Skip to content
After upgrade 1.3 Mac hangs after confirming reachability.
Got a problem with Viscosity or need help? Ask here!
- Posts: 14
- Joined: Sun May 22, 2011 9:41 pm
I have this problem on 3 machines at the moment. I'm concerned that there will be more once people come back from the holiday weekend.
On one of my personal machines, I have 2 VPNs configured. Our corporate VPN, and another one. The other one works fine. When I attempt to connect to the corporate VPN, it connects and then immediately disconnects. the log says
Tunnelblick continues to work fine, though returning to it means accepting the reliability issues that caused us to buy Viscosity in the first place.
I know I may be asking for too much here, but it would be really great to have a good solution for this before I have 50 users contacting me first thing tomorrow morning
Thanks
Matt
On one of my personal machines, I have 2 VPNs configured. Our corporate VPN, and another one. The other one works fine. When I attempt to connect to the corporate VPN, it connects and then immediately disconnects. the log says
WARNING: External program may not be called unless '--script-security 2' or higher is enabled. Use '--script-security 3 system' for backward compatibility with 2.1_rc8 and earlier.which is interesting, because it's the error message you get when you run OpenVPN on Vista or Win 7 without admin privileges. I've never seen this message on a Mac before, and never had to do anything with permissions beyond letting them get changed when the program is first run.
Tunnelblick continues to work fine, though returning to it means accepting the reliability issues that caused us to buy Viscosity in the first place.
I know I may be asking for too much here, but it would be really great to have a good solution for this before I have 50 users contacting me first thing tomorrow morning
Thanks
Matt
- Posts: 14
- Joined: Sun May 22, 2011 9:41 pm
Update -
So after uninstalling everything (using app cleaner) and installing version 1.2, everything is working again.
Not sure what changes I made trying to fix this may have caused. But a user machine that couldn't connect after installing 1.3 and had no other changes made to it went right on after going back to the older version.
So after uninstalling everything (using app cleaner) and installing version 1.2, everything is working again.
Not sure what changes I made trying to fix this may have caused. But a user machine that couldn't connect after installing 1.3 and had no other changes made to it went right on after going back to the older version.
James, hooray for weekends.
Today, Monday, 30 May, I was going to do the revert to version 1.2.3 .... and pulled up the log to answer your question about no additional messages.
And
it worked. I am connected. If I had not been trying this weekend, I probably never would have known about the problem. John (co-worker) says he had a situation with a dead socket that cleared up after multiple shutdown/reboots. Guess this was something similar.
Thanks for your help during the off hours.
Today, Monday, 30 May, I was going to do the revert to version 1.2.3 .... and pulled up the log to answer your question about no additional messages.
And
it worked. I am connected. If I had not been trying this weekend, I probably never would have known about the problem. John (co-worker) says he had a situation with a dead socket that cleared up after multiple shutdown/reboots. Guess this was something similar.
Thanks for your help during the off hours.
Hi Matt,
Can you post a full copy of the OpenVPN log (minus any sensitive addresses)?
The "script-security" message is normal. Version 1.2.3 and previous versions of Viscosity changed this value as it needed elevated permissions for its DNS support requests, however version 1.3 no longer needs to do this and uses the OpenVPN default value (1), which results in the warning.
Cheers,
James
Can you post a full copy of the OpenVPN log (minus any sensitive addresses)?
The "script-security" message is normal. Version 1.2.3 and previous versions of Viscosity changed this value as it needed elevated permissions for its DNS support requests, however version 1.3 no longer needs to do this and uses the OpenVPN default value (1), which results in the warning.
Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
Notice For Those With Problems
If you are just seeing the following two lines on the OpenVPN log, and nothing else, please try the steps below. We'd greatly appreciate your feedback.
2. Restart your computer. Please actually try this one.
3. Try installing the experimental build below and connecting with it. Again, we'd really appreciate your feedback here.
http://www.thesparklabs.com/downloads/b ... .3.1b1.zip
Just some extra notes about number 3: We think the problem might be related to a management interface bug in OpenVPN 2.2 itself. We saw this in the Windows version (and worked around it), but we have never seen it in the Mac version. Under the Windows version it would only occur on slower machines. This build includes the same workarounds - so while we can't test it (as neither we or our testers have experienced the problem) - we'd appreciate it if you could give it a try and see if it resolves the problem for you.
Cheers,
James
If you are just seeing the following two lines on the OpenVPN log, and nothing else, please try the steps below. We'd greatly appreciate your feedback.
"Checking reachability status of connection...1. Reinstall Viscosity by dragging the Viscosity application to the trash, and then downloading and installing version 1.3 again.
Connection is reachable. Starting connection attempt."
2. Restart your computer. Please actually try this one.
3. Try installing the experimental build below and connecting with it. Again, we'd really appreciate your feedback here.
http://www.thesparklabs.com/downloads/b ... .3.1b1.zip
Just some extra notes about number 3: We think the problem might be related to a management interface bug in OpenVPN 2.2 itself. We saw this in the Windows version (and worked around it), but we have never seen it in the Mac version. Under the Windows version it would only occur on slower machines. This build includes the same workarounds - so while we can't test it (as neither we or our testers have experienced the problem) - we'd appreciate it if you could give it a try and see if it resolves the problem for you.
Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
- Posts: 14
- Joined: Sun May 22, 2011 9:41 pm
Tried 1.3b - still no good.
Here is the log:
Checking reachability status of connection...
Connection is reachable. Starting connection attempt.
May 31 08:47:09: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
May 31 08:47:09: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
May 31 08:47:10: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
May 31 08:47:10: LZO compression initialized
May 31 08:47:10: Attempting to establish TCP connection with xxx.xxx.xxx.xxx:443 [nonblock]
May 31 08:47:14: TCP connection established with xxx.xxx.xxx.xxx:443
May 31 08:47:14: TCPv4_CLIENT link local: [undef]
May 31 08:47:14: TCPv4_CLIENT link remote: xxx.xxx.xxx.xxx:443
May 31 08:47:15: [openvpn] Peer Connection Initiated with xxx.xxx.xxx.xxx:443
May 31 08:47:17: TUN/TAP device /dev/tap0 opened
May 31 08:47:17: /sbin/ifconfig tap0 delete
May 31 08:47:17: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
May 31 08:47:17: /sbin/ifconfig tap0 xxx.xxx.xxx.xxx netmask 255.255.255.0 mtu 1500 up
May 31 08:47:17: ./up.sh tap0 1500 1576 xxx.xxx.xxx.xxx 255.255.255.0 init
May 31 08:47:17: WARNING: External program may not be called unless '--script-security 2' or higher is enabled. Use '--script-security 3 system' for backward compatibility with 2.1_rc8 and earlier. See --help text or man page for detailed info.
Here is the log:
Checking reachability status of connection...
Connection is reachable. Starting connection attempt.
May 31 08:47:09: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
May 31 08:47:09: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
May 31 08:47:10: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
May 31 08:47:10: LZO compression initialized
May 31 08:47:10: Attempting to establish TCP connection with xxx.xxx.xxx.xxx:443 [nonblock]
May 31 08:47:14: TCP connection established with xxx.xxx.xxx.xxx:443
May 31 08:47:14: TCPv4_CLIENT link local: [undef]
May 31 08:47:14: TCPv4_CLIENT link remote: xxx.xxx.xxx.xxx:443
May 31 08:47:15: [openvpn] Peer Connection Initiated with xxx.xxx.xxx.xxx:443
May 31 08:47:17: TUN/TAP device /dev/tap0 opened
May 31 08:47:17: /sbin/ifconfig tap0 delete
May 31 08:47:17: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
May 31 08:47:17: /sbin/ifconfig tap0 xxx.xxx.xxx.xxx netmask 255.255.255.0 mtu 1500 up
May 31 08:47:17: ./up.sh tap0 1500 1576 xxx.xxx.xxx.xxx 255.255.255.0 init
May 31 08:47:17: WARNING: External program may not be called unless '--script-security 2' or higher is enabled. Use '--script-security 3 system' for backward compatibility with 2.1_rc8 and earlier. See --help text or man page for detailed info.
Hi Matt,
It seems like you are using a custom OpenVPN up script (up.sh) - do you know what it does? Are you able to post its contents (minus any sensitive addresses)?
Cheers,
James
It seems like you are using a custom OpenVPN up script (up.sh) - do you know what it does? Are you able to post its contents (minus any sensitive addresses)?
Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
James,
I wanted to also let you know that we're experiencing the same problem with 1.3. Upon downgrading to 1.2.3 we are now able to successfully VPN back in.
This is as far as we can get in 1.3:
Checking reachability status of connection...
Connection is reachable. Starting connection attempt.
(Hangs)
Thanks,
JP
I wanted to also let you know that we're experiencing the same problem with 1.3. Upon downgrading to 1.2.3 we are now able to successfully VPN back in.
This is as far as we can get in 1.3:
Checking reachability status of connection...
Connection is reachable. Starting connection attempt.
(Hangs)
Thanks,
JP