changing network issue

Post Reply
Fects1981
OpenVpn Newbie
Posts: 7
Joined: Sun Oct 07, 2018 7:18 pm

changing network issue

Post by Fects1981 » Fri Nov 02, 2018 10:02 pm

If I'm at home on WiFi and start OpenVPN connection, i connected successfully to my OpenVPN server. I could use the internet in a nearby perfect way. When i now leave my home, i have only a mobile LTE or similar connection and i get a other ip address. The OpenVPN connection is stable and I can still use the internet over the VPN connection. But when I come back home and connect again to my WiFi, I can't no longer use the internet. Im connected to the OpenVPN server but I can't reach any resources at the internet. However when i reconnect to the OpenVPN server, it works again as expected.

What can I do? Is there something i should change on the OpenVPN server or in the client configuration?

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5026
Joined: Fri Jun 03, 2016 1:17 pm

Re: changing network issue

Post by TinCanTech » Fri Nov 02, 2018 11:12 pm

Fects1981 wrote:
Fri Nov 02, 2018 10:02 pm
What can I do?
You could document the problem clearly ..

viewtopic.php?f=30&t=22603#p68963

Acronym77
OpenVpn Newbie
Posts: 1
Joined: Sat Nov 03, 2018 9:42 am

Re: changing network issue

Post by Acronym77 » Sat Nov 03, 2018 9:49 am

Hi, I had the same issue. To start with, you don't have to walk around the block to test it, you can just turn your wifi on and off while sitting on your couch ;)

Anyway, based on my research I am going to make a few assumptions since there isn't much information to base any conclusions on in your post. It seems that the OpenVPN app for Android doesn't recognize switching back to wifi and the log will keep on giving a UPD send error. This seems to be an old issue that might or might not be related to Android and your system not recognizing the network change, but there is no solution within the official OVPN client app for android. However, there is an open source OVPN client app in the appstore that works perfectly and is indeed capabable of noticing networkchanges back and to wifi. It works for me at least and I figured it might for you or others aswell. The app is easy to find if you look foor OpenVPN client. It has many more options for a setup, but just importing your .ovpn file works just as well.

Good luck.

Fects1981
OpenVpn Newbie
Posts: 7
Joined: Sun Oct 07, 2018 7:18 pm

Re: changing network issue

Post by Fects1981 » Wed Nov 07, 2018 8:42 pm

Sorry, but I haven't had time to take care of the problem these days. I suppose you mean the app at https://play.google.com/store/apps/deta ... kt.openvpn?

I installed it parallel to OpenVPN Connect (https://play.google.com/store/apps/deta ... pn.openvpn). Unfortunately, the same problem is found here. But not so intense. I would say that every 4th reconnect from mobile to Wifi is affected by this problem. With OpenVPN Connect it is absolutely every reconnect.

My server.conf looks like this:

Code: Select all

dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server_tzdJKLsjkAI3lwti.crt
key /etc/openvpn/easy-rsa/pki/private/server_tzdJKLsjkAI3lwti.key
#dh none
dh dh2048.pem
ecdh-curve secp384r1
topology subnet
server 10.8.0.0 255.255.255.0
push "dhcp-option DNS 192.168.178.2"
push "block-outside-dns"
push "redirect-gateway def1"
client-to-client
keepalive 1800 4000
remote-cert-tls client
tls-version-min 1.2
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
compress lz4
float
user nobody
group nogroup
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 4
I didn't have access to my server for now, so i cant provide you with a logfile. The configuration is from my last backup, it isn't changed at the server.

Update:
I can now access my server again. Here is a Logfile with verb4. This time the reconnect from mobile to Wifi is successfully. I have tried to comment in the logfile, what is happening. I interpret some errors in the log, but i dont know if thats a problem or not. Too bad I can't provocate the error at the moment. I'll try again tomorrow but maybe that's enough for you.

Code: Select all

Nov  7 21:46:43 fruchtzwerg ovpn-server[22988]: Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Nov  7 21:46:43 fruchtzwerg ovpn-server[22988]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Nov  7 21:46:43 fruchtzwerg ovpn-server[22988]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Nov  7 21:46:43 fruchtzwerg ovpn-server[22988]: UDPv4 link local (bound): [AF_INET][undef]:11194
Nov  7 21:46:43 fruchtzwerg ovpn-server[22988]: UDPv4 link remote: [AF_UNSPEC]
Nov  7 21:46:43 fruchtzwerg ovpn-server[22988]: GID set to nogroup
Nov  7 21:46:43 fruchtzwerg ovpn-server[22988]: UID set to nobody
Nov  7 21:46:43 fruchtzwerg ovpn-server[22988]: MULTI: multi_init called, r=256 v=256
Nov  7 21:46:43 fruchtzwerg ovpn-server[22988]: IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0
Nov  7 21:46:43 fruchtzwerg ovpn-server[22988]: Initialization Sequence Completed

Server is now restartet with verb 4
Wifi is connected

Wifi is now deactivated
Internet is available

Nov  7 21:48:40 fruchtzwerg ovpn-server[22988]: MULTI: multi_create_instance called
Nov  7 21:48:40 fruchtzwerg ovpn-server[22988]: 109.41.195.55:19917 Re-using SSL/TLS context
Nov  7 21:48:40 fruchtzwerg ovpn-server[22988]: 109.41.195.55:19917 LZ4 compression initializing
Nov  7 21:48:40 fruchtzwerg ovpn-server[22988]: 109.41.195.55:19917 Control Channel MTU parms [ L:1622 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Nov  7 21:48:40 fruchtzwerg ovpn-server[22988]: 109.41.195.55:19917 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Nov  7 21:48:40 fruchtzwerg ovpn-server[22988]: 109.41.195.55:19917 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-server'
Nov  7 21:48:40 fruchtzwerg ovpn-server[22988]: 109.41.195.55:19917 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client'
Nov  7 21:48:40 fruchtzwerg ovpn-server[22988]: 109.41.195.55:19917 TLS: Initial packet from [AF_INET]109.41.195.55:19917, sid=dd97a6ce 71fbaf9a
Nov  7 21:48:41 fruchtzwerg ovpn-server[22988]: 109.41.195.55:19917 VERIFY OK: depth=1, CN=ChangeMe
Nov  7 21:48:41 fruchtzwerg ovpn-server[22988]: 109.41.195.55:19917 Validating certificate key usage
Nov  7 21:48:41 fruchtzwerg ovpn-server[22988]: 109.41.195.55:19917 ++ Certificate has key usage  0080, expects 0080
Nov  7 21:48:41 fruchtzwerg ovpn-server[22988]: 109.41.195.55:19917 VERIFY KU OK
Nov  7 21:48:41 fruchtzwerg ovpn-server[22988]: 109.41.195.55:19917 Validating certificate extended key usage
Nov  7 21:48:41 fruchtzwerg ovpn-server[22988]: 109.41.195.55:19917 ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Client Authentication
Nov  7 21:48:41 fruchtzwerg ovpn-server[22988]: 109.41.195.55:19917 VERIFY EKU OK
Nov  7 21:48:41 fruchtzwerg ovpn-server[22988]: 109.41.195.55:19917 VERIFY OK: depth=0, CN=Samsung
Nov  7 21:48:41 fruchtzwerg ovpn-server[22988]: 109.41.195.55:19917 peer info: IV_VER=2.5_master
Nov  7 21:48:41 fruchtzwerg ovpn-server[22988]: 109.41.195.55:19917 peer info: IV_PLAT=android
Nov  7 21:48:41 fruchtzwerg ovpn-server[22988]: 109.41.195.55:19917 peer info: IV_PROTO=2
Nov  7 21:48:41 fruchtzwerg ovpn-server[22988]: 109.41.195.55:19917 peer info: IV_NCP=2
Nov  7 21:48:41 fruchtzwerg ovpn-server[22988]: 109.41.195.55:19917 peer info: IV_LZ4=1
Nov  7 21:48:41 fruchtzwerg ovpn-server[22988]: 109.41.195.55:19917 peer info: IV_LZ4v2=1
Nov  7 21:48:41 fruchtzwerg ovpn-server[22988]: 109.41.195.55:19917 peer info: IV_LZO=1
Nov  7 21:48:41 fruchtzwerg ovpn-server[22988]: 109.41.195.55:19917 peer info: IV_COMP_STUB=1
Nov  7 21:48:41 fruchtzwerg ovpn-server[22988]: 109.41.195.55:19917 peer info: IV_COMP_STUBv2=1
Nov  7 21:48:41 fruchtzwerg ovpn-server[22988]: 109.41.195.55:19917 peer info: IV_TCPNL=1
Nov  7 21:48:41 fruchtzwerg ovpn-server[22988]: 109.41.195.55:19917 peer info: IV_SSL=OpenSSL_1.1.1__11_Sep_2018
Nov  7 21:48:41 fruchtzwerg ovpn-server[22988]: 109.41.195.55:19917 peer info: IV_GUI_VER=de.blinkt.openvpn_0.7.6
Nov  7 21:48:41 fruchtzwerg ovpn-server[22988]: 109.41.195.55:19917 peer info: IV_PLAT_VER=26_8.0.0_arm64-v8a_samsung_universal8890_SM-G935F
Nov  7 21:48:41 fruchtzwerg ovpn-server[22988]: 109.41.195.55:19917 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Nov  7 21:48:41 fruchtzwerg ovpn-server[22988]: 109.41.195.55:19917 [Samsung] Peer Connection Initiated with [AF_INET]109.41.195.55:19917
Nov  7 21:48:41 fruchtzwerg ovpn-server[22988]: Samsung/109.41.195.55:19917 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
Nov  7 21:48:41 fruchtzwerg ovpn-server[22988]: Samsung/109.41.195.55:19917 MULTI: Learn: 10.8.0.2 -> Samsung/109.41.195.55:19917
Nov  7 21:48:41 fruchtzwerg ovpn-server[22988]: Samsung/109.41.195.55:19917 MULTI: primary virtual IP for Samsung/109.41.195.55:19917: 10.8.0.2
Nov  7 21:48:42 fruchtzwerg ovpn-server[22988]: Samsung/109.41.195.55:19917 PUSH: Received control message: 'PUSH_REQUEST'
Nov  7 21:48:42 fruchtzwerg ovpn-server[22988]: Samsung/109.41.195.55:19917 SENT CONTROL [Samsung]: 'PUSH_REPLY,dhcp-option DNS 192.168.178.2,block-outside-dns,redirect-gateway def1,route-gateway 10.8.0.1,topology subnet,ping 1800,ping-restart 4000,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
Nov  7 21:48:42 fruchtzwerg ovpn-server[22988]: Samsung/109.41.195.55:19917 Data Channel MTU parms [ L:1550 D:1450 EF:50 EB:406 ET:0 EL:3 ]
Nov  7 21:48:42 fruchtzwerg ovpn-server[22988]: Samsung/109.41.195.55:19917 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Nov  7 21:48:42 fruchtzwerg ovpn-server[22988]: Samsung/109.41.195.55:19917 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Nov  7 21:48:43 fruchtzwerg ovpn-server[22988]: Float requested for peer 0 to 84.57.43.188:62915
Nov  7 21:48:43 fruchtzwerg ovpn-server[22988]: AEAD Decrypt error: cipher final failed
Nov  7 21:48:44 fruchtzwerg ovpn-server[22988]: Float requested for peer 0 to 84.57.43.188:62915
Nov  7 21:48:44 fruchtzwerg ovpn-server[22988]: AEAD Decrypt error: cipher final failed
Nov  7 21:48:46 fruchtzwerg ovpn-server[22988]: Float requested for peer 0 to 84.57.43.188:62915
Nov  7 21:48:46 fruchtzwerg ovpn-server[22988]: AEAD Decrypt error: cipher final failed
Nov  7 21:48:47 fruchtzwerg ovpn-server[22988]: Float requested for peer 0 to 84.57.43.188:62915
Nov  7 21:48:47 fruchtzwerg ovpn-server[22988]: AEAD Decrypt error: cipher final failed

Client connected

Nov  7 21:48:52 fruchtzwerg ovpn-server[22988]: Float requested for peer 0 to 84.57.43.188:62915
Nov  7 21:48:52 fruchtzwerg ovpn-server[22988]: AEAD Decrypt error: cipher final failed

Wifi inactive

Nov  7 21:49:10 fruchtzwerg ovpn-server[22988]: Float requested for peer 0 to 84.57.43.188:62915
Nov  7 21:49:10 fruchtzwerg ovpn-server[22988]: AEAD Decrypt error: cipher final failed
Nov  7 21:49:10 fruchtzwerg ovpn-server[22988]: Float requested for peer 0 to 84.57.43.188:62915
Nov  7 21:49:10 fruchtzwerg ovpn-server[22988]: AEAD Decrypt error: cipher final failed
Nov  7 21:49:11 fruchtzwerg ovpn-server[22988]: Float requested for peer 0 to 84.57.43.188:62915
Nov  7 21:49:11 fruchtzwerg ovpn-server[22988]: AEAD Decrypt error: cipher final failed
Nov  7 21:49:14 fruchtzwerg ovpn-server[22988]: Float requested for peer 0 to 84.57.43.188:62915
Nov  7 21:49:14 fruchtzwerg ovpn-server[22988]: AEAD Decrypt error: cipher final failed
Nov  7 21:49:18 fruchtzwerg ovpn-server[22988]: Float requested for peer 0 to 84.57.43.188:62915
Nov  7 21:49:18 fruchtzwerg ovpn-server[22988]: AEAD Decrypt error: cipher final failed
Nov  7 21:49:18 fruchtzwerg ovpn-server[22988]: Float requested for peer 0 to 84.57.43.188:49764
Nov  7 21:49:18 fruchtzwerg ovpn-server[22988]: peer 0 (Samsung) floated from 109.41.195.55:19917 to [AF_INET]84.57.43.188:49764
Nov  7 21:49:22 fruchtzwerg ovpn-server[22988]: Float requested for peer 0 to 84.57.43.188:62915
Nov  7 21:49:22 fruchtzwerg ovpn-server[22988]: AEAD Decrypt error: cipher final failed
Nov  7 21:49:22 fruchtzwerg ovpn-server[22988]: Float requested for peer 0 to 84.57.43.188:62915
Nov  7 21:49:22 fruchtzwerg ovpn-server[22988]: AEAD Decrypt error: cipher final failed
Nov  7 21:49:23 fruchtzwerg ovpn-server[22988]: Float requested for peer 0 to 84.57.43.188:62915
Nov  7 21:49:23 fruchtzwerg ovpn-server[22988]: AEAD Decrypt error: cipher final failed
Nov  7 21:49:25 fruchtzwerg ovpn-server[22988]: Float requested for peer 0 to 84.57.43.188:62915
Nov  7 21:49:25 fruchtzwerg ovpn-server[22988]: AEAD Decrypt error: cipher final failed
Nov  7 21:49:29 fruchtzwerg ovpn-server[22988]: Float requested for peer 0 to 84.57.43.188:62915
Nov  7 21:49:29 fruchtzwerg ovpn-server[22988]: AEAD Decrypt error: cipher final failed


Wifi reconected again
Internet Available
Update 2:
I forgot the client config. Sorry for that. Here it is:

Code: Select all

client
dev tun
proto udp
remote vpn.myserver.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
tls-version-min 1.2
verify-x509-name server_yILH95sjkAI3lwti name
cipher AES-256-CBC
auth SHA256
compress lz4
verb 3

User avatar
Pippin
OpenVPN Expert
Posts: 366
Joined: Wed Jul 01, 2015 8:03 am

Re: changing network issue

Post by Pippin » Wed Nov 07, 2018 9:26 pm

192.168.178.0/24 is a common subnet, better change it to something uncommon.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5026
Joined: Fri Jun 03, 2016 1:17 pm

Re: changing network issue

Post by TinCanTech » Wed Nov 07, 2018 10:18 pm

Pippin wrote:
Wed Nov 07, 2018 9:26 pm
192.168.178.0/24 is a common subnet, better change it to something uncommon
That sounds like a long shot to me ;)
Fects1981 wrote:
Wed Nov 07, 2018 8:42 pm
Sorry, but I haven't had time to take care of the problem
Although @Pippin's suggetion is a long shot ..

You could disable "pushing the LAN to the client" and use "redirect client gateway" instead .. to test.

Fects1981
OpenVpn Newbie
Posts: 7
Joined: Sun Oct 07, 2018 7:18 pm

Re: changing network issue

Post by Fects1981 » Thu Nov 08, 2018 11:18 am

@TinCanTech: What in detail should i change? Something on the server.conf or something in the client.ovpn file?

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5026
Joined: Fri Jun 03, 2016 1:17 pm

Re: changing network issue

Post by TinCanTech » Thu Nov 08, 2018 1:52 pm

Fects1981 wrote:
Wed Nov 07, 2018 8:42 pm
Nov 7 21:48:42 fruchtzwerg ovpn-server[22988]: Samsung/109.41.195.55:19917 PUSH: Received control message: 'PUSH_REQUEST'
Nov 7 21:48:42 fruchtzwerg ovpn-server[22988]: Samsung/109.41.195.55:19917 SENT CONTROL [Samsung]: 'PUSH_REPLY,dhcp-option DNS 192.168.178.2,block-outside-dns,redirect-gateway def1,route-gateway 10.8.0.1,topology subnet,ping 1800,ping-restart 4000,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
Nov 7 21:48:42 fruchtzwerg ovpn-server[22988]: Samsung/109.41.195.55:19917 Data Channel MTU parms [ L:1550 D:1450 EF:50 EB:406 ET:0 EL:3 ]
Nov 7 21:48:42 fruchtzwerg ovpn-server[22988]: Samsung/109.41.195.55:19917 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Nov 7 21:48:42 fruchtzwerg ovpn-server[22988]: Samsung/109.41.195.55:19917 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
*** This is where the client is connected ***

However, then you get this ..
Fects1981 wrote:
Wed Nov 07, 2018 8:42 pm
Nov 7 21:48:43 fruchtzwerg ovpn-server[22988]: Float requested for peer 0 to 84.57.43.188:62915
Nov 7 21:48:43 fruchtzwerg ovpn-server[22988]: AEAD Decrypt error: cipher final failed
Nov 7 21:48:44 fruchtzwerg ovpn-server[22988]: Float requested for peer 0 to 84.57.43.188:62915
Nov 7 21:48:44 fruchtzwerg ovpn-server[22988]: AEAD Decrypt error: cipher final failed
Nov 7 21:48:46 fruchtzwerg ovpn-server[22988]: Float requested for peer 0 to 84.57.43.188:62915
Nov 7 21:48:46 fruchtzwerg ovpn-server[22988]: AEAD Decrypt error: cipher final failed
Nov 7 21:48:47 fruchtzwerg ovpn-server[22988]: Float requested for peer 0 to 84.57.43.188:62915
Nov 7 21:48:47 fruchtzwerg ovpn-server[22988]: AEAD Decrypt error: cipher final failed

Client connected

Nov 7 21:48:52 fruchtzwerg ovpn-server[22988]: Float requested for peer 0 to 84.57.43.188:62915
Nov 7 21:48:52 fruchtzwerg ovpn-server[22988]: AEAD Decrypt error: cipher final failed

Wifi inactive

Nov 7 21:49:10 fruchtzwerg ovpn-server[22988]: Float requested for peer 0 to 84.57.43.188:62915
Nov 7 21:49:10 fruchtzwerg ovpn-server[22988]: AEAD Decrypt error: cipher final failed
Nov 7 21:49:10 fruchtzwerg ovpn-server[22988]: Float requested for peer 0 to 84.57.43.188:62915
Nov 7 21:49:10 fruchtzwerg ovpn-server[22988]: AEAD Decrypt error: cipher final failed
Nov 7 21:49:11 fruchtzwerg ovpn-server[22988]: Float requested for peer 0 to 84.57.43.188:62915
Nov 7 21:49:11 fruchtzwerg ovpn-server[22988]: AEAD Decrypt error: cipher final failed
Nov 7 21:49:14 fruchtzwerg ovpn-server[22988]: Float requested for peer 0 to 84.57.43.188:62915
Nov 7 21:49:14 fruchtzwerg ovpn-server[22988]: AEAD Decrypt error: cipher final failed
Nov 7 21:49:18 fruchtzwerg ovpn-server[22988]: Float requested for peer 0 to 84.57.43.188:62915
Nov 7 21:49:18 fruchtzwerg ovpn-server[22988]: AEAD Decrypt error: cipher final failed
The client eventually floated ..
Fects1981 wrote:
Wed Nov 07, 2018 8:42 pm
Nov 7 21:49:18 fruchtzwerg ovpn-server[22988]: Float requested for peer 0 to 84.57.43.188:49764
Nov 7 21:49:18 fruchtzwerg ovpn-server[22988]: peer 0 (Samsung) floated from 109.41.195.55:19917 to [AF_INET]84.57.43.188:49764
Then more errors and float requests ..
Fects1981 wrote:
Wed Nov 07, 2018 8:42 pm
Nov 7 21:49:22 fruchtzwerg ovpn-server[22988]: Float requested for peer 0 to 84.57.43.188:62915
Nov 7 21:49:22 fruchtzwerg ovpn-server[22988]: AEAD Decrypt error: cipher final failed
Nov 7 21:49:22 fruchtzwerg ovpn-server[22988]: Float requested for peer 0 to 84.57.43.188:62915
Nov 7 21:49:22 fruchtzwerg ovpn-server[22988]: AEAD Decrypt error: cipher final failed
Nov 7 21:49:23 fruchtzwerg ovpn-server[22988]: Float requested for peer 0 to 84.57.43.188:62915
Nov 7 21:49:23 fruchtzwerg ovpn-server[22988]: AEAD Decrypt error: cipher final failed
Nov 7 21:49:25 fruchtzwerg ovpn-server[22988]: Float requested for peer 0 to 84.57.43.188:62915
Nov 7 21:49:25 fruchtzwerg ovpn-server[22988]: AEAD Decrypt error: cipher final failed
Nov 7 21:49:29 fruchtzwerg ovpn-server[22988]: Float requested for peer 0 to 84.57.43.188:62915
Nov 7 21:49:29 fruchtzwerg ovpn-server[22988]: AEAD Decrypt error: cipher final failed


Wifi reconected again
Internet Available
I think we need the client log file.

Fects1981
OpenVpn Newbie
Posts: 7
Joined: Sun Oct 07, 2018 7:18 pm

Re: changing network issue

Post by Fects1981 » Thu Nov 08, 2018 8:29 pm

Today i have enabled OpenVPN on the client when i was at work and only connected to mobile network. After arriving at home, i connected to my Home Wifi "Einhornkotze" at 17:02: When i was at mobile, i could use the internet, but after connecting to Wifi, i couldnt. Here is the Logfile, i didnt have changed the config:

Code: Select all

2018-11-08 05:50:49 offizielle Version 0.7.6 läuft auf samsung SM-G935F (universal8890), Android 8.0.0 (R16NW) API 26, ABI arm64-v8a, (samsung/hero2ltexx/hero2lte:8.0.0/R16NW/G935FXXS3ERJ2:user/release-keys)
2018-11-08 05:50:49 App restriction version (not set) does not match expected version 1
2018-11-08 05:50:49 952 Einträge aus Protokoll-Cache gelesen
2018-11-08 12:37:26 Generiere OpenVPN-Konfiguration…
2018-11-08 12:37:26 started Socket Thread
2018-11-08 12:37:26 Netzwerkstatus: CONNECTED LTE to MOBILE web.t-mobile.com
2018-11-08 12:37:26 Debug state info: CONNECTED LTE to MOBILE web.t-mobile.com, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2018-11-08 12:37:26 Debug state info: CONNECTED LTE to MOBILE web.t-mobile.com, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2018-11-08 12:37:26 WARNING:  Compression enabled, Compression has been used in the past to break encryption. Enabling decompression of received packet only. Sent packets are not compressed.
2018-11-08 12:37:26 Current Parameter Settings:
2018-11-08 12:37:26 Warte 0s Sekunden zwischen zwei Verbindungsversuchen
2018-11-08 12:37:26   config = '/data/user/0/de.blinkt.openvpn/cache/android.conf'
2018-11-08 12:37:26   mode = 0
2018-11-08 12:37:26   show_ciphers = DISABLED
2018-11-08 12:37:26   show_digests = DISABLED
2018-11-08 12:37:26   show_engines = DISABLED
2018-11-08 12:37:26   genkey = DISABLED
2018-11-08 12:37:26   key_pass_file = '[UNDEF]'
2018-11-08 12:37:26   show_tls_ciphers = DISABLED
2018-11-08 12:37:26   connect_retry_max = 50
2018-11-08 12:37:26 Connection profiles [0]:
2018-11-08 12:37:26   proto = udp
2018-11-08 12:37:26   local = '[UNDEF]'
2018-11-08 12:37:26   local_port = '[UNDEF]'
2018-11-08 12:37:26 remote = 'box.pfohlnet.de'
2018-11-08 12:37:26   remote_port = '11194'
2018-11-08 12:37:26   remote_float = ENABLED
2018-11-08 12:37:26   bind_defined = DISABLED
2018-11-08 12:37:26   bind_local = DISABLED
2018-11-08 12:37:26   bind_ipv6_only = DISABLED
2018-11-08 12:37:26   connect_retry_seconds = 2
2018-11-08 12:37:26   connect_timeout = 120
2018-11-08 12:37:26   socks_proxy_server = '[UNDEF]'
2018-11-08 12:37:26   socks_proxy_port = '[UNDEF]'
2018-11-08 12:37:26   tun_mtu = 1500
2018-11-08 12:37:26   tun_mtu_defined = ENABLED
2018-11-08 12:37:26   link_mtu = 1500
2018-11-08 12:37:26   link_mtu_defined = DISABLED
2018-11-08 12:37:26   tun_mtu_extra = 0
2018-11-08 12:37:26   tun_mtu_extra_defined = DISABLED
2018-11-08 12:37:26   mtu_discover_type = -1
2018-11-08 12:37:26   fragment = 0
2018-11-08 12:37:26   mssfix = 1450
2018-11-08 12:37:26   explicit_exit_notification = 0
2018-11-08 12:37:26   tls_auth_file = '[UNDEF]'
2018-11-08 12:37:26   key_direction = not set
2018-11-08 12:37:26   tls_crypt_file = '[[INLINE]]'
2018-11-08 12:37:26 Connection profiles END
2018-11-08 12:37:26   remote_random = DISABLED
2018-11-08 12:37:26   ipchange = '[UNDEF]'
2018-11-08 12:37:26   dev = 'tun'
2018-11-08 12:37:26   dev_type = '[UNDEF]'
2018-11-08 12:37:26   dev_node = '[UNDEF]'
2018-11-08 12:37:26   lladdr = '[UNDEF]'
2018-11-08 12:37:26   topology = 1
2018-11-08 12:37:26   ifconfig_local = '[UNDEF]'
2018-11-08 12:37:26   ifconfig_remote_netmask = '[UNDEF]'
2018-11-08 12:37:26   ifconfig_noexec = DISABLED
2018-11-08 12:37:26   ifconfig_nowarn = ENABLED
2018-11-08 12:37:26   ifconfig_ipv6_local = '[UNDEF]'
2018-11-08 12:37:26   ifconfig_ipv6_netbits = 0
2018-11-08 12:37:26   ifconfig_ipv6_remote = '[UNDEF]'
2018-11-08 12:37:26   shaper = 0
2018-11-08 12:37:26   mtu_test = 0
2018-11-08 12:37:26   mlock = DISABLED
2018-11-08 12:37:26   keepalive_ping = 0
2018-11-08 12:37:26   keepalive_timeout = 0
2018-11-08 12:37:26   inactivity_timeout = 0
2018-11-08 12:37:26   ping_send_timeout = 0
2018-11-08 12:37:26   ping_rec_timeout = 0
2018-11-08 12:37:26   ping_rec_timeout_action = 0
2018-11-08 12:37:26   ping_timer_remote = DISABLED
2018-11-08 12:37:26   remap_sigusr1 = 0
2018-11-08 12:37:26   persist_tun = ENABLED
2018-11-08 12:37:26   persist_local_ip = DISABLED
2018-11-08 12:37:26   persist_remote_ip = DISABLED
2018-11-08 12:37:26   persist_key = DISABLED
2018-11-08 12:37:26   passtos = DISABLED
2018-11-08 12:37:26   resolve_retry_seconds = 1000000000
2018-11-08 12:37:26   resolve_in_advance = ENABLED
2018-11-08 12:37:26   username = '[UNDEF]'
2018-11-08 12:37:26   groupname = '[UNDEF]'
2018-11-08 12:37:26   chroot_dir = '[UNDEF]'
2018-11-08 12:37:26   cd_dir = '[UNDEF]'
2018-11-08 12:37:26   writepid = '[UNDEF]'
2018-11-08 12:37:26   up_script = '[UNDEF]'
2018-11-08 12:37:26   down_script = '[UNDEF]'
2018-11-08 12:37:26   down_pre = DISABLED
2018-11-08 12:37:26   up_restart = DISABLED
2018-11-08 12:37:26   up_delay = DISABLED
2018-11-08 12:37:26   daemon = DISABLED
2018-11-08 12:37:26   inetd = 0
2018-11-08 12:37:26   log = DISABLED
2018-11-08 12:37:26   suppress_timestamps = DISABLED
2018-11-08 12:37:26   machine_readable_output = ENABLED
2018-11-08 12:37:26   nice = 0
2018-11-08 12:37:26   verbosity = 4
2018-11-08 12:37:26   mute = 0
2018-11-08 12:37:26   gremlin = 0
2018-11-08 12:37:26   status_file = '[UNDEF]'
2018-11-08 12:37:26   status_file_version = 1
2018-11-08 12:37:26   status_file_update_freq = 60
2018-11-08 12:37:26   occ = ENABLED
2018-11-08 12:37:26   rcvbuf = 0
2018-11-08 12:37:26   sndbuf = 0
2018-11-08 12:37:26   sockflags = 0
2018-11-08 12:37:26   fast_io = DISABLED
2018-11-08 12:37:26   comp.alg = 4
2018-11-08 12:37:26   comp.flags = 4
2018-11-08 12:37:26   route_script = '[UNDEF]'
2018-11-08 12:37:26   route_default_gateway = '[UNDEF]'
2018-11-08 12:37:26   route_default_metric = 0
2018-11-08 12:37:26   route_noexec = DISABLED
2018-11-08 12:37:26   route_delay = 0
2018-11-08 12:37:26   route_delay_window = 30
2018-11-08 12:37:26   route_delay_defined = DISABLED
2018-11-08 12:37:26   route_nopull = DISABLED
2018-11-08 12:37:26   route_gateway_via_dhcp = DISABLED
2018-11-08 12:37:26   allow_pull_fqdn = DISABLED
2018-11-08 12:37:26   route 0.0.0.0/0.0.0.0/vpn_gateway/default (not set)
2018-11-08 12:37:26   management_addr = '/data/user/0/de.blinkt.openvpn/cache/mgmtsocket'
2018-11-08 12:37:26   management_port = 'unix'
2018-11-08 12:37:26   management_user_pass = '[UNDEF]'
2018-11-08 12:37:26   management_log_history_cache = 250
2018-11-08 12:37:26   management_echo_buffer_size = 100
2018-11-08 12:37:26   management_write_peer_info_file = '[UNDEF]'
2018-11-08 12:37:26   management_client_user = '[UNDEF]'
2018-11-08 12:37:26   management_client_group = '[UNDEF]'
2018-11-08 12:37:26   management_flags = 4390
2018-11-08 12:37:26   shared_secret_file = '[UNDEF]'
2018-11-08 12:37:26   key_direction = not set
2018-11-08 12:37:26   ciphername = 'AES-256-CBC'
2018-11-08 12:37:26   ncp_enabled = ENABLED
2018-11-08 12:37:26   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
2018-11-08 12:37:26   authname = 'SHA256'
2018-11-08 12:37:26   prng_hash = 'SHA1'
2018-11-08 12:37:26   prng_nonce_secret_len = 16
2018-11-08 12:37:26   keysize = 0
2018-11-08 12:37:26   engine = DISABLED
2018-11-08 12:37:26   replay = ENABLED
2018-11-08 12:37:26   mute_replay_warnings = DISABLED
2018-11-08 12:37:26   replay_window = 64
2018-11-08 12:37:26   replay_time = 15
2018-11-08 12:37:26   packet_id_file = '[UNDEF]'
2018-11-08 12:37:26   test_crypto = DISABLED
2018-11-08 12:37:26   tls_server = DISABLED
2018-11-08 12:37:26   tls_client = ENABLED
2018-11-08 12:37:26   key_method = 2
2018-11-08 12:37:26   ca_file = '[[INLINE]]'
2018-11-08 12:37:26   ca_path = '[UNDEF]'
2018-11-08 12:37:26   dh_file = '[UNDEF]'
2018-11-08 12:37:26   cert_file = '[[INLINE]]'
2018-11-08 12:37:26   extra_certs_file = '[UNDEF]'
2018-11-08 12:37:26   priv_key_file = '[[INLINE]]'
2018-11-08 12:37:26   pkcs12_file = '[UNDEF]'
2018-11-08 12:37:26   cipher_list = '[UNDEF]'
2018-11-08 12:37:26   tls_cert_profile = '[UNDEF]'
2018-11-08 12:37:26   tls_verify = '[UNDEF]'
2018-11-08 12:37:26   tls_export_cert = '[UNDEF]'
2018-11-08 12:37:26   verify_x509_type = 2
2018-11-08 12:37:26   verify_x509_name = 'server_yILH95sjkAI3lwti'
2018-11-08 12:37:26   crl_file = '[UNDEF]'
2018-11-08 12:37:26   ns_cert_type = 0
2018-11-08 12:37:26   remote_cert_ku[i] = 65535
2018-11-08 12:37:26   remote_cert_ku[i] = 0
2018-11-08 12:37:26   remote_cert_ku[i] = 0
2018-11-08 12:37:26   remote_cert_ku[i] = 0
2018-11-08 12:37:26   remote_cert_ku[i] = 0
2018-11-08 12:37:26   remote_cert_ku[i] = 0
2018-11-08 12:37:26   remote_cert_ku[i] = 0
2018-11-08 12:37:26   remote_cert_ku[i] = 0
2018-11-08 12:37:26   remote_cert_ku[i] = 0
2018-11-08 12:37:26   remote_cert_ku[i] = 0
2018-11-08 12:37:26   remote_cert_ku[i] = 0
2018-11-08 12:37:26   remote_cert_ku[i] = 0
2018-11-08 12:37:26   remote_cert_ku[i] = 0
2018-11-08 12:37:26   remote_cert_ku[i] = 0
2018-11-08 12:37:26   remote_cert_ku[i] = 0
2018-11-08 12:37:26   remote_cert_ku[i] = 0
2018-11-08 12:37:26   remote_cert_eku = 'TLS Web Server Authentication'
2018-11-08 12:37:26   ssl_flags = 192
2018-11-08 12:37:26   tls_timeout = 2
2018-11-08 12:37:26   renegotiate_bytes = -1
2018-11-08 12:37:26   renegotiate_packets = 0
2018-11-08 12:37:26   renegotiate_seconds = 3600
2018-11-08 12:37:26   handshake_window = 60
2018-11-08 12:37:26   transition_window = 3600
2018-11-08 12:37:26   single_session = DISABLED
2018-11-08 12:37:26   push_peer_info = ENABLED
2018-11-08 12:37:26   tls_exit = DISABLED
2018-11-08 12:37:26   client = ENABLED
2018-11-08 12:37:26   pull = ENABLED
2018-11-08 12:37:26   auth_user_pass_file = '[UNDEF]'
2018-11-08 12:37:26 OpenVPN 2.5-icsopenvpn [git:icsopenvpn/v0.7.6-0-gb98840e2] arm64-v8a [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Sep 24 2018
2018-11-08 12:37:26 library versions: OpenSSL 1.1.1  11 Sep 2018, LZO 2.10
2018-11-08 12:37:26 MANAGEMENT: Connected to management server at /data/user/0/de.blinkt.openvpn/cache/mgmtsocket
2018-11-08 12:37:26 MANAGEMENT: CMD 'version 2'
2018-11-08 12:37:26 MANAGEMENT: CMD 'hold release'
2018-11-08 12:37:26 MANAGEMENT: CMD 'bytecount 2'
2018-11-08 12:37:26 MANAGEMENT: CMD 'proxy NONE'
2018-11-08 12:37:26 MANAGEMENT: CMD 'state on'
2018-11-08 12:37:27 MANAGEMENT: CMD 'password [...]'
2018-11-08 12:37:27 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2018-11-08 12:37:27 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2018-11-08 12:37:27 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2018-11-08 12:37:27 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2018-11-08 12:37:27 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2018-11-08 12:37:27 LZ4 compression initializing
2018-11-08 12:37:27 Control Channel MTU parms [ L:1622 D:1156 EF:94 EB:0 ET:0 EL:3 ]
2018-11-08 12:37:27 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
2018-11-08 12:37:27 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client'
2018-11-08 12:37:27 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-server'
2018-11-08 12:37:27 TCP/UDP: Preserving recently used remote address: [AF_INET]84.89.35.79:11194
2018-11-08 12:37:27 Socket Buffers: R=[229376->229376] S=[229376->229376]
2018-11-08 12:37:27 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2018-11-08 12:37:27 UDP link local: (not bound)
2018-11-08 12:37:27 UDP link remote: [AF_INET]84.89.35.79:11194
2018-11-08 12:37:27 MANAGEMENT: >STATE:1541677047,WAIT,,,,,,
2018-11-08 12:37:27 MANAGEMENT: >STATE:1541677047,AUTH,,,,,,
2018-11-08 12:37:27 TLS: Initial packet from [AF_INET]84.89.35.79:11194, sid=69c68cae 3ce38f2f
2018-11-08 12:37:27 GDG: SIOCGIFHWADDR(lo) failed
2018-11-08 12:37:28 VERIFY OK: depth=1, CN=ChangeMe
2018-11-08 12:37:28 VERIFY KU OK
2018-11-08 12:37:28 Validating certificate extended key usage
2018-11-08 12:37:28 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2018-11-08 12:37:28 VERIFY EKU OK
2018-11-08 12:37:28 VERIFY X509NAME OK: CN=server_yILH95sjkAI3lwti
2018-11-08 12:37:28 VERIFY OK: depth=0, CN=server_yILH95sjkAI3lwti
2018-11-08 12:37:28 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
2018-11-08 12:37:28 [server_yILH95sjkAI3lwti] Peer Connection Initiated with [AF_INET]84.89.35.79:11194
2018-11-08 12:37:29 MANAGEMENT: >STATE:1541677049,GET_CONFIG,,,,,,
2018-11-08 12:37:29 SENT CONTROL [server_yILH95sjkAI3lwti]: 'PUSH_REQUEST' (status=1)
2018-11-08 12:37:29 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 192.168.178.2,block-outside-dns,redirect-gateway def1,route-gateway 10.8.0.1,topology subnet,ping 1800,ping-restart 4000,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM'
2018-11-08 12:37:29 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:2: block-outside-dns (2.5_master)
2018-11-08 12:37:29 OPTIONS IMPORT: timers and/or timeouts modified
2018-11-08 12:37:29 OPTIONS IMPORT: --ifconfig/up options modified
2018-11-08 12:37:29 OPTIONS IMPORT: route options modified
2018-11-08 12:37:29 OPTIONS IMPORT: route-related options modified
2018-11-08 12:37:29 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2018-11-08 12:37:29 OPTIONS IMPORT: peer-id set
2018-11-08 12:37:29 OPTIONS IMPORT: adjusting link_mtu to 1625
2018-11-08 12:37:29 OPTIONS IMPORT: data channel crypto options modified
2018-11-08 12:37:29 Data Channel: using negotiated cipher 'AES-256-GCM'
2018-11-08 12:37:29 Data Channel MTU parms [ L:1553 D:1450 EF:53 EB:406 ET:0 EL:3 ]
2018-11-08 12:37:29 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2018-11-08 12:37:29 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2018-11-08 12:37:29 GDG: SIOCGIFHWADDR(lo) failed
2018-11-08 12:37:29 ROUTE_GATEWAY 127.100.103.119/255.0.0.0 IFACE=lo
2018-11-08 12:37:29 do_ifconfig, ipv4=1, ipv6=0
2018-11-08 12:37:29 MANAGEMENT: >STATE:1541677049,ASSIGN_IP,,10.8.0.2,,,,
2018-11-08 12:37:29 MANAGEMENT: CMD 'needok 'IFCONFIG' ok'
2018-11-08 12:37:29 MANAGEMENT: CMD 'needok 'ROUTE' ok'
2018-11-08 12:37:29 MANAGEMENT: >STATE:1541677049,ADD_ROUTES,,,,,,
2018-11-08 12:37:29 MANAGEMENT: CMD 'needok 'ROUTE' ok'
2018-11-08 12:37:29 MANAGEMENT: CMD 'needok 'DNSSERVER' ok'
2018-11-08 12:37:29 MANAGEMENT: CMD 'needok 'DNSSERVER' ok'
2018-11-08 12:37:29 MANAGEMENT: CMD 'needok 'DNSSERVER' ok'
2018-11-08 12:37:29 MANAGEMENT: CMD 'needok 'DNSDOMAIN' ok'
2018-11-08 12:37:29 MANAGEMENT: CMD 'needok 'PERSIST_TUN_ACTION' OPEN_BEFORE_CLOSE'
2018-11-08 12:37:29 Tun-Netzwerkinterface wird geöffnet:
2018-11-08 12:37:29 Lokale IPv4: 10.8.0.2/24 IPv6: null MTU: 1500
2018-11-08 12:37:29 DNS-Server: 192.168.178.2, 192.168.178.2, 192.168.178.2, Domäne: blinkt.de
2018-11-08 12:37:29 Routen: 0.0.0.0/0, 10.8.0.0/24 
2018-11-08 12:37:29 Ausgeschlossene Routen:  
2018-11-08 12:37:29 Installierte VpnService-Routen: 0.0.0.0/0 
2018-11-08 12:37:29 Nicht zugelassene Apps für das VPN: 
2018-11-08 12:37:29 MANAGEMENT: CMD 'needok 'OPENTUN' ok'
2018-11-08 12:37:29 Initialization Sequence Completed
2018-11-08 12:37:29 MANAGEMENT: >STATE:1541677049,CONNECTED,SUCCESS,10.8.0.2,84.89.35.79,11194,,
2018-11-08 12:37:29 Debug state info: CONNECTED LTE to MOBILE web.t-mobile.com, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2018-11-08 13:37:29 GDG: SIOCGIFHWADDR(lo) failed
2018-11-08 13:37:29 VERIFY OK: depth=1, CN=ChangeMe
2018-11-08 13:37:29 VERIFY KU OK
2018-11-08 13:37:29 Validating certificate extended key usage
2018-11-08 13:37:29 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2018-11-08 13:37:29 VERIFY EKU OK
2018-11-08 13:37:29 VERIFY X509NAME OK: CN=server_yILH95sjkAI3lwti
2018-11-08 13:37:29 VERIFY OK: depth=0, CN=server_yILH95sjkAI3lwti
2018-11-08 13:37:29 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2018-11-08 13:37:29 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2018-11-08 13:37:29 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
2018-11-08 14:43:08 TLS: soft reset sec=3939/3600 bytes=182477/-1 pkts=529/0
2018-11-08 14:44:08 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2018-11-08 14:44:08 Ignoring OpenVPN Status in CONNECTED state (WAIT->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): ,,,,,
2018-11-08 14:44:08 TLS Error: TLS handshake failed
2018-11-08 14:44:08 TLS: move_session: dest=TM_LAME_DUCK src=TM_ACTIVE reinit_src=1
2018-11-08 14:44:08 MANAGEMENT: >STATE:1541684648,WAIT,,,,,,
2018-11-08 14:44:08 MANAGEMENT: >STATE:1541684648,AUTH,,,,,,
2018-11-08 14:44:08 TLS: Initial packet from [AF_INET]84.89.35.79:11194, sid=fa8aaa51 068add9f
2018-11-08 14:44:08 Ignoring OpenVPN Status in CONNECTED state (AUTH->LEVEL_CONNECTING_SERVER_REPLIED): ,,,,,
2018-11-08 14:44:08 GDG: SIOCGIFHWADDR(lo) failed
2018-11-08 14:44:08 VERIFY OK: depth=1, CN=ChangeMe
2018-11-08 14:44:08 VERIFY KU OK
2018-11-08 14:44:08 Validating certificate extended key usage
2018-11-08 14:44:08 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2018-11-08 14:44:08 VERIFY EKU OK
2018-11-08 14:44:08 VERIFY X509NAME OK: CN=server_yILH95sjkAI3lwti
2018-11-08 14:44:08 VERIFY OK: depth=0, CN=server_yILH95sjkAI3lwti
2018-11-08 14:44:08 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
2018-11-08 15:41:07 Netzwerkstatus: SUSPENDED UNKNOWN to MOBILE web.t-mobile.com
2018-11-08 15:41:07 Debug state info: SUSPENDED UNKNOWN to MOBILE web.t-mobile.com, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2018-11-08 15:41:07 write UDP []: Network is unreachable (code=101)
2018-11-08 15:41:07 Debug state info: SUSPENDED UNKNOWN to MOBILE web.t-mobile.com, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2018-11-08 15:41:08 write UDP []: Network is unreachable (code=101)
2018-11-08 15:41:13 write UDP []: Network is unreachable (code=101)
2018-11-08 15:41:14 write UDP []: Network is unreachable (code=101)
2018-11-08 15:41:18 write UDP []: Network is unreachable (code=101)
2018-11-08 15:41:23 write UDP []: Network is unreachable (code=101)
2018-11-08 15:41:27 Netzwerkstatus: CONNECTED EDGE to MOBILE web.t-mobile.com
2018-11-08 15:41:27 Debug state info: CONNECTED EDGE to MOBILE web.t-mobile.com, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2018-11-08 15:41:28 Debug state info: CONNECTED EDGE to MOBILE web.t-mobile.com, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2018-11-08 15:41:28 Debug state info: CONNECTED EDGE to MOBILE web.t-mobile.com, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2018-11-08 15:43:08 TLS: tls_multi_process: killed expiring key
2018-11-08 15:45:01 TLS: soft reset sec=3653/3600 bytes=0/-1 pkts=0/0
2018-11-08 15:46:09 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2018-11-08 15:46:09 TLS Error: TLS handshake failed
2018-11-08 15:46:09 TLS: move_session: dest=TM_LAME_DUCK src=TM_ACTIVE reinit_src=1
2018-11-08 15:46:37 Ignoring OpenVPN Status in CONNECTED state (WAIT->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): ,,,,,
2018-11-08 15:46:37 MANAGEMENT: >STATE:1541688397,WAIT,,,,,,
2018-11-08 15:46:37 Ignoring OpenVPN Status in CONNECTED state (AUTH->LEVEL_CONNECTING_SERVER_REPLIED): ,,,,,
2018-11-08 15:46:37 MANAGEMENT: >STATE:1541688397,AUTH,,,,,,
2018-11-08 15:46:37 TLS: Initial packet from [AF_INET]84.89.35.79:11194, sid=647a59b1 e69ee614
2018-11-08 15:46:37 GDG: SIOCGIFHWADDR(lo) failed
2018-11-08 15:46:38 VERIFY OK: depth=1, CN=ChangeMe
2018-11-08 15:46:38 VERIFY KU OK
2018-11-08 15:46:38 Validating certificate extended key usage
2018-11-08 15:46:38 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2018-11-08 15:46:38 VERIFY EKU OK
2018-11-08 15:46:38 VERIFY X509NAME OK: CN=server_yILH95sjkAI3lwti
2018-11-08 15:46:38 VERIFY OK: depth=0, CN=server_yILH95sjkAI3lwti
2018-11-08 15:46:38 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
2018-11-08 15:54:08 Netzwerkstatus: SUSPENDED UNKNOWN to MOBILE web.vodafone.com
2018-11-08 15:54:08 Debug state info: SUSPENDED UNKNOWN to MOBILE web.vodafone.com, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2018-11-08 15:54:08 Debug state info: SUSPENDED UNKNOWN to MOBILE web.vodafone.com, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2018-11-08 15:54:36 Netzwerkstatus: CONNECTED LTE to MOBILE web.vodafone.com
2018-11-08 15:54:36 Debug state info: CONNECTED LTE to MOBILE web.vodafone.com, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2018-11-08 15:54:37 Debug state info: CONNECTED LTE to MOBILE web.vodafone.com, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2018-11-08 15:54:37 Debug state info: CONNECTED LTE to MOBILE web.vodafone.com, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2018-11-08 16:47:06 TLS: soft reset sec=3628/3600 bytes=0/-1 pkts=0/0
2018-11-08 16:47:06 TLS: tls_multi_process: killed expiring key
2018-11-08 16:48:20 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2018-11-08 16:48:20 TLS Error: TLS handshake failed
2018-11-08 16:48:20 TLS: move_session: dest=TM_LAME_DUCK src=TM_ACTIVE reinit_src=1
2018-11-08 16:49:19 Ignoring OpenVPN Status in CONNECTED state (WAIT->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): ,,,,,
2018-11-08 16:49:19 MANAGEMENT: >STATE:1541692159,WAIT,,,,,,
2018-11-08 16:50:14 Netzwerkstatus: SUSPENDED UNKNOWN to MOBILE web.vodafone.com
2018-11-08 16:50:14 Debug state info: SUSPENDED UNKNOWN to MOBILE web.vodafone.com, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2018-11-08 16:50:14 write UDP []: Network is unreachable (code=101)
2018-11-08 16:50:15 Debug state info: SUSPENDED UNKNOWN to MOBILE web.vodafone.com, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2018-11-08 16:50:19 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2018-11-08 16:50:19 TLS Error: TLS handshake failed
2018-11-08 16:51:34 Netzwerkstatus: CONNECTED LTE to MOBILE web.vodafone.com
2018-11-08 16:51:35 Debug state info: CONNECTED LTE to MOBILE web.vodafone.com, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2018-11-08 16:51:35 Debug state info: CONNECTED LTE to MOBILE web.vodafone.com, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2018-11-08 16:51:35 Debug state info: CONNECTED LTE to MOBILE web.vodafone.com, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2018-11-08 16:51:35 MANAGEMENT: >STATE:1541692295,WAIT,,,,,,
2018-11-08 16:51:35 Ignoring OpenVPN Status in CONNECTED state (WAIT->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): ,,,,,
2018-11-08 16:51:35 MANAGEMENT: >STATE:1541692295,AUTH,,,,,,
2018-11-08 16:51:35 TLS: Initial packet from [AF_INET]84.89.35.79:11194, sid=c143cd64 63fe480a
2018-11-08 16:51:35 GDG: SIOCGIFHWADDR(lo) failed
2018-11-08 16:51:35 Ignoring OpenVPN Status in CONNECTED state (AUTH->LEVEL_CONNECTING_SERVER_REPLIED): ,,,,,
2018-11-08 16:51:36 VERIFY OK: depth=1, CN=ChangeMe
2018-11-08 16:51:36 VERIFY KU OK
2018-11-08 16:51:36 Validating certificate extended key usage
2018-11-08 16:51:36 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2018-11-08 16:51:36 VERIFY EKU OK
2018-11-08 16:51:36 VERIFY X509NAME OK: CN=server_yILH95sjkAI3lwti
2018-11-08 16:51:36 VERIFY OK: depth=0, CN=server_yILH95sjkAI3lwti
2018-11-08 16:51:36 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
2018-11-08 16:57:20 Netzwerkstatus: SUSPENDED UNKNOWN to MOBILE web.vodafone.com
2018-11-08 16:57:20 Debug state info: SUSPENDED UNKNOWN to MOBILE web.vodafone.com, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2018-11-08 16:57:20 Debug state info: SUSPENDED UNKNOWN to MOBILE web.vodafone.com, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2018-11-08 16:57:24 Netzwerkstatus: CONNECTED EDGE to MOBILE web.vodafone.com
2018-11-08 16:57:24 Debug state info: CONNECTED EDGE to MOBILE web.vodafone.com, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2018-11-08 16:57:25 Debug state info: CONNECTED EDGE to MOBILE web.vodafone.com, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2018-11-08 16:57:25 Debug state info: CONNECTED EDGE to MOBILE web.vodafone.com, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2018-11-08 17:02:48 Netzwerkstatus: CONNECTED  to WIFI "Einhornkotze"
2018-11-08 17:02:48 Debug state info: CONNECTED  to WIFI "Einhornkotze", pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED 
2018-11-08 17:02:48 MANAGEMENT: CMD 'network-change'
2018-11-08 17:02:48 Debug state info: CONNECTED  to WIFI "Einhornkotze", pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED 
2018-11-08 17:05:12 MANAGEMENT: CMD 'signal SIGINT'
2018-11-08 17:05:12 TCP/UDP: Closing socket
2018-11-08 17:05:12 Sorry, deleting routes on Android is not possible. The VpnService API allows routes to be set on connect only.
2018-11-08 17:05:12 Sorry, deleting routes on Android is not possible. The VpnService API allows routes to be set on connect only.
2018-11-08 17:05:12 Closing TUN/TAP interface
2018-11-08 17:05:12 SIGINT[hard,] received, process exiting
2018-11-08 17:05:12 MANAGEMENT: >STATE:1541693112,EXITING,SIGINT,,,,,
2018-11-08 17:05:12 Debug state info: CONNECTED  to WIFI "Einhornkotze", pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED 
Im a total noob to VPN and specially OpenVPN and dont know what you mean with "floating". But maybe you could help me to find my way.

Fects1981
OpenVpn Newbie
Posts: 7
Joined: Sun Oct 07, 2018 7:18 pm

Re: changing network issue

Post by Fects1981 » Thu Nov 08, 2018 9:10 pm

With the app OpenVPN Connect, i get the following when i change from mobile to WiFi:

Code: Select all

22:05:46.581 -- UDP send error: send: Invalid argument

22:05:47.235 -- UDP send error: send: Invalid argument

22:05:47.501 -- UDP send error: send: Invalid argument

22:05:48.392 -- UDP send error: send: Invalid argument

22:05:51.510 -- UDP send error: send: Invalid argument

22:05:52.097 -- UDP send error: send: Invalid argument

22:05:52.248 -- UDP send error: send: Invalid argument

22:05:52.690 -- UDP send error: send: Invalid argument

22:05:52.717 -- UDP send error: send: Invalid argument

22:05:53.013 -- UDP send error: send: Invalid argument

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5026
Joined: Fri Jun 03, 2016 1:17 pm

Re: changing network issue

Post by TinCanTech » Fri Nov 09, 2018 1:25 pm

Fects1981 wrote:
Thu Nov 08, 2018 8:29 pm
dont know what you mean with "floating".
Using --float, either peer can change its IP address or port and not need to disconnect/reconnect, that is what your log is showing.

However, in your case it does not appear to be a genuine "float" due to a network change, it looks more like a network error or a hardware problem (maybe your router or Android device is damaged). I asked a developer to take a look at your log and the conclusion was "there is something wrong with your network" but we do not know what it is. We suggest you contact your network provider.

If you can't get any help you can contact me : tincanteksup <at> gmail

Fects1981
OpenVpn Newbie
Posts: 7
Joined: Sun Oct 07, 2018 7:18 pm

Re: changing network issue

Post by Fects1981 » Fri Nov 09, 2018 1:33 pm

I think i have a sort of workaround or maybe a solution. Today i played a little bit with the config, but ended again by the above config. The only thing i changed, is the remote address of the VPN server. Instead of using the name, i use now the direct IP address to connect to the server. Now the change to WiFi seems not to be no problem. I could successfully use the internet also after coming home directly. Maybe i couldn't resolve the network name remote

Code: Select all

vpn.myserver.com:1194
since that's a DynDNS address and when i use the IP directly, no resolving is needed. Im not sure if this is the solution for my problem or not, since i don't know enough about DNS in conjunction with OpenVPN, other can interpret this better as me.

Post Reply