Page 1 of 1

Intermittent no connection

Posted: Fri Oct 18, 2019 5:09 pm
by ezzah
Hi,

I appeared to have faced this issue with tunnelblick and now also with Viscosity. I am confused because I use virtually the same client config setup on a Windows and Android phone, but I do not have the issue I am currently facing on macOS (both in Mojave and now Catalina). I am on Viscosity 1.8.1. Sometimes out of seemingly nowhere, as even with verb 4 nothing shows up in the logs, the client shows that I am still connected to the VPN server but I cannot get any connection. Basically, if I click on the Viscosity icon it shows that I am sending packets up but getting no down. It is not a DNS issue; either pinging IPs or domains get me nothing. Sometimes the issue resolves itself after a few minutes of me not doing anything, but always if I instantly reset my network interface (either by disconnecting wifi or enabling the option in Viscosity to reset the interface and then disconnecting and reconnecting) I instantly get internet connection again. Again, there is no indication in the logs with verb 4 of what is exactly happening to cause this issue. The problem probably occurs once a week so it is decently rare but somewhat consistent. I will attach the client and server configs below with sensitive information omitted. I would like to add that I have a pihole running on the same openvpn server, but I doubt it is the issue. I believe it has something to do with macOS routing tables breaking but I have no idea why they break randomly as the only thing I run locally is Viscosity.

Server conf

port 1194
proto udp
fast-io
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
push "dhcp-option DNS 10.8.0.1" #pihole installation
push "redirect-gateway def1 bypass-dhcp"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key 0
crl-verify crl.pem
ca ca.crt
cert xx.crt
key xx.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
verb 4
duplicate-cn
status /var/log/openvpn-status.log
log /var/log/openvpn.log
management 127.0.0.1 6666
sndbuf 0
rcvbuf 0
reneg-sec 0


client.conf not complete just the advanced options shown in Viscosity

sndbuf 0
verb 4
ncp-disable
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
auth SHA256
rcvbuf 0
resolv-retry infinite
auth-nocache
tls-version-min 1.2
verify-x509-name xx name
cipher AES-128-GCM
fast-io
tun-mtu 1378

--

persist tun, persist key, no bind and pull options are ticked. All traffic and DNS are being routed through the openvpn server.

Re: Intermittent no connection

Posted: Mon Oct 21, 2019 1:25 pm
by James
Hi ezzah,

According to what you have posted, "reneg-sec 0" is present in the server configuration but not the client. "reneg-sec 0" disables renegotiation, however for it to work correctly it must be present in both the server and client configuration. I recommend you try either adding it to the client configuration (in the advanced commands area), or removing it from the server's configuration.

Cheers,
James