Recently I bought this new router: ASUS RT-N16 Wireless-N Gigabit Router
I followed the instructions from this link to set the VPN server, and my client configuration. As to the vpn client software, since I have a Macbook Pro, the Tunnelblick from Google becomes the number one choice.
However, after setting up the client side configurations, once I started Tunnelblick, my Macbook couldn’t get an IP address from the VPN server, even though the secure connection was established successfully. I checked the log file, and found an error message:
write to TUN/TAP : Input/output error (code=5)
. After some research, I found the solution:
- On the server side, make sure: “Start with WAN” is checked, “Interface type” is “TAP”, “Authentication Mode” is “TLS”, “Client Address Pool”: “DHCP” is checked.
- On the Macbook, click Tunnelblick, and then menu item “Details”.
- Choose “Do not set nameserver” at the lower-left corner.
- Click on “Edit configuration”.
- Add following two lines to your configuration file, and save it:
up "./vpn-up.sh" down "./vpn-down.sh"
- In directory ~/Library/Application Support/Tunnelblick/Configurations/home.tblk/Contents/Resources, create two files: vpn-up.sh and vpn-down.sh (see bellow).
- Make sure both files are owned by “root:wheel” and the permission is 700.
After these changes, everything works perfectly. I can ssh back to my home server without using “Port Forwarding” feature on the router; I can even print to my home printer directly from a coffee shop! It’s neat, isn’t it?
P.S.
vpn-up.sh
#!/bin/bash sleep 2 /usr/sbin/ipconfig set tap0 DHCP
vpn-down.sh
#!/bin/bash sleep 2 /usr/sbin/ipconfig set tap0 NONE
Comments (3)