After upgrading to 1.7.3 viscosity lost auth-user-pass

Got a problem with Viscosity or need help? Ask here!

sbarnea

User avatar
Posts: 12
Joined: Thu Oct 20, 2016 4:27 am

Post by sbarnea » Tue Jul 04, 2017 11:32 pm
Upgrading from 1.7.1 to 1.7.3 seems to be a complete disaster:

* all the "auth-user-pass" sections were removed from the VPN config files.
* Adding the file manually works, one time because the directive is removed and next time you connect viscosity will not have it
* the clean-log option from view-log dialog does not clean the window anymore.

I checked and this happened on all connections (6 servers configured).

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Mon Jul 10, 2017 11:32 am
Hi sbarnea,
all the "auth-user-pass" sections were removed from the VPN config files.
Viscosity represents this option with the "Use Username/Password authentication" checkbox. Use of a password text file for storing authentication details is not supported - Viscosity supports storing credentials in the Keychain. Adding the "auth-user-pass" command manually to the advanced commands section will cause it to be parsed back into the corresponding checkbox setting.
the clean-log option from view-log dialog does not clean the window anymore
I'm afraid we are unable to find any problems with it. Please keep in mind that it clears the log for the currently selected connection only. If a different connection is then selected at the top of the Details window then its log data (if any) will be displayed.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

sbarnea

User avatar
Posts: 12
Joined: Thu Oct 20, 2016 4:27 am

Post by sbarnea » Mon Jul 10, 2017 6:27 pm
It seems that you totally missed the 2FA use-case, where the only way to implement a reliable (self-restoring) VPN connection is to use the "auth-user-pass" file in combination with before-connect-script which generates the one-time-password in that file.

This is a standard use case of OpenVPN which worked well even with Viscosity in the past. Now this is broken forcing users to drop use of Viscosity.

sbarnea

User avatar
Posts: 12
Joined: Thu Oct 20, 2016 4:27 am

Post by sbarnea » Mon Aug 07, 2017 8:37 pm
Sorry to say it but it seems that I reached an "enough-is-enough" kind of moment, I am going to look for Viscosity replacements because it seems that Sparklabs has little interest in fixing its problems.

One thing is clear and I reported it several times: Adding "auth-user-pass" on advanced config used to work well on Viscosity and the config was persistent. Now, with recent versions, this is no longer working because some smart engineer decided to drop that section from config sometimes after the first connection.

So, if you add it and connect you will be able to connect *once*, but if you try edit the config again, you will see that the config was "curated"... meaning that the option was removed, so you will fail to connect.

Getting an answer with "not-supported" for a clear regression seems like a good-enough-reason for getting a very pissed off customer. Be sure that I will share my experience with my colleagues, recommending them to look for alternatives.

Also I don't really like the fact that the Forum is very well hidden, is like someone spent some time trying to make it as hard as possible to find the forum. Let me explain why:
- No direct support email address in the client
- No link to the forum inside the client
- Even support page does not have a search box as the top, instead is has at least two different ones hidden somewhere inside the body (none of them visible without scrolling).
- No forum hyperlink in main side top menu, or bottom links.
- On website, you need to scroll *3* screens to reach the forum section where the "Forum" section is not even clickable, but at least you can click one of the sections.

Somehow I have the impression that "UX" is not part of the resume of the guy doing the design... wasting 50% of the screen height on for the page title (measure on 13" MBP screen).

sbarnea

User avatar
Posts: 12
Joined: Thu Oct 20, 2016 4:27 am

Post by sbarnea » Thu Dec 07, 2017 7:54 pm
James wrote:
all the "auth-user-pass" sections were removed from the VPN config files.
Viscosity represents this option with the "Use Username/Password authentication" checkbox. Use of a password text file for storing authentication details is not supported - Viscosity supports storing credentials in the Keychain. Adding the "auth-user-pass" command manually to the advanced commands section will cause it to be parsed back into the corresponding checkbox setting.
It seems that developers missed the whole point of having credentials from file, this is use when credentials are dynamic! Meaning that if viscosity reads the output of auth-user-pass and save it in config file it it will make login impossible next time because credentials are changed every 30s when you use OTP!

If the user specified `auth-user-pass`, just respect it and make it persistent instead of resetting it every time there is another change made to the config.

I am really displeased about the lack of bug fixes around Viscosity.
5 posts Page 1 of 1