Connection restarts without VPN after killswitch disconnect

Got a problem with Viscosity or need help? Ask here!

avarlotta

Posts: 5
Joined: Thu May 23, 2019 10:38 pm

Post by avarlotta » Thu May 23, 2019 10:57 pm
Hello,
I've set my internet connection in macOS to be disabled if the VPN connection drops, and I've been able to do so by following the instructions at:

http://www.sparklabs.com/support/kb/article/preventing-network-and-dns-traffic-leaks/#preventing-network-leaks-when-a-drop-out-disconnect-occurs

However since the the new update to Viscosity 1.7.15, the script will disconnect the wireless connection briefly but then it will restart without the VPN activated. Previously when the connection would drop, it would stay dropped until manually activated, which suited me fine.

I've attached the log from the connection to the Private Internet Access VPN to the Czech Repubblic. Suggestions are much welcome.

Angelo
Czech Republic Log.txt
(2.52 KiB) Downloaded 789 times

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Fri May 24, 2019 12:22 am
Hi Angelo,

After an update you'll need to re-enable the AllowOpenVPNScripts security setting like so:
Code: Select all
/Applications/Viscosity.app/Contents/MacOS/Viscosity -setSecureGlobalSetting YES -setting AllowOpenVPNScripts -value YES
Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

avarlotta

Posts: 5
Joined: Thu May 23, 2019 10:38 pm

Post by avarlotta » Fri May 24, 2019 4:20 am
Hi James,
I followed your suggestion and I still have the same behavior as before. Somehow wireless just reconnects automatically now even after the script is executed. I didn't have this behavior in 1.7.14. Any other suggestions?

Cheers,
Angelo

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Fri May 24, 2019 4:24 pm
The following lines in the log file indicate that the AllowOpenVPNScripts is unlikely set:
Code: Select all
2019-05-23 13:43:54: WARNING: External program may not be called unless '--script-security 2' or higher is enabled. See --help text or man page for detailed info.
2019-05-23 13:43:54: WARNING: Failed running command (--up/--down): external program fork failed

If after running the command above you're still having trouble, I recommend checking your OpenVPN log again to see if the same messages still get added to the log file when disconnecting, or whether there are any other warning/error messages.

Please also ensure that the "Reset network interfaces on disconnect" option is not enabled under Preferences->Advanced, as this will likely re-enable the network interface.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

avarlotta

Posts: 5
Joined: Thu May 23, 2019 10:38 pm

Post by avarlotta » Fri May 24, 2019 7:57 pm
Hi James,
Still having the same issues after running the above command. I get the same error message in the log that you mentioned, for two different VPN connections (see attachments). I've also disabled the "Reset network interfaces on disconnect" option but this doesn't disconnect the wireless at all when the VPN drops. If I run "/usr/bin/python disablenetwork.py" from the terminal, the wireless connection will drop without restarting. Since I've installed Viscosity in a subfolder of "Applications/", I've also tried to move it to the "Applications/" folder and try the exact same command you typed but that doesn't work either.

Cheers,
Angelo
Attachments
Ireland Log.txt
(2.5 KiB) Downloaded 664 times

DE Berlin Log.txt
(5.04 KiB) Downloaded 680 times

avarlotta

Posts: 5
Joined: Thu May 23, 2019 10:38 pm

Post by avarlotta » Fri May 31, 2019 9:41 pm
Hello all,
I understand now where my problem lay. I needed to add 'script-security 2' in the extra OpenVPN configuration commands in the advanced tab of the connection settings. Together with the kill switch script, automatic disconnect when the VPN fails work properly now. Hope that this helps people who might have had my same problem

Cheers,
Angelo

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Mon Jun 03, 2019 6:18 am
Hi Angelo,

It sounds like Viscosity's "Allow unsafe OpenVPN command to be used" option may be enabled under Preferences->Advanced. This option overrides the "AllowOpenVPNScripts" security setting.

Viscosity will be automatically setting the script-security command when using the "AllowOpenVPNScripts", so you should be able to turn off the "Allow unsafe OpenVPN command to be used" option, and remove the "script-security" advanced command from your connection.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
7 posts Page 1 of 1