AWS VPN MacOS client extremely slow since updating to 3.12.0

0

I just updated my VPN client to 3.12.0 today and have not been able to access anything with it since. I thought internet just wasn't working, but I can see the network statistics and it's just down to a few KB a sec, so nothing is loading. I see this kind of thing in the AWS vpn logs, and can post more logs if needed

2024-08-12 15:03:53.938 -07:00 [DBG] CM received: >LOG:1723500233,D,MANAGEMENT: CMD 'status'

2024-08-12 15:03:53.938 -07:00 [DBG] CM processsing: >LOG:1723500233,D,MANAGEMENT: CMD 'status'
2024-08-12 15:03:53.938 -07:00 [DBG] CM processsing:
2024-08-12 15:03:53.939 -07:00 [DBG] 🥶 APPEND line
2024-08-12 15:03:53.939 -07:00 [INF] Begin receive init again
2024-08-12 15:03:53.939 -07:00 [INF] Received bytes: 183
2024-08-12 15:03:53.940 -07:00 [DBG] Message marshalling complete
2024-08-12 15:03:53.941 -07:00 [DBG] CM received: OpenVPN STATISTICS
Updated,2024-08-12 15:03:53
TUN/TAP read bytes,17522
TUN/TAP write bytes,16595
TCP/UDP read bytes,31299
TCP/UDP write bytes,39398
Auth read bytes,18707
END

2024-08-12 15:03:53.941 -07:00 [DBG] CM processsing: OpenVPN STATISTICS
2024-08-12 15:03:53.941 -07:00 [DBG] 🥶 APPEND line
2024-08-12 15:03:53.941 -07:00 [DBG] CM processsing: Updated,2024-08-12 15:03:53
2024-08-12 15:03:53.941 -07:00 [DBG] 🥶 APPEND line
...skipping...

2024-08-12 15:11:09.013 -07:00 [DBG] CM processsing: >LOG:1723500669,D,MANAGEMENT: CMD 'status'
2024-08-12 15:11:09.014 -07:00 [DBG] CM processsing:
2024-08-12 15:11:09.014 -07:00 [DBG] 🥶 APPEND line
2024-08-12 15:11:09.014 -07:00 [INF] Begin receive init again
2024-08-12 15:11:09.014 -07:00 [INF] Received bytes: 182
2024-08-12 15:11:09.014 -07:00 [DBG] Message marshalling complete
2024-08-12 15:11:09.015 -07:00 [DBG] CM received: OpenVPN STATISTICS
Updated,2024-08-12 15:11:09
TUN/TAP read bytes,11601
TUN/TAP write bytes,9747
TCP/UDP read bytes,19601
TCP/UDP write bytes,28517
Auth read bytes,10339
END

2024-08-12 15

I'm also seeing this kind of thing in /tmp/AcvcHelperOutLog.txt

11:02:13 *FixDnsScript:  INFO: An DNS issue was detected. Attempting to restore DNS to OpenVPN settings
11:02:13 *DnsModificationLock:  INFO: DNS modification lock is acquired successfully by 4960
11:02:13 *FixDnsScript:  INFO: Retrieved info saved by up script in 'State:/Network/OpenVPN': <dictionary>
 {
  FlushDNSCache : false
  IgnoreOptionFlags :
  IsTapInterface : false
  LeaseWatcherPlistPath : /Applications/Tunnelblick.app/Contents/Resources/LeaseWatch.plist
  MonitorNetwork : false
  PID : 4639
  RemoveLeaseWatcherPlist : false
  ResetPrimaryInterface : false
  ResetPrimaryInterfaceOnUnexpected : false
  RestoreIpv6Services :
  RestoreOnDNSReset : false
  RestoreOnWINSReset : false
  RouteGatewayIsDhcp : false
  ScriptLogFile : /Library/Application Support/Tunnelblick/Logs/-Svar-Sfolders-Szz-Szyxvpxvq6csfxvn_n0000000000000-ST-StemporaryVpnConfig.txt.script.log
  Service : 9E356041-B030-47DC-8AD2-7F2909387505
  TapDeviceHasBeenSetNone : false
  TunnelDevice : utun4
  bAlsoUsingSetupKeys : true
}
11:02:13 *FixDnsScript:  INFO: Original OpenVPN DNS setting 'State:/Network/OpenVPN/DNS': <dictionary> {
  SearchDomains : <array> {
    0 : openvpn
  }
  ServerAddresses : <array> {
    0 : 1.1.1.1
    1 : 8.8.8.8
  }
  __CONFIGURATION_ID__ : Default: 0
  __FLAGS__ : 6
  __ORDER__ : 0
}
11:02:13 *FixDnsScript:  INFO: Restored 'Setup:/Network/Service/9E356041-B030-47DC-8AD2-7F2909387505/DNS' to 'State:/Network/OpenVPN/DNS'
11:02:13 *DnsModificationLock:  INFO: Deleting DNS modification lock: /Library/Application Support/AWSVPNClient/dnsModificationLockFile
2024-08-12 11:02:14 AEAD Decrypt error: bad packet ID (may be a replay): [ #118 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
asked 2 months ago205 views
1 Answer
1

I suggest starting by verifying DNS. There may be an issue with Client VPN Policy - it may be that split-tunnel is disabled but private DNS servers are used.

  1. confirm which DNS servers are being used - from a terminal window, enter: ifconfig -a
  2. ping the DNS servers IP addresses with the VPN established and disconnected

Can you paste the output of those commands here?

AWS
answered 2 months ago
  • Well it's definitely a 3.12.0 issue, just downgraded to 3.10.0 and it's working again. This is the output of scutil --dns:

    DNS configuration
    
    resolver #1
      search domain[0] : openvpn
      nameserver[0] : 1.1.1.1
      nameserver[1] : 8.8.8.8
      flags    : Request A records, Request AAAA records
      reach    : 0x00000002 (Reachable)
    

    Same as it was on 3.12. Pinging 1.1.1.1 worked fine in both. Only difference is back on 3.10.0 I can access the internet at a reasonable speed.

    I'm also on a mac M3 in case that's relevant.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions