Official client software for OpenVPN Access Server and OpenVPN Cloud.
-
asvet
- OpenVpn Newbie
- Posts: 5
- Joined: Sat Dec 04, 2021 11:20 am
Post
by asvet » Sat Dec 04, 2021 11:32 am
Hi all,
I configured OpenVPN 2.4 the the server (Linux, standart port, UDP),
configured client on Windows computer (works well),
but cannot connect from my Android mobile phone.
Log:
Code: Select all
10:32:58.255 -- OpenVPN core 3.git::662eae9a:Release android arm64 64-bit PT_PROXY
10:32:58.255 -- Frame=512/2048/512 mssfix-ctrl=1250
10:32:58.256 -- UNUSED OPTIONS
8 [tls-cipher] [TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-1...]
11 [resolv-retry] [infinite]
12 [auth-retry] [none]
13 [nobind]
14 [persist-key]
15 [persist-tun]
18 [verb] [3]
19 [tls-client]
10:32:58.257 -- EVENT: RESOLVE
10:32:58.265 -- Contacting <IP removed>:1194 via UDP
10:32:58.266 -- EVENT: WAIT
10:32:58.268 -- Connecting to [my-server]:1194 (<IP removed>) via UDPv4
10:33:08.257 -- Server poll timeout, trying next remote entry...
10:33:08.258 -- EVENT: RECONNECTING
config file:
Code: Select all
client
dev tun
proto udp
remote my-server 1194
ca ca.crt
cert andrey-phone.crt
key andrey-phone.key
tls-version-min 1.2
cipher AES-256-CBC
auth SHA512
remote-cert-tls server
comp-lzo
tls-auth pfs.key
Same configuratins was work well on old version of OpenVPN Connect on my old phone.
Connecting from same network as computer, which connected succcessfully.
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Post
by TinCanTech » Sat Dec 04, 2021 2:23 pm
asvet wrote: ↑Sat Dec 04, 2021 11:32 am
Connecting from same network as computer, which connected succcessfully
You mean from the same network as the server ?
-
asvet
- OpenVpn Newbie
- Posts: 5
- Joined: Sat Dec 04, 2021 11:20 am
Post
by asvet » Sat Dec 04, 2021 6:47 pm
TinCanTech wrote: ↑Sat Dec 04, 2021 2:23 pm
asvet wrote: ↑Sat Dec 04, 2021 11:32 am
Connecting from same network as computer, which connected succcessfully
You mean from the same network as the server ?
Thank you for you reply.
I mean phone in the same network as windows PC which successfully connected to OpenVPN. So no problems with routers, firewalls, etc. between mobile phone and OpenVPN server.
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Post
by TinCanTech » Sat Dec 04, 2021 7:48 pm
See your server log for errors.
-
asvet
- OpenVpn Newbie
- Posts: 5
- Joined: Sat Dec 04, 2021 11:20 am
Post
by asvet » Sat Dec 04, 2021 8:03 pm
TinCanTech wrote: ↑Sat Dec 04, 2021 7:48 pm
See your server log for errors.
I can't find the log in /var/log.
server.conf:
Code: Select all
port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server.crt
key /etc/openvpn/easy-rsa/pki/private/server.key
dh /etc/openvpn/easy-rsa/pki/dh.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
tls-crypt /etc/openvpn/pfs.key 0
cipher AES-256-CBC
auth SHA512
max-clients 3
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
openvpn-status.log:
Code: Select all
TITLE,OpenVPN 2.4.11 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 21 2021
TIME,Sat Dec 4 20:00:43 2021,1638648043
HEADER,CLIENT_LIST,Common Name,Real Address,Virtual Address,Virtual IPv6 Address,Bytes Received,Bytes Sent,Connected Since,Connected Since (time_t),Username,Client ID,Peer ID
HEADER,ROUTING_TABLE,Virtual Address,Common Name,Real Address,Last Ref,Last Ref (time_t)
GLOBAL_STATS,Max bcast/mcast queue length,0
END
-
asvet
- OpenVpn Newbie
- Posts: 5
- Joined: Sat Dec 04, 2021 11:20 am
Post
by asvet » Sat Dec 04, 2021 8:18 pm
asvet wrote: ↑Sat Dec 04, 2021 8:03 pm
TinCanTech wrote: ↑Sat Dec 04, 2021 7:48 pm
See your server log for errors.
Server log.
Code: Select all
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal systemd[1]: Starting OpenVPN service for server...
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: OpenVPN 2.4.11 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal systemd[1]: Started OpenVPN service for server.
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: library versions: OpenSSL 1.0.2k-fips 26 Jan 2017, LZO 2.06
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: Diffie-Hellman initialized with 2048 bit key
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: ROUTE_GATEWAY 172.31.16.1/255.255.240.0 IFACE=eth0 HWADDR=06:64:98:78:6b:d8
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: TUN/TAP device tun0 opened
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: TUN/TAP TX queue length set to 100
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: /sbin/ip link set dev tun0 up mtu 1500
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: /sbin/ip route add 10.8.0.0/24 via 10.8.0.2
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: Socket Buffers: R=[212992->212992] S=[212992->212992]
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: UDPv4 link local (bound): [AF_INET][undef]:1194
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: UDPv4 link remote: [AF_UNSPEC]
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: GID set to nobody
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: UID set to nobody
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: MULTI: multi_init called, r=256 v=256
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: IFCONFIG POOL LIST
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: Initialization Sequence Completed
Dec 04 08:07:42 ip-xxx.us-east-2.compute.internal openvpn[22042]: <ip removed>:64465 TLS: Initial packet from [AF_INET]<ip removed>:64465, sid=c07a37eb 7d4ff2d7
Dec 04 08:07:42 ip-xxx.us-east-2.compute.internal openvpn[22042]: <ip removed>:64465 VERIFY OK: depth=1, CN=Easy-RSA CA
Dec 04 08:07:42 ip-xxx.us-east-2.compute.internal openvpn[22042]: <ip removed>:64465 VERIFY OK: depth=0, CN=andrey-laptop
Dec 04 08:07:42 ip-xxx.us-east-2.compute.internal openvpn[22042]: <ip removed>:64465 peer info: IV_VER=2.4.8
Dec 04 08:07:42 ip-xxx.us-east-2.compute.internal openvpn[22042]: <ip removed>:64465 peer info: IV_PLAT=win
Dec 04 08:07:42 ip-xxx.us-east-2.compute.internal openvpn[22042]: <ip removed>:64465 peer info: IV_PROTO=2
Dec 04 08:07:42 ip-xxx.us-east-2.compute.internal openvpn[22042]: <ip removed>:64465 peer info: IV_NCP=2
Dec 04 08:07:42 ip-xxx.us-east-2.compute.internal openvpn[22042]: <ip removed>:64465 peer info: IV_LZ4=1
Dec 04 08:07:42 ip-xxx.us-east-2.compute.internal openvpn[22042]: <ip removed>:64465 peer info: IV_LZ4v2=1
Dec 04 08:07:42 ip-xxx.us-east-2.compute.internal openvpn[22042]: <ip removed>:64465 peer info: IV_LZO=1
Dec 04 08:07:42 ip-xxx.us-east-2.compute.internal openvpn[22042]: <ip removed>:64465 peer info: IV_COMP_STUB=1
Dec 04 08:07:42 ip-xxx.us-east-2.compute.internal openvpn[22042]: <ip removed>:64465 peer info: IV_COMP_STUBv2=1
Dec 04 08:07:42 ip-xxx.us-east-2.compute.internal openvpn[22042]: <ip removed>:64465 peer info: IV_TCPNL=1
Dec 04 08:07:42 ip-xxx.us-east-2.compute.internal openvpn[22042]: <ip removed>:64465 peer info: IV_GUI_VER=OpenVPN_GUI_11
Dec 04 08:07:42 ip-xxx.us-east-2.compute.internal openvpn[22042]: <ip removed>:64465 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Dec 04 08:07:42 ip-xxx.us-east-2.compute.internal openvpn[22042]: <ip removed>:64465 [andrey-laptop] Peer Connection Initiated with [AF_INET]<ip removed>:64465
Dec 04 08:07:42 ip-xxx.us-east-2.compute.internal openvpn[22042]: andrey-laptop/<ip removed>:64465 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Dec 04 08:07:42 ip-xxx.us-east-2.compute.internal openvpn[22042]: andrey-laptop/<ip removed>:64465 MULTI: Learn: 10.8.0.6 -> andrey-laptop/<ip removed>:64465
Dec 04 08:07:42 ip-xxx.us-east-2.compute.internal openvpn[22042]: andrey-laptop/<ip removed>:64465 MULTI: primary virtual IP for andrey-laptop/<ip removed>:64465: 10.8.0.6
Dec 04 08:07:43 ip-xxx.us-east-2.compute.internal openvpn[22042]: andrey-laptop/<ip removed>:64465 PUSH: Received control message: 'PUSH_REQUEST'
Dec 04 08:07:43 ip-xxx.us-east-2.compute.internal openvpn[22042]: andrey-laptop/<ip removed>:64465 SENT CONTROL [andrey-laptop]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dh
Dec 04 08:07:43 ip-xxx.us-east-2.compute.internal openvpn[22042]: andrey-laptop/<ip removed>:64465 Data Channel: using negotiated cipher 'AES-256-GCM'
Dec 04 08:07:43 ip-xxx.us-east-2.compute.internal openvpn[22042]: andrey-laptop/<ip removed>:64465 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Dec 04 08:07:43 ip-xxx.us-east-2.compute.internal openvpn[22042]: andrey-laptop/<ip removed>:64465 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Dec 04 08:12:04 ip-xxx.us-east-2.compute.internal openvpn[22042]: andrey-laptop/<ip removed>:64465 [andrey-laptop] Inactivity timeout (--ping-restart), restarting
Dec 04 08:12:04 ip-xxx.us-east-2.compute.internal openvpn[22042]: andrey-laptop/<ip removed>:64465 SIGUSR1[soft,ping-restart] received, client-instance restarting
...
*** connection from mobile started ***
Dec 04 20:34:02 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:02 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:33030
Dec 04 20:34:03 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:03 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:33030
Dec 04 20:34:04 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:04 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:33030
Dec 04 20:34:05 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:05 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:33030
Dec 04 20:34:06 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:06 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:33030
Dec 04 20:34:07 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:07 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:33030
Dec 04 20:34:08 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:08 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:33030
Dec 04 20:34:09 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:09 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:33030
Dec 04 20:34:10 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:10 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:33030
Dec 04 20:34:11 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:11 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:33030
Dec 04 20:34:12 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:12 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:52518
Dec 04 20:34:13 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:13 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:52518
Dec 04 20:34:14 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:14 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:52518
Dec 04 20:34:15 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:15 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:52518
Dec 04 20:34:16 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:16 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:52518
Dec 04 20:34:17 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:17 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:52518
Dec 04 20:34:18 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:18 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:52518
Dec 04 20:34:19 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:19 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:52518
Dec 04 20:34:20 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:20 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:52518
Dec 04 20:34:21 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:21 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:52518
Dec 04 20:34:22 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:22 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:33484
Dec 04 20:34:23 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:23 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:33484
Dec 04 20:34:24 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:24 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:33484
Thank you, I found issue: tls-crypt on the server and tls-auth on the client
changed last line in mobile .ovpn to tls-crypt pfs.key 1
connected, but no internet
In server log:
Code: Select all
Dec 04 20:43:28 ip-xxx.us-east-2.compute.internal openvpn[22042]: andrey-phone/<ip removed>:47019 IP packet with unknown IP version=15 seen
-
asvet
- OpenVpn Newbie
- Posts: 5
- Joined: Sat Dec 04, 2021 11:20 am
Post
by asvet » Sat Dec 04, 2021 8:59 pm
Removed
Everything is working! Thank you a lot!