State changed to Disconnecting (Manual)

Got a problem with Viscosity or need help? Ask here!

marwan

Posts: 3
Joined: Thu Sep 09, 2021 11:59 pm

Post by marwan » Fri Sep 10, 2021 12:19 am
Hello,

I followed the official guides from the knowledge base to set up an OpenVPN server with Obfsproxy to use with Viscosity.

When I connect using the regular configuration, it works great. However, when I try to use the configuration with Obfsproxy, it hangs at "Connecting...", and the logs repeat itself.

Here are the logs:
Code: Select all
2021-09-09 17:24:55: Viscosity Mac 1.9.4 (1578)
2021-09-09 17:24:55: Viscosity OpenVPN Engine Started
2021-09-09 17:24:55: Running on macOS 11.4.0
2021-09-09 17:24:55: ---------
2021-09-09 17:24:55: State changed to Connecting
2021-09-09 17:24:55: Checking reachability status of connection...
2021-09-09 17:24:55: Connection is reachable. Starting connection attempt.
2021-09-09 17:24:55: OpenVPN 2.4.11 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Aug 26 2021
2021-09-09 17:24:55: library versions: OpenSSL 1.1.1l  24 Aug 2021, LZO 2.10
2021-09-09 17:24:55: Valid endpoint found: 188.166.147.244:80:tcp-client
2021-09-09 17:24:55: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2021-09-09 17:24:55: TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:56093
2021-09-09 17:24:55: Attempting to establish TCP connection with [AF_INET]127.0.0.1:56093 [nonblock]
2021-09-09 17:24:56: TCP connection established with [AF_INET]127.0.0.1:56093
2021-09-09 17:25:08: TCP_CLIENT link local: (not bound)
2021-09-09 17:25:08: TCP_CLIENT link remote: [AF_INET]127.0.0.1:56093
2021-09-09 17:25:08: Connection reset, restarting [0]
2021-09-09 17:25:08: SIGUSR1[soft,connection-reset] received, process restarting
2021-09-09 17:25:08: Valid endpoint found: 188.166.147.244:80:tcp-client
2021-09-09 17:25:08: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2021-09-09 17:25:08: TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:56093
2021-09-09 17:25:08: Attempting to establish TCP connection with [AF_INET]127.0.0.1:56093 [nonblock]
2021-09-09 17:25:09: TCP connection established with [AF_INET]127.0.0.1:56093
2021-09-09 17:25:21: TCP_CLIENT link local: (not bound)
2021-09-09 17:25:21: TCP_CLIENT link remote: [AF_INET]127.0.0.1:56093
2021-09-09 17:25:21: Connection reset, restarting [0]
2021-09-09 17:25:21: SIGUSR1[soft,connection-reset] received, process restarting
2021-09-09 17:25:21: Valid endpoint found: 188.166.147.244:80:tcp-client
2021-09-09 17:25:21: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2021-09-09 17:25:21: TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:56093
2021-09-09 17:25:21: Attempting to establish TCP connection with [AF_INET]127.0.0.1:56093 [nonblock]
2021-09-09 17:25:22: TCP connection established with [AF_INET]127.0.0.1:56093
2021-09-09 17:25:33: TCP_CLIENT link local: (not bound)
2021-09-09 17:25:33: TCP_CLIENT link remote: [AF_INET]127.0.0.1:56093
2021-09-09 17:25:33: Connection reset, restarting [0]
2021-09-09 17:25:33: SIGUSR1[soft,connection-reset] received, process restarting
2021-09-09 17:25:33: Valid endpoint found: 188.166.147.244:80:tcp-client
2021-09-09 17:25:33: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2021-09-09 17:25:33: TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:56093
2021-09-09 17:25:33: Attempting to establish TCP connection with [AF_INET]127.0.0.1:56093 [nonblock]
2021-09-09 17:25:34: TCP connection established with [AF_INET]127.0.0.1:56093
2021-09-09 17:25:34: TCP_CLIENT link local: (not bound)
2021-09-09 17:25:34: TCP_CLIENT link remote: [AF_INET]127.0.0.1:56093
2021-09-09 17:25:34: Connection reset, restarting [0]
2021-09-09 17:25:34: SIGUSR1[soft,connection-reset] received, process restarting
2021-09-09 17:25:35: Valid endpoint found: 188.166.147.244:80:tcp-client
2021-09-09 17:25:35: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2021-09-09 17:25:35: TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:56093
2021-09-09 17:25:35: Attempting to establish TCP connection with [AF_INET]127.0.0.1:56093 [nonblock]
2021-09-09 17:25:36: TCP connection established with [AF_INET]127.0.0.1:56093
2021-09-09 17:25:47: TCP_CLIENT link local: (not bound)
2021-09-09 17:25:47: TCP_CLIENT link remote: [AF_INET]127.0.0.1:56093
2021-09-09 17:25:47: Connection reset, restarting [0]
2021-09-09 17:25:47: SIGUSR1[soft,connection-reset] received, process restarting
2021-09-09 17:25:47: Valid endpoint found: 188.166.147.244:80:tcp-client
2021-09-09 17:25:47: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2021-09-09 17:25:47: TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:56093
2021-09-09 17:25:47: Attempting to establish TCP connection with [AF_INET]127.0.0.1:56093 [nonblock]
2021-09-09 17:25:48: TCP connection established with [AF_INET]127.0.0.1:56093
2021-09-09 17:25:55: TCP_CLIENT link local: (not bound)
2021-09-09 17:25:55: TCP_CLIENT link remote: [AF_INET]127.0.0.1:56093
2021-09-09 17:25:55: Connection reset, restarting [0]
2021-09-09 17:25:55: SIGUSR1[soft,connection-reset] received, process restarting
2021-09-09 17:25:55: Valid endpoint found: 188.166.147.244:80:tcp-client
2021-09-09 17:25:55: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2021-09-09 17:25:55: TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:56093
2021-09-09 17:25:55: Attempting to establish TCP connection with [AF_INET]127.0.0.1:56093 [nonblock]
2021-09-09 17:25:56: TCP connection established with [AF_INET]127.0.0.1:56093
2021-09-09 17:26:05: TCP_CLIENT link local: (not bound)
2021-09-09 17:26:05: TCP_CLIENT link remote: [AF_INET]127.0.0.1:56093
2021-09-09 17:26:05: Connection reset, restarting [0]
2021-09-09 17:26:05: SIGUSR1[soft,connection-reset] received, process restarting
2021-09-09 17:26:05: Valid endpoint found: 188.166.147.244:80:tcp-client
2021-09-09 17:26:05: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2021-09-09 17:26:05: TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:56093
2021-09-09 17:26:05: Attempting to establish TCP connection with [AF_INET]127.0.0.1:56093 [nonblock]
2021-09-09 17:26:06: TCP connection established with [AF_INET]127.0.0.1:56093
2021-09-09 17:26:08: TCP_CLIENT link local: (not bound)
2021-09-09 17:26:08: TCP_CLIENT link remote: [AF_INET]127.0.0.1:56093
2021-09-09 17:26:08: Connection reset, restarting [0]
2021-09-09 17:26:08: SIGUSR1[soft,connection-reset] received, process restarting
2021-09-09 17:26:08: Valid endpoint found: 188.166.147.244:80:tcp-client
2021-09-09 17:26:08: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2021-09-09 17:26:08: TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:56093
2021-09-09 17:26:08: Attempting to establish TCP connection with [AF_INET]127.0.0.1:56093 [nonblock]
2021-09-09 17:26:09: TCP connection established with [AF_INET]127.0.0.1:56093
2021-09-09 17:26:16: TCP_CLIENT link local: (not bound)
2021-09-09 17:26:16: TCP_CLIENT link remote: [AF_INET]127.0.0.1:56093
2021-09-09 17:26:16: Connection reset, restarting [-1]
2021-09-09 17:26:16: SIGUSR1[soft,connection-reset] received, process restarting
2021-09-09 17:26:16: Valid endpoint found: 188.166.147.244:80:tcp-client
2021-09-09 17:26:16: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2021-09-09 17:26:16: TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:56093
2021-09-09 17:26:16: Attempting to establish TCP connection with [AF_INET]127.0.0.1:56093 [nonblock]
2021-09-09 17:26:17: TCP connection established with [AF_INET]127.0.0.1:56093
2021-09-09 17:26:20: State changed to Disconnecting (Manual)
2021-09-09 17:26:20: SIGTERM[hard,init_instance] received, process exiting
2021-09-09 17:26:20: State changed to Disconnected (Process Terminated)
In addition, I have included the logs for OpenVPN and Obfsproxy (though they don't seem to be very useful):

Obfsproxy:
Code: Select all
Sep 09 12:47:44 obfuscator systemd[1]: Started obfs4proxy Server.
Sep 09 12:47:44 obfuscator obfs4proxy[7216]: VERSION 1
Sep 09 12:47:44 obfuscator obfs4proxy[7216]: SMETHOD obfs4 [::]:80 ARGS:cert=bj/
Sep 09 12:47:44 obfuscator obfs4proxy[7216]: SMETHODS DONE
OpenVPN:
Code: Select all
Sep 09 12:42:05 obfuscator systemd[1]: Starting OpenVPN connection to server...
Sep 09 12:42:05 obfuscator ovpn-server[7145]: WARNING: --topology net30 support
Sep 09 12:42:05 obfuscator ovpn-server[7145]: --cipher is not set. Previous Open
Sep 09 12:42:05 obfuscator ovpn-server[7145]: WARNING: file 'server.key' is grou
Sep 09 12:42:05 obfuscator ovpn-server[7145]: OpenVPN 2.5.3 x86_64-pc-linux-gnu
Sep 09 12:42:05 obfuscator ovpn-server[7145]: library versions: OpenSSL 1.1.1d
Sep 09 12:42:05 obfuscator systemd[1]: Started OpenVPN connection to server.
Sep 09 12:42:05 obfuscator ovpn-server[7145]: Diffie-Hellman initialized with 20
Sep 09 12:42:05 obfuscator ovpn-server[7145]: ROUTE_GATEWAY 188.166.144.1/255.25
Sep 09 12:42:05 obfuscator ovpn-server[7145]: TUN/TAP device tun0 opened
Sep 09 12:42:05 obfuscator ovpn-server[7145]: /sbin/ip link set dev tun0 up mtu
Sep 09 12:42:05 obfuscator ovpn-server[7145]: /sbin/ip link set dev tun0 up
Sep 09 12:42:05 obfuscator ovpn-server[7145]: /sbin/ip addr add dev tun0 local 1
Sep 09 12:42:05 obfuscator ovpn-server[7145]: /sbin/ip route add 10.8.0.0/24 via
Sep 09 12:42:05 obfuscator ovpn-server[7145]: Could not determine IPv4/IPv6 prot
Sep 09 12:42:05 obfuscator ovpn-server[7145]: Socket Buffers: R=[131072->131072]
Sep 09 12:42:05 obfuscator ovpn-server[7145]: Listening for incoming TCP connect
Sep 09 12:42:05 obfuscator ovpn-server[7145]: TCPv4_SERVER link local (bound): [
Sep 09 12:42:05 obfuscator ovpn-server[7145]: TCPv4_SERVER link remote: [AF_UNSP
Sep 09 12:42:05 obfuscator ovpn-server[7145]: GID set to nogroup
Sep 09 12:42:05 obfuscator ovpn-server[7145]: UID set to nobody
Sep 09 12:42:05 obfuscator ovpn-server[7145]: MULTI: multi_init called, r=256 v=
Sep 09 12:42:05 obfuscator ovpn-server[7145]: IFCONFIG POOL IPv4: base=10.8.0.4
Could anyone help me resolve this issue? Thanks.

marwan

Posts: 3
Joined: Thu Sep 09, 2021 11:59 pm

Post by marwan » Fri Sep 10, 2021 12:54 am
I've increased the verbosity to 2. Here are the new logs:
Code: Select all
2021-09-09 18:53:20: TCP connection established with [AF_INET]127.0.0.1:57600
2021-09-09 18:53:20: TCP_CLIENT link local: (not bound)
2021-09-09 18:53:20: TCP_CLIENT link remote: [AF_INET]127.0.0.1:57600
2021-09-09 18:53:20: Connection reset, restarting [0]
2021-09-09 18:53:20: SIGUSR1[soft,connection-reset] received, process restarting
2021-09-09 18:53:20: Valid endpoint found: 188.166.147.244:80:tcp-client
2021-09-09 18:53:20: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2021-09-09 18:53:20: TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:57600
2021-09-09 18:53:20: Attempting to establish TCP connection with [AF_INET]127.0.0.1:57600 [nonblock]
2021-09-09 18:53:21: TCP connection established with [AF_INET]127.0.0.1:57600
2021-09-09 18:53:22: TCP_CLIENT link local: (not bound)
2021-09-09 18:53:22: TCP_CLIENT link remote: [AF_INET]127.0.0.1:57600
2021-09-09 18:53:22: Connection reset, restarting [0]
2021-09-09 18:53:22: SIGUSR1[soft,connection-reset] received, process restarting
2021-09-09 18:53:22: Valid endpoint found: 188.166.147.244:80:tcp-client
2021-09-09 18:53:22: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2021-09-09 18:53:22: TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:57600
2021-09-09 18:53:22: Attempting to establish TCP connection with [AF_INET]127.0.0.1:57600 [nonblock]
2021-09-09 18:53:23: TCP connection established with [AF_INET]127.0.0.1:57600
2021-09-09 18:53:23: TCP_CLIENT link local: (not bound)
2021-09-09 18:53:23: TCP_CLIENT link remote: [AF_INET]127.0.0.1:57600
2021-09-09 18:53:23: Connection reset, restarting [0]
2021-09-09 18:53:23: SIGUSR1[soft,connection-reset] received, process restarting
2021-09-09 18:53:23: Valid endpoint found: 188.166.147.244:80:tcp-client
2021-09-09 18:53:23: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2021-09-09 18:53:23: TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:57600
2021-09-09 18:53:23: Attempting to establish TCP connection with [AF_INET]127.0.0.1:57600 [nonblock]
2021-09-09 18:53:24: TCP connection established with [AF_INET]127.0.0.1:57600

James

User avatar
Posts: 2312
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Fri Sep 10, 2021 7:25 pm
Hi marwan,

The relevant log lines are:
Code: Select all
2021-09-09 17:25:09: TCP connection established with [AF_INET]127.0.0.1:56093
2021-09-09 17:25:21: TCP_CLIENT link local: (not bound)
2021-09-09 17:25:21: TCP_CLIENT link remote: [AF_INET]127.0.0.1:56093
2021-09-09 17:25:21: Connection reset, restarting [0]

Basically what this means is that the OpenVPN client instance is connecting to the obfsproxy instance, however there is no traffic passing through the obfsproxy tunnel, and so the attempt times out. This means that your obfsproxy tunnel isn't working. In most instances it means it can't connect, although it could also mean that it's connecting but not working server-side (i.e. it isn't able to pass traffic due to a firewall rule on the obfsproxy server for example).

Make sure that if you're using a different port number (the guide uses port 443 for the OpenVPN server's port, while your setup appears to use port 80) that all instances are replaced when following the guide. And also make sure you've updated the port number in your connection to match the obfsproxy server port (which is 12345 in the guide). Your logs indicate this may have been mistakenly left as port 80.
https://www.sparklabs.com/support/kb/ar ... viscosity/

I'm afraid if you're still stuck to resolve the issue you will need to troubleshoot your obfsproxy setup. My recommendation is to start with a fresh server setup (such as a new VPS server instance) and follow the setup guide again.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

marwan

Posts: 3
Joined: Thu Sep 09, 2021 11:59 pm

Post by marwan » Tue Sep 14, 2021 2:34 am
Hello,

Thank you for the response.

I'm trying to get around a very restrictive MAN firewall which blocks VPNs, many websites, and all outbound ports except 80 and 443 over TCP. For this reason, I set the Obfsproxy port to 80. It even mentioned in the guide that we may do so if they are the only ports open:
However, you might wish to change this to port 443 or 80 if you are going to use obfsproxy in places that block all other ports.
Unfortunately, I haven't had any luck getting around the firewall. Commercial VPNs like ExpressVPN and VyprVPN were completely useless, as they were not over port 80 or 443 over TCP and did not seem to obfuscate well enough. I needed a reliable VPN that obfuscates traffic well and works over port 80 or 443 over TCP. I tried several self-hosted options, all of which did not work for me.

I tried using the Scramblesuit method, and Viscosity authenticated and connected, however, I wasn't able to connect to any websites, and the connection often drops. Here are the logs:
Code: Select all
2021-09-13 13:43:35: Viscosity Mac 1.9.4 (1578)
2021-09-13 13:43:35: Viscosity OpenVPN Engine Started
2021-09-13 13:43:35: Running on macOS 11.5.2
2021-09-13 13:43:35: ---------
2021-09-13 13:43:35: State changed to Connecting
2021-09-13 13:43:35: Checking reachability status of connection...
2021-09-13 13:43:35: Connection is reachable. Starting connection attempt.
2021-09-13 13:43:35: OpenVPN 2.4.11 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Aug 26 2021
2021-09-13 13:43:35: library versions: OpenSSL 1.1.1l  24 Aug 2021, LZO 2.10
2021-09-13 13:43:35: Valid endpoint found: 64.227.108.68:443:tcp-client
2021-09-13 13:43:35: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2021-09-13 13:43:35: TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:64391
2021-09-13 13:43:35: Attempting to establish TCP connection with [AF_INET]127.0.0.1:64391 [nonblock]
2021-09-13 13:43:36: TCP connection established with [AF_INET]127.0.0.1:64391
2021-09-13 13:43:37: TCP_CLIENT link local: (not bound)
2021-09-13 13:43:37: TCP_CLIENT link remote: [AF_INET]127.0.0.1:64391
2021-09-13 13:43:37: State changed to Authenticating
2021-09-13 13:43:38: WARNING: 'cipher' is present in local config but missing in remote config, local='cipher BF-CBC'
2021-09-13 13:43:38: [server] Peer Connection Initiated with [AF_INET]127.0.0.1:64391
2021-09-13 13:43:38: Opened utun device utun10
2021-09-13 13:43:38: /sbin/ifconfig utun10 delete
2021-09-13 13:43:38: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2021-09-13 13:43:38: /sbin/ifconfig utun10 10.8.0.6 10.8.0.5 mtu 1500 netmask 255.255.255.255 up
2021-09-13 13:43:38: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2021-09-13 13:43:38: Initialization Sequence Completed
2021-09-13 13:43:38: DNS mode set to Full
2021-09-13 13:43:38: DNS Server/s: 8.8.8.8, 8.8.4.4
2021-09-13 13:43:39: State changed to Connected
2021-09-13 13:43:57: Connection reset, restarting [-1]
2021-09-13 13:43:57: SIGUSR1[soft,connection-reset] received, process restarting
2021-09-13 13:43:57: Viscosity Mac 1.9.4 (1578)
2021-09-13 13:43:57: Viscosity OpenVPN Engine Started
2021-09-13 13:43:57: Running on macOS 11.5.2
2021-09-13 13:43:57: ---------
2021-09-13 13:43:57: State changed to Connecting
2021-09-13 13:43:57: Valid existing endpoint found... 64.227.108.68:443:tcp-client
2021-09-13 13:43:57: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2021-09-13 13:43:57: TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:64391
2021-09-13 13:43:57: Attempting to establish TCP connection with [AF_INET]127.0.0.1:64391 [nonblock]
2021-09-13 13:43:58: TCP connection established with [AF_INET]127.0.0.1:64391
2021-09-13 13:43:58: TCP_CLIENT link local: (not bound)
2021-09-13 13:43:58: TCP_CLIENT link remote: [AF_INET]127.0.0.1:64391
2021-09-13 13:43:59: State changed to Authenticating
2021-09-13 13:43:59: WARNING: 'cipher' is present in local config but missing in remote config, local='cipher BF-CBC'
2021-09-13 13:43:59: [server] Peer Connection Initiated with [AF_INET]127.0.0.1:64391
2021-09-13 13:44:00: Preserving previous TUN/TAP instance: utun10
2021-09-13 13:44:00: Initialization Sequence Completed
2021-09-13 13:44:00: DNS mode set to Full
2021-09-13 13:44:00: DNS Server/s: 8.8.8.8, 8.8.4.4
2021-09-13 13:44:00: State changed to Connected
2021-09-13 13:44:18: Connection reset, restarting [-1]
2021-09-13 13:44:18: SIGUSR1[soft,connection-reset] received, process restarting
2021-09-13 13:44:18: Viscosity Mac 1.9.4 (1578)
2021-09-13 13:44:18: Viscosity OpenVPN Engine Started
2021-09-13 13:44:18: Running on macOS 11.5.2
2021-09-13 13:44:18: ---------
2021-09-13 13:44:18: State changed to Connecting
2021-09-13 13:44:18: Valid existing endpoint found... 64.227.108.68:443:tcp-client
2021-09-13 13:44:18: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2021-09-13 13:44:18: TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:64391
2021-09-13 13:44:18: Attempting to establish TCP connection with [AF_INET]127.0.0.1:64391 [nonblock]
2021-09-13 13:44:19: TCP connection established with [AF_INET]127.0.0.1:64391
2021-09-13 13:44:19: TCP_CLIENT link local: (not bound)
2021-09-13 13:44:19: TCP_CLIENT link remote: [AF_INET]127.0.0.1:64391
2021-09-13 13:44:20: State changed to Authenticating
2021-09-13 13:44:20: WARNING: 'cipher' is present in local config but missing in remote config, local='cipher BF-CBC'
2021-09-13 13:44:20: [server] Peer Connection Initiated with [AF_INET]127.0.0.1:64391
2021-09-13 13:44:21: Preserving previous TUN/TAP instance: utun10
2021-09-13 13:44:21: Initialization Sequence Completed
2021-09-13 13:44:21: DNS mode set to Full
2021-09-13 13:44:21: DNS Server/s: 8.8.8.8, 8.8.4.4
2021-09-13 13:44:21: State changed to Connected
2021-09-13 13:44:39: Connection reset, restarting [-1]
2021-09-13 13:44:39: SIGUSR1[soft,connection-reset] received, process restarting
2021-09-13 13:44:39: Viscosity Mac 1.9.4 (1578)
2021-09-13 13:44:39: Viscosity OpenVPN Engine Started
2021-09-13 13:44:39: Running on macOS 11.5.2
2021-09-13 13:44:39: ---------
2021-09-13 13:44:39: State changed to Connecting
2021-09-13 13:44:39: Valid existing endpoint found... 64.227.108.68:443:tcp-client
2021-09-13 13:44:39: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2021-09-13 13:44:39: TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:64391
2021-09-13 13:44:39: Attempting to establish TCP connection with [AF_INET]127.0.0.1:64391 [nonblock]
2021-09-13 13:44:40: TCP connection established with [AF_INET]127.0.0.1:64391
2021-09-13 13:44:40: TCP_CLIENT link local: (not bound)
2021-09-13 13:44:40: TCP_CLIENT link remote: [AF_INET]127.0.0.1:64391
2021-09-13 13:44:41: State changed to Authenticating
2021-09-13 13:44:42: WARNING: 'cipher' is present in local config but missing in remote config, local='cipher BF-CBC'
2021-09-13 13:44:42: [server] Peer Connection Initiated with [AF_INET]127.0.0.1:64391
2021-09-13 13:44:42: Preserving previous TUN/TAP instance: utun10
2021-09-13 13:44:42: Initialization Sequence Completed
2021-09-13 13:44:42: DNS mode set to Full
2021-09-13 13:44:42: DNS Server/s: 8.8.8.8, 8.8.4.4
2021-09-13 13:44:42: State changed to Connected
2021-09-13 13:45:00: Connection reset, restarting [-1]
2021-09-13 13:45:00: SIGUSR1[soft,connection-reset] received, process restarting
2021-09-13 13:45:00: Viscosity Mac 1.9.4 (1578)
2021-09-13 13:45:00: Viscosity OpenVPN Engine Started
2021-09-13 13:45:00: Running on macOS 11.5.2
2021-09-13 13:45:00: ---------
2021-09-13 13:45:00: State changed to Connecting
2021-09-13 13:45:00: Valid existing endpoint found... 64.227.108.68:443:tcp-client
2021-09-13 13:45:00: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2021-09-13 13:45:00: TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:64391
2021-09-13 13:45:00: Attempting to establish TCP connection with [AF_INET]127.0.0.1:64391 [nonblock]
2021-09-13 13:45:01: TCP connection established with [AF_INET]127.0.0.1:64391
2021-09-13 13:45:01: TCP_CLIENT link local: (not bound)
2021-09-13 13:45:01: TCP_CLIENT link remote: [AF_INET]127.0.0.1:64391
2021-09-13 13:45:02: State changed to Authenticating
2021-09-13 13:45:03: WARNING: 'cipher' is present in local config but missing in remote config, local='cipher BF-CBC'
2021-09-13 13:45:03: [server] Peer Connection Initiated with [AF_INET]127.0.0.1:64391
2021-09-13 13:45:03: Preserving previous TUN/TAP instance: utun10
2021-09-13 13:45:03: Initialization Sequence Completed
2021-09-13 13:45:03: DNS mode set to Full
2021-09-13 13:45:03: DNS Server/s: 8.8.8.8, 8.8.4.4
2021-09-13 13:45:03: State changed to Connected
2021-09-13 13:45:21: Connection reset, restarting [-1]
2021-09-13 13:45:21: SIGUSR1[soft,connection-reset] received, process restarting
2021-09-13 13:45:21: Viscosity Mac 1.9.4 (1578)
2021-09-13 13:45:21: Viscosity OpenVPN Engine Started
2021-09-13 13:45:21: Running on macOS 11.5.2
2021-09-13 13:45:21: ---------
2021-09-13 13:45:21: State changed to Connecting
2021-09-13 13:45:22: Valid existing endpoint found... 64.227.108.68:443:tcp-client
2021-09-13 13:45:22: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2021-09-13 13:45:22: TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:64391
2021-09-13 13:45:22: Attempting to establish TCP connection with [AF_INET]127.0.0.1:64391 [nonblock]
2021-09-13 13:45:23: TCP connection established with [AF_INET]127.0.0.1:64391
2021-09-13 13:45:23: TCP_CLIENT link local: (not bound)
2021-09-13 13:45:23: TCP_CLIENT link remote: [AF_INET]127.0.0.1:64391
2021-09-13 13:45:23: State changed to Authenticating
2021-09-13 13:45:24: WARNING: 'cipher' is present in local config but missing in remote config, local='cipher BF-CBC'
2021-09-13 13:45:24: [server] Peer Connection Initiated with [AF_INET]127.0.0.1:64391
2021-09-13 13:45:25: Preserving previous TUN/TAP instance: utun10
2021-09-13 13:45:25: Initialization Sequence Completed
2021-09-13 13:45:25: DNS mode set to Full
2021-09-13 13:45:25: DNS Server/s: 8.8.8.8, 8.8.4.4
2021-09-13 13:45:25: State changed to Connected
2021-09-13 13:45:31: State changed to Disconnecting (Manual)
2021-09-13 13:45:31: SIGTERM[hard,] received, process exiting
2021-09-13 13:45:31: State changed to Disconnected (Process Terminated)
2021-09-13 13:48:16: Viscosity Mac 1.9.4 (1578)
2021-09-13 13:48:16: Viscosity OpenVPN Engine Started
2021-09-13 13:48:16: Running on macOS 11.5.2
2021-09-13 13:48:16: ---------
2021-09-13 13:48:16: State changed to Connecting
2021-09-13 13:48:16: Checking reachability status of connection...
2021-09-13 13:48:16: Connection is reachable. Starting connection attempt.
2021-09-13 13:48:16: OpenVPN 2.4.11 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Aug 26 2021
2021-09-13 13:48:16: library versions: OpenSSL 1.1.1l  24 Aug 2021, LZO 2.10
2021-09-13 13:48:16: Valid endpoint found: 64.227.108.68:443:tcp-client
2021-09-13 13:48:16: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2021-09-13 13:48:16: TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:64522
2021-09-13 13:48:16: Attempting to establish TCP connection with [AF_INET]127.0.0.1:64522 [nonblock]
2021-09-13 13:48:17: TCP connection established with [AF_INET]127.0.0.1:64522
2021-09-13 13:48:17: TCP_CLIENT link local: (not bound)
2021-09-13 13:48:17: TCP_CLIENT link remote: [AF_INET]127.0.0.1:64522
2021-09-13 13:48:18: State changed to Authenticating
2021-09-13 13:48:18: VERIFY OK: depth=1, CN=64.227.108.68
2021-09-13 13:48:18: VERIFY OK: depth=0, CN=server
2021-09-13 13:48:19: WARNING: 'cipher' is present in local config but missing in remote config, local='cipher BF-CBC'
2021-09-13 13:48:19: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
2021-09-13 13:48:19: [server] Peer Connection Initiated with [AF_INET]127.0.0.1:64522
2021-09-13 13:48:19: Data Channel: using negotiated cipher 'AES-256-GCM'
2021-09-13 13:48:19: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-09-13 13:48:19: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-09-13 13:48:19: Opened utun device utun10
2021-09-13 13:48:19: /sbin/ifconfig utun10 delete
2021-09-13 13:48:19: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2021-09-13 13:48:19: /sbin/ifconfig utun10 10.8.0.6 10.8.0.5 mtu 1500 netmask 255.255.255.255 up
2021-09-13 13:48:19: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2021-09-13 13:48:19: Initialization Sequence Completed
2021-09-13 13:48:19: DNS mode set to Full
2021-09-13 13:48:19: DNS Server/s: 8.8.8.8, 8.8.4.4
2021-09-13 13:48:19: State changed to Connected
2021-09-13 13:48:37: Connection reset, restarting [-1]
2021-09-13 13:48:37: SIGUSR1[soft,connection-reset] received, process restarting
2021-09-13 13:48:37: Viscosity Mac 1.9.4 (1578)
2021-09-13 13:48:37: Viscosity OpenVPN Engine Started
2021-09-13 13:48:37: Running on macOS 11.5.2
2021-09-13 13:48:37: ---------
2021-09-13 13:48:37: State changed to Connecting
2021-09-13 13:48:37: Valid existing endpoint found... 64.227.108.68:443:tcp-client
2021-09-13 13:48:37: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2021-09-13 13:48:37: TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:64522
2021-09-13 13:48:37: Attempting to establish TCP connection with [AF_INET]127.0.0.1:64522 [nonblock]
2021-09-13 13:48:38: TCP connection established with [AF_INET]127.0.0.1:64522
2021-09-13 13:48:38: TCP_CLIENT link local: (not bound)
2021-09-13 13:48:38: TCP_CLIENT link remote: [AF_INET]127.0.0.1:64522
2021-09-13 13:48:39: State changed to Authenticating
2021-09-13 13:48:40: VERIFY OK: depth=1, CN=64.227.108.68
2021-09-13 13:48:40: VERIFY OK: depth=0, CN=server
2021-09-13 13:48:40: WARNING: 'cipher' is present in local config but missing in remote config, local='cipher BF-CBC'
2021-09-13 13:48:40: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
2021-09-13 13:48:40: [server] Peer Connection Initiated with [AF_INET]127.0.0.1:64522
2021-09-13 13:48:40: Data Channel: using negotiated cipher 'AES-256-GCM'
2021-09-13 13:48:40: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-09-13 13:48:40: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-09-13 13:48:40: Preserving previous TUN/TAP instance: utun10
2021-09-13 13:48:40: Initialization Sequence Completed
2021-09-13 13:48:40: DNS mode set to Full
2021-09-13 13:48:40: DNS Server/s: 8.8.8.8, 8.8.4.4
2021-09-13 13:48:40: State changed to Connected
2021-09-13 13:48:47: State changed to Disconnecting (Manual)
2021-09-13 13:48:47: Closing TUN/TAP interface
2021-09-13 13:48:47: SIGTERM[hard,] received, process exiting
2021-09-13 13:48:47: State changed to Disconnected (Process Terminated)
2021-09-13 14:21:54: Viscosity Mac 1.9.4 (1578)
2021-09-13 14:21:54: Viscosity OpenVPN Engine Started
2021-09-13 14:21:54: Running on macOS 11.5.2
2021-09-13 14:21:54: ---------
2021-09-13 14:21:54: State changed to Connecting
2021-09-13 14:21:54: Checking reachability status of connection...
2021-09-13 14:21:54: Connection is reachable. Starting connection attempt.
2021-09-13 14:21:55: OpenVPN 2.4.11 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Aug 26 2021
2021-09-13 14:21:55: library versions: OpenSSL 1.1.1l  24 Aug 2021, LZO 2.10
2021-09-13 14:21:55: Valid endpoint found: 64.227.108.68:443:tcp-client
2021-09-13 14:21:55: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2021-09-13 14:21:55: TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:49322
2021-09-13 14:21:55: Attempting to establish TCP connection with [AF_INET]127.0.0.1:49322 [nonblock]
2021-09-13 14:21:55: TCP: connect to [AF_INET]127.0.0.1:49322 failed: Connection refused
2021-09-13 14:21:55: SIGUSR1[connection failed(soft),init_instance] received, process restarting
2021-09-13 14:21:55: Valid endpoint found: 64.227.108.68:443:tcp-client
2021-09-13 14:21:55: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2021-09-13 14:21:55: TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:49322
2021-09-13 14:21:55: Attempting to establish TCP connection with [AF_INET]127.0.0.1:49322 [nonblock]
2021-09-13 14:21:55: TCP connection established with [AF_INET]127.0.0.1:49322
2021-09-13 14:21:55: TCP_CLIENT link local: (not bound)
2021-09-13 14:21:55: TCP_CLIENT link remote: [AF_INET]127.0.0.1:49322
2021-09-13 14:21:56: State changed to Authenticating
2021-09-13 14:21:56: VERIFY OK: depth=1, CN=64.227.108.68
2021-09-13 14:21:56: VERIFY OK: depth=0, CN=server
2021-09-13 14:21:57: WARNING: 'cipher' is present in local config but missing in remote config, local='cipher BF-CBC'
2021-09-13 14:21:57: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
2021-09-13 14:21:57: [server] Peer Connection Initiated with [AF_INET]127.0.0.1:49322
2021-09-13 14:21:57: Data Channel: using negotiated cipher 'AES-256-GCM'
2021-09-13 14:21:57: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-09-13 14:21:57: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-09-13 14:21:57: Opened utun device utun10
2021-09-13 14:21:57: /sbin/ifconfig utun10 delete
2021-09-13 14:21:57: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2021-09-13 14:21:57: /sbin/ifconfig utun10 10.8.0.6 10.8.0.5 mtu 1500 netmask 255.255.255.255 up
2021-09-13 14:21:57: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2021-09-13 14:21:57: Initialization Sequence Completed
2021-09-13 14:21:57: DNS mode set to Full
2021-09-13 14:21:57: DNS Server/s: 8.8.8.8, 8.8.4.4
2021-09-13 14:21:58: State changed to Connected
2021-09-13 14:22:49: Connection reset, restarting [-1]
2021-09-13 14:22:49: SIGUSR1[soft,connection-reset] received, process restarting
2021-09-13 14:22:49: Viscosity Mac 1.9.4 (1578)
2021-09-13 14:22:49: Viscosity OpenVPN Engine Started
2021-09-13 14:22:49: Running on macOS 11.5.2
2021-09-13 14:22:49: ---------
2021-09-13 14:22:49: State changed to Connecting
2021-09-13 14:22:50: Valid existing endpoint found... 64.227.108.68:443:tcp-client
2021-09-13 14:22:50: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2021-09-13 14:22:50: TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:49322
2021-09-13 14:22:50: Attempting to establish TCP connection with [AF_INET]127.0.0.1:49322 [nonblock]
2021-09-13 14:22:51: TCP connection established with [AF_INET]127.0.0.1:49322
Please advise. Thanks.

James

User avatar
Posts: 2312
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Tue Sep 14, 2021 1:45 pm
Hi marwan,

I'm afraid this is falling outside the realm of Viscosity, so there isn't much in the way on concrete advice or recommendations we can give you. Your log indicates that a drop is occurring because the obfsproxy tunnel is shut down, which typically means the underlying obfsproxy has dropped and so it has shut down.

If your connection otherwise works fine without obfsproxy, but not with obfsproxy, then I'd speculate you're running into a MTU issue (as the VPN connection appears to be establishing fine). The network you're connecting from may be using a lower MTU, doesn't support fragmentation, or the firewall could be breaking PMTUD. Basically what this means is that packets over a certain size are getting dropped. You can find a bit of a discussion here:
https://gitlab.tails.boum.org/tails/tails/-/issues/9268

To resolve this you could try lowering the MTU value on the network interface on your computer (which will result in obfsproxy sending smaller packets) and/or the MTU value on your obfsproxy server (which will result in it sending smaller packets back to your client). Changing the MTU value of the VPN connection itself will unlikely help, as obfsproxy sends VPN packets as a stream.

It's also possible obfuscated VPN data packets are getting blocked by a firewall doing extreme DPI. I've never heard of this happening (besides in a couple of countries with heavy censorship attempting to block access to commercial VPN Service Providers), but it's another possibility. Generally simply using a TCP VPN setup on port 443 is enough to get through most firewalls and proxies, even those doing basic DPI.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
5 posts Page 1 of 1