Split VPN not working after upgrading Viscosity 1.7.8

Got a problem with Viscosity or need help? Ask here!

Netvelop

Posts: 3
Joined: Sun Apr 08, 2018 6:45 am

Post by Netvelop » Sun Apr 08, 2018 7:03 am
Hi,
My Split VPN config was running smoothly on Viscosity 1.7.7 (on Win 8.1) until yesterday. I upgraded to 1.7.8 and getting following messages and can not access anywhere thru Split VPN.


My settings from "Edit Connection" are :
All Traffic: Automatic (Set by Server)
DNS Mode: Automatic (Default)
Servers : 8.8.8.8
Domains:

Edit Connection (Advanced):
comp-lzo adaptive
resolv-retry infinite
reneg-sec 0
route-delay 5
dev-node {79BDC69F-D82A-4C5E-AD53-3B6BE091C01D}
auth-nocache
route-nopull


Nis 07 23:49:20: Connection will be reconnected when reachable.
Nis 07 23:49:21: Reconnecting connection as it is now reachable
Nis 07 23:49:21: State changed to Connecting
Nis 07 23:49:21: Viscosity Windows 1.7.8 (1560)
Nis 07 23:49:21: Running on Microsoft Windows 8.1 Enterprise
Nis 07 23:49:21: Running on .NET Framework Version 4.7.02558.461310
Nis 07 23:49:21: Bringing up interface...
Nis 07 23:49:22: OpenVPN 2.4.5 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Mar 28 2018
Nis 07 23:49:22: library versions: OpenSSL 1.0.2o 27 Mar 2018, LZO 2.09
Nis 07 23:49:22: Checking remote host "us-la1.serverlocation.co" is reachable...
Nis 07 23:49:23: Server reachable. Connecting to 199.241.146.244.
Nis 07 23:49:23: WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Nis 07 23:49:23: TCP/UDP: Preserving recently used remote address: [AF_INET]199.241.146.244:443
Nis 07 23:49:23: Attempting to establish TCP connection with [AF_INET]199.241.146.244:443 [nonblock]
Nis 07 23:49:24: TCP connection established with [AF_INET]199.241.146.244:443
Nis 07 23:49:24: TCP_CLIENT link local: (not bound)
Nis 07 23:49:24: TCP_CLIENT link remote: [AF_INET]199.241.146.244:443
Nis 07 23:49:24: State changed to Authenticating
Nis 07 23:49:31: [*.serverlocation.co] Peer Connection Initiated with [AF_INET]199.241.146.244:443
Nis 07 23:49:32: State changed to Connecting
Nis 07 23:49:33: Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
Nis 07 23:49:33: Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
Nis 07 23:49:33: Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
Nis 07 23:49:33: WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Nis 07 23:49:33: WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Nis 07 23:49:33: WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks.
Nis 07 23:49:33: open_tun
Nis 07 23:49:33: TAP-WIN32 device [OPENVPN-Los_Angeles_1_SplitVPN] opened: \\.\Global\{79BDC69F-D82A-4C5E-AD53-3B6BE091C01D}.tap
Nis 07 23:49:33: Set TAP-Windows TUN subnet mode network/local/netmask = 10.3.0.0/10.3.0.26/255.255.255.0 [SUCCEEDED]
Nis 07 23:49:33: Notified TAP-Windows driver to set a DHCP IP/netmask of 10.3.0.26/255.255.255.0 on interface {79BDC69F-D82A-4C5E-AD53-3B6BE091C01D} [DHCP-serv: 10.3.0.254, lease-time: 31536000]
Nis 07 23:49:33: Successful ARP Flush on interface [44] {79BDC69F-D82A-4C5E-AD53-3B6BE091C01D}
Nis 07 23:49:33: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Nis 07 23:49:38: ROUTE: route addition failed using CreateIpForwardEntry: The object already exists. [status=5010 if_index=44]
Nis 07 23:49:38: env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Nis 07 23:49:38: ROUTE: route addition failed using CreateIpForwardEntry: The object already exists. [status=5010 if_index=44]
Nis 07 23:49:38: env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Nis 07 23:49:38: Initialization Sequence Completed
Nis 07 23:49:38: WARNING: Split DNS is being used however no DNS domains are present. The DNS server/s for this connection may not be used. For more information please see: https://www.sparklabs.com/support/kb/ar ... e-present/
Server - 8.8.8.8:53; Lookup Type - Split; Domains - None; Server is not reachable and will not be used.
Server - 64.6.64.6:53; Lookup Type - Any; Domains - None
Server - 64.6.65.6:53; Lookup Type - Any; Domains - None

I tried to downgrade to Version 1.7.7 but can not find a link to it.

Thank you very much for your help.

Eric

User avatar
Posts: 1146
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Mon Apr 09, 2018 11:49 am
Hi Netvelop,

Please note the following:

Server - 8.8.8.8:53; Lookup Type - Split; Domains - None; Server is not reachable and will not be used.
https://www.sparklabs.com/support/kb/ar ... e-present/

Are lookups from your others servers working via command line? For example:

nslookup www.sparklabs.com 64.6.64.6

Regards,
Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

Netvelop

Posts: 3
Joined: Sun Apr 08, 2018 6:45 am

Post by Netvelop » Tue Apr 10, 2018 3:42 am
Eric wrote:
Hi Netvelop,

Please note the following:

Server - 8.8.8.8:53; Lookup Type - Split; Domains - None; Server is not reachable and will not be used.
https://www.sparklabs.com/support/kb/ar ... e-present/

Are lookups from your others servers working via command line? For example:

nslookup http://www.sparklabs.com 64.6.64.6

Regards,
Eric
Hi,
Here is the result of nslookup you requested.

C:\...>nslookup www.sparklabs.com 64.6.64.6
Server: recpubns1.nstld.net
Address: 64.6.64.6

Non-authoritative answer:
Name: www.sparklabs.com
Addresses: 2400:cb00:2048:1::6818:1d32
2400:cb00:2048:1::6818:1c32
104.24.28.50
104.24.29.50


Eric, how can I downgrade to Version 1.7.7 because everything was working fine in that version. Can you supply me a link to donload V1.7.7 ?

Eric

User avatar
Posts: 1146
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Tue Apr 10, 2018 10:11 am
Hi Netvelop,

We don't make old updates available as each update generally contains security fixes. We need to figure out if this is a bug in Viscosity or you will never be able to update again anyway, I'm afraid there haven't been any other reports of a problem with Split DNS with this release.

Once connected, could you please run the following from command line:
Code: Select all
nslookup www.sparklabs.com ::1
Code: Select all
nslookup www.sparklabs.com 127.0.0.1
As well as posting the output from
Code: Select all
ipconfig -all
and
Code: Select all
route print
Regards,
Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

Netvelop

Posts: 3
Joined: Sun Apr 08, 2018 6:45 am

Post by Netvelop » Wed Apr 11, 2018 3:05 am
Thanks for your help Eric. I think I pinpointed the problem. The ip addresses that I directed to split vpn has changed somehow. I re-entered the ip addresses and it is directed to split vpn.
Thanks again
5 posts Page 1 of 1