Potential issue with Viscosity 1.3.5 (1119) on Win 7 Pro 64

Got a problem with Viscosity or need help? Ask here!

DC2012

Posts: 1
Joined: Wed Jan 11, 2012 10:30 pm

Post by DC2012 » Wed Jan 11, 2012 10:51 pm
Hi All

We've had users connecting to our OpenVPN server using the Mac and Windows versions of Viscosity for a while now and everything has been working fine. There seems to be an bug with the latest stable (1.3.5). If I install it on a fresh Win 7 Pro 64bit install, import a connection and attempt to connect it gets as far as:

(IP's blanked out)
Code: Select all
Jan 11 11:15:31: Viscosity 1.3.5 (1119)
Jan 11 11:15:31: Checking reachability status of connection...
Jan 11 11:15:31: Connection is reachable. Starting connection attempt.
Jan 11 11:15:31: OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Jan  4 2012
Jan 11 11:15:42: IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Jan 11 11:15:42: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Jan 11 11:15:42: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Jan 11 11:15:43: UDPv4 link local (bound): [undef]:1194
Jan 11 11:15:43: UDPv4 link remote: x.x.x.x:1194
After about a minute it gives:
Code: Select all
Jan 11 11:16:43: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan 11 11:16:43: TLS Error: TLS handshake failed
Jan 11 11:16:43: SIGUSR1[soft,tls-error] received, process restarting
If I uninstall that version and install Viscosity 1.3.2 (1082) it connects through without a hitch:

(I'm aware the subnet conflict will be an issue)
Code: Select all
Jan 11 11:20:49: Viscosity 1.3.2 (1082)
Jan 11 11:20:49: Checking reachability status of connection...
Jan 11 11:20:49: Connection is reachable. Starting connection attempt.
Jan 11 11:20:49: OpenVPN 2.2.1 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Aug  2 2011
Jan 11 11:20:59: IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Jan 11 11:20:59: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Jan 11 11:20:59: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Jan 11 11:21:00: Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Jan 11 11:21:00: UDPv4 link local (bound): [undef]:1194
Jan 11 11:21:00: UDPv4 link remote: x.x.x.x:1194
Jan 11 11:21:00: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Jan 11 11:21:00: [servername.domain] Peer Connection Initiated with x.x.x.x:1194
Jan 11 11:21:02: TAP-WIN32 device [OpenVPN server] opened: \\.\Global\{49B27282-2FCB-4EFD-8C46-F9F9F127754E}.tap
Jan 11 11:21:02: Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.0.8.26/255.255.255.252 on interface {49B27282-2FCB-4EFD-8C46-F9F9F127754E} [DHCP-serv: 10.0.8.25, lease-time: 31536000]
Jan 11 11:21:02: Successful ARP Flush on interface [26] {49B27282-2FCB-4EFD-8C46-F9F9F127754E}
Jan 11 11:21:07: WARNING: potential route subnet conflict between local LAN [192.168.0.0/255.255.252.0] and remote VPN [192.168.0.0/255.255.252.0]
Jan 11 11:21:07: WARNING: potential route subnet conflict between local LAN [192.168.0.0/255.255.252.0] and remote VPN [192.168.0.0/255.255.252.0]
Jan 11 11:21:07: ROUTE: route addition failed using CreateIpForwardEntry: The object already exists.   [status=5010 if_index=26]
Jan 11 11:21:07: Initialization Sequence Completed

On the failed attempt the only info echoed in the OpenVPN log is:
Code: Select all
openvpn[62282]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.2.246:1194
If I then exit Viscosity and install the latest version over the top, the connection WILL work. So I have to start with 1.3.2 and then update.

I've recreated this on a number of computers.

Any ideas?

Let me know if you need any further info

Many thanks

Eric

User avatar
Posts: 1146
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Thu Jan 12, 2012 11:16 pm
Hi DC2012,

It looks like we've found the issue. We should have a patch out by the other side of the weekend to fix the problem.

Regards,

Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
2 posts Page 1 of 1