Page 1 of 1

Connection restarts without VPN after killswitch disconnect

Posted: Thu May 23, 2019 10:57 pm
by avarlotta
Hello,
I've set my internet connection in macOS to be disabled if the VPN connection drops, and I've been able to do so by following the instructions at:

http://www.sparklabs.com/support/kb/article/preventing-network-and-dns-traffic-leaks/#preventing-network-leaks-when-a-drop-out-disconnect-occurs

However since the the new update to Viscosity 1.7.15, the script will disconnect the wireless connection briefly but then it will restart without the VPN activated. Previously when the connection would drop, it would stay dropped until manually activated, which suited me fine.

I've attached the log from the connection to the Private Internet Access VPN to the Czech Repubblic. Suggestions are much welcome.

Angelo
Czech Republic Log.txt
(2.52 KiB) Downloaded 789 times

Re: Connection restarts without VPN after killswitch disconnect

Posted: Fri May 24, 2019 12:22 am
by James
Hi Angelo,

After an update you'll need to re-enable the AllowOpenVPNScripts security setting like so:
Code: Select all
/Applications/Viscosity.app/Contents/MacOS/Viscosity -setSecureGlobalSetting YES -setting AllowOpenVPNScripts -value YES
Cheers,
James

Re: Connection restarts without VPN after killswitch disconnect

Posted: Fri May 24, 2019 4:20 am
by avarlotta
Hi James,
I followed your suggestion and I still have the same behavior as before. Somehow wireless just reconnects automatically now even after the script is executed. I didn't have this behavior in 1.7.14. Any other suggestions?

Cheers,
Angelo

Re: Connection restarts without VPN after killswitch disconnect

Posted: Fri May 24, 2019 4:24 pm
by James
The following lines in the log file indicate that the AllowOpenVPNScripts is unlikely set:
Code: Select all
2019-05-23 13:43:54: WARNING: External program may not be called unless '--script-security 2' or higher is enabled. See --help text or man page for detailed info.
2019-05-23 13:43:54: WARNING: Failed running command (--up/--down): external program fork failed

If after running the command above you're still having trouble, I recommend checking your OpenVPN log again to see if the same messages still get added to the log file when disconnecting, or whether there are any other warning/error messages.

Please also ensure that the "Reset network interfaces on disconnect" option is not enabled under Preferences->Advanced, as this will likely re-enable the network interface.

Cheers,
James

Re: Connection restarts without VPN after killswitch disconnect

Posted: Fri May 24, 2019 7:57 pm
by avarlotta
Hi James,
Still having the same issues after running the above command. I get the same error message in the log that you mentioned, for two different VPN connections (see attachments). I've also disabled the "Reset network interfaces on disconnect" option but this doesn't disconnect the wireless at all when the VPN drops. If I run "/usr/bin/python disablenetwork.py" from the terminal, the wireless connection will drop without restarting. Since I've installed Viscosity in a subfolder of "Applications/", I've also tried to move it to the "Applications/" folder and try the exact same command you typed but that doesn't work either.

Cheers,
Angelo

Re: Connection restarts without VPN after killswitch disconnect

Posted: Fri May 31, 2019 9:41 pm
by avarlotta
Hello all,
I understand now where my problem lay. I needed to add 'script-security 2' in the extra OpenVPN configuration commands in the advanced tab of the connection settings. Together with the kill switch script, automatic disconnect when the VPN fails work properly now. Hope that this helps people who might have had my same problem

Cheers,
Angelo

Re: Connection restarts without VPN after killswitch disconnect

Posted: Mon Jun 03, 2019 6:18 am
by James
Hi Angelo,

It sounds like Viscosity's "Allow unsafe OpenVPN command to be used" option may be enabled under Preferences->Advanced. This option overrides the "AllowOpenVPNScripts" security setting.

Viscosity will be automatically setting the script-security command when using the "AllowOpenVPNScripts", so you should be able to turn off the "Allow unsafe OpenVPN command to be used" option, and remove the "script-security" advanced command from your connection.

Cheers,
James