Client to pfsense was working then stopped

Got a problem with Viscosity or need help? Ask here!

DennisT

Posts: 4
Joined: Tue Jul 14, 2020 8:30 am

Post by DennisT » Tue Jul 14, 2020 9:14 am
I have a user that suddenly today (07/13) couldn't establish a connect to a pfsense firewall that she has been able to connect to for months now. Her system is a Win 10 with all current updates (feature update 2004 NOT installed). Last update installed was on 06/26/20. Here's what I've done to test/troubleshoot:
Updated Viscosity to 1.8.6 (1682).
Updated the pfsense firewall to 2.4.5-RELEASE-p1
In pfsense I did a client export for her user ID. (creates a ovpn file to import to viscosity)
Deleted the session from Viscosity and imported the new OpenVPN client export from the firewall. Still cannot connect.
Imported the ovpn file to another PC attempted to connect (worked).
Exported a different Client ID ovpn and imported it to Viscosity. Could not connect.
Exported a OpenVPN client export from a completely different pfsense FW (different public IP) and imported that. Still could not connect.
Note that I'm testing this PC remotely via Teamviewer and am having no problems doing so (eliminates many network issues). Client settings use the public IP for the remote server.

From all I've done it appears the problem is with her PC. When Viscosity tries to make a connection the log shows:
Jul 13 3:49:18 PM: State changed to Creating...
Jul 13 3:49:20 PM: State changed to Disconnected
Jul 13 3:49:25 PM: State changed to Connecting
Jul 13 3:49:25 PM: Viscosity Windows 1.8.6 (1682)
Jul 13 3:49:25 PM: Running on Windows 10 1909 (18363) 64 bit
Jul 13 3:49:25 PM: Running on .NET Framework Version 4.8.03752.528040
Jul 13 3:49:25 PM: Checking reachability status of connection...
Jul 13 3:49:25 PM: Connection is reachable. Starting connection attempt.
Jul 13 3:49:25 PM: Bringing up interface...
Jul 13 3:49:25 PM: OpenVPN 2.4.9 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [AEAD] built on Jul 8 2020
Jul 13 3:49:25 PM: library versions: OpenSSL 1.1.1g 21 Apr 2020, LZO 2.10
Jul 13 3:49:25 PM: Valid endpoint found: [REDACTED]:udp4
Jul 13 3:49:25 PM: TCP/UDP: Preserving recently used remote address: [AF_INET][REDACTED]:1194
Jul 13 3:49:25 PM: UDPv4 link local (bound): [AF_INET][undef]:1194
Jul 13 3:49:25 PM: UDPv4 link remote: [AF_INET][REDACTED]:1194
Jul 13 3:50:25 PM: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jul 13 3:50:26 PM: TLS Error: TLS handshake failed
Jul 13 3:50:26 PM: SIGUSR1[soft,tls-error] received, process restarting
Jul 13 3:50:26 PM: State changed to Connecting


ipconfig /all shows:
Windows IP Configuration

Host Name . . . . . . . . . . . . : [REDACTED]
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : [REDACTED]
Description . . . . . . . . . . . : Realtek PCIe GbE Family Controller
Physical Address. . . . . . . . . : 00-68-EB-62-9C-41
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Viscosity Virtual Adapter V9.1 #2
Physical Address. . . . . . . . . : 00-FF-89-DE-E6-BB
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Viscosity Virtual Adapter V9.1 #3
Physical Address. . . . . . . . . : 00-FF-86-92-B6-32
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet 4:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Viscosity Virtual Adapter V9.1 #4
Physical Address. . . . . . . . . : 00-FF-2E-84-B2-E7
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 1:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : 42-23-43-0D-3D-85
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
Physical Address. . . . . . . . . : C2-23-43-0D-3D-85
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8821CE 802.11ac PCIe Adapter
Physical Address. . . . . . . . . : 40-23-43-0D-3D-85
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2601:646:8e00:1c60::61a4(Preferred)
Lease Obtained. . . . . . . . . . : Monday, July 13, 2020 1:52:22 PM
Lease Expires . . . . . . . . . . : Monday, July 20, 2020 7:00:18 AM
IPv6 Address. . . . . . . . . . . : 2601:646:8e00:1c60:94fa:8c29:847e:845c(Preferred)
Temporary IPv6 Address. . . . . . : 2601:646:8e00:1c60:c4e2:42f1:6e64:2414(Preferred)
Link-local IPv6 Address . . . . . : fe80::94fa:8c29:847e:845c%20(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.15.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, July 13, 2020 2:31:26 PM
Lease Expires . . . . . . . . . . : Monday, July 20, 2020 2:49:07 PM
Default Gateway . . . . . . . . . : fe80::fe91:14ff:fe48:f30%20
192.168.15.1
DHCP Server . . . . . . . . . . . : 192.168.15.1
DHCPv6 IAID . . . . . . . . . . . : 289416003
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-25-31-84-38-00-68-EB-62-9C-41
DNS Servers . . . . . . . . . . . : 2001:558:feed::1
2001:558:feed::2
75.75.75.75
75.75.76.76
NetBIOS over Tcpip. . . . . . . . : Enabled

How do I fix this?

Eric

User avatar
Posts: 1146
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Tue Jul 14, 2020 10:38 am
Hi Dennis,

We have some information about this error here - https://sparklabs.com/support/kb/articl ... 0-seconds/

By your description and what you've tried, it sounds like a firewall or other security software is blocking OpenVPN and/or Viscosity.

Please also try cold booting the users machine, this means shut the PC down then start it back up again rather than a simple reboot to ensure any stuck ports are cleared.

Regards,
Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

DennisT

Posts: 4
Joined: Tue Jul 14, 2020 8:30 am

Post by DennisT » Wed Jul 15, 2020 7:34 am
I R&R'd Viscosity ( still would not establish a connection).
I them did a full hard reboot and it is now working.
Thanks
3 posts Page 1 of 1