OpenVPN with Tunnelblick client on Mac

Hello

I try to get the mentioned configuration working and need help. I expect the problem is my configuration on Turris Omnia router (OpenVPN, DNS, Firewall or whatever).

My Foris config page for OpenVPN

With the config file downloaded from the router and installed, the client does not connect. The client log reports

2019-05-07 09:44:49 TCP/UDP: Incoming packet rejected from [AF_INET]192.168.1.1:1194[2], expected peer address: [AF_INET]xxx.xxx.xxx.xxx:1194 (allow this incoming source address/port by removing --remote or adding --float)

Following the suggestions by adding --float to the config file, the client now connects.
My computer gets DNS server 10.111.111.1 but my computer’s IP address does not change and I can not connect to any computer nor my router.

The client log reports

2019-05-07 09:57:56 *Tunnelblick: After 30.0 seconds, gave up trying to fetch IP address information using the ipInfo host’s name after connecting.
2019-05-07 09:58:30 *Tunnelblick: An error occured fetching IP address information using the ipInfo host’s IP address after connecting

What is basically wrong?

Thank you for your support

Yves

adding options might help … if already there, check the client log , eventually increase log-level to get more info.

mssfix 0
fragment 0
resolv-retry infinite 

remove “–remote” (if you have it there)

I do not know the new-macs much (i am PPC old guy), but i think you have to also check the network setup (and allow some services on that adapter/network). If there is no specific enable/disable stuff in firewall/network, you will need to add some routing rules by your own to client config (or in general in OSX) to handle each network/subnet individually. Testing openvpn from same network is always routing-headache :slight_smile:

Thank you, but no change with these option.
I disabled the firewall and no special settings in network configuration possible.

From the errors you’re getting, it looks like you’re trying to connect to OpenVPN from a computer connected to your own LAN. The default configuration of OpenVPN doesn’t allow you to connect from your LAN. You need to test from a network other than your own LAN.

What I typically do is tether my computer to my phone when I want to test OpenVPN. Another option is to visit a neighbor and test from their network, etc.

Thank you, but this is exactly what I do: Connecting via hotspot of my mobile phone.

Using tethering just brings whole family of issues you can face, so hard to say what is cause and how to fix it. Just having some subnet with same range is very unpredictable :slight_smile:

So from my point, ideally ... just quick notes , how i would do it...

1.check you have unique subnet range for your vpn server config
2.check tether setup and ensure that used subnet and dhcp setup is not in conflict with your actual lan
3. check-and-change all again in foris, save-and-apply
4. generate some new user config, rename it from .conf to .ovpn and import to your phone (for android there is offical app from openvpn, for ios, not sure)
5. test default vpn connection from that phone
6. if fine, import it to your Tunnelblick , edit it (add float, remove remote, change external to internal ip)
is that tunnelblick up to date ?
7. test it (directly in cmd using openvpn and using tunnelblick)
8. revert changes from step 6.
9. activate tether, connect your mac to it, check dhcp/dns setup + internet connectivity
10. test vpn again

Thank you for all the suggestions which I all tried.
I finally reset the router to default settings and reinstalled OpenVPN. the problem still persisted. Then I found that the OpenVPN start script was disabled. This is strange, since in the past the OpenVPN worked after default installation without extra settings. So, with the start script disabled one do not get any extra log file entry or error message and the OpenVPN connection can be established as expexted. Only, no server is reachable, probably due to missing DNS resolution.

Than you for your effort responding to my problem
Yves