Slow connection from iPhone

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
EddieA
OpenVPN User
Posts: 24
Joined: Thu Jul 02, 2015 6:52 pm

Slow connection from iPhone

Post by EddieA » Fri Jun 11, 2021 7:41 pm

When connecting back to my home server from my iPhone, everything is running really, really slow. So slow that the majority of web sites I try to connect to time-out. I'm fairly sure it's not a routing issue back on the server, because there are some sites I can connect to and I also don't have any rules that would differentiate between sites.

I can also confirm it's not a cell data speed issue, because if I hot-spot my iPad to the same phone and then connect via OpenVPN on the iPad, everything runs well. I can also run NordVPN from the phone without issues and also a Wireguard VPN back to my home server.

So, the only combination seeing the issue is running OpenVPN on the iPhone.

This is an iPhone Xs Max, iOS 14.6, running OpenVPN 3.2.3.(3760) connecting to a CentOS 7.9.2009 system running OpenVPN 2.4.11-1.el7.

Any ideas where I start to investigate/debug this.

Cheers.

User avatar
TinCanTech
Forum Team
Posts: 9418
Joined: Fri Jun 03, 2016 1:17 pm

Re: Slow connection from iPhone

Post by TinCanTech » Fri Jun 11, 2021 7:56 pm

Your home server ..

EddieA
OpenVPN User
Posts: 24
Joined: Thu Jul 02, 2015 6:52 pm

Re: Slow connection from iPhone

Post by EddieA » Fri Jun 11, 2021 9:21 pm

If that were the case, then running OpenVPN on the iPad connected to the hotspot on the iPhone would have the same issue. It doesn't.

Cheers.

User avatar
TinCanTech
Forum Team
Posts: 9418
Joined: Fri Jun 03, 2016 1:17 pm

Re: Slow connection from iPhone

Post by TinCanTech » Fri Jun 11, 2021 10:04 pm

It was a suggestion ..

Try this: viewtopic.php?f=30&t=22603

EddieA
OpenVPN User
Posts: 24
Joined: Thu Jul 02, 2015 6:52 pm

Re: Slow connection from iPhone

Post by EddieA » Sat Jun 12, 2021 8:47 pm

Here are the configs and logs:
Server Config

dev tunrw
server 192.168.160.0 255.255.255.0
push "redirect-gateway def1"
ifconfig-pool-persist host-to-net.pool 0
# UDP server
port 1194
proto udp
topology subnet

client-connect /usr/libexec/nethserver/openvpn-connect
client-disconnect /usr/libexec/nethserver/openvpn-disconnect
script-security 3
float
multihome
dh /var/lib/nethserver/certs/dh1024.pem
ca /etc/pki/tls/certs/NSRV.crt
cert /etc/pki/tls/certs/NSRV.crt
key /etc/pki/tls/private/NSRV.key
crl-verify /var/lib/nethserver/certs/crl.pem
push "dhcp-option DOMAIN BogoLinux.net"
push "dhcp-option DNS 192.168.160.1"
push "dhcp-option WINS 192.168.160.1"
push "dhcp-option NBDD 192.168.160.1"
push "dhcp-option NBT 2"
push "route 192.168.0.0 255.255.255.0"


# Authentication: certificate

status /var/log/openvpn/host-to-net-status.log
log-append /var/log/openvpn/openvpn.log

passtos
keepalive 20 120
client-config-dir ccd
persist-key
persist-tun
management /var/spool/openvpn/host-to-net unix
verb 4


And

Client Config

dev tun
client
remote MyDomain.net
port 1194
proto udp
explicit-exit-notify 1
float
# Authentication: certificate
<cert>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
</key>
<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>
verb 4
persist-key
persist-tun
nobind
passtos


Now the Server log:

Code: Select all

Sat Jun 12 13:24:38 2021 us=411976 Current Parameter Settings:
Sat Jun 12 13:24:38 2021 us=412053   config = 'host-to-net.conf'
Sat Jun 12 13:24:38 2021 us=412062   mode = 1
Sat Jun 12 13:24:38 2021 us=412069   persist_config = DISABLED
Sat Jun 12 13:24:38 2021 us=412075   persist_mode = 1
Sat Jun 12 13:24:38 2021 us=412081   show_ciphers = DISABLED
Sat Jun 12 13:24:38 2021 us=412086   show_digests = DISABLED
Sat Jun 12 13:24:38 2021 us=412092   show_engines = DISABLED
Sat Jun 12 13:24:38 2021 us=412098   genkey = DISABLED
Sat Jun 12 13:24:38 2021 us=412104   key_pass_file = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412109   show_tls_ciphers = DISABLED
Sat Jun 12 13:24:38 2021 us=412115   connect_retry_max = 0
Sat Jun 12 13:24:38 2021 us=412121 Connection profiles [0]:
Sat Jun 12 13:24:38 2021 us=412127   proto = udp
Sat Jun 12 13:24:38 2021 us=412141   local = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412148   local_port = '1194'
Sat Jun 12 13:24:38 2021 us=412154   remote = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412159   remote_port = '1194'
Sat Jun 12 13:24:38 2021 us=412165   remote_float = ENABLED
Sat Jun 12 13:24:38 2021 us=412171   bind_defined = DISABLED
Sat Jun 12 13:24:38 2021 us=412177   bind_local = ENABLED
Sat Jun 12 13:24:38 2021 us=412182   bind_ipv6_only = DISABLED
Sat Jun 12 13:24:38 2021 us=412188   connect_retry_seconds = 5
Sat Jun 12 13:24:38 2021 us=412194   connect_timeout = 120
Sat Jun 12 13:24:38 2021 us=412200   socks_proxy_server = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412206   socks_proxy_port = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412211   tun_mtu = 1500
Sat Jun 12 13:24:38 2021 us=412217   tun_mtu_defined = ENABLED
Sat Jun 12 13:24:38 2021 us=412223   link_mtu = 1500
Sat Jun 12 13:24:38 2021 us=412229   link_mtu_defined = DISABLED
Sat Jun 12 13:24:38 2021 us=412234   tun_mtu_extra = 0
Sat Jun 12 13:24:38 2021 us=412240   tun_mtu_extra_defined = DISABLED
Sat Jun 12 13:24:38 2021 us=412246   mtu_discover_type = -1
Sat Jun 12 13:24:38 2021 us=412252   fragment = 0
Sat Jun 12 13:24:38 2021 us=412257   mssfix = 1450
Sat Jun 12 13:24:38 2021 us=412263   explicit_exit_notification = 0
Sat Jun 12 13:24:38 2021 us=412269 Connection profiles END
Sat Jun 12 13:24:38 2021 us=412275   remote_random = DISABLED
Sat Jun 12 13:24:38 2021 us=412280   ipchange = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412286   dev = 'tunrw'
Sat Jun 12 13:24:38 2021 us=412292   dev_type = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412297   dev_node = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412303   lladdr = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412309   topology = 3
Sat Jun 12 13:24:38 2021 us=412314   ifconfig_local = '192.168.160.1'
Sat Jun 12 13:24:38 2021 us=412320   ifconfig_remote_netmask = '255.255.255.0'
Sat Jun 12 13:24:38 2021 us=412334   ifconfig_noexec = DISABLED
Sat Jun 12 13:24:38 2021 us=412340   ifconfig_nowarn = DISABLED
Sat Jun 12 13:24:38 2021 us=412346   ifconfig_ipv6_local = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412352   ifconfig_ipv6_netbits = 0
Sat Jun 12 13:24:38 2021 us=412358   ifconfig_ipv6_remote = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412364   shaper = 0
Sat Jun 12 13:24:38 2021 us=412369   mtu_test = 0
Sat Jun 12 13:24:38 2021 us=412375   mlock = DISABLED
Sat Jun 12 13:24:38 2021 us=412381   keepalive_ping = 20
Sat Jun 12 13:24:38 2021 us=412387   keepalive_timeout = 120
Sat Jun 12 13:24:38 2021 us=412392   inactivity_timeout = 0
Sat Jun 12 13:24:38 2021 us=412398   ping_send_timeout = 20
Sat Jun 12 13:24:38 2021 us=412404   ping_rec_timeout = 240
Sat Jun 12 13:24:38 2021 us=412410   ping_rec_timeout_action = 2
Sat Jun 12 13:24:38 2021 us=412416   ping_timer_remote = DISABLED
Sat Jun 12 13:24:38 2021 us=412422   remap_sigusr1 = 0
Sat Jun 12 13:24:38 2021 us=412428   persist_tun = ENABLED
Sat Jun 12 13:24:38 2021 us=412433   persist_local_ip = DISABLED
Sat Jun 12 13:24:38 2021 us=412439   persist_remote_ip = DISABLED
Sat Jun 12 13:24:38 2021 us=412445   persist_key = ENABLED
Sat Jun 12 13:24:38 2021 us=412451   passtos = ENABLED
Sat Jun 12 13:24:38 2021 us=412457   resolve_retry_seconds = 1000000000
Sat Jun 12 13:24:38 2021 us=412463   resolve_in_advance = DISABLED
Sat Jun 12 13:24:38 2021 us=412469   username = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412474   groupname = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412480   chroot_dir = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412486   cd_dir = '/etc/openvpn/'
Sat Jun 12 13:24:38 2021 us=412492   selinux_context = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412498   writepid = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412504   up_script = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412509   down_script = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412515   down_pre = DISABLED
Sat Jun 12 13:24:38 2021 us=412521   up_restart = DISABLED
Sat Jun 12 13:24:38 2021 us=412527   up_delay = DISABLED
Sat Jun 12 13:24:38 2021 us=412533   daemon = DISABLED
Sat Jun 12 13:24:38 2021 us=412538   inetd = 0
Sat Jun 12 13:24:38 2021 us=412544   log = ENABLED
Sat Jun 12 13:24:38 2021 us=412550   suppress_timestamps = DISABLED
Sat Jun 12 13:24:38 2021 us=412556   machine_readable_output = DISABLED
Sat Jun 12 13:24:38 2021 us=412561   nice = 0
Sat Jun 12 13:24:38 2021 us=412567   verbosity = 4
Sat Jun 12 13:24:38 2021 us=412573   mute = 0
Sat Jun 12 13:24:38 2021 us=412578   gremlin = 0
Sat Jun 12 13:24:38 2021 us=412584   status_file = '/var/log/openvpn/host-to-net-status.log'
Sat Jun 12 13:24:38 2021 us=412590   status_file_version = 1
Sat Jun 12 13:24:38 2021 us=412595   status_file_update_freq = 60
Sat Jun 12 13:24:38 2021 us=412601   occ = ENABLED
Sat Jun 12 13:24:38 2021 us=412607   rcvbuf = 0
Sat Jun 12 13:24:38 2021 us=412612   sndbuf = 0
Sat Jun 12 13:24:38 2021 us=412618   mark = 0
Sat Jun 12 13:24:38 2021 us=412624   sockflags = 1
Sat Jun 12 13:24:38 2021 us=412629   fast_io = DISABLED
Sat Jun 12 13:24:38 2021 us=412635   comp.alg = 0
Sat Jun 12 13:24:38 2021 us=412641   comp.flags = 0
Sat Jun 12 13:24:38 2021 us=412647   route_script = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412653   route_default_gateway = '192.168.160.2'
Sat Jun 12 13:24:38 2021 us=412659   route_default_metric = 0
Sat Jun 12 13:24:38 2021 us=412664   route_noexec = DISABLED
Sat Jun 12 13:24:38 2021 us=412670   route_delay = 0
Sat Jun 12 13:24:38 2021 us=412676   route_delay_window = 30
Sat Jun 12 13:24:38 2021 us=412682   route_delay_defined = DISABLED
Sat Jun 12 13:24:38 2021 us=412688   route_nopull = DISABLED
Sat Jun 12 13:24:38 2021 us=412693   route_gateway_via_dhcp = DISABLED
Sat Jun 12 13:24:38 2021 us=412699   allow_pull_fqdn = DISABLED
Sat Jun 12 13:24:38 2021 us=412705   management_addr = '/var/spool/openvpn/host-to-net'
Sat Jun 12 13:24:38 2021 us=412711   management_port = 'unix'
Sat Jun 12 13:24:38 2021 us=412717   management_user_pass = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412725   management_log_history_cache = 250
Sat Jun 12 13:24:38 2021 us=412733   management_echo_buffer_size = 100
Sat Jun 12 13:24:38 2021 us=412741   management_write_peer_info_file = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412747   management_client_user = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412753   management_client_group = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412759   management_flags = 256
Sat Jun 12 13:24:38 2021 us=412765   shared_secret_file = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412771   key_direction = not set
Sat Jun 12 13:24:38 2021 us=412777   ciphername = 'BF-CBC'
Sat Jun 12 13:24:38 2021 us=412783   ncp_enabled = ENABLED
Sat Jun 12 13:24:38 2021 us=412789   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Sat Jun 12 13:24:38 2021 us=412794   authname = 'SHA1'
Sat Jun 12 13:24:38 2021 us=412800   prng_hash = 'SHA1'
Sat Jun 12 13:24:38 2021 us=412806   prng_nonce_secret_len = 16
Sat Jun 12 13:24:38 2021 us=412812   keysize = 0
Sat Jun 12 13:24:38 2021 us=412818   engine = DISABLED
Sat Jun 12 13:24:38 2021 us=412824   replay = ENABLED
Sat Jun 12 13:24:38 2021 us=412830   mute_replay_warnings = DISABLED
Sat Jun 12 13:24:38 2021 us=412836   replay_window = 64
Sat Jun 12 13:24:38 2021 us=412842   replay_time = 15
Sat Jun 12 13:24:38 2021 us=412848   packet_id_file = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412853   use_iv = ENABLED
Sat Jun 12 13:24:38 2021 us=412859   test_crypto = DISABLED
Sat Jun 12 13:24:38 2021 us=412865   tls_server = ENABLED
Sat Jun 12 13:24:38 2021 us=412871   tls_client = DISABLED
Sat Jun 12 13:24:38 2021 us=412876   key_method = 2
Sat Jun 12 13:24:38 2021 us=412882   ca_file = '/etc/pki/tls/certs/NSRV.crt'
Sat Jun 12 13:24:38 2021 us=412888   ca_path = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412894   dh_file = '/var/lib/nethserver/certs/dh1024.pem'
Sat Jun 12 13:24:38 2021 us=412900   cert_file = '/etc/pki/tls/certs/NSRV.crt'
Sat Jun 12 13:24:38 2021 us=412906   extra_certs_file = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412912   priv_key_file = '/etc/pki/tls/private/NSRV.key'
Sat Jun 12 13:24:38 2021 us=412917   pkcs12_file = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412923   cipher_list = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412929   cipher_list_tls13 = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412935   tls_cert_profile = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412940   tls_verify = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412946   tls_export_cert = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412952   verify_x509_type = 0
Sat Jun 12 13:24:38 2021 us=412957   verify_x509_name = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412963   crl_file = '/var/lib/nethserver/certs/crl.pem'
Sat Jun 12 13:24:38 2021 us=412969   ns_cert_type = 0
Sat Jun 12 13:24:38 2021 us=412975   remote_cert_ku[i] = 0
Sat Jun 12 13:24:38 2021 us=412981   remote_cert_ku[i] = 0
Sat Jun 12 13:24:38 2021 us=412986   remote_cert_ku[i] = 0
Sat Jun 12 13:24:38 2021 us=412992   remote_cert_ku[i] = 0
Sat Jun 12 13:24:38 2021 us=412998   remote_cert_ku[i] = 0
Sat Jun 12 13:24:38 2021 us=413003   remote_cert_ku[i] = 0
Sat Jun 12 13:24:38 2021 us=413009   remote_cert_ku[i] = 0
Sat Jun 12 13:24:38 2021 us=413015   remote_cert_ku[i] = 0
Sat Jun 12 13:24:38 2021 us=413021   remote_cert_ku[i] = 0
Sat Jun 12 13:24:38 2021 us=413026   remote_cert_ku[i] = 0
Sat Jun 12 13:24:38 2021 us=413032   remote_cert_ku[i] = 0
Sat Jun 12 13:24:38 2021 us=413038   remote_cert_ku[i] = 0
Sat Jun 12 13:24:38 2021 us=413043   remote_cert_ku[i] = 0
Sat Jun 12 13:24:38 2021 us=413049   remote_cert_ku[i] = 0
Sat Jun 12 13:24:38 2021 us=413054   remote_cert_ku[i] = 0
Sat Jun 12 13:24:38 2021 us=413060   remote_cert_ku[i] = 0
Sat Jun 12 13:24:38 2021 us=413066   remote_cert_eku = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=413071   ssl_flags = 0
Sat Jun 12 13:24:38 2021 us=413077   tls_timeout = 2
Sat Jun 12 13:24:38 2021 us=413083   renegotiate_bytes = -1
Sat Jun 12 13:24:38 2021 us=413089   renegotiate_packets = 0
Sat Jun 12 13:24:38 2021 us=413095   renegotiate_seconds = 3600
Sat Jun 12 13:24:38 2021 us=413100   handshake_window = 60
Sat Jun 12 13:24:38 2021 us=413106   transition_window = 3600
Sat Jun 12 13:24:38 2021 us=413114   single_session = DISABLED
Sat Jun 12 13:24:38 2021 us=413120   push_peer_info = DISABLED
Sat Jun 12 13:24:38 2021 us=413126   tls_exit = DISABLED
Sat Jun 12 13:24:38 2021 us=413135   tls_auth_file = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=413142   tls_crypt_file = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=413149   pkcs11_protected_authentication = DISABLED
Sat Jun 12 13:24:38 2021 us=413156   pkcs11_protected_authentication = DISABLED
Sat Jun 12 13:24:38 2021 us=413161   pkcs11_protected_authentication = DISABLED
Sat Jun 12 13:24:38 2021 us=413167   pkcs11_protected_authentication = DISABLED
Sat Jun 12 13:24:38 2021 us=413173   pkcs11_protected_authentication = DISABLED
Sat Jun 12 13:24:38 2021 us=413179   pkcs11_protected_authentication = DISABLED
Sat Jun 12 13:24:38 2021 us=413184   pkcs11_protected_authentication = DISABLED
Sat Jun 12 13:24:38 2021 us=413190   pkcs11_protected_authentication = DISABLED
Sat Jun 12 13:24:38 2021 us=413196   pkcs11_protected_authentication = DISABLED
Sat Jun 12 13:24:38 2021 us=413201   pkcs11_protected_authentication = DISABLED
Sat Jun 12 13:24:38 2021 us=413207   pkcs11_protected_authentication = DISABLED
Sat Jun 12 13:24:38 2021 us=413213   pkcs11_protected_authentication = DISABLED
Sat Jun 12 13:24:38 2021 us=413218   pkcs11_protected_authentication = DISABLED
Sat Jun 12 13:24:38 2021 us=413224   pkcs11_protected_authentication = DISABLED
Sat Jun 12 13:24:38 2021 us=413229   pkcs11_protected_authentication = DISABLED
Sat Jun 12 13:24:38 2021 us=413235   pkcs11_protected_authentication = DISABLED
Sat Jun 12 13:24:38 2021 us=413241   pkcs11_private_mode = 00000000
Sat Jun 12 13:24:38 2021 us=413247   pkcs11_private_mode = 00000000
Sat Jun 12 13:24:38 2021 us=413253   pkcs11_private_mode = 00000000
Sat Jun 12 13:24:38 2021 us=413258   pkcs11_private_mode = 00000000
Sat Jun 12 13:24:38 2021 us=413264   pkcs11_private_mode = 00000000
Sat Jun 12 13:24:38 2021 us=413270   pkcs11_private_mode = 00000000
Sat Jun 12 13:24:38 2021 us=413276   pkcs11_private_mode = 00000000
Sat Jun 12 13:24:38 2021 us=413281   pkcs11_private_mode = 00000000
Sat Jun 12 13:24:38 2021 us=413287   pkcs11_private_mode = 00000000
Sat Jun 12 13:24:38 2021 us=413292   pkcs11_private_mode = 00000000
Sat Jun 12 13:24:38 2021 us=413298   pkcs11_private_mode = 00000000
Sat Jun 12 13:24:38 2021 us=413304   pkcs11_private_mode = 00000000
Sat Jun 12 13:24:38 2021 us=413309   pkcs11_private_mode = 00000000
Sat Jun 12 13:24:38 2021 us=413315   pkcs11_private_mode = 00000000
Sat Jun 12 13:24:38 2021 us=413321   pkcs11_private_mode = 00000000
Sat Jun 12 13:24:38 2021 us=413326   pkcs11_private_mode = 00000000
Sat Jun 12 13:24:38 2021 us=413332   pkcs11_cert_private = DISABLED
Sat Jun 12 13:24:38 2021 us=413337   pkcs11_cert_private = DISABLED
Sat Jun 12 13:24:38 2021 us=413343   pkcs11_cert_private = DISABLED
Sat Jun 12 13:24:38 2021 us=413349   pkcs11_cert_private = DISABLED
Sat Jun 12 13:24:38 2021 us=413354   pkcs11_cert_private = DISABLED
Sat Jun 12 13:24:38 2021 us=413360   pkcs11_cert_private = DISABLED
Sat Jun 12 13:24:38 2021 us=413365   pkcs11_cert_private = DISABLED
Sat Jun 12 13:24:38 2021 us=413371   pkcs11_cert_private = DISABLED
Sat Jun 12 13:24:38 2021 us=413377   pkcs11_cert_private = DISABLED
Sat Jun 12 13:24:38 2021 us=413382   pkcs11_cert_private = DISABLED
Sat Jun 12 13:24:38 2021 us=413388   pkcs11_cert_private = DISABLED
Sat Jun 12 13:24:38 2021 us=413394   pkcs11_cert_private = DISABLED
Sat Jun 12 13:24:38 2021 us=413399   pkcs11_cert_private = DISABLED
Sat Jun 12 13:24:38 2021 us=413405   pkcs11_cert_private = DISABLED
Sat Jun 12 13:24:38 2021 us=413410   pkcs11_cert_private = DISABLED
Sat Jun 12 13:24:38 2021 us=413416   pkcs11_cert_private = DISABLED
Sat Jun 12 13:24:38 2021 us=413422   pkcs11_pin_cache_period = -1
Sat Jun 12 13:24:38 2021 us=413428   pkcs11_id = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=413434   pkcs11_id_management = DISABLED
Sat Jun 12 13:24:38 2021 us=413440   server_network = 192.168.160.0
Sat Jun 12 13:24:38 2021 us=413447   server_netmask = 255.255.255.0
Sat Jun 12 13:24:38 2021 us=413459   server_network_ipv6 = ::
Sat Jun 12 13:24:38 2021 us=413465   server_netbits_ipv6 = 0
Sat Jun 12 13:24:38 2021 us=413472   server_bridge_ip = 0.0.0.0
Sat Jun 12 13:24:38 2021 us=413478   server_bridge_netmask = 0.0.0.0
Sat Jun 12 13:24:38 2021 us=413485   server_bridge_pool_start = 0.0.0.0
Sat Jun 12 13:24:38 2021 us=413491   server_bridge_pool_end = 0.0.0.0
Sat Jun 12 13:24:38 2021 us=413497   push_entry = 'redirect-gateway def1'
Sat Jun 12 13:24:38 2021 us=413503   push_entry = 'dhcp-option DOMAIN MyDomain.net'
Sat Jun 12 13:24:38 2021 us=413509   push_entry = 'dhcp-option DNS 192.168.160.1'
Sat Jun 12 13:24:38 2021 us=413515   push_entry = 'dhcp-option WINS 192.168.160.1'
Sat Jun 12 13:24:38 2021 us=413520   push_entry = 'dhcp-option NBDD 192.168.160.1'
Sat Jun 12 13:24:38 2021 us=413526   push_entry = 'dhcp-option NBT 2'
Sat Jun 12 13:24:38 2021 us=413532   push_entry = 'route 192.168.0.0 255.255.255.0'
Sat Jun 12 13:24:38 2021 us=413538   push_entry = 'route-gateway 192.168.160.1'
Sat Jun 12 13:24:38 2021 us=413544   push_entry = 'topology subnet'
Sat Jun 12 13:24:38 2021 us=413550   push_entry = 'ping 20'
Sat Jun 12 13:24:38 2021 us=413555   push_entry = 'ping-restart 120'
Sat Jun 12 13:24:38 2021 us=413561   ifconfig_pool_defined = ENABLED
Sat Jun 12 13:24:38 2021 us=413568   ifconfig_pool_start = 192.168.160.2
Sat Jun 12 13:24:38 2021 us=413574   ifconfig_pool_end = 192.168.160.253
Sat Jun 12 13:24:38 2021 us=413583   ifconfig_pool_netmask = 255.255.255.0
Sat Jun 12 13:24:38 2021 us=413589   ifconfig_pool_persist_filename = 'host-to-net.pool'
Sat Jun 12 13:24:38 2021 us=413595   ifconfig_pool_persist_refresh_freq = 0
Sat Jun 12 13:24:38 2021 us=413601   ifconfig_ipv6_pool_defined = DISABLED
Sat Jun 12 13:24:38 2021 us=413608   ifconfig_ipv6_pool_base = ::
Sat Jun 12 13:24:38 2021 us=413614   ifconfig_ipv6_pool_netbits = 0
Sat Jun 12 13:24:38 2021 us=413620   n_bcast_buf = 256
Sat Jun 12 13:24:38 2021 us=413626   tcp_queue_limit = 64
Sat Jun 12 13:24:38 2021 us=413631   real_hash_size = 256
Sat Jun 12 13:24:38 2021 us=413637   virtual_hash_size = 256
Sat Jun 12 13:24:38 2021 us=413643   client_connect_script = '/usr/libexec/nethserver/openvpn-connect'
Sat Jun 12 13:24:38 2021 us=413649   learn_address_script = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=413655   client_disconnect_script = '/usr/libexec/nethserver/openvpn-disconnect'
Sat Jun 12 13:24:38 2021 us=413661   client_config_dir = 'ccd'
Sat Jun 12 13:24:38 2021 us=413667   ccd_exclusive = DISABLED
Sat Jun 12 13:24:38 2021 us=413673   tmp_dir = '/tmp'
Sat Jun 12 13:24:38 2021 us=413679   push_ifconfig_defined = DISABLED
Sat Jun 12 13:24:38 2021 us=413685   push_ifconfig_local = 0.0.0.0
Sat Jun 12 13:24:38 2021 us=413692   push_ifconfig_remote_netmask = 0.0.0.0
Sat Jun 12 13:24:38 2021 us=413698   push_ifconfig_ipv6_defined = DISABLED
Sat Jun 12 13:24:38 2021 us=413704   push_ifconfig_ipv6_local = ::/0
Sat Jun 12 13:24:38 2021 us=413710   push_ifconfig_ipv6_remote = ::
Sat Jun 12 13:24:38 2021 us=413716   enable_c2c = DISABLED
Sat Jun 12 13:24:38 2021 us=413722   duplicate_cn = DISABLED
Sat Jun 12 13:24:38 2021 us=413728   cf_max = 0
Sat Jun 12 13:24:38 2021 us=413734   cf_per = 0
Sat Jun 12 13:24:38 2021 us=413740   max_clients = 1024
Sat Jun 12 13:24:38 2021 us=413746   max_routes_per_client = 256
Sat Jun 12 13:24:38 2021 us=413752   auth_user_pass_verify_script = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=413758   auth_user_pass_verify_script_via_file = DISABLED
Sat Jun 12 13:24:38 2021 us=413764   auth_token_generate = DISABLED
Sat Jun 12 13:24:38 2021 us=413769   auth_token_lifetime = 0
Sat Jun 12 13:24:38 2021 us=413775   port_share_host = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=413781   port_share_port = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=413787   client = DISABLED
Sat Jun 12 13:24:38 2021 us=413793   pull = DISABLED
Sat Jun 12 13:24:38 2021 us=413799   auth_user_pass_file = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=413808 OpenVPN 2.4.11 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 21 2021
Sat Jun 12 13:24:38 2021 us=413822 library versions: OpenSSL 1.0.2k-fips  26 Jan 2017, LZO 2.06
Sat Jun 12 13:24:38 2021 us=413934 MANAGEMENT: unix domain socket listening on /var/spool/openvpn/host-to-net
Sat Jun 12 13:24:38 2021 us=421869 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Sat Jun 12 13:24:38 2021 us=421887 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Jun 12 13:24:38 2021 us=422594 Diffie-Hellman initialized with 1024 bit key
Sat Jun 12 13:24:38 2021 us=423143 CRL: loaded 1 CRLs from file /var/lib/nethserver/certs/crl.pem
Sat Jun 12 13:24:38 2021 us=423194 TLS-Auth MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Sat Jun 12 13:24:38 2021 us=423546 TUN/TAP device tunrw opened
Sat Jun 12 13:24:38 2021 us=423608 TUN/TAP TX queue length set to 100
Sat Jun 12 13:24:38 2021 us=423623 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sat Jun 12 13:24:38 2021 us=423638 /sbin/ip link set dev tunrw up mtu 1500
Sat Jun 12 13:24:38 2021 us=424906 /sbin/ip addr add dev tunrw 192.168.160.1/24 broadcast 192.168.160.255
Sat Jun 12 13:24:38 2021 us=426068 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Sat Jun 12 13:24:38 2021 us=426112 Could not determine IPv4/IPv6 protocol. Using AF_INET
Sat Jun 12 13:24:38 2021 us=426142 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sat Jun 12 13:24:38 2021 us=426174 UDPv4 link local (bound): [AF_INET][undef]:1194
Sat Jun 12 13:24:38 2021 us=426188 UDPv4 link remote: [AF_UNSPEC]
Sat Jun 12 13:24:38 2021 us=426212 MULTI: multi_init called, r=256 v=256
Sat Jun 12 13:24:38 2021 us=426248 IFCONFIG POOL: base=192.168.160.2 size=252, ipv6=0
Sat Jun 12 13:24:38 2021 us=426269 ifconfig_pool_read(), in='', TODO: IPv6
Sat Jun 12 13:24:38 2021 us=426283 IFCONFIG POOL LIST
Sat Jun 12 13:24:38 2021 us=426375 Initialization Sequence Completed
Sat Jun 12 13:25:10 2021 us=197831 MULTI: multi_create_instance called
Sat Jun 12 13:25:10 2021 us=197969 172.58.19.52:55554 Re-using SSL/TLS context
Sat Jun 12 13:25:10 2021 us=198246 172.58.19.52:55554 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Sat Jun 12 13:25:10 2021 us=198281 172.58.19.52:55554 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Sat Jun 12 13:25:10 2021 us=198335 172.58.19.52:55554 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sat Jun 12 13:25:10 2021 us=198352 172.58.19.52:55554 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sat Jun 12 13:25:10 2021 us=198527 172.58.19.52:55554 TLS: Initial packet from [AF_INET]172.58.19.52:55554 (via [AF_INET]192.168.0.254%br0), sid=e2151b15 da0fc665
Sat Jun 12 13:25:10 2021 us=512311 172.58.19.52:55554 VERIFY OK: depth=1, CN=NethServer, O=MyDomain, ST=CA, emailAddress=admin@MyDomain.net, subjectAltName=*.MyDomain.net, OU=Main, C=US, L=Los Angeles
Sat Jun 12 13:25:10 2021 us=512592 172.58.19.52:55554 VERIFY OK: depth=0, C=--, ST=SomeState, L=Los Angeles, O=MyDomain, OU=SomeDepartment, CN=eddie@MyDomain.net, emailAddress=admin@Nethserver.MyDomain.net
Sat Jun 12 13:25:10 2021 us=831730 172.58.19.52:55554 peer info: IV_VER=3.git::58b92569
Sat Jun 12 13:25:10 2021 us=831782 172.58.19.52:55554 peer info: IV_PLAT=ios
Sat Jun 12 13:25:10 2021 us=831799 172.58.19.52:55554 peer info: IV_NCP=2
Sat Jun 12 13:25:10 2021 us=831812 172.58.19.52:55554 peer info: IV_TCPNL=1
Sat Jun 12 13:25:10 2021 us=831826 172.58.19.52:55554 peer info: IV_PROTO=2
Sat Jun 12 13:25:10 2021 us=831839 172.58.19.52:55554 peer info: IV_AUTO_SESS=1
Sat Jun 12 13:25:10 2021 us=831854 172.58.19.52:55554 peer info: IV_GUI_VER=net.openvpn.connect.ios_3.2.3-3760
Sat Jun 12 13:25:10 2021 us=831881 172.58.19.52:55554 peer info: IV_SSO=openurl
Sat Jun 12 13:25:10 2021 us=831896 172.58.19.52:55554 peer info: IV_BS64DL=1
Sat Jun 12 13:25:10 2021 us=909044 172.58.19.52:55554 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sat Jun 12 13:25:10 2021 us=909115 172.58.19.52:55554 [eddie@MyDomain.net] Peer Connection Initiated with [AF_INET]172.58.19.52:55554 (via [AF_INET]192.168.0.254%br0)
Sat Jun 12 13:25:10 2021 us=909183 eddie@MyDomain.net/172.58.19.52:55554 MULTI_sva: pool returned IPv4=192.168.160.2, IPv6=(Not enabled)
Sat Jun 12 13:25:11 2021 us=172667 eddie@MyDomain.net/172.58.19.52:55554 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_371393219abcfc05164e4adb283898f.tmp
Sat Jun 12 13:25:11 2021 us=172847 eddie@MyDomain.net/172.58.19.52:55554 MULTI: Learn: 192.168.160.2 -> eddie@MyDomain.net/172.58.19.52:55554
Sat Jun 12 13:25:11 2021 us=172874 eddie@MyDomain.net/172.58.19.52:55554 MULTI: primary virtual IP for eddie@MyDomain.net/172.58.19.52:55554: 192.168.160.2
Sat Jun 12 13:25:11 2021 us=173197 eddie@MyDomain.net/172.58.19.52:55554 PUSH: Received control message: 'PUSH_REQUEST'
Sat Jun 12 13:25:11 2021 us=173284 eddie@MyDomain.net/172.58.19.52:55554 SENT CONTROL [eddie@MyDomain.net]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DOMAIN MyDomain.net,dhcp-option DNS 192.168.160.1,dhcp-option WINS 192.168.160.1,dhcp-option NBDD 192.168.160.1,dhcp-option NBT 2,route 192.168.0.0 255.255.255.0,route-gateway 192.168.160.1,topology subnet,ping 20,ping-restart 120,ifconfig 192.168.160.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
Sat Jun 12 13:25:11 2021 us=173307 eddie@MyDomain.net/172.58.19.52:55554 Data Channel: using negotiated cipher 'AES-256-GCM'
Sat Jun 12 13:25:11 2021 us=173333 eddie@MyDomain.net/172.58.19.52:55554 Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
Sat Jun 12 13:25:11 2021 us=173456 eddie@MyDomain.net/172.58.19.52:55554 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Jun 12 13:25:11 2021 us=173490 eddie@MyDomain.net/172.58.19.52:55554 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Jun 12 13:27:48 2021 us=812090 eddie@MyDomain.net/172.58.19.52:55554 SIGTERM[soft,remote-exit] received, client-instance exiting
And the Client log:

Code: Select all

2021-06-12 13:25:09 1

2021-06-12 13:25:09 ----- OpenVPN Start -----
OpenVPN core 3.git::58b92569 ios arm64 64-bit

2021-06-12 13:25:09 OpenVPN core 3.git::58b92569 ios arm64 64-bit

2021-06-12 13:25:09 Frame=512/2048/512 mssfix-ctrl=1250

2021-06-12 13:25:09 UNUSED OPTIONS
5 [explicit-exit-notify] [1] 
10 [verb] [4] 
11 [persist-key] 
12 [persist-tun] 
13 [nobind] 
14 [passtos] 

2021-06-12 13:25:09 EVENT: RESOLVE

2021-06-12 13:25:10 Contacting [aaa.184.10.zzz]:1194/UDP via UDP

2021-06-12 13:25:10 EVENT: WAIT

2021-06-12 13:25:10 Connecting to [MyDomain.net]:1194 (aaa.184.10.zzz) via UDPv4

2021-06-12 13:25:10 EVENT: CONNECTING

2021-06-12 13:25:10 Tunnel Options:V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client

2021-06-12 13:25:10 Creds: UsernameEmpty/PasswordEmpty

2021-06-12 13:25:10 Peer Info:
IV_VER=3.git::58b92569
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_AUTO_SESS=1
IV_GUI_VER=net.openvpn.connect.ios_3.2.3-3760
IV_SSO=openurl
IV_BS64DL=1


2021-06-12 13:25:10 VERIFY OK: depth=0, /CN=NethServer/O=MyDomain/ST=CA/emailAddress=admin@MyDomain.net/subjectAltName=*.MyDomain.net/OU=Main/C=US/L=Los Angeles

2021-06-12 13:25:10 SSL Handshake: CN=NethServer, TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA

2021-06-12 13:25:10 Session is ACTIVE

2021-06-12 13:25:10 EVENT: GET_CONFIG

2021-06-12 13:25:10 Sending PUSH_REQUEST to server...

2021-06-12 13:25:11 OPTIONS:
0 [redirect-gateway] [def1] 
1 [dhcp-option] [DOMAIN] [MyDomain.net] 
2 [dhcp-option] [DNS] [192.168.160.1] 
3 [dhcp-option] [WINS] [192.168.160.1] 
4 [dhcp-option] [NBDD] [192.168.160.1] 
5 [dhcp-option] [NBT] [2] 
6 [route] [192.168.0.0] [255.255.255.0] 
7 [route-gateway] [192.168.160.1] 
8 [topology] [subnet] 
9 [ping] [20] 
10 [ping-restart] [120] 
11 [ifconfig] [192.168.160.2] [255.255.255.0] 
12 [peer-id] [0] 
13 [cipher] [AES-256-GCM] 


2021-06-12 13:25:11 PROTOCOL OPTIONS:
  cipher: AES-256-GCM
  digest: NONE
  compress: NONE
  peer ID: 0

2021-06-12 13:25:11 EVENT: ASSIGN_IP

2021-06-12 13:25:11 NIP: preparing TUN network settings

2021-06-12 13:25:11 NIP: init TUN network settings with endpoint: aaa.184.10.zzz

2021-06-12 13:25:11 NIP: adding IPv4 address to network settings 192.168.160.2/255.255.255.0

2021-06-12 13:25:11 NIP: adding (included) IPv4 route 192.168.160.0/24

2021-06-12 13:25:11 NIP: adding (included) IPv4 route 192.168.0.0/24

2021-06-12 13:25:11 NIP: redirecting all IPv4 traffic to TUN interface

2021-06-12 13:25:11 NIP: adding match domain MyDomain.net

2021-06-12 13:25:11 NIP: adding DNS 192.168.160.1

2021-06-12 13:25:11 Connected via NetworkExtensionTUN

2021-06-12 13:25:11 EVENT: CONNECTED MyDomain.net:1194 (aaa.184.10.zzz) via /UDPv4 on NetworkExtensionTUN/192.168.160.2/ gw=[/]


2021-06-12 13:27:48 EVENT: DISCONNECTED

2021-06-12 13:27:48 Raw stats on disconnect:
  BYTES_IN : 499862
  BYTES_OUT : 153984
  PACKETS_IN : 708
  PACKETS_OUT : 656
  TUN_BYTES_IN : 134904
  TUN_BYTES_OUT : 480565
  TUN_PACKETS_IN : 644
  TUN_PACKETS_OUT : 698

2021-06-12 13:27:48 Performance stats on disconnect:
  CPU usage (microseconds): 481285
  Tunnel compression ratio (uplink): 1.14143
  Tunnel compression ratio (downlink): 1.04015
  Network bytes per CPU second: 1358542
  Tunnel bytes per CPU second: 1278803
*** Update ***
I forgot to add, that the exact same configuration is pushed to the iPad where I don't see any issues.

Cheers.
Last edited by EddieA on Sat Jun 12, 2021 9:08 pm, edited 1 time in total.

User avatar
TinCanTech
Forum Team
Posts: 9418
Joined: Fri Jun 03, 2016 1:17 pm

Re: Slow connection from iPhone

Post by TinCanTech » Sat Jun 12, 2021 9:08 pm

It looks like openvpn is working as it should.

EddieA
OpenVPN User
Posts: 24
Joined: Thu Jul 02, 2015 6:52 pm

Re: Slow connection from iPhone

Post by EddieA » Sat Jun 12, 2021 9:31 pm

Exactly, that's why I'm so confused. It works great from devices attached to the iPhone, just not on the iPhone itself.

Now, where's the "hair tearing" icon.

Cheers.

User avatar
TinCanTech
Forum Team
Posts: 9418
Joined: Fri Jun 03, 2016 1:17 pm

Re: Slow connection from iPhone

Post by TinCanTech » Sat Jun 12, 2021 10:20 pm

Try using a real DNS server eg 1.1.1.1 through your VPN.

Post Reply