AWS VPN MacOS client extremely slow since updating to 3.12.0

0

I just updated my VPN client to 3.12.0 today and have not been able to access anything with it since. I thought internet just wasn't working, but I can see the network statistics and it's just down to a few KB a sec, so nothing is loading. I see this kind of thing in the AWS vpn logs, and can post more logs if needed

2024-08-12 15:03:53.938 -07:00 [DBG] CM received: >LOG:1723500233,D,MANAGEMENT: CMD 'status'

2024-08-12 15:03:53.938 -07:00 [DBG] CM processsing: >LOG:1723500233,D,MANAGEMENT: CMD 'status'
2024-08-12 15:03:53.938 -07:00 [DBG] CM processsing:
2024-08-12 15:03:53.939 -07:00 [DBG] 🥶 APPEND line
2024-08-12 15:03:53.939 -07:00 [INF] Begin receive init again
2024-08-12 15:03:53.939 -07:00 [INF] Received bytes: 183
2024-08-12 15:03:53.940 -07:00 [DBG] Message marshalling complete
2024-08-12 15:03:53.941 -07:00 [DBG] CM received: OpenVPN STATISTICS
Updated,2024-08-12 15:03:53
TUN/TAP read bytes,17522
TUN/TAP write bytes,16595
TCP/UDP read bytes,31299
TCP/UDP write bytes,39398
Auth read bytes,18707
END

2024-08-12 15:03:53.941 -07:00 [DBG] CM processsing: OpenVPN STATISTICS
2024-08-12 15:03:53.941 -07:00 [DBG] 🥶 APPEND line
2024-08-12 15:03:53.941 -07:00 [DBG] CM processsing: Updated,2024-08-12 15:03:53
2024-08-12 15:03:53.941 -07:00 [DBG] 🥶 APPEND line
...skipping...

2024-08-12 15:11:09.013 -07:00 [DBG] CM processsing: >LOG:1723500669,D,MANAGEMENT: CMD 'status'
2024-08-12 15:11:09.014 -07:00 [DBG] CM processsing:
2024-08-12 15:11:09.014 -07:00 [DBG] 🥶 APPEND line
2024-08-12 15:11:09.014 -07:00 [INF] Begin receive init again
2024-08-12 15:11:09.014 -07:00 [INF] Received bytes: 182
2024-08-12 15:11:09.014 -07:00 [DBG] Message marshalling complete
2024-08-12 15:11:09.015 -07:00 [DBG] CM received: OpenVPN STATISTICS
Updated,2024-08-12 15:11:09
TUN/TAP read bytes,11601
TUN/TAP write bytes,9747
TCP/UDP read bytes,19601
TCP/UDP write bytes,28517
Auth read bytes,10339
END

2024-08-12 15

I'm also seeing this kind of thing in /tmp/AcvcHelperOutLog.txt

11:02:13 *FixDnsScript:  INFO: An DNS issue was detected. Attempting to restore DNS to OpenVPN settings
11:02:13 *DnsModificationLock:  INFO: DNS modification lock is acquired successfully by 4960
11:02:13 *FixDnsScript:  INFO: Retrieved info saved by up script in 'State:/Network/OpenVPN': <dictionary>
 {
  FlushDNSCache : false
  IgnoreOptionFlags :
  IsTapInterface : false
  LeaseWatcherPlistPath : /Applications/Tunnelblick.app/Contents/Resources/LeaseWatch.plist
  MonitorNetwork : false
  PID : 4639
  RemoveLeaseWatcherPlist : false
  ResetPrimaryInterface : false
  ResetPrimaryInterfaceOnUnexpected : false
  RestoreIpv6Services :
  RestoreOnDNSReset : false
  RestoreOnWINSReset : false
  RouteGatewayIsDhcp : false
  ScriptLogFile : /Library/Application Support/Tunnelblick/Logs/-Svar-Sfolders-Szz-Szyxvpxvq6csfxvn_n0000000000000-ST-StemporaryVpnConfig.txt.script.log
  Service : 9E356041-B030-47DC-8AD2-7F2909387505
  TapDeviceHasBeenSetNone : false
  TunnelDevice : utun4
  bAlsoUsingSetupKeys : true
}
11:02:13 *FixDnsScript:  INFO: Original OpenVPN DNS setting 'State:/Network/OpenVPN/DNS': <dictionary> {
  SearchDomains : <array> {
    0 : openvpn
  }
  ServerAddresses : <array> {
    0 : 1.1.1.1
    1 : 8.8.8.8
  }
  __CONFIGURATION_ID__ : Default: 0
  __FLAGS__ : 6
  __ORDER__ : 0
}
11:02:13 *FixDnsScript:  INFO: Restored 'Setup:/Network/Service/9E356041-B030-47DC-8AD2-7F2909387505/DNS' to 'State:/Network/OpenVPN/DNS'
11:02:13 *DnsModificationLock:  INFO: Deleting DNS modification lock: /Library/Application Support/AWSVPNClient/dnsModificationLockFile
2024-08-12 11:02:14 AEAD Decrypt error: bad packet ID (may be a replay): [ #118 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
1 Antwort
1

I suggest starting by verifying DNS. There may be an issue with Client VPN Policy - it may be that split-tunnel is disabled but private DNS servers are used.

  1. confirm which DNS servers are being used - from a terminal window, enter: ifconfig -a
  2. ping the DNS servers IP addresses with the VPN established and disconnected

Can you paste the output of those commands here?

AWS
beantwortet vor 3 Monaten
  • Well it's definitely a 3.12.0 issue, just downgraded to 3.10.0 and it's working again. This is the output of scutil --dns:

    DNS configuration
    
    resolver #1
      search domain[0] : openvpn
      nameserver[0] : 1.1.1.1
      nameserver[1] : 8.8.8.8
      flags    : Request A records, Request AAAA records
      reach    : 0x00000002 (Reachable)
    

    Same as it was on 3.12. Pinging 1.1.1.1 worked fine in both. Only difference is back on 3.10.0 I can access the internet at a reasonable speed.

    I'm also on a mac M3 in case that's relevant.

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen