 26 Mar 2008 18:04:21 +0000 http://erdelynet.com/2006/04/16/mac-os-x/tunnelblick/#comment-6544 @Gilles: I think I have exactly the same problem. Tunnelbllick reports "Initialization Sequence Completed", but after that, I'm unable to connect to the windows server at work. It's not a problem of the server, as I don't have any problem connecting to it when I'm at the office. Have you found a solution? My VPN used to work fine last january, so I think it may be an issue with 10.5.2. @Gilles: I think I have exactly the same problem. Tunnelbllick reports “Initialization Sequence Completed”, but after that, I’m unable to connect to the windows server at work. It’s not a problem of the server, as I don’t have any problem connecting to it when I’m at the office. Have you found a solution?
My VPN used to work fine last january, so I think it may be an issue with 10.5.2.

]]> By: Gilles http://erdelynet.com/tech/mac-os-x/tunnelblick/comment-page-1/#comment-6278 Gilles Wed, 05 Mar 2008 19:15:10 +0000 http://erdelynet.com/2006/04/16/mac-os-x/tunnelblick/#comment-6278 Hi, Sounds like I'm not the only one facing problems with openvpn on leopard.. spent hours trying to figure out how to push all the traffic through the VPN tunnel, so maybe someone here can give me a tip? I'm using openVPN in bridged mode - my home router (myISP_IP/192.168.1.1) runs the server and allocates an IP to connecting clients (192.168.1.x, this works fine with my PDAphone with OpenVPN for windows mobile and on my previous XP laptop). On my MacBook Pro, I have compiled OpenVPN and the tunnel is properly created with no warning. The tap0 if gets an IP as it's supposed to, I can ping the gateway but the rest of the traffic goes through my company's gateway... The server looks like this: openvpn --dev tap0 --secret /tmp/static.key --comp-lzo --port 443 --proto tcp-server --verb 3 --log /tmp /openvpn.log --daemon and the client on my mac: remote myISP_IP # IP route-delay 3 route-gateway 192.168.1.1 redirect-gateway def1 port 443 dev tap secret static.key proto tcp-client comp-lzo up ./tap-up-down.sh down ./tap-up-down.sh The client log says: ... Wed Mar 5 19:57:23 2008 Peer Connection Initiated with myIP:443 add net myISP_IP: gateway myCompany_IP add net 0.0.0.0: gateway 192.168.1.1 add net 128.0.0.0: gateway 192.168.1.1 Wed Mar 5 19:57:26 2008 Initialization Sequence Completed but no way... notice that I used both route_gateway and redirect_gateway is an apparently appropriate way, but the default routes are not changed... I'm losing network connection and cannot even see my routing tables: netstat -r hangs or takes ages and confirms default still not 192.168.1.1) If someone sees the problem... I'd be really glad to fix this! Cheers, Gilles Hi,
Sounds like I’m not the only one facing problems with openvpn on leopard.. spent hours trying to figure out how to push all the traffic through the VPN tunnel, so maybe someone here can give me a tip?

I’m using openVPN in bridged mode – my home router (myISP_IP/192.168.1.1) runs the server and allocates an IP to connecting clients (192.168.1.x, this works fine with my PDAphone with OpenVPN for windows mobile and on my previous XP laptop).

On my MacBook Pro, I have compiled OpenVPN and the tunnel is properly created with no warning. The tap0 if gets an IP as it’s supposed to, I can ping the gateway but the rest of the traffic goes through my company’s gateway…

The server looks like this:

openvpn –dev tap0 –secret /tmp/static.key –comp-lzo –port 443 –proto tcp-server –verb 3 –log /tmp
/openvpn.log –daemon

and the client on my mac:

remote myISP_IP # IP
route-delay 3
route-gateway 192.168.1.1
redirect-gateway def1
port 443
dev tap
secret static.key
proto tcp-client
comp-lzo
up ./tap-up-down.sh
down ./tap-up-down.sh

The client log says:

Wed Mar 5 19:57:23 2008 Peer Connection Initiated with myIP:443
add net myISP_IP: gateway myCompany_IP
add net 0.0.0.0: gateway 192.168.1.1
add net 128.0.0.0: gateway 192.168.1.1
Wed Mar 5 19:57:26 2008 Initialization Sequence Completed

but no way… notice that I used both route_gateway and redirect_gateway is an apparently appropriate way, but the default routes are not changed… I’m losing network connection and cannot even see my routing tables: netstat -r hangs or takes ages and confirms default still not 192.168.1.1)

If someone sees the problem… I’d be really glad to fix this!

Cheers,

Gilles

]]> By: steve http://erdelynet.com/tech/mac-os-x/tunnelblick/comment-page-1/#comment-2520 steve Mon, 19 Mar 2007 03:49:41 +0000 http://erdelynet.com/2006/04/16/mac-os-x/tunnelblick/#comment-2520 i meant tap0, not tun0... i meant tap0, not tun0…

]]> By: steve http://erdelynet.com/tech/mac-os-x/tunnelblick/comment-page-1/#comment-2519 steve Mon, 19 Mar 2007 03:48:27 +0000 http://erdelynet.com/2006/04/16/mac-os-x/tunnelblick/#comment-2519 my understanding is that redirect-gateway is a server option or a client option, either way, which makes it very flexible and client selectable. if that wasnt true, then i like your idea of 2 servers as a work around. i'm actually much closer now to getting it to work on the client. my problem was that in the client settings i only had: redirect-gateway def1 #def1 makes it temporary instead of route-gateway 10.21.21.1 redirect-gateway def1 #def1 makes it temporary I didn't know you had to hardcode the route-gateway in there. perhaps if i did a push "route-gateway 10.21.21.1" from the server. but last time i pushed both the gateway and the dns from the dd-wrt openvpn server the openvpn process would die. BEFORE netstat -r reveals: default gtwy.mydomain.net UGSc 19 214 en1 AFTER: netstat -r reveals: 0/1 10.23.23.1 UGSc 5 22 en1 default gtwy.mydomain.net UGSc 2 145 en1 as you can see, the problem is the command is adding the gateway to en1 not tap0 as it should. i need to find a way to give the redirect-gateway command a parameter of tun0 btw, i had to use a tap-up.sh script with Tunnelblick to get the tunnel to work at all: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=5058&highlight=openvpn+mac+clients #!/bin/bash ipconfig set tap0 DHCP my understanding is that redirect-gateway is a server option or a client option, either way, which makes it very flexible and client selectable.

if that wasnt true, then i like your idea of 2 servers as a work around.

i’m actually much closer now to getting it to work on the client.
my problem was that in the client settings i only had:

redirect-gateway def1 #def1 makes it temporary

instead of

route-gateway 10.21.21.1
redirect-gateway def1 #def1 makes it temporary

I didn’t know you had to hardcode the route-gateway in there.
perhaps if i did a push “route-gateway 10.21.21.1″ from the server.
but last time i pushed both the gateway and the dns from the dd-wrt openvpn server the openvpn process would die.

BEFORE netstat -r reveals:
default gtwy.mydomain.net UGSc 19 214 en1

AFTER: netstat -r reveals:
0/1 10.23.23.1 UGSc 5 22 en1
default gtwy.mydomain.net UGSc 2 145 en1

as you can see, the problem is the command is adding the gateway to en1 not tap0 as it should. i need to find a way to give the redirect-gateway command a parameter of tun0

btw, i had to use a tap-up.sh script with Tunnelblick to get the tunnel to work at all:
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=5058&highlight=openvpn+mac+clients

#!/bin/bash
ipconfig set tap0 DHCP

]]> By: mike http://erdelynet.com/tech/mac-os-x/tunnelblick/comment-page-1/#comment-2465 mike Mon, 12 Mar 2007 14:07:26 +0000 http://erdelynet.com/2006/04/16/mac-os-x/tunnelblick/#comment-2465 "redirect-gateway" is a server side setting. Not a client side setting. For my home network, I have two instances of openvpn running. One for just securely connecting to home resources and the second for routing all of my network traffic through my home network with redirect-gateway. One is on port 1194 and the other is on 1195. I have two configuration files so Tunnelblick gives me two options. “redirect-gateway” is a server side setting. Not a client side setting.

For my home network, I have two instances of openvpn running. One for just securely connecting to home resources and the second for routing all of my network traffic through my home network with redirect-gateway. One is on port 1194 and the other is on 1195. I have two configuration files so Tunnelblick gives me two options.

]]> By: steve http://erdelynet.com/tech/mac-os-x/tunnelblick/comment-page-1/#comment-2461 steve Mon, 12 Mar 2007 01:33:23 +0000 http://erdelynet.com/2006/04/16/mac-os-x/tunnelblick/#comment-2461 >Posted May 8, 2006 @ 11:16 am EDT > By mike > > This is not a Tunnelblick issue. It’s an OpenVPN issue. Look at the ‘push “redirect-gateway”‘ option on the server. mike we meet again for Tunnelblick questions! have you ever gotten Tunnelblick to pass the gateway properly with this option? i have been trying to do just that... push all traffic through the VPN with redirect-gateway directtive on the client. Tunnelblick just says NOTE: unable to redirect default gateway -- VPN gateway parameter (--route-gateway or --ifconfig) is missing i was able to get the DNS server passed correctly as per my other note referencing this thread... http://openvpn.net/archive/openvpn-users/2006-10/msg00120.html >Posted May 8, 2006 @ 11:16 am EDT
> By mike
>
> This is not a Tunnelblick issue. It’s an OpenVPN issue. Look at the ‘push “redirect-gateway”‘ option on the server.

mike we meet again for Tunnelblick questions!

have you ever gotten Tunnelblick to pass the gateway properly with this option?

i have been trying to do just that… push all traffic through the VPN with redirect-gateway directtive on the client.

Tunnelblick just says
NOTE: unable to redirect default gateway — VPN gateway parameter (–route-gateway or –ifconfig) is missing

i was able to get the DNS server passed correctly as per my other note referencing this thread…

http://openvpn.net/archive/openvpn-users/2006-10/msg00120.html

]]> By: perkypat http://erdelynet.com/tech/mac-os-x/tunnelblick/comment-page-1/#comment-2107 perkypat Sat, 10 Feb 2007 09:09:52 +0000 http://erdelynet.com/2006/04/16/mac-os-x/tunnelblick/#comment-2107 I have been trying to VPN to my office for ages, havn't got it working! Using OS X 10.4 on an intel macbook. Tunnelblick seems to connect okay, but when i try and ssh in, I get the error: No address associated with nodemname. I typed ifconfig, and tried to ping the tun0 addresses given, no joy. I also tried manually adding the nameserver to /etc/resolve/conf. Any ideas???? I have been trying to VPN to my office for ages, havn’t got it working! Using OS X 10.4 on an intel macbook. Tunnelblick seems to connect okay, but when i try and ssh in, I get the error: No address associated with nodemname.

I typed ifconfig, and tried to ping the tun0 addresses given, no joy. I also tried manually adding the nameserver to /etc/resolve/conf. Any ideas????

]]> By: DAnny http://erdelynet.com/tech/mac-os-x/tunnelblick/comment-page-1/#comment-815 DAnny Tue, 28 Nov 2006 21:28:41 +0000 http://erdelynet.com/2006/04/16/mac-os-x/tunnelblick/#comment-815 I get the following error: OpenVPN 2.0.5 i686-apple-darwin8.3.1 [SSL] [LZO] built on Dec 4 2005 Nov 28 21:20:53 MacBookPro openvpn[283]: Footer text not found in file '/etc/openvpn/static.key' (256/128/256 bytes found/min/max) Nov 28 21:20:53 MacBookPro openvpn[283]: Exiting My static.key is at the specified location. Any suggestions? I get the following error:
OpenVPN 2.0.5 i686-apple-darwin8.3.1 [SSL] [LZO] built on Dec 4 2005
Nov 28 21:20:53 MacBookPro openvpn[283]: Footer text not found in file ‘/etc/openvpn/static.key’ (256/128/256 bytes found/min/max)
Nov 28 21:20:53 MacBookPro openvpn[283]: Exiting

My static.key is at the specified location. Any suggestions?

]]>