Hi All,
We’ve merged a number of posts together into this topic to cover all possible issues with the upgrade to Viscosity 1.4.
Viscosity 1.4 includes an upgrade to OpenVPN 2.3. OpenVPN 2.3 brings a number of feature additions and changes to OpenVPN. If you are experiencing a problem connecting since upgrading to Viscosity 1.4, most likely there is something about your configuration that is no longer compatible with OpenVPN 2.3. Please follow the instructions below to resolve any issues you may be having.
Before proceeding please try using the latest 1.4.2 beta version (1.4.2b13 at the time of writing), which can be downloaded from here.
Issue 1: I Can’t Connect
Your first step should be to check the OpenVPN log. It will indicate why you are unable to connect, and allow you to refer to the relevant issue below. Please see the following article for how to check your OpenVPN log:
http://www.thesparklabs.com/support/viewing_the_openvpn_log/
Issue 2: TLS Error: TLS handshake failed (Astaro & Watchguard Servers)
If you see an error message similar to the above message, typically accompanied by another message like “TLS_ERROR: BIO read tls_read_plaintext error:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed” you are most likely trying to connect to an Astaro or Watchguard server. Unfortunately the “tls-remote” commands these servers generate are out of date and no longer accepted by the latest version of OpenSSL and OpenVPN. If updating to the latest beta version doesn’t help, you will need to modify one or both of these commands to be correct.
It has been reported by users that you can get your connection working again with the latest version of Viscosity by removing the “tls-remote” command. Some users have also reported success changing underscore characters to spaces in this command can also resolve the problem. To do either of these, edit your connection in Viscosity and then click on the Advanced tab. Find the “tls-remote” command in the commands section and then either remove it all together, or edit it accordingly. Click Save.
Issue 3: Options error: --dh fails with ‘name.crt’: No such file or directory
If you receive this error message you should edit your connection in Viscosity, click the Advanced tab, and remove the line starting with “dh” from the commands area. The dh command is for OpenVPN servers only: it should never be included with a client configuration. Earlier versions of OpenVPN ignored the command when acting as a client, however OpenVPN 2.3 should not. It is also advisable to notify your VPN Administrator in this case, as a dh command and file shouldn’t be getting distributed to end clients, and may be considered a security risk.
Cheers,
James
