Unable to access internet resources via tunnels VPN

Got a problem with Viscosity or need help? Ask here!

simon.oldfield

Posts: 2
Joined: Wed Oct 05, 2016 6:50 pm

Post by simon.oldfield » Wed Oct 05, 2016 6:55 pm
I'm using viscosity to access my tunnels VPN (mac os 10.12 aka sierra).

Starting yesterday I can connect ok but am unable to connect to anything. Previously was working fine.

In the viscosity log I see the following...
Code: Select all
Oct 05 18:46:00: Viscosity Mac 1.6.6 (1358)
Oct 05 18:46:00: Viscosity OpenVPN Engine Started
Oct 05 18:46:00: Running on Mac OS X 10.12
Oct 05 18:46:00: ---------
Oct 05 18:46:00: Checking reachability status of connection...
Oct 05 18:46:01: Connection is reachable. Starting connection attempt.
Oct 05 18:46:01: OpenVPN 2.3.12 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Aug 24 2016
Oct 05 18:46:01: library versions: OpenSSL 1.0.2h  3 May 2016, LZO 2.09
Oct 05 18:46:04: UDPv4 link local: [undef]
Oct 05 18:46:04: UDPv4 link remote: [AF_INET]64.120.56.66:1194
Oct 05 18:46:04: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Oct 05 18:46:09: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1542', remote='link-mtu 1574'
Oct 05 18:46:09: WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1500', remote='tun-mtu 1532'
Oct 05 18:46:09: WARNING: this cipher's block size is less than 128 bit (64 bit).  Consider using a --cipher with a larger block size.
Oct 05 18:46:09: WARNING: this cipher's block size is less than 128 bit (64 bit).  Consider using a --cipher with a larger block size.
Oct 05 18:46:09: [Tunnelr.com] Peer Connection Initiated with [AF_INET]64.120.56.66:1194
Oct 05 18:46:12: RESOLVE: Cannot resolve host address: delay: nodename nor servname provided, or not known
Oct 05 18:46:12: OpenVPN ROUTE: failed to parse/resolve route for host/network: delay
Oct 05 18:46:12: Opening utun (connect(AF_SYS_CONTROL)): Resource busy
Oct 05 18:46:12: Opening utun (connect(AF_SYS_CONTROL)): Resource busy
Oct 05 18:46:12: Opened utun device utun2
Oct 05 18:46:12: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Oct 05 18:46:12: /sbin/ifconfig utun2 delete
Oct 05 18:46:12: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
Oct 05 18:46:12: /sbin/ifconfig utun2 10.0.9.10 10.0.9.9 mtu 1500 netmask 255.255.255.255 up
Oct 05 18:46:12: Initialization Sequence Completed
Oct 05 18:46:12: DNS mode set to: Full
The
Code: Select all
RESOLVE: Cannot resolve host address: delay: nodename nor servname provided, or not known
looked suspicious but I haven't actually looked at the logs previously so I'm not sure if this is new or has always been there though.

Any help much appreciated.

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Fri Oct 07, 2016 2:55 pm
Hi simon.oldfield,

It sounds likely there was a "route delay ..." command in your configuration file, when it's supposed to be "route-delay ...". As you're using a tun based setup it's unlikely you need a route delay at all. This means you should edit the advanced commands section for your connection and remove the line with the "route delay" on it (it might appear as a route, in which case it'll be under the Networking tab instead), or remove the command from the configuration file you're importing and import it again.
http://www.sparklabs.com/support/kb/art ... -commands/

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

simon.oldfield

Posts: 2
Joined: Wed Oct 05, 2016 6:50 pm

Post by simon.oldfield » Fri Oct 07, 2016 3:56 pm
There was indeed a "delay" entry on the Networking tab.

I've removed it but the same behaviour remains - that is, the connection appears to succeed (and I see the "connected with IP address blah" message) but whenever I try to "go" anywhere - for e.g. in a browser (e.g. google) then it eventually times out.

An updated log is below...
Code: Select all
Oct 07 15:41:14: Viscosity Mac 1.6.6 (1358)
Oct 07 15:41:14: Viscosity OpenVPN Engine Started
Oct 07 15:41:14: Running on Mac OS X 10.12
Oct 07 15:41:14: ---------
Oct 07 15:41:14: Checking reachability status of connection...
Oct 07 15:41:14: Connection is reachable. Starting connection attempt.
Oct 07 15:41:14: OpenVPN 2.3.12 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Aug 24 2016
Oct 07 15:41:14: library versions: OpenSSL 1.0.2h  3 May 2016, LZO 2.09
Oct 07 15:41:17: UDPv4 link local: [undef]
Oct 07 15:41:17: UDPv4 link remote: [AF_INET]64.120.56.66:1194
Oct 07 15:41:18: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Oct 07 15:41:22: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1542', remote='link-mtu 1574'
Oct 07 15:41:22: WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1500', remote='tun-mtu 1532'
Oct 07 15:41:22: WARNING: this cipher's block size is less than 128 bit (64 bit).  Consider using a --cipher with a larger block size.
Oct 07 15:41:22: WARNING: this cipher's block size is less than 128 bit (64 bit).  Consider using a --cipher with a larger block size.
Oct 07 15:41:22: [Tunnelr.com] Peer Connection Initiated with [AF_INET]64.120.56.66:1194
Oct 07 15:41:25: Opening utun (connect(AF_SYS_CONTROL)): Resource busy
Oct 07 15:41:25: Opening utun (connect(AF_SYS_CONTROL)): Resource busy
Oct 07 15:41:25: Opened utun device utun2
Oct 07 15:41:25: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Oct 07 15:41:25: /sbin/ifconfig utun2 delete
Oct 07 15:41:25: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
Oct 07 15:41:25: /sbin/ifconfig utun2 10.0.9.18 10.0.9.17 mtu 1500 netmask 255.255.255.255 up
Oct 07 15:41:25: Initialization Sequence Completed
Oct 07 15:41:25: DNS mode set to: Full

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Fri Oct 07, 2016 11:27 pm
Hi simon.oldfield,

Your log all checks out from the client side. I suggest you double-check that traffic is being routed through the tunnel:
http://www.sparklabs.com/support/kb/art ... connection

If that looks fine then you're going to need to get in touch with your VPN Provider. You'll most likely want to work with them to address the MTU issues reported in the log, as well as the cipher block size warning (which indicates your connection is susceptible to a potential MITM attack).
http://www.sparklabs.com/support/kb/art ... ovider-is/

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
4 posts Page 1 of 1