Hello!
I have a problem to connect to the OpenVPN Server from my Mac with Tunnelblick. I installed the App on my Cloudron, set a device and downloaded the .tblk config file and inserted the file to Tunnelblick.
On connecting I always get the error "athentification failed".
Anyone an idea what could help?
Here are the logs from Tunnelblick:
*Tunnelblick: macOS 12.0.1 (21A559); Tunnelblick 3.8.7a (build 5770); Admin user
git commit 7df4363a5980ab8be88a6a3aaeee028f36813607
The Tunnelblick.app process is not being translated (arm64)
System Integrity Protection is enabled
Model: MacBookPro18,3
Configuration vpn.timobetzwebdesign.de-Timo
"Sanitized" condensed configuration file for /Users/timobetz/Library/Application Support/Tunnelblick/Configurations/vpn.timobetzwebdesign.de-Timo.tblk:
client
tls-client
dev tun
proto tcp-client
remote vpn.timobetzwebdesign.de 7494
resolv-retry infinite
cipher AES-256-CBC
auth SHA256
script-security 2
keepalive 10 120
remote-cert-tls server
ca ca.crt
cert cert.crt
key cert.key
tls-auth ta.key 1
nobind
persist-key
persist-tun
verb 3
================================================================================
Files in vpn.timobetzwebdesign.de-Timo.tblk:
Contents/Resources/cer….key
Contents/Resources/ta.key
Contents/Resources/ca.crt
Contents/Resources/cer….crt
Contents/Resources/config.ovpn
================================================================================
Tunnelblick Kext Policy Data:
================================================================================
Configuration preferences:
-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
-lastConnectionSucceeded = 0
================================================================================
Wildcard preferences:
-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
================================================================================
Program preferences:
launchAtNextLogin = 1
tunnelblickVersionHistory = (
"3.8.7a (build 5770)"
)
lastLaunchTime = 664551027.266794
showConnectedDurations = 0
lastLanguageAtLaunchWasRTL = 0
connectionWindowDisplayCriteria = showWhenConnecting
maxLogDisplaySize = 102400
keyboardShortcutIndex = 1
updateCheckAutomatically = 1
NSWindow Frame ConnectingWindow = 561 545 389 217 0 0 1512 944
detailsWindowFrameVersion = 5770
detailsWindowFrame = {{104, 317}, {1111, 573}}
detailsWindowLeftFrame = {{0, 0}, {203.5, 453}}
detailsWindowViewIndex = 0
detailsWindowConfigurationsTabIdentifier = log
leftNavSelectedDisplayName = vpn.timobetzwebdesign.de-Timo
AdvancedWindowTabIdentifier = connectingAndDisconnecting
haveDealtWithOldTunTapPreferences = 1
haveDealtWithAlwaysShowLoginWindow = 1
haveDealtWithOldLoginItem = 1
haveDealtWithAfterDisconnect = 1
SUEnableAutomaticChecks = 1
SUScheduledCheckInterval = 86400
SULastCheckTime = 2022-01-22 13:30:27 +0000
SUHasLaunchedBefore = 1
================================================================================
Forced preferences:
(None)
================================================================================
Deployed forced preferences:
(None)
================================================================================
Tunnelblick Log:
2022-01-22 14:32:37.421621 *Tunnelblick: macOS 12.0.1 (21A559); Tunnelblick 3.8.7a (build 5770)
2022-01-22 14:32:37.739078 *Tunnelblick: Attempting connection with vpn.timobetzwebdesign.de-Timo using shadow copy; Set nameserver = 769; monitoring connection
2022-01-22 14:32:37.740104 *Tunnelblick: openvpnstart startvpn.timobetzwebdesign.de-Timo.tblk6539076901034652464-ptADGNWradsgnw2.5.4-openssl-1.1.1l <password>
2022-01-22 14:32:37.774114 *Tunnelblick: openvpnstart starting OpenVPN
2022-01-22 14:32:38.101161 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2022-01-22 14:32:38.101595 OpenVPN 2.5.4 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Nov 29 2021
2022-01-22 14:32:38.101628 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
2022-01-22 14:32:38.102598 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:65390
2022-01-22 14:32:38.102628 Need hold release from management interface, waiting...
2022-01-22 14:32:38.365661 *Tunnelblick: openvpnstart log:
OpenVPN started successfully.
Command used to start OpenVPN (one argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.5.4-openssl-1.1.1l/openvpn
--daemon
--log /Library/Application Support/Tunnelblick/Logs/-SUsers-Stimobetz-SLibrary-SApplication Support-STunnelblick-SConfigurations-Svpn.timobetzwebdesign.de--Timo.tblk-SContents-SResources-Sconfig.ovpn.769_0_1_0_34652464.65390.openvpn.log
--cd /Library/Application Support/Tunnelblick/Users/timobetz/vpn.timobetzwebdesign.de-Timo.tblk/Contents/Resources
--machine-readable-output
--setenv IV_GUI_VER "net.tunnelblick.tunnelblick 5770 3.8.7a (build 5770)"
--verb 3
--config /Library/Application Support/Tunnelblick/Users/timobetz/vpn.timobetzwebdesign.de-Timo.tblk/Contents/Resources/config.ovpn
--setenv TUNNELBLICK_CONFIG_FOLDER /Library/Application Support/Tunnelblick/Users/timobetz/vpn.timobetzwebdesign.de-Timo.tblk/Contents/Resources
--verb 3
--cd /Library/Application Support/Tunnelblick/Users/timobetz/vpn.timobetzwebdesign.de-Timo.tblk/Contents/Resources
--management 127.0.0.1 65390 /Library/Application Support/Tunnelblick/Mips/vpn.timobetzwebdesign.de-Timo.tblk.mip
--management-query-passwords
--management-hold
--script-security 2
--route-up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
--down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
2022-01-22 14:32:38.377827 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:65390
2022-01-22 14:32:38.418428 MANAGEMENT: CMD 'pid'
2022-01-22 14:32:38.418652 MANAGEMENT: CMD 'auth-retry interact'
2022-01-22 14:32:38.418707 MANAGEMENT: CMD 'state on'
2022-01-22 14:32:38.418754 MANAGEMENT: CMD 'state'
2022-01-22 14:32:38.418825 MANAGEMENT: CMD 'bytecount 1'
2022-01-22 14:32:38.418996 *Tunnelblick: Established communication with OpenVPN
2022-01-22 14:32:38.420238 *Tunnelblick: >INFO:OpenVPN Management Interface Version 3 -- type 'help' for more info
2022-01-22 14:32:38.421033 MANAGEMENT: CMD 'hold release'
2022-01-22 14:32:38.421258 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2022-01-22 14:32:38.428729 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-01-22 14:32:38.428811 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-01-22 14:32:38.428892 MANAGEMENT: >STATE:1642858358,RESOLVE,,,,,,
2022-01-22 14:32:38.435349 TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.191.159:7494
2022-01-22 14:32:38.435566 Socket Buffers: R=[131072->131072] S=[131072->131072]
2022-01-22 14:32:38.435703 Attempting to establish TCP connection with [AF_INET]37.120.191.159:7494 [nonblock]
2022-01-22 14:32:38.435766 MANAGEMENT: >STATE:1642858358,TCP_CONNECT,,,,,,
2022-01-22 14:32:38.458159 TCP connection established with [AF_INET]37.120.191.159:7494
2022-01-22 14:32:38.458299 TCP_CLIENT link local: (not bound)
2022-01-22 14:32:38.458342 TCP_CLIENT link remote: [AF_INET]37.120.191.159:7494
2022-01-22 14:32:38.458402 MANAGEMENT: >STATE:1642858358,WAIT,,,,,,
2022-01-22 14:32:38.478451 MANAGEMENT: >STATE:1642858358,AUTH,,,,,,
2022-01-22 14:32:38.478631 TLS: Initial packet from [AF_INET]37.120.191.159:7494, sid=4da6895f bbe94904
2022-01-22 14:32:38.582949 VERIFY OK: depth=1, CN=ChangeMe
2022-01-22 14:32:38.583896 VERIFY KU OK
2022-01-22 14:32:38.583952 Validating certificate extended key usage
2022-01-22 14:32:38.583982 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2022-01-22 14:32:38.584012 VERIFY EKU OK
2022-01-22 14:32:38.584037 VERIFY OK: depth=0, CN=cloudron
2022-01-22 14:32:38.640885 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2022-01-22 14:32:38.641205 [cloudron] Peer Connection Initiated with [AF_INET]37.120.191.159:7494
2022-01-22 14:32:39.836460 MANAGEMENT: >STATE:1642858359,GET_CONFIG,,,,,,
2022-01-22 14:32:39.836756 SENT CONTROL [cloudron]: 'PUSH_REQUEST' (status=1)
2022-01-22 14:32:39.879436 AUTH: Received control message: AUTH_FAILED
2022-01-22 14:32:39.880100 SIGUSR1[soft,auth-failure] received, process restarting
2022-01-22 14:32:39.880141 MANAGEMENT: >STATE:1642858359,RECONNECTING,auth-failure,,,,,
2022-01-22 14:32:49.583974 *Tunnelblick: Disconnecting; user cancelled authorization or there was an error obtaining authorization
2022-01-22 14:32:49.733460 *Tunnelblick: Disconnecting using 'kill'
2022-01-22 14:32:50.071492 SIGTERM[hard,init_instance] received, process exiting
2022-01-22 14:32:50.071632 MANAGEMENT: >STATE:1642858370,EXITING,init_instance,,,,,
2022-01-22 14:32:50.694752 *Tunnelblick: Expected disconnection occurred.
================================================================================
Down log:
(Not found)
================================================================================
Previous down log:
(Not found)
================================================================================
Network services:
An asterisk (*) denotes that a network service is disabled.
USB 10/100/1000 LAN
Wi-Fi
Thunderbolt Bridge
Wi-Fi Power (en0): On
================================================================================
ifconfig output:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
anpi1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether 6e:2d:23:63:7a:37
inet6 fe80::6c2d:23ff:fe63:7a37%anpi1 prefixlen 64 scopeid 0x4
nd6 options=201<PERFORMNUD,DAD>
media: none
status: inactive
anpi2: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether 6e:2d:23:63:7a:38
inet6 fe80::6c2d:23ff:fe63:7a38%anpi2 prefixlen 64 scopeid 0x5
nd6 options=201<PERFORMNUD,DAD>
media: none
status: inactive
anpi0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether 6e:2d:23:63:7a:36
inet6 fe80::6c2d:23ff:fe63:7a36%anpi0 prefixlen 64 scopeid 0x6
nd6 options=201<PERFORMNUD,DAD>
media: none
status: inactive
en4: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether 6e:2d:23:63:7a:16
nd6 options=201<PERFORMNUD,DAD>
media: none
status: inactive
en5: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether 6e:2d:23:63:7a:17
nd6 options=201<PERFORMNUD,DAD>
media: none
status: inactive
en6: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether 6e:2d:23:63:7a:18
nd6 options=201<PERFORMNUD,DAD>
media: none
status: inactive
en1: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=460<TSO4,TSO6,CHANNEL_IO>
ether 36:0f:aa:7b:0f:00
media: autoselect <full-duplex>
status: inactive
en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=460<TSO4,TSO6,CHANNEL_IO>
ether 36:0f:aa:7b:0f:04
media: autoselect <full-duplex>
status: inactive
en3: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=460<TSO4,TSO6,CHANNEL_IO>
ether 36:0f:aa:7b:0f:08
media: autoselect <full-duplex>
status: inactive
ap1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether fa:4d:89:66:d9:90
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: inactive
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=6463<RXCSUM,TXCSUM,TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>
ether f8:4d:89:66:d9:90
inet6 fe80::81b:5d17:fe25:1af%en0 prefixlen 64 secured scopeid 0xe
inet 192.168.178.40 netmask 0xffffff00 broadcast 192.168.178.255
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether 9e:cb:82:34:c4:6c
inet6 fe80::9ccb:82ff:fe34:c46c%awdl0 prefixlen 64 scopeid 0xf
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
llw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether 9e:cb:82:34:c4:6c
inet6 fe80::9ccb:82ff:fe34:c46c%llw0 prefixlen 64 scopeid 0x10
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=63<RXCSUM,TXCSUM,TSO4,TSO6>
ether 36:0f:aa:7b:0f:00
Configuration:
id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
ipfilter disabled flags 0x0
member: en1 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 10 priority 0 path cost 0
member: en2 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 11 priority 0 path cost 0
member: en3 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 12 priority 0 path cost 0
nd6 options=201<PERFORMNUD,DAD>
media: <unknown type>
status: inactive
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
inet6 fe80::6ce7:1ec0:85c7:ea5f%utun0 prefixlen 64 scopeid 0x12
nd6 options=201<PERFORMNUD,DAD>
utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
inet6 fe80::c627:3a3f:3d9f:436b%utun1 prefixlen 64 scopeid 0x13
nd6 options=201<PERFORMNUD,DAD>
utun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1000
inet6 fe80::ce81:b1c:bd2c:69e%utun2 prefixlen 64 scopeid 0x14
nd6 options=201<PERFORMNUD,DAD>
utun3: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
inet6 fe80::c2ae:9a5b:ae7:4716%utun3 prefixlen 64 scopeid 0x16
nd6 options=201<PERFORMNUD,DAD>
utun4: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
inet6 fe80::1488:89e5:d5b1:3034%utun4 prefixlen 64 scopeid 0x17
nd6 options=201<PERFORMNUD,DAD>
utun5: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
inet6 fe80::c2ce:7cb7:b3e2:6fff%utun5 prefixlen 64 scopeid 0x18
nd6 options=201<PERFORMNUD,DAD>
utun6: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
inet6 fe80::a124:c7b0:b1ef:a273%utun6 prefixlen 64 scopeid 0x19
nd6 options=201<PERFORMNUD,DAD>
================================================================================
Non-Apple kexts that are loaded:
Index Refs Address Size Wired Name (Version) UUID <Linked Against>
================================================================================
Quit Log:
2022-01-22 14:29:44.093429 applicationShouldTerminate: termination for unknown reason, probably Command-Q; delayed until 'shutdownTunnelblick' finishes)
2022-01-22 14:29:44.094194 shutDownTunnelblick: started.
2022-01-22 14:29:44.094913 shutDownTunnelblick: Starting cleanup.
2022-01-22 14:29:44.095241 cleanup: Entering cleanup
2022-01-22 14:29:44.099169 synchronized user defaults
2022-01-22 14:29:44.844092 shutDownTunnelblick: Cleanup finished.
2022-01-22 14:29:44.846078 Finished shutting down Tunnelblick; allowing termination
================================================================================
Traces Log:
================================================================================
Console Log: