Page 1 of 1

Dumb Issue with Auth on Softether server and OpenVPN client(s)

Posted: Sun Sep 23, 2018 4:17 pm
by stefanotuv
Dear Community,

I think I am facing a stupid issue but after weeks of trying, I am going to give up. This is my last resort :)

Details:
1) I installed softether on win 10 in one of the PC in my network - standard install as per instruction (VPN for external connection)
2) did port forwarding on my router (it does work, I have tried with FTP and FTPS)
3) checked the rules on windows firewall (all good)
4) Installed openvpn clients on both mac os (high sierra) and android
5) Generated the openvpn config file and changed the address to match my static external IP (I tried with standard port 1194, and with others eg 9901 - for every port I tried I opened the port fw)
a. I have tried with the ddns offered by softether
b. I have tried with my ddns account
c. I have tried with the static IP
In all the cases the connection works
6) I have created the bridge and tried several different users…

Every time I got an error of user not authorised…

I am sure there is something I am not doing right but I cant figure it out what it is…

Below:
1) Log from one of the set ups (the other looks the same)
2) Generated files for the OpenVPN

Hope someone can help to understand what I am doing wrong :)

Thanks

1) .
*Tunnelblick: OS X 10.13.6; Tunnelblick 3.7.6a (build 5080); Admin user
git commit 6fdd1f713d2f62963325336c09e74808321191cb


Configuration Home9901

"Sanitized" condensed configuration file for /Library/Application Support/Tunnelblick/Shared/Home9901.tblk:

dev tun
proto udp
remote tribearound.ddns.net 9901
cipher AES-128-CBC
auth SHA1
resolv-retry infinite
nobind
persist-key
persist-tun
client
verb 3
auth-user-pass
<ca>
[Security-related line(s) omitted]
</ca>
<cert>
[Security-related line(s) omitted]
</cert>
<key>
[Security-related line(s) omitted]
</key>


================================================================================

Non-Apple kexts that are loaded:

Index Refs Address Size Wired Name (Version) UUID <Linked Against>
148 0 0xffffff7f83848000 0x88000 0x88000 com.avast.FileShield (4.0.0) B67DF6BB-F4FC-3C31-AA4E-56148EEB16D3 <5 4 1>
149 0 0xffffff7f838d0000 0x3000 0x3000 com.avast.PacketForwarder (2.1) 216EC53C-B71F-34C4-B180-33A3F9BFD778 <4 1>
151 0 0xffffff7f838d3000 0x6000 0x6000 com.malwarebytes.mbam.rtprotection (3.4.29) 2D3C3674-4764-35B9-ADC0-8126C84A22AF <5 4 3 1>
162 1 0xffffff7f83910000 0x11000 0x11000 com.vmware.kext.vmci (90.8.1) DCCEEAD9-90FB-309A-90A8-B1CA87D2E622 <12 5 4 3 1>
163 0 0xffffff7f83921000 0x16000 0x16000 com.vmware.kext.vmnet (0947.23.07) 361FD05D-47CF-3AE3-8F54-EB457845E8C9 <162 5 4 3 1>
164 0 0xffffff7f83937000 0x12000 0x12000 com.vmware.kext.vmx86 (0947.23.07) 17804047-1A44-3F3C-BE5B-D1F3A6DC10A5 <7 5 4 3 1>
165 0 0xffffff7f83949000 0x7000 0x7000 com.vmware.kext.vmioplug.17.1.5 (17.1.5) 33EFADD7-678C-35AC-B8A4-DF0888A89B24 <50 5 4 3 1>

================================================================================

There are no unusual files in Home9901.tblk

================================================================================

Configuration preferences:

-keychainHasUsername = 1
-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
-lastConnectionSucceeded = 0

================================================================================

Wildcard preferences:

-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0

================================================================================

Program preferences:

skipWarningAboutPreAuthorizedActivity = 1
launchAtNextLogin = 1
tunnelblickVersionHistory = (
"3.7.6a (build 5080)"
)
statusDisplayNumber = 0
lastLaunchTime = 559298638.700048
lastLanguageAtLaunchWasRTL = 0
connectionWindowDisplayCriteria = showWhenConnecting
maxLogDisplaySize = 102400
keyboardShortcutIndex = 1
updateCheckAutomatically = 1
NSWindow Frame ConnectingWindow = 434 360 412 297 0 0 1280 777
detailsWindowFrameVersion = 5080
detailsWindowFrame = {{180, 231}, {920, 468}}
detailsWindowLeftFrame = {{0, 0}, {165, 350}}
detailsWindowViewIndex = 0
detailsWindowConfigurationsTabIdentifier = settings
leftNavSelectedDisplayName = Home9901
AdvancedWindowTabIdentifier = vpnCredentials
haveDealtWithOldTunTapPreferences = 1
haveDealtWithOldLoginItem = 1
haveDealtWithAfterDisconnect = 1
SUEnableAutomaticChecks = 1
SUScheduledCheckInterval = 86400
SULastCheckTime = 2018-09-22 08:44:00 +0000
SUHasLaunchedBefore = 1
WebKitDefaultFontSize = 16
WebKitStandardFont = Times

================================================================================

Tunnelblick Log:

*Tunnelblick: OS X 10.13.6; Tunnelblick 3.7.6a (build 5080)
2018-09-23 11:51:36 *Tunnelblick: Attempting connection with Home9901; Set nameserver = 769; monitoring connection
2018-09-23 11:51:36 *Tunnelblick: openvpnstart start Home9901.tblk 61688 769 0 3 0 1065264 -ptADGNWradsgnw 2.4.6-openssl-1.0.2o
2018-09-23 11:51:36 OpenVPN 2.4.6 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Jun 25 2018
2018-09-23 11:51:36 library versions: OpenSSL 1.0.2o 27 Mar 2018, LZO 2.10
2018-09-23 11:51:36 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:61688
2018-09-23 11:51:36 Need hold release from management interface, waiting...
2018-09-23 11:51:36 *Tunnelblick: openvpnstart starting OpenVPN
2018-09-23 11:51:37 *Tunnelblick: openvpnstart log:
OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):

/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.4.6-openssl-1.0.2o/openvpn
--daemon
--log
/Library/Application Support/Tunnelblick/Logs/-SLibrary-SApplication Support-STunnelblick-SShared-SHome9901.tblk-SContents-SResources-Sconfig.ovpn.769_0_3_0_1065264.61688.openvpn.log
--cd
/Library/Application Support/Tunnelblick/Shared/Home9901.tblk/Contents/Resources
--setenv
IV_GUI_VER
"net.tunnelblick.tunnelblick 5080 3.7.6a (build 5080)"
--verb
3
--config
/Library/Application Support/Tunnelblick/Shared/Home9901.tblk/Contents/Resources/config.ovpn
--verb
3
--cd
/Library/Application Support/Tunnelblick/Shared/Home9901.tblk/Contents/Resources
--management
127.0.0.1
61688
/Library/Application Support/Tunnelblick/hpgcpmjamjnmonbookgbepkahlgebggjddaeomcm.mip
--management-query-passwords
--management-hold
--script-security
2
--up
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
--down
/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw

2018-09-23 11:51:37 *Tunnelblick: Established communication with OpenVPN
2018-09-23 11:51:37 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:61688
2018-09-23 11:51:37 MANAGEMENT: CMD 'pid'
2018-09-23 11:51:37 MANAGEMENT: CMD 'state on'
2018-09-23 11:51:37 MANAGEMENT: CMD 'state'
2018-09-23 11:51:37 MANAGEMENT: CMD 'bytecount 1'
2018-09-23 11:51:37 MANAGEMENT: CMD 'hold release'
2018-09-23 11:51:42 MANAGEMENT: CMD 'username "Auth" "stefano"'
2018-09-23 11:51:42 MANAGEMENT: CMD 'password [...]'
2018-09-23 11:51:42 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2018-09-23 11:51:42 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2018-09-23 11:51:42 MANAGEMENT: >STATE:1537699902,RESOLVE,,,,,,
2018-09-23 11:51:42 TCP/UDP: Preserving recently used remote address: [AF_INET]188.172.155.130:9901
2018-09-23 11:51:42 Socket Buffers: R=[196724->196724] S=[9216->9216]
2018-09-23 11:51:42 UDP link local: (not bound)
2018-09-23 11:51:42 UDP link remote: [AF_INET]188.172.155.130:9901
2018-09-23 11:51:42 MANAGEMENT: >STATE:1537699902,WAIT,,,,,,
2018-09-23 11:51:42 MANAGEMENT: >STATE:1537699902,AUTH,,,,,,
2018-09-23 11:51:42 TLS: Initial packet from [AF_INET]188.172.155.130:9901, sid=3fd8131e 0f74ff1e
2018-09-23 11:51:42 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2018-09-23 11:51:42 VERIFY OK: depth=0, CN=vpn368125520.softether.net, O=vpn368125520.softether.net, OU=vpn368125520.softether.net, C=US
2018-09-23 11:51:42 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
2018-09-23 11:51:42 [vpn368125520.softether.net] Peer Connection Initiated with [AF_INET]188.172.155.130:9901
2018-09-23 11:51:43 MANAGEMENT: >STATE:1537699903,GET_CONFIG,,,,,,
2018-09-23 11:51:43 SENT CONTROL [vpn368125520.softether.net]: 'PUSH_REQUEST' (status=1)
2018-09-23 11:51:48 SENT CONTROL [vpn368125520.softether.net]: 'PUSH_REQUEST' (status=1)
2018-09-23 11:51:48 AUTH: Received control message: AUTH_FAILED
2018-09-23 11:51:48 SIGTERM[soft,auth-failure] received, process exiting
2018-09-23 11:51:48 MANAGEMENT: >STATE:1537699908,EXITING,auth-failure,,,,,
2018-09-23 11:51:50 *Tunnelblick: Disconnecting; user cancelled authorization or there was an error obtaining authorization
2018-09-23 11:51:50 *Tunnelblick: No 'pre-disconnect.sh' script to execute
2018-09-23 11:51:50 *Tunnelblick: Disconnecting using 'kill'
2018-09-23 11:51:51 *Tunnelblick: No 'post-disconnect.sh' script to execute
2018-09-23 11:51:51 *Tunnelblick: Expected disconnection occurred.

================================================================================

"Sanitized" full configuration file

###############################################################################
# OpenVPN 2.0 Sample Configuration File
# for PacketiX VPN / SoftEther VPN Server
#
# !!! AUTO-GENERATED BY SOFTETHER VPN SERVER MANAGEMENT TOOL !!!
#
# !!! YOU HAVE TO REVIEW IT BEFORE USE AND MODIFY IT AS NECESSARY !!!
#
# This configuration file is auto-generated. You might use this config file
# in order to connect to the PacketiX VPN / SoftEther VPN Server.
# However, before you try it, you should review the descriptions of the file
# to determine the necessity to modify to suitable for your real environment.
# If necessary, you have to modify a little adequately on the file.
# For example, the IP address or the hostname as a destination VPN Server
# should be confirmed.
#
# Note that to use OpenVPN 2.0, you have to put the certification file of
# the destination VPN Server on the OpenVPN Client computer when you use this
# config file. Please refer the below descriptions carefully.


###############################################################################
# Specify the type of the layer of the VPN connection.
#
# To connect to the VPN Server as a "Remote-Access VPN Client PC",
# specify 'dev tun'. (Layer-3 IP Routing Mode)
#
# To connect to the VPN Server as a bridging equipment of "Site-to-Site VPN",
# specify 'dev tap'. (Layer-2 Ethernet Bridgine Mode)

dev tun


###############################################################################
# Specify the underlying protocol beyond the Internet.
# Note that this setting must be correspond with the listening setting on
# the VPN Server.
#
# Specify either 'proto tcp' or 'proto udp'.

proto udp


###############################################################################
# The destination hostname / IP address, and port number of
# the target VPN Server.
#
# You have to specify as 'remote <HOSTNAME> <PORT>'. You can also
# specify the IP address instead of the hostname.
#
# Note that the auto-generated below hostname are a "auto-detected
# IP address" of the VPN Server. You have to confirm the correctness
# beforehand.
#
# When you want to connect to the VPN Server by using TCP protocol,
# the port number of the destination TCP port should be same as one of
# the available TCP listeners on the VPN Server.
#
# When you use UDP protocol, the port number must same as the configuration
# setting of "OpenVPN Server Compatible Function" on the VPN Server.

# Note: The below hostname is came from the Dynamic DNS Client function
# which is running on the VPN Server. If you don't want to use
# the Dynamic DNS hostname, replace it to either IP address or
# other domain's hostname.

remote tribearound.ddns.net 9901


###############################################################################
# The HTTP/HTTPS proxy setting.
#
# Only if you have to use the Internet via a proxy, uncomment the below
# two lines and specify the proxy address and the port number.
# In the case of using proxy-authentication, refer the OpenVPN manual.

;http-proxy-retry
;http-proxy [proxy server] [proxy port]


###############################################################################
# The encryption and authentication algorithm.
#
# Default setting is good. Modify it as you prefer.
# When you specify an unsupported algorithm, the error will occur.
#
# The supported algorithms are as follows:
# cipher: [NULL-CIPHER] NULL AES-128-CBC AES-192-CBC AES-256-CBC BF-CBC
# CAST-CBC CAST5-CBC DES-CBC DES-EDE-CBC DES-EDE3-CBC DESX-CBC
# RC2-40-CBC RC2-64-CBC RC2-CBC CAMELLIA-128-CBC CAMELLIA-192-CBC CAMELLIA-256-CBC
# auth: SHA SHA1 SHA256 SHA384 SHA512 MD5 MD4 RMD160

cipher AES-128-CBC
auth SHA1


###############################################################################
# Other parameters necessary to connect to the VPN Server.
#
# It is not recommended to modify it unless you have a particular need.

resolv-retry infinite
nobind
persist-key
persist-tun
client
verb 3
auth-user-pass


###############################################################################
# The certificate file of the destination VPN Server.
#
# The CA certificate file is embedded in the inline format.
# You can replace this CA contents if necessary.
# Please note that if the server certificate is not a self-signed, you have to
# specify the signer's root certificate (CA) here.

<ca>
[Security-related line(s) omitted]
</ca>


###############################################################################
# The client certificate file (dummy).
#
# In some implementations of OpenVPN Client software
# (for example: OpenVPN Client for iOS),
# a pair of client certificate and private key must be included on the
# configuration file due to the limitation of the client.
# So this sample configuration file has a dummy pair of client certificate
# and private key as follows.

<cert>
[Security-related line(s) omitted]
</cert>

<key>
[Security-related line(s) omitted]
</key>





================================================================================

ifconfig output:

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
XHC20: flags=0<> mtu 0
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether f0:18:98:0d:48:56
inet6 fe80::475:373:3053:7405%en0 prefixlen 64 secured scopeid 0x5
inet 192.168.1.104 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fd00::1c72:ab6a:c7ae:a010 prefixlen 64 autoconf secured
inet6 fd00::d10c:af1a:20a6:6f58 prefixlen 64 autoconf temporary
inet6 2a01:4b00:84ab:8100:e1:786a:4207:d426 prefixlen 64 autoconf secured
inet6 2a01:4b00:84ab:8100:ac2b:a2c5:7c1b:130f prefixlen 64 optimistic autoconf temporary
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether 02:18:98:0d:48:56
media: autoselect
status: inactive
awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1484
ether 2e:aa:3b:2e:b4:ed
inet6 fe80::2caa:3bff:fe2e:b4ed%awdl0 prefixlen 64 scopeid 0x7
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
inet6 fe80::d8db:217c:fa2a:1ab2%utun0 prefixlen 64 scopeid 0x8
nd6 options=201<PERFORMNUD,DAD>
vmnet1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 00:50:56:c0:00:01
inet 192.168.65.1 netmask 0xffffff00 broadcast 192.168.65.255
vmnet8: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 00:50:56:c0:00:08
inet 192.168.237.1 netmask 0xffffff00 broadcast 192.168.237.255

================================================================================

Console Log:

2018-09-23 11:22:35 Tunnelblick[453] Converting/Installing /Users/stefanotuveri/Dropbox/@shared Drive-Dropbox/Home.ovpn: One or more CR characters have been removed or replaced with LF characters
2018-09-23 11:22:35 Tunnelblick[453] Error returned from setAttributes: {
NSFilePosixPermissions = 488;
} ofItemAtPath: /private/var/folders/k3/wyqnn8l113l1d82jw2s4m4m40000gn/T; Error was Error Domain=NSCocoaErrorDomain Code=513 "You don’t have permission to save the file “T” in the folder “wyqnn8l113l1d82jw2s4m4m40000gn”." UserInfo={NSFilePath=/private/var/folders/k3/wyqnn8l113l1d82jw2s4m4m40000gn/T, NSUnderlyingError=0x6040004559f0 {Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted"}}; stack trace: (
0 Tunnelblick 0x000000010b511712 -[NSFileManager(TB) tbChangeFileAttributes:atPath:] + 161
1 Tunnelblick 0x000000010b54f54f createDir + 303
2 Tunnelblick 0x000000010b54f5ab createDir + 395
3 Tunnelblick 0x000000010b51cddd -[ConfigurationManager installConfigurations:skipConfirmationMessage:skipResultMessage:notifyDelegate:disallowCommands:] + 1616
4 Tunnelblick 0x000000010b51d2d6 -[ConfigurationManager installConfigurations:skipMessages:notifyDelegate:disallowCommands:] + 77
5 Tunnelblick 0x000000010b522329 +[ConfigurationManager installConfigurationsShowMessagesNotifyDelegateOperation:] + 93
6 Foundation 0x00007fff540311f8 __NSThread__start__ + 1197
7 libsystem_pthread.dylib 0x00007fff7a085661 _pthread_body + 340
8 libsystem_pthread.dylib 0x00007fff7a08550d _pthread_body + 0
9 libsystem_pthread.dylib 0x00007fff7a084bf9 thread_start + 13
)
2018-09-23 11:22:35 Tunnelblick[453] Warning: Unable to change permissions from 700 to 750 on /private/var/folders/k3/wyqnn8l113l1d82jw2s4m4m40000gn/T
2018-09-23 11:22:35 Tunnelblick[453] Converting/Installing /Users/stefanotuveri/Dropbox/@shared Drive-Dropbox/Home.ovpn: One or more CR characters have been removed or replaced with LF characters
2018-09-23 11:22:35 Tunnelblick[453] Converting/Installing /Users/stefanotuveri/Dropbox/@shared Drive-Dropbox/Home.ovpn: Converted OpenVPN configuration
2018-09-23 11:22:43 Tunnelblick[453] localNameFromDisplayName: 'Home' is not a known displayName
2018-09-23 11:22:43 Tunnelblick[453] Tunnelblick needs to perform an action that requires a computer administrator's authorization.
2018-09-23 11:22:43 Tunnelblick[453] Beginning installation or repair
2018-09-23 11:22:43 Tunnelblick[453] Installation or repair succeeded; Log:
Tunnelblick installer started 2018-09-23 11:22:43. 3 arguments: 0x0001
/Users/stefanotuveri/Library/Application Support/Tunnelblick/Configurations/Home.tblk
/private/var/folders/k3/wyqnn8l113l1d82jw2s4m4m40000gn/T/Tunnelblick-sYlAsS/Home.tblk
Copied /private/var/folders/k3/wyqnn8l113l1d82jw2s4m4m40000gn/T/Tunnelblick-sYlAsS/Home.tblk
to /Users/stefanotuveri/Library/Application Support/Tunnelblick/Configurations/Home.tblk.temp
Renamed /Users/stefanotuveri/Library/Application Support/Tunnelblick/Configurations/Home.tblk.temp
to /Users/stefanotuveri/Library/Application Support/Tunnelblick/Configurations/Home.tblk
Changed ownership of /Users/stefanotuveri/Library/Application Support/Tunnelblick/Configurations/Home.tblk and its contents from 501:20 to 501:80
Copied /Users/stefanotuveri/Library/Application Support/Tunnelblick/Configurations/Home.tblk
to /Library/Application Support/Tunnelblick/Users/stefanotuveri/Home.tblk.temp
Renamed /Library/Application Support/Tunnelblick/Users/stefanotuveri/Home.tblk.temp
to /Library/Application Support/Tunnelblick/Users/stefanotuveri/Home.tblk
Changed ownership of /Library/Application Support/Tunnelblick/Users/stefanotuveri/Home.tblk and its contents from 501:80 to 0:0
Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/stefanotuveri/Home.tblk
Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/stefanotuveri/Home.tblk/Contents
Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/stefanotuveri/Home.tblk/Contents/Resources
Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/stefanotuveri/Home.tblk/Contents/Resources/config.ovpn
Created secure (shadow) copy of Home.tblk
Tunnelblick installer finished without error
2018-09-23 11:22:50 Tunnelblick[453] Cleared 'expect disconnect' flag
2018-09-23 11:23:28 Tunnelblick[453] Set 'expect disconnect' flag
2018-09-23 11:32:25 Tunnelblick[453] Cleared 'expect disconnect' flag
2018-09-23 11:32:44 Tunnelblick[453] Set 'expect disconnect' flag
2018-09-23 11:42:44 Tunnelblick[453] Cleared 'expect disconnect' flag
2018-09-23 11:49:17 Tunnelblick[453] Converting/Installing /Users/stefanotuveri/Dropbox/@shared Drive-Dropbox/OpenVPN_Sample_Config_localhost_20180923_114652/Home9901.ovpn: One or more CR characters have been removed or replaced with LF characters
2018-09-23 11:49:17 Tunnelblick[453] Error returned from setAttributes: {
NSFilePosixPermissions = 488;
} ofItemAtPath: /private/var/folders/k3/wyqnn8l113l1d82jw2s4m4m40000gn/T; Error was Error Domain=NSCocoaErrorDomain Code=513 "You don’t have permission to save the file “T” in the folder “wyqnn8l113l1d82jw2s4m4m40000gn”." UserInfo={NSFilePath=/private/var/folders/k3/wyqnn8l113l1d82jw2s4m4m40000gn/T, NSUnderlyingError=0x6000006513d0 {Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted"}}; stack trace: (
0 Tunnelblick 0x000000010b511712 -[NSFileManager(TB) tbChangeFileAttributes:atPath:] + 161
1 Tunnelblick 0x000000010b54f54f createDir + 303
2 Tunnelblick 0x000000010b54f5ab createDir + 395
3 Tunnelblick 0x000000010b51cddd -[ConfigurationManager installConfigurations:skipConfirmationMessage:skipResultMessage:notifyDelegate:disallowCommands:] + 1616
4 Tunnelblick 0x000000010b51d2d6 -[ConfigurationManager installConfigurations:skipMessages:notifyDelegate:disallowCommands:] + 77
5 Tunnelblick 0x000000010b522329 +[ConfigurationManager installConfigurationsShowMessagesNotifyDelegateOperation:] + 93
6 Foundation 0x00007fff540311f8 __NSThread__start__ + 1197
7 libsystem_pthread.dylib 0x00007fff7a085661 _pthread_body + 340
8 libsystem_pthread.dylib 0x00007fff7a08550d _pthread_body + 0
9 libsystem_pthread.dylib 0x00007fff7a084bf9 thread_start + 13
)
2018-09-23 11:49:17 Tunnelblick[453] Warning: Unable to change permissions from 700 to 750 on /private/var/folders/k3/wyqnn8l113l1d82jw2s4m4m40000gn/T
2018-09-23 11:49:17 Tunnelblick[453] Converting/Installing /Users/stefanotuveri/Dropbox/@shared Drive-Dropbox/OpenVPN_Sample_Config_localhost_20180923_114652/Home9901.ovpn: One or more CR characters have been removed or replaced with LF characters
2018-09-23 11:49:17 Tunnelblick[453] Converting/Installing /Users/stefanotuveri/Dropbox/@shared Drive-Dropbox/OpenVPN_Sample_Config_localhost_20180923_114652/Home9901.ovpn: Converted OpenVPN configuration
2018-09-23 11:49:22 Tunnelblick[453] localNameFromDisplayName: 'Home9901' is not a known displayName
2018-09-23 11:49:22 Tunnelblick[453] Tunnelblick needs to perform an action that requires a computer administrator's authorization.
2018-09-23 11:49:22 Tunnelblick[453] Beginning installation or repair
2018-09-23 11:49:23 Tunnelblick[453] Installation or repair succeeded; Log:
Tunnelblick installer started 2018-09-23 11:49:23. 3 arguments: 0x0001
/Library/Application Support/Tunnelblick/Shared/Home9901.tblk
/private/var/folders/k3/wyqnn8l113l1d82jw2s4m4m40000gn/T/Tunnelblick-PRdJQc/Home9901.tblk
Copied /private/var/folders/k3/wyqnn8l113l1d82jw2s4m4m40000gn/T/Tunnelblick-PRdJQc/Home9901.tblk
to /Library/Application Support/Tunnelblick/Shared/Home9901.tblk.temp
Renamed /Library/Application Support/Tunnelblick/Shared/Home9901.tblk.temp
to /Library/Application Support/Tunnelblick/Shared/Home9901.tblk
Changed ownership of /Library/Application Support/Tunnelblick/Shared/Home9901.tblk and its contents from 501:20 to 0:0
Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Shared/Home9901.tblk
Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Shared/Home9901.tblk/Contents
Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Shared/Home9901.tblk/Contents/Resources
Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Shared/Home9901.tblk/Contents/Resources/config.ovpn
Tunnelblick installer finished without error
2018-09-23 11:50:37 Tunnelblick[453] Set 'expect disconnect' flag
2018-09-23 11:50:38 Tunnelblick[453] Cleared 'expect disconnect' flag
2018-09-23 11:50:52 Tunnelblick[453] Can't find Keychain item to delete for service = 'Tunnelblick-Auth-Home9901' account = 'username' because it does not exist
2018-09-23 11:50:52 Tunnelblick[453] Can't find Keychain item to delete for service = 'Tunnelblick-Auth-Home9901' account = 'password' because it does not exist
2018-09-23 11:51:19 Tunnelblick[453] Set 'expect disconnect' flag
2018-09-23 11:51:21 Tunnelblick[453] Cleared 'expect disconnect' flag
2018-09-23 11:51:21 Tunnelblick[453] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-Home9901' account = 'username'
2018-09-23 11:51:21 Tunnelblick[453] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-Home9901' account = 'password'
2018-09-23 11:51:37 Tunnelblick[453] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-Home9901' account = 'username'
2018-09-23 11:51:37 Tunnelblick[453] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-Home9901' account = 'username'
2018-09-23 11:51:42 Tunnelblick[453] Can't find Keychain item to delete for service = 'Tunnelblick-Auth-Home9901' account = 'password' because it does not exist
2018-09-23 11:51:50 Tunnelblick[453] Set 'expect disconnect' flag
2)
a. SOFTETHER DNS
"
dev tun

proto udp

remote vpn368125520.v4.softether.net 1194
cipher AES-128-CBC
auth SHA1
resolv-retry infinite
nobind
persist-key
persist-tun
client
verb 3
auth-user-pass


<ca>
-----BEGIN CERTIFICATE-----
MIID+jCCAuKgAwIBAgIBADANBgkqhkiG9w0BAQsFADB8MSMwIQYDVQQDDBp2cG4z
NjgxMjU1MjAuc29mdGV0aGVyLm5ldDEjMCEGA1UECgwadnBuMzY4MTI1NTIwLnNv
ZnRldGhlci5uZXQxIzAhBgNVBAsMGnZwbjM2ODEyNTUyMC5zb2Z0ZXRoZXIubmV0
MQswCQYDVQQGEwJVUzAeFw0xODA5MjMxMDExNDVaFw0zNzEyMzExMDExNDVaMHwx
IzAhBgNVBAMMGnZwbjM2ODEyNTUyMC5zb2Z0ZXRoZXIubmV0MSMwIQYDVQQKDBp2
cG4zNjgxMjU1MjAuc29mdGV0aGVyLm5ldDEjMCEGA1UECwwadnBuMzY4MTI1NTIw
LnNvZnRldGhlci5uZXQxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA49Y31dFcm7qKeiLuwJyLW2WrAnY8uG+Ed5gJxIfGJlKBVYss
uRHLS3xSxMGliFgk4VVvjTCF80phSOm6N+9pWoezH9ZlXguiXtFcZRwDAZOtIP6v
Gll2qc2cfhs101YouvasF617UHsv21U2y+NmeUG1HIvUdfw+Ltrpr5j5DQP/rrdM
X/65KyhOXxvGSHUi1n4OOp7ked1CwMVBq7lZj35IUE6kOBq4IEUBZeQOu2bGEYtk
kCk4CLeEBqoR731E94Hi9pmuUogwEtwnQioI11NyaAqzDJKhRJ6/zu1n/JBcI1eT
vncC/kezfLKJiC/0rOA6EWm+wQYioiCKCF7LKQIDAQABo4GGMIGDMA8GA1UdEwEB
/wQFMAMBAf8wCwYDVR0PBAQDAgH2MGMGA1UdJQRcMFoGCCsGAQUFBwMBBggrBgEF
BQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDBQYIKwYBBQUHAwYGCCsG
AQUFBwMHBggrBgEFBQcDCAYIKwYBBQUHAwkwDQYJKoZIhvcNAQELBQADggEBANG+
PjmEFdS/uYBcyorma1pPPB40geYam5qF//+rXMmQhdLaSeXDTv7BSY1pOztbxWnw
NCWhWQ+bemvcvpiUVk/SlH8t21bhHFG0plsInMFFT7zWHHIeSFiXy09ZMPSf2yBH
MJznRtLbNMX+v7A1keVdtmxFed5fzaBjPtvrQJMz/mp7b+Qx9HmXejsFYWW+3HDY
akCCc2GXFJI6Mu9hxgj8e/j3kYbl0JDf6ZWAhpZ0E342PnIuYCaXPfHM/xgUPu3J
zUSTsdcc2n3RdQjMVyHX7X5YO4UoSuHnYFMWX38ZPAK62VGmusec5+ktZvIZ6SJq
OCmCy/TplJ6TVvrtJL4=
-----END CERTIFICATE-----

</ca>

<cert>
-----BEGIN CERTIFICATE-----
MIID1jCCAr6gAwIBAgIBADANBgkqhkiG9w0BAQsFADBqMR0wGwYDVQQDDBQxODA5
OTIxNTgzNzg3MzA3Njc4MzEdMBsGA1UECgwUMTgwOTkyMTU4Mzc4NzMwNzY3ODMx
HTAbBgNVBAsMFDE4MDk5MjE1ODM3ODczMDc2NzgzMQswCQYDVQQGEwJVUzAeFw0x
ODA5MjMxMDIwNDVaFw0zNzEyMzExMDIwNDVaMGoxHTAbBgNVBAMMFDE4MDk5MjE1
ODM3ODczMDc2NzgzMR0wGwYDVQQKDBQxODA5OTIxNTgzNzg3MzA3Njc4MzEdMBsG
A1UECwwUMTgwOTkyMTU4Mzc4NzMwNzY3ODMxCzAJBgNVBAYTAlVTMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/HDNOScUbYmZLFT0SuUzr7zIDxlyiQnL
s4bs3ajXRLoFczv/T4ss9sON/APmM4q4hnFmnae4AdQKlK/g+AuS8oQ91tPjoNsr
4xnQ1Xh2hA5RjrVvUfgzeJVvMlEJv+RJDVI9RosEtM/wtxRtn3dbJajtO6+VeVTA
9tuhrhcHaGlreQF12yAyzHjQKRXrhb1Hn6tLmME4h+CDsxpFIZZlZL6BSM30oL/Y
ABSZl00CfJ/1rtLA/pDhED9gqaahtevQCYn0ytvRNRdXv1TwLVFFELcVuWjgZwhs
jQjtRu0UVH/Yrpv8dOAg7t1nYgYfFdxNbTjedRyCij77buLQQATFvwIDAQABo4GG
MIGDMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgH2MGMGA1UdJQRcMFoGCCsG
AQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDBQYI
KwYBBQUHAwYGCCsGAQUFBwMHBggrBgEFBQcDCAYIKwYBBQUHAwkwDQYJKoZIhvcN
AQELBQADggEBAG/A6ZoFbqI6lkNkx06xnX65DF3Rzrr1sLUbpnrXyn6bKRgJKNJ7
0tJ36u/kvfn9EqgoaKWrP4MCt6/zemxVhDs/bBqvnj2qgRlvmAKM0Ix03UDLo7mI
7kXdkSUoWGPzT8BPYwMlhNV/naMCADo8UODQGBDX6EW1eYIof0UQipnMWf/IVG8T
y9Znhp1zcmgQR4qnrIw19TgRLMXEn2ECFdJKFf0JF9mJDqV+Q8S8TqAC8XlEo71P
ikx11g5jdkV0Q3btZysQvlHQyorZWMFeAsrrC/1Z+Q3MLms/PC3GplTPd1LoP9n7
uUo1cTeDS0QhTC2itVic2esTw+23K5Vk/lM=
-----END CERTIFICATE-----

</cert>

<key>
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQD8cM05JxRtiZks
VPRK5TOvvMgPGXKJCcuzhuzdqNdEugVzO/9Piyz2w438A+YziriGcWadp7gB1AqU
r+D4C5LyhD3W0+Og2yvjGdDVeHaEDlGOtW9R+DN4lW8yUQm/5EkNUj1GiwS0z/C3
FG2fd1slqO07r5V5VMD226GuFwdoaWt5AXXbIDLMeNApFeuFvUefq0uYwTiH4IOz
GkUhlmVkvoFIzfSgv9gAFJmXTQJ8n/Wu0sD+kOEQP2CppqG169AJifTK29E1F1e/
VPAtUUUQtxW5aOBnCGyNCO1G7RRUf9ium/x04CDu3WdiBh8V3E1tON51HIKKPvtu
4tBABMW/AgMBAAECggEBAK7hEjrKqOstTJCaldYgrErNVCapsV/gCl7nVMZGBkNV
PxtScA9R0ids17rDlMEWE7kHbFhBbUbO9zmEEiykD/uzwwdFKMcxrliYdMS9vBTF
uphLdr/pWvbpRuwrmb52zmjNFSf+fJcqCo86NqsnS1xuh1I21C0Gmtso0fvBdl9M
cG+OcCsQ8HZHtHKf7IMUWq3+waxHzOdG+CCLKs3X8iDzCczBhrm4GtuMSOoAgnKj
4pCEsp+YT8siTl/UtjcyEqA477zNx6AM21AC816bCJ4f0WPqKCuAxLMLGfITVWpV
SByEAt/0BiZuOc0NcGmY6O4KUpsmtelzcR6nWS+ELGkCgYEA/w0cJNASVEzkU4lu
jDY1hBSZzPP/XVlYCj90o6EDCJVBBDytUNKPZTXjPwFMBetylYdoHAYDe9Qj83Xh
EsEj+K7OeMfVREmzt/e6yoPC5ZmiZO7OYRPlRTMUU3zOE/gtn3fH2UUQs6+4HbBC
TxM/EZSFV77oNaubm6g5qXeKaEMCgYEA/WE0owx66uEsNoLLCqV8jjpX083FIwdm
0hrwLtt40lTpKldHCUtBWv22VrAi9mc5T7tiZO/UaASMjUHUD40z6ZaPkiaNP+QV
mxhAChpn2TPavrhqccKV3umuESiZwe0CrTmI1jmiIvddFilJLNJydMB/sTI8WKRq
zdYNNcnOgtUCgYEAqz5AIS9avyMJQlVJ1fYnpFC4mvVQBXsRM4A7bgmTIdYkWxXq
QBO/l3LA6vKR+n+E5YSOkBIxkJh0suf4gEERR80Gb+2r8TeS5Pf9gC9LUiD++cmk
42UaUIXlJdDsBFhjOWiQ0/4dIqfedIB9ZN5FQCZ6CNnyyuY3iiE+5duPIEUCgYA0
cvCwZ57yC9ZZGk3pUEQuNMmFYGzUSW3xQ/4/1NJ3x3fUeeiMdfV7XlVmMGOsWcW1
SXaeqj5vobFudBfveC0sxyvE9xH6Db6jMivfa4PfpCo9nHL8RWk8kWakyqC5UdRi
AyzeG2QClO3B7p3lF1L18/r6tQlk1/P707k8Tx/eWQKBgCjcTA7Rbf7vwPUkfdYh
3sY0hZQ/NO+Khf/2+JdOfUs1IPvJtdzuTlOWUZlvK8WLfOQeEA7qzRO8yGeqrlIw
TWue5FTPDNjv0Ask/94jTGSSa/SoNTWNNnTFvP84fFDO2OY0E5eGY+UHYUojyz+B
0QEB6Bu6DuO96qvp1owgdbNY
-----END PRIVATE KEY-----

</key>
"

b. PROTO TCP AND STATIC IP
"
dev tun

proto tcp


remote 188.172.155.130 1194



;http-proxy-retry
;http-proxy [proxy server] [proxy port]


auth: SHA SHA1 SHA256 SHA384 SHA512 MD5 MD4 RMD160

cipher AES-128-CBC
auth SHA1

resolv-retry infinite
nobind
persist-key
persist-tun
client
verb 3
auth-user-pass


###############################################################################
# The certificate file of the destination VPN Server.
#
# The CA certificate file is embedded in the inline format.
# You can replace this CA contents if necessary.
# Please note that if the server certificate is not a self-signed, you have to
# specify the signer's root certificate (CA) here.

<ca>
-----BEGIN CERTIFICATE-----
MIIDJjCCAg6gAwIBAgIBADANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdzdGVm
YW5vMB4XDTE4MDkxNzIyMzEzM1oXDTI4MDkxNDIyMzEzM1owEjEQMA4GA1UEAwwH
c3RlZmFubzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKwuhC7XipzM
kvBTKDcC8PGYKSrRjwsDOG+4BlkzQMXPla+Zg5qK5q0BMn+28DHS+LLhKcfJh4d7
fcFwYigmAGyRo1HP8FRc4uWKjW7g9l0qJ6Qv8vrPyWYUCAp3FwaXkeEYwcOv+u3w
L7L7/fNyrG5yyhq/z1Ts7j1y2Hob1S+BvlvTaWZky7v5jAuxnLPH+235lI9wN+ha
GosS63wk2ueH4fyLrhTpk7fMKDlaDW/Kr1xF6rU6E79RgJGOc26opL781Xi6iMeV
cpJhd+56MlLgQOesLpj0p2PpUwBlD4brEUAUjioOEwFqjSzheG8kV0lSoDoGerE+
LZHDmk9xq3ECAwEAAaOBhjCBgzAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIB
9jBjBgNVHSUEXDBaBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDBggrBgEF
BQcDBAYIKwYBBQUHAwUGCCsGAQUFBwMGBggrBgEFBQcDBwYIKwYBBQUHAwgGCCsG
AQUFBwMJMA0GCSqGSIb3DQEBCwUAA4IBAQCWFG/br1G1ARmhC6GHs4UBo2D2FyQe
HGXtn22Y2jW+sEJpss/lTllfVNJ0y8rhD0J2jLFEojdo3jaydoLFoAVO76JItVDa
TQ9MgODAWjnUByOmPzDV+DknAuZYISh17XdJc6v8iwUPPThmMn0xACK1d0vUb4A/
zeCPMKk49GEq7z0WzZaKQ/kAH6ad+Jiz8B0H9lqFagMUZ4jN0B9SraevuYNdF4qP
v18G/OhI9+Pbc65BhAHQXZWfHMKlifWOSAEyW3vQWt+ivKHN4po2lH7P450HJDOR
O5FcPxtK8yNnPCwl7s1XNu9Sbe4rNdBMolhqbj4nLxCR/6APkKFQO5Nc
-----END CERTIFICATE-----

</ca>


<cert>
-----BEGIN CERTIFICATE-----
MIID0DCCArigAwIBAgIBADANBgkqhkiG9w0BAQsFADBnMRwwGgYDVQQDDBM3NjI3
NTc4NDM1NzE1OTU5ODQxMRwwGgYDVQQKDBM3NjI3NTc4NDM1NzE1OTU5ODQxMRww
GgYDVQQLDBM3NjI3NTc4NDM1NzE1OTU5ODQxMQswCQYDVQQGEwJVUzAeFw0xODA5
MTgxMDM5MjdaFw0zNzEyMzExMDM5MjdaMGcxHDAaBgNVBAMMEzc2Mjc1Nzg0MzU3
MTU5NTk4NDExHDAaBgNVBAoMEzc2Mjc1Nzg0MzU3MTU5NTk4NDExHDAaBgNVBAsM
Ezc2Mjc1Nzg0MzU3MTU5NTk4NDExCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEA3B0428Jq7Qa3aWXYM1DFpCKgvFqN32m/HqaL8Swd
0NYYe386D/Jix/bNglvGkHKndbaG++ZSDWQe9TKNQawol/FPal6lvQkA6T1likMC
9/f6daDygjmvJGh2KTbnF32sdkJR5vaNuSz0mSLqUSbn8DIbD5xqG7NJe8F2OWG1
0gHZHz9yk4N1kVN6MmP0N9ESmWCm9k+rtXKqtoluP4wzeXte1meY5Ole6YWLrfSJ
ljGcUkBwHUCwnUMyrEAB4xyJD4VLu0XBwGdFXR0zRYs7dpeKc+6rnYH0pjblY5vE
mcviz5p+k1CamjBDPj//RB6d0vETDICLi0qZ9yEvbZ4aQQIDAQABo4GGMIGDMA8G
A1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgH2MGMGA1UdJQRcMFoGCCsGAQUFBwMB
BggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDBQYIKwYBBQUH
AwYGCCsGAQUFBwMHBggrBgEFBQcDCAYIKwYBBQUHAwkwDQYJKoZIhvcNAQELBQAD
ggEBAE9cMZ11ZCJdFgFXi216CbpZTJd+L2dKHSfXcez3e42FjedpKjeMO/u6j50g
tJrpyNVg9cyyIxDxE/sS9JO+XRTvnXkGgVHemYAN1/GMk/GjW8q165Prfc20+ln8
G+JYBeCTxnriMpbN0iCldbWvl7Yua5ex0DC5PVqGNk7YhmS3hGpAIOhgk6STuvn6
Gwk+39xdd3AZLMUcKKsLcPs+EOtgm2jT+9i2pkqDPqeCSOXmSFWB9izNz031GV0n
JCv9228ZnS/bvfExiVZb8CL7nks3N0r/nhO54o7L71H6pnEcYilJ7jRJPAttfnHo
ZWSjyrj5Jf7HDnETnkA5ogkAX1M=
-----END CERTIFICATE-----

</cert>

<key>
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDcHTjbwmrtBrdp
ZdgzUMWkIqC8Wo3fab8epovxLB3Q1hh7fzoP8mLH9s2CW8aQcqd1tob75lINZB71
Mo1BrCiX8U9qXqW9CQDpPWWKQwL39/p1oPKCOa8kaHYpNucXfax2QlHm9o25LPSZ
IupRJufwMhsPnGobs0l7wXY5YbXSAdkfP3KTg3WRU3oyY/Q30RKZYKb2T6u1cqq2
iW4/jDN5e17WZ5jk6V7phYut9ImWMZxSQHAdQLCdQzKsQAHjHIkPhUu7RcHAZ0Vd
HTNFizt2l4pz7qudgfSmNuVjm8SZy+LPmn6TUJqaMEM+P/9EHp3S8RMMgIuLSpn3
IS9tnhpBAgMBAAECggEAQl6pU1I3DYtV6HjmDOsQ/SHX15Nybegj0akkTy8fOmYj
8bD2H/LVKDhZ1TG5GLsJlWvZHcFgAlurHgIFJ8UyZEZFzOwHC43YcXuqz1rPXVev
dKJ4HR4pmk/JOTotyh6BzxLGQV8ccraEdlxZzOhvTTS+hiGCuSGBSciWzkyRF2Ya
BoIfBOlaVjZWJsVQqEDlKabAtoDayMQ9PpYiboxMR5D2GFl5C1BKobFnRCGXbUHy
GAGZIF23bBlYX2Lb32vB8BlypgCLgOBfQTKBTwoUFphNH0kkiZ9pL9llDdRBUJhK
FE2f7NFTQD0tJiCGRKkBzhCGAMTV3SuDIL7tzdlEAQKBgQD1jA591JlANuh6b32N
//XrVtQX0uybYuAjPFGS83GP6dI+f0GQab9hP6As7VsXvg0ao0HAoRbpTFKbVg0H
yWAT05Xbs3Z7KW89CfIWLi8PF5lzimyYfg7wGtvWE11xG8QWoCoH2WAUlXFCFcUu
CYNtoUfa9QVtkFtVahURSHZAoQKBgQDlfAAOyNVcZESSBQ3d9w/ZH1bHbG6Juhte
57u13/yZVCFTUEZw4v4TJJcs6IPXgK4LEeipHJj8Q86APeSVhAkA1kYfG+MaXpdW
C95FqJ4Ir06sDaK5HamFZwkseMm7IfqMjnrJKj3WQNnUM3Tq8RwpCsDi/N+z+I8d
AnFuIYpVoQKBgHZLXCvowU/7Y/KgRbekaYBQW2uC1TRi5SJ0i8Qk/j/b4Mr1GcwN
9gJO2cbrLqh4ie2cWzAHK3eHqoBla2+l52CF3btzcRASvSGF6hgfddJqhyXvuTOZ
/25TMjenKqw0OTrBPJ59bdlcyayRumXcdXHacjidNFk9Y5L5wV6LL1UhAoGBAKnw
jcplBzuINQ89FuvMzbun7Yd40NLFMwew69zfphuVpaggxklKj4R1kE39UcUA0eH4
vSaeutv1CrMFIoVmZZRtGThoWmFoswFRgKRtHbqot8XJwzr6sFLN3olEWX9uxi/Y
Qy09TtWe6LCv+mERdB0gjX6KbM7FvpVo/b7kr6CBAoGBAMjj8lL/oMCNRZJb/Juy
i6WdG9Jhs7mRNTBRy8FKv/6nIDk7KdYNdH6mBWC7cZ8RhDlwdGizO177T+qjjkts
0EJAnvsU6oHEOXdv1yYTgcVPp7Y5W3C3TrW5VnTcP+w5fHDzdcmqKeY3qqfgcrLp
stltmn6Hvwrup/9jfWrcLWHR
-----END PRIVATE KEY-----

</key>

c. OWN DDNS AND PORT 9901
"
dev tun

proto udp
remote tribearound.ddns.net 9901


;http-proxy-retry
;http-proxy [proxy server] [proxy port]


cipher AES-128-CBC
auth SHA1
resolv-retry infinite
nobind
persist-key
persist-tun
client
verb 3
auth-user-pass


<ca>
-----BEGIN CERTIFICATE-----
MIID+jCCAuKgAwIBAgIBADANBgkqhkiG9w0BAQsFADB8MSMwIQYDVQQDDBp2cG4z
NjgxMjU1MjAuc29mdGV0aGVyLm5ldDEjMCEGA1UECgwadnBuMzY4MTI1NTIwLnNv
ZnRldGhlci5uZXQxIzAhBgNVBAsMGnZwbjM2ODEyNTUyMC5zb2Z0ZXRoZXIubmV0
MQswCQYDVQQGEwJVUzAeFw0xODA5MjMxMDExNDVaFw0zNzEyMzExMDExNDVaMHwx
IzAhBgNVBAMMGnZwbjM2ODEyNTUyMC5zb2Z0ZXRoZXIubmV0MSMwIQYDVQQKDBp2
cG4zNjgxMjU1MjAuc29mdGV0aGVyLm5ldDEjMCEGA1UECwwadnBuMzY4MTI1NTIw
LnNvZnRldGhlci5uZXQxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA49Y31dFcm7qKeiLuwJyLW2WrAnY8uG+Ed5gJxIfGJlKBVYss
uRHLS3xSxMGliFgk4VVvjTCF80phSOm6N+9pWoezH9ZlXguiXtFcZRwDAZOtIP6v
Gll2qc2cfhs101YouvasF617UHsv21U2y+NmeUG1HIvUdfw+Ltrpr5j5DQP/rrdM
X/65KyhOXxvGSHUi1n4OOp7ked1CwMVBq7lZj35IUE6kOBq4IEUBZeQOu2bGEYtk
kCk4CLeEBqoR731E94Hi9pmuUogwEtwnQioI11NyaAqzDJKhRJ6/zu1n/JBcI1eT
vncC/kezfLKJiC/0rOA6EWm+wQYioiCKCF7LKQIDAQABo4GGMIGDMA8GA1UdEwEB
/wQFMAMBAf8wCwYDVR0PBAQDAgH2MGMGA1UdJQRcMFoGCCsGAQUFBwMBBggrBgEF
BQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDBQYIKwYBBQUHAwYGCCsG
AQUFBwMHBggrBgEFBQcDCAYIKwYBBQUHAwkwDQYJKoZIhvcNAQELBQADggEBANG+
PjmEFdS/uYBcyorma1pPPB40geYam5qF//+rXMmQhdLaSeXDTv7BSY1pOztbxWnw
NCWhWQ+bemvcvpiUVk/SlH8t21bhHFG0plsInMFFT7zWHHIeSFiXy09ZMPSf2yBH
MJznRtLbNMX+v7A1keVdtmxFed5fzaBjPtvrQJMz/mp7b+Qx9HmXejsFYWW+3HDY
akCCc2GXFJI6Mu9hxgj8e/j3kYbl0JDf6ZWAhpZ0E342PnIuYCaXPfHM/xgUPu3J
zUSTsdcc2n3RdQjMVyHX7X5YO4UoSuHnYFMWX38ZPAK62VGmusec5+ktZvIZ6SJq
OCmCy/TplJ6TVvrtJL4=
-----END CERTIFICATE-----

</ca>

<cert>
-----BEGIN CERTIFICATE-----
MIID0DCCArigAwIBAgIBADANBgkqhkiG9w0BAQsFADBnMRwwGgYDVQQDDBM5MjEw
ODk3NTEyOTMzNjE3MjkzMRwwGgYDVQQKDBM5MjEwODk3NTEyOTMzNjE3MjkzMRww
GgYDVQQLDBM5MjEwODk3NTEyOTMzNjE3MjkzMQswCQYDVQQGEwJVUzAeFw0xODA5
MjMxMDQ2NTJaFw0zNzEyMzExMDQ2NTJaMGcxHDAaBgNVBAMMEzkyMTA4OTc1MTI5
MzM2MTcyOTMxHDAaBgNVBAoMEzkyMTA4OTc1MTI5MzM2MTcyOTMxHDAaBgNVBAsM
EzkyMTA4OTc1MTI5MzM2MTcyOTMxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAnD8n07RMBCQ1Z/PwwpMTRKCtT+t2jr12Alj7O9aD
cD7kEtGZ5u8GzwamNaepr/2TMrhlbGZ/Z2TGEjH5hqr6a/vb3HQkedfUPgfFF2jw
t+3JifKgmAuDFCHBeUqCxTPjau2oN3rFGYUIcWicGmCkm4qt+VqOxdBkcAS6DfAA
deDTr+gfBm3qWsugdG1asG4zBPi1tyainLDOz0JqU1yCN49Qh92J0D/b+fHm2UVr
0XGlYUidxqG0usrVjJ5M6u7dRrGbDL+6ANz4cMA+z1Epe4jq6whylBH2GHB1Jo2m
/vFnS2NasHJx6VmxnfeGJRZ4G5NZqBInakMX3PL9X7oTlQIDAQABo4GGMIGDMA8G
A1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgH2MGMGA1UdJQRcMFoGCCsGAQUFBwMB
BggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDBQYIKwYBBQUH
AwYGCCsGAQUFBwMHBggrBgEFBQcDCAYIKwYBBQUHAwkwDQYJKoZIhvcNAQELBQAD
ggEBAFSnWPDtDDoC3qNJ02N1E2ekazc1vgRyoaa7kpNTupQcjJ7FqgdeKCKPjO+4
YbsuKVNZ8IKZvQGlkmqT+js2OV70YlXciOkqH8bJ3rR8sjDeY5tPRfH7IiAypg/4
CWn1y/P3iqSI3s7vwmXPopwC5lxm9keIfFVCotu++8z3PZnp3bbvnaNIH/0QyrMd
m7vhQTWvR4AYr040TTohj3kLb+DOIXhql2+FtvmICejJyZ/3012x0NLwNy9eSwVT
mp6fbD4ha+cvOtAsTsi59/u2ATzDTXJskhV8whiFi9c2f85wDoMZN15OhKUVbU8U
Yrmks3/Mz1cXVoznpTU5ILNfT7g=
-----END CERTIFICATE-----

</cert>

<key>
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCcPyfTtEwEJDVn
8/DCkxNEoK1P63aOvXYCWPs71oNwPuQS0Znm7wbPBqY1p6mv/ZMyuGVsZn9nZMYS
MfmGqvpr+9vcdCR519Q+B8UXaPC37cmJ8qCYC4MUIcF5SoLFM+Nq7ag3esUZhQhx
aJwaYKSbiq35Wo7F0GRwBLoN8AB14NOv6B8Gbepay6B0bVqwbjME+LW3JqKcsM7P
QmpTXII3j1CH3YnQP9v58ebZRWvRcaVhSJ3GobS6ytWMnkzq7t1GsZsMv7oA3Phw
wD7PUSl7iOrrCHKUEfYYcHUmjab+8WdLY1qwcnHpWbGd94YlFngbk1moEidqQxfc
8v1fuhOVAgMBAAECggEAS8TgpmxHdLauY2PLfD/gVyZoBVqVGrFL2eWWp7Tl9ne5
GFsme/Or5Jc/4MMWqa6ZRD5hiMjHvbcDym0LqT+ewuDXBLgZvDBqz03rSOft2/Pn
CQtsz269uPSJoyz772+zN/ZZ3dWeYTq/Fmf5U11MVdVReptsowbkveG86+dYAdEs
MRFFJ3/o6kL47DGFJSRuXTFmMudgDPUQnItE8kXFXD513Mc7Pi0CzCnrylUHTu3V
zvEkOTHA8zU+r96Uq//XhYWSxuZjkNRjjBw2HZ9qM0TnO1+lY1uexSVFrEufH3Yg
Dq8yyZnWGPNVAG3Hh2pcKyyyrGMcdJqBYz2Z4eABgQKBgQDMfnJa8blNet+cl/AV
smTsfgoRnw+nHhPEclvW7Od3H3obqc1akU873ATOBmMHh4FL/fqFSG1oMSHcEdZe
DJplsDYMZVruzIGWSpg2ZymIPnQ7IuTGQOX+bfZFvek3WI8DbQZSM8gyyF+NwnjA
Tflcd5nLkG+5mSq754M5UisIYQKBgQDDmcc71IvA/ATlWN1v2zvCzfr2UYKZaaUf
jRAxUx5+c5D9IdBrhON83cLjcs3i5D/xqfDdQsxEDlWhBGzCwxE3/2qAi6iZG6DK
mIqHdCL1lA0aTPH5lOKqLW/spr63dfJlP2CW97nqj0vyxXloj3K4oXJTqOTzESZb
7bY5GSKHtQKBgClQztfzCKZP0gf4Zqhrj5p8aJpg0a/JEuNY25dT6/wUXv5h0zye
KS0F6e6aOb3Wsdfhq5DsLjaj3pxw+iesUjGDZZghjjq7FN+BmLk9JJYDUEZ2aVRo
3k8GdoBmu0zUVqixiVpoXeVsuGmSxgTMfDoja+5F81zDRnAKeWfGYy1hAoGAfOhn
1Wo+sMd/bOJZzkOHHzigicm1h7hyLPrNG2KD96ZfMXb1fKPJDgUjnlHC7qBpwS6P
1QwCG3e38PI9bgZZqZPe9CW7TcLZ5GaTGDru1DpuP5xhbctJD/miHtLAubGFUGiv
iti5jfNiQa8ff8kTLppSwt/5DMun3k6n7kCBz30CgYEAi4VebQtOaOZca7KuvoVl
wwkcOBz8mupGmc0dbvwf1pHTmQtn60f5flyRH376efZxpgHG1xcLoJDwGNX7xhFb
/aVb+aS5B87B4litWsYw/P7dJxhM2GOob2PNpEtS0DuKlTFrgqyOf9ycjt725T72
WfDUJjN5WSKlidKvjofaL4M=
-----END PRIVATE KEY-----

</key>
"

Re: Dumb Issue with Auth on Softether server and OpenVPN client(s)

Posted: Sun Sep 23, 2018 7:16 pm
by cmd wh0ami
Just a guess, the handshake is getting blocked by something. I would think the router, but if your sure you have the correct port (udp 9901 1st config / udp 1194 2nd config) forwarded to the correct server local IP then I might be wrong.

Also I wouldn't use the dns name and just use your external public facing IPv4 address...

Re: Dumb Issue with Auth on Softether server and OpenVPN client(s)

Posted: Sun Sep 23, 2018 8:38 pm
by stefanotuv
Hi cmd wh0ami, thanks for that
[/quote]
cmd wh0ami wrote:
Sun Sep 23, 2018 7:16 pm
udp 9901 1st config / udp 1194 2nd config
I have attached a print screen of the router settings... it is working for the FTPS as far as I can see... can you see anything wrong?

I have tried both static and the 2 different dynamics... how can I test if the forwarding is working?

Thanks a lot!

Re: Dumb Issue with Auth on Softether server and OpenVPN client(s)

Posted: Mon Sep 24, 2018 2:16 am
by cmd wh0ami
Man, you wrote a lot in your 1st post... Im trying to follow... If you made a bridge, what interface did you bridge to? eth0/wlan0 or did you create a tap interface? If you bridged to eth0 or wlan0 you don't need any forwarding, but also your talking windows, which I believe windows automatically does the forwarding... Linux you have to enable forwarding in sysctl.conf

If you set up a bridge to eth0 or wlan0 or even tap_ your using the wrong openvpn client config file.... You should be using the site-site bridge config... The only difference is the "dev_tap" in the config file. You can either change it in a txt editor or use the site-site bridge config file.

dev tap

proto tcp

<connection>
remote vpn368125520.v4.softether.net 443
nobind

</connection>

mssfix max
auth-nocache
resolv-retry infinite
verb 3
cipher AES-256-CBC
auth SHA256
auth-user-pass
client

<ca>
CA CERT GOES HERE
</ca>

<cert>
-----BEGIN CERTIFICATE-----
SAME CA CERT GOES HERE TOO
-----END CERTIFICATE-----

</cert>

<key>
-----BEGIN PRIVATE KEY-----
PRIVATE KEY GOES HERE
-----END PRIVATE KEY-----

</key>

I recommend you stop SoftEther from listening on all ports except for default tcp 443. No need to listen in on udp 1194 or tcp 992 or tcp 1194 or tcp 5555. But your client will still connect now with my settings with out you closing listening ports.

Let me know if that works. If it does you should change your certs and add some more options to the openvpn client config to make it verify the certs

Id change your encryption too on the server but you dont have to AES-256-CBC / SHA 256

Re: Dumb Issue with Auth on Softether server and OpenVPN client(s)

Posted: Mon Sep 24, 2018 9:02 pm
by stefanotuv
thanks man i appreciate a lot!!!

ill give it few try and let you know :)

thanks again

Re: Dumb Issue with Auth on Softether server and OpenVPN client(s)

Posted: Mon Sep 24, 2018 11:21 pm
by stefanotuv
wow man!! thanks a lot.

i changed the tun in tap and worked... however i dont understand why... i am supposed to connect from an external network so i was convinced it was tun...

on another note, i was trying from my mobile and this time i dont get anylonger the issue with the auth but it does not connect... ill give few more try and report back

thanks again!!!

Re: Dumb Issue with Auth on Softether server and OpenVPN client(s)

Posted: Tue Sep 25, 2018 11:46 am
by cmd wh0ami
Android openvpn clients dont have the VPN API to use the tap_interface. It will work on your cell with the "dev_tun" option. The only android OpenVPN client that works with tap is called "OpenVPN Client" by colucci-web.it and its $7.99 on Google Play. The app is only necessary if you want to tunnel dual stack IPv4 & IPv6... With other Android VPN clients you can route IPv6 to null so your IPv6 address doesn't leak...

To do that you add the options below the the OpenVPN client config.

route-ipv6 ::/0
route 0.0.0.0 0.0.0.0 vpn_gateway

Re: Dumb Issue with Auth on Softether server and OpenVPN client(s)

Posted: Tue Sep 25, 2018 7:39 pm
by stefanotuv
ok This is strange.

With the changes you suggested the now i can connect. i tried within the same network and out side tethering with my phone. however in the second case when i check for myip it does not give me back the one from the network not the server one... is this the expected result? i thought i would get the IP from the server... i am trying to setup something for the next time i ll go to china without having to rely on some vpn...

Below the client file:


dev tap

proto tcp

remote vpn368125520.v4.softether.net 443
;http-proxy-retry
;http-proxy [proxy server] [proxy port]


cipher AES-128-CBC
auth SHA1

resolv-retry infinite
nobind
persist-key
persist-tun
client
verb 3
auth-user-pass
<ca>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

</ca>


<cert>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

</cert>

<key>
-----BEGIN PRIVATE KEY-----

-----END PRIVATE KEY-----

</key>

Re: Dumb Issue with Auth on Softether server and OpenVPN client(s)

Posted: Wed Sep 26, 2018 12:15 pm
by cmd wh0ami
its too slow trying to help you here. I set up a Discord server the other day, (its like skype but for gamers). If you want to hit me up over there I can walk you through it in IM or voice chat.

I need to know how you set up the server and there are too many settings to work it out on here. I know exactly what you need to do to get around the great firewall. The first step is moving the OpenVPN handshake to tcp 443 in the client config which you did, stop SoftEther server from listening on all ports except tcp 443, you also need to set up a bridge site - site which it sounds like you also did.

here is a invite link to the Discord: https://discord.gg/QByKXA9

Your going to have to pass all tests on this VPN detection site: https://whatleaks.com/

Re: Dumb Issue with Auth on Softether server and OpenVPN client(s)

Posted: Wed Sep 26, 2018 3:42 pm
by stefanotuv
Thanks so much!!

I will definitely be in touch.

Thanks a lot!!!

Re: Dumb Issue with Auth on Softether server and OpenVPN client(s)

Posted: Fri Sep 28, 2018 8:42 pm
by stefanotuv
cmd wh0ami wrote:
Wed Sep 26, 2018 12:15 pm
its too slow trying to help you here. I set up a Discord server the other day, (its like skype but for gamers). If you want to hit me up over there I can walk you through it in IM or voice chat.

I need to know how you set up the server and there are too many settings to work it out on here. I know exactly what you need to do to get around the great firewall. The first step is moving the OpenVPN handshake to tcp 443 in the client config which you did, stop SoftEther server from listening on all ports except tcp 443, you also need to set up a bridge site - site which it sounds like you also did.

here is a invite link to the Discord: https://discord.gg/QByKXA9

Your going to have to pass all tests on this VPN detection site: https://whatleaks.com/
here my username Steven#5380 i enter the server you gave me. let me know when you have few mins to chat

Cheers!
S