Ма c OSX Каталина + туннельблик SSL / TLS рукопожатие не удалось - PullRequest
Новая
       17

Ма c OSX Каталина + туннельблик SSL / TLS рукопожатие не удалось

1 голос
/ 25 марта 2020

Я установил совершенно новый Desktop iMa c под управлением Catalina версии 10.15.4 И со вчерашнего дня у меня были проблемы с аутентификацией на OpenVPN с использованием Tunnelblick. В настоящее время я использую Tunnelblick 3.8.2 (сборка 5480) ..

Ниже вы можете просмотреть журналы ошибок. 

*Tunnelblick: macOS 10.15.4 (19E266); Tunnelblick 3.8.2 (build 5480); Admin user
git commit 6155bb774cf9652ef0231b712d7784ee03d3c85e


Configuration vpngate_vpn244287220.opengw.net_udp_1673

"Sanitized" condensed configuration file for /Library/Application Support/Tunnelblick/Shared/vpngate_vpn244287220.opengw.net_udp_1673.tblk:

dev tun
proto udp
remote vpn244287220.opengw.net 1673
cipher AES-128-CBC
auth SHA1
resolv-retry infinite
nobind
persist-key
persist-tun
client
verb 3
<ca>
[Security-related line(s) omitted]
</ca>
<cert>
[Security-related line(s) omitted]
</cert>
<key>
[Security-related line(s) omitted]
</key>


================================================================================

Files in vpngate_vpn244287220.opengw.net_udp_1673.tblk:
      Contents/Resources/config.ovpn

================================================================================

Configuration preferences:

-routeAllTrafficThroughVpn = 1
-openvpnVersion = -
-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
-loggingLevel = 3
-lastConnectionSucceeded = 0

================================================================================

Wildcard preferences:

-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0

================================================================================

Program preferences:

buildExpirationTimestamp = 1587379876
launchAtNextLogin = 1
tunnelblickVersionHistory = (
    "3.8.2 (build 5480)",
    "3.8.1 (build 5400)"
)
lastLaunchTime = 606821074.439207
lastLanguageAtLaunchWasRTL = 0
connectionWindowDisplayCriteria = showWhenConnecting
maxLogDisplaySize = 102400
lastConnectedDisplayName = vpngate_118.241.144.186_udp_1195
keyboardShortcutIndex = 1
updateCheckAutomatically = 1
NSWindow Frame ConnectingWindow = 1085 937 389 187 0 0 2560 1417 
NSWindow Frame SUUpdateAlert = 970 783 620 392 0 0 2560 1417 
detailsWindowFrameVersion = 5400
detailsWindowFrame = {{1267, 756}, {920, 468}}
detailsWindowLeftFrame = {{0, 0}, {167, 350}}
detailsWindowViewIndex = 0
detailsWindowConfigurationsTabIdentifier = log
leftNavSelectedDisplayName = vpngate_vpn244287220.opengw.net_udp_1673
AdvancedWindowTabIdentifier = connectingAndDisconnecting
haveDealtWithOldTunTapPreferences = 1
haveDealtWithOldLoginItem = 1
haveDealtWithAfterDisconnect = 1
SUEnableAutomaticChecks = 1
SUScheduledCheckInterval = 86400
SULastCheckTime = 2020-03-25 09:24:34 +0000
SUHasLaunchedBefore = 1
WebKitDefaultFontSize = 16
WebKitStandardFont = Times
buildExpirationTimestamp = 1587379876

================================================================================

Tunnelblick Log:

2020-03-25 09:26:50.201403 *Tunnelblick: macOS 10.15.4 (19E266); Tunnelblick 3.8.2 (build 5480)
2020-03-25 09:26:50.512597 *Tunnelblick: Attempting connection with vpngate_vpn244287220.opengw.net_udp_1673; Set nameserver = 769; monitoring connection
2020-03-25 09:26:50.513215 *Tunnelblick: openvpnstart start vpngate_vpn244287220.opengw.net_udp_1673.tblk 58118 769 0 3 0 1098544 -ptADGNWradsgnw 2.5_git_32723d2-openssl-1.1.1e
2020-03-25 09:26:50.531516 *Tunnelblick: openvpnstart starting OpenVPN
2020-03-25 09:26:50.794089 OpenVPN 2.5_git_32723d2 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Mar 22 2020
2020-03-25 09:26:50.794152 library versions: OpenSSL 1.1.1e  17 Mar 2020, LZO 2.10
2020-03-25 09:26:50.795069 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:58118
2020-03-25 09:26:50.795116 Need hold release from management interface, waiting...
2020-03-25 09:26:51.136934 *Tunnelblick: openvpnstart log:
     OpenVPN started successfully.
     Command used to start OpenVPN (one argument per displayed line):
          /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.5_git_32723d2-openssl-1.1.1e/openvpn
          --daemon
          --log /Library/Application Support/Tunnelblick/Logs/-SLibrary-SApplication Support-STunnelblick-SShared-Svpngate_vpn244287220.opengw.net_udp_1673.tblk-SContents-SResources-Sconfig.ovpn.769_0_3_0_1098544.58118.openvpn.log
          --cd /Library/Application Support/Tunnelblick/Shared/vpngate_vpn244287220.opengw.net_udp_1673.tblk/Contents/Resources
          --machine-readable-output
          --setenv IV_GUI_VER "net.tunnelblick.tunnelblick 5480 3.8.2 (build 5480)"
          --verb 3
          --config /Library/Application Support/Tunnelblick/Shared/vpngate_vpn244287220.opengw.net_udp_1673.tblk/Contents/Resources/config.ovpn
          --setenv TUNNELBLICK_CONFIG_FOLDER /Library/Application Support/Tunnelblick/Shared/vpngate_vpn244287220.opengw.net_udp_1673.tblk/Contents/Resources
          --verb 3
          --cd /Library/Application Support/Tunnelblick/Shared/vpngate_vpn244287220.opengw.net_udp_1673.tblk/Contents/Resources
          --management 127.0.0.1 58118 /Library/Application Support/Tunnelblick/lnkadcnbabkakmcajkcbbhagnilekdiadephbbio.mip
          --management-query-passwords
          --management-hold
          --redirect-gateway def1
          --script-security 2
          --route-up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
          --down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
2020-03-25 09:26:51.145350 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:58118
2020-03-25 09:26:51.214147 MANAGEMENT: CMD 'pid'
2020-03-25 09:26:51.214221 MANAGEMENT: CMD 'auth-retry interact'
2020-03-25 09:26:51.214269 MANAGEMENT: CMD 'state on'
2020-03-25 09:26:51.214311 MANAGEMENT: CMD 'state'
2020-03-25 09:26:51.214356 MANAGEMENT: CMD 'bytecount 1'
2020-03-25 09:26:51.215097 *Tunnelblick: Established communication with OpenVPN
2020-03-25 09:26:51.231465 *Tunnelblick: >INFO:OpenVPN Management Interface Version 3 -- type 'help' for more info
2020-03-25 09:26:51.234302 MANAGEMENT: CMD 'hold release'
2020-03-25 09:26:51.234590 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2020-03-25 09:26:51.234626 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2020-03-25 09:26:51.239204 MANAGEMENT: >STATE:1585128411,RESOLVE,,,,,,
2020-03-25 09:26:51.528796 TCP/UDP: Preserving recently used remote address: [AF_INET]121.155.129.51:1673
2020-03-25 09:26:51.528866 Socket Buffers: R=[786896->786896] S=[9216->9216]
2020-03-25 09:26:51.528884 UDP link local: (not bound)
2020-03-25 09:26:51.528899 UDP link remote: [AF_INET]121.155.129.51:1673
2020-03-25 09:26:51.528956 MANAGEMENT: >STATE:1585128411,WAIT,,,,,,
2020-03-25 09:26:51.834207 MANAGEMENT: >STATE:1585128411,AUTH,,,,,,
2020-03-25 09:26:51.834286 TLS: Initial packet from [AF_INET]121.155.129.51:1673, sid=5882099d 9d031a26
2020-03-25 09:26:52.177465 VERIFY ERROR: depth=2, error=self signed certificate in certificate chain: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
2020-03-25 09:26:52.177567 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
2020-03-25 09:26:52.177582 TLS_ERROR: BIO read tls_read_plaintext error
2020-03-25 09:26:52.177593 TLS Error: TLS object -> incoming plaintext read error
2020-03-25 09:26:52.177603 TLS Error: TLS handshake failed
2020-03-25 09:26:52.178015 SIGUSR1[soft,tls-error] received, process restarting
2020-03-25 09:26:52.218256 MANAGEMENT: >STATE:1585128412,RECONNECTING,tls-error,,,,,
2020-03-25 09:26:52.225982 MANAGEMENT: CMD 'hold release'
2020-03-25 09:26:52.226119 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2020-03-25 09:26:52.226143 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2020-03-25 09:26:52.226301 MANAGEMENT: >STATE:1585128412,RESOLVE,,,,,,
2020-03-25 09:26:52.227535 TCP/UDP: Preserving recently used remote address: [AF_INET]121.155.129.51:1673
2020-03-25 09:26:52.227590 Socket Buffers: R=[786896->786896] S=[9216->9216]
2020-03-25 09:26:52.227607 UDP link local: (not bound)
2020-03-25 09:26:52.227622 UDP link remote: [AF_INET]121.155.129.51:1673
2020-03-25 09:26:52.227643 MANAGEMENT: >STATE:1585128412,WAIT,,,,,,
2020-03-25 09:26:52.227956 MANAGEMENT: CMD 'hold release'
2020-03-25 09:26:52.608861 MANAGEMENT: >STATE:1585128412,AUTH,,,,,,
2020-03-25 09:26:52.608945 TLS: Initial packet from [AF_INET]121.155.129.51:1673, sid=24e59327 4db6ce3c
2020-03-25 09:26:53.017553 VERIFY ERROR: depth=2, error=self signed certificate in certificate chain: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
2020-03-25 09:26:53.017616 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
2020-03-25 09:26:53.017631 TLS_ERROR: BIO read tls_read_plaintext error
2020-03-25 09:26:53.017642 TLS Error: TLS object -> incoming plaintext read error
2020-03-25 09:26:53.017652 TLS Error: TLS handshake failed
2020-03-25 09:26:53.017813 SIGUSR1[soft,tls-error] received, process restarting
2020-03-25 09:26:53.017836 MANAGEMENT: >STATE:1585128413,RECONNECTING,tls-error,,,,,
2020-03-25 09:26:53.026246 MANAGEMENT: CMD 'hold release'
2020-03-25 09:26:53.058693 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2020-03-25 09:26:53.058774 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2020-03-25 09:26:53.058959 MANAGEMENT: >STATE:1585128413,RESOLVE,,,,,,
2020-03-25 09:26:53.059957 TCP/UDP: Preserving recently used remote address: [AF_INET]121.155.129.51:1673
2020-03-25 09:26:53.060007 Socket Buffers: R=[786896->786896] S=[9216->9216]
2020-03-25 09:26:53.060023 UDP link local: (not bound)
2020-03-25 09:26:53.060037 UDP link remote: [AF_INET]121.155.129.51:1673
2020-03-25 09:26:53.060058 MANAGEMENT: >STATE:1585128413,WAIT,,,,,,
2020-03-25 09:26:53.060373 MANAGEMENT: CMD 'hold release'
2020-03-25 09:26:53.512826 MANAGEMENT: >STATE:1585128413,AUTH,,,,,,
2020-03-25 09:26:53.512940 TLS: Initial packet from [AF_INET]121.155.129.51:1673, sid=e66bd815 2a66696d
2020-03-25 09:26:53.836081 VERIFY ERROR: depth=2, error=self signed certificate in certificate chain: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
2020-03-25 09:26:53.836141 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
2020-03-25 09:26:53.836154 TLS_ERROR: BIO read tls_read_plaintext error
2020-03-25 09:26:53.836165 TLS Error: TLS object -> incoming plaintext read error
2020-03-25 09:26:53.836174 TLS Error: TLS handshake failed
2020-03-25 09:26:53.836333 SIGUSR1[soft,tls-error] received, process restarting
2020-03-25 09:26:53.836363 MANAGEMENT: >STATE:1585128413,RECONNECTING,tls-error,,,,,
2020-03-25 09:26:53.838259 MANAGEMENT: CMD 'hold release'
2020-03-25 09:26:53.838325 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2020-03-25 09:26:53.838340 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2020-03-25 09:26:53.838419 MANAGEMENT: >STATE:1585128413,RESOLVE,,,,,,
2020-03-25 09:26:53.839406 TCP/UDP: Preserving recently used remote address: [AF_INET]121.155.129.51:1673
2020-03-25 09:26:53.839450 Socket Buffers: R=[786896->786896] S=[9216->9216]
2020-03-25 09:26:53.839465 UDP link local: (not bound)
2020-03-25 09:26:53.839480 UDP link remote: [AF_INET]121.155.129.51:1673
2020-03-25 09:26:53.839499 MANAGEMENT: >STATE:1585128413,WAIT,,,,,,
2020-03-25 09:26:53.839702 MANAGEMENT: CMD 'hold release'
2020-03-25 09:26:54.140756 MANAGEMENT: >STATE:1585128414,AUTH,,,,,,
2020-03-25 09:26:54.140859 TLS: Initial packet from [AF_INET]121.155.129.51:1673, sid=ce43006a 5a2277a1
2020-03-25 09:26:54.446583 VERIFY ERROR: depth=2, error=self signed certificate in certificate chain: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
2020-03-25 09:26:54.446650 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
2020-03-25 09:26:54.446674 TLS_ERROR: BIO read tls_read_plaintext error
2020-03-25 09:26:54.446685 TLS Error: TLS object -> incoming plaintext read error
2020-03-25 09:26:54.446695 TLS Error: TLS handshake failed
2020-03-25 09:26:54.446864 SIGUSR1[soft,tls-error] received, process restarting
2020-03-25 09:26:54.446905 MANAGEMENT: >STATE:1585128414,RECONNECTING,tls-error,,,,,
2020-03-25 09:26:54.457512 MANAGEMENT: CMD 'hold release'
2020-03-25 09:26:54.487380 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

Приложение, похоже, go в какой-то l oop никогда не аутентифицируюсь.

...