since 1.9.1 all traffic goes through tunnel

Got a problem with Viscosity or need help? Ask here!

tis

Posts: 2
Joined: Fri Feb 12, 2021 6:58 pm

Post by tis » Fri Feb 12, 2021 7:20 pm
Hi,

since I updated my client to 1.9.1 (1563) on my Mac (Catalina 10.15.7) I can't reach any client in my local network.
All traffic goes through the vpn tunnel. The network option is set to "Automatic (Set by server)". The openVPN Gateway isn't pushing this option. Any ideas?

Thanks in advance & BR,
tis

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Sat Feb 13, 2021 1:29 am
Hi tis,

Can you please post a copy of the following:

1. A complete copy of the OpenVPN log with the log verbosity level raised. You can raise the log verbosity by editing the connection in Viscosity, clicking on the Advanced tab, and then adding the command “verb 5” (without the quotation marks) on a new line in the Advanced commands area:
https://www.sparklabs.com/support/kb/ar ... n-commands

The VPN connection can then be connected/reconnected and the OpenVPN log accessed.

2. The Raw Configuration Data for your connection. You can view the raw configuration data for your Viscosity connection by opening Viscosity’s Preferences window, holding down the Option/Alt key on your keyboard, right-clicking (or control-clicking on Mac) on your connection, and selecting “View Configuration Data”.

As this is a public forum I recommend censoring out any sensitive details before posting them. Alternatively please feel free to email them to us instead.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

tis

Posts: 2
Joined: Fri Feb 12, 2021 6:58 pm

Post by tis » Tue Feb 16, 2021 4:11 am
Hi James,

I hope this will help.

Thanks in advance!
Code: Select all
2021-02-15 18:07:46: Viscosity Mac 1.9.1 (1563)
2021-02-15 18:07:46: Viscosity OpenVPN Engine Started
2021-02-15 18:07:46: Running on macOS 10.15.7
2021-02-15 18:07:46: ---------
2021-02-15 18:07:46: State changed to Connecting
2021-02-15 18:07:46: Checking reachability status of connection...
2021-02-15 18:07:46: Connection is reachable. Starting connection attempt.
2021-02-15 18:07:46: Current Parameter Settings:
2021-02-15 18:07:46:   config = 'config.conf'
2021-02-15 18:07:46:   mode = 0
2021-02-15 18:07:46:   show_ciphers = DISABLED
2021-02-15 18:07:46:   show_digests = DISABLED
2021-02-15 18:07:46:   show_engines = DISABLED
2021-02-15 18:07:46:   genkey = DISABLED
2021-02-15 18:07:46:   key_pass_file = '[UNDEF]'
2021-02-15 18:07:46:   show_tls_ciphers = DISABLED
2021-02-15 18:07:46:   connect_retry_max = 0
2021-02-15 18:07:46: Connection profiles [0]:
2021-02-15 18:07:46:   proto = udp
2021-02-15 18:07:46:   local = '[UNDEF]'
2021-02-15 18:07:46:   local_port = '[UNDEF]'
2021-02-15 18:07:46:   remote = 'gate.mydomain.com'
2021-02-15 18:07:46:   remote_port = '443'
2021-02-15 18:07:46:   remote_float = DISABLED
2021-02-15 18:07:46:   bind_defined = DISABLED
2021-02-15 18:07:46:   bind_local = DISABLED
2021-02-15 18:07:46:   bind_ipv6_only = DISABLED
2021-02-15 18:07:46:   connect_retry_seconds = 5
2021-02-15 18:07:46:   connect_timeout = 4
2021-02-15 18:07:46:   socks_proxy_server = '[UNDEF]'
2021-02-15 18:07:46:   socks_proxy_port = '[UNDEF]'
2021-02-15 18:07:46:   tun_mtu = 1500
2021-02-15 18:07:46:   tun_mtu_defined = ENABLED
2021-02-15 18:07:46:   link_mtu = 1500
2021-02-15 18:07:46:   link_mtu_defined = DISABLED
2021-02-15 18:07:46:   tun_mtu_extra = 0
2021-02-15 18:07:46:   tun_mtu_extra_defined = DISABLED
2021-02-15 18:07:46:   mtu_discover_type = -1
2021-02-15 18:07:46:   fragment = 0
2021-02-15 18:07:46:   mssfix = 1450
2021-02-15 18:07:46:   explicit_exit_notification = 0
2021-02-15 18:07:46: Connection profiles [1]:
2021-02-15 18:07:46:   proto = udp
2021-02-15 18:07:46:   local = '[UNDEF]'
2021-02-15 18:07:46:   local_port = '[UNDEF]'
2021-02-15 18:07:46:   remote = 'gate.mydomain.com'
2021-02-15 18:07:46:   remote_port = '443'
2021-02-15 18:07:46:   remote_float = DISABLED
2021-02-15 18:07:46:   bind_defined = DISABLED
2021-02-15 18:07:46:   bind_local = DISABLED
2021-02-15 18:07:46:   bind_ipv6_only = DISABLED
2021-02-15 18:07:46:   connect_retry_seconds = 5
2021-02-15 18:07:46:   connect_timeout = 4
2021-02-15 18:07:46:   socks_proxy_server = '[UNDEF]'
2021-02-15 18:07:46:   socks_proxy_port = '[UNDEF]'
2021-02-15 18:07:46:   tun_mtu = 1500
2021-02-15 18:07:46:   tun_mtu_defined = ENABLED
2021-02-15 18:07:46:   link_mtu = 1500
2021-02-15 18:07:46:   link_mtu_defined = DISABLED
2021-02-15 18:07:46:   tun_mtu_extra = 0
2021-02-15 18:07:46:   tun_mtu_extra_defined = DISABLED
2021-02-15 18:07:46:   mtu_discover_type = -1
2021-02-15 18:07:46:   fragment = 0
2021-02-15 18:07:46:   mssfix = 1450
2021-02-15 18:07:46:   explicit_exit_notification = 0
2021-02-15 18:07:46: Connection profiles [2]:
2021-02-15 18:07:46:   proto = tcp-client
2021-02-15 18:07:46:   local = '[UNDEF]'
2021-02-15 18:07:46:   local_port = '[UNDEF]'
2021-02-15 18:07:46:   remote = 'gate.mydomain.com'
2021-02-15 18:07:46:   remote_port = '443'
2021-02-15 18:07:46:   remote_float = DISABLED
2021-02-15 18:07:46:   bind_defined = DISABLED
2021-02-15 18:07:46:   bind_local = DISABLED
2021-02-15 18:07:46:   bind_ipv6_only = DISABLED
2021-02-15 18:07:46:   connect_retry_seconds = 5
2021-02-15 18:07:46:   connect_timeout = 4
2021-02-15 18:07:46:   socks_proxy_server = '[UNDEF]'
2021-02-15 18:07:46:   socks_proxy_port = '[UNDEF]'
2021-02-15 18:07:46:   tun_mtu = 1500
2021-02-15 18:07:46:   tun_mtu_defined = ENABLED
2021-02-15 18:07:46:   link_mtu = 1500
2021-02-15 18:07:46:   link_mtu_defined = DISABLED
2021-02-15 18:07:46:   tun_mtu_extra = 0
2021-02-15 18:07:46:   tun_mtu_extra_defined = DISABLED
2021-02-15 18:07:46:   mtu_discover_type = -1
2021-02-15 18:07:46:   fragment = 0
2021-02-15 18:07:46:   mssfix = 1450
2021-02-15 18:07:46:   explicit_exit_notification = 0
2021-02-15 18:07:46: Connection profiles [3]:
2021-02-15 18:07:46:   proto = udp
2021-02-15 18:07:46:   local = '[UNDEF]'
2021-02-15 18:07:46:   local_port = '[UNDEF]'
2021-02-15 18:07:46:   remote = 'gate.mydomain.com'
2021-02-15 18:07:46:   remote_port = '443'
2021-02-15 18:07:46:   remote_float = DISABLED
2021-02-15 18:07:46:   bind_defined = DISABLED
2021-02-15 18:07:46:   bind_local = DISABLED
2021-02-15 18:07:46:   bind_ipv6_only = DISABLED
2021-02-15 18:07:46:   connect_retry_seconds = 5
2021-02-15 18:07:46:   connect_timeout = 4
2021-02-15 18:07:46:   socks_proxy_server = '[UNDEF]'
2021-02-15 18:07:46:   socks_proxy_port = '[UNDEF]'
2021-02-15 18:07:46:   tun_mtu = 1500
2021-02-15 18:07:46:   tun_mtu_defined = ENABLED
2021-02-15 18:07:46:   link_mtu = 1500
2021-02-15 18:07:46:   link_mtu_defined = DISABLED
2021-02-15 18:07:46: NOTE: --mute triggered...
2021-02-15 18:07:46: 348 variation(s) on previous 100 message(s) suppressed by --mute
2021-02-15 18:07:46: OpenVPN 2.4.10 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Jan 18 2021
2021-02-15 18:07:46: library versions: OpenSSL 1.1.1i  8 Dec 2020, LZO 2.10
2021-02-15 18:07:46: Resolving address: gate.mydomain.com
2021-02-15 18:07:46: Valid endpoint found: xxx.xxx.xxx.xxx:443:udp
2021-02-15 18:07:46: WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
2021-02-15 18:07:46: Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
2021-02-15 18:07:46: Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
2021-02-15 18:07:46: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
2021-02-15 18:07:46: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
2021-02-15 18:07:46: TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:443
2021-02-15 18:07:46: Socket Buffers: R=[786896->786896] S=[9216->9216]
2021-02-15 18:07:46: UDP link local: (not bound)
2021-02-15 18:07:46: UDP link remote: [AF_INET]xxx.xxx.xxx.xxx:443
2021-02-15 18:07:46: TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:443, sid=d80854f5 7e6ec27b
2021-02-15 18:07:46: State changed to Authenticating
2021-02-15 18:07:46: VERIFY OK: depth=1, CN=OpenVPN CA
2021-02-15 18:07:46: VERIFY OK: nsCertType=SERVER
2021-02-15 18:07:46: VERIFY OK: depth=0, CN=OpenVPN Server
2021-02-15 18:07:46: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
2021-02-15 18:07:46: [OpenVPN Server] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:443
2021-02-15 18:07:46: SENT CONTROL [OpenVPN Server]: 'PUSH_REQUEST' (status=1)
2021-02-15 18:07:46: PUSH: Received control message: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 12,ping-restart 50,compress stub-v2,redirect-gateway def1,redirect-gateway bypass-dhcp,redirect-gateway autolocal,route-gateway 10.18.0.225,dhcp-option DNS 192.168.120.120,dhcp-option DNS 192.168.121.121,dhcp-option ADAPTER_DOMAIN_SUFFIX mydomain.com,register-dns,block-ipv6,ifconfig 10.18.0.229 255.255.255.224,peer-id 0,auth-tokenSESS_ID,cipher AES-256-GCM'
2021-02-15 18:07:46: Pushed option removed by filter: 'route-delay 5 30'
2021-02-15 18:07:46: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:19: block-ipv6 (2.4.10)
2021-02-15 18:07:46: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2021-02-15 18:07:46: OPTIONS IMPORT: timers and/or timeouts modified
2021-02-15 18:07:46: OPTIONS IMPORT: explicit notify parm(s) modified
2021-02-15 18:07:46: OPTIONS IMPORT: compression parms modified
2021-02-15 18:07:46: OPTIONS IMPORT: --ifconfig/up options modified
2021-02-15 18:07:46: OPTIONS IMPORT: route options modified
2021-02-15 18:07:46: OPTIONS IMPORT: route-related options modified
2021-02-15 18:07:46: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2021-02-15 18:07:46: OPTIONS IMPORT: peer-id set
2021-02-15 18:07:46: OPTIONS IMPORT: adjusting link_mtu to 1625
2021-02-15 18:07:46: OPTIONS IMPORT: data channel crypto options modified
2021-02-15 18:07:46: Data Channel: using negotiated cipher 'AES-256-GCM'
2021-02-15 18:07:46: Data Channel MTU parms [ L:1553 D:1450 EF:53 EB:406 ET:0 EL:3 ]
2021-02-15 18:07:46: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-02-15 18:07:46: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-02-15 18:07:46: Opened utun device utun10
2021-02-15 18:07:46: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
2021-02-15 18:07:46: /sbin/ifconfig utun10 delete
2021-02-15 18:07:46: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2021-02-15 18:07:46: /sbin/ifconfig utun10 10.18.0.229 10.18.0.229 netmask 255.255.255.224 mtu 1500 up
2021-02-15 18:07:46: /sbin/route add -net 10.18.0.224 10.18.0.229 255.255.255.224
2021-02-15 18:07:46: /sbin/route add -net xxx.xxx.xxx.xxx 192.168.186.1 255.255.255.255
2021-02-15 18:07:46: /sbin/route add -net 0.0.0.0 10.18.0.225 128.0.0.0
2021-02-15 18:07:46: /sbin/route add -net 128.0.0.0 10.18.0.225 128.0.0.0
2021-02-15 18:07:46: Initialization Sequence Completed
2021-02-15 18:07:46: DNS mode set to Full
2021-02-15 18:07:47: State changed to Connected
2021-02-15 18:08:00: State changed to Disconnecting (Manual)
2021-02-15 18:08:00: SIGTERM received, sending exit notification to peer
2021-02-15 18:08:00: TCP/UDP: Closing socket
2021-02-15 18:08:00: /sbin/route delete -net xxx.xxx.xxx.xxx 192.168.186.1 255.255.255.255
2021-02-15 18:08:00: /sbin/route delete -net 0.0.0.0 10.18.0.225 128.0.0.0
2021-02-15 18:08:00: /sbin/route delete -net 128.0.0.0 10.18.0.225 128.0.0.0
2021-02-15 18:08:00: Closing TUN/TAP interface
2021-02-15 18:08:00: SIGTERM[hard,] received, process exiting
2021-02-15 18:08:00: State changed to getrennt (Process Terminated)

Eric

User avatar
Posts: 1146
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Tue Feb 16, 2021 10:40 am
Hi tis,

Your server is pushing the redirect-gateway option(s) which is what is setting all traffic to go over the VPN.
2021-02-15 18:07:46: PUSH: Received control message: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 12,ping-restart 50,compress stub-v2,redirect-gateway def1,redirect-gateway bypass-dhcp,redirect-gateway autolocal,route-gateway 10.18.0.225,dhcp-option DNS 192.168.120.120,dhcp-option DNS 192.168.121.121,dhcp-option ADAPTER_DOMAIN_SUFFIX mydomain.com,register-dns,block-ipv6,ifconfig 10.18.0.229 255.255.255.224,peer-id 0,auth-tokenSESS_ID,cipher AES-256-GCM'
Regards,
Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
4 posts Page 1 of 1