Unable to browse, DNS seems OK

rajaz

Apologies if this is a known issue, but I have searched the forums and cannot find a cure. I am running with a trial connection with a view to subscribing. I am running MacOS snow leopard. I can make a VPN connection to multiple AirVPN servers with Tunnelblick. P2P works fine but I am unable to use Safari to browse on all servers except Polaris. The pages wont load.

Searching the forums I found reference to DNS issues. My Belkin router is setup to automatically obtain DNS from ISP. When I connect directly (without VPN) and check DNS settings (system preferences, network, (connection) advanced, DNS tab) the DNS points to my router. When I connect via VPN the DNS points to 10.4.0.1 openVPN server, so it looks like the DNS is obtained properly. I have tried setting DNS in my router to 10.4.0.1 (primary) and 8.8.8.8 secondary but the result is the same.

I think I am missing something obvious and can't explain why browsing is OK on Polaris but not on other servers. Any help gratefully appreciated.

- rajaz

Staff

Hello!

Can you please send us the Tunnelblick logs? It might still be a DNS problem.

A side note: Polaris is no more, it was dismissed more than a year, maybe almost two years, ago (replaced with more powerful hardware)!

Kind regards

rajaz

Thanks. Here is the Tunnelblick log from a connection to Cassiopeia. (By Polaris I meant Pegasi, by the way )

2012-09-23 17:13:29 *Tunnelblick: OS X 10.6.8; Tunnelblick 3.2.8 (build 2891.3099)

2012-09-23 17:13:29 *Tunnelblick: Attempting connection with AirVPN GB Cassiopeia; Set nameserver = 1; monitoring connection

2012-09-23 17:13:29 *Tunnelblick: /Applications/Tunnelblick.app/Contents/Resources/openvpnstart start AirVPN\ GB\ Cassiopeia.tblk 1337 1 0 0 0 49 -atDASNGWrdasngw

2012-09-23 17:13:29 *Tunnelblick: Established communication with OpenVPN

2012-09-23 17:13:29 OpenVPN 2.2.1 i386-apple-darwin10.8.0 [sSL] [LZO2] [PKCS11] [eurephia] built on Aug 10 2012

2012-09-23 17:13:29 MANAGEMENT: TCP Socket listening on 127.0.0.1:1337

2012-09-23 17:13:29 Need hold release from management interface, waiting...

2012-09-23 17:13:29 MANAGEMENT: Client connected from 127.0.0.1:1337

2012-09-23 17:13:29 MANAGEMENT: CMD 'pid'

2012-09-23 17:13:29 MANAGEMENT: CMD 'state on'

2012-09-23 17:13:29 MANAGEMENT: CMD 'state'

2012-09-23 17:13:29 MANAGEMENT: CMD 'hold release'

2012-09-23 17:13:29 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2012-09-23 17:13:29 WARNING: file 'user.key' is group or others accessible

2012-09-23 17:13:29 LZO compression initialized

2012-09-23 17:13:29 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]

2012-09-23 17:13:29 Socket Buffers: R=[42080->65536] S=[9216->65536]

2012-09-23 17:13:29 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]

2012-09-23 17:13:29 Local Options hash (VER=V4): '22188c5b'

2012-09-23 17:13:29 Expected Remote Options hash (VER=V4): 'a8f55717'

2012-09-23 17:13:29 UDPv4 link local: [undef]

2012-09-23 17:13:29 UDPv4 link remote: 31.193.12.98:443

2012-09-23 17:13:29 MANAGEMENT: >STATE:1348416809,WAIT,,,

2012-09-23 17:13:29 MANAGEMENT: >STATE:1348416809,AUTH,,,

2012-09-23 17:13:29 TLS: Initial packet from 31.193.12.98:443, sid=a86a3a32 3cd3eb6d

2012-09-23 17:13:29 VERIFY OK: depth=1, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

2012-09-23 17:13:29 VERIFY OK: nsCertType=SERVER

2012-09-23 17:13:29 VERIFY OK: depth=0, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

2012-09-23 17:13:29 *Tunnelblick: openvpnstart: /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.2.1/openvpn --cd /Users/mike/Library/Application Support/Tunnelblick/Configurations/AirVPN GB Cassiopeia.tblk/Contents/Resources --daemon --management 127.0.0.1 1337 --config /Users/mike/Library/Application Support/Tunnelblick/Configurations/AirVPN GB Cassiopeia.tblk/Contents/Resources/config.ovpn --log /Library/Application Support/Tunnelblick/Logs/-SUsers-Smike-SLibrary-SApplication Support-STunnelblick-SConfigurations-SAirVPN GB Cassiopeia.tblk-SContents-SResources-Sconfig.ovpn.1_0_0_0_49.1337.openvpn.log --management-query-passwords --management-hold --script-security 2 --up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -atDASNGWrdasngw --down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -atDASNGWrdasngw --up-restart

2012-09-23 17:13:30 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

2012-09-23 17:13:30 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

2012-09-23 17:13:30 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

2012-09-23 17:13:30 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

2012-09-23 17:13:30 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA

2012-09-23 17:13:30 [server] Peer Connection Initiated with 31.193.12.98:443

2012-09-23 17:13:31 MANAGEMENT: >STATE:1348416811,GET_CONFIG,,,

2012-09-23 17:13:32 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

2012-09-23 17:13:32 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.4.0.1,comp-lzo no,route 10.4.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.4.0.194 10.4.0.193'

2012-09-23 17:13:32 OPTIONS IMPORT: timers and/or timeouts modified

2012-09-23 17:13:32 OPTIONS IMPORT: LZO parms modified

2012-09-23 17:13:32 OPTIONS IMPORT: --ifconfig/up options modified

2012-09-23 17:13:32 OPTIONS IMPORT: route options modified

2012-09-23 17:13:32 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

2012-09-23 17:13:32 ROUTE default_gateway=192.168.0.1

2012-09-23 17:13:32 TUN/TAP device /dev/tun0 opened

2012-09-23 17:13:32 MANAGEMENT: >STATE:1348416812,ASSIGN_IP,,10.4.0.194,

2012-09-23 17:13:32 /sbin/ifconfig tun0 delete

ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address

2012-09-23 17:13:32 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure

2012-09-23 17:13:32 /sbin/ifconfig tun0 10.4.0.194 10.4.0.193 mtu 1500 netmask 255.255.255.255 up

2012-09-23 17:13:32 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -atDASNGWrdasngw tun0 1500 1558 10.4.0.194 10.4.0.193 init

No such key

2012-09-23 17:13:35 *Tunnelblick: Flushed the DNS cache

2012-09-23 17:13:35 /sbin/route add -net 31.193.12.98 192.168.0.1 255.255.255.255

add net 31.193.12.98: gateway 192.168.0.1

2012-09-23 17:13:35 /sbin/route add -net 0.0.0.0 10.4.0.193 128.0.0.0

add net 0.0.0.0: gateway 10.4.0.193

2012-09-23 17:13:35 /sbin/route add -net 128.0.0.0 10.4.0.193 128.0.0.0

add net 128.0.0.0: gateway 10.4.0.193

2012-09-23 17:13:35 MANAGEMENT: >STATE:1348416815,ADD_ROUTES,,,

2012-09-23 17:13:35 /sbin/route add -net 10.4.0.1 10.4.0.193 255.255.255.255

add net 10.4.0.1: gateway 10.4.0.193

2012-09-23 17:13:35 Initialization Sequence Completed

2012-09-23 17:13:35 MANAGEMENT: >STATE:1348416815,CONNECTED,SUCCESS,10.4.0.194,31.193.12.98

2012-09-23 17:13:35 *Tunnelblick client.up.tunnelblick.sh: Retrieved name server(s) [ 10.4.0.1 ] and WINS server(s) [ ] and using default domain name [ openvpn ]

2012-09-23 17:13:35 *Tunnelblick client.up.tunnelblick.sh: Up to two 'No such key' warnings are normal and may be ignored

2012-09-23 17:13:35 *Tunnelblick client.up.tunnelblick.sh: Saved the DNS and WINS configurations for later use

2012-09-23 17:13:35 *Tunnelblick client.up.tunnelblick.sh: Set up to monitor system configuration with process-network-changes

2012-09-23 17:13:40 *Tunnelblick process-network-changes: A system configuration change was ignored because it was not relevant

rajaz

Additional Tunnelblick log from the disconnection (I had to disconnect to access airvpn):

2012-09-23 17:14:48 *Tunnelblick: Disconnecting; 'Disconnect' menu command invoked

2012-09-23 17:14:48 event_wait : Interrupted system call (code=4)

2012-09-23 17:14:48 SIGTERM received, sending exit notification to peer

2012-09-23 17:14:53 TCP/UDP: Closing socket

2012-09-23 17:14:53 /sbin/route delete -net 10.4.0.1 10.4.0.193 255.255.255.255

delete net 10.4.0.1: gateway 10.4.0.193

2012-09-23 17:14:53 /sbin/route delete -net 31.193.12.98 192.168.0.1 255.255.255.255

delete net 31.193.12.98: gateway 192.168.0.1

2012-09-23 17:14:53 /sbin/route delete -net 0.0.0.0 10.4.0.193 128.0.0.0

delete net 0.0.0.0: gateway 10.4.0.193

2012-09-23 17:14:53 /sbin/route delete -net 128.0.0.0 10.4.0.193 128.0.0.0

delete net 128.0.0.0: gateway 10.4.0.193

2012-09-23 17:14:53 Closing TUN/TAP interface

2012-09-23 17:14:53 /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -atDASNGWrdasngw tun0 1500 1558 10.4.0.194 10.4.0.193 init

2012-09-23 17:14:53 SIGTERM[soft,exit-with-notification] received, process exiting

2012-09-23 17:14:53 MANAGEMENT: >STATE:1348416893,EXITING,exit-with-notification,,

2012-09-23 17:14:53 *Tunnelblick client.down.tunnelblick.sh: Cancelled monitoring of system configuration changes

2012-09-23 17:14:53 *Tunnelblick client.down.tunnelblick.sh: Restored the DNS and WINS configurations

2012-09-23 17:14:54 *Tunnelblick: Flushed the DNS cache

Staff

Hello!

As you already noted, the DNS push appears correct. Also, the routing table is correct.

The odd thing is that you have problems with all the servers except Pegasi, but all the servers have the very same configuration and same OpenVPN server version, scripts etc.

Can you please check the following:

http://code.google.com/p/tunnelblick/wiki/cConnectedBut#If_OpenVPN_is_connected_to_the_server_but_you_can%27t_access

In particular, check your Mac DNS settings in "System Preferences".

Kind regards

rajaz

Hi - I checked the Tunnelblick link.

The webpage will not load either by using the name or the numerical IP address. I tried on both ibm.com and google.com. So maybe not DNS.

I had a look through the Tunnelblick discussion group but could not find a cure.

I double checked and indeed Pegasi is working just fine for me (in fact I am connected as I write this) but other servers are not working for me.

Right now my DNS settings show the following: DNS Servers 10.4.0.1 (no other servers showing). Search domains openvpn.

Staff

Hi - I checked the Tunnelblick link.
The webpage will not load either by using the name or the numerical IP address. I tried on both ibm.com and google.com. So maybe not DNS.
I had a look through the Tunnelblick discussion group but could not find a cure.
I double checked and indeed Pegasi is working just fine for me (in fact I am connected as I write this) but other servers are not working for me.
Right now my DNS settings show the following: DNS Servers 10.4.0.1 (no other servers showing). Search domains openvpn.

Hello!

Yes, we can rule out a DNS problem.

Please try at your convenience to upgrade to Tunnelblick 3.3beta21a:

http://code.google.com/p/tunnelblick/wiki/DownloadsEntry?tm=2

or, for testing purposes and comparison with Tunnelblick on the non-working servers, try Viscosity:

http://www.sparklabs.com/viscosity/

Kind regards

anonjay

I am having this exact same issue on mac too. One other weird thing I have noticed is that sometimes it will work and others it will not. Most times I just get new config files and it works.

rajaz

Hi admin

I tried both:

Tunnelblick 3.3beta21a: No browsing ability with any server, including Pegasi which was OK with 3.2.8.

Viscosity 1.4.2: No browsing ability with any server including Pegasi.

For info, I am generating the configuration files using port 443 UDP.

Thanks

- rajaz

rajaz

Correction.

Tunnelblick 3.3beta21a is also working for me with Pegasi. But slowly.

- rajaz

rajaz

Somewhat bizzarely I am getting slightly different results today. I have tried the 1Gb servers to check the ability to browse or not and here are the results using Tunnelblick 3.3beta21a.

Tauri - no

Bootis - no

Cassiopeia - no

Castor - no

Leporis - yes (slow, 80 seconds to load www.ibm.com)

Serpentis - no

Librae - no

Pegasi - authentication failed

Sirius - no

Vega - yes (good speed)

- rajaz

Staff

Somewhat bizzarely I am getting slightly different results today. I have tried the 1Gb servers to check the ability to browse or not and here are the results using Tunnelblick 3.3beta21a

Hello!

Which OpenVPN version is Tunnelblick using? If it's OpenVPN 2.3alpha, can you try the latest stable release?

Kind regards

rajaz

Hi

Tunnelblick was using OpenVPN 2.3-alpha 1. I changed to OpenVPN 2.2.1.

In my home network I get exactly the same results as yesterday, with good browsing capability on Vega but nowhere else.

However, I tried setting up the VPN from a different location (with the same service provider but a different network connection). There I found that I could get good browsing capability on all except Bootis and Sirius (around 11am CET today).

This makes me think the problem is with my network or router rather than the VPN connection I'm not doing anything radical (Belkin F5D8633 ADSl modem/router, several devices connected with wired ethernet and wireless ethernet including a NAS). There is no port forwarding on the router and all devices are connected with DHCP.

So I guess if the problems at my end there is not going to be much you can do for me!

- rajaz

rajaz

Hi

Another note. When connected and having no browsing ability, other internet services also don't work (e.g. I cant connect to email servers).

- rajaz

Unable to browse, DNS seems OK

Recommended Posts

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Join the conversation