OpenVPN with Viscosity connection can’t handle two clients

Got a problem with Viscosity or need help? Ask here!

DominikHoffmann

Posts: 10
Joined: Wed May 30, 2018 3:49 pm

Post by DominikHoffmann » Sun Nov 22, 2020 6:56 am
I have set up an OpenVPN server on my pfSense box at home. It works just fine, and when connecting using tap, it’s almost an identical experience to being at home.

However, when I connect two clients (Mac) to the VPN, the cycle through making the connection, cutting it, and establishing it. I have only been able to test this with both being on the same outside network (my neighbor’s or my son’s school’s). I have not tried this with both clients making VPN connections from different outside LANs.

Here is the log that shows what might be going on. I myself do not possess enough expertise to understand what is.
Code: Select all
2020-11-21 14:42:15: Viscosity Mac 1.9 (1556)
2020-11-21 14:42:15: Viscosity OpenVPN Engine Started
2020-11-21 14:42:15: Running on macOS 11.0.1
2020-11-21 14:42:15: ---------
2020-11-21 14:42:15: State changed to Connecting
2020-11-21 14:42:15: Valid existing endpoint found... 208.xxx.xxx.xxx:443:tcp4-client
2020-11-21 14:42:15: TCP/UDP: Preserving recently used remote address: [AF_INET]208.xxx.xxx.xxx:443
2020-11-21 14:42:15: Attempting to establish TCP connection with [AF_INET]208.xxx.xxx.xxx:443 [nonblock]
2020-11-21 14:42:17: TCP connection established with [AF_INET]208.xxx.xxx.xxx:443
2020-11-21 14:42:17: TCPv4_CLIENT link local: (not bound)
2020-11-21 14:42:17: TCPv4_CLIENT link remote: [AF_INET]208.xxx.xxx.xxx:443
2020-11-21 14:42:17: State changed to Authenticating
2020-11-21 14:42:18: [server] Peer Connection Initiated with [AF_INET]208.xxx.xxx.xxx:443
2020-11-21 14:42:19: Preserving previous TUN/TAP instance: en12
2020-11-21 14:42:19: Initialization Sequence Completed
2020-11-21 14:42:19: Disabling DHCP on interface en12 (not required)
2020-11-21 14:42:19: DNS mode set to Split
2020-11-21 14:42:19: State changed to Connected
2020-11-21 14:42:24: Connection reset, restarting [0]
2020-11-21 14:42:24: SIGUSR1[soft,connection-reset] received, process restarting
2020-11-21 14:42:24: Viscosity Mac 1.9 (1556)
2020-11-21 14:42:24: Viscosity OpenVPN Engine Started
2020-11-21 14:42:24: Running on macOS 11.0.1
2020-11-21 14:42:24: ---------
2020-11-21 14:42:24: State changed to Connecting
2020-11-21 14:42:25: Valid existing endpoint found... 208.xxx.xxx.xxx:443:tcp4-client
2020-11-21 14:42:25: TCP/UDP: Preserving recently used remote address: [AF_INET]208.xxx.xxx.xxx:443
2020-11-21 14:42:25: Attempting to establish TCP connection with [AF_INET]208.xxx.xxx.xxx:443 [nonblock]
2020-11-21 14:42:26: TCP connection established with [AF_INET]208.xxx.xxx.xxx:443
2020-11-21 14:42:26: TCPv4_CLIENT link local: (not bound)
2020-11-21 14:42:26: TCPv4_CLIENT link remote: [AF_INET]208.xxx.xxx.xxx:443
2020-11-21 14:42:26: State changed to Authenticating
2020-11-21 14:42:33: [server] Peer Connection Initiated with [AF_INET]208.xxx.xxx.xxx:443
2020-11-21 14:42:33: Preserving previous TUN/TAP instance: en12
2020-11-21 14:42:33: Initialization Sequence Completed
2020-11-21 14:42:33: Disabling DHCP on interface en12 (not required)
2020-11-21 14:42:33: DNS mode set to Split
2020-11-21 14:42:34: State changed to Connected
2020-11-21 14:42:35: Connection reset, restarting [0]
2020-11-21 14:42:35: SIGUSR1[soft,connection-reset] received, process restarting
2020-11-21 14:42:35: Viscosity Mac 1.9 (1556)
2020-11-21 14:42:35: Viscosity OpenVPN Engine Started
2020-11-21 14:42:35: Running on macOS 11.0.1
2020-11-21 14:42:35: ---------
2020-11-21 14:42:35: State changed to Connecting
2020-11-21 14:42:35: Valid existing endpoint found... 208.xxx.xxx.xxx:443:tcp4-client
2020-11-21 14:42:35: TCP/UDP: Preserving recently used remote address: [AF_INET]208.xxx.xxx.xxx:443
2020-11-21 14:42:35: Attempting to establish TCP connection with [AF_INET]208.xxx.xxx.xxx:443 [nonblock]
2020-11-21 14:42:36: TCP connection established with [AF_INET]208.xxx.xxx.xxx:443
2020-11-21 14:42:36: TCPv4_CLIENT link local: (not bound)
2020-11-21 14:42:36: TCPv4_CLIENT link remote: [AF_INET]208.xxx.xxx.xxx:443
2020-11-21 14:42:36: State changed to Authenticating
2020-11-21 14:42:37: [server] Peer Connection Initiated with [AF_INET]208.xxx.xxx.xxx:443
2020-11-21 14:42:37: Preserving previous TUN/TAP instance: en12
2020-11-21 14:42:37: Initialization Sequence Completed
2020-11-21 14:42:37: Disabling DHCP on interface en12 (not required)
2020-11-21 14:42:37: DNS mode set to Split
2020-11-21 14:42:37: State changed to Connected
2020-11-21 14:42:38: Connection reset, restarting [0]
2020-11-21 14:42:38: SIGUSR1[soft,connection-reset] received, process restarting
2020-11-21 14:42:38: Viscosity Mac 1.9 (1556)
2020-11-21 14:42:38: Viscosity OpenVPN Engine Started
2020-11-21 14:42:38: Running on macOS 11.0.1
2020-11-21 14:42:38: ---------
2020-11-21 14:42:38: State changed to Connecting
2020-11-21 14:42:38: Valid existing endpoint found... 208.xxx.xxx.xxx:443:tcp4-client
2020-11-21 14:42:38: TCP/UDP: Preserving recently used remote address: [AF_INET]208.xxx.xxx.xxx:443
2020-11-21 14:42:38: Attempting to establish TCP connection with [AF_INET]208.xxx.xxx.xxx:443 [nonblock]
2020-11-21 14:42:39: TCP connection established with [AF_INET]208.xxx.xxx.xxx:443
2020-11-21 14:42:39: TCPv4_CLIENT link local: (not bound)
2020-11-21 14:42:39: TCPv4_CLIENT link remote: [AF_INET]208.xxx.xxx.xxx:443
2020-11-21 14:42:39: State changed to Authenticating
2020-11-21 14:42:40: [server] Peer Connection Initiated with [AF_INET]208.xxx.xxx.xxx:443
2020-11-21 14:42:40: Preserving previous TUN/TAP instance: en12
2020-11-21 14:42:40: Initialization Sequence Completed
2020-11-21 14:42:40: Disabling DHCP on interface en12 (not required)
2020-11-21 14:42:40: DNS mode set to Split
2020-11-21 14:42:40: State changed to Connected
2020-11-21 14:42:42: Connection reset, restarting [0]
2020-11-21 14:42:42: SIGUSR1[soft,connection-reset] received, process restarting
2020-11-21 14:42:42: Viscosity Mac 1.9 (1556)
2020-11-21 14:42:42: Viscosity OpenVPN Engine Started
2020-11-21 14:42:42: Running on macOS 11.0.1
2020-11-21 14:42:42: ---------
2020-11-21 14:42:42: State changed to Connecting
2020-11-21 14:42:42: Valid existing endpoint found... 208.xxx.xxx.xxx:443:tcp4-client
2020-11-21 14:42:42: TCP/UDP: Preserving recently used remote address: [AF_INET]208.xxx.xxx.xxx:443
2020-11-21 14:42:42: Attempting to establish TCP connection with [AF_INET]208.xxx.xxx.xxx:443 [nonblock]
2020-11-21 14:42:43: TCP connection established with [AF_INET]208.xxx.xxx.xxx:443
2020-11-21 14:42:43: TCPv4_CLIENT link local: (not bound)
2020-11-21 14:42:43: TCPv4_CLIENT link remote: [AF_INET]208.xxx.xxx.xxx:443
2020-11-21 14:42:43: State changed to Authenticating
2020-11-21 14:42:44: [server] Peer Connection Initiated with [AF_INET]208.xxx.xxx.xxx:443
2020-11-21 14:42:44: Preserving previous TUN/TAP instance: en12
2020-11-21 14:42:44: Initialization Sequence Completed
2020-11-21 14:42:44: Disabling DHCP on interface en12 (not required)
2020-11-21 14:42:44: DNS mode set to Split
2020-11-21 14:42:44: State changed to Connected
2020-11-21 14:42:47: Connection reset, restarting [0]
2020-11-21 14:42:47: SIGUSR1[soft,connection-reset] received, process restarting

DominikHoffmann

Posts: 10
Joined: Wed May 30, 2018 3:49 pm

Post by DominikHoffmann » Sun Nov 22, 2020 8:08 am
Just tried it with one client connecting to my home LAN through my neighbor’s WiFi network and this laptop connecting to it through a public xfinitywifi hotspot.

Same issue. I wonder, what the interaction between two clients is.

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Tue Nov 24, 2020 8:31 pm
Hi DominikHoffmann,

It sounds likely the OpenVPN server is configured to only allow a single connection per user. When a connection is established under a user, any other connections under the same user are terminated.

If you're sharing the same client certificate/key between different machines, then you'll either need to enable the "duplicate-cn" option on the server, or generate a seperate certificate/key for one of the machines.

If you use username/password authentication, you'll need to check the OpenVPN server's authentication script to see whether it allows multiple connections using the same username.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
3 posts Page 1 of 1