Can't connect; logs don't show much

Got a problem with Viscosity or need help? Ask here!

umtsacraaysarnem

Posts: 2
Joined: Tue Nov 07, 2017 10:36 am

Post by umtsacraaysarnem » Tue Nov 07, 2017 10:50 am
Hi! I have one working connection with Viscosity, but I added another one a couple weeks ago, and I haven't been able to figure out how to get it to work. I tried using a different OpenVPN client and had the same problem. I set up the connection with an ovpn file.

When my coworkers set up the same connection on their machines, with the same ovpn file and with my login credentials, they could get in just fine. So, I've been resorting to using a second laptop for vpn access (which works!), but I'd really rather have access on my main machine.

Here's what happens on my machine:
1. I attempt to connect (with a connection that has never worked before). It requires a username and password (that requires Google Auth). I enter intentionally incorrect values.
a. This is all that shows up in the Connection Log:
Code: Select all
2017-11-06 15:42:44: Viscosity Mac 1.7.5 (1420)
2017-11-06 15:42:44: Viscosity OpenVPN Engine Started
2017-11-06 15:42:44: Running on macOS 10.12.6
2017-11-06 15:42:44: ---------
2017-11-06 15:42:44: State changed to Connecting
2017-11-06 15:42:44: Checking reachability status of connection...
2017-11-06 15:42:44: Connection is reachable. Starting connection attempt.
2017-11-06 15:42:44: OpenVPN 2.4.4 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Sep 27 2017
2017-11-06 15:42:44: library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.10
2017-11-06 15:42:48: TCP/UDP: Preserving recently used remote address: [AF_INET]54.67.53.236:1194
2017-11-06 15:42:48: Attempting to establish TCP connection with [AF_INET]54.67.53.236:1194 [nonblock]
2017-11-06 15:44:04: TCP: connect to [AF_INET]54.67.53.236:1194 failed: Operation timed out
2017-11-06 15:44:04: SIGUSR1[connection failed(soft),init_instance] received, process restarting
2017-11-06 15:44:04: TCP/UDP: Preserving recently used remote address: [AF_INET]54.67.53.236:1194
2017-11-06 15:44:04: Attempting to establish TCP connection with [AF_INET]54.67.53.236:1194 [nonblock]
b. This is all that shows up in Console, filtered for Viscosity:
Code: Select all
default	15:42:01.422566 -0800	Viscosity	discovered extensions
default	15:42:44.428908 -0800	Viscosity	UNIX error exception: 17
default	15:42:44.429039 -0800	Viscosity	0x60000046a600 opened /private/var/db/mds/system/mdsDirectory.db: 50744 bytes
default	15:42:44.429205 -0800	Viscosity	0x60000046af00 opened /Users/anne/Library/Keychains/login.keychain-db: 160004 bytes
default	15:42:44.433390 -0800	Viscosity	0x61000066d900 opened /Library/Keychains/System.keychain: 68404 bytes
2. I disconnect.
a. This is what shows up in the Connection Log:
Code: Select all
2017-11-06 15:45:55: State changed to Disconnecting
2017-11-06 15:45:55: SIGTERM[hard,init_instance] received, process exiting
2017-11-06 15:45:55: State changed to Disconnected
b. Console:
Code: Select all
default	15:45:55.076560 -0800	com.sparklabs.ViscosityHelper	Invalid command
Any suggestions for troubleshooting?

James

User avatar
Posts: 1861
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Tue Nov 07, 2017 2:42 pm
Hi umtsacraaysarnem,

The following lines in your log show that a connection isn't even able to be established with the VPN server, so it's not even able to get to the point where it starts to authenticate etc:
Code: Select all
2017-11-06 15:42:48: Attempting to establish TCP connection with [AF_INET]54.67.53.236:1194 [nonblock]
2017-11-06 15:44:04: TCP: connect to [AF_INET]54.67.53.236:1194 failed: Operation timed out
This is most likely caused by firewall rules on either the server or client computer blocking the connection attempt.

For more information please also refer to the suggestions in the following article:
https://www.sparklabs.com/support/kb/ar ... 0-seconds/

Cheers,
James
James Bekkema
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

umtsacraaysarnem

Posts: 2
Joined: Tue Nov 07, 2017 10:36 am

Post by umtsacraaysarnem » Wed Nov 08, 2017 3:42 am
Thanks for the info! Still confused about what my issue could be.

From the page you linked:
  • The remote VPN server is down or unavailable: this isn't the case, because I can access it from other computers.
  • You are being blocked from contacting the remote VPN server: if so, it would have to be my specific computer that's blocked, not my work network. (And this would have to be some sort of accident, if so?) I don't see anything on my computer that would indicate I'm blocking the connection myself.
  • Your connection's configuration details may be incorrect or out of date: I used the exact same setup on other computers and it worked, so this isn't the case.
Do you have any more suggestions?

James

User avatar
Posts: 1861
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Wed Nov 08, 2017 1:45 pm
Hi umtsacraaysarnem,

I'm afraid that covers everything. I'd recommend getting in touch with your VPN Administrator and/or IT Administrator to check the firewall and routing rules on your computer and the VPN server.

Cheers,
James
James Bekkema
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

danix

Posts: 2
Joined: Sat Mar 31, 2018 4:36 am

Post by danix » Sat Mar 31, 2018 4:40 am
Hi James. I'm the administrator, and we're still dealing with the same issue.
There's something specific to this user's laptop causing the problem and it's baffling me.
Server side, everything is fine, multiple users connect just fine from their devices.
This user (anne) can connect when I install viscosity and import the ovpn on any number of machines.
When I import the same config on her machine, it can't connect to this specific vpn connection.
It can connect to another similar vpn connection from that machine. If that were not the case, I'd suspect a corrupted or damaged viscosity install, library issues, etc.

Does viscosity have a debug mode?

danix

Posts: 2
Joined: Sat Mar 31, 2018 4:36 am

Post by danix » Sat Mar 31, 2018 4:49 am
And specifically, the point where it fails on the "bad" laptop is here:
2018-03-30 10:43:37: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2018-03-30 10:43:37: TLS Error: TLS handshake failed
2018-03-30 10:43:37: SIGUSR1[soft,tls-error] received, process restarting

The same key files are used on both systems. Same Viscosity version. Same updated OSX on both.

James

User avatar
Posts: 1861
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Thu Apr 05, 2018 1:34 am
Hi danix,

I'm afraid the "TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)" error is as low-level as it gets: it flat out means that OpenVPN is unable to even start establishing a connection to the remote server.

You can check the server-side log: if it immediately rejected the connection attempt there will be a TLS error listed (which typically means a problem with the certificate/key). If there is nothing in the server-side log for the connection attempt, that means the problem has nothing to do with the Viscosity/OpenVPN configuration and something is else is most likely blocking the connection attempt (such as hidden firewall software or a rule, a routing problem, etc.).

Cheers,
James
James Bekkema
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
7 posts Page 1 of 1