SparkLabs Forum.

Community Help.

"authentication failed" message when Mac wakes

Ever since I updated to the newest version of Viscosity (1.7.6), I get an "authentication failed" message whenever I wake up my Mac. (I have "reconnect on wake" turned on.) Once I hit OK on that message, Viscosity retries and succeeds.

My Mac is running High Sierra, 10.13.2.

The issue is an inconvenience, not a show-stopper, but I didn't see anyone else reporting it here, so I thought I should mention it. If it's a known issue and there's a workaround, please let me know. Thanks.
Hi andyh,

The error is being caused by the OpenVPN server rejecting the session token (auth-token) it created for your VPN session/connection. Viscosity 1.7.6 added full support for OpenVPN session tokens.

Session tokens are unique temporary IDs that a server can optionally generate and send to the VPN client to use for authentication instead of a password. They are primarily designed to avoid needing to re-enter your authentication details when you briefly become disconnected from the VPN server: for example if you sleep your laptop when moving between rooms, or a brief Wi-Fi drop out. They are very handy when two-factor authentication is being used, but not so much when you can simply save your username/password to the Keychain.

So basically, the VPN server you are connecting to is assigning your Viscosity connection a session token, but then rejecting it when your computer wakes up and tries to reconnect. It could be that it's expired (most VPN admins will limit a session token to 60 mins since last connected), or it could be the OpenVPN server isn't correctly handling it.

We've had a handful of reports from users about this, all using Private Internet Access as their VPN Service Provider. It appears their servers are setting a session token but never accepting it (we've confirmed this with our own testing). If this is the case for you too I recommend reaching out to them and alerting them to this as it's likely a bug.

We've also released an updated beta version that no longer displays the authentication failed warning when a session token is rejected (instead it will automatically reconnect without using the session token): ... -versions/

thanks, will try the beta... I'm also a PIA customer experiencing the issue
3 posts Page 1 of 1

Copyright © 2016 SparkLabs Pty Ltd. All Rights Reserved. Privacy Policy