Authentication failure to CloudConnexa

Got a problem with Viscosity or need help? Ask here!

chorn

Posts: 1
Joined: Tue Sep 12, 2023 3:47 am

Post by chorn » Tue Sep 12, 2023 3:51 am
The latest client does not support connecting to the managed OpenVPN service called CloudConnexa.
Code: Select all
2023-09-11 13:40:33: State changed to Connecting
2023-09-11 13:40:33: Checking reachability status of connection...
2023-09-11 13:40:33: Connection is reachable. Starting connection attempt.
2023-09-11 13:40:33: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2023-09-11 13:40:33: OpenVPN 2.5.9 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Jun  9 2023
2023-09-11 13:40:33: library versions: OpenSSL 1.1.1u  30 May 2023, LZO 2.10
2023-09-11 13:40:34: Resolving address: us-ewr.gw.openvpn.com
2023-09-11 13:40:34: Valid endpoint found: 38.84.70.142:1194:udp
2023-09-11 13:40:34: Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-09-11 13:40:34: Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-09-11 13:40:34: TCP/UDP: Preserving recently used remote address: [AF_INET]38.84.70.142:1194
2023-09-11 13:40:34: Socket Buffers: R=[786896->786896] S=[9216->9216]
2023-09-11 13:40:34: NOTE: setsockopt TCP_NODELAY=1 failed
2023-09-11 13:40:34: UDP link local: (not bound)
2023-09-11 13:40:34: UDP link remote: [AF_INET]38.84.70.142:1194
2023-09-11 13:40:34: State changed to Authenticating
2023-09-11 13:40:34: TLS: Initial packet from [AF_INET]38.84.70.142:1194, sid=64e29663 6b9ae6ee
2023-09-11 13:40:34: VERIFY OK: depth=1, CN=CloudVPN Prod CA
2023-09-11 13:40:34: VERIFY KU OK
2023-09-11 13:40:34: Validating certificate extended key usage
2023-09-11 13:40:34: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2023-09-11 13:40:34: VERIFY EKU OK
2023-09-11 13:40:34: VERIFY OK: depth=0, CN=us-ewr-dc2-g1.cloud.openvpn.net
2023-09-11 13:40:34: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2023-09-11 13:40:34: [us-ewr-dc2-g1.cloud.openvpn.net] Peer Connection Initiated with [AF_INET]38.84.70.142:1194
2023-09-11 13:40:34: SENT CONTROL [us-ewr-dc2-g1.cloud.openvpn.net]: 'PUSH_REQUEST' (status=1)
2023-09-11 13:40:34: AUTH: Received control message: AUTH_FAILED,The version of OpenVPN Connect client installed on this device is not compatible. Please download the latest version from https://openvpn.net/vpn-client/
2023-09-11 13:42:15: State changed to Disconnecting (Authentication Failed)
2023-09-11 13:42:15: SIGUSR1[soft,auth-failure] received, process restarting
2023-09-11 13:42:15: Viscosity Mac 1.10.7 (1650)
2023-09-11 13:42:15: Viscosity OpenVPN Engine Started
2023-09-11 13:42:15: Running on macOS 13.5

James

User avatar
Posts: 2371
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Tue Sep 12, 2023 4:32 pm
Hi chorn,

Are you still unable to connect? We've just tried connecting to a couple of OpenVPN Cloud/CloudConnexa instances with Viscosity and we were able to connect without issue.

It's possible they may have a temporary bug with their client identifier/version parsing, causing client connections to be rejected. It looks like they're trying to block old versions of "OpenVPN Connect" from connecting, and may have accidentally blocked other clients as well.

The line for your log that appears to indicate what happened is:

2023-09-11 13:40:34: AUTH: Received control message: AUTH_FAILED,The version of OpenVPN Connect client installed on this device is not compatible.

As far as I'm aware CloudConnexa supports standard OpenVPN clients. However, if you're still seeing this error message then it means you're being rejected from connecting using OpenVPN/Viscosity. I'm afraid you'll have to reach out to CloudConnexa for more information in this instance, as there is nothing we can do about it from our end if they've decided to block OpenVPN clients from their service.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
2 posts Page 1 of 1