Help configuring a second VPN connection?

Got a problem with Viscosity or need help? Ask here!

bothcoasts


Post by bothcoasts » Sat Jan 31, 2009 11:26 pm
I'm a longtime user of the Witopia VPN service and have been very happy with it, however I have been referred to another one called VforVPN. Both are openVPN servers that use Tunnelblick as the GUI. So, to compare them I thought I would use Viscosity to make configuring them and switching between them simpler. So far...not so much.

I imported the Witopia settings and that connection works fine. However the VforVPN configuration appears slightly different, and I when I try to connect to that service it fails with this Viscosity log output:
Code: Select all
Sat Jan 31 15:41:46 2009: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sat Jan 31 15:41:46 2009: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Jan 31 15:41:46 2009: Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Sat Jan 31 15:41:46 2009: LZO compression initialized
Sat Jan 31 15:41:46 2009: UDPv4 link local: [undef]
Sat Jan 31 15:41:46 2009: UDPv4 link remote: 174.XX.XX.XXX:1194
Sat Jan 31 15:42:46 2009: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Jan 31 15:42:46 2009: TLS Error: TLS handshake failed
Sat Jan 31 15:42:46 2009: SIGUSR1[soft
In searching the forum I learned that this error is usually caused by not having certificates properly mapped or present. I have tried configuring this connection both by importing the configuration file in the installer package, and manually by trying to mimic the settings. Neither works.

These are the files that were sent for the VforVPN connection:
ca.crt
client_00XXX.crt
client_00XXX.key
client_00XXXTCP.ovpn
client_00XXXUDP.ovpn
ta.key

Here is the text of the client_00XXX.UDP.ovpn file:
Code: Select all
client
dev tun
proto udp
port 53
remote alpha.server.com
;remote bravo.server.com
;remote charlie.server.com
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client_00XXX.crt
key client_00XXX.key
tls-auth ta.key 1
comp-lzo
verb 3
cipher AES-256-CBC
The VforVPN installation instructions, assuming you would be using Tunnelblick, called for installing these files in ~Library/openvpn. I did so, and when using Tunnelblick, the connection works flawlessly. I tried to use the "Import Tunnelblick Connections" and nothing happened. So I imported via the "Import Connection", selecting the client_00XXXUDP.ovpn file, as the Witopia connection is a UDP connection - perhaps someone could explain the reasons for using TCP vs UDP as an aside - regardless, when I do so, Viscosity returns the message that the connection was successfully imported. I understand this then copies the pertinent certificates into ~Library/Application Support/Viscosity/OpenVPN/#/ and renames them. This is why I don't think the "TLS handshake failed" error is due to incorrect certificate mapping. Here's the Viscosity-created .conf file from the Application Support directory for comparison to what VforVPN sent me:
Code: Select all
#-- Config Auto Generated By Viscosity --#

#viscosity startonopen false
#viscosity dhcp true
#viscosity dnssupport true
#viscosity name VforVPN
pull
tls-client
remote alpha.server.com 1194
tls-auth ta.key 1
persist-key
ca ca.crt
proto udp
nobind
persist-tun
cert cert.crt
comp-lzo
dev tun
key key.key
cipher AES-256-CBC
port 53
resolv-retry infinite
I should mention that on a couple of rare occasions I HAVE been able to connect successfully to VforVPN using Viscosity. But the majority of times is just hangs with that TLS fail message. I've spent hours comparing the output of both successful and unsuccessful connections and config files, and I've given up for now trying to get it to work the way I intended. For now the workaround is to use Viscosity for the Witopia connection, and Tunnelblick for the VforVPN connection. arrgh. :|

Thanks for any help.

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Sun Feb 01, 2009 12:30 am
Hi bothcoasts,

Try importing one of the .ovpn files again. Once it has imported, Edit the connection from the Preferences section and set the port to be 53 (rather than 1194). Click Save, try connecting, and see how it goes.

Cheers
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

bothcoasts


Post by bothcoasts » Sun Feb 01, 2009 5:02 am
That seems to have done the trick! Bye bye Tunnelblick, you served me well but no comparison to Viscosity!

Thanks James.

tranceparance


Post by tranceparance » Wed Feb 25, 2009 6:49 pm
If anyone is interested in getting 10% off at VforVPN for any of the packages, simply visit http://www.vforvpn.com/partners/tranceparance.html

Thanks and all the best :-)
4 posts Page 1 of 1