Skip to content
Intermittent no connection
Got a problem with Viscosity or need help? Ask here!
Hi,
I appeared to have faced this issue with tunnelblick and now also with Viscosity. I am confused because I use virtually the same client config setup on a Windows and Android phone, but I do not have the issue I am currently facing on macOS (both in Mojave and now Catalina). I am on Viscosity 1.8.1. Sometimes out of seemingly nowhere, as even with verb 4 nothing shows up in the logs, the client shows that I am still connected to the VPN server but I cannot get any connection. Basically, if I click on the Viscosity icon it shows that I am sending packets up but getting no down. It is not a DNS issue; either pinging IPs or domains get me nothing. Sometimes the issue resolves itself after a few minutes of me not doing anything, but always if I instantly reset my network interface (either by disconnecting wifi or enabling the option in Viscosity to reset the interface and then disconnecting and reconnecting) I instantly get internet connection again. Again, there is no indication in the logs with verb 4 of what is exactly happening to cause this issue. The problem probably occurs once a week so it is decently rare but somewhat consistent. I will attach the client and server configs below with sensitive information omitted. I would like to add that I have a pihole running on the same openvpn server, but I doubt it is the issue. I believe it has something to do with macOS routing tables breaking but I have no idea why they break randomly as the only thing I run locally is Viscosity.
Server conf
port 1194
proto udp
fast-io
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
push "dhcp-option DNS 10.8.0.1" #pihole installation
push "redirect-gateway def1 bypass-dhcp"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key 0
crl-verify crl.pem
ca ca.crt
cert xx.crt
key xx.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
verb 4
duplicate-cn
status /var/log/openvpn-status.log
log /var/log/openvpn.log
management 127.0.0.1 6666
sndbuf 0
rcvbuf 0
reneg-sec 0
client.conf not complete just the advanced options shown in Viscosity
sndbuf 0
verb 4
ncp-disable
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
auth SHA256
rcvbuf 0
resolv-retry infinite
auth-nocache
tls-version-min 1.2
verify-x509-name xx name
cipher AES-128-GCM
fast-io
tun-mtu 1378
--
persist tun, persist key, no bind and pull options are ticked. All traffic and DNS are being routed through the openvpn server.
I appeared to have faced this issue with tunnelblick and now also with Viscosity. I am confused because I use virtually the same client config setup on a Windows and Android phone, but I do not have the issue I am currently facing on macOS (both in Mojave and now Catalina). I am on Viscosity 1.8.1. Sometimes out of seemingly nowhere, as even with verb 4 nothing shows up in the logs, the client shows that I am still connected to the VPN server but I cannot get any connection. Basically, if I click on the Viscosity icon it shows that I am sending packets up but getting no down. It is not a DNS issue; either pinging IPs or domains get me nothing. Sometimes the issue resolves itself after a few minutes of me not doing anything, but always if I instantly reset my network interface (either by disconnecting wifi or enabling the option in Viscosity to reset the interface and then disconnecting and reconnecting) I instantly get internet connection again. Again, there is no indication in the logs with verb 4 of what is exactly happening to cause this issue. The problem probably occurs once a week so it is decently rare but somewhat consistent. I will attach the client and server configs below with sensitive information omitted. I would like to add that I have a pihole running on the same openvpn server, but I doubt it is the issue. I believe it has something to do with macOS routing tables breaking but I have no idea why they break randomly as the only thing I run locally is Viscosity.
Server conf
port 1194
proto udp
fast-io
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
push "dhcp-option DNS 10.8.0.1" #pihole installation
push "redirect-gateway def1 bypass-dhcp"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key 0
crl-verify crl.pem
ca ca.crt
cert xx.crt
key xx.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
verb 4
duplicate-cn
status /var/log/openvpn-status.log
log /var/log/openvpn.log
management 127.0.0.1 6666
sndbuf 0
rcvbuf 0
reneg-sec 0
client.conf not complete just the advanced options shown in Viscosity
sndbuf 0
verb 4
ncp-disable
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
auth SHA256
rcvbuf 0
resolv-retry infinite
auth-nocache
tls-version-min 1.2
verify-x509-name xx name
cipher AES-128-GCM
fast-io
tun-mtu 1378
--
persist tun, persist key, no bind and pull options are ticked. All traffic and DNS are being routed through the openvpn server.
Hi ezzah,
According to what you have posted, "reneg-sec 0" is present in the server configuration but not the client. "reneg-sec 0" disables renegotiation, however for it to work correctly it must be present in both the server and client configuration. I recommend you try either adding it to the client configuration (in the advanced commands area), or removing it from the server's configuration.
Cheers,
James
According to what you have posted, "reneg-sec 0" is present in the server configuration but not the client. "reneg-sec 0" disables renegotiation, however for it to work correctly it must be present in both the server and client configuration. I recommend you try either adding it to the client configuration (in the advanced commands area), or removing it from the server's configuration.
Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
2 posts
Page 1 of 1