Configuration:
---
client
resolv-retry 20
keepalive 10 60
nobind
mute-replay-warnings
ns-cert-type server
comp-lzo
max-routes 500
verb 1
persist-key
persist-tun
explicit-exit-notify 1
dev tun
proto udp
port 1194
cipher AES-128-CBC
cert keys/client.crt
key keys/client.key
ca keys/client-ca.crt
remote X.X.X.X 1194 # public address 
remote X.X.X.X 1194 # static WAN 1
---




Log:
---
2018-01-31 19:54:19 DEPRECATED OPTION: --max-routes option ignored.The number of routes is unlimited as of OpenVPN 2.4. This option will be removed in a future version, please remove it from your configuration.
2018-01-31 19:54:19 OpenVPN 2.4.4 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Nov  2 2017
2018-01-31 19:54:19 library versions: LibreSSL 2.5.5, LZO 2.10
2018-01-31 19:54:19 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337
2018-01-31 19:54:19 Need hold release from management interface, waiting...
*Tunnelblick: OS X 10.13.3; Tunnelblick 3.7.4 (build 4900)
2018-01-31 19:54:19 *Tunnelblick: Attempting connection with client using shadow copy; Set nameserver = 769; monitoring connection
2018-01-31 19:54:19 *Tunnelblick: openvpnstart start client.tblk 1337 769 0 1 0 1100208 -ptADGNWradsgnw 2.4.4-libressl-2.5.5
2018-01-31 19:54:20 *Tunnelblick: openvpnstart log:
     OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
     
          /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.4.4-libressl-2.5.5/openvpn
          --daemon
          --log
          /Library/Application Support/Tunnelblick/Logs/-SUsers-Sahanjrah-SLibrary-SApplication Support-STunnelblick-SConfigurations-Sclient.tblk-SContents-SResources-Sconfig.ovpn.769_0_1_0_1100208.1337.openvpn.log
          --cd
          /Library/Application Support/Tunnelblick/Users/ahanjrah/client.tblk/Contents/Resources
          --setenv
          IV_GUI_VER
          "net.tunnelblick.tunnelblick 4900 3.7.4 (build 4900)"
          --verb
          3
          --config
          /Library/Application Support/Tunnelblick/Users/ahanjrah/client.tblk/Contents/Resources/config.ovpn
          --verb
          3
          --cd
          /Library/Application Support/Tunnelblick/Users/ahanjrah/client.tblk/Contents/Resources
          --management
          127.0.0.1
          1337
          --mtu-test
          --management-query-passwords
          --management-hold
          --script-security
          2
          --route-up
          /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -p -w -ptADGNWradsgnw
          --down
          /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -p -w -ptADGNWradsgnw

2018-01-31 19:54:19 *Tunnelblick: openvpnstart starting OpenVPN
2018-01-31 19:54:20 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337
2018-01-31 19:54:20 *Tunnelblick: Established communication with OpenVPN
2018-01-31 19:54:20 MANAGEMENT: CMD 'pid'
2018-01-31 19:54:20 MANAGEMENT: CMD 'state on'
2018-01-31 19:54:20 MANAGEMENT: CMD 'state'
2018-01-31 19:54:20 MANAGEMENT: CMD 'bytecount 1'
2018-01-31 19:54:20 MANAGEMENT: CMD 'hold release'
2018-01-31 19:54:20 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
2018-01-31 19:54:20 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2018-01-31 19:54:20 TCP/UDP: Preserving recently used remote address: [AF_INET]X.X.X.X:1194
2018-01-31 19:54:20 Socket Buffers: R=[196724->196724] S=[9216->9216]
2018-01-31 19:54:20 UDP link local: (not bound)
2018-01-31 19:54:20 UDP link remote: [AF_INET]X.X.X.X:1194
2018-01-31 19:54:20 MANAGEMENT: >STATE:1517457260,WAIT,,,,,,
2018-01-31 19:54:20 MANAGEMENT: >STATE:1517457260,AUTH,,,,,,
2018-01-31 19:54:20 TLS: Initial packet from [AF_INET]X.X.X.X:1194, sid=46628b79 c989367e
2018-01-31 19:54:20 VERIFY OK: depth=1, CN=certificateAuthority, C=CO, ST=ST, L=L, O=O, OU=OU, dnQualifier=certificateAuthority
2018-01-31 19:54:20 VERIFY OK: nsCertType=SERVER
2018-01-31 19:54:20 VERIFY OK: depth=0, C=CO, ST=ST, O=O, OU=OU, CN=server, dnQualifier=server
2018-01-31 19:54:22 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
2018-01-31 19:54:22 [server] Peer Connection Initiated with [AF_INET]X.X.X.X:1194
2018-01-31 19:54:23 MANAGEMENT: >STATE:1517457263,GET_CONFIG,,,,,,
2018-01-31 19:54:23 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2018-01-31 19:54:23 NOTE: Beginning empirical MTU test -- results should be available in 3 to 4 minutes.
2018-01-31 19:54:23 PUSH: Received control message: 'PUSH_REPLY,register-dns,route 192.168.0.0 255.255.254.0,route 192.168.50.0 255.255.255.0,topology net30,ping 10,ping-restart 60,dhcp-option DNS 192.168.50.1,dhcp-option DOMAIN example.com,ifconfig 192.168.50.126 192.168.50.125'
2018-01-31 19:54:23 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:1: register-dns (2.4.4)
2018-01-31 19:54:23 OPTIONS IMPORT: timers and/or timeouts modified
2018-01-31 19:54:23 OPTIONS IMPORT: --ifconfig/up options modified
2018-01-31 19:54:23 OPTIONS IMPORT: route options modified
2018-01-31 19:54:23 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2018-01-31 19:54:23 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
2018-01-31 19:54:23 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
2018-01-31 19:54:23 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
2018-01-31 19:54:23 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
2018-01-31 19:54:23 Opened utun device utun0
2018-01-31 19:54:23 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
2018-01-31 19:54:23 MANAGEMENT: >STATE:1517457263,ASSIGN_IP,,192.168.50.126,,,,
2018-01-31 19:54:23 /sbin/ifconfig utun0 delete
                                        ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2018-01-31 19:54:23 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2018-01-31 19:54:23 /sbin/ifconfig utun0 192.168.50.126 192.168.50.125 mtu 1500 netmask 255.255.255.255 up
2018-01-31 19:54:23 MANAGEMENT: >STATE:1517457263,ADD_ROUTES,,,,,,
2018-01-31 19:54:23 /sbin/route add -net 192.168.0.0 192.168.50.125 255.255.254.0
                                        add net 192.168.0.0: gateway 192.168.50.125
2018-01-31 19:54:23 /sbin/route add -net 192.168.50.0 192.168.50.125 255.255.255.0
                                        add net 192.168.50.0: gateway 192.168.50.125
                                        **********************************************
                                        Start of output from client.up.tunnelblick.sh
                                        Disabled IPv6 for 'Wi-Fi'
                                        Disabled IPv6 for 'Bluetooth PAN'
                                        Disabled IPv6 for 'Thunderbolt Bridge'
                                        Retrieved from OpenVPN: name server(s) [ 192.168.50.1 ], domain name [ example.com ], search domain(s) [  ], and SMB server(s) [  ]
                                        Not aggregating ServerAddresses because running on OS X 10.6 or higher
                                        Prepending 'example.com' to search domains '' because the search domains were not set manually (or are allowed to be changed) and 'Prepend domain name to search domains' was selected
                                        Saved the DNS and SMB configurations so they can be restored
                                        Changed DNS ServerAddresses setting from '192.168.1.254' to '192.168.50.1'
                                        Changed DNS SearchDomains setting from '' to 'example.com'
                                        Changed DNS DomainName setting from 'attlocal.net' to 'example.com'
                                        Did not change SMB NetBIOSName setting of ''
                                        Did not change SMB Workgroup setting of ''
                                        Did not change SMB WINSAddresses setting of ''
                                        DNS servers '192.168.50.1' will be used for DNS queries when the VPN is active
                                        NOTE: The DNS servers do not include any free public DNS servers known to Tunnelblick. This may cause DNS queries to fail or be intercepted or falsified even if they are directed through the VPN. Specify only known public DNS servers or DNS servers located on the VPN network to avoid such problems.
                                        Flushed the DNS cache via dscacheutil
                                        /usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
                                        Notified mDNSResponder that the DNS cache was flushed
                                        Setting up to monitor system configuration with process-network-changes
                                        End of output from client.up.tunnelblick.sh
                                        **********************************************
2018-01-31 19:54:27 *Tunnelblick: No 'connected.sh' script to execute
2018-01-31 19:54:27 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2018-01-31 19:54:27 Initialization Sequence Completed
2018-01-31 19:54:27 MANAGEMENT: >STATE:1517457267,CONNECTED,SUCCESS,192.168.50.126,X.X.X.X,1194,,
2018-01-31 19:54:32 *Tunnelblick process-network-changes: A system configuration change was ignored
2018-01-31 19:54:32 *Tunnelblick: This computer's apparent public IP address (Y.Y.Y.Y) was unchanged after the connection was made
2018-01-31 19:57:32 NOTE: Empirical MTU test completed [Tried,Actual] local->remote=[1557,1557] remote->local=[1557,1557]
---