Beta: Latest Build of Viscosity for Mac

Hi Jambaleia,

Viscosity 1.4 contains an updated version of OpenSSL, and an updated version of OpenVPN. It’s possible your certificates are being rejected as they are weak (i.e. some certificates generated using older versions of OpenSSL were weak and susceptible to attack, and so are rejected by newer OpenSSL versions), or your server configuration isn’t compatible with newer versions of OpenVPN.

Certificate authentication is handled by OpenVPN itself: it’s not something that Viscosity does. However please note that we haven’t had any other reports like this from any of our beta testers, so it’s likely to be a configuration problem with your setup or certificates, rather than a problem with OpenVPN.

Cheers,
James

Hi James

The strange thing is that with Tunnelblick it is working and I do not get an TLS HandShale error. Also Tunnelblick is using a newer version of openVPN that you do in the BETA.

So maybe you can have a second look?

Hi Jambaleia,

You are correct - the OpenVPN build the current beta is using is a few commits before 2.3a1. 2.3a2 is the current release - I’m actually working on getting this integrated into the beta, however it’s being stubborn when it comes to PKCS#11 support. As soon as I get this sorted I’ll throw up a new build and we’ll see if you have any better luck.

Cheers,
James

Looking forward to that.
Do you already when that will be?

The problem I actually have is that Tunnelblick is connecting but the DNS resolution is not working correctly so I only get partly access to the company LAN.

Viscosity is supposed to fully support Mountain lion and I would love to test it and keep Mountain lion instead of rolling back to Lion and use the 1.3 Viscosity ;/

Hi Jambaleia,

The latest build (1.4b11) now includes OpenVPN2.3-alpha2.

Cheers,
James

I am testing it today!! Will come back to you asap.

;( Bad News. Still the same issue. I do not know what to do …


Jul 14 09:26:53: Viscosity Mac 1.4 (1064)
Jul 14 09:26:53: Viscosity OpenVPN Engine Started
Jul 14 09:26:53: Running on Mac OS X 10.8.0
Jul 14 09:26:53: ---------
Jul 14 09:26:53: Checking reachability status of connection…
Jul 14 09:26:54: Connection is reachable. Starting connection attempt.
Jul 14 09:26:56: OpenVPN 2.3_alpha2 i386-apple-darwin10.8.0 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110522-1 (2.2.0)] built on Jul 14 2012
Jul 14 09:27:11: WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Jul 14 09:27:11: NOTE: OpenVPN 2.1 requires ‘–script-security 2’ or higher to call user-defined scripts or executables
Jul 14 09:27:11: Attempting to establish TCP connection with [AF_INET]213.144.15.3:443 [nonblock]
Jul 14 09:27:12: TCP connection established with [AF_INET]213.144.15.3:443
Jul 14 09:27:12: TCPv4_CLIENT link local: [undef]
Jul 14 09:27:12: TCPv4_CLIENT link remote: [AF_INET]213.144.15.3:443
Jul 14 09:27:12: WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
Jul 14 09:27:12: TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Jul 14 09:27:12: TLS Error: TLS object → incoming plaintext read error
Jul 14 09:27:12: TLS Error: TLS handshake failed
Jul 14 09:27:12: Fatal TLS error (check_tls_errors_co), restarting
Jul 14 09:27:12: SIGUSR1[soft,tls-error] received, process restarting

Hi Jambaleia,

Then your certificates are definitely invalid or not valid for the server you are trying to connect to, probably your CA cert. I’d suggest you try reimporting them into Viscosity from a working configuration onto your machine running 10.8.

Cheers,
James

It is exactly what I am doing.

With 1.3 it is working and I get a working connection.

With the BETA i get the error.

So can it really be the cert??

Yesterday i tried to setup a connection to Giganews and it worked fine. The only problem is that it only worked once. THe connection is still working but I can´t browse the internet as soon as the connection is established.

Does anybody have an idea what the problem could be???

Mountain Lion is becoming a real nightmare if you need VPN!?!?!?

The TLS Handshake Problem is solved.

I had to adjust the string to the new format. It took a while because the log didn´t show this detail..

Thank you! I have been going crazy without my VPN. Silly rabbit betas are for kids?

Hi Jambaleia,

i have identical problem with TLS handshake on ML. What string did you update to get it working?

Thank you

Hi d4vex,

Please see “Issue 3” at:
http://www.thesparklabs.com/forum/viewtopic.php?f=3&t=817#p2596

Cheers,
James

Build Notice: Viscosity 1.4.2b4 Now Available

You can subscribe to this topic by clicking on the “Subscribe topic” link at the bottom of the page to receive email notifications of new beta versions.

Build Notice: Viscosity 1.4.2b9 Now Available

You can subscribe to this topic by clicking on the “Subscribe topic” link at the bottom of the page to receive email notifications of new beta versions.

Build Notice: Viscosity 1.4.2b12 Now Available

You can subscribe to this topic by clicking on the “Subscribe topic” link at the bottom of the page to receive email notifications of new beta versions.

i maybe daft, but where do i get the latest builds? I am trying to get V working on Mountain Lion

It’s easy to overlook it but all download links are on the first message of this thread.
Just go to page 1.

It took me a while too. I just came to the conclusion that there is no beta available at this moment.