SparkLabs Forum.

Community Help.


Can't connect; logs don't show much

Hi! I have one working connection with Viscosity, but I added another one a couple weeks ago, and I haven't been able to figure out how to get it to work. I tried using a different OpenVPN client and had the same problem. I set up the connection with an ovpn file.

When my coworkers set up the same connection on their machines, with the same ovpn file and with my login credentials, they could get in just fine. So, I've been resorting to using a second laptop for vpn access (which works!), but I'd really rather have access on my main machine.

Here's what happens on my machine:
1. I attempt to connect (with a connection that has never worked before). It requires a username and password (that requires Google Auth). I enter intentionally incorrect values.
a. This is all that shows up in the Connection Log:

Code: Select all

2017-11-06 15:42:44: Viscosity Mac 1.7.5 (1420)
2017-11-06 15:42:44: Viscosity OpenVPN Engine Started
2017-11-06 15:42:44: Running on macOS 10.12.6
2017-11-06 15:42:44: ---------
2017-11-06 15:42:44: State changed to Connecting
2017-11-06 15:42:44: Checking reachability status of connection...
2017-11-06 15:42:44: Connection is reachable. Starting connection attempt.
2017-11-06 15:42:44: OpenVPN 2.4.4 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Sep 27 2017
2017-11-06 15:42:44: library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.10
2017-11-06 15:42:48: TCP/UDP: Preserving recently used remote address: [AF_INET]54.67.53.236:1194
2017-11-06 15:42:48: Attempting to establish TCP connection with [AF_INET]54.67.53.236:1194 [nonblock]
2017-11-06 15:44:04: TCP: connect to [AF_INET]54.67.53.236:1194 failed: Operation timed out
2017-11-06 15:44:04: SIGUSR1[connection failed(soft),init_instance] received, process restarting
2017-11-06 15:44:04: TCP/UDP: Preserving recently used remote address: [AF_INET]54.67.53.236:1194
2017-11-06 15:44:04: Attempting to establish TCP connection with [AF_INET]54.67.53.236:1194 [nonblock]

b. This is all that shows up in Console, filtered for Viscosity:

Code: Select all

default   15:42:01.422566 -0800   Viscosity   discovered extensions
default   15:42:44.428908 -0800   Viscosity   UNIX error exception: 17
default   15:42:44.429039 -0800   Viscosity   0x60000046a600 opened /private/var/db/mds/system/mdsDirectory.db: 50744 bytes
default   15:42:44.429205 -0800   Viscosity   0x60000046af00 opened /Users/anne/Library/Keychains/login.keychain-db: 160004 bytes
default   15:42:44.433390 -0800   Viscosity   0x61000066d900 opened /Library/Keychains/System.keychain: 68404 bytes

2. I disconnect.
a. This is what shows up in the Connection Log:

Code: Select all

2017-11-06 15:45:55: State changed to Disconnecting
2017-11-06 15:45:55: SIGTERM[hard,init_instance] received, process exiting
2017-11-06 15:45:55: State changed to Disconnected

b. Console:

Code: Select all

default   15:45:55.076560 -0800   com.sparklabs.ViscosityHelper   Invalid command


Any suggestions for troubleshooting?
Hi umtsacraaysarnem,

The following lines in your log show that a connection isn't even able to be established with the VPN server, so it's not even able to get to the point where it starts to authenticate etc:

Code: Select all

2017-11-06 15:42:48: Attempting to establish TCP connection with [AF_INET]54.67.53.236:1194 [nonblock]
2017-11-06 15:44:04: TCP: connect to [AF_INET]54.67.53.236:1194 failed: Operation timed out


This is most likely caused by firewall rules on either the server or client computer blocking the connection attempt.

For more information please also refer to the suggestions in the following article:
https://www.sparklabs.com/support/kb/ar ... 0-seconds/

Cheers,
James
Thanks for the info! Still confused about what my issue could be.

From the page you linked:
  • The remote VPN server is down or unavailable: this isn't the case, because I can access it from other computers.
  • You are being blocked from contacting the remote VPN server: if so, it would have to be my specific computer that's blocked, not my work network. (And this would have to be some sort of accident, if so?) I don't see anything on my computer that would indicate I'm blocking the connection myself.
  • Your connection's configuration details may be incorrect or out of date: I used the exact same setup on other computers and it worked, so this isn't the case.

Do you have any more suggestions?
Hi umtsacraaysarnem,

I'm afraid that covers everything. I'd recommend getting in touch with your VPN Administrator and/or IT Administrator to check the firewall and routing rules on your computer and the VPN server.

Cheers,
James
Hi James. I'm the administrator, and we're still dealing with the same issue.
There's something specific to this user's laptop causing the problem and it's baffling me.
Server side, everything is fine, multiple users connect just fine from their devices.
This user (anne) can connect when I install viscosity and import the ovpn on any number of machines.
When I import the same config on her machine, it can't connect to this specific vpn connection.
It can connect to another similar vpn connection from that machine. If that were not the case, I'd suspect a corrupted or damaged viscosity install, library issues, etc.

Does viscosity have a debug mode?
And specifically, the point where it fails on the "bad" laptop is here:
2018-03-30 10:43:37: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2018-03-30 10:43:37: TLS Error: TLS handshake failed
2018-03-30 10:43:37: SIGUSR1[soft,tls-error] received, process restarting

The same key files are used on both systems. Same Viscosity version. Same updated OSX on both.
Hi danix,

I'm afraid the "TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)" error is as low-level as it gets: it flat out means that OpenVPN is unable to even start establishing a connection to the remote server.

You can check the server-side log: if it immediately rejected the connection attempt there will be a TLS error listed (which typically means a problem with the certificate/key). If there is nothing in the server-side log for the connection attempt, that means the problem has nothing to do with the Viscosity/OpenVPN configuration and something is else is most likely blocking the connection attempt (such as hidden firewall software or a rule, a routing problem, etc.).

Cheers,
James
7 posts Page 1 of 1

Copyright © 2016 SparkLabs Pty Ltd. All Rights Reserved. Privacy Policy