macOS 11.6 change to viscosity keepalive

Got a problem with Viscosity or need help? Ask here!

matt-stuart

Posts: 2
Joined: Sat Dec 19, 2020 4:19 am

Post by matt-stuart » Wed Sep 29, 2021 2:47 pm
Viscosity Version: Viscosity 1.10b4 (1580)
macOs Version: 11.6
Reinstalled app and all helpers to continue testing.

Connecting to a Pritunl OVPN server, worked perfectly before on previous 11.5.x versions of macOS. Now when the ping-restart time is hit with keep alives enabled the client disconnects and I have to reconnect (which in my case means redoing my 2FA) and that can get a little frustrating every 60 seconds. There's no traffic moving over the VPN link during that time but that is how it was prior to 11.6 and these issues. The server is unchanged between versions and Viscosity running on another 11.5.x machine does not exhibit this issue.

Client config:
Code: Select all
#-- Configuration Generated By Viscosity --#

#viscosity startonopen false
#viscosity usepeerdns true
#viscosity dns automatic
#viscosity dnsdomain internal.domain.org
#viscosity dnsdomain internal.domain.dev
#viscosity protocol openvpn
#viscosity autoreconnect true
#viscosity dnsserver 172.25.0.2
#viscosity name RSR
#viscosity dhcp true
route-gateway dhcp
remote X.X.X.X 15427 udp
max-routes 1000
nobind 
dev tun
inactive 0
ping 10
ping-restart 3600
persist-tun 
compress 
pull 
tls-client 
ca ca.crt
cert cert.crt
key key.key
remote-cert-tls server
tls-auth ta.key 1
route-delay auto
reneg-sec 2592000
hand-window 70
setenv UV_ID 47032e2fbb93436d8e9939556a7d5182
setenv UV_NAME autumn-plateau-8482
rcvbuf 393216
server-poll-timeout 4
auth SHA1
push-peer-info 
cipher AES-128-CBC
comp-lzo no
sndbuf 393216
mute 3
Snippet from log, note after poking at it I got it to 10 minutes but it's still frustrating.
Code: Select all
2021-09-28 22:36:10: State changed to Connected
2021-09-28 22:46:24: [60767cad082f2bfc992594d0] Inactivity timeout (--ping-restart), restarting
2021-09-28 22:46:24: SIGUSR1[soft,ping-restart] received, process restarting
2021-09-28 22:46:24: Viscosity Mac 1.10b4 (1580)

matt-stuart

Posts: 2
Joined: Sat Dec 19, 2020 4:19 am

Post by matt-stuart » Wed Sep 29, 2021 3:17 pm
Update: Appears this issue isn't limited to viscosity but almost every VPN tool I have. I've tried Shimo, the Pritunl client, Barracuda VPN, everything. They all exhibit the same behaviour, after some timeout they all disconnect. It's like macOS refuses to send a packet to keep the connection alive or some other similar problem.

James

User avatar
Posts: 2312
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Wed Sep 29, 2021 9:29 pm
Hi matt-stuart,

This is unlikely to be related to macOS 11.6, unless you have some out of date firewall or network security software misbehaving with the update.

More likely this is a misconfiguration between the OpenVPN server and client. Either no traffic is passing at all (possibility a compression setting mismatch), or there is a mismatch between the ping/ping-restart values on the server and the client.

I recommend running through each of the points listed at:
https://www.sparklabs.com/support/kb/ar ... g-restart/
The server is unchanged between versions and Viscosity running on another 11.5.x machine does not exhibit this issue.
Make sure that the server isn't limiting you to a single connection at a time. By default an OpenVPN server only allows a single connection at a time per certificate. This is discussed further in the above article.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
3 posts Page 1 of 1