iPhone Connection Change to Laptop Wipes VPN Interface

Got a problem with Viscosity or need help? Ask here!

sigsegv

Posts: 12
Joined: Fri Mar 06, 2020 9:33 am

Post by sigsegv » Thu Dec 01, 2022 4:49 am
This is on a MBP running macOS 12.6.1 and using Viscosity 1.10.4.

Whenever I connect or disconnect my iPhone from my laptop, the OpenVPN connection managed by Viscosity gets scrambled. Viscosity doesn't notice that the connection has gone bad. The VPN interface goes from active to inactive, and the routes sent from the VPN server directing specific networks out VPN interface are removed too. (The interface is still there, just inactive.) The interface goes away when I kill the VPN connection in Viscosity.

The VPN works fine if the phone's connection to the laptop doesn't change. It's only on status change that this happens.

Any idea why this happens and how to keep it from happening? (Aside from the doctor's response to "Doc, it hurts when I do this." :lol: ) Any further data that could be helpful?

James

User avatar
Posts: 2312
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Thu Dec 01, 2022 10:37 am
Hi sigsegv,

I'm afraid I'm not sure what you mean by connecting/disconnecting your iPhone. Are you tethered to your iPhone for your laptop's network connection, and you're disconnecting this connection (presumably letting it switch to a different network)? It's possible you may be tethered without realising it (tethering can work over Wi-Fi, Bluetooth, and USB), in which case turning it off should resolve the issue.
https://support.apple.com/en-au/guide/i ... 447ca6/ios

Simply having your iPhone listed in the Finder's sidebar, and "ejecting" it shouldn't cause any network issues on its own. However if you have other third-party software installed (such as security or endpoint management software) that could be reacting in some way to the change it may be the cause of the problem.

I recommend checking the connection log to see whether it contains any information around the time of the dropout:
https://www.sparklabs.com/support/kb/ar ... envpn-log/

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

sigsegv

Posts: 12
Joined: Fri Mar 06, 2020 9:33 am

Post by sigsegv » Tue Dec 06, 2022 3:39 pm
James:

Thank you for your response. Sorry about the ambiguous usage of "connect or disconnect my iPhone from my laptop." I have a USB to Lightning cable right in front of me that I use to charge my Magic Keyboard occasionally. When I'm not using the cable to charge the keyboard, I will sometimes connect it to my phone to give it a charge instead. I've heard from some of my users that they're seeing this problem too. I have yet to determine their use cases.

I don't usually tether to my phone or have a need to access it via Finder. I want to keep the options open, but I can kill it for testing if necessary.

On the left panel of the Network prefpane, there is an 'iPhone USB' service listed, but its status shows as 'Not Connected', and the "Disable unless needed" box is checked. When the phone is connected to the Lightning cable, the status of the 'iPhone USB' service changes to 'Attached', and the Viscosity Virtual Ethernet interface (en8)'s config goes from Up and Active to no longer Up and inactive. The connection logs (at verb 7 level) only notes a fairly common "DNS change detected, restoring DNS settings" message. (This message normally appears every 2 hours in the logs.)

Removing the 'iPhone USB' service doesn't seem to affect this behavior. Neither does removing the iPhone from the Finder sidebar. In both cases, connecting or disconnecting the USB to Lightning cable from the phone will still cause en8 to go inactive.
However if you have other third-party software installed (such as security or endpoint management software) that could be reacting in some way to the change it may be the cause of the problem.
This is interesting. We do have ESET AV installed. I'll have to take a look in the logs and management console to see if there's any indication of shenanigans. I'll also see about temporarily removing it to see if the VPN behavior changes.

Thank you.

James

User avatar
Posts: 2312
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Wed Dec 07, 2022 1:26 pm
Hi sigsegv,

Thanks for the clarification. I've finished some testing with a similar setup (macOS 12.6.1, iOS 16.1, Allow Others to Join enabled under Settings->Personal Hotspot, TAP VPN connection), and while plugging/unplugging the iPhone does cause the DNS settings to reset (when Full DNS is being used for the VPN connection), Viscosity immediately detects this and corrects the settings. The VPN network interface and associated routes remain active.

This leads me to think that if the VPN network is becoming inaccessible for you, it's likely either third-party security/endpoint management software, or the iPhone USB network interface is becoming the primary network interface causing the VPN connection to drop (a bit like unplugging a network cable and plugging in a different one), in which case OpenVPN should identify this once the ping-restart time has been reached.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
4 posts Page 1 of 1