dropped connections after about 19s

Got a problem with Viscosity or need help? Ask here!

slaberer

Posts: 1
Joined: Fri Jan 01, 2021 11:34 pm

Post by slaberer » Fri Jan 01, 2021 11:40 pm
I have a problem with connecting to our company VPN. All of my colleagues can connect just fine (both windows and mac). I tried it several times googling but everything failed. it connects fine but then hangs up after about 19 seconds consistently. We have another VPN server and I observe the same thing.
I also notice that while it's connected the dns server doesn't respond when trying to resolve an internal address using nslookup. Here is the client log and I attached the server log. Any help is most appreciated as I have no idea where to go looking anymore.

Jan 01 1:24:10 PM: State changed to Connecting
Jan 01 1:24:10 PM: Viscosity Windows 1.9 (1695)
Jan 01 1:24:10 PM: Running on Windows 10 2009 (19042) 64 bit
Jan 01 1:24:10 PM: Running on .NET Framework Version 4.8.04084.528372
Jan 01 1:24:10 PM: Checking reachability status of connection...
Jan 01 1:24:11 PM: Connection is reachable. Starting connection attempt.
Jan 01 1:24:11 PM: Bringing up interface...
Jan 01 1:24:11 PM: OpenVPN 2.4.9 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [AEAD] built on Oct 6 2020
Jan 01 1:24:11 PM: library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10
Jan 01 1:24:11 PM: Resolving address: "vpnks.zen-innovations.com"
Jan 01 1:24:12 PM: Valid endpoint found: vpnks.zen-innovations.com:443:tcp-client
Jan 01 1:24:12 PM: TCP/UDP: Preserving recently used remote address: [AF_INET]213.221.200.82:443
Jan 01 1:24:12 PM: Socket Buffers: R=[65536->65536] S=[65536->65536]
Jan 01 1:24:12 PM: Attempting to establish TCP connection with [AF_INET]213.221.200.82:443 [nonblock]
Jan 01 1:24:13 PM: TCP connection established with [AF_INET]213.221.200.82:443
Jan 01 1:24:13 PM: TCP_CLIENT link local: (not bound)
Jan 01 1:24:13 PM: TCP_CLIENT link remote: [AF_INET]213.221.200.82:443
Jan 01 1:24:13 PM: State changed to Authenticating
Jan 01 1:24:13 PM: TLS: Initial packet from [AF_INET]213.221.200.82:443, sid=6ce679c5 b1d2eab5
Jan 01 1:24:13 PM: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Jan 01 1:24:13 PM: VERIFY X509NAME OK: C=ch, L=Kehrsatz, O=Zen Innovations AG, CN=fwks01, emailAddress=[email protected]
Jan 01 1:24:13 PM: VERIFY OK: depth=0, C=ch, L=Kehrsatz, O=Zen Innovations AG, CN=fwks01, emailAddress=[email protected]
Jan 01 1:24:13 PM: Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Jan 01 1:24:13 PM: [fwks01] Peer Connection Initiated with [AF_INET]213.221.200.82:443
Jan 01 1:24:13 PM: State changed to Connecting
Jan 01 1:24:13 PM: SENT CONTROL [fwks01]: 'PUSH_REQUEST' (status=1)
Jan 01 1:24:14 PM: PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.243.2.1,route-gateway 10.243.2.1,topology subnet,ping 10,ping-restart 120,route 192.168.2.0 255.255.255.0,route 192.168.10.0 255.255.255.0,route 192.168.1.0 255.255.255.0,route 192.168.11.0 255.255.255.0,route 192.168.12.0 255.255.255.0,route 213.221.200.82 255.255.255.255,dhcp-option DNS 192.168.1.43,dhcp-option DNS 192.168.11.13,dhcp-option DOMAIN zen-innovations.ch,ifconfig 10.243.2.3 255.255.255.0'
Jan 01 1:24:14 PM: OPTIONS IMPORT: timers and/or timeouts modified
Jan 01 1:24:14 PM: OPTIONS IMPORT: --ifconfig/up options modified
Jan 01 1:24:14 PM: OPTIONS IMPORT: route options modified
Jan 01 1:24:14 PM: OPTIONS IMPORT: route-related options modified
Jan 01 1:24:14 PM: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Jan 01 1:24:14 PM: Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Jan 01 1:24:14 PM: Outgoing Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
Jan 01 1:24:14 PM: Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Jan 01 1:24:14 PM: Incoming Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
Jan 01 1:24:14 PM: interactive service msg_channel=0
Jan 01 1:24:14 PM: ROUTE_GATEWAY 192.168.0.1/255.255.255.0 I=10 HWADDR=5c:80:b6:5b:36:50
Jan 01 1:24:14 PM: Awaiting adapter to come up...
Jan 01 1:24:14 PM: TAP-WIN32 device [[email protected] (1)] opened: \\?\root#net#0001#{adda4c48-c32e-4ef6-9602-b3252f082583}, index: 2
Jan 01 1:24:14 PM: Waiting for DNS Setup to complete...
Jan 01 1:24:15 PM: Successful ARP Flush on interface [2] {B488F054-7290-4B3D-8D47-567A4C607257}
Jan 01 1:24:19 PM: TEST ROUTES: 7/7 succeeded len=7 ret=1 a=0 u/d=up
Jan 01 1:24:19 PM: C:\WINDOWS\system32\route.exe ADD 213.221.200.82 MASK 255.255.255.255 192.168.0.1
Jan 01 1:24:19 PM: IPv4 Route addition via management succeeded
Jan 01 1:24:19 PM: C:\WINDOWS\system32\route.exe ADD 192.168.2.0 MASK 255.255.255.0 10.243.2.1
Jan 01 1:24:19 PM: IPv4 Route addition via management succeeded
Jan 01 1:24:19 PM: C:\WINDOWS\system32\route.exe ADD 192.168.10.0 MASK 255.255.255.0 10.243.2.1
Jan 01 1:24:19 PM: IPv4 Route addition via management succeeded
Jan 01 1:24:19 PM: C:\WINDOWS\system32\route.exe ADD 192.168.1.0 MASK 255.255.255.0 10.243.2.1
Jan 01 1:24:19 PM: IPv4 Route addition via management succeeded
Jan 01 1:24:19 PM: C:\WINDOWS\system32\route.exe ADD 192.168.11.0 MASK 255.255.255.0 10.243.2.1
Jan 01 1:24:19 PM: IPv4 Route addition via management succeeded
Jan 01 1:24:19 PM: C:\WINDOWS\system32\route.exe ADD 192.168.12.0 MASK 255.255.255.0 10.243.2.1
Jan 01 1:24:19 PM: IPv4 Route addition via management succeeded
Jan 01 1:24:19 PM: C:\WINDOWS\system32\route.exe ADD 213.221.200.82 MASK 255.255.255.255 10.243.2.1
Jan 01 1:24:19 PM: IPv4 Route addition via management succeeded
Jan 01 1:24:19 PM: Initialization Sequence Completed
Jan 01 1:24:19 PM: DNS set to Split, report follows:
Server - 192.168.1.43:53; Lookup Type - Split; Domains - zen-innovations.ch.
Server - 192.168.11.13:53; Lookup Type - Split; Domains - zen-innovations.ch.
Server - 62.2.24.162:53; Lookup Type - Any; Domains - home.
Server - 62.2.17.61:53; Lookup Type - Any; Domains - home.
Server - 62.2.24.158:53; Lookup Type - Any; Domains - home.
Server - 62.2.17.60:53; Lookup Type - Any; Domains - home.

Jan 01 1:24:19 PM: State changed to Connected
Jan 01 1:24:38 PM: write TCP_CLIENT: Unknown error (code=10054)
Jan 01 1:24:38 PM: write TCP_CLIENT: Unknown error (code=10054)
Jan 01 1:24:38 PM: write TCP_CLIENT: Unknown error (code=10054)
Jan 01 1:24:38 PM: write TCP_CLIENT: Unknown error (code=10054)
Jan 01 1:24:38 PM: write TCP_CLIENT: Unknown error (code=10054)
Jan 01 1:24:38 PM: write TCP_CLIENT: Unknown error (code=10054)
Jan 01 1:24:38 PM: write TCP_CLIENT: Unknown error (code=10054)
Jan 01 1:24:38 PM: write TCP_CLIENT: Unknown error (code=10054)
Jan 01 1:24:38 PM: write TCP_CLIENT: Unknown error (code=10054)
Jan 01 1:24:38 PM: write TCP_CLIENT: Unknown error (code=10054)
Jan 01 1:24:38 PM: read TCP_CLIENT: Unknown error (code=10060)
Jan 01 1:24:38 PM: Connection reset, restarting [-1]
Jan 01 1:24:38 PM: SIGUSR1[soft,connection-reset] received, process restarting
Jan 01 1:24:38 PM: State changed to Connecting
Jan 01 1:24:38 PM: Valid existing endpoint found... 213.221.200.82:443:tcp-client
Jan 01 1:24:38 PM: TCP/UDP: Preserving recently used remote address: [AF_INET]213.221.200.82:443
Jan 01 1:24:38 PM: Socket Buffers: R=[65536->65536] S=[65536->65536]
Jan 01 1:24:38 PM: Attempting to establish TCP connection with [AF_INET]213.221.200.82:443 [nonblock]
Jan 01 1:26:39 PM: TCP: connect to [AF_INET]213.221.200.82:443 failed: Unknown error
Jan 01 1:26:39 PM: SIGUSR1[connection failed(soft),init_instance] received, process restarting
Jan 01 1:26:39 PM: State changed to Connecting
Jan 01 1:26:39 PM: Valid existing endpoint found... 213.221.200.82:443:tcp-client
Jan 01 1:26:39 PM: TCP/UDP: Preserving recently used remote address: [AF_INET]213.221.200.82:443
Jan 01 1:26:39 PM: Socket Buffers: R=[65536->65536] S=[65536->65536]
Jan 01 1:26:39 PM: Attempting to establish TCP connection with [AF_INET]213.221.200.82:443 [nonblock]
Jan 01 1:28:39 PM: TCP: connect to [AF_INET]213.221.200.82:443 failed: Unknown error
Jan 01 1:28:39 PM: SIGUSR1[connection failed(soft),init_instance] received, process restarting
Jan 01 1:28:39 PM: State changed to Connecting
Jan 01 1:28:39 PM: Valid existing endpoint found... 213.221.200.82:443:tcp-client
Jan 01 1:28:39 PM: TCP/UDP: Preserving recently used remote address: [AF_INET]213.221.200.82:443
Jan 01 1:28:39 PM: Socket Buffers: R=[65536->65536] S=[65536->65536]
Jan 01 1:28:39 PM: Attempting to establish TCP connection with [AF_INET]213.221.200.82:443 [nonblock]
Jan 01 1:30:40 PM: TCP: connect to [AF_INET]213.221.200.82:443 failed: Unknown error
Jan 01 1:30:40 PM: SIGUSR1[connection failed(soft),init_instance] received, process restarting
Jan 01 1:30:40 PM: State changed to Connecting
Jan 01 1:30:40 PM: Valid existing endpoint found... 213.221.200.82:443:tcp-client
Jan 01 1:30:40 PM: TCP/UDP: Preserving recently used remote address: [AF_INET]213.221.200.82:443
Jan 01 1:30:40 PM: Socket Buffers: R=[65536->65536] S=[65536->65536]
Jan 01 1:30:40 PM: Attempting to establish TCP connection with [AF_INET]213.221.200.82:443 [nonblock]
Jan 01 1:32:41 PM: TCP: connect to [AF_INET]213.221.200.82:443 failed: Unknown error
Jan 01 1:32:41 PM: SIGUSR1[connection failed(soft),init_instance] received, process restarting
Jan 01 1:32:41 PM: State changed to Connecting
Jan 01 1:32:41 PM: Valid existing endpoint found... 213.221.200.82:443:tcp-client
Jan 01 1:32:41 PM: TCP/UDP: Preserving recently used remote address: [AF_INET]213.221.200.82:443
Jan 01 1:32:41 PM: Socket Buffers: R=[65536->65536] S=[65536->65536]
Jan 01 1:32:41 PM: Attempting to establish TCP connection with [AF_INET]213.221.200.82:443 [nonblock]
Jan 01 1:34:42 PM: TCP: connect to [AF_INET]213.221.200.82:443 failed: Unknown error
Jan 01 1:34:42 PM: SIGUSR1[connection failed(soft),init_instance] received, process restarting
Jan 01 1:34:42 PM: State changed to Connecting
Jan 01 1:34:42 PM: Valid existing endpoint found... 213.221.200.82:443:tcp-client
Jan 01 1:34:42 PM: TCP/UDP: Preserving recently used remote address: [AF_INET]213.221.200.82:443
Jan 01 1:34:42 PM: Socket Buffers: R=[65536->65536] S=[65536->65536]
Jan 01 1:34:42 PM: Attempting to establish TCP connection with [AF_INET]213.221.200.82:443 [nonblock]
Attachments
openvpn.log
(46.01 KiB) Downloaded 423 times

Eric

User avatar
Posts: 1146
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Mon Jan 04, 2021 9:32 am
Hi saberer,

What is happening is after a small amount of time, OpenVPN is failing to send anything to the server. As to why this is happening, there are a lot of potential reasons. Please ensure you don't have any firewall or AV software that could be interfering as a first easy check.

As a guess though looking at your pushed routes, it looks like you have might an IP clash between your local network and the remote network you are connecting to which is most likely causing OpenVPN packets to try and route through itself instead of via your local network. We have some troubleshooting information to confirm this here, however you will need to contact your company IT for assistance with this for a work around - https://sparklabs.com/support/kb/articl ... ng-problem

Regards,
Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
2 posts Page 1 of 1