works on MBP but not on iMac

Got a problem with Viscosity or need help? Ask here!

bwanajag

Posts: 2
Joined: Tue Jan 02, 2018 9:00 pm

Post by bwanajag » Tue Jan 02, 2018 9:13 pm
I'm having problems with my Viscosity VPN connection. I have a pfsense box setup in a remote location, created a Remote Access VPN connection, and exported the .ovpn file for Viscocity. Imported the same file into the Viscosity client on both my iMac and MBP. It works on my MBP, but doesn't on the iMac.

Both Macs running 10.13.2
Both Macs use Viscosity client 1.7.6

I checked the logs and both are logging the same information. However, the iMac connects... but doesn't work - it shows connected but no activity (can't reach any clients at the remote site, traffic is not traversing the tunnel). When connecting with my MBP, I can connect to my remote clients without issue. On my iMac, I'm connected to my local network with a bond (2 NIC's), whereas the MBP is connected via WiFi.

Any ideas as to why this isn't working?

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Wed Jan 03, 2018 4:28 pm
Hi bwanajag,

A bonded setup is not something we've ever tested Viscosity under, so it's quite possible it may be related to that. We'll see if it's something we can replicate. In the meantime I recommend trying to identify whether it is a full routing issue or just a DNS issue:
https://www.sparklabs.com/support/kb/ar ... connection

I also recommend checking the OpenVPN server's config and logs to make sure there are no weird gotchas: a common one is that the server is assigning the same IP address to both connections (due to a CCD file).

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

bwanajag

Posts: 2
Joined: Tue Jan 02, 2018 9:00 pm

Post by bwanajag » Wed Jan 10, 2018 10:20 pm
Thanks James, I've checked the following. Also, I'm only connecting one machine at a time.

Ping while connected to VPN:
MBP - can ping the remote router
iMac - cannot ping the remote router

DNS while connected to VPN:
MBP - cannot resolve names to IP's so there's a problem somewhere related to DNS
iMac - can't do anything but connect and sit there, so no DNS, no traffic, no packets (seemingly)

Both machines have "Automatic" set for All Traffic, as well as DNS Settings. So, these should be set by the remote OVPN server on the router. I'll look at the OVPN server config on the router to see if I can address the DNS issue, however, it still doesn't explain why the MBP will connect and pass traffic and the iMac will not. As well, after giving is some thought, the iMac connects to several other OVPN servers via the Viscosity app, which suggests the network bond does not play into the equation.

Not sure if it will help, but here are the logs for each machine:

iMac:
Code: Select all
2018-01-10 19:12:30: Viscosity Mac 1.7.6 (1425)
2018-01-10 19:12:30: Viscosity OpenVPN Engine Started
2018-01-10 19:12:30: Running on macOS 10.13.2
2018-01-10 19:12:30: ---------
2018-01-10 19:12:30: State changed to Connecting
2018-01-10 19:12:30: Checking reachability status of connection...
2018-01-10 19:12:30: Connection is reachable. Starting connection attempt.
2018-01-10 19:12:31: OpenVPN 2.4.4 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Dec 19 2017
2018-01-10 19:12:31: library versions: OpenSSL 1.0.2n  7 Dec 2017, LZO 2.10
2018-01-10 19:12:31: TCP/UDP: Preserving recently used remote address: [AF_INET]remote.address:1194
2018-01-10 19:12:31: UDP link local (bound): [AF_INET][undef]:0
2018-01-10 19:12:31: UDP link remote: [AF_INET]remote.address:1194
2018-01-10 19:12:31: State changed to Authenticating
2018-01-10 19:12:31: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2018-01-10 19:12:31: [pfso_scert] Peer Connection Initiated with [AF_INET]remote.address:1194
2018-01-10 19:12:33: Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16)
2018-01-10 19:12:33: Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16)
2018-01-10 19:12:33: Opened utun device utun2
2018-01-10 19:12:33: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
2018-01-10 19:12:33: /sbin/ifconfig utun2 delete
2018-01-10 19:12:33: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2018-01-10 19:12:33: /sbin/ifconfig utun2 10.0.11.2 10.0.11.2 netmask 255.255.255.0 mtu 1500 up
2018-01-10 19:12:33: Initialization Sequence Completed
2018-01-10 19:12:33: DNS mode set to Full
2018-01-10 19:12:34: State changed to Connected
MBP:
Code: Select all
2018-01-10 19:16:04: Viscosity Mac 1.7.6 (1425)
2018-01-10 19:16:04: Viscosity OpenVPN Engine Started
2018-01-10 19:16:04: Running on macOS 10.13.2
2018-01-10 19:16:04: ---------
2018-01-10 19:16:04: State changed to Connecting
2018-01-10 19:16:05: Checking reachability status of connection...
2018-01-10 19:16:05: Connection is reachable. Starting connection attempt.
2018-01-10 19:16:05: OpenVPN 2.4.4 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Dec 19 2017
2018-01-10 19:16:05: library versions: OpenSSL 1.0.2n  7 Dec 2017, LZO 2.10
2018-01-10 19:16:05: TCP/UDP: Preserving recently used remote address: [AF_INET]remote.address:1194
2018-01-10 19:16:05: UDP link local (bound): [AF_INET][undef]:0
2018-01-10 19:16:05: UDP link remote: [AF_INET]remote.address:1194
2018-01-10 19:16:05: State changed to Authenticating
2018-01-10 19:16:05: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2018-01-10 19:16:06: [pfso_scert] Peer Connection Initiated with [AF_INET]remote.address:1194
2018-01-10 19:16:07: Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16)
2018-01-10 19:16:07: Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16)
2018-01-10 19:16:07: Opened utun device utun2
2018-01-10 19:16:07: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
2018-01-10 19:16:07: /sbin/ifconfig utun2 delete
2018-01-10 19:16:07: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2018-01-10 19:16:07: /sbin/ifconfig utun2 10.0.11.2 10.0.11.2 netmask 255.255.255.0 mtu 1500 up
2018-01-10 19:16:07: Initialization Sequence Completed
2018-01-10 19:16:08: DNS mode set to Full
2018-01-10 19:16:09: State changed to Connected

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Fri Jan 12, 2018 11:11 am
Hi bwanajag,

Thanks for posting your logs. Are you able to ping the internal IP address of the VPN server? In this case it's probably 10.0.11.1.

As a test, also try bumping the OpenVPN version back to version 2.3 (open Viscosity's Preferences window, click Advanced, and change the OpenVPN Version menu) and try connection. It's possible there may be a compression mismatch between the server and client/s, which both often results in strange behaviour and no log error messages. If it turns out everything works under 2.3, then you'll probably want to check your settings per the following article:
http://www.sparklabs.com/support/kb/art ... ader-byte/

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
4 posts Page 1 of 1