Skip to content
Kill switch script requires elevation
Got a problem with Viscosity or need help? Ask here!
Hello,
I am trying to use kill switch script as described in knowledge base. This is how my bat file looks like.
I am trying to use kill switch script as described in knowledge base. This is how my bat file looks like.
Code: Select all
The problem is that it does not work unless it is used with right click and run as administrator. I followed guide through. This is what my configuration file in Viscosity included in:netsh interface set interface "Ethernet" admin=DISABLED
Code: Select all
I tried to run the script itself; it works with administrator rights. However, nothing happens when I run it via Viscosity. Do I miss any step here?route-pre-down "C:\\Program Files\\Common Files\\Viscosity\\Scripts\\disable-network.bat"
Hi ivy,
Please ensure you have followed all the steps here or the route-pre-down script will not run - https://sparklabs.com/support/kb/articl ... ect-occurs
The log may also have information on why the script is not run - https://sparklabs.com/support/kb/articl ... envpn-log/
Regards,
Eric
Please ensure you have followed all the steps here or the route-pre-down script will not run - https://sparklabs.com/support/kb/articl ... ect-occurs
The log may also have information on why the script is not run - https://sparklabs.com/support/kb/articl ... envpn-log/
Regards,
Eric
Eric Thorpe
Viscosity Developer
Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
Viscosity Developer
Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
- Posts: 7
- Joined: Mon Jan 04, 2021 7:50 am
I'm also having problems with this. I'm using Viscosity 1.9 (1695) on two different computers - Windows 10 x86 64 bit and Windows 10 ARM 64.
On the x86 system, the spark lab instructions work fine, but on the ARM 64 system, the command fails with an error:
WARNING: Failed running command (--up/--down): returned error code 1
I'm pretty sure I'm following all of the posted instructions. The script works when called directly from an elevated command prompt.
Has anyone else gotten this to work in windows 10 ARM? Any chance this is a bug in the ARM version?
On the x86 system, the spark lab instructions work fine, but on the ARM 64 system, the command fails with an error:
WARNING: Failed running command (--up/--down): returned error code 1
I'm pretty sure I'm following all of the posted instructions. The script works when called directly from an elevated command prompt.
Has anyone else gotten this to work in windows 10 ARM? Any chance this is a bug in the ARM version?
Hi HelplessRube,
As a test to ensure you have configured everything correctly, please go to Preferences -> Advanced and enable "Allow unsafe OpenVPN commands to be used".
There is no reason why this shouldn't be working on ARM64 specifically however we will investigate when we can to make sure.
Regards,
Eric
As a test to ensure you have configured everything correctly, please go to Preferences -> Advanced and enable "Allow unsafe OpenVPN commands to be used".
There is no reason why this shouldn't be working on ARM64 specifically however we will investigate when we can to make sure.
Regards,
Eric
Eric Thorpe
Viscosity Developer
Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
Viscosity Developer
Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
- Posts: 7
- Joined: Mon Jan 04, 2021 7:50 am
I have tried either way - same error code.
BTW - it wasn't clear to me whether this setting was necessary. The instructions don't refer to enabling this setting, and the x86 version worked fine without enabling it.
BTW - it wasn't clear to me whether this setting was necessary. The instructions don't refer to enabling this setting, and the x86 version worked fine without enabling it.
Hi HelplessRube,
All that should be required is the AllowOpenVPNScripts setting to be set.
We've just run through a test on ARM64. The only change that was nessecary, which we will update the documentation and Viscosity in the next beta to reflect in messages, is using "Program Files (x86)" instead of "Program Files" for the script path, as the Service still runs somewhat in x86 mode. Please try changing your script location and path in the configuration to "C:\Program Files (x86)\Common Files\Viscosity\Scripts". Please ensure you are copying files around, not moving them, otherwise they will retain their user permissions and the service will not deem them secure to run, even with Allow Unsafe Commands checked.
If you're still having issues, could you please post a complete copy of your log as well as your configuration (Shift+Right click the connection and select View Configuration Data), you're welcome to sensor anything private.
https://sparklabs.com/support/kb/articl ... ect-occurs
Regards,
Eric
All that should be required is the AllowOpenVPNScripts setting to be set.
We've just run through a test on ARM64. The only change that was nessecary, which we will update the documentation and Viscosity in the next beta to reflect in messages, is using "Program Files (x86)" instead of "Program Files" for the script path, as the Service still runs somewhat in x86 mode. Please try changing your script location and path in the configuration to "C:\Program Files (x86)\Common Files\Viscosity\Scripts". Please ensure you are copying files around, not moving them, otherwise they will retain their user permissions and the service will not deem them secure to run, even with Allow Unsafe Commands checked.
If you're still having issues, could you please post a complete copy of your log as well as your configuration (Shift+Right click the connection and select View Configuration Data), you're welcome to sensor anything private.
https://sparklabs.com/support/kb/articl ... ect-occurs
Regards,
Eric
Eric Thorpe
Viscosity Developer
Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
Viscosity Developer
Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
- Posts: 7
- Joined: Mon Jan 04, 2021 7:50 am
Thanks for the support. I'm still having a couple of issues.
First, looks like I do have to turn on the "Allow unsafe OpenVPN commands to be used" setting. If I don't, the connections refuse to start and give the error:
Second, it is still not working for me with the new path. I still get the same error as before when calling the script with the new path, once "unsafe scripts" is enabled.
I'm running the 21277 prerelease build with 64 bit emulation, so not sure if that would throw a further wrench into the works here as to path being referenced.
Here is the disconnect log:
First, looks like I do have to turn on the "Allow unsafe OpenVPN commands to be used" setting. If I don't, the connections refuse to start and give the error:
Error: The OpenVPN script is not located in the required directory (C:\Program Files\Common Files\Viscosity\Scripts). Only scripts installed in this directory (or sub-directory) can be used. Please move the script, or enable the "Allow unsafe OpenVPN commands to be used" option.So, I'm guessing additional file paths may need to be white-listed to support this situation for ARM64.
Second, it is still not working for me with the new path. I still get the same error as before when calling the script with the new path, once "unsafe scripts" is enabled.
I'm running the 21277 prerelease build with 64 bit emulation, so not sure if that would throw a further wrench into the works here as to path being referenced.
Here is the disconnect log:
Code: Select all
Here is config data:Jan 03 9:52:56 PM: State changed to Disconnecting
Jan 03 9:52:56 PM: SIGTERM received, sending exit notification to peer
Jan 03 9:52:57 PM: C:\Program Files (x86)\Common Files\Viscosity\Scripts\disable-network.bat [address] [#] [#] [ip] 255.255.255.0 init
Jan 03 9:52:57 PM: WARNING: Failed running command (--up/--down): returned error code 1
Jan 03 9:52:57 PM: State changed to Disconnected
Jan 03 9:52:57 PM: State changed to Disconnected
Code: Select all
#-- Config Auto Generated By Viscosity --#
#viscosity protocol openvpn
#viscosity name [name]
#viscosity autoreconnect false
#viscosity dns automatic
#viscosity usepeerdns true
#viscosity manageadapter true
#viscosity startonopen false
remote [ip] 1194 udp
nobind
dev tun
tun-mtu 1500
ping 15
ping-restart 0
persist-tun
persist-key
pull
auth-user-pass
tls-client
ca ca.crt
remote-cert-tls server
tls-auth ta.key 1
proto udp
route-pre-down "C:\\Program Files (x86)\\Common Files\\Viscosity\\Scripts\\disable-network.bat"
dev-node [node]
auth SHA512
cipher AES-256-CBC
fast-io
verb 3
comp-lzo no
reneg-sec 0
ping-timer-rem
mssfix 1450
tun-mtu-extra 32
remote-random
resolv-retry infinite
Hi HelplessRube,
Until these features make their way into pre-release builds, we can't commit development time to them as they are subject to change, usually in huge ways. If you can force ViscosityService and Viscosity to run 32-bit, this may resolve this specific issue.
Getting rid of the last snippets of non-ARM64-native code in Viscosity is on our agenda for a future release.
Regards,
Eric
Mon Jan 04, 2021 2:19 pmHelplessRube wrote: I'm running the 21277 prerelease build with 64 bit emulation, so not sure if that would throw a further wrench into the works here as to path being referenced.I'm afraid it does. In this case, it should be looking in C:\Program Files\Common Files, rather than x86 on the current release versions of Windows. More importantly, there are bugs in the emulator at the moment that can cause issues, for example in this case batch is probably trying to run ARM64 netsh from an x64 shell which may be why it's failing outright if that functionality hasn't been added to the emulator yet. We'd be interested to know if a more simple script, for example "echo test > C:\test.txt" would work.
Until these features make their way into pre-release builds, we can't commit development time to them as they are subject to change, usually in huge ways. If you can force ViscosityService and Viscosity to run 32-bit, this may resolve this specific issue.
Getting rid of the last snippets of non-ARM64-native code in Viscosity is on our agenda for a future release.
Regards,
Eric
Eric Thorpe
Viscosity Developer
Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
Viscosity Developer
Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
- Posts: 7
- Joined: Mon Jan 04, 2021 7:50 am
Thanks for the information. The simple "test" script does work.
- Posts: 7
- Joined: Mon Jan 04, 2021 7:50 am
Here is a script that ended up working for me:
Code: Select all
The call to this specific netsh executable succeeds, while a call to "C:\Windows\System32\netsh.exe" fails."C:\Windows\SysWOW64\netsh.exe" interface set interface "Wi-Fi" admin=DISABLED
10 posts
Page 1 of 1