Public IP unchanged when connected

Got a problem with Viscosity or need help? Ask here!

dawiz77

Posts: 3
Joined: Tue Mar 01, 2022 6:47 pm

Post by dawiz77 » Tue Mar 01, 2022 7:31 pm
Hi

I've set up Viscosity. Everything works ok, connection works, I have access to my company resources. The only thing I noticed is that the public IP remains unchanged. I've already enabled "send all traffic via VPN" in the network settings - didn't make a difference.

What am I overlooking here?

James

User avatar
Posts: 2312
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Wed Mar 02, 2022 12:31 am
Hi dawiz77,

I recommend following the instructions here to ensure that all traffic is being routed over the VPN connection:
https://www.sparklabs.com/support/kb/ar ... connection

If your local network has IPv6 enabled, I also recommend following the steps listed here:
https://www.sparklabs.com/support/kb/ar ... work-leaks

If you're still stuck, please post or email us the information requested in the following article. If posting to the forum, it's usually a good idea to censor out any sensitive details before posting (such as the server's external address).
https://www.sparklabs.com/support/kb/ar ... ort-staff/

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

dawiz77

Posts: 3
Joined: Tue Mar 01, 2022 6:47 pm

Post by dawiz77 » Wed Mar 02, 2022 1:42 am
Hi,

Thanks for replying. I can't figure out what's wrong - the option to send all traffic via VPN is already enabled. The "route get 0/1" and "route get 128.0/1" return interface en9, and not en10. It looks to me as though there are two interfaces in play - en9, which is bound to my public IP and en10, which is set up by Viscosity for VPN traffic. ifconfig shows this clearly - the computer has two IP addresses. Not all traffic is sent through en10 as it's supposed to. Unfortunately, I don't know how to configure this differently.

thanks in advance!

Here's the raw config data (with the remote server and server port removed):

#-- Configuration Generated By Viscosity --#

#viscosity startonopen false
#viscosity protocol openvpn
#viscosity ipv6 false
#viscosity usepeerdns true
#viscosity dns automatic
#viscosity autoreconnect true
#viscosity name "VPN"
#viscosity dhcp true
remote xxxxxxxxxxxx xxxxxxx udp
nobind
dev tap
redirect-gateway def1 ipv6
persist-tun
persist-key
compress lzo
pull
tls-client
ca ca.crt
cert cert.crt
key key.key
remote-cert-tls server
resolv-retry infinite
auth-nocache
comp-lzo
cipher AES-128-CBC
verb 5

And here's the verbose (5) connection log:

2022-03-01 15:33:18: Viscosity Mac 1.10.1 (1586)
2022-03-01 15:33:18: Viscosity OpenVPN Engine Started
2022-03-01 15:33:18: Running on macOS 12.2.1
2022-03-01 15:33:18: ---------
2022-03-01 15:33:18: State changed to Connecting
2022-03-01 15:33:18: Checking reachability status of connection...
2022-03-01 15:33:18: Connection is reachable. Starting connection attempt.
2022-03-01 15:33:18: DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
2022-03-01 15:33:18: Current Parameter Settings:
2022-03-01 15:33:18: config = 'config.conf'
2022-03-01 15:33:18: mode = 0
2022-03-01 15:33:18: show_ciphers = DISABLED
2022-03-01 15:33:18: show_digests = DISABLED
2022-03-01 15:33:18: show_engines = DISABLED
2022-03-01 15:33:18: genkey = DISABLED
2022-03-01 15:33:18: genkey_filename = '[UNDEF]'
2022-03-01 15:33:18: key_pass_file = '[UNDEF]'
2022-03-01 15:33:18: show_tls_ciphers = DISABLED
2022-03-01 15:33:18: connect_retry_max = 0
2022-03-01 15:33:18: Connection profiles [0]:
2022-03-01 15:33:18: proto = udp
2022-03-01 15:33:18: local = '[UNDEF]'
2022-03-01 15:33:18: local_port = '[UNDEF]'
2022-03-01 15:33:18: remote = ‘xxx.xxx.xxxx’
2022-03-01 15:33:18: remote_port = ‘xxxx’
2022-03-01 15:33:18: remote_float = DISABLED
2022-03-01 15:33:18: bind_defined = DISABLED
2022-03-01 15:33:18: bind_local = DISABLED
2022-03-01 15:33:18: bind_ipv6_only = DISABLED
2022-03-01 15:33:18: connect_retry_seconds = 5
2022-03-01 15:33:18: connect_timeout = 120
2022-03-01 15:33:18: socks_proxy_server = '[UNDEF]'
2022-03-01 15:33:18: socks_proxy_port = '[UNDEF]'
2022-03-01 15:33:18: tun_mtu = 1500
2022-03-01 15:33:18: tun_mtu_defined = ENABLED
2022-03-01 15:33:18: link_mtu = 1500
2022-03-01 15:33:18: link_mtu_defined = DISABLED
2022-03-01 15:33:18: tun_mtu_extra = 32
2022-03-01 15:33:18: tun_mtu_extra_defined = ENABLED
2022-03-01 15:33:18: mtu_discover_type = -1
2022-03-01 15:33:18: fragment = 0
2022-03-01 15:33:18: mssfix = 1450
2022-03-01 15:33:18: explicit_exit_notification = 0
2022-03-01 15:33:18: tls_auth_file = '[UNDEF]'
2022-03-01 15:33:18: key_direction = not set
2022-03-01 15:33:18: tls_crypt_file = '[UNDEF]'
2022-03-01 15:33:18: tls_crypt_v2_file = '[UNDEF]'
2022-03-01 15:33:18: Connection profiles END
2022-03-01 15:33:18: remote_random = DISABLED
2022-03-01 15:33:18: ipchange = '[UNDEF]'
2022-03-01 15:33:18: dev = 'vtap'
2022-03-01 15:33:18: dev_type = 'tap'
2022-03-01 15:33:18: dev_node = '[UNDEF]'
2022-03-01 15:33:18: lladdr = '[UNDEF]'
2022-03-01 15:33:18: topology = 1
2022-03-01 15:33:18: ifconfig_local = '[UNDEF]'
2022-03-01 15:33:18: ifconfig_remote_netmask = '[UNDEF]'
2022-03-01 15:33:18: ifconfig_noexec = DISABLED
2022-03-01 15:33:18: ifconfig_nowarn = DISABLED
2022-03-01 15:33:18: ifconfig_ipv6_local = '[UNDEF]'
2022-03-01 15:33:18: ifconfig_ipv6_netbits = 0
2022-03-01 15:33:18: ifconfig_ipv6_remote = '[UNDEF]'
2022-03-01 15:33:18: shaper = 0
2022-03-01 15:33:18: mtu_test = 0
2022-03-01 15:33:18: mlock = DISABLED
2022-03-01 15:33:18: keepalive_ping = 0
2022-03-01 15:33:18: keepalive_timeout = 0
2022-03-01 15:33:18: inactivity_timeout = 0
2022-03-01 15:33:18: ping_send_timeout = 0
2022-03-01 15:33:18: ping_rec_timeout = 0
2022-03-01 15:33:18: ping_rec_timeout_action = 0
2022-03-01 15:33:18: ping_timer_remote = DISABLED
2022-03-01 15:33:18: remap_sigusr1 = 0
2022-03-01 15:33:18: persist_tun = ENABLED
2022-03-01 15:33:18: persist_local_ip = DISABLED
2022-03-01 15:33:18: persist_remote_ip = DISABLED
2022-03-01 15:33:18: persist_key = ENABLED
2022-03-01 15:33:18: passtos = DISABLED
2022-03-01 15:33:18: resolve_retry_seconds = 1000000000
2022-03-01 15:33:18: resolve_in_advance = DISABLED
2022-03-01 15:33:18: username = '[UNDEF]'
2022-03-01 15:33:18: groupname = '[UNDEF]'
2022-03-01 15:33:18: chroot_dir = '[UNDEF]'
2022-03-01 15:33:18: cd_dir = '[UNDEF]'
2022-03-01 15:33:18: writepid = '[UNDEF]'
2022-03-01 15:33:18: up_script = '[UNDEF]'
2022-03-01 15:33:18: down_script = '[UNDEF]'
2022-03-01 15:33:18: down_pre = DISABLED
2022-03-01 15:33:18: up_restart = DISABLED
2022-03-01 15:33:18: up_delay = DISABLED
2022-03-01 15:33:18: daemon = DISABLED
2022-03-01 15:33:18: inetd = 0
2022-03-01 15:33:18: log = DISABLED
2022-03-01 15:33:18: suppress_timestamps = DISABLED
2022-03-01 15:33:18: machine_readable_output = ENABLED
2022-03-01 15:33:18: nice = 0
2022-03-01 15:33:18: verbosity = 5
2022-03-01 15:33:18: mute = 100
2022-03-01 15:33:18: status_file = '[UNDEF]'
2022-03-01 15:33:18: status_file_version = 1
2022-03-01 15:33:18: status_file_update_freq = 60
2022-03-01 15:33:18: occ = ENABLED
2022-03-01 15:33:18: rcvbuf = 0
2022-03-01 15:33:18: sndbuf = 0
2022-03-01 15:33:18: sockflags = 0
2022-03-01 15:33:18: fast_io = DISABLED
2022-03-01 15:33:18: comp.alg = 2
2022-03-01 15:33:18: comp.flags = 1
2022-03-01 15:33:18: NOTE: --mute triggered...
2022-03-01 15:33:18: 185 variation(s) on previous 100 message(s) suppressed by --mute
2022-03-01 15:33:18: OpenVPN 2.5.4 arm-apple-darwin20.0.0 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Oct 22 2021
2022-03-01 15:33:18: library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
2022-03-01 15:33:18: Resolving address: xxx.xxxx.xxxx.xxxx
2022-03-01 15:33:18: Valid endpoint found: xx.xxx.xxx.xxx:xxxxx:udp
2022-03-01 15:33:18: LZO compression initializing
2022-03-01 15:33:18: Control Channel MTU parms [ L:1654 D:1212 EF:38 EB:0 ET:0 EL:3 ]
2022-03-01 15:33:18: Data Channel MTU parms [ L:1654 D:1450 EF:122 EB:411 ET:32 EL:3 ]
2022-03-01 15:33:18: Local Options String (VER=V4): 'V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
2022-03-01 15:33:18: Expected Remote Options String (VER=V4): 'V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
2022-03-01 15:33:18: TCP/UDP: Preserving recently used remote address: [AF_INET]80.218.40.74:12974
2022-03-01 15:33:18: Socket Buffers: R=[786896->786896] S=[9216->9216]
2022-03-01 15:33:18: UDP link local: (not bound)
2022-03-01 15:33:18: UDP link remote: [AF_INET]80.218.40.74:12974
2022-03-01 15:33:18: State changed to Authenticating
2022-03-01 15:33:18: TLS: Initial packet from [AF_INET]80.218.40.74:12974, sid=e1dcfe73 273332d8
2022-03-01 15:33:18: VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=netgear CA, name=EasyRSA, emailAddress=mail@netgear
2022-03-01 15:33:18: VERIFY KU OK
2022-03-01 15:33:18: Validating certificate extended key usage
2022-03-01 15:33:18: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2022-03-01 15:33:18: VERIFY EKU OK
2022-03-01 15:33:18: VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=server, name=EasyRSA, emailAddress=mail@netgear
2022-03-01 15:33:18: Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, peer certificate: 1024 bit RSA, signature: RSA-SHA256
2022-03-01 15:33:18: [server] Peer Connection Initiated with [AF_INET]80.218.40.74:12974
2022-03-01 15:33:18: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2022-03-01 15:33:19: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2022-03-01 15:33:19: PUSH: Received control message: 'PUSH_REPLY,ping 10,ping-restart 120,route-delay 10,route 10.0.1.0 255.255.255.0 10.0.1.1,peer-id 0,cipher AES-256-GCM'
2022-03-01 15:33:19: OPTIONS IMPORT: timers and/or timeouts modified
2022-03-01 15:33:19: OPTIONS IMPORT: route options modified
2022-03-01 15:33:19: OPTIONS IMPORT: route-related options modified
2022-03-01 15:33:19: OPTIONS IMPORT: peer-id set
2022-03-01 15:33:19: OPTIONS IMPORT: adjusting link_mtu to 1657
2022-03-01 15:33:19: OPTIONS IMPORT: data channel crypto options modified
2022-03-01 15:33:19: Data Channel: using negotiated cipher 'AES-256-GCM'
2022-03-01 15:33:19: Data Channel MTU parms [ L:1585 D:1450 EF:53 EB:411 ET:32 EL:3 ]
2022-03-01 15:33:19: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-03-01 15:33:19: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-03-01 15:33:19: GDG6: remote_host_ipv6=n/a
2022-03-01 15:33:19: GDG6: problem writing to routing socket: No such process (errno=3)
2022-03-01 15:33:19: TUN/TAP device en10 opened
2022-03-01 15:33:19: do_ifconfig, ipv4=0, ipv6=0
2022-03-01 15:33:19: DHCP enabled on tap interface en10
2022-03-01 15:33:29: NOTE: unable to redirect IPv4 default gateway -- VPN gateway parameter (--route-gateway or --ifconfig) is missing
2022-03-01 15:33:29: WARNING: OpenVPN was configured to add an IPv4 route. However, no IPv4 has been configured for en10, therefore the route installation may fail or may not work as expected.
2022-03-01 15:33:29: /sbin/route add -net 10.0.1.0 10.0.1.1 255.255.255.0
2022-03-01 15:33:29: WARNING: OpenVPN was configured to add an IPv6 route. However, no IPv6 has been configured for en10, therefore the route installation may fail or may not work as expected.
2022-03-01 15:33:29: add_route_ipv6(::/3 -> :: metric -1) dev en10
2022-03-01 15:33:29: ROUTE6 WARNING: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was set via --ifconfig-ipv6 or --route-ipv6-gateway option. Not installing IPv6 route to ::/3.
2022-03-01 15:33:29: add_route_ipv6(2000::/4 -> :: metric -1) dev en10
2022-03-01 15:33:29: ROUTE6 WARNING: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was set via --ifconfig-ipv6 or --route-ipv6-gateway option. Not installing IPv6 route to 2000::/4.
2022-03-01 15:33:29: add_route_ipv6(3000::/4 -> :: metric -1) dev en10
2022-03-01 15:33:29: ROUTE6 WARNING: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was set via --ifconfig-ipv6 or --route-ipv6-gateway option. Not installing IPv6 route to 3000::/4.
2022-03-01 15:33:29: add_route_ipv6(fc00::/7 -> :: metric -1) dev en10
2022-03-01 15:33:29: ROUTE6 WARNING: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was set via --ifconfig-ipv6 or --route-ipv6-gateway option. Not installing IPv6 route to fc00::/7.
2022-03-01 15:33:29: Initialization Sequence Completed
2022-03-01 15:33:29: DNS mode set to Full
2022-03-01 15:33:29: DNS Server/s: 10.0.1.1
2022-03-01 15:33:30: State changed to Connected

James

User avatar
Posts: 2312
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Wed Mar 02, 2022 3:00 am
Thanks for providing those details.

As you're using a TAP based connection, where IP information appears to be coming from a remote DHCP server, you'll need to adjust your connection to use this like so:

1. Edit your connection in Viscosity

2. Under the "Networking" tab change the "Default Gateway" field to "dhcp" (without the quotes).
https://www.sparklabs.com/support/kb/ar ... networking

3. Under the "Advanced" tab, add the command "route-delay auto" (without the quotes) on a new line in the advanced commands area.
https://www.sparklabs.com/support/kb/ar ... n-commands

After saving those changes try connecting and see how it goes.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

dawiz77

Posts: 3
Joined: Tue Mar 01, 2022 6:47 pm

Post by dawiz77 » Wed Mar 02, 2022 8:05 am
Wed Mar 02, 2022 3:00 amJames wrote:
Thanks for providing those details.

As you're using a TAP based connection, where IP information appears to be coming from a remote DHCP server, you'll need to adjust your connection to use this like so:

1. Edit your connection in Viscosity

2. Under the "Networking" tab change the "Default Gateway" field to "dhcp" (without the quotes).
https://www.sparklabs.com/support/kb/ar ... networking

3. Under the "Advanced" tab, add the command "route-delay auto" (without the quotes) on a new line in the advanced commands area.
https://www.sparklabs.com/support/kb/ar ... n-commands

After saving those changes try connecting and see how it goes.

Cheers,
James
Thanks - I've just tried that - there's no change, unfortunately :-/

James

User avatar
Posts: 2312
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Wed Mar 02, 2022 12:06 pm
Can you please post an updated log after making the above changes and reconnecting?

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
6 posts Page 1 of 1