dropped responses on Android, but PC VPN connection is just fine
Posted: Sun Sep 29, 2019 10:15 am
My vpn client config works just fine on my Mac OSX, but has some issues via Android. I can connect on Android, go to google and query what my IP is and see that it is coming from the VPN server, but anything I try to access on AWS and quite a few other sites gets the response dropped/aborted.
My VPN server is hosted on AWS, and also pushes the subnet for our VPC. Works great on Mac via tunneblick, no issues there.
Not only cannot the Android client access the private subnets, it can't even access public networks hosted on AWS.... well it can't receive the response. I can see in the apache logs for services on the private subnet in AWS that the android client connects and receives a success response from the server, but it's timing out on Chrome on Android ... not getting the response there.
I checked the server logs and the exact same config is being push to the OSX client and the Android client.
OSX connection:
Sep 29 02:29:21 ip-10-33-90-199 openvpn[7267]: client/xx.xx.xx.xxx:56003 SENT CONTROL [client]: 'PUSH_REPLY,route 10.33.0.0 255.255.0.0,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.1.9.1,topology net30,ping 10,ping-restart 120,ifconfig 10.1.9.10 10.1.9.9,peer-id 1,cipher AES-256-GCM' (status=1)
Sep 29 02:29:21 ip-10-33-90-199 openvpn[7267]: client/xx.xx.xx.xxx:56003 Data Channel: using negotiated cipher 'AES-256-GCM'
Sep 29 02:29:21 ip-10-33-90-199 openvpn[7267]: client/xx.xx.xx.xxx:56003 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sep 29 02:29:21 ip-10-33-90-199 openvpn[7267]: client/xx.xx.xx.xxx:56003 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Android:
Sep 29 02:31:29 ip-10-33-90-199 openvpn[7267]: client/xx.xx.xx.xxx:40477 SENT CONTROL [client]: 'PUSH_REPLY,route 10.33.0.0 255.255.0.0,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.1.9.1,topology net30,ping 10,ping-restart 120,ifconfig 10.1.9.14 10.1.9.13,peer-id 2,cipher AES-256-GCM' (status=1)
Sep 29 02:31:29 ip-10-33-90-199 openvpn[7267]: client/xx.xx.xx.xxx:40477 Data Channel: using negotiated cipher 'AES-256-GCM'
Sep 29 02:31:29 ip-10-33-90-199 openvpn[7267]: client/xx.xx.xx.xxx:40477 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sep 29 02:31:29 ip-10-33-90-199 openvpn[7267]: client/xx.xx.xx.xxx:40477 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
How can I debug what the difference is in the connection between Android and OSX? they are using the exact same .opvn config.
My VPN server is hosted on AWS, and also pushes the subnet for our VPC. Works great on Mac via tunneblick, no issues there.
Not only cannot the Android client access the private subnets, it can't even access public networks hosted on AWS.... well it can't receive the response. I can see in the apache logs for services on the private subnet in AWS that the android client connects and receives a success response from the server, but it's timing out on Chrome on Android ... not getting the response there.
I checked the server logs and the exact same config is being push to the OSX client and the Android client.
OSX connection:
Sep 29 02:29:21 ip-10-33-90-199 openvpn[7267]: client/xx.xx.xx.xxx:56003 SENT CONTROL [client]: 'PUSH_REPLY,route 10.33.0.0 255.255.0.0,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.1.9.1,topology net30,ping 10,ping-restart 120,ifconfig 10.1.9.10 10.1.9.9,peer-id 1,cipher AES-256-GCM' (status=1)
Sep 29 02:29:21 ip-10-33-90-199 openvpn[7267]: client/xx.xx.xx.xxx:56003 Data Channel: using negotiated cipher 'AES-256-GCM'
Sep 29 02:29:21 ip-10-33-90-199 openvpn[7267]: client/xx.xx.xx.xxx:56003 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sep 29 02:29:21 ip-10-33-90-199 openvpn[7267]: client/xx.xx.xx.xxx:56003 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Android:
Sep 29 02:31:29 ip-10-33-90-199 openvpn[7267]: client/xx.xx.xx.xxx:40477 SENT CONTROL [client]: 'PUSH_REPLY,route 10.33.0.0 255.255.0.0,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.1.9.1,topology net30,ping 10,ping-restart 120,ifconfig 10.1.9.14 10.1.9.13,peer-id 2,cipher AES-256-GCM' (status=1)
Sep 29 02:31:29 ip-10-33-90-199 openvpn[7267]: client/xx.xx.xx.xxx:40477 Data Channel: using negotiated cipher 'AES-256-GCM'
Sep 29 02:31:29 ip-10-33-90-199 openvpn[7267]: client/xx.xx.xx.xxx:40477 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sep 29 02:31:29 ip-10-33-90-199 openvpn[7267]: client/xx.xx.xx.xxx:40477 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
How can I debug what the difference is in the connection between Android and OSX? they are using the exact same .opvn config.