soft,connection-reset - process restarting Infinitely

Got a problem with Viscosity or need help? Ask here!

nar3nd3r

Posts: 4
Joined: Tue Jan 10, 2017 2:28 am

Post by nar3nd3r » Tue Jan 10, 2017 2:35 am
Hi Guys,

I'm actually very eager to give my 9$ (nice work with the viscosity by the way, I really like this one (y) ), however, I'm kind of stuck here.

Can you help me with this one.


Jan 09 20:53:14: Viscosity Mac 1.6.7 (1364)
Jan 09 20:53:14: Viscosity OpenVPN Engine Started
Jan 09 20:53:14: Running on Mac OS X 10.12.2
Jan 09 20:53:14: ---------
Jan 09 20:53:14: Checking reachability status of connection...
Jan 09 20:53:15: Connection is reachable. Starting connection attempt.
Jan 09 20:53:15: OpenVPN 2.3.13 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Nov 4 2016
Jan 09 20:53:15: library versions: OpenSSL 1.0.2j 26 Sep 2016, LZO 2.09
Jan 09 20:53:26: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jan 09 20:53:26: Attempting to establish TCP connection with [AF_INET]196.15.23.68:443 [nonblock]
Jan 09 20:53:27: TCP connection established with [AF_INET]196.15.23.68:443
Jan 09 20:53:27: TCPv4_CLIENT link local: [undef]
Jan 09 20:53:27: TCPv4_CLIENT link remote: [AF_INET]196.15.23.68:443
Jan 09 20:53:27: Connection reset, restarting [-1]
Jan 09 20:53:27: SIGUSR1[soft,connection-reset] received, process restarting

Jan 09 20:53:27: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jan 09 20:53:27: Attempting to establish TCP connection with [AF_INET]196.15.23.68:443 [nonblock]
Jan 09 20:53:28: TCP connection established with [AF_INET]196.15.23.68:443
Jan 09 20:53:28: TCPv4_CLIENT link local: [undef]
Jan 09 20:53:28: TCPv4_CLIENT link remote: [AF_INET]196.15.23.68:443
Jan 09 20:53:29: Connection reset, restarting [-1]
Jan 09 20:53:29: SIGUSR1[soft,connection-reset] received, process restarting
Jan 09 20:53:29: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jan 09 20:53:29: Attempting to establish TCP connection with [AF_INET]196.15.23.68:443 [nonblock]
Jan 09 20:53:30: TCP connection established with [AF_INET]196.15.23.68:443
Jan 09 20:53:30: TCPv4_CLIENT link local: [undef]
Jan 09 20:53:30: TCPv4_CLIENT link remote: [AF_INET]196.15.23.68:443
Jan 09 20:53:30: Connection reset, restarting [-1]
Jan 09 20:53:30: SIGUSR1[soft,connection-reset] received, process restarting
Jan 09 20:53:31: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jan 09 20:53:31: Attempting to establish TCP connection with [AF_INET]196.15.23.68:443 [nonblock]
Jan 09 20:53:32: TCP connection established with [AF_INET]196.15.23.68:443
Jan 09 20:53:32: TCPv4_CLIENT link local: [undef]
Jan 09 20:53:32: TCPv4_CLIENT link remote: [AF_INET]196.15.23.68:443
Jan 09 20:53:32: Connection reset, restarting [-1]
Jan 09 20:53:32: SIGUSR1[soft,connection-reset] received, process restarting


Thanks and appreciate.

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Tue Jan 10, 2017 4:44 am
Hi nar3nd3r,

The OpenVPN server you are connecting to is terminating the connection attempt. More information as to why will be available in the OpenVPN log on the server.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

nar3nd3r

Posts: 4
Joined: Tue Jan 10, 2017 2:28 am

Post by nar3nd3r » Tue Jan 10, 2017 5:26 am
Thanks James.

What about the

Jan 09 20:53:28: TCPv4_CLIENT link local: [undef]

Could it be a problem.

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Tue Jan 10, 2017 5:27 am
Hi nar3nd3r,

It is not a problem. It means that the client is using a dynamically assigned local port for the connection (which is what you want in almost all cases).

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

nar3nd3r

Posts: 4
Joined: Tue Jan 10, 2017 2:28 am

Post by nar3nd3r » Tue Jan 10, 2017 5:33 am
Cool. I will have to check with the IT dept, to see if there's problem.

By the way, I'm trying to use Cisco any connect as VPN, if you've any thoughts over it, which might be useful for my scenario.

I'm using below profile for connecting to
Code: Select all
client
dev tun1
remote XXXX.XXXXX.com
port 443
proto tcp
ca XXXX.pem
resolv-retry infinite
nobind
auth-user-pass
comp-lzo
verb 3
pull
route-delay 2
redirect-gateway
remote-cert-tls server
and I appreciate your help on this.

Thanks.

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Wed Jan 11, 2017 4:49 am
Hi nar3nd3r,

The config looks fairly standard from a client perspective. Using client-side certificates is typically recommended from a security perspective, but it isn't a requirement.

I'm unsure if you mean the sever is a Cisco AnyConnect server, but if so you'll be unable to connect to it using Viscosity. Viscosity supports the OpenVPN protocol. For more information please see:
http://www.sparklabs.com/viscosity/intr ... tisopenvpn

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

nar3nd3r

Posts: 4
Joined: Tue Jan 10, 2017 2:28 am

Post by nar3nd3r » Sun Jan 15, 2017 6:39 pm
Hi James,

I just happen to use the openconnect to connect to my workplace VPN to mitigate the fact that firewall is blocking and resetting the connection.

And I could see the following, while it is connected. Just trying to understand, if there's any config or any setting I'm missing.

Can you provide some feedback.
Code: Select all
sudo openconnect XXX.XXX.com
POST https://XXX.XXX.com/
Connected to XXX.XXX.XXX.XXX:443
SSL negotiation with XXX.XXX.XXX
Connected to HTTPS on XXX.XXX.XXX
XML POST enabled
<LONG AUTHENTICATION MESSAGE>.
Username:XXXX
Password:XXX
POST https://XXX.XXX.XXX/
Got CONNECT response: HTTP/1.1 200 OK
CSTP connected. DPD 30, Keepalive 20
Connected as XXX.XXX.XXX.XXX + XXXX:XXXX:XXX:XX:XXXX::XXX/64, using SSL
Established DTLS connection (using GnuTLS). Ciphersuite (DTLS0.9)-(DHE-RSA-4294967237)-(AES-256-CBC)-(SHA1).
Failed to write to SSL socket: The transmitted packet is too large (EMSGSIZE).
Failed to send DPD request (1300 -5)
Failed to write to SSL socket: The transmitted packet is too large (EMSGSIZE).
Failed to send DPD request (1299 -5)
Failed to write to SSL socket: The transmitted packet is too large (EMSGSIZE).
Failed to send DPD request (1298 -5)
Failed to write to SSL socket: The transmitted packet is too large (EMSGSIZE).
Failed to send DPD request (1297 -5)
Failed to write to SSL socket: The transmitted packet is too large (EMSGSIZE).
Failed to send DPD request (1296 -5)
Failed to write to SSL socket: The transmitted packet is too large (EMSGSIZE).
Failed to send DPD request (1295 -5)
Failed to write to SSL socket: The transmitted packet is too large (EMSGSIZE).
Failed to send DPD request (1294 -5)
Failed to write to SSL socket: The transmitted packet is too large (EMSGSIZE).
Failed to send DPD request (1293 -5)
Failed to write to SSL socket: The transmitted packet is too large (EMSGSIZE).
Failed to send DPD request (1292 -5)
Failed to write to SSL socket: The transmitted packet is too large (EMSGSIZE).
Failed to send DPD request (1291 -5)
Detected MTU of 1290 bytes (was 1300)
add host XXX.XXX.XXX.XXX: gateway XXX.XXX.XXX.XXX
add net XXX.XXX.XXX.XXX: gateway XXX.XXX.XXX.XXX
delete net default: gateway XXX.XXX.XXX.XXX
add net default: gateway XXX.XXX.XXX.XXX
add net default: gateway XXXX:XXXX:XXX:XX:XXXX::XXX
I suspect the cipher could be an issue. Do you have any quick tip, I could really use here.

Thanks.

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Mon Jan 16, 2017 10:34 am
Hi nar3nd3r,

I'm afraid we have no experience with OpenConnect. I would recommend seeking support on OpenConnect's mailing list or IRC channel.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
8 posts Page 1 of 1