System Network Extension connects to VPN via OpenVPN protocol, but can't view any web pages

[andrewkonchak]

System Networks Extension successfully connects to VPN via OpenVPN protocol, but I can't view any web pages. With in-app Network Extension, everything is working correctly. But, when I converted app NE to system NE traffic didn't receive from the tunnel. I used system NE because I need to distribute a Mac VPN app through Developer ID ( distribute outside of MacStore ). As I understand, to do so I need to convert demo app NE to a system. I created a new system NE target, importing all files from the old target, but looks like it's not enough.
It doesn't work, in console when I'm trying to establish a connection I see

Logs

default	15:56:21.550893+0300	com.NewOpenVPN.Extension	OpenVPN -----Log: OpenVPN core 3.5.6 mac x86_64 64-bit
default	15:56:21.561820+0300	com.NewOpenVPN.Extension	OpenVPN -----Log: Frame=512/2048/512 mssfix-ctrl=1250
default	15:56:21.565922+0300	com.NewOpenVPN.Extension	OpenVPN -----Log: UNUSED OPTIONS
4 [resolv-retry] [infinite] 
5 [nobind] 
6 [persist-key] 
7 [persist-tun] 
11 [verb] [3]
default	15:56:21.571866+0300	com.NewOpenVPN.Extension	OpenVPN -----Log: Contacting 3.143.220.175:443 via TCPv4
default	15:56:21.699043+0300	com.NewOpenVPN.Extension	OpenVPN -----Log: Connecting to [3.143.220.175]:443 (3.143.220.175) via TCPv4
default	15:56:21.826260+0300	com.NewOpenVPN.Extension	OpenVPN -----Log: Tunnel Options:V4,dev-type tun,link-mtu 1571,tun-mtu 1500,proto TCPv4_CLIENT,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client
default	15:56:21.826486+0300	com.NewOpenVPN.Extension	OpenVPN -----Log: Creds: Username/Password
default	15:56:21.826595+0300	com.NewOpenVPN.Extension	OpenVPN -----Log: Peer Info:
IV_VER=3.5.6
IV_PLAT=mac
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
default	15:56:22.102931+0300	com.NewOpenVPN.Extension	OpenVPN -----Log: VERIFY OK : depth=1
cert. version     : 3
serial number     : 14:9C:99:5B:80:BE:75:F0:03:FB:7D:0C:FE:A8:C2:49:96:3D:B8:88
issuer name       : CN=ovpncliens
subject name      : CN=ovpncliens
issued  on        : 2020-08-07 07:50:26
expires on        : 2030-08-05 07:50:26
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=true
key usage         : Key Cert Sign, CRL Sign
default	15:56:22.103060+0300	com.NewOpenVPN.Extension	OpenVPN -----Log: VERIFY OK : depth=0
cert. version     : 3
serial number     : DC:A4:AC:67:BE:B6:72:A2:5E:40:4A:FC:5B:75:C5:7B
issuer name       : CN=ovpncliens
subject name      : CN=server
issued  on        : 2020-08-07 07:51:43
expires on        : 2030-08-05 07:51:43
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=false
subject alt name  : server
key usage         : Digital Signature, Key Encipherment
ext key usage     : TLS Web Server Authentication
default	15:56:22.539571+0300	com.NewOpenVPN.Extension	OpenVPN -----Log: SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
default	15:56:22.540090+0300	com.NewOpenVPN.Extension	OpenVPN -----Log: Session is ACTIVE
default	15:56:22.540410+0300	com.NewOpenVPN.Extension	OpenVPN -----Log: Sending PUSH_REQUEST to server...
default	15:56:22.796787+0300	com.NewOpenVPN.Extension	OpenVPN -----Log: OPTIONS:
0 [redirect-gateway] [def1] [bypass-dhcp] 
1 [dhcp-option] [DNS] [8.8.4.4] 
2 [dhcp-option] [DNS] [8.8.8.8] 
3 [route] [10.8.0.0] [255.255.255.0] 
4 [topology] [net30] 
5 [ping] [10] 
6 [ping-restart] [120] 
7 [ifconfig] [10.8.0.6] [10.8.0.5] 
8 [peer-id] [0] 
9 [cipher] [AES-256-GCM]
default	15:56:22.796976+0300	com.NewOpenVPN.Extension	OpenVPN -----Log: PROTOCOL OPTIONS:
  cipher: AES-256-GCM
  digest: NONE
  compress: NONE
  peer ID: 0
default	15:56:22.797286+0300	com.NewOpenVPN.Extension	[Extension com.NewOpenVPN]: provider set tunnel configuration to (null)
default	15:56:22.813122+0300	com.NewOpenVPN.Extension	[Extension com.NewOpenVPN]: provider set tunnel configuration to 
    tunnelRemoteAddress = <13-char-str>
    DNSSettings = {
        protocol = cleartext
        server = (
            <7-char-str>,
            <7-char-str>,
        )
        searchDomains = ()
        matchDomains = (
            <0-char-str>,
        )
        matchDomainsNoSearch = NO
    }
    IPv4Settings = {
        configMethod = PPP
        addresses = (
            <8-char-str>,
        )
        subnetMasks = (
            255.255.255.252,
        )
        includedRoutes = (
            {
                destinationAddress = <8-char-str>
                destinationSubnetMask = 255.255.255.0
                gatewayAddress = <8-char-str>
            },
            {
                destinationAddress = <7-char-str>
                destinationSubnetMask = 0.0.0.0
                gatewayAddress = <8-char-str>
            },
        )
        excludedRoutes = ()
        overridePrimary = NO
    }
default	15:56:22.995848+0300	com.NewOpenVPN.Extension	Attempting to add source to main runloop, but the main thread has exited. This message will only log once. Break on _CFRunLoopError_MainThreadHasExited to debug.
default	15:56:22.996737+0300	com.NewOpenVPN.Extension	OpenVPN -----Log: Connected via tun
default	15:56:22.997486+0300	com.NewOpenVPN.Extension	OpenVPN ----- connected
default	15:57:26.822607+0300	com.NewOpenVPN.Extension	OpenVPN -----Log: TUN write exception: write_some: No buffer space available
default	15:57:27.496721+0300	com.NewOpenVPN.Extension	OpenVPN -----Log: TUN write exception: write_some: No buffer space available
default	15:57:27.623852+0300	com.NewOpenVPN.Extension	OpenVPN -----Log: TUN write exception: write_some: No buffer space available
default	15:57:27.821155+0300	com.NewOpenVPN.Extension	OpenVPN -----Log: TUN write exception: write_some: No buffer space available
default	15:57:29.125957+0300	com.NewOpenVPN.Extension	OpenVPN -----Log: TUN write exception: write_some: No buffer space available

Screen shot from network app. On this screen shot you can see that we successfully connected to OpenVPN server, but there is no “Received:” traffic.

Do you have any idea why it doesn’t work? I debug openVPN adapter library and see something wrong with socked transfer. I think maybe something is blocking the socket connection.

[Sharalink]

i got the same problem！do you resolve it？

[andrewkonchak]

Hey, I found another solution for implementing OpenVPN connection. I used OpenVPN executable. I integrate it into my project an run it from code with my config file. чт, 24 черв. 2021 о 18:10 sharaLink ***@***.***> пише:

…

i got the same problem！do you resolve it？ — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#208 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AHXJMOGW52TLMUTWYI2URQDTUNDGHANCNFSM46RDTZIQ> .