Compatible with OpenVPN 2.4 ?

Official client software for OpenVPN Access Server and OpenVPN Cloud.
hany
OpenVpn Newbie
Posts: 5
Joined: Sat May 27, 2017 4:13 pm

Re: Compatible with OpenVPN 2.4 ?

Post by hany » Sat May 27, 2017 4:21 pm

I have managed to setup tls-crypt on my desktop clients, but no luck with iOS.

This is particularly troublesome since I live in a country that has recently become heavy handed in blocking VPN connections. Tunneling OpenVPN over something else is not particularly easy on a non-jailbroken iOS device — so tls-crypt would be really useful for me when mobile, and seems to be working as expected in Linux and macOS.

dariusz
OpenVPN Power User
Posts: 94
Joined: Sat Jan 14, 2017 1:42 pm

Re: Compatible with OpenVPN 2.4 ?

Post by dariusz » Sat May 27, 2017 4:32 pm

yes this is unfortunate but Open VPN 2.4 (where tls-crypt has been introduced) is not supported by official Open VPN iOS client yet. I too wish it was.

Try non EC setup with some common port 443 or 21 - depending on your country infrastructure it might work.

hany
OpenVpn Newbie
Posts: 5
Joined: Sat May 27, 2017 4:13 pm

Re: Compatible with OpenVPN 2.4 ?

Post by hany » Sat May 27, 2017 7:20 pm

Yeah, I've been through all of that. DPI is being implemented and connections are sporadically getting dropped during the key exchange regardless of port number or whether TCP/UDP is being used. tls-crypt seems to be getting around this for the time being.

At home I tunnel OpenVPN over different things, but like I said, that's not so easy with vanilla iOS. So if I'm not at home and want to use something like Skype, there's often not much I can do.

What version of OpenVPN is OpenVPN Connect currently based on?

dariusz
OpenVPN Power User
Posts: 94
Joined: Sat Jan 14, 2017 1:42 pm

Re: Compatible with OpenVPN 2.4 ?

Post by dariusz » Sat May 27, 2017 7:29 pm


hany
OpenVpn Newbie
Posts: 5
Joined: Sat May 27, 2017 4:13 pm

Re: Compatible with OpenVPN 2.4 ?

Post by hany » Sat May 27, 2017 7:56 pm

That's interesting. So it's more a matter of when OpenVPN 3.0 supports tls-crypt — I guess.

dariusz
OpenVPN Power User
Posts: 94
Joined: Sat Jan 14, 2017 1:42 pm

Re: Compatible with OpenVPN 2.4 ?

Post by dariusz » Sat May 27, 2017 8:01 pm

Looks like many commercial vpn providers cracked it already as many mention ecc openvpn

So annoying a bit that there is no free version yet. I wonder if maybe one of this commercial clients accepts any ovpn files. I will look around

hany
OpenVpn Newbie
Posts: 5
Joined: Sat May 27, 2017 4:13 pm

Re: Compatible with OpenVPN 2.4 ?

Post by hany » Sat May 27, 2017 8:25 pm

I would not object to paying for a well-maintained iOS OpenVPN client that's feature compatible with the latest stable OpenVPN release if such a thing exists. An added bonus would be the ability to actually edit ovpn files without having to import them from scratch . . . .

kolargol
OpenVpn Newbie
Posts: 3
Joined: Wed Feb 08, 2017 11:02 am

Re: Compatible with OpenVPN 2.4 ?

Post by kolargol » Sat Jul 15, 2017 8:48 am

+1 for 2.4 support with ecc

Omitted
OpenVpn Newbie
Posts: 2
Joined: Sun Jul 30, 2017 1:17 am

Re: Compatible with OpenVPN 2.4 ?

Post by Omitted » Sun Jul 30, 2017 1:19 am

I was wondering if anyone has found a solution to this yet?

@dariusz -- did you find any other commercial vpn that could support this?

I also wouldn't mind paying for a fully compatible version...

shrbips
OpenVpn Newbie
Posts: 1
Joined: Tue Aug 01, 2017 11:30 am

Re: Compatible with OpenVPN 2.4 ?

Post by shrbips » Tue Aug 01, 2017 11:34 am

more that more website blocked in my network and i have need to connect VPN or i have need to access without administrator rights.

rhysjtevans
OpenVpn Newbie
Posts: 1
Joined: Mon Nov 06, 2017 5:24 pm

Re: Compatible with OpenVPN 2.4 ?

Post by rhysjtevans » Mon Nov 06, 2017 5:31 pm

Hi all,
Just wondering if there was an update on the support for 2.4 for iOS yet?
or if anyone knows of any commercial based app?

Cheers

User avatar
ordex
OpenVPN Inc.
Posts: 444
Joined: Wed Dec 28, 2016 2:32 am
Location: IRC #openvpn-devel @ libera.chat

Re: Compatible with OpenVPN 2.4 ?

Post by ordex » Tue Nov 07, 2017 12:53 am

We are currently working on an upgrade. It will add support for tls-crypt and will also ship with a new version of mbedTLS, which should make it feature compatible with openvpn-2.4 (although everything should work except for tls-crypt).

dariusz
OpenVPN Power User
Posts: 94
Joined: Sat Jan 14, 2017 1:42 pm

Re: Compatible with OpenVPN 2.4 ?

Post by dariusz » Tue Nov 07, 2017 1:32 pm

If you guys need somebody to help with testing let me know. This is fantastic news.

User avatar
ordex
OpenVPN Inc.
Posts: 444
Joined: Wed Dec 28, 2016 2:32 am
Location: IRC #openvpn-devel @ libera.chat

Re: Compatible with OpenVPN 2.4 ?

Post by ordex » Tue Nov 07, 2017 5:12 pm

Thanks! I'll update this thread when we'll launch the beta phase.

hany
OpenVpn Newbie
Posts: 5
Joined: Sat May 27, 2017 4:13 pm

Compatible with OpenVPN 2.4 ?

Post by hany » Wed Nov 08, 2017 2:55 pm

ordex wrote:It will add support for tls-crypt...although everything should work except for tls-crypt).
Thanks for the update, but this seems contradictory. Will there be tls-crypt support or not?

User avatar
ordex
OpenVPN Inc.
Posts: 444
Joined: Wed Dec 28, 2016 2:32 am
Location: IRC #openvpn-devel @ libera.chat

Re: Compatible with OpenVPN 2.4 ?

Post by ordex » Wed Nov 08, 2017 2:57 pm

Sorry, my statement was confusing. The last part of my sentence was referring to the current version.
On the current version I expect everything[tm] to work except for tls-crypt.

In the next release there will be tls-crypt support.

dariusz
OpenVPN Power User
Posts: 94
Joined: Sat Jan 14, 2017 1:42 pm

Re: Compatible with OpenVPN 2.4 ?

Post by dariusz » Wed Nov 08, 2017 4:38 pm

Does it mean that upgrading mbedtls will bring support for elliptic curve crypto? This part does not work with current version.

User avatar
ordex
OpenVPN Inc.
Posts: 444
Joined: Wed Dec 28, 2016 2:32 am
Location: IRC #openvpn-devel @ libera.chat

Re: Compatible with OpenVPN 2.4 ?

Post by ordex » Thu Nov 09, 2017 2:39 pm

the new Connect for iOS will most likely ship mbedTLS-2.6.0, thus anything it supports should be supported by the App too.

dariusz
OpenVPN Power User
Posts: 94
Joined: Sat Jan 14, 2017 1:42 pm

Re: Compatible with OpenVPN 2.4 ?

Post by dariusz » Tue Jan 09, 2018 10:12 am

OpenVPN Connect 1.2.5 for iOS is out and it does not seem to support elliptic curve crypto. I have run multiple tests with profiles working without any issues with OpenVPN 2.4 compiled with the latest mbedTLS-2.6.0. None works with iOS client. Could you confirm wether elliptic curve crypto is supported or not? Its support by mbedTLS is not sufficient for all setup to work.

User avatar
ordex
OpenVPN Inc.
Posts: 444
Joined: Wed Dec 28, 2016 2:32 am
Location: IRC #openvpn-devel @ libera.chat

Re: Compatible with OpenVPN 2.4 ?

Post by ordex » Tue Jan 09, 2018 10:35 am

After checking with the devs: the current iOS App supports ECDHE but not ECDSA. It is on the roadmap for a future release.

Post Reply