problem with MacOs Virtual Ethernet (en)

Got a problem with Viscosity or need help? Ask here!

rouet

Posts: 3
Joined: Wed Oct 23, 2024 1:26 am

Post by rouet » Wed Oct 23, 2024 2:25 am
Hi all,

VPN Connexion don't works with MacOs Virtual Ethernet (en) but works with MacOs Fake Ethernet (feth).

You can see the log with ip addresses masked under this text

The error at the end is
Code: Select all
2024-10-22 17:13:49: Cannot allocate TUN/TAP dev dynamically
I have colleagues with the same configuration who have no problem with the 2 types of network interface.

Any clue ?

Cheers.
Code: Select all
2024-10-22 17:13:49: Viscosity Mac 1.11.3 (1697)
2024-10-22 17:13:49: Viscosity OpenVPN Engine Started
2024-10-22 17:13:49: Running on macOS 15.0.1
2024-10-22 17:13:49: ---------
2024-10-22 17:13:49: State changed to Connecting
2024-10-22 17:13:49: Vérification du statut d'accessibilité de la connexion...
2024-10-22 17:13:49: La connexion est accessible. Tentative de démarrage de la connexion.
2024-10-22 17:13:49: Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2024-10-22 17:13:49: Current Parameter Settings:
2024-10-22 17:13:49:   config = 'config.conf'
2024-10-22 17:13:49:   mode = 0
2024-10-22 17:13:49:   show_ciphers = DISABLED
2024-10-22 17:13:49:   show_digests = DISABLED
2024-10-22 17:13:49:   show_engines = DISABLED
2024-10-22 17:13:49:   genkey = DISABLED
2024-10-22 17:13:49:   genkey_filename = '[UNDEF]'
2024-10-22 17:13:49:   key_pass_file = '[UNDEF]'
2024-10-22 17:13:49:   show_tls_ciphers = DISABLED
2024-10-22 17:13:49:   connect_retry_max = 0
2024-10-22 17:13:49: Connection profiles [0]:
2024-10-22 17:13:49:   proto = tcp-client
2024-10-22 17:13:49:   local = '[UNDEF]'
2024-10-22 17:13:49:   local_port = '[UNDEF]'
2024-10-22 17:13:49:   remote = '******.*****.**'
2024-10-22 17:13:49:   remote_port = '443'
2024-10-22 17:13:49:   remote_float = DISABLED
2024-10-22 17:13:49:   bind_defined = DISABLED
2024-10-22 17:13:49:   bind_local = DISABLED
2024-10-22 17:13:49:   bind_ipv6_only = DISABLED
2024-10-22 17:13:49:   connect_retry_seconds = 1
2024-10-22 17:13:49:   connect_timeout = 120
2024-10-22 17:13:49:   socks_proxy_server = '[UNDEF]'
2024-10-22 17:13:49:   socks_proxy_port = '[UNDEF]'
2024-10-22 17:13:49:   tun_mtu = 1500
2024-10-22 17:13:49:   tun_mtu_defined = ENABLED
2024-10-22 17:13:49:   link_mtu = 1500
2024-10-22 17:13:49:   link_mtu_defined = DISABLED
2024-10-22 17:13:49:   tun_mtu_extra = 32
2024-10-22 17:13:49:   tun_mtu_extra_defined = ENABLED
2024-10-22 17:13:49:   tls_mtu = 1250
2024-10-22 17:13:49:   mtu_discover_type = -1
2024-10-22 17:13:49: NOTE: --mute triggered...
2024-10-22 17:13:49: 255 variation(s) on previous 100 message(s) suppressed by --mute
2024-10-22 17:13:49: OpenVPN 2.6.12 aarch64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD]
2024-10-22 17:13:49: library versions: OpenSSL 3.0.14 4 Jun 2024, LZO 2.10
2024-10-22 17:13:49: PKCS#11: Setting property 1=0x0
2024-10-22 17:13:49: PKCS#11: Setting property 7=0x0
2024-10-22 17:13:49: PKCS#11: Setting property 6=0x102d129d4
2024-10-22 17:13:49: PKCS#11: Setting property 9=0x0
2024-10-22 17:13:49: PKCS#11: Setting property 8=0x102d12ad8
2024-10-22 17:13:49: PKCS#11: Setting property 10=0x1
2024-10-22 17:13:49: PKCS#11: Setting property 11=0xffffffff
2024-10-22 17:13:49: Resolving address: ******.*****.**
2024-10-22 17:13:49: Valid endpoint found: ***.**.**.**:443:tcp-client
2024-10-22 17:13:49: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2024-10-22 17:13:49: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2024-10-22 17:13:49: LZ4v2 compression initializing
2024-10-22 17:13:49: MTU: adding 432 buffer tailroom for compression for 1800 bytes of payload
2024-10-22 17:13:49: Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
2024-10-22 17:13:49: Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1800 tailroom:568 ET:32 ]
2024-10-22 17:13:49: Local Options String (VER=V4): 'V4,dev-type tap,link-mtu 1619,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,auth SHA512,keysize 128,tls-auth,key-method 2,tls-client'
2024-10-22 17:13:49: Expected Remote Options String (VER=V4): 'V4,dev-type tap,link-mtu 1619,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,auth SHA512,keysize 128,tls-auth,key-method 2,tls-server'
2024-10-22 17:13:49: TCP/UDP: Preserving recently used remote address: [AF_INET]***.**.**.**:443
2024-10-22 17:13:49: Socket Buffers: R=[131072->131072] S=[131072->131072]
2024-10-22 17:13:49: Attempting to establish TCP connection with [AF_INET]***.**.**.**:443
2024-10-22 17:13:49: TCP connection established with [AF_INET]***.**.**.**:443
2024-10-22 17:13:49: TCPv4_CLIENT link local: (not bound)
2024-10-22 17:13:49: TCPv4_CLIENT link remote: [AF_INET]***.**.**.**:443
2024-10-22 17:13:49: TLS: Initial packet from [AF_INET]***.**.**.**:443, sid=8d920bd8 04159c0d
2024-10-22 17:13:49: State changed to Authenticating
2024-10-22 17:13:49: VERIFY OK: depth=1, CN=******.*****.**
2024-10-22 17:13:49: VERIFY KU OK
2024-10-22 17:13:49: Validating certificate extended key usage
2024-10-22 17:13:49: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2024-10-22 17:13:49: VERIFY EKU OK
2024-10-22 17:13:49: VERIFY OK: depth=0, CN=ccvpnin02
2024-10-22 17:13:49: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1619', remote='link-mtu 1551'
2024-10-22 17:13:49: WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
2024-10-22 17:13:49: WARNING: 'auth' is used inconsistently, local='auth SHA512', remote='auth [null-digest]'
2024-10-22 17:13:49: WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256'
2024-10-22 17:13:49: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 256 bits ED25519, signature: ED25519, peer temporary key: 253 bits X25519
2024-10-22 17:13:49: [ccvpnin02] Peer Connection Initiated with [AF_INET]***.**.**.**:443
2024-10-22 17:13:49: TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2024-10-22 17:13:49: TLS: tls_multi_process: initial untrusted session promoted to trusted
2024-10-22 17:13:49: SENT CONTROL [ccvpnin02]: 'PUSH_REQUEST' (status=1)
2024-10-22 17:13:49: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,route-gateway ***.***.**.***,tun-mtu 1460,txqueuelen 4000,dhcp-option DNS ***.***.**.***,dhcp-option DNS ***.***.**.***,dhcp-option DOMAIN-SEARCH *****.**,dhcp-option ADAPTER_DOMAIN_SUFFIX *****.**,ping 20,ping-restart 60,socket-flags TCP_NODELAY,ifconfig ***.***.**.*** 255.255.254.0,peer-id 0,cipher AES-256-GCM'
2024-10-22 17:13:49: Options error: option 'txqueuelen' cannot be used in this context ([PUSH-OPTIONS])
2024-10-22 17:13:49: OPTIONS IMPORT: timers and/or timeouts modified
2024-10-22 17:13:49: OPTIONS IMPORT: --socket-flags option modified
2024-10-22 17:13:49: OPTIONS IMPORT: --ifconfig/up options modified
2024-10-22 17:13:49: OPTIONS IMPORT: route options modified
2024-10-22 17:13:49: OPTIONS IMPORT: route-related options modified
2024-10-22 17:13:49: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2024-10-22 17:13:49: OPTIONS IMPORT: peer-id set
2024-10-22 17:13:49: OPTIONS IMPORT: data channel crypto options modified
2024-10-22 17:13:49: OPTIONS IMPORT: tun-mtu set to 1460
2024-10-22 17:13:49: Cannot allocate TUN/TAP dev dynamically
2024-10-22 17:13:49: Exiting due to fatal error
2024-10-22 17:13:49: State changed to Déconnecté (Process Terminated)

James

User avatar
Posts: 2372
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Thu Oct 24, 2024 8:39 am
Hi rouet,

Thanks for the report. I can confirm we're seeing the same behaviour in macOS 15.0.1 (and 15.1 RC). Earlier versions of macOS are not affected (which are likely what your colleagues are using).

Rather than a simple bug or framework change, it appears Apple have suddenly blocked access to the APIs necessary to create the virtual interface on 15.0.1 for anything that isn't their own software, which is frustrating. We're in the process of reaching out to Apple, and we also believe we should be able to come up with a workaround. However as this isn't a simple fix it may take some time.

In the meantime, TAP support will continue to work in Viscosity via the macOS Fake Ethernet driver. This approach has higher CPU consumption (and can be slightly slower) than the Virtual Ethernet driver (which is why it isn't the default), but otherwise it should work without issue. Viscosity will seamlessly fall back to using the Fake Ethernet driver as long as "Automatic" is selected (which is the default) under the TAP Driver menu.

If you're encountering any issues with your TAP connection when using the Fake Ethernet driver that you weren't when using the Virtual Ethernet driver, then please feel free to send an email to our support address with the details and we can look into it for you.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Bluesky: https://bsky.app/profile/sparklabs.com

rouet

Posts: 3
Joined: Wed Oct 23, 2024 1:26 am

Post by rouet » Tue Oct 29, 2024 11:37 pm
Hello, thank you for the answer

The problem is that the speed is very low with fake ethernet.

Approximately 1.6Mbit/s.

The VPN becomes almost unusable as a result.

Sincerely,

JRR

James

User avatar
Posts: 2372
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Thu Oct 31, 2024 10:55 pm
Just a heads up that we've released an updated beta version (1.11.4b2) that should improve performance on macOS 15.0.1+. Please give it a try and let us know if you still encounter any poor TAP performance or issues.
https://www.sparklabs.com/support/kb/ar ... -versions/

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Bluesky: https://bsky.app/profile/sparklabs.com

rouet

Posts: 3
Joined: Wed Oct 23, 2024 1:26 am

Post by rouet » Fri Nov 01, 2024 2:57 am
Hi,

I just tested the beta version, 1.11.4b2 and I recovered an optimal throughput.

I confirm that this version works very well on my machine with macOS sequoia 15.1 (24B83).

Thank you for the responsiveness and the resolution

JRR

James

User avatar
Posts: 2372
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Fri Nov 01, 2024 12:10 pm
That's good to hear - thanks for letting us know.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Bluesky: https://bsky.app/profile/sparklabs.com
6 posts Page 1 of 1