Unable to connect with Monterey

Got a problem with Viscosity or need help? Ask here!

mattzarb

Posts: 3
Joined: Fri Nov 12, 2021 2:41 am

Post by mattzarb » Fri Nov 12, 2021 2:52 am
I'm having issues connecting to my office's VPN server using Viscosity from my macbook running Monterey 12.0.1. I've looked over some of the other posts regarding Monterey and they don't seem to be the same issue. I'm running the latest Viscosity 1.10 and it starts just fine. No issue with it appearing in the menu bar. But when I attempt to connect my log is showing:
Code: Select all
021-11-11 10:38:43: Viscosity Mac 1.10 (1582)
2021-11-11 10:38:43: Viscosity OpenVPN Engine Started
2021-11-11 10:38:43: Running on macOS 12.0.1
2021-11-11 10:38:43: ---------
2021-11-11 10:38:43: State changed to Connecting
2021-11-11 10:38:43: Checking reachability status of connection...
2021-11-11 10:38:44: Connection is reachable. Starting connection attempt.
2021-11-11 10:38:44: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2021-11-11 10:38:44: Use --help for more information.
2021-11-11 10:38:44: The OpenVPN subsystem could not be started.
2021-11-11 10:38:44: State changed to Disconnected (OpenVPN System Failure)
My (redacted) configuration file is:
Code: Select all
client
tls-version-min 1.1
dev tun
proto udp
remote xxxx.xxxx.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
verb 3
auth-user-pass
verify-client-cert none
pull

<ca>
-----BEGIN CERTIFICATE-----
.....
-----END CERTIFICATE------
</ca>

key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
.....
-----END OpenVPN Static key V1-----
</tls-auth>
Our VPN server is fairly old and doesn't support TLS1.3. I know Monterey deprecated older versions of TLS. Could this be the problem?

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Fri Nov 12, 2021 7:46 pm
Hi mattzarb,

The problem here is the "verify-client-cert none" command. It is an OpenVPN server only command and can't be used client side. Removing the command from your configuration should allow you to connect.
https://www.sparklabs.com/support/kb/ar ... n-commands

We've also fixed a bug in the latest beta version that was preventing a warning message being added to the connection log about this. You're welcome to give it a try if you run into any other unknown configuration errors:
https://www.sparklabs.com/support/kb/ar ... -versions/

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

mattzarb

Posts: 3
Joined: Fri Nov 12, 2021 2:41 am

Post by mattzarb » Sat Nov 13, 2021 12:15 am
Thanks very much for the info. That got me a little bit further. Now I'm getting this error:
Code: Select all
2021-11-12 08:09:41: Viscosity Mac 1.10 (1582)
2021-11-12 08:09:41: Viscosity OpenVPN Engine Started
2021-11-12 08:09:41: Running on macOS 12.0.1
2021-11-12 08:09:41: ---------
2021-11-12 08:09:41: State changed to Connecting
2021-11-12 08:09:41: Checking reachability status of connection...
2021-11-12 08:09:41: Connection is reachable. Starting connection attempt.
2021-11-12 08:09:41: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2021-11-12 08:09:41: OpenVPN 2.5.4 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Oct 22 2021
2021-11-12 08:09:41: library versions: OpenSSL 1.1.1l  24 Aug 2021, LZO 2.10
2021-11-12 08:09:41: Resolving address: xxxx.xxxx.com
2021-11-12 08:09:41: Valid endpoint found: xxx.xxx.xxx.xxx:1194:udp
2021-11-12 08:09:41: OpenSSL: error:0908F066:PEM routines:get_header_and_data:bad end line
2021-11-12 08:09:41: Cannot load CA certificate file ca.crt (no entries were read)
2021-11-12 08:09:41: 1636722581.941941 1 Exiting due to fatal error
2021-11-12 08:09:41: State changed to Disconnected (Process Terminated)
Is the ca certificate file being referenced different than the one in the ovpn file? Also don't know what pem file they are referring to.

TIA,
Matt

mattzarb

Posts: 3
Joined: Fri Nov 12, 2021 2:41 am

Post by mattzarb » Sat Nov 13, 2021 3:18 am
Nevermind, solved it. Had 6 dashes instead of 5 in the END CERTIFICATE line.

Thanks very much for the help!
4 posts Page 1 of 1