Once a VPN has connected using a particular network card, it cannot connect again unless that network card is active

Got a problem with Viscosity or need help? Ask here!

bribri

Posts: 15
Joined: Fri Jan 11, 2019 6:57 am

Post by bribri » Fri Apr 19, 2019 3:56 am
Thu Apr 18, 2019 12:48 pmJames wrote:
It sounds like the syntax being used may be invalid, or the IPv6 address/es being entered may be invalid. I recommend trying to create some through the editor (make sure the IP version is to to v6) and see if it persists.
I'm still not able to get it to work. Could you give me an example of a valid route-ipv6 line as it would appear in an OVPN profile or in "View Configuration Data"?
Does the VPN connection itself support IPv6 (i.e. is the VPN connection assigning you an IPv6 address)? If so, IPv6 traffic will still go through the VPN connection even if its disabled locally.
The VPN does support IPv6, so I'll need to try something else then.

Do you have a recommendation for how to handle routing sites by DNS name over the local gateway for IPv6 traffic?

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Mon Apr 22, 2019 10:32 pm
Could you give me an example of a valid route-ipv6 line as it would appear in an OVPN profile or in "View Configuration Data"?
Code: Select all
route-ipv6 2001:abcd::0:1234/64 2001:abcd::1:1234 default
The VPN does support IPv6, so I'll need to try something else then.
You can essentially disable IPv6 on the VPN connection with the following advanced commands (which instruct OpenVPN to ignore any pushed IPv6 settings):
Code: Select all
pull-filter ignore ifconfig-ipv6
pull-filter ignore route-ipv6
pull-filter ignore "redirect-gateway ipv6"
Do you have a recommendation for how to handle routing sites by DNS name over the local gateway for IPv6 traffic?
I'm afraid not. You may need to return to the scripting approach for IPv6.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

bribri

Posts: 15
Joined: Fri Jan 11, 2019 6:57 am

Post by bribri » Thu Apr 25, 2019 1:22 am
Mon Apr 22, 2019 10:32 pmJames wrote:
I'm afraid not. You may need to return to the scripting approach for IPv6.
Ah, I'm back to square one then!

Well I can go back to using the scripts I originally wrote and modify then to add IPv6 routes too, but I don't know what I need to fix the deal with the issue I originally reported. I suspect what's happening is that when I switch network connections, the routes my "route-up" script sets up don't get taken down, leaving things in a degenerate state that prevents Viscosity from being able to re-establish a connection. I'm not sure how I'm supposed to handle that.

My scripts were manually setting up routes using the 'route' terminal command. Is there perhaps a way to tell Viscosity at connection time that I want to set up some manual routes so that it will properly remove them when it disconnects?

Also now I'm finding that I'm no longer able to have my scripts run at connection time when I add them back to my VPN's settings. When connecting I get this message in the logs:
Code: Select all
2019-04-24 11:13:30: WARNING: External program may not be called unless '--script-security 2' or higher is enabled. See --help text or man page for detailed info.
2019-04-24 11:13:30: WARNING: Failed running command (--route-up): external program fork failed
I've enabled the setting to allow unsafe scripts as well as set the "AllowOpenVPNScripts" secure global setting to true -- not sure why it's no longer working when it did before!

I do appreciate all of the assistance you've been providing so far. I hope my continued questions aren't too much of an inconvenience!

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Fri Apr 26, 2019 8:03 pm
Is there perhaps a way to tell Viscosity at connection time that I want to set up some manual routes so that it will properly remove them when it disconnects?
The approach you'll want to take if using your own scripts is to log the routes it has created to a text file somewhere, and then upon disconnect remove these routes.
I've enabled the setting to allow unsafe scripts as well as set the "AllowOpenVPNScripts" secure global setting to true -- not sure why it's no longer working when it did before!
The option will reset when updating Viscosity, so you may need to enable it. If you're sure you've re-enabled it, then make sure the path to the script's location is correct and properly escaped (i.e. backslashes where required), and that the permissions on the script are correct.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
14 posts Page 2 of 2