SparkLabs Forum

Posted: **Fri Sep 23, 2022 7:35 am**

Hello:

This is an unconfirmed bug report. I am not a Viscosity for macOS user myself, but I am the developer of a popular OpenVPN installer and this was reported by one of my users running Viscosity on macOS.

My installer generates client configuration files which include the following two lines:

Code: Select all

ignore-unknown-option block-outside-dns
block-outside-dns

That way, block-outside-dns can be used in Windows clients supporting it, and be ignored (with a harmless warning) elsewhere. Except Viscosity for macOS, where according to one of my users, the following happens:

Code: Select all

2022-09-22 12:51:48: Viscosity Mac 1.10.3 (1600)
2022-09-22 12:51:48: Viscosity OpenVPN Engine Started
2022-09-22 12:51:48: Running on macOS 12.6.0
2022-09-22 12:51:48: ---------
2022-09-22 12:51:48: State changed to Connecting
2022-09-22 12:51:48: Checking reachability status of connection...
2022-09-22 12:51:48: Connection is reachable. Starting connection attempt.
2022-09-22 12:51:48: Options error: The command "block-outside-dns" or one of its parameters is invalid for this version of OpenVPN (2.5.7). Please edit the connection, make sure the command is valid, and try again.
2022-09-22 12:51:48: Full command: block-outside-dns 
2022-09-22 12:51:49: The OpenVPN subsystem could not be started.
2022-09-22 12:51:49: State changed to Disconnected (OpenVPN System Failure)

This was also reported by someone else on reddit which very likely was also using a configuration file generated by my installer.

For obvious reasons I can not reproduce this on Viscosity for Windows, and I do not have a Mac available to test. I have tested from Debian using OpenVPN 2.5.7, and it parses the configuration file and connects just fine, so I think that this could be potentially a problem with Viscosity.

Sorry in advance if this ends up being an end-user problem, but I figured it was worth reporting it because the person reporting this to me is technically competent, plus I was able to find someone else also having the same issue with the same configuration parameters.

Posted: **Fri Sep 23, 2022 11:58 pm**

Hi Nyr,

Thanks for the report! We greatly appreciate you looking out for Viscosity users using your openvpn-install tool.

Having a quick trace through OpenVPN's code, I think what is going on here is an ordering issue. Viscosity parses and re-generates all configuration data as part of its security model, and ordering isn't guaranteed for all command types. In some instances the configuration OpenVPN may end up reading has the "block-outside-dns" command ahead of the "ignore-unknown-option" command, which will cause OpenVPN to terminate in this instance.

I think why we haven't run into this before is specifying the "block-outside-dns" option locally is fairly uncommon: it's typically pushed from the OpenVPN server, which won't be treated as a fatal error by OpenVPN on macOS.

It should be easy enough for us to work-around this - please leave it with me.

Cheers,
James

Posted: **Sat Sep 24, 2022 12:28 am**

The latest beta update should now resolve this:
https://www.sparklabs.com/support/kb/ar ... -versions/

Cheers,
James

Posted: **Sat Sep 24, 2022 1:19 am**

Thanks a lot for the very quick response, I can not test it but will let my user know.

I also pushed an update on my side to work around the bug.

I used Viscosity on the Mac for many years and it was nice, I should probably purchase the Windows version someday, considering how you guys care about the product.

SparkLabs Forum

Bug report: ignore-unknown-option block-outside-dns

Bug report: ignore-unknown-option block-outside-dns

Re: Bug report: ignore-unknown-option block-outside-dns

Re: Bug report: ignore-unknown-option block-outside-dns

Re: Bug report: ignore-unknown-option block-outside-dns