ANSWERED Connection Timeout

[nunz 5]

I am on Mac OS 10.7.5. My VPN connection has been unreliable for the past few days, and starting today, it simply times out being unable to connect.

 

I have always generated an AirVPN access file using the OpenVPN Configuration Generator, then followed the instructions here to generate a Tunnelblick VPN Configuration. Once this file is generated, I would double-click on it and Tunnelblick starts fine. However, after I select the configuration from the menu bar icon, The Tunnelblick window continues to show only "Waiting for server response", then times out.

 

Of note is that the same timeout issue is present even on my iPhone

 

Would you please help me? Thank you.

 

[Staff 9973]

Hello!

Can you please publish the Tunnelblick logs, taken after the problem has occurred?

 

Kind regards

[nunz 5]

Yes, but actually things are getting worse. Yesterday, it was a matter of timeout. Starting last night into this morning, it has turned into "Authentication failed. The credentials (passphrase or username/password) were not accepted by the remote VPN server"

 

Here is the log from this morning. Thanks so much for trying to help me!

 

 

2013-09-18 05:59:19 *Tunnelblick: OS X 10.7.5; Tunnelblick 3.4beta08 (build 3576)

2013-09-18 05:59:19 *Tunnelblick: Attempting connection with Europe using shadow copy; Set nameserver = 1; monitoring connection

2013-09-18 05:59:19 *Tunnelblick: openvpnstart start Europe.tblk 1337 1 0 1 0 305 -atADGNWradsgnw -

2013-09-18 05:59:19 *Tunnelblick: openvpnstart log:

     Loading tun.kext

     

     OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):

     

          /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.2/openvpn

          --cd

          /Library/Application Support/Tunnelblick/Users/nunz/Europe.tblk/Contents/Resources

          --daemon

          --management

          127.0.0.1

          1337

          --config

          /Library/Application Support/Tunnelblick/Users/nunz/Europe.tblk/Contents/Resources/config.ovpn

          --log

          /Library/Application Support/Tunnelblick/Logs/-SUsers-Snunz-SLibrary-SApplication Support-STunnelblick-SConfigurations-SEurope.tblk-SContents-SResources-Sconfig.ovpn.1_0_1_0_305.1337.openvpn.log

          --management-query-passwords

          --management-hold

          --script-security

          2

          --up

          /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -f -atADGNWradsgnw

          --down

          /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -f -atADGNWradsgnw

          --up-restart

          --route-pre-down

          /Applications/Tunnelblick.app/Contents/Resources/client.route-pre-down.tunnelblick.sh -m -w -d -f -atADGNWradsgnw

 

2013-09-18 05:59:19 OpenVPN 2.3.2 i386-apple-darwin10.8.0 [sSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [MH] [iPv6] built on Aug 20 2013

2013-09-18 05:59:19 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337

2013-09-18 05:59:19 Need hold release from management interface, waiting...

2013-09-18 05:59:19 *Tunnelblick: openvpnstart starting OpenVPN:

                    *                    /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.2/openvpn --cd /Library/Application Support/Tunnelblick/Users/nunz/Europe.tblk/Contents/Resources --daemon --management 127.0.0.1 1337 --config /Library/Application Support/Tunnelblick/Users/nunz/Europe.tblk/Contents/Resources/config.ovpn --log /Library/Application Support/Tunnelblick/Logs/-SUsers-Snunz-SLibrary-SApplication Support-STunnelblick-SConfigurations-SEurope.tblk-SContents-SResources-Sconfig.ovpn.1_0_1_0_305.1337.openvpn.log --management-query-passwords --management-hold --script-security 2 --up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -f -atADGNWradsgnw --down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -f -atADGNWradsgnw --up-restart --route-pre-down /Applications/Tunnelblick.app/Contents/Resources/client.route-pre-down.tunnelblick.sh -m -w -d -f -atADGNWradsgnw

2013-09-18 05:59:20 *Tunnelblick: Established communication with OpenVPN

2013-09-18 05:59:20 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337

2013-09-18 05:59:20 MANAGEMENT: CMD 'pid'

2013-09-18 05:59:20 MANAGEMENT: CMD 'state on'

2013-09-18 05:59:20 MANAGEMENT: CMD 'state'

2013-09-18 05:59:20 MANAGEMENT: CMD 'bytecount 1'

2013-09-18 05:59:20 MANAGEMENT: CMD 'hold release'

2013-09-18 05:59:20 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2013-09-18 05:59:20 Socket Buffers: R=[42080->65536] S=[9216->65536]

2013-09-18 05:59:20 MANAGEMENT: >STATE:1379498360,RESOLVE,,,

2013-09-18 05:59:20 UDPv4 link local: [undef]

2013-09-18 05:59:20 UDPv4 link remote: [AF_INET]95.211.149.200:443

2013-09-18 05:59:20 MANAGEMENT: >STATE:1379498360,WAIT,,,

2013-09-18 05:59:20 MANAGEMENT: >STATE:1379498360,AUTH,,,

2013-09-18 05:59:20 TLS: Initial packet from [AF_INET]95.211.149.200:443, sid=ce70ff3c 284c548d

2013-09-18 05:59:21 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org

2013-09-18 05:59:21 VERIFY OK: nsCertType=SERVER

2013-09-18 05:59:21 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org

2013-09-18 05:59:22 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

2013-09-18 05:59:22 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

2013-09-18 05:59:22 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

2013-09-18 05:59:22 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

2013-09-18 05:59:22 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA

2013-09-18 05:59:22 [server] Peer Connection Initiated with [AF_INET]95.211.149.200:443

2013-09-18 05:59:23 MANAGEMENT: >STATE:1379498363,GET_CONFIG,,,

2013-09-18 05:59:25 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

2013-09-18 05:59:25 AUTH: Received control message: AUTH_FAILED

2013-09-18 05:59:25 SIGTERM received, sending exit notification to peer

2013-09-18 05:59:28 *Tunnelblick: Disconnecting; user cancelled authorization or there was an error obtaining authorization

2013-09-18 05:59:28 *Tunnelblick: Disconnecting using 'killall'

2013-09-18 05:59:28 event_wait : Interrupted system call (code=4)

2013-09-18 05:59:28 SIGTERM[hard,] received, process exiting

2013-09-18 05:59:28 MANAGEMENT: >STATE:1379498368,EXITING,SIGTERM,,

2013-09-18 05:59:29 *Tunnelblick: No 'post-disconnect.sh' script to execute

[Staff 9973]

@nunz

 

Hello!

 

Your account is successfully connected to some VPN server since approx. 15 hours ago. You can see anytime the reason of the last failed connection in your account panel (please click "Client Area" from the upper menu).

 

Kind regards

[nunz 5]

Right. Sporadically, it connected to a Canadian server yesterday.

This morning, I noticed that OpenDNS was not correctly installed. So, I re-installed it and the OpenDNS Updater's status window shows that I am using OpenDNS.

 

But, when I initiate a Tunnelblick connection, the small window off of the Menu bar would remain as "Waiting for server response" and would not change to "Connected".

Here is the latest log while the connection attempt seems to be stalled. Of particular note is where it says "TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)". What should I do at this point?

 

 

2013-09-18 08:31:14 *Tunnelblick: Established communication with OpenVPN

2013-09-18 08:31:14 OpenVPN 2.3.2 i386-apple-darwin10.8.0 [sSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [MH] [iPv6] built on Aug 20 2013

2013-09-18 08:31:14 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337

2013-09-18 08:31:14 Need hold release from management interface, waiting...

2013-09-18 08:31:14 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337

2013-09-18 08:31:14 MANAGEMENT: CMD 'pid'

2013-09-18 08:31:14 MANAGEMENT: CMD 'state on'

2013-09-18 08:31:14 MANAGEMENT: CMD 'state'

2013-09-18 08:31:14 MANAGEMENT: CMD 'bytecount 1'

2013-09-18 08:31:14 MANAGEMENT: CMD 'hold release'

2013-09-18 08:31:14 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2013-09-18 08:31:14 Socket Buffers: R=[42080->65536] S=[9216->65536]

2013-09-18 08:31:14 MANAGEMENT: >STATE:1379507474,RESOLVE,,,

2013-09-18 08:31:14 UDPv4 link local: [undef]

2013-09-18 08:31:14 UDPv4 link remote: [AF_INET]67.215.66.132:443

2013-09-18 08:31:14 MANAGEMENT: >STATE:1379507474,WAIT,,,

2013-09-18 08:32:14 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

2013-09-18 08:32:14 TLS Error: TLS handshake failed

2013-09-18 08:32:14 SIGUSR1[soft,tls-error] received, process restarting

2013-09-18 08:32:14 MANAGEMENT: >STATE:1379507534,RECONNECTING,tls-error,,

2013-09-18 08:32:15 *Tunnelblick: No 'reconnecting.sh' script to execute

2013-09-18 08:32:15 MANAGEMENT: CMD 'hold release'

2013-09-18 08:32:15 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2013-09-18 08:32:15 Socket Buffers: R=[42080->65536] S=[9216->65536]

2013-09-18 08:32:15 MANAGEMENT: >STATE:1379507535,RESOLVE,,,

2013-09-18 08:32:15 UDPv4 link local: [undef]

2013-09-18 08:32:15 UDPv4 link remote: [AF_INET]67.215.66.132:443

2013-09-18 08:32:15 MANAGEMENT: >STATE:1379507535,WAIT,,,

2013-09-18 08:33:15 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

2013-09-18 08:33:15 TLS Error: TLS handshake failed

2013-09-18 08:33:15 SIGUSR1[soft,tls-error] received, process restarting

2013-09-18 08:33:15 MANAGEMENT: >STATE:1379507595,RECONNECTING,tls-error,,

2013-09-18 08:33:15 *Tunnelblick: No 'reconnecting.sh' script to execute

2013-09-18 08:33:15 MANAGEMENT: CMD 'hold release'

2013-09-18 08:33:15 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2013-09-18 08:33:15 Socket Buffers: R=[42080->65536] S=[9216->65536]

2013-09-18 08:33:15 MANAGEMENT: >STATE:1379507595,RESOLVE,,,

2013-09-18 08:33:15 UDPv4 link local: [undef]

2013-09-18 08:33:15 UDPv4 link remote: [AF_INET]67.215.66.132:443

2013-09-18 08:33:15 MANAGEMENT: >STATE:1379507595,WAIT,,,

 

[Staff 9973]

Hello!

 

The problem is here:

 

2013-09-18 08:31:14 UDPv4 link remote: [AF_INET]67.215.66.132:443

 

This is caused by OpenDNS hijacking our *.airdns.org to one of their servers IP address, as if the domain name did not exist. 67.215.66.132 is an OpenDNS server and of course OpenVPN connection fails.

 

You can solve this problem in two different ways:

 

1) Change DNS (use for example OpenNIC, http://opennicproject.org) and discard OpenDNS once and for all - after all, you might not like to use a poisoned DNS that hijacks your queries

 

2) Solve the problem at its roots by generating .ovpn configuration files which contain only IP addresses (and not names) in the following way:

- in the Configuration Generator tick "Advanced Options"

- tick "Resolved hosts in .ovpn file"

- tick "All servers for area or region"

 

Kind regards

[nunz 5]

Thank you so much for the precious tips. I have followed your instructions, and now my AirVPN connections are live & well.

 

THANK YOU!