Windows vs Mac - Same configuration, windows not working

Got a problem with Viscosity or need help? Ask here!

meialua

Posts: 3
Joined: Wed Dec 21, 2011 8:21 am

Post by meialua » Thu May 10, 2012 4:12 am
Hi,

I've been struggling to get viscosity working under windows from some time now, I've read the forums, tried many of the solutions proposed (mostly route delays, adding routes etc...). As I am not sure about the real problem I'm facing I'll just describe the situation as simply as possible: I have a running VPN server to which I am connecting using my mac, if I set up viscosity for windows with the exact same configuration I can connect to the network but the route seems to be missing.

Here is the conf:
Code: Select all
#-- Config Auto Generated By Viscosity --#

#viscosity startonopen false
#viscosity dhcp true
#viscosity dnssupport true
#viscosity name home
remote myprivateaddress.net 1018
pull
tls-client
tls-auth ta.key 1
proto udp
persist-key
ca ca.crt
nobind
persist-tun
cert cert.crt
comp-lzo
dev tap
key key.key
pull
cipher AES-128-CBC
tls-remote server
auth SHA1
Here is the log:
Code: Select all
Mai 09 08:05:53: State changed to Connecting
Mai 09 08:05:53: Viscosity 1.3.7 (1143)
Mai 09 08:05:53: Running on Microsoft Windows 7 Professional 
Mai 09 08:05:53: Checking reachability status of connection...
Mai 09 08:05:53: DNS Resolution Failed for silvernet.selfip.net
Mai 09 08:05:53: Connection is not reachable. Disconnecting.
Mai 09 08:05:53: State changed to Disconnected
Mai 09 08:06:36: State changed to Connecting
Mai 09 08:06:36: Viscosity 1.3.7 (1143)
Mai 09 08:06:36: Running on Microsoft Windows 7 Professional 
Mai 09 08:06:36: Checking reachability status of connection...
Mai 09 08:06:37: Connection is reachable. Starting connection attempt.
Mai 09 08:06:37: No associated network adapter was found, creating one. This process may take up to a minute or two.
Mai 09 08:06:37: State changed to Creating...
Mai 09 08:06:57: Network adapter created. Proceeding with connection attempt
Mai 09 08:06:57: State changed to Connecting
Mai 09 08:06:57: Bringing up interface
Mai 09 08:06:57: OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Jan  4 2012
Mai 9 08:07:00: WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Mai 9 08:07:00: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mai 9 08:07:00: Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Mai 9 08:07:00: LZO compression initialized
Mai 9 08:07:00: UDPv4 link local: [undef]
Mai 9 08:07:00: UDPv4 link remote: 178.26.45.140:1018
Mai 9 08:07:02: [server] Peer Connection Initiated with 178.26.45.140:1018
Mai 9 08:07:04: TAP-WIN32 device [silvernet_1 1] opened: \\.\Global\{9942608A-60FA-4808-978D-DAD62C2D5BE3}.tap
Mai 9 08:07:04: Notified TAP-Win32 driver to set a DHCP IP/netmask of 192.168.200.100/255.255.255.0 on interface {9942608A-60FA-4808-978D-DAD62C2D5BE3} [DHCP-serv: 192.168.200.0, lease-time: 31536000]
Mai 9 08:07:04: Successful ARP Flush on interface [38] {9942608A-60FA-4808-978D-DAD62C2D5BE3}Mai 9 08:07:40: OpenVPN ROUTE: omitted no-op route: 192.168.178.253/255.255.255.255 -> 192.168.178.253
Mai 9 08:07:40: Warning: route gateway is not reachable on any active network adapters: 192.168.178.253
Mai 9 08:07:40: SYSTEM ROUTING TABLE
Mai 9 08:07:40: 0.0.0.0 0.0.0.0 10.0.0.1 p=0 i=14 t=4 pr=3 a=2767 h=0 m=30/0/0/0/0
Mai 9 08:07:40: 10.0.0.0 255.255.255.0 10.0.0.59 p=0 i=14 t=3 pr=3 a=2767 h=0 m=286/0/0/0/0
Mai 9 08:07:40: 10.0.0.59 255.255.255.255 10.0.0.59 p=0 i=14 t=3 pr=3 a=2767 h=0 m=286/0/0/0/0
Mai 9 08:07:40: 10.0.0.255 255.255.255.255 10.0.0.59 p=0 i=14 t=3 pr=3 a=2767 h=0 m=286/0/0/0/0
Mai 9 08:07:40: 127.0.0.0 255.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=3 a=34790 h=0 m=306/0/0/0/0
Mai 9 08:07:40: 127.0.0.1 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=3 a=34790 h=0 m=306/0/0/0/0
Mai 9 08:07:40: 127.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=3 a=34790 h=0 m=306/0/0/0/0
Mai 9 08:07:40: 192.168.178.0 255.255.255.0 192.168.178.253 p=0 i=14 t=4 pr=3 a=0 h=0 m=31/0/0/0/0
Mai 9 08:07:40: 192.168.200.0 255.255.255.0 192.168.200.100 p=0 i=38 t=3 pr=3 a=30 h=0 m=286/0/0/0/0
Mai 9 08:07:40: 192.168.200.100 255.255.255.255 192.168.200.100 p=0 i=38 t=3 pr=3 a=30 h=0 m=286/0/0/0/0
Mai 9 08:07:40: 192.168.200.255 255.255.255.255 192.168.200.100 p=0 i=38 t=3 pr=3 a=30 h=0 m=286/0/0/0/0
Mai 9 08:07:40: 224.0.0.0 240.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=3 a=34790 h=0 m=306/0/0/0/0
Mai 9 08:07:40: 224.0.0.0 240.0.0.0 10.0.0.59 p=0 i=14 t=3 pr=3 a=11745 h=0 m=286/0/0/0/0
Mai 9 08:07:40: 224.0.0.0 240.0.0.0 192.168.200.100 p=0 i=38 t=3 pr=3 a=42 h=0 m=286/0/0/0/0
Mai 9 08:07:40: 255.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=3 a=34790 h=0 m=306/0/0/0/0
Mai 9 08:07:40: 255.255.255.255 255.255.255.255 10.0.0.59 p=0 i=14 t=3 pr=3 a=11745 h=0 m=286/0/0/0/0
Mai 9 08:07:40: 255.255.255.255 255.255.255.255 192.168.200.100 p=0 i=38 t=3 pr=3 a=42 h=0 m=286/0/0/0/0
Mai 9 08:07:40: SYSTEM ADAPTER LIST
Mai 9 08:07:40: Viscosity Virtual Adapter V9.1 #4
Mai 9 08:07:40:   Index = 38
Mai 9 08:07:40:   GUID = {9942608A-60FA-4808-978D-DAD62C2D5BE3}
Mai 9 08:07:40:   IP = 192.168.200.100/255.255.255.0 
Mai 9 08:07:40:   MAC = 00:ff:99:42:60:8a
Mai 9 08:07:40:   GATEWAY = 0.0.0.0/255.255.255.255 
Mai 9 08:07:40:   DHCP SERV = 192.168.200.0/255.255.255.255 
Mai 9 08:07:40:   DHCP LEASE OBTAINED = Wed May 09 20:07:09 2012
Mai 9 08:07:40:   DHCP LEASE EXPIRES  = Wed May 13 14:20:04 1970
Mai 9 08:07:40:   DNS SERV =  
Mai 9 08:07:40: Viscosity Virtual Adapter V9.1 #3
Mai 9 08:07:40:   Index = 35
Mai 9 08:07:40:   GUID = {C21E79E1-33B4-411A-A4A8-2F08A521C8C3}
Mai 9 08:07:40:   IP = 0.0.0.0/0.0.0.0 
Mai 9 08:07:40:   MAC = 00:ff:c2:1e:79:e1
Mai 9 08:07:40:   GATEWAY = 0.0.0.0/255.255.255.255 
Mai 9 08:07:40:   DHCP SERV =  
Mai 9 08:07:40:   DHCP LEASE OBTAINED = Wed May 09 20:07:41 2012
Mai 9 08:07:40:   DHCP LEASE EXPIRES  = Wed May 13 14:30:44 1970
Mai 9 08:07:40:   DNS SERV =  
Mai 9 08:07:40: Viscosity Virtual Adapter V9.1 #2
Mai 9 08:07:40:   Index = 21
Mai 9 08:07:40:   GUID = {F54A90AE-7E29-46A0-9B39-6C8E97F2FAA3}
Mai 9 08:07:40:   IP = 0.0.0.0/0.0.0.0 
Mai 9 08:07:40:   MAC = 00:ff:f5:4a:90:ae
Mai 9 08:07:40:   GATEWAY = 0.0.0.0/255.255.255.255 
Mai 9 08:07:40:   DHCP SERV =  
Mai 9 08:07:40:   DHCP LEASE OBTAINED = Wed May 09 20:07:41 2012
Mai 9 08:07:40:   DHCP LEASE EXPIRES  = Wed May 13 14:41:24 1970
Mai 9 08:07:40:   DNS SERV =  
Mai 9 08:07:40: PdaNet Broadband Adapter
Mai 9 08:07:40:   Index = 20
Mai 9 08:07:40:   GUID = {8C2D2183-8691-47CC-98C2-7A0E7EB36C70}
Mai 9 08:07:40:   IP = 0.0.0.0/0.0.0.0 
Mai 9 08:07:40:   MAC = 00:26:37:bd:39:42
Mai 9 08:07:40:   GATEWAY = 0.0.0.0/255.255.255.255 
Mai 9 08:07:40:   DHCP SERV =  
Mai 9 08:07:40:   DHCP LEASE OBTAINED = Wed May 09 20:07:41 2012
Mai 9 08:07:40:   DHCP LEASE EXPIRES  = Wed May 13 14:52:04 1970
Mai 9 08:07:40:   DNS SERV =  
Mai 9 08:07:40: Viscosity Virtual Adapter V9.1
Mai 9 08:07:40:   Index = 19
Mai 9 08:07:40:   GUID = {212AD9F9-9276-4BF7-BEBF-256EFBB02DE9}
Mai 9 08:07:40:   IP = 0.0.0.0/0.0.0.0 
Mai 9 08:07:40:   MAC = 00:ff:21:2a:d9:f9
Mai 9 08:07:40:   GATEWAY = 0.0.0.0/255.255.255.255 
Mai 9 08:07:40:   DHCP SERV =  
Mai 9 08:07:40:   DHCP LEASE OBTAINED = Wed May 09 20:07:41 2012
Mai 9 08:07:40:   DHCP LEASE EXPIRES  = Wed May 13 15:02:44 1970
Mai 9 08:07:40:   DNS SERV =  
Mai 9 08:07:40: Broadcom 4313 802.11b/g/n
Mai 9 08:07:40:   Index = 14
Mai 9 08:07:40:   GUID = {2D3FDAD5-96BC-4D75-A6A4-02122481C656}
Mai 9 08:07:40:   IP = 10.0.0.59/255.255.255.0 
Mai 9 08:07:40:   MAC = c4:46:19:45:db:92
Mai 9 08:07:40:   GATEWAY = 10.0.0.1/255.255.255.255 
Mai 9 08:07:40:   DHCP SERV = 10.0.0.1/255.255.255.255 
Mai 9 08:07:40:   DHCP LEASE OBTAINED = Wed May 09 19:51:30 2012
Mai 9 08:07:40:   DHCP LEASE EXPIRES  = Thu Jan 01 01:00:00 1970
Mai 9 08:07:40:   DNS SERV = 10.0.0.1/255.255.255.255 
Mai 9 08:07:40: Bluetooth Device (Personal Area Network)
Mai 9 08:07:40:   Index = 13
Mai 9 08:07:40:   GUID = {2F846E65-F1E4-4192-ADF7-D2E6CBDA609A}
Mai 9 08:07:40:   IP = 0.0.0.0/0.0.0.0 
Mai 9 08:07:40:   MAC = 70:f3:95:9b:18:24
Mai 9 08:07:40:   GATEWAY = 0.0.0.0/255.255.255.255 
Mai 9 08:07:40:   DHCP SERV =  
Mai 9 08:07:40:   DHCP LEASE OBTAINED = Wed May 09 20:07:41 2012
Mai 9 08:07:40:   DHCP LEASE EXPIRES  = Thu Jan 01 01:00:00 1970
Mai 9 08:07:40:   DNS SERV =  
Mai 9 08:07:40: Initialization Sequence Completed With Errors ( see http://openvpn.net/faq.html#dhcpclientserv )
Mai 09 08:07:40: State changed to Connected
I get an IP from the server but I cannot connect to any machine on the remote LAN. I see some errors but this exact same config is working under OSX.

1. Did someone already experience the same issue?
2. Is there anything wrong with the config file?

Many thanks

Eric

User avatar
Posts: 866
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Sat May 12, 2012 12:52 am
Hi Meialua,

Are you able to provide us a copy of the Viscosity log with 'route-delay 20' (no quotes) added to the Advanced section of the configuration (Edit your connection, go to the Advanced tab and add the above on a new line in the text box)?

A copy of your server config would also go a great way to help us see what is going on.

Cheers,

Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

matt.wasserman

Posts: 14
Joined: Sun May 22, 2011 9:41 pm

Post by matt.wasserman » Wed May 16, 2012 1:04 am
Check in the advanced section of the connection settings, under additional commands. If you have a line for keep alive, delete it.

meialua

Posts: 3
Joined: Wed Dec 21, 2011 8:21 am

Post by meialua » Tue May 22, 2012 6:31 am
Thanks for your replies and sorry for the late answer..I've have been away.

Matt:
no keep alive in the additional commands.

Eric:
The log is already including a 'route delay 30' parameter.
Here's the server config:
Code: Select all
proto udp
dev tap
ca /tmp/flash/ca.crt
cert /tmp/flash/box.crt
key /tmp/flash/box.key
dh /tmp/flash/dh.pem
tls-server
tls-auth /tmp/flash/static.key 0
port 1018
mode server
ifconfig-pool 192.168.200.100 192.168.200.150
push "route 192.168.178.253 "
push "route-gateway 192.168.178.253 "
ifconfig 192.168.178.253 255.255.255.0
push "route-gateway 192.168.178.253"
push "route 192.168.178.0 255.255.255.0"
max-clients 3
tun-mtu 1500
mssfix
log /var/tmp/debug_openvpn.out
verb 3
daemon
cipher AES-128-CBC
comp-lzo
keepalive 10 120
Thanks for your help.

James

User avatar
Posts: 1869
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Tue May 22, 2012 9:52 pm
Hi meialua,

This is the line that indicates where the problem lies:
Code: Select all
OpenVPN ROUTE: omitted no-op route: 192.168.178.253/255.255.255.255 -> 192.168.178.253
Mai 9 08:07:40: Warning: route gateway is not reachable on any active network adapters
The problem lies with that the IP address being given to the client and associated netmask (192.168.200.100/255.255.255.0) and the default gateway being set (192.168.178.253) are not in the same range. Either the netmask needs to be changed (e.g. to 255.255.0.0), or a gateway in the 192.168.200.x range needs to be specified.

Now looking at the server config file, there are a few issues. OpenVPN only takes into account a single push "route-gateway" command. It looks like what you are trying to do is first set a route for the 192.168.178.x subnet, and also set the server's IP address to be in the 192.168.178.x subnet, however the IP range being assigned to users is in the 192.168.200.x scope.

Now I'm not exactly sure of what your network actually looks like, however it seems like you probably want to do something more like the following (instead of your current ifconfig-pool and push commands).
Code: Select all
ifconfig-pool 192.168.178.100 192.168.178.150 255.255.255.0
push "route-gateway 192.168.178.253"
ifconfig 192.168.178.253 255.255.255.0
I get an IP from the server but I cannot connect to any machine on the remote LAN. I see some errors but this exact same config is working under OSX.
Do you have a DHCP server on the remote network? My guess as to why it is working under Mac OS X as is, but not Windows, as by default the Mac version will obtain an IP address from a remote DHCP server for TAP interfaces (if the Enable DHCP option is on, which it is by default). Turning off this option would probably result in similar behaviour to the Windows version as well. Alternatively, you could stop your OpenVPN server pushing out an IP address, and instead let Windows obtain an IP address from the remote DHCP server, which may also resolve the problem.

Cheers,
James
James Bekkema
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

meialua

Posts: 3
Joined: Wed Dec 21, 2011 8:21 am

Post by meialua » Sat Jun 02, 2012 6:33 pm
James, thanks for the hint, you were spot on.

I have just changed the netmask of the IP being given to the adapter by the server to match the getway's one, i.e. 192.168.178.xxx and everything is working.

Thanks again for the support.
6 posts Page 1 of 1