Losing DNS server

Got a problem with Viscosity or need help? Ask here!

gfarrar

Posts: 7
Joined: Fri Nov 07, 2008 1:45 am

Post by gfarrar » Sat Nov 08, 2008 4:16 am
Lasted for 22hrs, then i disconnected.. .which is at least 10x as long as it ever did before so i think you are onto something with the DHCP vs. static setup being a part of the problem

-g

gfarrar

Posts: 7
Joined: Fri Nov 07, 2008 1:45 am

Post by gfarrar » Sun Nov 09, 2008 10:28 am
anything else you want me to do?
-g

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Sun Nov 09, 2008 11:39 pm
Thanks for the tests. It seems apparent that the following is occurring:

1. The connection is dropping out or the computer's DHCP lease time is up
2. When the connection is re-established Mac OS X gets new DNS servers from the DHCP server and overwrites the ones set by Viscosity
3. The connection dropout is so short that OpenVPN is not aware that the connection has dropped out at all, and so does not reinitiate the connection (which means the VPN DNS servers would be restored when OpenVPN reconnects).

Using a static IP address, etc, would be the simplest way to avoid the problem in both situations. However making OpenVPN aware of these dropouts would be the best solution. Using TCP (rather than UDP) as the protocol should achieve this, or you can lower the ping/ping-restart times. TCP is more resilient at detecting dropped connections, and so OpenVPN should reconnect and re-add your OpenVPN server (although it depends on how long the drop-out lasts for). The ping/ping-restart commands instruct OpenVPN to check the connection every x seconds to ensure the VPN connection is still in-fact active. You may like to try a very low value to start with and see if it works (you'll most likely have to adjust these on the server to match as well), e.g.:

1. Open Viscosity and edit your connection
2. Click on the Options tab
3. Enter "1" into the Ping field, and "3" into the Ping Restart field (without quotes)
4. Click Save and try connecting

So, just to re-cap, I'd recommend trying the following and see which works best for you:

1. Use static information (IP, DNS, Gateway, etc) instead of DHCP if possible
2. Use TCP as the protocol instead of UDP if possible
3. Try lowering the ping/ping-restart values
4. Try increasing the DHCP lease time on your DHCP server (typically an Internet router or wireless point in a home environment), e.g. to 3 days rather than 1 hour.

In the meantime, I'll see if there is a way to get Viscosity to detect small dropouts and re-add the DNS servers if necessary.

Cheers
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

gfarrar

Posts: 7
Joined: Fri Nov 07, 2008 1:45 am

Post by gfarrar » Wed Nov 12, 2008 2:11 am
Thanks a lot James. I'm checking to see which of these is an option for me.

In the meantime, i've gone the other way with the DNS... adding my VNP name servers to my name server list. I set the use alternative DNS option so that when i'm connected they aren't listed twice. Seems to be working ok like this. Anyone see any issues with this setup?

thanks,
graham

troymurray

User avatar
Posts: 14
Joined: Thu Nov 06, 2008 3:18 am

Post by troymurray » Fri Nov 14, 2008 3:45 am
James,

I didn't forgot about this. I ticked the "Use alternate DNS support" checkbox and since then I have had NO PROBLEMS with my DNS server being forgotten by the system and replaced with a non-valid server IP address. My connection (be it AirPort or Ethernet) is always DHCP and with this setting enabled my problems have disappeared. Here are my settings if they help someone else. I'm connecting to an Astaro Security Gateway (ASG120 & ASG220) in case anyone is interested.

General Tab
---------------------
Method protocol: tcp
Method device: tun
DNS: Enable DNS/Nameserver support

Certificates Tab
---------------------
Authentication Type: SSL/TLS Client
Direction: Default

Options Tab
---------------------
Ping: <blank>
Ping Restart: <blank>
Persist Tun: True
Persist Local IP: False
Persist Key: True
Persist Remote IP: False
Use Username/Password Authentication: True
Use LZO Compression: True
No Bind: True
Pull Options: True

Networking Tab
---------------------
Send all traffic over VPN connection: False
Default Gateway: <blank>
Route: I have entered my two routes, both have "vpn_gateway" for gateway and "default" for metric
Shaper: <blank>
Fragment: <blank>
Tun MTU: <blank>
Inactive: <blank>

Proxy Tab
---------------------
Connect using proxy: False

Advanced Tab
---------------------
resolv-retry infinite
--proto tcp-client <-- I had to add this line as my connection wouldn't work without it!
auth MD5
cipher AES-128-CBC
tls-remote /C=us/L=XXXXXXXXXXX/O=XXXXXXXX/CN=XXXXXXXX/emailAddress=XXXXXXXXXXXXXXXXXXX
reneg-sec 0


James, I've said it before and I'll say it again, I love Viscosity, great, great application, fantastic job, kudos!!! :D :D
--
Troy Murray

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Sun Nov 16, 2008 12:26 am
Great - glad to hear it's working.
I love Viscosity, great, great application, fantastic job, kudos!!!
Thanks Troy :)

Cheers
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

gfawcett


Post by gfawcett » Fri Dec 05, 2008 11:47 am
I have exactly this problem and I can replicate it.

The problem is this: I am using TUN, as required by the OpenVPN server I am using. When I bring up the VPN, the "up" script writes the new remote DNS server addresses into my network preferences, removing the ones on my local network. However, when my DHCP lease expires, the DHCP request goes out on my local network and the response overwrites the remote DNS server addresses with the local ones.

Other users can verify that this is the problem by going into network preferences, clicking on the interface they are using (the first green one), clicking the "Advanced" button, clicking on "TCP/IP", and pressing the "Renew DHCP lease" button. Their active VPN connection should stop working, although they can still ping an external numerical (not named) server address using Network Utility.

Bringing down the VPN connection and bringing it up again fixes the problem because it runs the "up" script again. Alternatively, using a static DNS address will work but then the local network cannot be used when the VPN connection is down. Both are a real drag. What is needed is for Viscosity to periodically fix the DNS address while the VPN is up (by running that section of the "up" script). Then a DHCP lease expiry/renewal will not make the active VPN unusable for long.

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Sat Dec 06, 2008 8:04 am
Hi All,

I've put the latest internal build (which addresses this issue) online for you guys to try seeing as it seems to be in demand. We did plan to test it further before making it available, so please note that is is a HIGHLY EXPERIMENTAL build. It can be downloaded at:

http://www.viscosityvpn.com/download/Vi ... build4.zip [3 MB]

A few things of note:

- It should detect when a DHCP reply overwrites the DNS settings. The VPN DNS settings should be restored within a few seconds
- It is only available for the standard DNS support (so please turn off the alternate DNS support option if you'd like to give it a try)
- If you are using this build keep an eye on memory usage, processor usage, etc to make sure everything is normal

If you have any comments/bugs about this build please visit this topic.

Cheers
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
18 posts Page 2 of 2