SparkLabs Forum.

Community Help.


soft,connection-reset - process restarting Infinitely

Hi Guys,

I'm actually very eager to give my 9$ (nice work with the viscosity by the way, I really like this one (y) ), however, I'm kind of stuck here.

Can you help me with this one.


Jan 09 20:53:14: Viscosity Mac 1.6.7 (1364)
Jan 09 20:53:14: Viscosity OpenVPN Engine Started
Jan 09 20:53:14: Running on Mac OS X 10.12.2
Jan 09 20:53:14: ---------
Jan 09 20:53:14: Checking reachability status of connection...
Jan 09 20:53:15: Connection is reachable. Starting connection attempt.
Jan 09 20:53:15: OpenVPN 2.3.13 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Nov 4 2016
Jan 09 20:53:15: library versions: OpenSSL 1.0.2j 26 Sep 2016, LZO 2.09
Jan 09 20:53:26: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jan 09 20:53:26: Attempting to establish TCP connection with [AF_INET]196.15.23.68:443 [nonblock]
Jan 09 20:53:27: TCP connection established with [AF_INET]196.15.23.68:443
Jan 09 20:53:27: TCPv4_CLIENT link local: [undef]
Jan 09 20:53:27: TCPv4_CLIENT link remote: [AF_INET]196.15.23.68:443
Jan 09 20:53:27: Connection reset, restarting [-1]
Jan 09 20:53:27: SIGUSR1[soft,connection-reset] received, process restarting

Jan 09 20:53:27: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jan 09 20:53:27: Attempting to establish TCP connection with [AF_INET]196.15.23.68:443 [nonblock]
Jan 09 20:53:28: TCP connection established with [AF_INET]196.15.23.68:443
Jan 09 20:53:28: TCPv4_CLIENT link local: [undef]
Jan 09 20:53:28: TCPv4_CLIENT link remote: [AF_INET]196.15.23.68:443
Jan 09 20:53:29: Connection reset, restarting [-1]
Jan 09 20:53:29: SIGUSR1[soft,connection-reset] received, process restarting
Jan 09 20:53:29: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jan 09 20:53:29: Attempting to establish TCP connection with [AF_INET]196.15.23.68:443 [nonblock]
Jan 09 20:53:30: TCP connection established with [AF_INET]196.15.23.68:443
Jan 09 20:53:30: TCPv4_CLIENT link local: [undef]
Jan 09 20:53:30: TCPv4_CLIENT link remote: [AF_INET]196.15.23.68:443
Jan 09 20:53:30: Connection reset, restarting [-1]
Jan 09 20:53:30: SIGUSR1[soft,connection-reset] received, process restarting
Jan 09 20:53:31: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jan 09 20:53:31: Attempting to establish TCP connection with [AF_INET]196.15.23.68:443 [nonblock]
Jan 09 20:53:32: TCP connection established with [AF_INET]196.15.23.68:443
Jan 09 20:53:32: TCPv4_CLIENT link local: [undef]
Jan 09 20:53:32: TCPv4_CLIENT link remote: [AF_INET]196.15.23.68:443
Jan 09 20:53:32: Connection reset, restarting [-1]
Jan 09 20:53:32: SIGUSR1[soft,connection-reset] received, process restarting


Thanks and appreciate.
Hi nar3nd3r,

The OpenVPN server you are connecting to is terminating the connection attempt. More information as to why will be available in the OpenVPN log on the server.

Cheers,
James
Thanks James.

What about the

Jan 09 20:53:28: TCPv4_CLIENT link local: [undef]

Could it be a problem.
Hi nar3nd3r,

It is not a problem. It means that the client is using a dynamically assigned local port for the connection (which is what you want in almost all cases).

Cheers,
James
Cool. I will have to check with the IT dept, to see if there's problem.

By the way, I'm trying to use Cisco any connect as VPN, if you've any thoughts over it, which might be useful for my scenario.

I'm using below profile for connecting to

Code: Select all

client
dev tun1
remote XXXX.XXXXX.com
port 443
proto tcp
ca XXXX.pem
resolv-retry infinite
nobind
auth-user-pass
comp-lzo
verb 3
pull
route-delay 2
redirect-gateway
remote-cert-tls server


and I appreciate your help on this.

Thanks.
Hi nar3nd3r,

The config looks fairly standard from a client perspective. Using client-side certificates is typically recommended from a security perspective, but it isn't a requirement.

I'm unsure if you mean the sever is a Cisco AnyConnect server, but if so you'll be unable to connect to it using Viscosity. Viscosity supports the OpenVPN protocol. For more information please see:
http://www.sparklabs.com/viscosity/intr ... tisopenvpn

Cheers,
James
Hi James,

I just happen to use the openconnect to connect to my workplace VPN to mitigate the fact that firewall is blocking and resetting the connection.

And I could see the following, while it is connected. Just trying to understand, if there's any config or any setting I'm missing.

Can you provide some feedback.

Code: Select all

sudo openconnect XXX.XXX.com
POST https://XXX.XXX.com/
Connected to XXX.XXX.XXX.XXX:443
SSL negotiation with XXX.XXX.XXX
Connected to HTTPS on XXX.XXX.XXX
XML POST enabled
<LONG AUTHENTICATION MESSAGE>.
Username:XXXX
Password:XXX
POST https://XXX.XXX.XXX/
Got CONNECT response: HTTP/1.1 200 OK
CSTP connected. DPD 30, Keepalive 20
Connected as XXX.XXX.XXX.XXX + XXXX:XXXX:XXX:XX:XXXX::XXX/64, using SSL
Established DTLS connection (using GnuTLS). Ciphersuite (DTLS0.9)-(DHE-RSA-4294967237)-(AES-256-CBC)-(SHA1).
Failed to write to SSL socket: The transmitted packet is too large (EMSGSIZE).
Failed to send DPD request (1300 -5)
Failed to write to SSL socket: The transmitted packet is too large (EMSGSIZE).
Failed to send DPD request (1299 -5)
Failed to write to SSL socket: The transmitted packet is too large (EMSGSIZE).
Failed to send DPD request (1298 -5)
Failed to write to SSL socket: The transmitted packet is too large (EMSGSIZE).
Failed to send DPD request (1297 -5)
Failed to write to SSL socket: The transmitted packet is too large (EMSGSIZE).
Failed to send DPD request (1296 -5)
Failed to write to SSL socket: The transmitted packet is too large (EMSGSIZE).
Failed to send DPD request (1295 -5)
Failed to write to SSL socket: The transmitted packet is too large (EMSGSIZE).
Failed to send DPD request (1294 -5)
Failed to write to SSL socket: The transmitted packet is too large (EMSGSIZE).
Failed to send DPD request (1293 -5)
Failed to write to SSL socket: The transmitted packet is too large (EMSGSIZE).
Failed to send DPD request (1292 -5)
Failed to write to SSL socket: The transmitted packet is too large (EMSGSIZE).
Failed to send DPD request (1291 -5)
Detected MTU of 1290 bytes (was 1300)
add host XXX.XXX.XXX.XXX: gateway XXX.XXX.XXX.XXX
add net XXX.XXX.XXX.XXX: gateway XXX.XXX.XXX.XXX
delete net default: gateway XXX.XXX.XXX.XXX
add net default: gateway XXX.XXX.XXX.XXX
add net default: gateway XXXX:XXXX:XXX:XX:XXXX::XXX


I suspect the cipher could be an issue. Do you have any quick tip, I could really use here.

Thanks.
Hi nar3nd3r,

I'm afraid we have no experience with OpenConnect. I would recommend seeking support on OpenConnect's mailing list or IRC channel.

Cheers,
James
8 posts Page 1 of 1

Copyright © 2016 SparkLabs Pty Ltd. All Rights Reserved. Privacy Policy