dropped responses on Android, but PC VPN connection is just fine

Post Reply
vpnconnectPro
OpenVpn Newbie
Posts: 3
Joined: Sun Sep 29, 2019 10:05 am

dropped responses on Android, but PC VPN connection is just fine

Post by vpnconnectPro » Sun Sep 29, 2019 10:15 am

My vpn client config works just fine on my Mac OSX, but has some issues via Android. I can connect on Android, go to google and query what my IP is and see that it is coming from the VPN server, but anything I try to access on AWS and quite a few other sites gets the response dropped/aborted.

My VPN server is hosted on AWS, and also pushes the subnet for our VPC. Works great on Mac via tunneblick, no issues there.

Not only cannot the Android client access the private subnets, it can't even access public networks hosted on AWS.... well it can't receive the response. I can see in the apache logs for services on the private subnet in AWS that the android client connects and receives a success response from the server, but it's timing out on Chrome on Android ... not getting the response there.

I checked the server logs and the exact same config is being push to the OSX client and the Android client.

OSX connection:
Sep 29 02:29:21 ip-10-33-90-199 openvpn[7267]: client/xx.xx.xx.xxx:56003 SENT CONTROL [client]: 'PUSH_REPLY,route 10.33.0.0 255.255.0.0,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.1.9.1,topology net30,ping 10,ping-restart 120,ifconfig 10.1.9.10 10.1.9.9,peer-id 1,cipher AES-256-GCM' (status=1)
Sep 29 02:29:21 ip-10-33-90-199 openvpn[7267]: client/xx.xx.xx.xxx:56003 Data Channel: using negotiated cipher 'AES-256-GCM'
Sep 29 02:29:21 ip-10-33-90-199 openvpn[7267]: client/xx.xx.xx.xxx:56003 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sep 29 02:29:21 ip-10-33-90-199 openvpn[7267]: client/xx.xx.xx.xxx:56003 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

Android:
Sep 29 02:31:29 ip-10-33-90-199 openvpn[7267]: client/xx.xx.xx.xxx:40477 SENT CONTROL [client]: 'PUSH_REPLY,route 10.33.0.0 255.255.0.0,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.1.9.1,topology net30,ping 10,ping-restart 120,ifconfig 10.1.9.14 10.1.9.13,peer-id 2,cipher AES-256-GCM' (status=1)
Sep 29 02:31:29 ip-10-33-90-199 openvpn[7267]: client/xx.xx.xx.xxx:40477 Data Channel: using negotiated cipher 'AES-256-GCM'
Sep 29 02:31:29 ip-10-33-90-199 openvpn[7267]: client/xx.xx.xx.xxx:40477 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sep 29 02:31:29 ip-10-33-90-199 openvpn[7267]: client/xx.xx.xx.xxx:40477 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

How can I debug what the difference is in the connection between Android and OSX? they are using the exact same .opvn config.
Last edited by vpnconnectPro on Sun Sep 29, 2019 11:16 am, edited 1 time in total.

vpnconnectPro
OpenVpn Newbie
Posts: 3
Joined: Sun Sep 29, 2019 10:05 am

Re: dropped responses from AWS on Android, but PC connection is just fine

Post by vpnconnectPro » Sun Sep 29, 2019 11:15 am

And also, what's the difference between connecting to https://serverfault.com and https://google.com ? I can access both when connected to VPN on my Mac, but I can't access serverfault on Android OpenVPN ... just times out.

Take this for instance, tried a host without SSL and a DNS just to remove a few variables from the equation.
http://151.101.65.69/

Should respond with "Fastly error: unknown domain: 151.101.65.69. Please check that this domain has been added to a service.Details: cache-sea1042-SEA" and does respond while connect to VPN on my Mac, but there is absolutely no response when connect to VPN on Android .. just hangs.

vpnconnectPro
OpenVpn Newbie
Posts: 3
Joined: Sun Sep 29, 2019 10:05 am

Re: dropped responses on Android, but PC VPN connection is just fine

Post by vpnconnectPro » Mon Sep 30, 2019 4:08 am

SOLUTION: Should anyone else read this. Issue had to do with compression. We were using lz4, which doesn't seem supported on Android or iOS. Disabled compression and everything works fine on Android/iOS/andMacOSX.

definetly a hard bug to solve, cause there's no error message, and accessing some websites work while others don't. If this helps you, please let me know!

shakrat
OpenVpn Newbie
Posts: 2
Joined: Fri Oct 04, 2019 10:19 pm

Re: dropped responses on Android, but PC VPN connection is just fine

Post by shakrat » Tue Oct 08, 2019 9:38 pm

Hello

Can you tell me how you disable the compression.

I tried leaving the parameter empty on the client, but nothing, the log seems to be using anyway.

This is the client config on the android and apple device

client
keepalive 10 60
remote-cert-tls server
compress
dev tun
proto udp
port 1194
cipher AES-128-CBC

This is part of the log from the openvpn

16:15:04.325 -- Tunnel Options:V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client

Says comp-lzo

I tried some others configs but I don't know how to check if the compression is present.

Thanks

Post Reply