Bug report: ignore-unknown-option block-outside-dns

Got a problem with Viscosity or need help? Ask here!

Nyr

Posts: 9
Joined: Fri Jul 27, 2012 1:51 am

Post by Nyr » Fri Sep 23, 2022 7:35 am
Hello:

This is an unconfirmed bug report. I am not a Viscosity for macOS user myself, but I am the developer of a popular OpenVPN installer and this was reported by one of my users running Viscosity on macOS.

My installer generates client configuration files which include the following two lines:
Code: Select all
ignore-unknown-option block-outside-dns
block-outside-dns
That way, block-outside-dns can be used in Windows clients supporting it, and be ignored (with a harmless warning) elsewhere. Except Viscosity for macOS, where according to one of my users, the following happens:
Code: Select all
2022-09-22 12:51:48: Viscosity Mac 1.10.3 (1600)
2022-09-22 12:51:48: Viscosity OpenVPN Engine Started
2022-09-22 12:51:48: Running on macOS 12.6.0
2022-09-22 12:51:48: ---------
2022-09-22 12:51:48: State changed to Connecting
2022-09-22 12:51:48: Checking reachability status of connection...
2022-09-22 12:51:48: Connection is reachable. Starting connection attempt.
2022-09-22 12:51:48: Options error: The command "block-outside-dns" or one of its parameters is invalid for this version of OpenVPN (2.5.7). Please edit the connection, make sure the command is valid, and try again.
2022-09-22 12:51:48: Full command: block-outside-dns 
2022-09-22 12:51:49: The OpenVPN subsystem could not be started.
2022-09-22 12:51:49: State changed to Disconnected (OpenVPN System Failure)
This was also reported by someone else on reddit which very likely was also using a configuration file generated by my installer.

For obvious reasons I can not reproduce this on Viscosity for Windows, and I do not have a Mac available to test. I have tested from Debian using OpenVPN 2.5.7, and it parses the configuration file and connects just fine, so I think that this could be potentially a problem with Viscosity.

Sorry in advance if this ends up being an end-user problem, but I figured it was worth reporting it because the person reporting this to me is technically competent, plus I was able to find someone else also having the same issue with the same configuration parameters.

James

User avatar
Posts: 2312
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Fri Sep 23, 2022 11:58 pm
Hi Nyr,

Thanks for the report! We greatly appreciate you looking out for Viscosity users using your openvpn-install tool.

Having a quick trace through OpenVPN's code, I think what is going on here is an ordering issue. Viscosity parses and re-generates all configuration data as part of its security model, and ordering isn't guaranteed for all command types. In some instances the configuration OpenVPN may end up reading has the "block-outside-dns" command ahead of the "ignore-unknown-option" command, which will cause OpenVPN to terminate in this instance.

I think why we haven't run into this before is specifying the "block-outside-dns" option locally is fairly uncommon: it's typically pushed from the OpenVPN server, which won't be treated as a fatal error by OpenVPN on macOS.

It should be easy enough for us to work-around this - please leave it with me.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

James

User avatar
Posts: 2312
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Sat Sep 24, 2022 12:28 am
The latest beta update should now resolve this:
https://www.sparklabs.com/support/kb/ar ... -versions/

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

Nyr

Posts: 9
Joined: Fri Jul 27, 2012 1:51 am

Post by Nyr » Sat Sep 24, 2022 1:19 am
Thanks a lot for the very quick response, I can not test it but will let my user know.

I also pushed an update on my side to work around the bug.

I used Viscosity on the Mac for many years and it was nice, I should probably purchase the Windows version someday, considering how you guys care about the product.
4 posts Page 1 of 1