Here some logs.
client:
Code: Select all
2018-08-06 14:50:37 ----- OpenVPN Start -----
OpenVPN core 3.2 ios arm64 64-bit built on Feb 22 2018 12:39:28
2018-08-06 14:50:37 Frame=512/2048/512 mssfix-ctrl=1250
2018-08-06 14:50:37 UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [persist-key]
7 [persist-tun]
10 [verify-x509-name] [server_IQ8uh8u8SJCqMdJy] [name]
14 [verb] [3]
2018-08-06 14:50:37 EVENT: RESOLVE
2018-08-06 14:50:37 Contacting [OPENVPN-IP]:1194/UDP via UDP
2018-08-06 14:50:37 EVENT: WAIT
2018-08-06 14:50:37 Connecting to [OPENVPN-IP]:1194 (OPENVPN-IP) via UDPv4
2018-08-06 14:50:37 EVENT: CONNECTING
2018-08-06 14:50:37 Tunnel Options:V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client
2018-08-06 14:50:37 Creds: UsernameEmpty/PasswordEmpty
2018-08-06 14:50:37 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.2.9-0
IV_VER=3.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZ4=1
IV_AUTO_SESS=1
2018-08-06 14:50:37 VERIFY OK : depth=1
cert. version : 3
serial number : 98:EF:84:C7:5C:88:59:59
issuer name : CN=ChangeMe
subject name : CN=ChangeMe
issued on : 2018-06-12 07:15:22
expires on : 2028-06-09 07:15:22
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=true
key usage : Key Cert Sign, CRL Sign
2018-08-06 14:50:37 VERIFY OK : depth=0
cert. version : 3
serial number : 01
issuer name : CN=ChangeMe
subject name : CN=server_IQ8uh8u8SJCqMdJy
issued on : 2018-06-12 07:15:33
expires on : 2028-06-09 07:15:33
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=false
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication
2018-08-06 14:50:37 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
2018-08-06 14:50:37 Session is ACTIVE
2018-08-06 14:50:37 EVENT: GET_CONFIG
2018-08-06 14:50:37 Sending PUSH_REQUEST to server...
2018-08-06 14:50:37 OPTIONS:
0 [route] [192.168.1.0] [255.255.255.0] [10.8.0.1]
1 [route-gateway] [10.8.0.1]
2 [topology] [subnet]
3 [ping] [1800]
4 [ping-restart] [3600]
5 [ifconfig] [10.8.0.3] [255.255.255.0]
6 [peer-id] [0]
7 [cipher] [AES-256-GCM]
2018-08-06 14:50:37 PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: SHA256
compress: LZ4
peer ID: 0
2018-08-06 14:50:37 EVENT: ASSIGN_IP
2018-08-06 14:50:37 NIP: preparing TUN network settings
2018-08-06 14:50:37 NIP: init TUN network settings with endpoint: OPENVPN-IP
2018-08-06 14:50:37 NIP: adding IPv4 address to network settings 10.8.0.3/255.255.255.0
2018-08-06 14:50:37 NIP: adding (included) IPv4 route 10.8.0.0/24
2018-08-06 14:50:37 Connected via NetworkExtensionTUN
2018-08-06 14:50:37 LZ4 init asym=0
2018-08-06 14:50:37 EVENT: CONNECTED @OPENVPN-IP:1194 (OPENVPN-IP) via /UDPv4 on NetworkExtensionTUN/10.8.0.3/ gw=[/]
server:
Code: Select all
Aug 6 14:50:37 localhost ovpn-server[518]: REMOTE-IP:13820 TLS: Initial packet from [AF_INET]REMOTE-IP:13820, sid=e362736e 49e46344
Aug 6 14:50:37 localhost ovpn-server[518]: REMOTE-IP:13820 VERIFY OK: depth=1, CN=ChangeMe
Aug 6 14:50:37 localhost ovpn-server[518]: REMOTE-IP:13820 Validating certificate key usage
Aug 6 14:50:37 localhost ovpn-server[518]: REMOTE-IP:13820 ++ Certificate has key usage 0080, expects 0080
Aug 6 14:50:37 localhost ovpn-server[518]: REMOTE-IP:13820 VERIFY KU OK
Aug 6 14:50:37 localhost ovpn-server[518]: REMOTE-IP:13820 Validating certificate extended key usage
Aug 6 14:50:37 localhost ovpn-server[518]: REMOTE-IP:13820 ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Client Authentication
Aug 6 14:50:37 localhost ovpn-server[518]: REMOTE-IP:13820 VERIFY EKU OK
Aug 6 14:50:37 localhost ovpn-server[518]: REMOTE-IP:13820 VERIFY OK: depth=0, CN=xefilphone
Aug 6 14:50:37 localhost ovpn-server[518]: REMOTE-IP:13820 peer info: IV_GUI_VER=net.openvpn.connect.ios_1.2.9-0
Aug 6 14:50:37 localhost ovpn-server[518]: REMOTE-IP:13820 peer info: IV_VER=3.2
Aug 6 14:50:37 localhost ovpn-server[518]: REMOTE-IP:13820 peer info: IV_PLAT=ios
Aug 6 14:50:37 localhost ovpn-server[518]: REMOTE-IP:13820 peer info: IV_NCP=2
Aug 6 14:50:37 localhost ovpn-server[518]: REMOTE-IP:13820 peer info: IV_TCPNL=1
Aug 6 14:50:37 localhost ovpn-server[518]: REMOTE-IP:13820 peer info: IV_PROTO=2
Aug 6 14:50:37 localhost ovpn-server[518]: REMOTE-IP:13820 peer info: IV_LZ4=1
Aug 6 14:50:37 localhost ovpn-server[518]: REMOTE-IP:13820 peer info: IV_AUTO_SESS=1
Aug 6 14:50:37 localhost ovpn-server[518]: REMOTE-IP:13820 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Aug 6 14:50:37 localhost ovpn-server[518]: REMOTE-IP:13820 [xefilphone] Peer Connection Initiated with [AF_INET]REMOTE-IP:13820
Aug 6 14:50:37 localhost ovpn-server[518]: xefilphone/REMOTE-IP:13820 MULTI_sva: pool returned IPv4=10.8.0.3, IPv6=(Not enabled)
Aug 6 14:50:37 localhost ovpn-server[518]: xefilphone/REMOTE-IP:13820 MULTI: Learn: 10.8.0.3 -> xefilphone/REMOTE-IP:13820
Aug 6 14:50:37 localhost ovpn-server[518]: xefilphone/REMOTE-IP:13820 MULTI: primary virtual IP for xefilphone/REMOTE-IP:13820: 10.8.0.3
Aug 6 14:50:37 localhost ovpn-server[518]: xefilphone/REMOTE-IP:13820 PUSH: Received control message: 'PUSH_REQUEST'
Aug 6 14:50:37 localhost ovpn-server[518]: xefilphone/REMOTE-IP:13820 SENT CONTROL [xefilphone]: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0 10.8.0.1,route-gateway 10.8.0.1,topology subnet,ping 1800,ping-restart 3600,ifconfig 10.8.0.3 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
Aug 6 14:50:37 localhost ovpn-server[518]: xefilphone/REMOTE-IP:13820 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Aug 6 14:50:37 localhost ovpn-server[518]: xefilphone/REMOTE-IP:13820 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Nothing useful from my point of view.
Now?
FYI: the local lan where the iphone is connected in WiFi and tries to connect at home, is not on 192.168.1.0/24, so there are no conflicts.
Even tried with 3G/4G mobile connection. I can remember this has worked time ago.
Thanks!
Simon