Official client software for OpenVPN Access Server and OpenVPN Cloud.
-
silentman.it
- OpenVpn Newbie
- Posts: 3
- Joined: Tue Jul 28, 2020 6:26 am
Post
by silentman.it » Tue Jul 28, 2020 6:40 am
Hi all,
I have a VPN infrastructure working like a charm with all win7/10 clients.
Clients' profile files have a mix of ip and host name routes
e.g.:
Code: Select all
route 1.2.3.4 255.255.255.192 vpn_gateway
route my.host.here 255.255.255.255 vpn_gateway
When I import opvn profile to Android Connect and try to connect I get the following error for all the hostname routes:
Code: Select all
exception parsing IPv4 route: [route] [my.host.here] [255.255.255.255] [vpn_gateway] : addr_pair_mask_parse_error: AddrMaskPair parse error 'route': my.host.here/255.255.255.255 : ip_exception: error parsing route IP address 'my.host.here' : Invalid argument
I tried to prepend
before all routes, but the result is the same.
Any ideas?
Thanks
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Post
by TinCanTech » Tue Jul 28, 2020 10:35 am
See your Android log.
-
silentman.it
- OpenVpn Newbie
- Posts: 3
- Joined: Tue Jul 28, 2020 6:26 am
Post
by silentman.it » Tue Jul 28, 2020 2:35 pm
Here it is:
Code: Select all
14:21:48.272 -- ----- OpenVPN Start -----
14:21:48.272 -- EVENT: CORE_THREAD_ACTIVE
14:21:48.274 -- OpenVPN core 3.git:released:3e56f9a6:Release android arm64 64-bit PT_PROXY
14:21:48.274 -- Frame=512/2048/512 mssfix-ctrl=1250
14:21:48.274 -- UNUSED OPTIONS
136 [resolv-retry] [infinite]
137 [nobind]
138 [persist-key]
139 [persist-tun]
142 [tls-auth] [# # 2048 bit OpenVPN static key # -----BEGIN OpenVPN Static key ...]
144 [verb] [3]
14:21:48.275 -- EVENT: RESOLVE
14:21:48.367 -- Contacting 52.236.132.111:1194 via UDP
14:21:48.368 -- EVENT: WAIT
14:21:48.372 -- Connecting to [vpn.gateway.hostname]:1194 (xx.xx.xx.xx) via UDPv4
14:21:48.413 -- EVENT: CONNECTING
14:21:48.416 -- Tunnel Options:V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client
14:21:48.417 -- Creds: UsernameEmpty/PasswordEmpty
14:21:48.418 -- Peer Info:
IV_VER=3.git:released:3e56f9a6:Release
IV_PLAT=android
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_AUTO_SESS=1
IV_GUI_VER=net.openvpn.connect.android_3.2.2-5027
IV_SSO=openurl
14:21:48.489 -- VERIFY OK: depth=1, /CN=Easy-RSA CA
14:21:48.491 -- VERIFY OK: depth=0, /CN=server1
14:21:48.557 -- SSL Handshake: CN=server1, TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
14:21:48.558 -- Session is ACTIVE
14:21:48.560 -- EVENT: GET_CONFIG
14:21:48.564 -- Sending PUSH_REQUEST to server...
14:21:48.619 -- OPTIONS:
0 [route] [my.host.here] [255.255.255.255] [vpn_gateway]
(...80 more similar rows...)
81 [route] [nn.nn.nn.nn] [255.255.255.192]
(...50 more similar rows...)
132 [route] [10.8.0.1]
133 [topology] [net30]
134 [ping] [10]
135 [ping-restart] [120]
136 [ifconfig] [10.8.0.34] [10.8.0.33]
137 [peer-id] [5]
138 [cipher] [AES-256-GCM]
14:21:48.621 -- PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: NONE
compress: NONE
peer ID: 5
14:21:48.622 -- EVENT: ASSIGN_IP
14:21:48.626 -- exception parsing IPv4 route: [route] [my.host.here] [255.255.255.255] [vpn_gateway] : addr_pair_mask_parse_error: AddrMaskPair parse error 'route': my.host.here/255.255.255.255 : ip_exception: error parsing route IP address 'my.host.here' : Invalid argument
(...80 more similar rows...)
14:21:48.756 -- Connected via tun
14:21:48.757 -- EVENT: CONNECTED info='vpn.gateway.hostname:1194 (xx.xx.xx.xx) via /UDPv4 on tun/10.8.0.34/ gw=[10.8.0.33/]'
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Post
by TinCanTech » Tue Jul 28, 2020 3:18 pm
I can only surmise that your Android client will not resolve hostnames in routing statements.
(Using hostnames to configure routing is a bad idea anyway, never-the-less, people still try it.. )
-
silentman.it
- OpenVpn Newbie
- Posts: 3
- Joined: Tue Jul 28, 2020 6:26 am
Post
by silentman.it » Tue Jul 28, 2020 3:57 pm
For posterity:
hostname routes addition works fine in an unofficial open source OpenVPN client
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Post
by TinCanTech » Tue Jul 28, 2020 4:05 pm
They are also allowed in the official OpenVPN 2.x series client.