Viscosity 1.7+ DNS issues

Got a problem with Viscosity or need help? Ask here!

salt_of_the_moon

User avatar
Posts: 9
Joined: Sat May 27, 2017 8:09 am

Post by salt_of_the_moon » Wed May 31, 2017 3:38 am
Upon updating our Macs in the office to 1.7 we've been seeing an odd behavior with DNS.

We have a number of internal hosts that should resolve via DNS when on VPN.

Here's a rundown of the symptoms:
1. Connect with Viscosity to VPN
2. DNS resolution of internal hosts works fine
3. 5 to 50 minutes pass... suddenly DNS resolution of "internal" hosts fails
4. DNS resolution continues to fail until disconnect/reconnect to the VPN

I should mention: we are running OpenDNS Roaming Client on our machines, which was working fine with Viscosity versions up through 1.6.8. The DNS issues have only started since updating to 1.7 We've even udpated a few machines to 1.7.1 but the problem is still happening.

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Fri Jun 02, 2017 11:08 pm
Hi salt_of_the_moon,

Do you still see this behaviour with the latest 1.7.2 beta? While nothing in the beta explicitly addresses this, some tweaks have been made to the DNS system.
http://www.sparklabs.com/support/kb/art ... -versions/

If you're still seeing the problem, can you check on the computer's DNS settings from both shortly after connecting (when DNS is working) and after you start noticing problems and see if they differ? Instructions can be found at:
http://www.sparklabs.com/support/kb/art ... tings/#mac

Finally, I also recommend checking the connection log and see if there are any messages around the time the connection stops working:
http://www.sparklabs.com/support/kb/art ... envpn-log/

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

kivamarc

Posts: 2
Joined: Wed Jun 07, 2017 4:33 am

Post by kivamarc » Wed Jun 07, 2017 4:42 am
The beta version (1.7.2b1 1403) didn't help me. There seems to be pervasive DNS issues. We're using OpenVPN 2.3.2-7ubuntu3.1.

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Thu Jun 08, 2017 6:13 am
Hi kivamarc,

Please give the latest beta version (1.7.2b2 at the time of writing) a try and see if the issue persists.

If it does please reply with a copy of your OpenVPN log (please feel free to censor out any sensitive addresses) and a copy of the scutil command output and we'll take a look. Information on how to access these can be found in the links posted previously.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

kivamarc

Posts: 2
Joined: Wed Jun 07, 2017 4:33 am

Post by kivamarc » Thu Jul 13, 2017 9:34 am
We confirmed that we're blocked on v1.7.3 (1412) + macOS v10.12.5. We determined the problem was related to Viscosity's OpenVPN version detection. The 'Automatic' feature wasn't working for some reason. We directed users to open the Viscosity client preferences and go to Advanced and select 2.3 on 'OpenVPN Version'.

As an aside, our server.conf has the following DNS shorthand config:
Code: Select all
push "dhcp-option DNS 192.168.1.32 192.168.1.34"
Rather than:
Code: Select all
push "dhcp-option DNS 192.168.1.32"
push "dhcp-option DNS 192.168.1.34" 
Our conf works with the 2.3 option selected.

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Fri Jul 14, 2017 12:30 pm
As an aside, our server.conf has the following DNS shorthand config:
I'm afraid that is invalid OpenVPN configuration syntax. It's likely OpenVPN 2.3 is letting it through, however the second DNS server will be getting ignored. Viscosity will only be setting the first DNS server for the connection. OpenVPN 2.4 has stricter command syntax checking, and so is likely ignoring or blocking the command altogether.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
6 posts Page 1 of 1