Auth failed to connect with OpenVPN with tunnelblick
-
Hello!
I have a problem to connect to the OpenVPN Server from my Mac with Tunnelblick. I installed the App on my Cloudron, set a device and downloaded the .tblk config file and inserted the file to Tunnelblick.
On connecting I always get the error "athentification failed".
Anyone an idea what could help?
Here are the logs from Tunnelblick:*Tunnelblick: macOS 12.0.1 (21A559); Tunnelblick 3.8.7a (build 5770); Admin user git commit 7df4363a5980ab8be88a6a3aaeee028f36813607 The Tunnelblick.app process is not being translated (arm64) System Integrity Protection is enabled Model: MacBookPro18,3 Configuration vpn.timobetzwebdesign.de-Timo "Sanitized" condensed configuration file for /Users/timobetz/Library/Application Support/Tunnelblick/Configurations/vpn.timobetzwebdesign.de-Timo.tblk: client tls-client dev tun proto tcp-client remote vpn.timobetzwebdesign.de 7494 resolv-retry infinite cipher AES-256-CBC auth SHA256 script-security 2 keepalive 10 120 remote-cert-tls server ca ca.crt cert cert.crt key cert.key tls-auth ta.key 1 nobind persist-key persist-tun verb 3 ================================================================================ Files in vpn.timobetzwebdesign.de-Timo.tblk: Contents/Resources/cer….key Contents/Resources/ta.key Contents/Resources/ca.crt Contents/Resources/cer….crt Contents/Resources/config.ovpn ================================================================================ Tunnelblick Kext Policy Data: ================================================================================ Configuration preferences: -notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0 -lastConnectionSucceeded = 0 ================================================================================ Wildcard preferences: -notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0 ================================================================================ Program preferences: launchAtNextLogin = 1 tunnelblickVersionHistory = ( "3.8.7a (build 5770)" ) lastLaunchTime = 664551027.266794 showConnectedDurations = 0 lastLanguageAtLaunchWasRTL = 0 connectionWindowDisplayCriteria = showWhenConnecting maxLogDisplaySize = 102400 keyboardShortcutIndex = 1 updateCheckAutomatically = 1 NSWindow Frame ConnectingWindow = 561 545 389 217 0 0 1512 944 detailsWindowFrameVersion = 5770 detailsWindowFrame = {{104, 317}, {1111, 573}} detailsWindowLeftFrame = {{0, 0}, {203.5, 453}} detailsWindowViewIndex = 0 detailsWindowConfigurationsTabIdentifier = log leftNavSelectedDisplayName = vpn.timobetzwebdesign.de-Timo AdvancedWindowTabIdentifier = connectingAndDisconnecting haveDealtWithOldTunTapPreferences = 1 haveDealtWithAlwaysShowLoginWindow = 1 haveDealtWithOldLoginItem = 1 haveDealtWithAfterDisconnect = 1 SUEnableAutomaticChecks = 1 SUScheduledCheckInterval = 86400 SULastCheckTime = 2022-01-22 13:30:27 +0000 SUHasLaunchedBefore = 1 ================================================================================ Forced preferences: (None) ================================================================================ Deployed forced preferences: (None) ================================================================================ Tunnelblick Log: 2022-01-22 14:32:37.421621 *Tunnelblick: macOS 12.0.1 (21A559); Tunnelblick 3.8.7a (build 5770) 2022-01-22 14:32:37.739078 *Tunnelblick: Attempting connection with vpn.timobetzwebdesign.de-Timo using shadow copy; Set nameserver = 769; monitoring connection 2022-01-22 14:32:37.740104 *Tunnelblick: openvpnstart startvpn.timobetzwebdesign.de-Timo.tblk6539076901034652464-ptADGNWradsgnw2.5.4-openssl-1.1.1l <password> 2022-01-22 14:32:37.774114 *Tunnelblick: openvpnstart starting OpenVPN 2022-01-22 14:32:38.101161 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning. 2022-01-22 14:32:38.101595 OpenVPN 2.5.4 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Nov 29 2021 2022-01-22 14:32:38.101628 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10 2022-01-22 14:32:38.102598 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:65390 2022-01-22 14:32:38.102628 Need hold release from management interface, waiting... 2022-01-22 14:32:38.365661 *Tunnelblick: openvpnstart log: OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line): /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.5.4-openssl-1.1.1l/openvpn --daemon --log /Library/Application Support/Tunnelblick/Logs/-SUsers-Stimobetz-SLibrary-SApplication Support-STunnelblick-SConfigurations-Svpn.timobetzwebdesign.de--Timo.tblk-SContents-SResources-Sconfig.ovpn.769_0_1_0_34652464.65390.openvpn.log --cd /Library/Application Support/Tunnelblick/Users/timobetz/vpn.timobetzwebdesign.de-Timo.tblk/Contents/Resources --machine-readable-output --setenv IV_GUI_VER "net.tunnelblick.tunnelblick 5770 3.8.7a (build 5770)" --verb 3 --config /Library/Application Support/Tunnelblick/Users/timobetz/vpn.timobetzwebdesign.de-Timo.tblk/Contents/Resources/config.ovpn --setenv TUNNELBLICK_CONFIG_FOLDER /Library/Application Support/Tunnelblick/Users/timobetz/vpn.timobetzwebdesign.de-Timo.tblk/Contents/Resources --verb 3 --cd /Library/Application Support/Tunnelblick/Users/timobetz/vpn.timobetzwebdesign.de-Timo.tblk/Contents/Resources --management 127.0.0.1 65390 /Library/Application Support/Tunnelblick/Mips/vpn.timobetzwebdesign.de-Timo.tblk.mip --management-query-passwords --management-hold --script-security 2 --route-up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw --down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw 2022-01-22 14:32:38.377827 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:65390 2022-01-22 14:32:38.418428 MANAGEMENT: CMD 'pid' 2022-01-22 14:32:38.418652 MANAGEMENT: CMD 'auth-retry interact' 2022-01-22 14:32:38.418707 MANAGEMENT: CMD 'state on' 2022-01-22 14:32:38.418754 MANAGEMENT: CMD 'state' 2022-01-22 14:32:38.418825 MANAGEMENT: CMD 'bytecount 1' 2022-01-22 14:32:38.418996 *Tunnelblick: Established communication with OpenVPN 2022-01-22 14:32:38.420238 *Tunnelblick: >INFO:OpenVPN Management Interface Version 3 -- type 'help' for more info 2022-01-22 14:32:38.421033 MANAGEMENT: CMD 'hold release' 2022-01-22 14:32:38.421258 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2022-01-22 14:32:38.428729 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication 2022-01-22 14:32:38.428811 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication 2022-01-22 14:32:38.428892 MANAGEMENT: >STATE:1642858358,RESOLVE,,,,,, 2022-01-22 14:32:38.435349 TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.191.159:7494 2022-01-22 14:32:38.435566 Socket Buffers: R=[131072->131072] S=[131072->131072] 2022-01-22 14:32:38.435703 Attempting to establish TCP connection with [AF_INET]37.120.191.159:7494 [nonblock] 2022-01-22 14:32:38.435766 MANAGEMENT: >STATE:1642858358,TCP_CONNECT,,,,,, 2022-01-22 14:32:38.458159 TCP connection established with [AF_INET]37.120.191.159:7494 2022-01-22 14:32:38.458299 TCP_CLIENT link local: (not bound) 2022-01-22 14:32:38.458342 TCP_CLIENT link remote: [AF_INET]37.120.191.159:7494 2022-01-22 14:32:38.458402 MANAGEMENT: >STATE:1642858358,WAIT,,,,,, 2022-01-22 14:32:38.478451 MANAGEMENT: >STATE:1642858358,AUTH,,,,,, 2022-01-22 14:32:38.478631 TLS: Initial packet from [AF_INET]37.120.191.159:7494, sid=4da6895f bbe94904 2022-01-22 14:32:38.582949 VERIFY OK: depth=1, CN=ChangeMe 2022-01-22 14:32:38.583896 VERIFY KU OK 2022-01-22 14:32:38.583952 Validating certificate extended key usage 2022-01-22 14:32:38.583982 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication 2022-01-22 14:32:38.584012 VERIFY EKU OK 2022-01-22 14:32:38.584037 VERIFY OK: depth=0, CN=cloudron 2022-01-22 14:32:38.640885 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256 2022-01-22 14:32:38.641205 [cloudron] Peer Connection Initiated with [AF_INET]37.120.191.159:7494 2022-01-22 14:32:39.836460 MANAGEMENT: >STATE:1642858359,GET_CONFIG,,,,,, 2022-01-22 14:32:39.836756 SENT CONTROL [cloudron]: 'PUSH_REQUEST' (status=1) 2022-01-22 14:32:39.879436 AUTH: Received control message: AUTH_FAILED 2022-01-22 14:32:39.880100 SIGUSR1[soft,auth-failure] received, process restarting 2022-01-22 14:32:39.880141 MANAGEMENT: >STATE:1642858359,RECONNECTING,auth-failure,,,,, 2022-01-22 14:32:49.583974 *Tunnelblick: Disconnecting; user cancelled authorization or there was an error obtaining authorization 2022-01-22 14:32:49.733460 *Tunnelblick: Disconnecting using 'kill' 2022-01-22 14:32:50.071492 SIGTERM[hard,init_instance] received, process exiting 2022-01-22 14:32:50.071632 MANAGEMENT: >STATE:1642858370,EXITING,init_instance,,,,, 2022-01-22 14:32:50.694752 *Tunnelblick: Expected disconnection occurred. ================================================================================ Down log: (Not found) ================================================================================ Previous down log: (Not found) ================================================================================ Network services: An asterisk (*) denotes that a network service is disabled. USB 10/100/1000 LAN Wi-Fi Thunderbolt Bridge Wi-Fi Power (en0): On ================================================================================ ifconfig output: lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP> inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 nd6 options=201<PERFORMNUD,DAD> gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280 stf0: flags=0<> mtu 1280 anpi1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=400<CHANNEL_IO> ether 6e:2d:23:63:7a:37 inet6 fe80::6c2d:23ff:fe63:7a37%anpi1 prefixlen 64 scopeid 0x4 nd6 options=201<PERFORMNUD,DAD> media: none status: inactive anpi2: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=400<CHANNEL_IO> ether 6e:2d:23:63:7a:38 inet6 fe80::6c2d:23ff:fe63:7a38%anpi2 prefixlen 64 scopeid 0x5 nd6 options=201<PERFORMNUD,DAD> media: none status: inactive anpi0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=400<CHANNEL_IO> ether 6e:2d:23:63:7a:36 inet6 fe80::6c2d:23ff:fe63:7a36%anpi0 prefixlen 64 scopeid 0x6 nd6 options=201<PERFORMNUD,DAD> media: none status: inactive en4: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=400<CHANNEL_IO> ether 6e:2d:23:63:7a:16 nd6 options=201<PERFORMNUD,DAD> media: none status: inactive en5: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=400<CHANNEL_IO> ether 6e:2d:23:63:7a:17 nd6 options=201<PERFORMNUD,DAD> media: none status: inactive en6: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=400<CHANNEL_IO> ether 6e:2d:23:63:7a:18 nd6 options=201<PERFORMNUD,DAD> media: none status: inactive en1: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 options=460<TSO4,TSO6,CHANNEL_IO> ether 36:0f:aa:7b:0f:00 media: autoselect <full-duplex> status: inactive en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 options=460<TSO4,TSO6,CHANNEL_IO> ether 36:0f:aa:7b:0f:04 media: autoselect <full-duplex> status: inactive en3: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 options=460<TSO4,TSO6,CHANNEL_IO> ether 36:0f:aa:7b:0f:08 media: autoselect <full-duplex> status: inactive ap1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=400<CHANNEL_IO> ether fa:4d:89:66:d9:90 nd6 options=201<PERFORMNUD,DAD> media: autoselect status: inactive en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=6463<RXCSUM,TXCSUM,TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM> ether f8:4d:89:66:d9:90 inet6 fe80::81b:5d17:fe25:1af%en0 prefixlen 64 secured scopeid 0xe inet 192.168.178.40 netmask 0xffffff00 broadcast 192.168.178.255 nd6 options=201<PERFORMNUD,DAD> media: autoselect status: active awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 options=400<CHANNEL_IO> ether 9e:cb:82:34:c4:6c inet6 fe80::9ccb:82ff:fe34:c46c%awdl0 prefixlen 64 scopeid 0xf nd6 options=201<PERFORMNUD,DAD> media: autoselect status: active llw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=400<CHANNEL_IO> ether 9e:cb:82:34:c4:6c inet6 fe80::9ccb:82ff:fe34:c46c%llw0 prefixlen 64 scopeid 0x10 nd6 options=201<PERFORMNUD,DAD> media: autoselect status: active bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=63<RXCSUM,TXCSUM,TSO4,TSO6> ether 36:0f:aa:7b:0f:00 Configuration: id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0 maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200 root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0 ipfilter disabled flags 0x0 member: en1 flags=3<LEARNING,DISCOVER> ifmaxaddr 0 port 10 priority 0 path cost 0 member: en2 flags=3<LEARNING,DISCOVER> ifmaxaddr 0 port 11 priority 0 path cost 0 member: en3 flags=3<LEARNING,DISCOVER> ifmaxaddr 0 port 12 priority 0 path cost 0 nd6 options=201<PERFORMNUD,DAD> media: <unknown type> status: inactive utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380 inet6 fe80::6ce7:1ec0:85c7:ea5f%utun0 prefixlen 64 scopeid 0x12 nd6 options=201<PERFORMNUD,DAD> utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000 inet6 fe80::c627:3a3f:3d9f:436b%utun1 prefixlen 64 scopeid 0x13 nd6 options=201<PERFORMNUD,DAD> utun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1000 inet6 fe80::ce81:b1c:bd2c:69e%utun2 prefixlen 64 scopeid 0x14 nd6 options=201<PERFORMNUD,DAD> utun3: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380 inet6 fe80::c2ae:9a5b:ae7:4716%utun3 prefixlen 64 scopeid 0x16 nd6 options=201<PERFORMNUD,DAD> utun4: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380 inet6 fe80::1488:89e5:d5b1:3034%utun4 prefixlen 64 scopeid 0x17 nd6 options=201<PERFORMNUD,DAD> utun5: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380 inet6 fe80::c2ce:7cb7:b3e2:6fff%utun5 prefixlen 64 scopeid 0x18 nd6 options=201<PERFORMNUD,DAD> utun6: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380 inet6 fe80::a124:c7b0:b1ef:a273%utun6 prefixlen 64 scopeid 0x19 nd6 options=201<PERFORMNUD,DAD> ================================================================================ Non-Apple kexts that are loaded: Index Refs Address Size Wired Name (Version) UUID <Linked Against> ================================================================================ Quit Log: 2022-01-22 14:29:44.093429 applicationShouldTerminate: termination for unknown reason, probably Command-Q; delayed until 'shutdownTunnelblick' finishes) 2022-01-22 14:29:44.094194 shutDownTunnelblick: started. 2022-01-22 14:29:44.094913 shutDownTunnelblick: Starting cleanup. 2022-01-22 14:29:44.095241 cleanup: Entering cleanup 2022-01-22 14:29:44.099169 synchronized user defaults 2022-01-22 14:29:44.844092 shutDownTunnelblick: Cleanup finished. 2022-01-22 14:29:44.846078 Finished shutting down Tunnelblick; allowing termination ================================================================================ Traces Log: ================================================================================ Console Log:
