Fixing networking after a Tunnelblick crash

By: on July 23, 2019

If you are running tunnelblick to access a VPN using OpenVPN on a High Sierra Mac, and for instance your whole system crashes, once you’ve logged back in you may lose all network access, even when you have the VPN down.

In my case the fix was to open Terminal and run:

networksetup -setdnsservers "iPhone USB" empty

You’ll probably need to change the name of your network interface. You can see them in the terminal by running:

networksetup -listnetworkserviceorder

Or, you can use system preferences to list the network.

Shouldn’t we do this from the system preferences GUI?

In the case of my iPhone USB interface I can’t see how. On High Sierra, these are all the options I have for my “iPhone USB” network.

In the case of Wi-Fi, there’s an Advanced button, as shown below. If you press that you can control DNS settings directly. It is surprising this does not appear on all network interfaces.

This opens up a multi-page control, and the DNS section looks like this:

If you are having trouble and there are entries in either list while your VPN is down, chances are they are leftovers from when you had your VPN connected, and if you remove them your network will start working again.

Or, you can reinstall your Mac.

Why?

I was using Tunnelblick 3.7.9a and the release notes show 3.8.0beta 2  “Fixes a failure to restore DNS settings after shutting down or restarting the computer while a VPN was connected”.  I can count 10 DNS fixes in Tunnelblick releases in the last 12 months. That shows that it is actually pretty hard for a user level GUI to manage network settings.

Computer security is difficult, and getting worse. As the state of the art stands it does often make sense to limit access to network services, and we’ll then often use VPN technology to get to the services we need to. Unfortunately, there’s enormous flexibility in the arrangements you might make when setting up a VPN so it does not seem viable at the moment to standardise useful VPN support into our operating systems.

 

Share

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*