Skip to content
IPv6 not blocked
Got a problem with Viscosity or need help? Ask here!
IPv6 traffic not blocked despite having the "Disable IPv6 traffic ..." option disabled. Any idea why? Using NordVPN connection and tested with both https://whatismyipaddress.com/ and https://test-ipv6.com/. It's working fine (IPv6 traffic is not leaking) whilst using the NordVPN app.
Hi KR15T0,
The "Block IPv6 traffic while connected to IPv4-only VPN connections" option only blocks IPv6 traffic if the VPN connection has no IPv6 routing configured. A common misunderstanding of the feature is thinking that it always blocks IPv6, which isn't the case: if your VPN connection is configured to route IPv6 traffic through it then IPv6 traffic won't be blocked.
If you have the option enabled, and IPv6 traffic is still working when you connect to a VPN connection, you should check the VPN connection's settings to see whether it is configured to route IPv6. Check the All Traffic setting and make sure it's set to "Send all IPv4 traffic over VPN connection" and not "Send all traffic over VPN connection" (which routes both IPv4 and IPv6). Also check to see whether your VPN connection is being assigned an IPv6 address or not.
If you want to block IPv6 more aggressively, you can instead add "block-ipv6" as an advanced command:
https://www.sparklabs.com/support/kb/ar ... block-ipv6
https://www.sparklabs.com/support/kb/ar ... n-commands
Cheers,
James
The "Block IPv6 traffic while connected to IPv4-only VPN connections" option only blocks IPv6 traffic if the VPN connection has no IPv6 routing configured. A common misunderstanding of the feature is thinking that it always blocks IPv6, which isn't the case: if your VPN connection is configured to route IPv6 traffic through it then IPv6 traffic won't be blocked.
If you have the option enabled, and IPv6 traffic is still working when you connect to a VPN connection, you should check the VPN connection's settings to see whether it is configured to route IPv6. Check the All Traffic setting and make sure it's set to "Send all IPv4 traffic over VPN connection" and not "Send all traffic over VPN connection" (which routes both IPv4 and IPv6). Also check to see whether your VPN connection is being assigned an IPv6 address or not.
If you want to block IPv6 more aggressively, you can instead add "block-ipv6" as an advanced command:
https://www.sparklabs.com/support/kb/ar ... block-ipv6
https://www.sparklabs.com/support/kb/ar ... n-commands
Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
Hi James,
I don't think that the VPN connection routes IPv6 traffic. I'm using NordVPN servers. When using Viscosity VPN my ISP IPv6 IP address is visible via https://test-ipv6.com/ , when using the same server but via the NordVPN app I get no IPv6 address. Same server, same browser, Mac laptop, router etc.
Any other ideas?
Thanks,
C.
I don't think that the VPN connection routes IPv6 traffic. I'm using NordVPN servers. When using Viscosity VPN my ISP IPv6 IP address is visible via https://test-ipv6.com/ , when using the same server but via the NordVPN app I get no IPv6 address. Same server, same browser, Mac laptop, router etc.
Any other ideas?
Thanks,
C.
Hi KR15T0,
Can you please post the details listed in the following article and we can take a closer look for you:
https://www.sparklabs.com/support/kb/ar ... ort-staff/
Cheers,
James
Can you please post the details listed in the following article and we can take a closer look for you:
https://www.sparklabs.com/support/kb/ar ... ort-staff/
Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
Hi James,
Please see below.
1. Raw Configuration Data
Please see below.
1. Raw Configuration Data
Code: Select all
2. Connection log (verb changed to 5)
#-- Configuration Generated By Viscosity --#
#viscosity name uk2112.nordvpn.com.udp
#viscosity protocol openvpn
#viscosity startonopen false
#viscosity usepeerdns true
#viscosity dns automatic
#viscosity autoreconnect true
#viscosity dhcp true
remote 194.35.233.107 1194 udp
nobind
dev tun
redirect-gateway def1 ipv6
tun-mtu 1500
ping 15
ping-restart 0
persist-tun
persist-key
pull
auth-user-pass
tls-client
ca ca.crt
remote-cert-tls server
tls-auth ta.key 1
auth SHA512
cipher AES-256-CBC
comp-lzo no
fast-io
mssfix 1450
ping-timer-rem
remote-random
reneg-sec 0
resolv-retry infinite
tun-mtu-extra 32
verb 5
verify-x509-name CN=uk2112.nordvpn.com
Code: Select all
2024-04-05 14:27:26: Viscosity Mac 1.11 (1675)
2024-04-05 14:27:26: Viscosity OpenVPN Engine Started
2024-04-05 14:27:26: Running on macOS 11.7.10
2024-04-05 14:27:26: ---------
2024-04-05 14:27:26: State changed to Connecting
2024-04-05 14:27:26: Checking reachability status of connection...
2024-04-05 14:27:26: Connection is reachable. Starting connection attempt.
2024-04-05 14:27:26: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations.
2024-04-05 14:27:26: Current Parameter Settings:
2024-04-05 14:27:26: config = 'config.conf'
2024-04-05 14:27:26: mode = 0
2024-04-05 14:27:26: show_ciphers = DISABLED
2024-04-05 14:27:26: show_digests = DISABLED
2024-04-05 14:27:26: show_engines = DISABLED
2024-04-05 14:27:26: genkey = DISABLED
2024-04-05 14:27:26: genkey_filename = '[UNDEF]'
2024-04-05 14:27:26: key_pass_file = '[UNDEF]'
2024-04-05 14:27:26: show_tls_ciphers = DISABLED
2024-04-05 14:27:26: connect_retry_max = 0
2024-04-05 14:27:26: Connection profiles [0]:
2024-04-05 14:27:26: proto = udp
2024-04-05 14:27:26: local = '[UNDEF]'
2024-04-05 14:27:26: local_port = '[UNDEF]'
2024-04-05 14:27:26: remote = '194.35.233.107'
2024-04-05 14:27:26: remote_port = '1194'
2024-04-05 14:27:26: remote_float = DISABLED
2024-04-05 14:27:26: bind_defined = DISABLED
2024-04-05 14:27:26: bind_local = DISABLED
2024-04-05 14:27:26: bind_ipv6_only = DISABLED
2024-04-05 14:27:26: connect_retry_seconds = 1
2024-04-05 14:27:26: connect_timeout = 120
2024-04-05 14:27:26: socks_proxy_server = '[UNDEF]'
2024-04-05 14:27:26: socks_proxy_port = '[UNDEF]'
2024-04-05 14:27:26: tun_mtu = 1500
2024-04-05 14:27:26: tun_mtu_defined = ENABLED
2024-04-05 14:27:26: link_mtu = 1500
2024-04-05 14:27:26: link_mtu_defined = DISABLED
2024-04-05 14:27:26: tun_mtu_extra = 32
2024-04-05 14:27:26: tun_mtu_extra_defined = ENABLED
2024-04-05 14:27:26: tls_mtu = 1250
2024-04-05 14:27:26: mtu_discover_type = -1
2024-04-05 14:27:26: NOTE: --mute triggered...
2024-04-05 14:27:26: 258 variation(s) on previous 100 message(s) suppressed by --mute
2024-04-05 14:27:26: OpenVPN 2.6.9 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD]
2024-04-05 14:27:26: library versions: OpenSSL 3.0.13 30 Jan 2024, LZO 2.10
2024-04-05 14:27:26: Valid endpoint found: 194.35.233.107:1194:udp
2024-04-05 14:27:26: WARNING: --ping should normally be used with --ping-restart or --ping-exit
2024-04-05 14:27:26: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2024-04-05 14:27:26: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2024-04-05 14:27:26: Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
2024-04-05 14:27:26: Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1800 tailroom:568 ET:32 ]
2024-04-05 14:27:26: TCP/UDP: Preserving recently used remote address: [AF_INET]194.35.233.107:1194
2024-04-05 14:27:26: Socket Buffers: R=[786896->786896] S=[9216->9216]
2024-04-05 14:27:26: UDPv4 link local: (not bound)
2024-04-05 14:27:26: UDPv4 link remote: [AF_INET]194.35.233.107:1194
2024-04-05 14:27:26: TLS: Initial packet from [AF_INET]194.35.233.107:1194, sid=b9440535 a3271c69
2024-04-05 14:27:26: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2024-04-05 14:27:26: State changed to Authenticating
2024-04-05 14:27:26: VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
2024-04-05 14:27:26: VERIFY OK: depth=1, O=NordVPN, CN=NordVPN CA9
2024-04-05 14:27:26: VERIFY KU OK
2024-04-05 14:27:26: Validating certificate extended key usage
2024-04-05 14:27:26: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2024-04-05 14:27:26: VERIFY EKU OK
2024-04-05 14:27:26: VERIFY X509NAME OK: CN=uk2112.nordvpn.com
2024-04-05 14:27:26: VERIFY OK: depth=0, CN=uk2112.nordvpn.com
2024-04-05 14:27:26: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bits RSA, signature: RSA-SHA512, peer temporary key: 253 bits X25519
2024-04-05 14:27:26: [uk2112.nordvpn.com] Peer Connection Initiated with [AF_INET]194.35.233.107:1194
2024-04-05 14:27:26: TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2024-04-05 14:27:26: TLS: tls_multi_process: initial untrusted session promoted to trusted
2024-04-05 14:27:26: SENT CONTROL [uk2112.nordvpn.com]: 'PUSH_REQUEST' (status=1)
2024-04-05 14:27:27: SENT CONTROL [uk2112.nordvpn.com]: 'PUSH_REQUEST' (status=1)
2024-04-05 14:27:27: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 103.86.96.100,dhcp-option DNS 103.86.99.100,explicit-exit-notify,comp-lzo no,route-gateway 10.8.2.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.2.6 255.255.255.0,peer-id 4,cipher AES-256-GCM'
2024-04-05 14:27:27: WARNING: You have specified redirect-gateway and redirect-private at the same time (or the same option multiple times). This is not well supported and may lead to unexpected results
2024-04-05 14:27:27: OPTIONS IMPORT: --ifconfig/up options modified
2024-04-05 14:27:27: OPTIONS IMPORT: route options modified
2024-04-05 14:27:27: OPTIONS IMPORT: route-related options modified
2024-04-05 14:27:27: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2024-04-05 14:27:27: GDG6: remote_host_ipv6=n/a
2024-04-05 14:27:27: Opened utun device utun10
2024-04-05 14:27:27: do_ifconfig, ipv4=1, ipv6=0
2024-04-05 14:27:27: /sbin/ifconfig utun10 delete
2024-04-05 14:27:27: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2024-04-05 14:27:27: /sbin/ifconfig utun10 10.8.2.6 10.8.2.6 netmask 255.255.255.0 mtu 1500 up
2024-04-05 14:27:27: /sbin/route add -net 10.8.2.0 10.8.2.6 255.255.255.0
2024-04-05 14:27:27: /sbin/route add -net 194.35.233.107 192.168.1.1 255.255.255.255
2024-04-05 14:27:27: /sbin/route add -net 0.0.0.0 10.8.2.1 128.0.0.0
2024-04-05 14:27:27: /sbin/route add -net 128.0.0.0 10.8.2.1 128.0.0.0
2024-04-05 14:27:27: WARNING: OpenVPN was configured to add an IPv6 route. However, no IPv6 has been configured for utun10, therefore the route installation may fail or may not work as expected.
2024-04-05 14:27:27: add_route_ipv6(::/3 -> :: metric -1) dev utun10
2024-04-05 14:27:27: /sbin/route add -inet6 :: -prefixlen 3 -iface utun10
2024-04-05 14:27:27: add_route_ipv6(2000::/4 -> :: metric -1) dev utun10
2024-04-05 14:27:27: /sbin/route add -inet6 2000:: -prefixlen 4 -iface utun10
2024-04-05 14:27:27: add_route_ipv6(3000::/4 -> :: metric -1) dev utun10
2024-04-05 14:27:27: /sbin/route add -inet6 3000:: -prefixlen 4 -iface utun10
2024-04-05 14:27:27: add_route_ipv6(fc00::/7 -> :: metric -1) dev utun10
2024-04-05 14:27:27: /sbin/route add -inet6 fc00:: -prefixlen 7 -iface utun10
2024-04-05 14:27:27: Data Channel MTU parms [ mss_fix:1353 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1800 tailroom:568 ET:32 ]
2024-04-05 14:27:27: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2024-04-05 14:27:27: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2024-04-05 14:27:27: Initialization Sequence Completed
2024-04-05 14:27:27: Data Channel: cipher 'AES-256-GCM', peer-id: 4, compression: 'stub'
2024-04-05 14:27:27: Timers: ping 60, ping-restart 180
2024-04-05 14:27:27: Protocol options: explicit-exit-notify 1
2024-04-05 14:27:27: DNS mode set to Full
2024-04-05 14:27:27: DNS Server/s: 103.86.96.100, 103.86.99.100
2024-04-05 14:27:28: State changed to Connected
2024-04-05 14:27:28: DNS Engine Running
2024-04-05 14:27:28: Listening on [127.0.0.1]:53454, [::1]:53454
2024-04-05 14:27:28: Primary upstream endpoint/s: 103.86.96.100:53, 103.86.99.100:53
Hi KR15T0,
The configuration file specifies to redirect all IPv6 traffic:
Cheers,
James
The configuration file specifies to redirect all IPv6 traffic:
Code: Select all
This corresponds with the All Traffic option set to "Send all traffic over VPN connection" (which routes both IPv4 and IPv6). You'll want to change this to "Send all IPv4 traffic over VPN connection" or "Automatic".redirect-gateway def1 ipv6
Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
Hi James,
Sorry but it still does not work. I've saved and quit Viscosity between retries to ensure no change is inherited somehow...
Option 1 "Send all IPv4 traffic over VPN connection"
Sorry but it still does not work. I've saved and quit Viscosity between retries to ensure no change is inherited somehow...
Option 1 "Send all IPv4 traffic over VPN connection"
Code: Select all
Option 2 "Automatic"2024-04-06 11:46:33: Viscosity Mac 1.11 (1675)
2024-04-06 11:46:33: Viscosity OpenVPN Engine Started
2024-04-06 11:46:33: Running on macOS 11.7.10
2024-04-06 11:46:33: ---------
2024-04-06 11:46:33: State changed to Connecting
2024-04-06 11:46:33: Checking reachability status of connection...
2024-04-06 11:46:33: Connection is reachable. Starting connection attempt.
2024-04-06 11:46:33: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations.
2024-04-06 11:46:33: Current Parameter Settings:
2024-04-06 11:46:33: config = 'config.conf'
2024-04-06 11:46:33: mode = 0
2024-04-06 11:46:33: show_ciphers = DISABLED
2024-04-06 11:46:33: show_digests = DISABLED
2024-04-06 11:46:33: show_engines = DISABLED
2024-04-06 11:46:33: genkey = DISABLED
2024-04-06 11:46:33: genkey_filename = '[UNDEF]'
2024-04-06 11:46:33: key_pass_file = '[UNDEF]'
2024-04-06 11:46:33: show_tls_ciphers = DISABLED
2024-04-06 11:46:33: connect_retry_max = 0
2024-04-06 11:46:33: Connection profiles [0]:
2024-04-06 11:46:33: proto = udp
2024-04-06 11:46:33: local = '[UNDEF]'
2024-04-06 11:46:33: local_port = '[UNDEF]'
2024-04-06 11:46:33: remote = '194.35.233.107'
2024-04-06 11:46:33: remote_port = '1194'
2024-04-06 11:46:33: remote_float = DISABLED
2024-04-06 11:46:33: bind_defined = DISABLED
2024-04-06 11:46:33: bind_local = DISABLED
2024-04-06 11:46:33: bind_ipv6_only = DISABLED
2024-04-06 11:46:33: connect_retry_seconds = 1
2024-04-06 11:46:33: connect_timeout = 120
2024-04-06 11:46:33: socks_proxy_server = '[UNDEF]'
2024-04-06 11:46:33: socks_proxy_port = '[UNDEF]'
2024-04-06 11:46:33: tun_mtu = 1500
2024-04-06 11:46:33: tun_mtu_defined = ENABLED
2024-04-06 11:46:33: link_mtu = 1500
2024-04-06 11:46:33: link_mtu_defined = DISABLED
2024-04-06 11:46:33: tun_mtu_extra = 32
2024-04-06 11:46:33: tun_mtu_extra_defined = ENABLED
2024-04-06 11:46:33: tls_mtu = 1250
2024-04-06 11:46:33: mtu_discover_type = -1
2024-04-06 11:46:33: NOTE: --mute triggered...
2024-04-06 11:46:33: 258 variation(s) on previous 100 message(s) suppressed by --mute
2024-04-06 11:46:33: OpenVPN 2.6.9 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD]
2024-04-06 11:46:33: library versions: OpenSSL 3.0.13 30 Jan 2024, LZO 2.10
2024-04-06 11:46:33: Valid endpoint found: 194.35.233.107:1194:udp
2024-04-06 11:46:33: WARNING: --ping should normally be used with --ping-restart or --ping-exit
2024-04-06 11:46:33: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2024-04-06 11:46:33: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2024-04-06 11:46:33: Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
2024-04-06 11:46:33: Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1800 tailroom:568 ET:32 ]
2024-04-06 11:46:33: TCP/UDP: Preserving recently used remote address: [AF_INET]194.35.233.107:1194
2024-04-06 11:46:33: Socket Buffers: R=[786896->786896] S=[9216->9216]
2024-04-06 11:46:33: UDPv4 link local: (not bound)
2024-04-06 11:46:33: UDPv4 link remote: [AF_INET]194.35.233.107:1194
2024-04-06 11:46:33: TLS: Initial packet from [AF_INET]194.35.233.107:1194, sid=8dd6df60 f927d38b
2024-04-06 11:46:33: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2024-04-06 11:46:33: State changed to Authenticating
2024-04-06 11:46:34: VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
2024-04-06 11:46:34: VERIFY OK: depth=1, O=NordVPN, CN=NordVPN CA9
2024-04-06 11:46:34: VERIFY KU OK
2024-04-06 11:46:34: Validating certificate extended key usage
2024-04-06 11:46:34: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2024-04-06 11:46:34: VERIFY EKU OK
2024-04-06 11:46:34: VERIFY X509NAME OK: CN=uk2112.nordvpn.com
2024-04-06 11:46:34: VERIFY OK: depth=0, CN=uk2112.nordvpn.com
2024-04-06 11:46:34: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bits RSA, signature: RSA-SHA512, peer temporary key: 253 bits X25519
2024-04-06 11:46:34: [uk2112.nordvpn.com] Peer Connection Initiated with [AF_INET]194.35.233.107:1194
2024-04-06 11:46:34: TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2024-04-06 11:46:34: TLS: tls_multi_process: initial untrusted session promoted to trusted
2024-04-06 11:46:34: SENT CONTROL [uk2112.nordvpn.com]: 'PUSH_REQUEST' (status=1)
2024-04-06 11:46:34: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 103.86.96.100,dhcp-option DNS 103.86.99.100,explicit-exit-notify,comp-lzo no,route-gateway 10.8.3.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.3.6 255.255.255.0,peer-id 1,cipher AES-256-GCM'
2024-04-06 11:46:34: WARNING: You have specified redirect-gateway and redirect-private at the same time (or the same option multiple times). This is not well supported and may lead to unexpected results
2024-04-06 11:46:34: OPTIONS IMPORT: --ifconfig/up options modified
2024-04-06 11:46:34: OPTIONS IMPORT: route options modified
2024-04-06 11:46:34: OPTIONS IMPORT: route-related options modified
2024-04-06 11:46:34: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2024-04-06 11:46:34: Opened utun device utun10
2024-04-06 11:46:34: do_ifconfig, ipv4=1, ipv6=0
2024-04-06 11:46:34: /sbin/ifconfig utun10 delete
2024-04-06 11:46:34: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2024-04-06 11:46:34: /sbin/ifconfig utun10 10.8.3.6 10.8.3.6 netmask 255.255.255.0 mtu 1500 up
2024-04-06 11:46:34: /sbin/route add -net 10.8.3.0 10.8.3.6 255.255.255.0
2024-04-06 11:46:34: /sbin/route add -net 194.35.233.107 192.168.1.1 255.255.255.255
2024-04-06 11:46:34: /sbin/route add -net 0.0.0.0 10.8.3.1 128.0.0.0
2024-04-06 11:46:34: /sbin/route add -net 128.0.0.0 10.8.3.1 128.0.0.0
2024-04-06 11:46:34: Data Channel MTU parms [ mss_fix:1353 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1800 tailroom:568 ET:32 ]
2024-04-06 11:46:34: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2024-04-06 11:46:34: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2024-04-06 11:46:34: Initialization Sequence Completed
2024-04-06 11:46:34: Data Channel: cipher 'AES-256-GCM', peer-id: 1, compression: 'stub'
2024-04-06 11:46:34: Timers: ping 60, ping-restart 180
2024-04-06 11:46:34: Protocol options: explicit-exit-notify 1
2024-04-06 11:46:34: DNS mode set to Full
2024-04-06 11:46:34: DNS Server/s: 103.86.96.100, 103.86.99.100
2024-04-06 11:46:34: State changed to Connected
2024-04-06 11:46:34: DNS Engine Running
2024-04-06 11:46:34: Listening on [127.0.0.1]:59004, [::1]:59004
2024-04-06 11:46:34: Primary upstream endpoint/s: 103.86.96.100:53, 103.86.99.100:53
Code: Select all
2024-04-06 11:48:41: Viscosity Mac 1.11 (1675)
2024-04-06 11:48:41: Viscosity OpenVPN Engine Started
2024-04-06 11:48:41: Running on macOS 11.7.10
2024-04-06 11:48:41: ---------
2024-04-06 11:48:41: State changed to Connecting
2024-04-06 11:48:41: Checking reachability status of connection...
2024-04-06 11:48:41: Connection is reachable. Starting connection attempt.
2024-04-06 11:48:41: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations.
2024-04-06 11:48:41: Current Parameter Settings:
2024-04-06 11:48:41: config = 'config.conf'
2024-04-06 11:48:41: mode = 0
2024-04-06 11:48:41: show_ciphers = DISABLED
2024-04-06 11:48:41: show_digests = DISABLED
2024-04-06 11:48:41: show_engines = DISABLED
2024-04-06 11:48:41: genkey = DISABLED
2024-04-06 11:48:41: genkey_filename = '[UNDEF]'
2024-04-06 11:48:41: key_pass_file = '[UNDEF]'
2024-04-06 11:48:41: show_tls_ciphers = DISABLED
2024-04-06 11:48:41: connect_retry_max = 0
2024-04-06 11:48:41: Connection profiles [0]:
2024-04-06 11:48:41: proto = udp
2024-04-06 11:48:41: local = '[UNDEF]'
2024-04-06 11:48:41: local_port = '[UNDEF]'
2024-04-06 11:48:41: remote = '194.35.233.107'
2024-04-06 11:48:41: remote_port = '1194'
2024-04-06 11:48:41: remote_float = DISABLED
2024-04-06 11:48:41: bind_defined = DISABLED
2024-04-06 11:48:41: bind_local = DISABLED
2024-04-06 11:48:41: bind_ipv6_only = DISABLED
2024-04-06 11:48:41: connect_retry_seconds = 1
2024-04-06 11:48:41: connect_timeout = 120
2024-04-06 11:48:41: socks_proxy_server = '[UNDEF]'
2024-04-06 11:48:41: socks_proxy_port = '[UNDEF]'
2024-04-06 11:48:41: tun_mtu = 1500
2024-04-06 11:48:41: tun_mtu_defined = ENABLED
2024-04-06 11:48:41: link_mtu = 1500
2024-04-06 11:48:41: link_mtu_defined = DISABLED
2024-04-06 11:48:41: tun_mtu_extra = 32
2024-04-06 11:48:41: tun_mtu_extra_defined = ENABLED
2024-04-06 11:48:41: tls_mtu = 1250
2024-04-06 11:48:41: mtu_discover_type = -1
2024-04-06 11:48:41: NOTE: --mute triggered...
2024-04-06 11:48:41: 257 variation(s) on previous 100 message(s) suppressed by --mute
2024-04-06 11:48:41: OpenVPN 2.6.9 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD]
2024-04-06 11:48:41: library versions: OpenSSL 3.0.13 30 Jan 2024, LZO 2.10
2024-04-06 11:48:41: Valid endpoint found: 194.35.233.107:1194:udp
2024-04-06 11:48:41: WARNING: --ping should normally be used with --ping-restart or --ping-exit
2024-04-06 11:48:41: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2024-04-06 11:48:41: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2024-04-06 11:48:41: Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
2024-04-06 11:48:41: Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1800 tailroom:568 ET:32 ]
2024-04-06 11:48:41: TCP/UDP: Preserving recently used remote address: [AF_INET]194.35.233.107:1194
2024-04-06 11:48:41: Socket Buffers: R=[786896->786896] S=[9216->9216]
2024-04-06 11:48:41: UDPv4 link local: (not bound)
2024-04-06 11:48:41: UDPv4 link remote: [AF_INET]194.35.233.107:1194
2024-04-06 11:48:41: TLS: Initial packet from [AF_INET]194.35.233.107:1194, sid=b6a8cb27 955ecca0
2024-04-06 11:48:41: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2024-04-06 11:48:41: State changed to Authenticating
2024-04-06 11:48:41: VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
2024-04-06 11:48:41: VERIFY OK: depth=1, O=NordVPN, CN=NordVPN CA9
2024-04-06 11:48:41: VERIFY KU OK
2024-04-06 11:48:41: Validating certificate extended key usage
2024-04-06 11:48:41: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2024-04-06 11:48:41: VERIFY EKU OK
2024-04-06 11:48:41: VERIFY X509NAME OK: CN=uk2112.nordvpn.com
2024-04-06 11:48:41: VERIFY OK: depth=0, CN=uk2112.nordvpn.com
2024-04-06 11:48:41: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bits RSA, signature: RSA-SHA512, peer temporary key: 253 bits X25519
2024-04-06 11:48:41: [uk2112.nordvpn.com] Peer Connection Initiated with [AF_INET]194.35.233.107:1194
2024-04-06 11:48:41: TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2024-04-06 11:48:41: TLS: tls_multi_process: initial untrusted session promoted to trusted
2024-04-06 11:48:41: SENT CONTROL [uk2112.nordvpn.com]: 'PUSH_REQUEST' (status=1)
2024-04-06 11:48:42: SENT CONTROL [uk2112.nordvpn.com]: 'PUSH_REQUEST' (status=1)
2024-04-06 11:48:42: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 103.86.96.100,dhcp-option DNS 103.86.99.100,explicit-exit-notify,comp-lzo no,route-gateway 10.8.0.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.0.7 255.255.255.0,peer-id 5,cipher AES-256-GCM'
2024-04-06 11:48:42: OPTIONS IMPORT: --ifconfig/up options modified
2024-04-06 11:48:42: OPTIONS IMPORT: route options modified
2024-04-06 11:48:42: OPTIONS IMPORT: route-related options modified
2024-04-06 11:48:42: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2024-04-06 11:48:42: Opened utun device utun10
2024-04-06 11:48:42: do_ifconfig, ipv4=1, ipv6=0
2024-04-06 11:48:42: /sbin/ifconfig utun10 delete
2024-04-06 11:48:43: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2024-04-06 11:48:43: /sbin/ifconfig utun10 10.8.0.7 10.8.0.7 netmask 255.255.255.0 mtu 1500 up
2024-04-06 11:48:43: /sbin/route add -net 10.8.0.0 10.8.0.7 255.255.255.0
2024-04-06 11:48:43: /sbin/route add -net 194.35.233.107 192.168.1.1 255.255.255.255
2024-04-06 11:48:43: /sbin/route add -net 0.0.0.0 10.8.0.1 128.0.0.0
2024-04-06 11:48:43: /sbin/route add -net 128.0.0.0 10.8.0.1 128.0.0.0
2024-04-06 11:48:43: Data Channel MTU parms [ mss_fix:1353 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1800 tailroom:568 ET:32 ]
2024-04-06 11:48:43: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2024-04-06 11:48:43: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2024-04-06 11:48:43: Initialization Sequence Completed
2024-04-06 11:48:43: Data Channel: cipher 'AES-256-GCM', peer-id: 5, compression: 'stub'
2024-04-06 11:48:43: Timers: ping 60, ping-restart 180
2024-04-06 11:48:43: Protocol options: explicit-exit-notify 1
2024-04-06 11:48:43: DNS mode set to Full
2024-04-06 11:48:43: DNS Server/s: 103.86.96.100, 103.86.99.100
2024-04-06 11:48:43: State changed to Connected
2024-04-06 11:48:43: DNS Engine Running
2024-04-06 11:48:43: Listening on [127.0.0.1]:59164, [::1]:59164
2024-04-06 11:48:43: Primary upstream endpoint/s: 103.86.96.100:53, 103.86.99.100:53
Hi KR15T0,
To keep you in the loop, we've just released an updated beta version with the following changes:
1. If the VPN connection has been configured to route all IPv6 traffic, but it doesn't actually have an assigned IPv6 address, treat this as IPv6 blocking being required. This should help reduce confusion surrounding the All Traffic option and blocking IPv6.
2. When IPv6 blocking has been activated, an "IPv6 blocking enabled" message will be added to the connection log. This should make it more obvious when debugging whether IPv6 blocking was enabled. If this message is appearing, but IPv6 doesn't appear to be getting blocked, it likely means something else is alternating the computer's routing table.
You can update to the latest beta version using the instructions at: https://www.sparklabs.com/support/kb/ar ... -versions/
Cheers,
James
To keep you in the loop, we've just released an updated beta version with the following changes:
1. If the VPN connection has been configured to route all IPv6 traffic, but it doesn't actually have an assigned IPv6 address, treat this as IPv6 blocking being required. This should help reduce confusion surrounding the All Traffic option and blocking IPv6.
2. When IPv6 blocking has been activated, an "IPv6 blocking enabled" message will be added to the connection log. This should make it more obvious when debugging whether IPv6 blocking was enabled. If this message is appearing, but IPv6 doesn't appear to be getting blocked, it likely means something else is alternating the computer's routing table.
You can update to the latest beta version using the instructions at: https://www.sparklabs.com/support/kb/ar ... -versions/
Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
That's great, thanks, James! I'm confirming that this latest beta fixed the issue. For reference, I've left the option "All Traffic" set to "Automatic (Set by server)" option in the connection setting along with "Block IPv6 connections" in the Advanced section.
9 posts
Page 1 of 1