Never completes connecting

Got a problem with Viscosity or need help? Ask here!

chilli

Posts: 3
Joined: Sat Apr 16, 2016 3:41 am

Post by chilli » Sat Apr 16, 2016 4:51 am
Reviving an old thread instead of starting a new one.

Based on the above, I suspect my problem lies in the LAN on campus here, but figured I'd post to the forum to confirm. I've been using Viscosity for a while now, and previously had no troubles (love it!). Yesterday, Viscosity could connect fine through campus wifi. Went home, connected fine. Came back to campus today = no dice. I've made no changes to certificate/key files, direction/verify commands, or config files since initially setting up & importing quite a while ago. Since I have no control over campus network resources (including firewall), is there anything I can do on my end? See below for log.
Thanks!!

Apr 15 11:16:22: Viscosity Mac 1.6.2 (1342)
Apr 15 11:16:22: Viscosity OpenVPN Engine Started
Apr 15 11:16:22: Running on Mac OS X 10.11.4
Apr 15 11:16:22: ---------
Apr 15 11:16:22: Checking reachability status of connection...
Apr 15 11:16:22: Connection is reachable. Starting connection attempt.
Apr 15 11:16:23: OpenVPN 2.3.10 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Mar 2 2016
Apr 15 11:16:23: library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.09
Apr 15 11:16:26: UDPv4 link local: [undef]
Apr 15 11:16:26: UDPv4 link remote: [AF_INET]146.112.61.106:1194
Apr 15 11:17:26: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Apr 15 11:17:26: TLS Error: TLS handshake failed
Apr 15 11:17:26: SIGTERM[soft,tls-error] received, process exiting

chilli

Posts: 3
Joined: Sat Apr 16, 2016 3:41 am

Post by chilli » Sat Apr 16, 2016 8:10 am
This is an update to my last post, which was asking about options when there's a TLS error, cert/key & config files are apparently OK, and the connection attempt is made from a campus network (i.e. not a network or firewall to which I can make changes).
So, a few hours after my first post I gave the connection another shot and it worked! It doesn't make much sense to me, especially if we assume was due to some feature of the campus LAN (I mean, I can't imagine why the heck IT would flip-flop on network security). I did shut down my computer for a little while between the last attempt and this one (which leads me to believe that it may have been something 'internal' after all). However, I'm at a lack for an explanation. If anyone has any thoughts they'd like to share, I'd greatly appreciate input. Otherwise, I suppose the issue is resolved (for now).

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Tue Apr 19, 2016 2:49 am
Hi chilli,

Your log indicates that you're trying to connect to an IP address of "146.112.61.106". This appears to be an OpenDNS IP indicating that the server you're actually trying to connect to is blocked:
https://support.opendns.com/entries/697 ... Addresses-

What this means is that it's likely your campus is using OpenDNS for its DNS servers, and they've blocked the VPN server you were trying to connect to using DNS. So when Viscosity attempted to resolve your server's address, for example vpn.myexamplevpnservice.com, it was blocked by OpenDNS and resolved it their block page IP address. Alternatively it could have nothing to do with your campus and you may be using OpenDNS yourself directly on your computer.

Such blocking is easy enough to get around: simply use a different DNS server on your computer (such as Google's), or enter the correct IP address of the VPN server into the remote address field in Viscosity instead of a DNS domain.

As for why it's working now and not previously: your campus may have only been using OpenDNS blocking temporarily.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

chilli

Posts: 3
Joined: Sat Apr 16, 2016 3:41 am

Post by chilli » Tue Apr 19, 2016 9:49 am
Thanks for the info! Super helpful. Strangely enough, today it was blocked again. So, I followed your advice and entered the IP of the VPN into Viscosity's remote server field, and *PRESTO* it worked perfectly!
I still can't imagine why the campus would be using OpenDNS blocking on what appears to be a periodic—during regular business hours—basis. I have saved both connections (remote server= VPN IP specified and remote server= server address) to test this out occasionally at different times of day to see if the trend holds true.
Anyway, thanks again!! :D
4 posts Page 1 of 1