VPN: OpenVPN Troubleshooting

I can’t connect once I run the program.
If you are behind any type of firewall on your computer, a corporate firewall or are in a country where OpenVPN -might- be blocked on the default port, then it could be that port 1195 is blocked.  If you have control of your PC, ensure that no local firewall is blocking port 1195.  If you are behind a corporate firewall, ask to have port 1195 unblocked.  If you are in the third situation, contact your IT Help Desk if you are part of a corporate account or contact Cross Connect support if you have an individual account.

Webpages only load partially or my TCP connections just seem to hang.
This is sometimes related to the TCP MTU size.
Add the line “mssfix 1300” to your OpenVPN configuration.
Save the file.
Reconnect to the VPN.
If the issue still continues, change the line downward by 100 (from 1300 to 1200).
Repeat the above steps.

I installed my new OpenVPN, per instructions with a new username and password provided.  However, because of a previous install of this software, it is not asking for the new login/password.
You need to make sure that you install the new OpenVPN configuration file you received as part of our service.  That will allow you to choose our server versus any other servers you may have used in the past.  Once you select our server, OpenVPN will connect and then prompt you for your username and password.



After installing the program, I click the icon on my Desktop.  I can connect successfully, but I can’t get to any sites or do anything.
Make sure that you right click your Desktop icon and choose to “Run as Administrator.”  If you do not, OpenVPN does not have the rights on the system to alter your ARP/routing tables to allow proper VPN networking to take place. Review the instructions on the Windows OpenVPN page.





On my Mac, after I disconnect from the VPN, my Internet stops working.
This appears to be a bug or an issue in Tunnelblick.  The workaround we have found is to ensure that the OpenVPN configuration file does not have the lines with “user” and “group” in it.  If it does, remove them, save the file and then restart your computer.  Then reconnect to the VPN.


Help! My Tunnelblick icon disappeared from my status bar!
It sounds like you may have quit the program instead of disconnecting from the VPN server. Go to your main Applications folder and restart Tunnelblick there.


On Mountain Lion, my certificate based L2TP+IPSec VPN stopped working.
This can be due to the inability of the right program to read your certificate.  Try these steps:
You should see your certificate listed in the main window, it should have a small arrow to the left of the certificate name.

  1. Open Keychain Access (use spotlight), search for the certificate you use in your VPN configuration using the search box which is located in the top right of the window.  You may have to select the appropriate keychain from the list in the left hand navigation column titled ‘Keychains.’  Some may be in the System keychain.
  2. Click on the arrow, and this should reveal the private key below.  This has a key icon associated with it.
  3. Double click on the private key.  A window should pop up showing the private key.
  4. At the top of this window there are two buttons that can be toggled, ‘Attributes’ and ‘Access Control.’  By default the Attributes button is selected (greyed out). Click on the ‘Access Control’ button.
  5. The window changes to display a couple of buttons.  Choose “Always allow access by these applications” and then select racoon. The path for the program is  /usr/sbin/racoon    NOTE:  If you cannot see the /usr folder when browsing for the executable, use the Show hidden files shortcut: cmd-shift-. (cmd-shift-dot).
  6. Click on the button ‘Save Changes’ button.  You may have to enter your admin password.
  7. Close all the windows and quit Keychain Access.
  8. Now try your VPN.


My Tunnelblick is completely greyed out!  I can’t select my VPN or any menu item.
If you see a screen like the one pictured here, it is likely that the program or process has gotten hung.  To fix this, you need to do the following.

Open up your Applications folder and go to the Utilities folder.

Select Activity Monitor under the list of programs in Utilities.

You can sort the processes by name.  You are looking for the Tunnelblick process.  Once you find that, click on it to highlight it and choose Quit Process (the big red Stop Sign symbol).  You can either choose normal quit (usually works) or force quit if it doesn’t quit the first time.

Once it quits, the Tunnelblick door icon will disappear from the status bar.  You can then locate Tunneblick wherever you installed it (usually under Applications) and restart it.