Problems with VPN over SSH on Mac 10.8.2

[rmoff 15]

Hi,

 

I'm using AirVPN successfully on my Mac (10.8.2) with Tunnelblick. However I want to get VPN over SSH working too.

I have got the SSH key, openvpn binary, and .sh and .ovpn through the config generator, and the SSH tunnel successfully connects;

 

$ ./AirVPN_United\ Kingdom_SSH-22.sh

AirVPN SSH Tunnel
OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 53: Applying options for *
debug1: Connecting to 31.193.12.98 [31.193.12.98] port 22.
[...]
debug1: Connection to port 1412 forwarding to 127.0.0.1 port 2018 requested.
debug1: channel 2: new [direct-tcpip]
debug1: channel 2: free: direct-tcpip: listening port 1412 for 127.0.0.1 port 2018, connect from 127.0.0.1 port 56739, nchannels 3
debug1: Connection to port 1412 forwarding to 127.0.0.1 port 2018 requested.
debug1: channel 2: new [direct-tcpip]
debug1: channel 2: free: direct-tcpip: listening port 1412 for 127.0.0.1 port 2018, connect from 127.0.0.1 port 56754, nchannels 3

When I launch the openvpn though, I get an error - "Cannot allocate TUN/TAP dev dynamically"

$ sudo ./openvpn AirVPN_United\ Kingdom_SSH-22.ovpn
Mon Jul  8 18:12:09 2013 OpenVPN 2.3.1 x86_64-apple-darwin11.1.0 [sSL (OpenSSL)] [LZO] [eurephia] [MH] [iPv6] built on Apr 26 2013
Mon Jul  8 18:12:09 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Jul  8 18:12:09 2013 Socket Buffers: R=[131072->65536] S=[131072->65536]
Mon Jul  8 18:12:09 2013 Attempting to establish TCP connection with [AF_INET]127.0.0.1:1412 [nonblock]
Mon Jul  8 18:12:10 2013 TCP connection established with [AF_INET]127.0.0.1:1412
Mon Jul  8 18:12:10 2013 TCPv4_CLIENT link local: [undef]
Mon Jul  8 18:12:10 2013 TCPv4_CLIENT link remote: [AF_INET]127.0.0.1:1412
Mon Jul  8 18:12:11 2013 TLS: Initial packet from [AF_INET]127.0.0.1:1412, sid=22ba3002 6e01312b
Mon Jul  8 18:12:21 2013 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
Mon Jul  8 18:12:21 2013 VERIFY OK: nsCertType=SERVER
Mon Jul  8 18:12:21 2013 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org
Mon Jul  8 18:12:47 2013 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mon Jul  8 18:12:47 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Jul  8 18:12:47 2013 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mon Jul  8 18:12:47 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Jul  8 18:12:47 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mon Jul  8 18:12:47 2013 [server] Peer Connection Initiated with [AF_INET]127.0.0.1:1412
Mon Jul  8 18:12:49 2013 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Jul  8 18:12:51 2013 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.50.0.1,comp-lzo no,route 10.50.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.50.0.58 10.50.0.57'
Mon Jul  8 18:12:51 2013 OPTIONS IMPORT: timers and/or timeouts modified
Mon Jul  8 18:12:51 2013 OPTIONS IMPORT: LZO parms modified
Mon Jul  8 18:12:51 2013 OPTIONS IMPORT: --ifconfig/up options modified
Mon Jul  8 18:12:51 2013 OPTIONS IMPORT: route options modified
Mon Jul  8 18:12:51 2013 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Jul  8 18:12:51 2013 ROUTE_GATEWAY 10.101.0.1/255.255.128.0 IFACE=en1 HWADDR=b8::12:3b:d1:36
Mon Jul  8 18:12:51 2013 Cannot allocate TUN/TAP dev dynamically
Mon Jul  8 18:12:51 2013 Exiting due to fatal error

The Google hits I've found have all been related to Tunnelblick on the Mac, but for me Tunnelblick is working absolutely fine.

 

Any suggestions on resolving this please?

 

 

[Staff 9973]

Hello,

 

please install tuntap.pkg from our OpenVPN package for OS X:

 

https://airvpn.org/topic/9325-development-of-os-x-airvpn-client/

 

Kind regards

[rmoff 15]

Hi,

 

I've just tried this, but on running the installer, after entering Admin credentials, got the error:
 

The installation failed

The Installer encountered an error that caused the installation to fail. Contact the software manufacturer for assistance.

 

Is there going to be a log file somewhere I can provide?

[rmoff 15]

Sorry, found the install log now :

 

installd[43575]: PackageKit: ----- Begin install -----
installd[43575]: PackageKit: Install Failed: Error Domain=PKInstallErrorDomain Code=112 "An error occurred while running scripts from the package “tun.pkg”." UserInfo=0x7fdae4e0f0c0 {NSFilePath=./postinstall, NSURL=file://localhost/Volumes/hdd/Downloads/build/tuntap.pkg/Contents/Packages/tun.pkg, PKInstallPackageIdentifier=tuntap.tun, NSLocalizedDescription=An error occurred while running scripts from the package “tun.pkg”.} {
	    NSFilePath = "./postinstall";
	    NSLocalizedDescription = "An error occurred while running scripts from the package \U201ctun.pkg\U201d.";
	    NSURL = "file://localhost/Volumes/hdd/Downloads/build/tuntap.pkg/Contents/Packages/tun.pkg";
	    PKInstallPackageIdentifier = "tuntap.tun";
	}
Installer[43569]: Install failed: The Installer encountered an error that caused the installation to fail. Contact the software manufacturer for assistance.
Installer[43569]: Displaying 'Install Failed' UI.
Installer[43569]: 'Install Failed' UI displayed message:'The Installer encountered an error that caused the installation to fail. Contact the software manufacturer for assistance.'.

[Staff 9973]

Hello,

 

can you please make sure that Tunnelblick is not running during the installation (Tunnelblick uses the very same tun.kext and tap.kext)?

 

Kind regards

[rmoff 15]

Aha - that was the problem. Installed the pkg now, and get past the original error from openvpn. It's still not working though (the SSH keeps dropping), I'll post back logs when I get chance.

[Staff 9973]

Hello!

 

Ok, when you have the chance, try also a direct OpenVPN connection (i.e. connecting via OpenVPN, without SSH and without Tunnelblick).

 

Kind regards