Skip to content
Use with Watchguard Firebox
Got a problem with Viscosity or need help? Ask here!
has anyone used Viscosity to connect to a Watchguard Firebox instead of their SSL VPN client
I know they use OPenVPN and I can import the .ovpn into Visocsity but I can't seem to connect. getting a TLS error.
would love to use this a replacement so I can have easy access to multiple locations..if you have it working let me know..
Cheers!
I know they use OPenVPN and I can import the .ovpn into Visocsity but I can't seem to connect. getting a TLS error.
would love to use this a replacement so I can have easy access to multiple locations..if you have it working let me know..
Cheers!
Hi centit,
As far as I can tell you should be able to get Viscosity to connect to a Watchguard Firebox VPN server. Try editing your connection in Viscosity, clicking on the Certificates tab, and make sure that Viscosity was able to successfully import the CA, Cert, and Key files for your connection. If not, click the Clear/Select button and specify these files manually.
From what I can gather online, the .openvpn file may have a custom command or two you'll need to remove (such as remote-cert-eku), and one you might need to add (such as tls-remote "/O=WatchGuard_Technologies/OU=Fireware/CN=Fireware_SSLVPN_Server"). Edit your connection in Viscosity, click the Advanced tab, and add/edit/delete these commands there.
Cheers,
James
As far as I can tell you should be able to get Viscosity to connect to a Watchguard Firebox VPN server. Try editing your connection in Viscosity, clicking on the Certificates tab, and make sure that Viscosity was able to successfully import the CA, Cert, and Key files for your connection. If not, click the Clear/Select button and specify these files manually.
From what I can gather online, the .openvpn file may have a custom command or two you'll need to remove (such as remote-cert-eku), and one you might need to add (such as tls-remote "/O=WatchGuard_Technologies/OU=Fireware/CN=Fireware_SSLVPN_Server"). Edit your connection in Viscosity, click the Advanced tab, and add/edit/delete these commands there.
Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
Hey James,
I removed the remote-cert-eku and the TLS-remote line was already in the .ovpn file.
I have made it a lot further on the connection and now starts to init the tap with the assigned ip from the correct dhcp scope but errors out see below:
If you want me to post my .ovpn file let me know if that helps..
Cheers
I removed the remote-cert-eku and the TLS-remote line was already in the .ovpn file.
I have made it a lot further on the connection and now starts to init the tap with the assigned ip from the correct dhcp scope but errors out see below:
Wed Oct 14 16:30:26 2009: WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).Not sure if that means it was a script on Viscosity side or firebox..
Wed Oct 14 16:30:26 2009: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Wed Oct 14 16:30:26 2009: Attempting to establish TCP connection with x.x.x.x:443 [nonblock]
Wed Oct 14 16:30:27 2009: TCP connection established with x.x.x.x:443
Wed Oct 14 16:30:27 2009: TCPv4_CLIENT link local: [undef]
Wed Oct 14 16:30:27 2009: TCPv4_CLIENT link remote: x.x.x.x
Wed Oct 14 16:30:27 2009: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Oct 14 16:30:31 2009: [Fireware_SSLVPN_Server] Peer Connection Initiated with x.x.x.x
Wed Oct 14 16:30:32 2009: TUN/TAP device /dev/tap0 opened
Wed Oct 14 16:30:32 2009: /sbin/ifconfig tap0 delete
Wed Oct 14 16:30:32 2009: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
Wed Oct 14 16:30:32 2009: /sbin/ifconfig tap0 192.168.x.x netmask 255.255.255.0 mtu 1500 up
Wed Oct 14 16:30:32 2009: /Applications/Viscosity.app/Contents/Resources/dnsup.py tap0 1500 1591 192.168.x.x 255.255.255.0 init
Wed Oct 14 16:30:33 2009: script failed: external program exited with error status: 1
If you want me to post my .ovpn file let me know if that helps..
Cheers
Hi centit,
It looks like Viscosity's DNS support script was unable to run. Are you using the latest version of Viscosity (1.0.6)? Older versions may have issues when running under Snow Leopard.
You can also try turning off DNS support by Editing your connection in Viscosity, and unticking the "Enable DNS Support" checkbox. Or you could enable Alternate DNS Support by opening Viscosity's Preferences window, going to the Advanced area, and ticking "Use alternate DNS support".
Cheers,
James
It looks like Viscosity's DNS support script was unable to run. Are you using the latest version of Viscosity (1.0.6)? Older versions may have issues when running under Snow Leopard.
You can also try turning off DNS support by Editing your connection in Viscosity, and unticking the "Enable DNS Support" checkbox. Or you could enable Alternate DNS Support by opening Viscosity's Preferences window, going to the Advanced area, and ticking "Use alternate DNS support".
Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
James,
just wanted to let ya know that by unchecking "Enable DNS Support" , I was finally able to connect.
Everything works great except after a few connections with Viscosity the Firebox stops connecting SSL users, even the ones using the Watchguard SSL Client. Once I reboot the Firebox everything works again.
I think this is a bug on the Watchguard side and hopefully there will be a fix soon.
FYI incase anyone else finds this post interesting. I was testing this on a Firebox 10e-W with XTM 11.0.1.
Cheers!
just wanted to let ya know that by unchecking "Enable DNS Support" , I was finally able to connect.
Everything works great except after a few connections with Viscosity the Firebox stops connecting SSL users, even the ones using the Watchguard SSL Client. Once I reboot the Firebox everything works again.
I think this is a bug on the Watchguard side and hopefully there will be a fix soon.
FYI incase anyone else finds this post interesting. I was testing this on a Firebox 10e-W with XTM 11.0.1.
Cheers!
5 posts
Page 1 of 1