Some config questions

Got a problem with Viscosity or need help? Ask here!

Schmye Bubbula

Posts: 26
Joined: Sun Mar 17, 2013 12:31 pm

Post by Schmye Bubbula » Sun Mar 17, 2013 12:55 pm
So much of the on-line documentation is still under construction; hope it's completed soon. So a few questions:

– In the connection settings for my VPN service's loaded config file > Options > Other, there are two checkboxes, "No Bind" and "Pull Options." I wanted to know what they are, especially the No Bind. I would have guessed that I would want it unchecked, coming from the consideration of in Vuze, there is an advanced setting called "Bind to local IP address" that is supposed to bring things to a grinding halt if your VPN connection disconnects, so your real IP address won't be exposed. Does Viscosity's Bind do the same thing, so would I want to uncheck No Bind?

– In the Advanced section, where can I get a list of all of the "Extra OpenVPN configuration commands" and what they do? My VPN service's loaded config file's are:

pull
resolv-retry infinite
remote-random
cipher AES-128-CBC
fast-io
route-delay 2

"resolv-retry infinite" sounds like it will keep trying to reconnect a dropped connection, and "cipher AES-128-CBC" sounds like this provider only gave me 128-bit encryption — I'd like to change it to 256-bit.... If the aforementioned No Bind doesn't stop things when the connection is dropped, is there an Extra OpenVPN configuration command I can add that will do that?

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Mon Mar 18, 2013 4:58 am
Hi Schmye,
In the connection settings for my VPN service's loaded config file > Options > Other, there are two checkboxes, "No Bind" and "Pull Options." I wanted to know what they are, especially the No Bind.
They correspond to the OpenVPN commands with the same name (please see link below).
In the Advanced section, where can I get a list of all of the "Extra OpenVPN configuration commands" and what they do?
You can find a list of raw OpenVPN commands and their documentation at:
https://community.openvpn.net/openvpn/w ... n23ManPage
and "cipher AES-128-CBC" sounds like this provider only gave me 128-bit encryption — I'd like to change it to 256-bit.
Typically the server-side cipher settings need to match the client's cipher settings, so it's unlikely your connection will work if you just change it client side. You'll need to get in touch with your VPN Provider to see if they support the cipher settings you wish to use.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

Schmye Bubbula

Posts: 26
Joined: Sun Mar 17, 2013 12:31 pm

Post by Schmye Bubbula » Mon Mar 18, 2013 8:35 am
Thanks for the Unix man page. I guess I can figure out some of it. So "Bind" isn't what I thought it was; or at least it looks like it's about binding to something locally, not the VPN connection.

So is there a way to make Viscosity bring things to a grinding halt if your VPN connection disconnects, so your real IP address won't be exposed? (Be gentle, I'm not a programmer.)

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Wed Mar 20, 2013 10:51 am
Hi Schmye,

Yes, there are a number of approaches you can take to disable network connectivity on a disconnect. Please see the following forum post for details:
http://www.sparklabs.com/forum/viewtopi ... 1417#p1417

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

Schmye Bubbula

Posts: 26
Joined: Sun Mar 17, 2013 12:31 pm

Post by Schmye Bubbula » Mon Mar 25, 2013 11:48 am
I added a simple AppleScript for Disconnected Script under Connections > Advanced to sound my system beep three times. It works when I explicitly choose to disconnect from the Viscosity menu, but tonight I was getting kicked-off a VPN service repeatedly and it never executed. The menu icon kept changing from the connected green to the reconnecting orange, and I always got the Growl alert when it reconnected, but it never played the beeps as it dropped connection each time. What's wrong?

MorpheusX

Posts: 11
Joined: Sat Mar 02, 2013 2:04 am

Post by MorpheusX » Tue Mar 26, 2013 7:36 am
Not 100% sure about this, since I've just run the Windows-Version with some DNS-scripts, but my best guess is that Viscosity instantly tries to re-establish connection and thus doesn't even go to the "disconnected" state (unless the reconnect-attempt fails, but that's just another guess again). You could however try to add the same script to be executed before a connection is established, since that also fired at reconnects in my case... This way, you'll have a beep when you start the connection in a "normal" way, but also when it terminates and reconnects.
Correct me if I'm wrong, but that sounded logical and seemed to have worked for me :D

Schmye Bubbula

Posts: 26
Joined: Sun Mar 17, 2013 12:31 pm

Post by Schmye Bubbula » Tue Mar 26, 2013 9:27 am
Thanks for the explanation, MorpheusX. The problem is, even though the reconnect-attempt is instant, one's regular IP address is exposed while it's trying to re-establish the connection. This means that the Disconnected Script feature is no good for running an AppleScript disabling network connectivity upon getting kicked-off a VPN server (as James linked to above). A lot more serious than my test with system beeps!

I wish Viscosity just had a checkbox to pause outgoing network activity when the VPN is dropped. (And maybe a notification that comes up with a button to resume normal networking when we're ready.)

Schmye Bubbula

Posts: 26
Joined: Sun Mar 17, 2013 12:31 pm

Post by Schmye Bubbula » Thu Mar 28, 2013 5:47 am
All right, let me (a non-programmer normal human being) put it this way: The Disconnected Script thing doesn't seem to work if you get kicked-off a VPN server, but only when you manually disconnect from the menu. So it would appear not useful for the various methods of preventing your regular IP address & data stream from being exposed in the clear while Viscosity is trying to auto-reconnect (orange menu icon).

In looking through the prefs for a VPN service, I see that one of the things Viscosity does is assign your "Device" to "tun" or "tap" (whatever they are) instead of your normal, e.g., "en0." When you get kicked off and you're exposed, presumably it's switched you back instantly to en0 until it connects again. OK, so how about this? Could Viscosity be made to simply keep trying to send through the tun or tap Device when it experiences an unwanted disconnect instead of switching back to en0 (and moreover never switch back to en0 unless you explicitly disconnect from the menu), so that nothing would go through? That would solve this whole problem. Could it be that easy? Or does it just not work like that?

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Wed Apr 03, 2013 4:18 am
MorpheusX is correct in that OpenVPN is reconnecting using a recycled session (rather than entering a Disconnected and then Connecting state).

If you want OpenVPN to change to a Disconnected state (rather than attempting to reconnect) simply add the command "remap-usr1 SIGTERM" on a new line under the Advanced tab when editing your connection. Your Disconnected script will then run when a dropout occurs where OpenVPN would normally try and reestablish the connection itself.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
9 posts Page 1 of 1