Jump to content
Not connected, Your IP:
Sign in to follow this  

Unable to browse, DNS seems OK

Recommended Posts

Apologies if this is a known issue, but I have searched the forums and cannot find a cure. I am running with a trial connection with a view to subscribing. I am running MacOS snow leopard. I can make a VPN connection to multiple AirVPN servers with Tunnelblick. P2P works fine but I am unable to use Safari to browse on all servers except Polaris. The pages wont load.

Searching the forums I found reference to DNS issues. My Belkin router is setup to automatically obtain DNS from ISP. When I connect directly (without VPN) and check DNS settings (system preferences, network, (connection) advanced, DNS tab) the DNS points to my router. When I connect via VPN the DNS points to openVPN server, so it looks like the DNS is obtained properly. I have tried setting DNS in my router to (primary) and secondary but the result is the same.

I think I am missing something obvious and can't explain why browsing is OK on Polaris but not on other servers. Any help gratefully appreciated.

- rajaz

Share this post

Link to post


Can you please send us the Tunnelblick logs? It might still be a DNS problem.

A side note: Polaris is no more, it was dismissed more than a year, maybe almost two years, ago (replaced with more powerful hardware)! :)

Kind regards

Share this post

Link to post

Thanks. Here is the Tunnelblick log from a connection to Cassiopeia. (By Polaris I meant Pegasi, by the way )

2012-09-23 17:13:29 *Tunnelblick: OS X 10.6.8; Tunnelblick 3.2.8 (build 2891.3099)

2012-09-23 17:13:29 *Tunnelblick: Attempting connection with AirVPN GB Cassiopeia; Set nameserver = 1; monitoring connection

2012-09-23 17:13:29 *Tunnelblick: /Applications/Tunnelblick.app/Contents/Resources/openvpnstart start AirVPN\ GB\ Cassiopeia.tblk 1337 1 0 0 0 49 -atDASNGWrdasngw

2012-09-23 17:13:29 *Tunnelblick: Established communication with OpenVPN

2012-09-23 17:13:29 OpenVPN 2.2.1 i386-apple-darwin10.8.0 [sSL] [LZO2] [PKCS11] [eurephia] built on Aug 10 2012

2012-09-23 17:13:29 MANAGEMENT: TCP Socket listening on

2012-09-23 17:13:29 Need hold release from management interface, waiting...

2012-09-23 17:13:29 MANAGEMENT: Client connected from

2012-09-23 17:13:29 MANAGEMENT: CMD 'pid'

2012-09-23 17:13:29 MANAGEMENT: CMD 'state on'

2012-09-23 17:13:29 MANAGEMENT: CMD 'state'

2012-09-23 17:13:29 MANAGEMENT: CMD 'hold release'

2012-09-23 17:13:29 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2012-09-23 17:13:29 WARNING: file 'user.key' is group or others accessible

2012-09-23 17:13:29 LZO compression initialized

2012-09-23 17:13:29 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]

2012-09-23 17:13:29 Socket Buffers: R=[42080->65536] S=[9216->65536]

2012-09-23 17:13:29 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]

2012-09-23 17:13:29 Local Options hash (VER=V4): '22188c5b'

2012-09-23 17:13:29 Expected Remote Options hash (VER=V4): 'a8f55717'

2012-09-23 17:13:29 UDPv4 link local: [undef]

2012-09-23 17:13:29 UDPv4 link remote:

2012-09-23 17:13:29 MANAGEMENT: >STATE:1348416809,WAIT,,,

2012-09-23 17:13:29 MANAGEMENT: >STATE:1348416809,AUTH,,,

2012-09-23 17:13:29 TLS: Initial packet from, sid=a86a3a32 3cd3eb6d

2012-09-23 17:13:29 VERIFY OK: depth=1, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

2012-09-23 17:13:29 VERIFY OK: nsCertType=SERVER

2012-09-23 17:13:29 VERIFY OK: depth=0, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

2012-09-23 17:13:29 *Tunnelblick: openvpnstart: /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.2.1/openvpn --cd /Users/mike/Library/Application Support/Tunnelblick/Configurations/AirVPN GB Cassiopeia.tblk/Contents/Resources --daemon --management 1337 --config /Users/mike/Library/Application Support/Tunnelblick/Configurations/AirVPN GB Cassiopeia.tblk/Contents/Resources/config.ovpn --log /Library/Application Support/Tunnelblick/Logs/-SUsers-Smike-SLibrary-SApplication Support-STunnelblick-SConfigurations-SAirVPN GB Cassiopeia.tblk-SContents-SResources-Sconfig.ovpn.1_0_0_0_49.1337.openvpn.log --management-query-passwords --management-hold --script-security 2 --up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -atDASNGWrdasngw --down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -atDASNGWrdasngw --up-restart

2012-09-23 17:13:30 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

2012-09-23 17:13:30 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

2012-09-23 17:13:30 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

2012-09-23 17:13:30 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

2012-09-23 17:13:30 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA

2012-09-23 17:13:30 [server] Peer Connection Initiated with

2012-09-23 17:13:31 MANAGEMENT: >STATE:1348416811,GET_CONFIG,,,

2012-09-23 17:13:32 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

2012-09-23 17:13:32 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS,comp-lzo no,route,topology net30,ping 10,ping-restart 120,ifconfig'

2012-09-23 17:13:32 OPTIONS IMPORT: timers and/or timeouts modified

2012-09-23 17:13:32 OPTIONS IMPORT: LZO parms modified

2012-09-23 17:13:32 OPTIONS IMPORT: --ifconfig/up options modified

2012-09-23 17:13:32 OPTIONS IMPORT: route options modified

2012-09-23 17:13:32 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

2012-09-23 17:13:32 ROUTE default_gateway=

2012-09-23 17:13:32 TUN/TAP device /dev/tun0 opened

2012-09-23 17:13:32 MANAGEMENT: >STATE:1348416812,ASSIGN_IP,,,

2012-09-23 17:13:32 /sbin/ifconfig tun0 delete

ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address

2012-09-23 17:13:32 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure

2012-09-23 17:13:32 /sbin/ifconfig tun0 mtu 1500 netmask up

2012-09-23 17:13:32 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -atDASNGWrdasngw tun0 1500 1558 init

No such key

2012-09-23 17:13:35 *Tunnelblick: Flushed the DNS cache

2012-09-23 17:13:35 /sbin/route add -net

add net gateway

2012-09-23 17:13:35 /sbin/route add -net

add net gateway

2012-09-23 17:13:35 /sbin/route add -net

add net gateway

2012-09-23 17:13:35 MANAGEMENT: >STATE:1348416815,ADD_ROUTES,,,

2012-09-23 17:13:35 /sbin/route add -net

add net gateway

2012-09-23 17:13:35 Initialization Sequence Completed

2012-09-23 17:13:35 MANAGEMENT: >STATE:1348416815,CONNECTED,SUCCESS,,

2012-09-23 17:13:35 *Tunnelblick client.up.tunnelblick.sh: Retrieved name server(s) [ ] and WINS server(s) [ ] and using default domain name [ openvpn ]

2012-09-23 17:13:35 *Tunnelblick client.up.tunnelblick.sh: Up to two 'No such key' warnings are normal and may be ignored

2012-09-23 17:13:35 *Tunnelblick client.up.tunnelblick.sh: Saved the DNS and WINS configurations for later use

2012-09-23 17:13:35 *Tunnelblick client.up.tunnelblick.sh: Set up to monitor system configuration with process-network-changes

2012-09-23 17:13:40 *Tunnelblick process-network-changes: A system configuration change was ignored because it was not relevant

Share this post

Link to post

Additional Tunnelblick log from the disconnection (I had to disconnect to access airvpn):

2012-09-23 17:14:48 *Tunnelblick: Disconnecting; 'Disconnect' menu command invoked

2012-09-23 17:14:48 event_wait : Interrupted system call (code=4)

2012-09-23 17:14:48 SIGTERM received, sending exit notification to peer

2012-09-23 17:14:53 TCP/UDP: Closing socket

2012-09-23 17:14:53 /sbin/route delete -net

delete net gateway

2012-09-23 17:14:53 /sbin/route delete -net

delete net gateway

2012-09-23 17:14:53 /sbin/route delete -net

delete net gateway

2012-09-23 17:14:53 /sbin/route delete -net

delete net gateway

2012-09-23 17:14:53 Closing TUN/TAP interface

2012-09-23 17:14:53 /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -atDASNGWrdasngw tun0 1500 1558 init

2012-09-23 17:14:53 SIGTERM[soft,exit-with-notification] received, process exiting

2012-09-23 17:14:53 MANAGEMENT: >STATE:1348416893,EXITING,exit-with-notification,,

2012-09-23 17:14:53 *Tunnelblick client.down.tunnelblick.sh: Cancelled monitoring of system configuration changes

2012-09-23 17:14:53 *Tunnelblick client.down.tunnelblick.sh: Restored the DNS and WINS configurations

2012-09-23 17:14:54 *Tunnelblick: Flushed the DNS cache

Share this post

Link to post


As you already noted, the DNS push appears correct. Also, the routing table is correct.

The odd thing is that you have problems with all the servers except Pegasi, but all the servers have the very same configuration and same OpenVPN server version, scripts etc.

Can you please check the following:


In particular, check your Mac DNS settings in "System Preferences".

Kind regards

Share this post

Link to post

Hi - I checked the Tunnelblick link.

The webpage will not load either by using the name or the numerical IP address. I tried on both ibm.com and google.com. So maybe not DNS.

I had a look through the Tunnelblick discussion group but could not find a cure.

I double checked and indeed Pegasi is working just fine for me (in fact I am connected as I write this) but other servers are not working for me.

Right now my DNS settings show the following: DNS Servers (no other servers showing). Search domains openvpn.

Share this post

Link to post

Hi - I checked the Tunnelblick link.

The webpage will not load either by using the name or the numerical IP address. I tried on both ibm.com and google.com. So maybe not DNS.

I had a look through the Tunnelblick discussion group but could not find a cure.

I double checked and indeed Pegasi is working just fine for me (in fact I am connected as I write this) but other servers are not working for me.

Right now my DNS settings show the following: DNS Servers (no other servers showing). Search domains openvpn.


Yes, we can rule out a DNS problem.

Please try at your convenience to upgrade to Tunnelblick 3.3beta21a:


or, for testing purposes and comparison with Tunnelblick on the non-working servers, try Viscosity:


Kind regards

Share this post

Link to post

I am having this exact same issue on mac too. One other weird thing I have noticed is that sometimes it will work and others it will not. Most times I just get new config files and it works.

Share this post

Link to post

Hi admin

I tried both:

Tunnelblick 3.3beta21a: No browsing ability with any server, including Pegasi which was OK with 3.2.8.

Viscosity 1.4.2: No browsing ability with any server including Pegasi.

For info, I am generating the configuration files using port 443 UDP.


- rajaz

Share this post

Link to post


Tunnelblick 3.3beta21a is also working for me with Pegasi. But slowly.

- rajaz

Share this post

Link to post

Somewhat bizzarely I am getting slightly different results today. I have tried the 1Gb servers to check the ability to browse or not and here are the results using Tunnelblick 3.3beta21a.

Tauri - no

Bootis - no

Cassiopeia - no

Castor - no

Leporis - yes (slow, 80 seconds to load www.ibm.com)

Serpentis - no

Librae - no

Pegasi - authentication failed

Sirius - no

Vega - yes (good speed)

- rajaz

Share this post

Link to post

Somewhat bizzarely I am getting slightly different results today. I have tried the 1Gb servers to check the ability to browse or not and here are the results using Tunnelblick 3.3beta21a


Which OpenVPN version is Tunnelblick using? If it's OpenVPN 2.3alpha, can you try the latest stable release?

Kind regards

Share this post

Link to post


Tunnelblick was using OpenVPN 2.3-alpha 1. I changed to OpenVPN 2.2.1.

In my home network I get exactly the same results as yesterday, with good browsing capability on Vega but nowhere else.

However, I tried setting up the VPN from a different location (with the same service provider but a different network connection). There I found that I could get good browsing capability on all except Bootis and Sirius (around 11am CET today).

This makes me think the problem is with my network or router rather than the VPN connection I'm not doing anything radical (Belkin F5D8633 ADSl modem/router, several devices connected with wired ethernet and wireless ethernet including a NAS). There is no port forwarding on the router and all devices are connected with DHCP.

So I guess if the problems at my end there is not going to be much you can do for me!

- rajaz

Share this post

Link to post


Another note. When connected and having no browsing ability, other internet services also don't work (e.g. I cant connect to email servers).

- rajaz

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

  • Create New...