WTB a setup guide for OSx

This forum contains frequently asked questions for our services.

WTB a setup guide for OSx

Postby petter » Sun Apr 05, 2009 8:20 am

Hi, I'm trying to set up a connection using Viscosity (have tried Tunnelblick as well) and get stuck after recieving my client IP.

I'm a complete IP-noob so basically I have no idea what I'm doing :) ANyway...

I have imported the config file to create a connection profile. My logfile looks like this (my ip is the right one I have replaced the last digits with XXX):

Sun Apr 5 09:32:20 2009: LZO compression initialized
Sun Apr 5 09:32:20 2009: gw 83.226.48.1
Sun Apr 5 09:32:20 2009: TUN/TAP device /dev/tap0 opened
Sun Apr 5 09:32:20 2009: /sbin/ifconfig tap0 delete
Sun Apr 5 09:32:20 2009: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
Sun Apr 5 09:32:20 2009: /sbin/ifconfig tap0 88.80.28.XXX netmask 255.255.255.0 mtu 1500 up
Sun Apr 5 09:32:20 2009: /Applications/Viscosity.app/Contents/Resources/dnsupalt.py tap0 1500 1593 88.80.28.XXX 255.255.255.0 init
Sun Apr 5 09:32:21 2009: UDPv4 link local (bound): [undef]:xxxx
Sun Apr 5 09:32:21 2009: UDPv4 link remote: 88.80.30.2:xxxx

I have BBB as ISP and checked w them if they have any limitations in using their name server when tunneling, they say they dont have that.

I have checked the Viscosity forums and found something that I speculated could have some impact: As you are using a TAP interface you'll probably want to add a route-delay to your connection (otherwise OpenVPN might try and add the routes before the interface is ready). so I added a "route-delay 40" to my config (seems to make no difference using it or not)

Here are my settings in Viscosity (minus the real values ofc, i have double checked so i use the right numbers for my account)

Image Image Image Image Image

SO, for some reason my connection halts after I get a Client IP, any ideas?
petter
 
Posts: 5
Joined: Sat Apr 04, 2009 11:16 am

Re: WTB a setup guide for OSx

Postby w00t242 » Sun Apr 05, 2009 8:39 pm

Hi,

I use Tunnelblick 3.0b10 (since I'm still running Tiger 10.4.11) - and I got mine working.

Let's start by checking your setup. Could you, open Terminal and type: cat ~/Library/openvpn/openvpn.conf ... and paste the contents.

and while you're at it, can you check that your key.txt is properly formated? Type: cat ~/Library/openvpn/key.txt and check that the begining of the line starts with:
"-----BEGIN OpenVPN Static key V1-----"
...
followed by a bunch of jibberish, and ends with
...
"-----END OpenVPN Static key V1-----"

... and nothing else.

(Also, don't paste the contents of the key.txt! as you don't normally give away the key's to your Ferrari to strangers, do you? :-) ...)
w00t242
 
Posts: 3
Joined: Fri Apr 03, 2009 7:03 pm

Re: WTB a setup guide for OSx

Postby petter » Sun Apr 05, 2009 9:39 pm

dev tap
remote 88.80.30.2
float 88.80.30.2
port xxxx
comp-lzo
ifconfig 88.80.28.xx 255.255.255.0
route-gateway 88.80.28.1
redirect-gateway def1
secret key.txt
cipher AES-128-CBC

that's my .conf (xxxx instead of my specific port and xx.xx instead of my specific ip - both are the same i got from admins)

Yes, the key.txt is formatted ok:

-----BEGIN OpenVPN Static key V1-----
91df92b0e7c337e27d1e6a408cf17d2c
--snip--
5e578500f995c23a6fc5d7e5e73ddf5e
-----END OpenVPN Static key V1-----

So that seems ok. Ty for helping out.
petter
 
Posts: 5
Joined: Sat Apr 04, 2009 11:16 am

Re: WTB a setup guide for OSx

Postby w00t242 » Mon Apr 06, 2009 12:45 am

Yep, that seems ok.

Now, before we start Tunnelblick, let's just restart the system (IIRC I had some issues with Tunnelblick running it after I installed it. It's still in beta ...). Also make sure you haven't set it to auto-start at startup in your Users Account's Pane under " Login Items ".

So, after the restart, fire up Console (you should have console.log window open. And press the Clear button).

Then, start Tunnelblick ... and watch the output in Console ...

In the Menu bar, up in the right hand corner (I guess) open Tunnelblick's " Details.. " window. Before connecting, make sure " Set Nameservers " is checked.

Try to connect, and watch the log output in both " Details... " and " console.log "

If it's still not working, please paste the output of:
    1) " Details... " Window
    2) " console.log "

And from the Terminal the output of:
    1) netstat -nr
    2) scutil --dns
    3) traceroute prq.se
    4) traceroute 88.80.6.42
    5) nslookup prq.se

I know, a lot of info to paste :-) ... but I'm asking for all of it as it's easier to error-check things If I got everything at hand :-) ... So, take your time, and plz be diligent formating them in proper blocks that entail from where it comes from. eg:

# traceroute 88.80.6.42
    traceroute to 88.80.6.42 (88.80.6.42), 64 hops max, 40 byte packets
    1 host-1.prq.se (88.80.28.1) 22.809 ms 9.127 ms 9.049 ms
    2 88.80.30.1 (88.80.30.1) 15.779 ms 10.335 ms 13.494 ms
    3 www1.prq.se (88.80.6.42) 10.168 ms 18.626 ms 15.888 ms

(That is, command Bold & Red, output is in a List ... ease, no? and easy on they eyes :-) ...)

And yes, if you omit IP's pls omit same number IP the same way if it pops up in several output's, eg:
    88.80.6.42 --> 88.80.AA.AA
    88.80.28.1 --> 88.80.BB.BB
(... no need to color-code IP, just there to make my point... so one can keep track of what IP is what. if all IP's where XX ... it'll be hell :-) ..)


Well, time to sleep, ce'ya after work.
w00t242
 
Posts: 3
Joined: Fri Apr 03, 2009 7:03 pm

Re: WTB a setup guide for OSx

Postby sTupiD » Tue Apr 07, 2009 3:58 pm

Hey! I´m a total noob here and I´m sitting on OsX. Can someone plese post a complete guide from beginning to the end on how to install PRQ tunnels on OsX?!?

I don´t understand anything that has been posted in here!??! First I go to "system preferences"? Network? Right?!!?

Thank´s in advance!!! ;)
sTupiD
 
Posts: 1
Joined: Tue Apr 07, 2009 3:04 pm

Re: WTB a setup guide for OSx

Postby petter » Thu Apr 09, 2009 8:33 am

w00t242 wrote:If it's still not working, please paste the output of:
    1) " Details... " Window
    2) " console.log "
.


Thu 01/01/70 01:00 AM: SUCCESS: pid=176
Thu 01/01/70 01:00 AM: SUCCESS: real-time state notification set to ON
Thu 01/01/70 01:00 AM: SUCCESS: real-time log notification set to ON
Thu 04/09/09 09:59 AM: OpenVPN 2.1_rc15 i386-apple-darwin9.5.0 [SSL] [LZO2] built on Nov 19 2008
Thu 01/01/70 01:00 AM: END
Thu 01/01/70 01:00 AM: SUCCESS: hold release succeeded
Thu 04/09/09 09:59 AM: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu 04/09/09 09:59 AM: WARNING: file 'key.txt' is group or others accessible
Thu 04/09/09 09:59 AM: LZO compression initialized
Thu 04/09/09 09:59 AM: TUN/TAP device /dev/tap0 opened
Thu 04/09/09 09:59 AM: /sbin/ifconfig tap0 delete
Thu 04/09/09 09:59 AM: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
Thu 04/09/09 09:59 AM: /sbin/ifconfig tap0 88.80.AA.AA netmask 255.255.255.0 mtu 1500 up
Thu 04/09/09 09:59 AM: /Applications/Tunnelblick.app/Contents/Resources/client.up.osx.sh tap0 1500 1593 88.80.AA.AA 255.255.255.0 init
Thu 04/09/09 09:59 AM: UDPv4 link local (bound): [undef]:BBB
Thu 04/09/09 09:59 AM: UDPv4 link remote: 88.80.30.2:BBB
Thu 04/09/09 09:59 AM: Peer Connection Initiated with 88.80.30.2:BBB
Thu 04/09/09 09:59 AM: Initialization Sequence Completed

So, Tunnelblick seems to connect. But I'm only able to connect to forum.prq.se :) Seems like a DNS prob to me.... Anyway, here is the rest:

And from the Terminal the output of:
1) netstat -nr


Routing tables

Internet:
Destination Gateway Flags Refs Use Netif Expire
0/1 88.80.28.1 UGSc 3 0 tap0
default 83.226.CC.CC UGSc 2 16 en1
83.226.DD/22 link#6 UCS 1 0 en1
83.226.CC.CC 0:d0:52:b:53:55 UHLW 3 0 en1 890
83.226.EE.EE 127.0.0.1 UHS 0 0 lo0
88.80.28/24 link#8 UC 1 0 tap0
88.80.28.1 6a:a0:59:3b:97:98 UHLW 10 0 tap0 1117
88.80.30.2/32 83.226.CC.CC UGSc 1 0 en1
127 127.0.0.1 UCS 0 0 lo0
127.0.0.1 127.0.0.1 UH 3 58 lo0
128.0/1 88.80.28.1 UGSc 5 0 tap0
169.254 link#6 UCS 1 0 en1
169.254.255.255 0:d0:52:b:53:55 UHLW 0 0 en1

Internet6:
Destination Gateway Flags Netif Expire
::1 link#1 UHL lo0
fe80::%lo0/64 fe80::1%lo0 Uc lo0
fe80::1%lo0 link#1 UHL lo0
ff01::/32 ::1 U lo0
ff02::/32 fe80::1%lo0 UC lo0

2) scutil --dns


DNS configuration

resolver #1
domain : bredbandsbolaget.se
nameserver[0] : 195.54.122.198
nameserver[1] : 195.54.122.200
nameserver[2] : 195.54.122.199
nameserver[3] : 81.26.227.3
order : 200000

resolver #2
domain : local
options : mdns
timeout : 2
order : 300000

etc...

3) traceroute prq.se


traceroute: unknown host prq.se

4) traceroute 88.80.6.42


traceroute to 88.80.6.42 (88.80.6.42), 64 hops max, 40 byte packets
1 88.80.28.1 (88.80.28.1) 4768.961 ms 25.065 ms 24.867 ms
2 88.80.30.1 (88.80.30.1) 25.407 ms 24.892 ms 26.048 ms
3 88.80.6.42 (88.80.6.42) 25.032 ms 24.976 ms 25.542 ms

5) nslookup prq.se


;; Got recursion not available from 195.54.122.198, trying next server
;; Got recursion not available from 195.54.122.200, trying next server
;; Got recursion not available from 195.54.122.198, trying next server
;; Got recursion not available from 195.54.122.200, trying next server
Server: 195.54.122.199
Address: 195.54.122.199#53

** server can't find prq.se.bredbandsbolaget.se: REFUSED

I know, a lot of info to paste :-) ... but I'm asking for all of it as it's easier to error-check things If I got everything at hand :-) ... So, take your time, and plz be diligent formating them in proper blocks that entail from where it comes from. eg:


Sry, for my late replies, been working and haven't had the time. I really appreciate your help though.
petter
 
Posts: 5
Joined: Sat Apr 04, 2009 11:16 am

Re: WTB a setup guide for OSx

Postby petter » Thu Apr 09, 2009 8:44 am

Here is my Viscosity log: (I can connect through Viscosity now as well)

Thu Apr 9 10:37:43 2009: LZO compression initialized
Thu Apr 9 10:37:43 2009: gw 83.226.48.1
Thu Apr 9 10:37:43 2009: TUN/TAP device /dev/tap0 opened
Thu Apr 9 10:37:43 2009: /sbin/ifconfig tap0 delete
Thu Apr 9 10:37:43 2009: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
Thu Apr 9 10:37:43 2009: /sbin/ifconfig tap0 88.80.AA.AA netmask 255.255.255.0 mtu 1500 up
Thu Apr 9 10:37:43 2009: /Applications/Viscosity.app/Contents/Resources/dnsup.py tap0 1500 1593 88.80.AA.AA 255.255.255.0 init
Thu Apr 9 10:37:43 2009: UDPv4 link local (bound): [undef]:BB
Thu Apr 9 10:37:43 2009: UDPv4 link remote: 88.80.30.2:BB
Thu Apr 9 10:37:53 2009: Peer Connection Initiated with 88.80.30.2:BB
Thu Apr 9 10:38:34 2009: NOTE: unable to redirect default gateway -- VPN gateway parameter (--route-gateway or --ifconfig) is missing
Thu Apr 9 10:38:34 2009: Initialization Sequence Completed
petter
 
Posts: 5
Joined: Sat Apr 04, 2009 11:16 am

Re: WTB a setup guide for OSx

Postby petter » Fri Apr 10, 2009 8:46 am

Got it to work now with Tunneblick as well as Viscosity.

I added 88.80.8.3 to my DNS and voila, it works.

I cant see any difference in me having "Set Nameserver" ticked or not in Tunnelblick. Works with both.

Ths for help :)
petter
 
Posts: 5
Joined: Sat Apr 04, 2009 11:16 am

Re: WTB a setup guide for OSx

Postby w00t242 » Sat Apr 11, 2009 12:41 am

petter wrote:I added 88.80.8.3 to my DNS and voila, it works.


Yes, that's the magic trick! :-) Since ISP's don't regularly allow outsiders to use their DNS (since we route all of our traffic through PRQ).


sTupiD wrote:Hey! I´m a total noob here and I´m sitting on OsX. Can someone please post a complete guide from beginning to the end on how to install PRQ tunnels on OsX?!?

I don´t understand anything that has been posted in here!??! First I go to "system preferences"? Network? Right?!!?

Thanks in advance!!! ;)


Pardon our geek-talk (old time Linux user, you know :-) ...)

I could do a " Tunnelblick for Mac OS X Guide " for you, but It'd have to wait a few days (as I got other stuff to do 1st.)

For a Viscosity Guide, ask petter ... maybe he'll be kind enough to do one aswell.
w00t242
 
Posts: 3
Joined: Fri Apr 03, 2009 7:03 pm


Return to FAQ and support

Who is online

Users browsing this forum: No registered users and 2 guests

cron