Viscosity VPN using existing Tunnelblick OpenVPN config cannot authenticate/connect
Posted: Wed Aug 25, 2021 11:59 pm
I have been using Tunnelblick for a couple of years to connect to our company VPN (using MikroTik - configured with an OpenVPN server).
Now, there is an issue with MacOS Big Sur and VMware Fusion 12 where the (Windows) VMs cannot use the VPN of the Mac any more. But according to this discussion https://communities.vmware.com/t5/VMwar ... ue#M172119 Viscosity should work
Therefore, I have installed a trial and it suggests to import my connection from Tunnelblick. Fine!
However, it does not connect. I have tried to edit the connection and re-select the certificates but still no luck. If I edit it again it just shows "ca.crt", "cert.crt" and "key.key" - but I guess this is Viscosity's way of hiding what I have selected?
When I try to connect I get this in the log:
Thanks in advance!
/John
Now, there is an issue with MacOS Big Sur and VMware Fusion 12 where the (Windows) VMs cannot use the VPN of the Mac any more. But according to this discussion https://communities.vmware.com/t5/VMwar ... ue#M172119 Viscosity should work
Therefore, I have installed a trial and it suggests to import my connection from Tunnelblick. Fine!
However, it does not connect. I have tried to edit the connection and re-select the certificates but still no luck. If I edit it again it just shows "ca.crt", "cert.crt" and "key.key" - but I guess this is Viscosity's way of hiding what I have selected?
When I try to connect I get this in the log:
Code: Select all
I use MikroTik (v.6.47.7) and I have set up the certificates for the Ovpn server like this:2021-08-25 12:39:35: Viscosity Mac 1.9.3 (1571)
2021-08-25 12:39:35: Viscosity OpenVPN Engine Started
2021-08-25 12:39:35: Running on macOS 11.5.2
2021-08-25 12:39:35: ---------
2021-08-25 12:39:35: State changed to Connecting
2021-08-25 12:39:35: Checking reachability status of connection...
2021-08-25 12:39:35: Connection is reachable. Starting connection attempt.
2021-08-25 12:39:35: Current Parameter Settings:
2021-08-25 12:39:35: config = 'config.conf'
2021-08-25 12:39:35: mode = 0
2021-08-25 12:39:35: show_ciphers = DISABLED
2021-08-25 12:39:35: show_digests = DISABLED
2021-08-25 12:39:35: show_engines = DISABLED
2021-08-25 12:39:35: genkey = DISABLED
2021-08-25 12:39:35: key_pass_file = '[UNDEF]'
2021-08-25 12:39:35: show_tls_ciphers = DISABLED
2021-08-25 12:39:35: connect_retry_max = 0
2021-08-25 12:39:35: Connection profiles [0]:
2021-08-25 12:39:35: proto = tcp-client
2021-08-25 12:39:35: local = '[UNDEF]'
2021-08-25 12:39:35: local_port = '[UNDEF]'
2021-08-25 12:39:35: remote = 'myvpn.domain.com'
2021-08-25 12:39:35: remote_port = '1194'
2021-08-25 12:39:35: remote_float = DISABLED
2021-08-25 12:39:35: bind_defined = DISABLED
2021-08-25 12:39:35: bind_local = DISABLED
2021-08-25 12:39:35: bind_ipv6_only = DISABLED
2021-08-25 12:39:35: connect_retry_seconds = 5
2021-08-25 12:39:35: connect_timeout = 120
2021-08-25 12:39:35: socks_proxy_server = '[UNDEF]'
2021-08-25 12:39:35: socks_proxy_port = '[UNDEF]'
2021-08-25 12:39:35: tun_mtu = 1500
2021-08-25 12:39:35: tun_mtu_defined = ENABLED
2021-08-25 12:39:35: link_mtu = 1500
2021-08-25 12:39:35: link_mtu_defined = DISABLED
2021-08-25 12:39:35: tun_mtu_extra = 0
2021-08-25 12:39:35: tun_mtu_extra_defined = DISABLED
2021-08-25 12:39:35: mtu_discover_type = -1
2021-08-25 12:39:35: fragment = 0
2021-08-25 12:39:35: mssfix = 1450
2021-08-25 12:39:35: explicit_exit_notification = 0
2021-08-25 12:39:35: Connection profiles END
2021-08-25 12:39:35: remote_random = DISABLED
2021-08-25 12:39:35: ipchange = '[UNDEF]'
2021-08-25 12:39:35: dev = 'tun'
2021-08-25 12:39:35: dev_type = '[UNDEF]'
2021-08-25 12:39:35: dev_node = 'utun'
2021-08-25 12:39:35: lladdr = '[UNDEF]'
2021-08-25 12:39:35: topology = 1
2021-08-25 12:39:35: ifconfig_local = '[UNDEF]'
2021-08-25 12:39:35: ifconfig_remote_netmask = '[UNDEF]'
2021-08-25 12:39:35: ifconfig_noexec = DISABLED
2021-08-25 12:39:35: ifconfig_nowarn = DISABLED
2021-08-25 12:39:35: ifconfig_ipv6_local = '[UNDEF]'
2021-08-25 12:39:35: ifconfig_ipv6_netbits = 0
2021-08-25 12:39:35: ifconfig_ipv6_remote = '[UNDEF]'
2021-08-25 12:39:35: shaper = 0
2021-08-25 12:39:35: mtu_test = 0
2021-08-25 12:39:35: mlock = DISABLED
2021-08-25 12:39:35: keepalive_ping = 0
2021-08-25 12:39:35: keepalive_timeout = 0
2021-08-25 12:39:35: inactivity_timeout = 0
2021-08-25 12:39:35: ping_send_timeout = 10
2021-08-25 12:39:35: ping_rec_timeout = 45
2021-08-25 12:39:35: ping_rec_timeout_action = 2
2021-08-25 12:39:35: ping_timer_remote = DISABLED
2021-08-25 12:39:35: remap_sigusr1 = 0
2021-08-25 12:39:35: persist_tun = DISABLED
2021-08-25 12:39:35: persist_local_ip = DISABLED
2021-08-25 12:39:35: persist_remote_ip = DISABLED
2021-08-25 12:39:35: persist_key = ENABLED
2021-08-25 12:39:35: passtos = DISABLED
2021-08-25 12:39:35: resolve_retry_seconds = 1000000000
2021-08-25 12:39:35: resolve_in_advance = DISABLED
2021-08-25 12:39:35: username = '[UNDEF]'
2021-08-25 12:39:35: groupname = '[UNDEF]'
2021-08-25 12:39:35: chroot_dir = '[UNDEF]'
2021-08-25 12:39:35: cd_dir = '[UNDEF]'
2021-08-25 12:39:35: writepid = '[UNDEF]'
2021-08-25 12:39:35: up_script = '[UNDEF]'
2021-08-25 12:39:35: down_script = '[UNDEF]'
2021-08-25 12:39:35: down_pre = DISABLED
2021-08-25 12:39:35: up_restart = DISABLED
2021-08-25 12:39:35: up_delay = DISABLED
2021-08-25 12:39:35: daemon = DISABLED
2021-08-25 12:39:35: inetd = 0
2021-08-25 12:39:35: log = DISABLED
2021-08-25 12:39:35: suppress_timestamps = DISABLED
2021-08-25 12:39:35: machine_readable_output = DISABLED
2021-08-25 12:39:35: nice = 0
2021-08-25 12:39:35: verbosity = 4
2021-08-25 12:39:35: mute = 100
2021-08-25 12:39:35: status_file = '[UNDEF]'
2021-08-25 12:39:35: status_file_version = 1
2021-08-25 12:39:35: status_file_update_freq = 60
2021-08-25 12:39:35: occ = ENABLED
2021-08-25 12:39:35: rcvbuf = 0
2021-08-25 12:39:35: sndbuf = 0
2021-08-25 12:39:35: sockflags = 0
2021-08-25 12:39:35: fast_io = DISABLED
2021-08-25 12:39:35: comp.alg = 0
2021-08-25 12:39:35: comp.flags = 0
2021-08-25 12:39:35: route_script = '[UNDEF]'
2021-08-25 12:39:35: route_default_gateway = '[UNDEF]'
2021-08-25 12:39:35: route_default_metric = 0
2021-08-25 12:39:35: route_noexec = DISABLED
2021-08-25 12:39:35: route_delay = 2
2021-08-25 12:39:35: NOTE: --mute triggered...
2021-08-25 12:39:35: 181 variation(s) on previous 100 message(s) suppressed by --mute
2021-08-25 12:39:35: OpenVPN 2.4.11 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Apr 21 2021
2021-08-25 12:39:35: library versions: OpenSSL 1.1.1k 25 Mar 2021, LZO 2.10
2021-08-25 12:39:40: Resolving address: myvpn.domain.com
2021-08-25 12:39:40: Valid endpoint found: 9111.222.333.444:1194:tcp-client
2021-08-25 12:39:40: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2021-08-25 12:39:57: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2021-08-25 12:39:57: Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
2021-08-25 12:39:57: Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
2021-08-25 12:39:57: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
2021-08-25 12:39:57: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_SERVER,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
2021-08-25 12:39:57: TCP/UDP: Preserving recently used remote address: [AF_INET]9111.222.333.444:1194
2021-08-25 12:39:57: Socket Buffers: R=[131072->131072] S=[131072->131072]
2021-08-25 12:39:57: Attempting to establish TCP connection with [AF_INET]9111.222.333.444:1194 [nonblock]
2021-08-25 12:39:58: TCP connection established with [AF_INET]9111.222.333.444:1194
2021-08-25 12:39:58: TCP_CLIENT link local: (not bound)
2021-08-25 12:39:58: TCP_CLIENT link remote: [AF_INET]9111.222.333.444:1194
2021-08-25 12:39:58: TLS: Initial packet from [AF_INET]9111.222.333.444:1194, sid=491643f1 448a22cb
2021-08-25 12:39:58: State changed to Authenticating
2021-08-25 12:40:04: VERIFY OK: depth=1, CN=ca
2021-08-25 12:40:04: VERIFY OK: depth=0, CN=server
2021-08-25 12:40:05: Connection reset, restarting [0]
2021-08-25 12:40:05: TCP/UDP: Closing socket
2021-08-25 12:40:05: SIGUSR1[soft,connection-reset] received, process restarting
2021-08-25 12:40:05: Viscosity Mac 1.9.3 (1571)
2021-08-25 12:40:05: Viscosity OpenVPN Engine Started
2021-08-25 12:40:05: Running on macOS 11.5.2
2021-08-25 12:40:05: ---------
2021-08-25 12:40:05: State changed to Connecting
2021-08-25 12:40:05: Resolving address: myvpn.domain.com
2021-08-25 12:40:05: Resolving address: myvpn.domain.com
2021-08-25 12:40:05: Valid endpoint found: 9111.222.333.444:1194:tcp-client
2021-08-25 12:40:05: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2021-08-25 12:40:05: Re-using SSL/TLS context
2021-08-25 12:40:05: Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
2021-08-25 12:40:05: Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
2021-08-25 12:40:05: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
2021-08-25 12:40:05: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_SERVER,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
2021-08-25 12:40:05: TCP/UDP: Preserving recently used remote address: [AF_INET]9111.222.333.444:1194
2021-08-25 12:40:05: Socket Buffers: R=[131072->131072] S=[131072->131072]
2021-08-25 12:40:05: Attempting to establish TCP connection with [AF_INET]9111.222.333.444:1194 [nonblock]
2021-08-25 12:40:06: TCP connection established with [AF_INET]9111.222.333.444:1194
2021-08-25 12:40:06: TCP_CLIENT link local: (not bound)
2021-08-25 12:40:06: TCP_CLIENT link remote: [AF_INET]9111.222.333.444:1194
2021-08-25 12:40:06: TLS: Initial packet from [AF_INET]9111.222.333.444:1194, sid=4ed299ad 83e8947e
2021-08-25 12:40:06: State changed to Authenticating
2021-08-25 12:40:08: VERIFY OK: depth=1, CN=ca
2021-08-25 12:40:08: VERIFY OK: depth=0, CN=server
2021-08-25 12:40:08: Connection reset, restarting [0]
2021-08-25 12:40:08: TCP/UDP: Closing socket
2021-08-25 12:40:08: SIGUSR1[soft,connection-reset] received, process restarting
Code: Select all
And this works fine with this Tunnelblick config (ovpn):/certificate
add name=ca-template common-name=ca days-valid=3065 key-usage=key-cert-sign,crl-sign
add name=server-template common-name=server days-valid=3065
add name=client-template common-name=vpnclient days-valid=3065
sign ca-template name=ca
sign ca=ca server-template name=server
sign ca=ca client-template name=vpnclient
set ca trusted=yes
set server trusted=yes
export-certificate ca
export-certificate vpnclient export-passphrase=yyyyyyyyyyyyy
/ppp secret add caller-id="" comment="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name="user1" password="xxxxxxxxx" routes="" service=ovpn
Code: Select all
When Viscosity imports the ovpn file it adds these extra commands under "Advanced":remote myvpn.domain.com 1194
proto tcp-client
#client
tls-client
port 1194
ca cert_export_ca.crt
cert cert_export_vpnclient.crt
key cert_export_vpnclient.key
cipher AES-256-CBC
auth SHA1
dev tun
resolv-retry infinite
nobind
persist-key
ping 10
ping-restart 45
verb 4
auth-user-pass
#auth-nocache
route-method exe
route-delay 2
pull
#redirect-gateway def
route 192.168.42.0 255.255.255.0
Code: Select all
What could I be missing here? I really would like to test if Viscosity can solve the VMs' problems of using the VPN connection.resolv-retry infinite
cipher AES-256-CBC
verb 4
route-delay 2
auth SHA1
Thanks in advance!
/John