TLS Errors and AEAD Decrypt errors

Got a problem with Viscosity or need help? Ask here!

miknyb

Posts: 11
Joined: Fri Dec 18, 2020 10:55 pm

Post by miknyb » Tue Jan 12, 2021 6:47 pm
I have disabled all other devices and removed the nPcap totally
I have attached new logs showing what is going on.
Attachments
000int-miknyb (Cray-4) Log.txt
(37.82 KiB) Downloaded 459 times

ipconfig.txt
(2.49 KiB) Downloaded 458 times

routes.txt
(3.3 KiB) Downloaded 441 times

Eric

User avatar
Posts: 1146
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Wed Jan 13, 2021 11:09 am
Hi miknyb,

I've just noticed that your original reply configurations includes the following cipher:

cipher AES-256-CBC

However the connection is using:

jan 07 9:41:40 : Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
jan 07 9:41:40 : Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

Please ensure that your ciphers match on both the client and server. You may wish to try using ncp-disable to ensure each end can't change ciphers - https://sparklabs.com/support/kb/articl ... cp-disable

Regards,
Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

miknyb

Posts: 11
Joined: Fri Dec 18, 2020 10:55 pm

Post by miknyb » Wed Jan 13, 2021 8:52 pm
I have forced the cipher now and this is my client vpn.config:

ncp-disable
dev-node {D1E8E255-E03F-43ED-925E-AB635242BD82}
verb 5
resolv-retry infinite
auth SHA256
cipher AES-256-CBC

I have attached the vpn.log as the errors still remains.
Attachments
vpn.log
(32.3 KiB) Downloaded 474 times

Eric

User avatar
Posts: 1146
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Thu Jan 14, 2021 10:22 am
Hi miknyb,

ncp-disable needs to be set on the server.

Regards,
Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

miknyb

Posts: 11
Joined: Fri Dec 18, 2020 10:55 pm

Post by miknyb » Thu Jan 14, 2021 9:10 pm
I do not think that ncp_disable will fix anything as 40 of my collegaues have the same vpn-config in windows and it works for them. And changing that will force a reboot of the vpn infrastructure and that is nothing we can do easily .

Eric

User avatar
Posts: 1146
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Fri Jan 15, 2021 12:25 pm
Hi miknyb,

I'm afraid we're out of things to try at this point. The issue is either a misconfiguration between your client and server, or an environmental issue like a firewall/AV or some other software tampering with the packets, or as original mentioned a routing issue.

Regards,
Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

miknyb

Posts: 11
Joined: Fri Dec 18, 2020 10:55 pm

Post by miknyb » Fri Jan 15, 2021 10:24 pm
Hi

I have installed the same config and certs in my iMac which sits on the same router as my Windows 10
I have attached the logs from that machine here to compare to my Windows 10

On the iMac everything works as it should
Attachments
ifconfig-imac.txt
(3.44 KiB) Downloaded 446 times

config-imac.txt
(76 Bytes) Downloaded 448 times

vpn-logg-imac.txt
(13.01 KiB) Downloaded 440 times

miknyb

Posts: 11
Joined: Fri Dec 18, 2020 10:55 pm

Post by miknyb » Fri Jan 15, 2021 10:30 pm
And here are the logs from windows 10 which still works sometimes and mostly not and when it works, very very slow in response
Attachments
vpnlog-windows.log.txt
(47.16 KiB) Downloaded 465 times

routes-windows.txt
(259 Bytes) Downloaded 460 times

ipconfig-windows.txt
(4.56 KiB) Downloaded 451 times
18 posts Page 2 of 2