Can't connect IOS to openvpn server on port 443

Post Reply
NasKar
OpenVPN User
Posts: 12
Joined: Tue Nov 01, 2016 10:54 pm

Can't connect IOS to openvpn server on port 443

Post by NasKar » Mon Oct 23, 2017 2:39 am

I'm running an openvpn server on pfsense 2.4.0. On port 443 to get around hotels blocking my connections. I tried a server with TCP but get a tcp packet size error. So I'm trying UDP instead and can't connect either. Here is my openvpn log from pfsense set to verbosity 11

Code: Select all

Oct 22 22:28:08	openvpn	9525	I/O WAIT TR|Tw|SR|Sw [10/0]
Oct 22 22:28:08	openvpn	9525	PO_CTL rwflags=0x0001 ev=4 arg=0x006a5d08
Oct 22 22:28:08	openvpn	9525	PO_CTL rwflags=0x0001 ev=5 arg=0x006a5d04
Oct 22 22:28:08	openvpn	9525	PO_CTL rwflags=0x0001 ev=6 arg=0x006a6ea0
Oct 22 22:28:08	openvpn	9525	SCHEDULE: schedule_find_least NULL
Oct 22 22:28:08	openvpn	9525	GET INST BY VIRT: 172.16.16.1 [failed]
Oct 22 22:28:08	openvpn	9525	read from TUN/TAP returned 28
Oct 22 22:28:08	openvpn	9525	MULTI: REAP range 144 -> 160
Oct 22 22:28:08	openvpn	9525	I/O WAIT status=0x0004
Oct 22 22:28:08	openvpn	9525	event_wait returned 1
Oct 22 22:28:08	openvpn	9525	PO_WAIT[1,0] fd=5 rev=0x00000001 rwflags=0x0001 arg=0x006a5d04
Oct 22 22:28:07	openvpn	9525	I/O WAIT TR|Tw|SR|Sw [10/0]
Oct 22 22:28:07	openvpn	9525	PO_CTL rwflags=0x0001 ev=4 arg=0x006a5d08
Oct 22 22:28:07	openvpn	9525	PO_CTL rwflags=0x0001 ev=5 arg=0x006a5d04
Oct 22 22:28:07	openvpn	9525	PO_CTL rwflags=0x0001 ev=6 arg=0x006a6ea0
Oct 22 22:28:07	openvpn	9525	SCHEDULE: schedule_find_least NULL
Oct 22 22:28:07	openvpn	9525	GET INST BY VIRT: 172.16.16.1 [failed]
Oct 22 22:28:07	openvpn	9525	read from TUN/TAP returned 28
Oct 22 22:28:07	openvpn	9525	I/O WAIT status=0x0004
Oct 22 22:28:07	openvpn	9525	event_wait returned 1
Oct 22 22:28:07	openvpn	9525	PO_WAIT[1,0] fd=5 rev=0x00000001 rwflags=0x0001 arg=0x006a5d04
Oct 22 22:28:07	openvpn	9525	I/O WAIT TR|Tw|SR|Sw [10/0]
Oct 22 22:28:07	openvpn	9525	PO_CTL rwflags=0x0001 ev=4 arg=0x006a5d08
Oct 22 22:28:07	openvpn	9525	PO_CTL rwflags=0x0001 ev=5 arg=0x006a5d04
Oct 22 22:28:07	openvpn	9525	PO_CTL rwflags=0x0001 ev=6 arg=0x006a6ea0
Oct 22 22:28:07	openvpn	9525	SCHEDULE: schedule_find_least NULL
Oct 22 22:28:07	openvpn	9525	GET INST BY VIRT: 172.16.16.1 [failed]
Oct 22 22:28:07	openvpn	9525	read from TUN/TAP returned 28
Oct 22 22:28:07	openvpn	9525	MULTI: REAP range 128 -> 144
Oct 22 22:28:07	openvpn	9525	I/O WAIT status=0x0004
Oct 22 22:28:07	openvpn	9525	event_wait returned 1
Oct 22 22:28:07	openvpn	9525	PO_WAIT[1,0] fd=5 rev=0x00000001 rwflags=0x0001 arg=0x006a5d04
Oct 22 22:28:06	openvpn	9525	I/O WAIT TR|Tw|SR|Sw [10/0]
Oct 22 22:28:06	openvpn	9525	PO_CTL rwflags=0x0001 ev=4 arg=0x006a5d08
Oct 22 22:28:06	openvpn	9525	PO_CTL rwflags=0x0001 ev=5 arg=0x006a5d04
Oct 22 22:28:06	openvpn	9525	PO_CTL rwflags=0x0001 ev=6 arg=0x006a6ea0
Oct 22 22:28:06	openvpn	9525	SCHEDULE: schedule_find_least NULL
Oct 22 22:28:06	openvpn	9525	GET INST BY VIRT: 172.16.16.1 [failed]
Oct 22 22:28:06	openvpn	9525	read from TUN/TAP returned 28
Oct 22 22:28:06	openvpn	9525	I/O WAIT status=0x0004
Oct 22 22:28:06	openvpn	9525	event_wait returned 1
Oct 22 22:28:06	openvpn	9525	PO_WAIT[1,0] fd=5 rev=0x00000001 rwflags=0x0001 arg=0x006a5d04
Oct 22 22:28:06	openvpn	9525	I/O WAIT TR|Tw|SR|Sw [10/0]
Oct 22 22:28:06	openvpn	9525	PO_CTL rwflags=0x0001 ev=4 arg=0x006a5d08
Oct 22 22:28:06	openvpn	9525	PO_CTL rwflags=0x0001 ev=5 arg=0x006a5d04
Oct 22 22:28:06	openvpn	9525	PO_CTL rwflags=0x0001 ev=6 arg=0x006a6ea0
Oct 22 22:28:06	openvpn	9525	SCHEDULE: schedule_find_least NULL
Oct 22 22:28:06	openvpn	9525	GET INST BY VIRT: 172.16.16.1 [failed]
Oct 22 22:28:06	openvpn	9525	read from TUN/TAP returned 28
Oct 22 22:28:06	openvpn	9525	MULTI: REAP range 112 -> 128
Oct 22 22:28:06	openvpn	9525	I/O WAIT status=0x0004
Oct 22 22:28:06	openvpn	9525	event_wait returned 1
Oct 22 22:28:06	openvpn	9525	PO_WAIT[1,0] fd=5 rev=0x00000001 rwflags=0x0001 arg=0x006a5d04
Oct 22 22:28:05	openvpn	9525	I/O WAIT TR|Tw|SR|Sw [10/0]
Oct 22 22:28:05	openvpn	9525	PO_CTL rwflags=0x0001 ev=4 arg=0x006a5d08
Oct 22 22:28:05	openvpn	9525	PO_CTL rwflags=0x0001 ev=5 arg=0x006a5d04
Oct 22 22:28:05	openvpn	9525	PO_CTL rwflags=0x0001 ev=6 arg=0x006a6ea0
Oct 22 22:28:05	openvpn	9525	SCHEDULE: schedule_find_least NULL
Oct 22 22:28:05	openvpn	9525	GET INST BY VIRT: 172.16.16.1 [failed]
Oct 22 22:28:05	openvpn	9525	read from TUN/TAP returned 28
Oct 22 22:28:05	openvpn	9525	I/O WAIT status=0x0004
Oct 22 22:28:05	openvpn	9525	event_wait returned 1
Oct 22 22:28:05	openvpn	9525	PO_WAIT[1,0] fd=5 rev=0x00000001 rwflags=0x0001 arg=0x006a5d04
Oct 22 22:28:05	openvpn	9525	I/O WAIT TR|Tw|SR|Sw [10/0]
Oct 22 22:28:05	openvpn	9525	PO_CTL rwflags=0x0001 ev=4 arg=0x006a5d08
Oct 22 22:28:05	openvpn	9525	PO_CTL rwflags=0x0001 ev=5 arg=0x006a5d04
Oct 22 22:28:05	openvpn	9525	PO_CTL rwflags=0x0001 ev=6 arg=0x006a6ea0
Oct 22 22:28:05	openvpn	9525	SCHEDULE: schedule_find_least NULL
Oct 22 22:28:05	openvpn	9525	GET INST BY VIRT: 172.16.16.1 [failed]
Oct 22 22:28:05	openvpn	9525	read from TUN/TAP returned 28
Oct 22 22:28:05	openvpn	9525	MULTI: REAP range 96 -> 112
Oct 22 22:28:05	openvpn	9525	I/O WAIT status=0x0004
Oct 22 22:28:05	openvpn	9525	event_wait returned 1
Oct 22 22:28:05	openvpn	9525	PO_WAIT[1,0] fd=5 rev=0x00000001 rwflags=0x0001 arg=0x006a5d04
Oct 22 22:28:04	openvpn	9525	I/O WAIT TR|Tw|SR|Sw [10/0]
Oct 22 22:28:04	openvpn	9525	PO_CTL rwflags=0x0001 ev=4 arg=0x006a5d08
Oct 22 22:28:04	openvpn	9525	PO_CTL rwflags=0x0001 ev=5 arg=0x006a5d04
Oct 22 22:28:04	openvpn	9525	PO_CTL rwflags=0x0001 ev=6 arg=0x006a6ea0
Oct 22 22:28:04	openvpn	9525	SCHEDULE: schedule_find_least NULL
Oct 22 22:28:04	openvpn	9525	GET INST BY VIRT: 172.16.16.1 [failed]
Oct 22 22:28:04	openvpn	9525	read from TUN/TAP returned 28
Oct 22 22:28:04	openvpn	9525	I/O WAIT status=0x0004
Oct 22 22:28:04	openvpn	9525	event_wait returned 1
Oct 22 22:28:04	openvpn	9525	PO_WAIT[1,0] fd=5 rev=0x00000001 rwflags=0x0001 arg=0x006a5d04
Oct 22 22:28:04	openvpn	9525	I/O WAIT TR|Tw|SR|Sw [10/0]
Oct 22 22:28:04	openvpn	9525	PO_CTL rwflags=0x0001 ev=4 arg=0x006a5d08
Oct 22 22:28:04	openvpn	9525	PO_CTL rwflags=0x0001 ev=5 arg=0x006a5d04
Oct 22 22:28:04	openvpn	9525	PO_CTL rwflags=0x0001 ev=6 arg=0x006a6ea0
Oct 22 22:28:04	openvpn	9525	SCHEDULE: schedule_find_least NULL
Oct 22 22:28:04	openvpn	9525	GET INST BY VIRT: 172.16.16.1 [failed]
Oct 22 22:28:04	openvpn	9525	read from TUN/TAP returned 28
Oct 22 22:28:04	openvpn	9525	MULTI: REAP range 80 -> 96
Oct 22 22:28:04	openvpn	9525	I/O WAIT status=0x0004
Oct 22 22:28:04	openvpn	9525	event_wait returned 1
Oct 22 22:28:04	openvpn	9525	PO_WAIT[1,0] fd=5 rev=0x00000001 rwflags=0x0001 arg=0x006a5d04
Oct 22 22:28:03	openvpn	9525	I/O WAIT TR|Tw|SR|Sw [10/0]
Oct 22 22:28:03	openvpn	9525	PO_CTL rwflags=0x0001 ev=4 arg=0x006a5d08
Oct 22 22:28:03	openvpn	9525	PO_CTL rwflags=0x0001 ev=5 arg=0x006a5d04
Oct 22 22:28:03	openvpn	9525	PO_CTL rwflags=0x0001 ev=6 arg=0x006a6ea0
Oct 22 22:28:03	openvpn	9525	SCHEDULE: schedule_find_least NULL
the openvpn ios client shows these errors

Code: Select all

2017-10-22 22:19:36 SetTunnelSocket returned 1
2017-10-22 22:19:36 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via UDPv4
2017-10-22 22:19:46 EVENT: CONNECTION_TIMEOUT [ERR]
2017-10-22 22:19:46 EVENT: DISCONNECTED
2017-10-22 22:19:46 Raw stats on disconnect:
  BYTES_OUT : 3240
  PACKETS_OUT : 60
  CONNECTION_TIMEOUT : 1
  N_RECONNECT : 5
2017-10-22 22:19:46 Performance stats on disconnect:
  CPU usage (microseconds): 51103
  Network bytes per CPU second: 63401
  Tunnel bytes per CPU second: 0
2017-10-22 22:19:46 EVENT: DISCONNECT_PENDING
2017-10-22 22:19:46 ----- OpenVPN Stop -----
2017-10-22 22:20:47 ----- OpenVPN Start -----
OpenVPN core 3.1.2 ios arm64 64-bit built on Dec  5 2016 12:50:25
2017-10-22 22:20:47 Frame=512/2048/512 mssfix-ctrl=1250
2017-10-22 22:20:47 UNUSED OPTIONS
0 [persist-tun] 
1 [persist-key] 
3 [ncp-ciphers] [AES-256-GCM:AES-128-GCM] 
5 [tls-client] 
8 [lport] [0] 
9 [verify-x509-name] [plex2_cert] [name] 

2017-10-22 22:20:47 EVENT: RESOLVE
2017-10-22 22:20:47 Contacting x.x.x.x:443 via UDP
2017-10-22 22:20:47 EVENT: WAIT
.ovpn file

Code: Select all

persist-tun
persist-key
cipher AES-256-CBC
ncp-ciphers AES-256-GCM:AES-128-GCM
auth SHA256
tls-client
client
remote xxxx.ddns.net 443 udp
lport 0
verify-x509-name "plex2_cert" name
remote-cert-tls server
comp-lzo adaptive

<ca>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----

-----END PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----

-----END OpenVPN Static key V1-----
</tls-auth>
key-direction 1
If you need more information let me know where to find it and I'll post it. Thanks for the help.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 3243
Joined: Fri Jun 03, 2016 1:17 pm

Re: Can't connect IOS to openvpn server on port 443

Post by TinCanTech » Mon Oct 23, 2017 10:52 am

UDP port 443 has nothing to do with HTTPS and will probably be blocked.
(Your log above appears to confirm that it is blocked)

TCP port 443 should work well, what is the error you get.

Please see:
HOWTO: Request Help !

NasKar
OpenVPN User
Posts: 12
Joined: Tue Nov 01, 2016 10:54 pm

Re: Can't connect IOS to openvpn server on port 443

Post by NasKar » Mon Oct 23, 2017 12:43 pm

The setup that the logs are from is from my cell phone connecting with the cellular service using port 443 UDP. So if the logs say it's blocked it's probably a problem with my firewall rules. Will have to redo the server/client when I get home to give you the exact error message but if was something like "TCP packet size error".

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 3243
Joined: Fri Jun 03, 2016 1:17 pm

Re: Can't connect IOS to openvpn server on port 443

Post by TinCanTech » Mon Oct 23, 2017 6:43 pm

Sounds like compression .. make sure the setting for --comp-lzo matches both sides.

NasKar
OpenVPN User
Posts: 12
Joined: Tue Nov 01, 2016 10:54 pm

Re: Can't connect IOS to openvpn server on port 443

Post by NasKar » Tue Oct 24, 2017 12:41 am

both are using the same compression comp-lzo adaptive as far as I can tell.
Still getting tpc_size_error

Server Configuration file

Code: Select all

dev ovpns2
verb 4
dev-type tun
dev-node /dev/tun2
writepid /var/run/openvpn_server2.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto tcp4-server
cipher AES-256-CBC
auth SHA256
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local x.x.x.x
tls-server
server 172.16.4.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc/server2
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'plex2_cert' 1"
lport 443
management /var/etc/openvpn/server2.sock unix
max-clients 10
push "route 192.168.5.1 255.255.255.0"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
push "redirect-gateway def1"
client-to-client
ca /var/etc/openvpn/server2.ca 
cert /var/etc/openvpn/server2.cert 
key /var/etc/openvpn/server2.key 
dh /etc/dh-parameters.2048
tls-auth /var/etc/openvpn/server2.tls-auth 0
ncp-ciphers AES-256-CBC
comp-lzo adaptive
persist-remote-ip
float
topology subnet
Server Log File

Code: Select all

Oct 23 20:30:18	openvpn	21712	MANAGEMENT: Client disconnected
Oct 23 20:30:18	openvpn	21712	MANAGEMENT: CMD 'quit'
Oct 23 20:30:18	openvpn	21712	MANAGEMENT: CMD 'status 2'
Oct 23 20:30:18	openvpn	21712	MANAGEMENT: Client connected from /var/etc/openvpn/server2.sock
Oct 23 20:30:18	openvpn	61689	MANAGEMENT: Client disconnected
Oct 23 20:30:18	openvpn	61689	MANAGEMENT: CMD 'quit'
Oct 23 20:30:18	openvpn	61689	MANAGEMENT: CMD 'status 2'
Oct 23 20:30:17	openvpn	61689	MANAGEMENT: Client connected from /var/etc/openvpn/server4.sock
Oct 23 20:29:16	openvpn	21712	MANAGEMENT: Client disconnected
Oct 23 20:29:16	openvpn	21712	MANAGEMENT: CMD 'quit'
Oct 23 20:29:16	openvpn	21712	MANAGEMENT: CMD 'status 2'
Oct 23 20:29:15	openvpn	21712	MANAGEMENT: Client connected from /var/etc/openvpn/server2.sock
Oct 23 20:29:15	openvpn	61689	MANAGEMENT: Client disconnected
Oct 23 20:29:15	openvpn	61689	MANAGEMENT: CMD 'quit'
Oct 23 20:29:15	openvpn	61689	MANAGEMENT: CMD 'status 2'
Oct 23 20:29:15	openvpn	61689	MANAGEMENT: Client connected from /var/etc/openvpn/server4.sock
Oct 23 20:28:13	openvpn	21712	MANAGEMENT: Client disconnected
Oct 23 20:28:13	openvpn	21712	MANAGEMENT: CMD 'quit'
Oct 23 20:28:13	openvpn	21712	MANAGEMENT: CMD 'status 2'
Oct 23 20:28:13	openvpn	21712	MANAGEMENT: Client connected from /var/etc/openvpn/server2.sock
Oct 23 20:28:13	openvpn	61689	MANAGEMENT: Client disconnected
Oct 23 20:28:13	openvpn	61689	MANAGEMENT: CMD 'quit'
Oct 23 20:28:13	openvpn	61689	MANAGEMENT: CMD 'status 2'
Oct 23 20:28:13	openvpn	61689	MANAGEMENT: Client connected from /var/etc/openvpn/server4.sock
Oct 23 20:27:11	openvpn	21712	MANAGEMENT: Client disconnected
Oct 23 20:27:11	openvpn	21712	MANAGEMENT: CMD 'quit'
Oct 23 20:27:11	openvpn	21712	MANAGEMENT: CMD 'status 2'
Oct 23 20:27:11	openvpn	21712	MANAGEMENT: Client connected from /var/etc/openvpn/server2.sock
Oct 23 20:27:11	openvpn	61689	MANAGEMENT: Client disconnected
Oct 23 20:27:11	openvpn	61689	MANAGEMENT: CMD 'quit'
Oct 23 20:27:10	openvpn	61689	MANAGEMENT: CMD 'status 2'
Oct 23 20:27:10	openvpn	61689	MANAGEMENT: Client connected from /var/etc/openvpn/server4.sock
Oct 23 20:26:09	openvpn	21712	MANAGEMENT: Client disconnected
Oct 23 20:26:09	openvpn	21712	MANAGEMENT: CMD 'quit'
Oct 23 20:26:08	openvpn	21712	MANAGEMENT: CMD 'status 2'
Oct 23 20:26:08	openvpn	21712	MANAGEMENT: Client connected from /var/etc/openvpn/server2.sock
Oct 23 20:26:08	openvpn	61689	MANAGEMENT: Client disconnected
Oct 23 20:26:08	openvpn	61689	MANAGEMENT: CMD 'quit'
Oct 23 20:26:08	openvpn	61689	MANAGEMENT: CMD 'status 2'
Oct 23 20:26:08	openvpn	61689	MANAGEMENT: Client connected from /var/etc/openvpn/server4.sock
Oct 23 20:25:06	openvpn	21712	MANAGEMENT: Client disconnected
Oct 23 20:25:06	openvpn	21712	MANAGEMENT: CMD 'quit'
Oct 23 20:25:06	openvpn	21712	MANAGEMENT: CMD 'status 2'
Oct 23 20:25:06	openvpn	21712	MANAGEMENT: Client connected from /var/etc/openvpn/server2.sock
Oct 23 20:25:06	openvpn	61689	MANAGEMENT: Client disconnected
Oct 23 20:25:06	openvpn	61689	MANAGEMENT: CMD 'quit'
Oct 23 20:25:06	openvpn	61689	MANAGEMENT: CMD 'status 2'
Oct 23 20:25:05	openvpn	61689	MANAGEMENT: Client connected from /var/etc/openvpn/server4.sock
Oct 23 20:24:04	openvpn	21712	MANAGEMENT: Client disconnected
Oct 23 20:24:04	openvpn	21712	MANAGEMENT: CMD 'quit'
Oct 23 20:24:04	openvpn	21712	MANAGEMENT: CMD 'status 2'
Oct 23 20:24:03	openvpn	21712	MANAGEMENT: Client connected from /var/etc/openvpn/server2.sock
Oct 23 20:24:03	openvpn	61689	MANAGEMENT: Client disconnected
Oct 23 20:24:03	openvpn	61689	MANAGEMENT: CMD 'quit'
Oct 23 20:24:03	openvpn	61689	MANAGEMENT: CMD 'status 2'
Oct 23 20:24:03	openvpn	61689	MANAGEMENT: Client connected from /var/etc/openvpn/server4.sock
Oct 23 20:23:01	openvpn	21712	MANAGEMENT: Client disconnected
Oct 23 20:23:01	openvpn	21712	MANAGEMENT: CMD 'quit'
Oct 23 20:23:01	openvpn	21712	MANAGEMENT: CMD 'status 2'
Oct 23 20:23:01	openvpn	21712	MANAGEMENT: Client connected from /var/etc/openvpn/server2.sock
Oct 23 20:23:01	openvpn	61689	MANAGEMENT: Client disconnected
Oct 23 20:23:01	openvpn	61689	MANAGEMENT: CMD 'quit'
Oct 23 20:23:01	openvpn	61689	MANAGEMENT: CMD 'status 2'
Oct 23 20:23:01	openvpn	61689	MANAGEMENT: Client connected from /var/etc/openvpn/server4.sock
Oct 23 20:21:59	openvpn	21712	MANAGEMENT: Client disconnected
Oct 23 20:21:59	openvpn	21712	MANAGEMENT: CMD 'quit'
Oct 23 20:21:59	openvpn	21712	MANAGEMENT: CMD 'status 2'
Oct 23 20:21:59	openvpn	21712	MANAGEMENT: Client connected from /var/etc/openvpn/server2.sock
Oct 23 20:21:59	openvpn	61689	MANAGEMENT: Client disconnected
Oct 23 20:21:59	openvpn	61689	MANAGEMENT: CMD 'quit'
Oct 23 20:21:58	openvpn	61689	MANAGEMENT: CMD 'status 2'
Oct 23 20:21:58	openvpn	61689	MANAGEMENT: Client connected from /var/etc/openvpn/server4.sock
Oct 23 20:20:57	openvpn	21712	MANAGEMENT: Client disconnected
Oct 23 20:20:57	openvpn	21712	MANAGEMENT: CMD 'quit'
Oct 23 20:20:56	openvpn	21712	MANAGEMENT: CMD 'status 2'
Oct 23 20:20:56	openvpn	21712	MANAGEMENT: Client connected from /var/etc/openvpn/server2.sock
Oct 23 20:20:56	openvpn	61689	MANAGEMENT: Client disconnected
Oct 23 20:20:56	openvpn	61689	MANAGEMENT: CMD 'quit'
Oct 23 20:20:56	openvpn	61689	MANAGEMENT: CMD 'status 2'
Oct 23 20:20:56	openvpn	61689	MANAGEMENT: Client connected from /var/etc/openvpn/server4.sock
Oct 23 20:20:19	openvpn	21389	Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Oct 23 20:20:19	openvpn	21389	Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Oct 23 20:20:19	openvpn	21389	Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Oct 23 20:20:19	openvpn	21389	VERIFY OK: depth=0, C=US, ST=VPN, L=VPN, O=VPN, OU=VPN, CN=vpn, name=VPN
Oct 23 20:20:19	openvpn	21389	VERIFY EKU OK
Oct 23 20:20:19	openvpn	21389	++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Oct 23 20:20:19	openvpn	21389	Validating certificate extended key usage
Oct 23 20:20:19	openvpn	21389	VERIFY KU OK
Oct 23 20:20:19	openvpn	21389	VERIFY OK: depth=1, C=US, ST=VPN, L=VPN, O=VPN, OU=VPN, CN=VPN, name=VPN, emailAddress=VPN
Oct 23 20:19:54	openvpn	21712	MANAGEMENT: Client disconnected
Oct 23 20:19:54	openvpn	21712	MANAGEMENT: CMD 'quit'
Oct 23 20:19:54	openvpn	21712	MANAGEMENT: CMD 'status 2'
Oct 23 20:19:54	openvpn	21712	MANAGEMENT: Client connected from /var/etc/openvpn/server2.sock
Oct 23 20:19:54	openvpn	61689	MANAGEMENT: Client disconnected
Oct 23 20:19:54	openvpn	61689	MANAGEMENT: CMD 'quit'
Oct 23 20:19:54	openvpn	61689	MANAGEMENT: CMD 'status 2'
Oct 23 20:19:53	openvpn	61689	MANAGEMENT: Client connected from /var/etc/openvpn/server4.sock
Oct 23 20:18:52	openvpn	21712	MANAGEMENT: Client disconnected
Oct 23 20:18:52	openvpn	21712	MANAGEMENT: CMD 'quit'
Oct 23 20:18:52	openvpn	21712	MANAGEMENT: CMD 'status 2'
Client Conf file

Code: Select all

persist-tun
persist-key
cipher AES-256-CBC
ncp-ciphers AES-256-CBC
auth SHA256
tls-client
client
remote xxxx.ddns.net 443 tcp
lport 0
verify-x509-name "plex2_cert" name
remote-cert-tls server
comp-lzo adaptive

<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----

-----END PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----

-----END OpenVPN Static key V1-----
</tls-auth>
key-direction 1
Client Log File

Code: Select all

2017-10-23 20:14:55 SetTunnelSocket returned 1
2017-10-23 20:14:55 Connecting to [xxxx.ddns.net]:443 (192.168.5.80) via TCPv4
2017-10-23 20:14:55 TCP packet extract error: embedded_packet_size_error
2017-10-23 20:14:55 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-23 20:14:55 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-23 20:14:55 Client terminated, restarting in 5000 ms...
2017-10-23 20:14:56 NET Internet:ReachableViaWiFi/-R t------
2017-10-23 20:14:58 RECONNECT TEST: Internet:ReachableViaWiFi/-R t------
2017-10-23 20:14:58 Client terminated, reconnecting in 1...
2017-10-23 20:14:59 EVENT: RECONNECTING
2017-10-23 20:14:59 EVENT: RESOLVE
2017-10-23 20:15:00 Contacting 192.168.5.80:443 via TCP
2017-10-23 20:15:00 EVENT: WAIT
2017-10-23 20:15:00 SetTunnelSocket returned 1
2017-10-23 20:15:00 Connecting to [xxxx.ddns.net]:443 (192.168.5.80) via TCPv4
2017-10-23 20:15:00 TCP packet extract error: embedded_packet_size_error
2017-10-23 20:15:00 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-23 20:15:00 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-23 20:15:00 Client terminated, restarting in 5000 ms..

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 3243
Joined: Fri Jun 03, 2016 1:17 pm

Re: Can't connect IOS to openvpn server on port 443

Post by TinCanTech » Tue Oct 24, 2017 12:09 pm

That could be a network error but ..

Please try with these settings in both server and client config:

Code: Select all

comp-lzo no
compress
which turns off all compression.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 3243
Joined: Fri Jun 03, 2016 1:17 pm

Re: Can't connect IOS to openvpn server on port 443

Post by TinCanTech » Tue Oct 24, 2017 12:40 pm

I have just tested with --comp-lzo adaptive and --proto tcp and found no errors.

I notice this in your log:
NasKar wrote:
Tue Oct 24, 2017 12:41 am
2017-10-23 20:14:55 Connecting to [xxxx.ddns.net]:443 (192.168.5.80) via TCPv4
So you are on your local LAN trying to connect directly to your server ..

Followed by this:
NasKar wrote:
Tue Oct 24, 2017 12:41 am
2017-10-23 20:14:55 TCP packet extract error: embedded_packet_size_error
2017-10-23 20:14:55 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-23 20:14:55 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-23 20:14:55 Client terminated, restarting in 5000 ms...
which is a puzzle ..

I need to see your complete server log at --verb 4

NasKar
OpenVPN User
Posts: 12
Joined: Tue Nov 01, 2016 10:54 pm

Re: Can't connect IOS to openvpn server on port 443

Post by NasKar » Tue Oct 24, 2017 4:29 pm

Your comment got me thinking. 192.168.5.80 is my nextcloud server which is on port 443. I have a Host Override in my DNS Resolver within PfSense that points my dynamic DNS to the IP of my nextcloud server. This allows me to access the nexcloud server with the ddns address on my local computer so links have the ddns address and not the local IP.

I have a second OPENVPN server on port 1195 UDP that works fine on my PFSense box. May have switch between the TCP 443 and UDP 1195 server in the logs I posted, hard to remember.

I tried to connect to TCP port 443 on my iPhone at 12PM today. Here is the iPhone log. I will have to wait till I get home to get you the complete server log at verb4.

Code: Select all

2017-10-24 12:00:16 ----- OpenVPN Start -----
OpenVPN core 3.1.2 ios arm64 64-bit built on Dec 5 2016 12:50:25
2017-10-24 12:00:16 Frame=512/2048/512 mssfix-ctrl=1250
2017-10-24 12:00:16 UNUSED OPTIONS
0 [persist-tun] 
1 [persist-key] 
3 [ncp-ciphers] [AES-256-CBC] 
5 [tls-client] 
8 [lport] [0] 
9 [verify-x509-name] [plex2_cert] [name] 

2017-10-24 12:00:16 EVENT: RESOLVE
2017-10-24 12:00:16 Contacting x.x.x.x:443 via TCP
2017-10-24 12:00:16 EVENT: WAIT
2017-10-24 12:00:16 SetTunnelSocket returned 1
2017-10-24 12:00:16 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 12:00:16 TCP packet extract error: embedded_packet_size_error
2017-10-24 12:00:16 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 12:00:16 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 12:00:16 Client terminated, restarting in 5000 ms...
2017-10-24 12:00:17 NET Internet:ReachableViaWiFi/-R t------
2017-10-24 12:00:19 RECONNECT TEST: Internet:ReachableViaWiFi/-R t------
2017-10-24 12:00:19 Client terminated, reconnecting in 1...
2017-10-24 12:00:20 EVENT: RECONNECTING
2017-10-24 12:00:20 EVENT: RESOLVE
2017-10-24 12:00:20 Contacting x.x.x.x:443 via TCP
2017-10-24 12:00:20 EVENT: WAIT
2017-10-24 12:00:20 SetTunnelSocket returned 1
2017-10-24 12:00:20 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 12:00:20 TCP packet extract error: embedded_packet_size_error
2017-10-24 12:00:20 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 12:00:20 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 12:00:20 Client terminated, restarting in 5000 ms...
2017-10-24 12:00:23 RECONNECT TEST: Internet:ReachableViaWiFi/-R t------
2017-10-24 12:00:23 Client terminated, reconnecting in 1...
2017-10-24 12:00:24 EVENT: RECONNECTING
2017-10-24 12:00:24 EVENT: RESOLVE
2017-10-24 12:00:24 Contacting x.x.x.x:443 via TCP
2017-10-24 12:00:24 EVENT: WAIT
2017-10-24 12:00:24 SetTunnelSocket returned 1
2017-10-24 12:00:24 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 12:00:24 TCP packet extract error: embedded_packet_size_error
2017-10-24 12:00:24 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 12:00:24 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 12:00:24 Client terminated, restarting in 5000 ms...
2017-10-24 12:00:27 RECONNECT TEST: Internet:ReachableViaWiFi/-R t------
2017-10-24 12:00:27 Client terminated, reconnecting in 1...
2017-10-24 12:00:28 EVENT: RECONNECTING
2017-10-24 12:00:28 EVENT: RESOLVE
2017-10-24 12:00:28 Contacting x.x.x.x:443 via TCP
2017-10-24 12:00:28 EVENT: WAIT
2017-10-24 12:00:28 SetTunnelSocket returned 1
2017-10-24 12:00:28 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 12:00:28 TCP packet extract error: embedded_packet_size_error
2017-10-24 12:00:28 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 12:00:28 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 12:00:28 Client terminated, restarting in 5000 ms...
2017-10-24 12:00:31 RECONNECT TEST: Internet:ReachableViaWiFi/-R t------
2017-10-24 12:00:31 Client terminated, reconnecting in 1...
2017-10-24 12:00:32 EVENT: RECONNECTING
2017-10-24 12:00:32 EVENT: RESOLVE
2017-10-24 12:00:32 Contacting x.x.x.x:443 via TCP
2017-10-24 12:00:32 EVENT: WAIT
2017-10-24 12:00:32 SetTunnelSocket returned 1
2017-10-24 12:00:32 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 12:00:32 TCP packet extract error: embedded_packet_size_error
2017-10-24 12:00:32 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 12:00:32 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 12:00:32 Client terminated, restarting in 5000 ms...
2017-10-24 12:00:35 RECONNECT TEST: Internet:ReachableViaWiFi/-R t------
2017-10-24 12:00:35 Client terminated, reconnecting in 1...
2017-10-24 12:00:36 EVENT: RECONNECTING
2017-10-24 12:00:36 EVENT: RESOLVE
2017-10-24 12:00:36 Contacting x.x.x.x:443 via TCP
2017-10-24 12:00:36 EVENT: WAIT
2017-10-24 12:00:36 SetTunnelSocket returned 1
2017-10-24 12:00:37 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 12:00:37 TCP packet extract error: embedded_packet_size_error
2017-10-24 12:00:37 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 12:00:37 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 12:00:37 Client terminated, restarting in 5000 ms...
2017-10-24 12:00:40 RECONNECT TEST: Internet:ReachableViaWiFi/-R t------
2017-10-24 12:00:40 Client terminated, reconnecting in 1...
2017-10-24 12:00:41 EVENT: RECONNECTING
2017-10-24 12:00:41 EVENT: RESOLVE
2017-10-24 12:00:41 Contacting x.x.x.x:443 via TCP
2017-10-24 12:00:41 EVENT: WAIT
2017-10-24 12:00:41 SetTunnelSocket returned 1
2017-10-24 12:00:41 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 12:00:41 TCP packet extract error: embedded_packet_size_error
2017-10-24 12:00:41 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 12:00:41 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 12:00:41 Client terminated, restarting in 5000 ms...
2017-10-24 12:00:44 RECONNECT TEST: Internet:ReachableViaWiFi/-R t------
2017-10-24 12:00:44 Client terminated, reconnecting in 1...
2017-10-24 12:00:45 EVENT: RECONNECTING
2017-10-24 12:00:45 EVENT: RESOLVE
2017-10-24 12:00:45 Contacting x.x.x.x:443 via TCP
2017-10-24 12:00:45 EVENT: WAIT
2017-10-24 12:00:45 SetTunnelSocket returned 1
2017-10-24 12:00:45 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 12:00:45 TCP packet extract error: embedded_packet_size_error
2017-10-24 12:00:45 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 12:00:45 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 12:00:45 Client terminated, restarting in 5000 ms...
2017-10-24 12:00:48 RECONNECT TEST: Internet:ReachableViaWiFi/-R t------
2017-10-24 12:00:48 Client terminated, reconnecting in 1...
2017-10-24 12:00:49 EVENT: RECONNECTING
2017-10-24 12:00:49 EVENT: RESOLVE
2017-10-24 12:00:49 Contacting x.x.x.x:443 via TCP
2017-10-24 12:00:49 EVENT: WAIT
2017-10-24 12:00:49 SetTunnelSocket returned 1
2017-10-24 12:00:49 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 12:00:49 TCP packet extract error: embedded_packet_size_error
2017-10-24 12:00:49 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 12:00:49 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 12:00:49 Client terminated, restarting in 5000 ms...
2017-10-24 12:00:52 RECONNECT TEST: Internet:ReachableViaWiFi/-R t------
2017-10-24 12:00:52 Client terminated, reconnecting in 1...
2017-10-24 12:00:53 EVENT: RECONNECTING
2017-10-24 12:00:53 EVENT: RESOLVE
2017-10-24 12:00:53 Contacting x.x.x.x:443 via TCP
2017-10-24 12:00:53 EVENT: WAIT
2017-10-24 12:00:53 SetTunnelSocket returned 1
2017-10-24 12:00:53 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 12:00:53 TCP packet extract error: embedded_packet_size_error
2017-10-24 12:00:53 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 12:00:53 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 12:00:53 Client terminated, restarting in 5000 ms...
2017-10-24 12:00:56 RECONNECT TEST: Internet:ReachableViaWiFi/-R t------
2017-10-24 12:00:56 Client terminated, reconnecting in 1...
2017-10-24 12:00:57 EVENT: RECONNECTING
2017-10-24 12:00:57 EVENT: RESOLVE
2017-10-24 12:00:57 Contacting x.x.x.x:443 via TCP
2017-10-24 12:00:57 EVENT: WAIT
2017-10-24 12:00:57 SetTunnelSocket returned 1
2017-10-24 12:00:57 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 12:00:57 TCP packet extract error: embedded_packet_size_error
2017-10-24 12:00:57 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 12:00:57 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 12:00:57 Client terminated, restarting in 5000 ms...
2017-10-24 12:01:00 RECONNECT TEST: Internet:ReachableViaWiFi/-R t------
2017-10-24 12:01:00 Client terminated, reconnecting in 1...
2017-10-24 12:01:01 EVENT: RECONNECTING
2017-10-24 12:01:01 EVENT: RESOLVE
2017-10-24 12:01:01 Contacting x.x.x.x:443 via TCP
2017-10-24 12:01:01 EVENT: WAIT
2017-10-24 12:01:01 SetTunnelSocket returned 1
2017-10-24 12:01:01 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 12:01:01 TCP packet extract error: embedded_packet_size_error
2017-10-24 12:01:01 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 12:01:01 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 12:01:01 Client terminated, restarting in 5000 ms...
2017-10-24 12:01:04 RECONNECT TEST: Internet:ReachableViaWiFi/-R t------
2017-10-24 12:01:04 Client terminated, reconnecting in 1...
2017-10-24 12:01:05 EVENT: RECONNECTING
2017-10-24 12:01:05 EVENT: RESOLVE
2017-10-24 12:01:05 Contacting x.x.x.x:443 via TCP
2017-10-24 12:01:05 EVENT: WAIT
2017-10-24 12:01:05 SetTunnelSocket returned 1
2017-10-24 12:01:05 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 12:01:05 TCP packet extract error: embedded_packet_size_error
2017-10-24 12:01:05 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 12:01:05 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 12:01:05 Client terminated, restarting in 5000 ms...
2017-10-24 12:01:08 RECONNECT TEST: Internet:ReachableViaWiFi/-R t------
2017-10-24 12:01:08 Client terminated, reconnecting in 1...
2017-10-24 12:01:09 EVENT: RECONNECTING
2017-10-24 12:01:09 EVENT: RESOLVE
2017-10-24 12:01:09 Contacting x.x.x.x:443 via TCP
2017-10-24 12:01:09 EVENT: WAIT
2017-10-24 12:01:09 SetTunnelSocket returned 1
2017-10-24 12:01:09 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 12:01:09 TCP packet extract error: embedded_packet_size_error
2017-10-24 12:01:09 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 12:01:09 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 12:01:09 Client terminated, restarting in 5000 ms...
2017-10-24 12:01:12 RECONNECT TEST: Internet:ReachableViaWiFi/-R t------
2017-10-24 12:01:12 Client terminated, reconnecting in 1...
2017-10-24 12:01:13 EVENT: RECONNECTING
2017-10-24 12:01:13 EVENT: RESOLVE
2017-10-24 12:01:13 Contacting x.x.x.x:443 via TCP
2017-10-24 12:01:13 EVENT: WAIT
2017-10-24 12:01:13 SetTunnelSocket returned 1
2017-10-24 12:01:13 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 12:01:13 TCP packet extract error: embedded_packet_size_error
2017-10-24 12:01:13 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 12:01:13 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 12:01:13 Client terminated, restarting in 5000 ms...
2017-10-24 12:01:16 EVENT: CONNECTION_TIMEOUT [ERR]
2017-10-24 12:01:16 EVENT: DISCONNECTED
2017-10-24 12:01:16 RECONNECT TEST: Internet:ReachableViaWiFi/-R t------
2017-10-24 12:01:16 Raw stats on disconnect:
BYTES_IN : 5625
BYTES_OUT : 840
PACKETS_IN : 15
PACKETS_OUT : 15
TRANSPORT_ERROR : 15
TCP_SIZE_ERROR : 15
CONNECTION_TIMEOUT : 1
N_RECONNECT : 14
2017-10-24 12:01:16 Performance stats on disconnect:
CPU usage (microseconds): 116580
Network bytes per CPU second: 55455
Tunnel bytes per CPU second: 0
2017-10-24 12:01:16 EVENT: DISCONNECT_PENDING
2017-10-24 12:01:16 ----- OpenVPN Stop -----


User avatar
TinCanTech
OpenVPN Protagonist
Posts: 3243
Joined: Fri Jun 03, 2016 1:17 pm

Re: Can't connect IOS to openvpn server on port 443

Post by TinCanTech » Tue Oct 24, 2017 5:09 pm

If your client is resolving a DNS name to a 192.168/16 address and it is attempting a connection over the internet then it sounds like you are attempting to connect through an existing tunnel ..

NasKar
OpenVPN User
Posts: 12
Joined: Tue Nov 01, 2016 10:54 pm

Re: Can't connect IOS to openvpn server on port 443

Post by NasKar » Tue Oct 24, 2017 5:32 pm

I removed the DDNS override for 192.168.5.80 and still can't connect on TCP 443.
Here is the iPhone log

Code: Select all

2017-10-24 13:25:18 ----- OpenVPN Start -----
OpenVPN core 3.1.2 ios arm64 64-bit built on Dec 5 2016 12:50:25
2017-10-24 13:25:18 Frame=512/2048/512 mssfix-ctrl=1250
2017-10-24 13:25:18 UNUSED OPTIONS
0 [persist-tun] 
1 [persist-key] 
3 [ncp-ciphers] [AES-256-CBC] 
5 [tls-client] 
8 [lport] [0] 
9 [verify-x509-name] [plex2_cert] [name] 

2017-10-24 13:25:18 EVENT: RESOLVE
2017-10-24 13:25:18 Contacting x.x.x.x:443 via TCP
2017-10-24 13:25:18 EVENT: WAIT
2017-10-24 13:25:18 SetTunnelSocket returned 1
2017-10-24 13:25:18 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 13:25:18 TCP packet extract error: embedded_packet_size_error
2017-10-24 13:25:18 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 13:25:18 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 13:25:18 Client terminated, restarting in 5000 ms...
2017-10-24 13:25:19 NET Internet:ReachableViaWiFi/-R t------
2017-10-24 13:25:21 RECONNECT TEST: Internet:ReachableViaWiFi/-R t------
2017-10-24 13:25:21 Client terminated, reconnecting in 1...
2017-10-24 13:25:23 EVENT: RECONNECTING
2017-10-24 13:25:23 EVENT: RESOLVE
2017-10-24 13:25:23 Contacting x.x.x.x:443 via TCP
2017-10-24 13:25:23 EVENT: WAIT
2017-10-24 13:25:23 SetTunnelSocket returned 1
2017-10-24 13:25:23 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 13:25:23 TCP packet extract error: embedded_packet_size_error
2017-10-24 13:25:23 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 13:25:23 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 13:25:23 Client terminated, restarting in 5000 ms...
2017-10-24 13:25:26 RECONNECT TEST: Internet:ReachableViaWiFi/-R t------
2017-10-24 13:25:26 Client terminated, reconnecting in 1...
2017-10-24 13:25:27 EVENT: RECONNECTING
2017-10-24 13:25:27 EVENT: RESOLVE
2017-10-24 13:25:27 Contacting x.x.x.x:443 via TCP
2017-10-24 13:25:27 EVENT: WAIT
2017-10-24 13:25:27 SetTunnelSocket returned 1
2017-10-24 13:25:27 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 13:25:27 TCP packet extract error: embedded_packet_size_error
2017-10-24 13:25:27 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 13:25:27 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 13:25:27 Client terminated, restarting in 5000 ms...
2017-10-24 13:25:30 RECONNECT TEST: Internet:ReachableViaWiFi/-R t------
2017-10-24 13:25:30 Client terminated, reconnecting in 1...
2017-10-24 13:25:31 EVENT: RECONNECTING
2017-10-24 13:25:31 EVENT: RESOLVE
2017-10-24 13:25:31 Contacting x.x.x.x:443 via TCP
2017-10-24 13:25:31 EVENT: WAIT
2017-10-24 13:25:31 SetTunnelSocket returned 1
2017-10-24 13:25:31 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 13:25:31 TCP packet extract error: embedded_packet_size_error
2017-10-24 13:25:31 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 13:25:31 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 13:25:31 Client terminated, restarting in 5000 ms...
2017-10-24 13:25:34 RECONNECT TEST: Internet:ReachableViaWiFi/-R t------
2017-10-24 13:25:34 Client terminated, reconnecting in 1...
2017-10-24 13:25:35 EVENT: RECONNECTING
2017-10-24 13:25:35 EVENT: RESOLVE
2017-10-24 13:25:35 Contacting x.x.x.x:443 via TCP
2017-10-24 13:25:35 EVENT: WAIT
2017-10-24 13:25:35 SetTunnelSocket returned 1
2017-10-24 13:25:35 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 13:25:35 TCP packet extract error: embedded_packet_size_error
2017-10-24 13:25:35 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 13:25:35 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 13:25:35 Client terminated, restarting in 5000 ms...
2017-10-24 13:25:38 RECONNECT TEST: Internet:ReachableViaWiFi/-R t------
2017-10-24 13:25:38 Client terminated, reconnecting in 1...
2017-10-24 13:25:39 EVENT: RECONNECTING
2017-10-24 13:25:39 EVENT: RESOLVE
2017-10-24 13:25:39 Contacting x.x.x.x:443 via TCP
2017-10-24 13:25:39 EVENT: WAIT
2017-10-24 13:25:39 SetTunnelSocket returned 1
2017-10-24 13:25:39 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 13:25:39 TCP packet extract error: embedded_packet_size_error
2017-10-24 13:25:39 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 13:25:39 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 13:25:39 Client terminated, restarting in 5000 ms...
2017-10-24 13:25:42 RECONNECT TEST: Internet:ReachableViaWiFi/-R t------
2017-10-24 13:25:42 Client terminated, reconnecting in 1...
2017-10-24 13:25:43 EVENT: RECONNECTING
2017-10-24 13:25:43 EVENT: RESOLVE
2017-10-24 13:25:43 Contacting x.x.x.x:443 via TCP
2017-10-24 13:25:43 EVENT: WAIT
2017-10-24 13:25:43 SetTunnelSocket returned 1
2017-10-24 13:25:43 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 13:25:43 TCP packet extract error: embedded_packet_size_error
2017-10-24 13:25:43 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 13:25:43 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 13:25:43 Client terminated, restarting in 5000 ms...
2017-10-24 13:25:46 RECONNECT TEST: Internet:ReachableViaWiFi/-R t------
2017-10-24 13:25:46 Client terminated, reconnecting in 1...
2017-10-24 13:25:47 EVENT: RECONNECTING
2017-10-24 13:25:47 EVENT: RESOLVE
2017-10-24 13:25:47 Contacting x.x.x.x:443 via TCP
2017-10-24 13:25:47 EVENT: WAIT
2017-10-24 13:25:47 SetTunnelSocket returned 1
2017-10-24 13:25:47 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 13:25:47 TCP packet extract error: embedded_packet_size_error
2017-10-24 13:25:47 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 13:25:47 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 13:25:47 Client terminated, restarting in 5000 ms...
2017-10-24 13:25:50 RECONNECT TEST: Internet:ReachableViaWiFi/-R t------
2017-10-24 13:25:50 Client terminated, reconnecting in 1...
2017-10-24 13:25:51 EVENT: RECONNECTING
2017-10-24 13:25:51 EVENT: RESOLVE
2017-10-24 13:25:51 Contacting x.x.x.x:443 via TCP
2017-10-24 13:25:51 EVENT: WAIT
2017-10-24 13:25:51 SetTunnelSocket returned 1
2017-10-24 13:25:51 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 13:25:51 TCP packet extract error: embedded_packet_size_error
2017-10-24 13:25:51 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 13:25:51 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 13:25:51 Client terminated, restarting in 5000 ms...
2017-10-24 13:25:54 RECONNECT TEST: Internet:ReachableViaWiFi/-R t------
2017-10-24 13:25:54 Client terminated, reconnecting in 1...
2017-10-24 13:25:55 EVENT: RECONNECTING
2017-10-24 13:25:55 EVENT: RESOLVE
2017-10-24 13:25:55 Contacting x.x.x.x:443 via TCP
2017-10-24 13:25:55 EVENT: WAIT
2017-10-24 13:25:55 SetTunnelSocket returned 1
2017-10-24 13:25:55 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 13:25:55 TCP packet extract error: embedded_packet_size_error
2017-10-24 13:25:55 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 13:25:55 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 13:25:55 Client terminated, restarting in 5000 ms...
2017-10-24 13:25:58 RECONNECT TEST: Internet:ReachableViaWiFi/-R t------
2017-10-24 13:25:58 Client terminated, reconnecting in 1...
2017-10-24 13:25:59 EVENT: RECONNECTING
2017-10-24 13:25:59 EVENT: RESOLVE
2017-10-24 13:25:59 Contacting x.x.x.x:443 via TCP
2017-10-24 13:25:59 EVENT: WAIT
2017-10-24 13:25:59 SetTunnelSocket returned 1
2017-10-24 13:25:59 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 13:25:59 TCP packet extract error: embedded_packet_size_error
2017-10-24 13:25:59 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 13:25:59 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 13:25:59 Client terminated, restarting in 5000 ms...
2017-10-24 13:26:02 RECONNECT TEST: Internet:ReachableViaWiFi/-R t------
2017-10-24 13:26:02 Client terminated, reconnecting in 1...
2017-10-24 13:26:03 EVENT: RECONNECTING
2017-10-24 13:26:03 EVENT: RESOLVE
2017-10-24 13:26:03 Contacting x.x.x.x:443 via TCP
2017-10-24 13:26:03 EVENT: WAIT
2017-10-24 13:26:03 SetTunnelSocket returned 1
2017-10-24 13:26:03 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 13:26:03 TCP packet extract error: embedded_packet_size_error
2017-10-24 13:26:03 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 13:26:03 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 13:26:03 Client terminated, restarting in 5000 ms...
2017-10-24 13:26:06 RECONNECT TEST: Internet:ReachableViaWiFi/-R t------
2017-10-24 13:26:06 Client terminated, reconnecting in 1...
2017-10-24 13:26:07 EVENT: RECONNECTING
2017-10-24 13:26:07 EVENT: RESOLVE
2017-10-24 13:26:07 Contacting x.x.x.x:443 via TCP
2017-10-24 13:26:07 EVENT: WAIT
2017-10-24 13:26:07 SetTunnelSocket returned 1
2017-10-24 13:26:07 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 13:26:07 TCP packet extract error: embedded_packet_size_error
2017-10-24 13:26:07 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 13:26:07 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 13:26:07 Client terminated, restarting in 5000 ms...
2017-10-24 13:26:10 RECONNECT TEST: Internet:ReachableViaWiFi/-R t------
2017-10-24 13:26:10 Client terminated, reconnecting in 1...
2017-10-24 13:26:11 EVENT: RECONNECTING
2017-10-24 13:26:11 EVENT: RESOLVE
2017-10-24 13:26:11 Contacting x.x.x.x:443 via TCP
2017-10-24 13:26:11 EVENT: WAIT
2017-10-24 13:26:11 SetTunnelSocket returned 1
2017-10-24 13:26:11 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 13:26:11 TCP packet extract error: embedded_packet_size_error
2017-10-24 13:26:11 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 13:26:11 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 13:26:11 Client terminated, restarting in 5000 ms...
2017-10-24 13:26:14 RECONNECT TEST: Internet:ReachableViaWiFi/-R t------
2017-10-24 13:26:14 Client terminated, reconnecting in 1...
2017-10-24 13:26:15 EVENT: RECONNECTING
2017-10-24 13:26:15 EVENT: RESOLVE
2017-10-24 13:26:15 Contacting x.x.x.x:443 via TCP
2017-10-24 13:26:15 EVENT: WAIT
2017-10-24 13:26:15 SetTunnelSocket returned 1
2017-10-24 13:26:16 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 13:26:16 TCP packet extract error: embedded_packet_size_error
2017-10-24 13:26:16 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 13:26:16 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 13:26:16 Client terminated, restarting in 5000 ms...
2017-10-24 13:26:18 EVENT: CONNECTION_TIMEOUT [ERR]
2017-10-24 13:26:18 EVENT: DISCONNECTED
2017-10-24 13:26:18 Raw stats on disconnect:
BYTES_IN : 5625
BYTES_OUT : 840
PACKETS_IN : 15
PACKETS_OUT : 15
TRANSPORT_ERROR : 15
TCP_SIZE_ERROR : 15
CONNECTION_TIMEOUT : 1
N_RECONNECT : 14
2017-10-24 13:26:18 Performance stats on disconnect:
CPU usage (microseconds): 105039
Network bytes per CPU second: 61548
Tunnel bytes per CPU second: 0
2017-10-24 13:26:18 EVENT: DISCONNECT_PENDING
2017-10-24 13:26:18 ----- OpenVPN Stop -----

NasKar
OpenVPN User
Posts: 12
Joined: Tue Nov 01, 2016 10:54 pm

Re: Can't connect IOS to openvpn server on port 443

Post by NasKar » Wed Oct 25, 2017 1:20 am

Here is the server log, 192.168.5.30 is my main computer on the LAN

Code: Select all

Oct 24 21:11:09	openvpn	21712	MANAGEMENT: Client disconnected
Oct 24 21:11:09	openvpn	21712	MANAGEMENT: CMD 'quit'
Oct 24 21:11:09	openvpn	21712	MANAGEMENT: CMD 'status 2'
Oct 24 21:11:08	openvpn	21712	MANAGEMENT: Client connected from /var/etc/openvpn/server2.sock
Oct 24 21:11:08	openvpn	61689	MANAGEMENT: Client disconnected
Oct 24 21:11:08	openvpn	61689	MANAGEMENT: CMD 'quit'
Oct 24 21:11:08	openvpn	61689	MANAGEMENT: CMD 'status 2'
Oct 24 21:11:08	openvpn	61689	MANAGEMENT: Client connected from /var/etc/openvpn/server4.sock
Oct 24 21:11:00	openvpn	21712	TCP/UDP: Closing socket
Oct 24 21:11:00	openvpn	21712	192.168.5.30:40420 SIGUSR1[soft,connection-reset] received, client-instance restarting
Oct 24 21:11:00	openvpn	21712	192.168.5.30:40420 Connection reset, restarting [0]
Oct 24 21:11:00	openvpn	21712	192.168.5.30:40420 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1627 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Oct 24 21:11:00	openvpn	21712	TCPv4_SERVER link remote: [AF_INET]192.168.5.30:40420
Oct 24 21:11:00	openvpn	21712	TCPv4_SERVER link local: (not bound)
Oct 24 21:11:00	openvpn	21712	TCP connection established with [AF_INET]192.168.5.30:40420
Oct 24 21:11:00	openvpn	21712	Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client'
Oct 24 21:11:00	openvpn	21712	Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-server'
Oct 24 21:11:00	openvpn	21712	Data Channel MTU parms [ L:1624 D:1450 EF:124 EB:406 ET:0 EL:3 ]
Oct 24 21:11:00	openvpn	21712	Control Channel MTU parms [ L:1624 D:1170 EF:80 EB:0 ET:0 EL:3 ]
Oct 24 21:11:00	openvpn	21712	LZO compression initializing
Oct 24 21:11:00	openvpn	21712	Re-using SSL/TLS context
Oct 24 21:11:00	openvpn	21712	MULTI: multi_create_instance called
Oct 24 21:11:00	openvpn	21712	TCP/UDP: Closing socket
Oct 24 21:11:00	openvpn	21712	192.168.5.30:40419 SIGUSR1[soft,connection-reset] received, client-instance restarting
Oct 24 21:11:00	openvpn	21712	192.168.5.30:40419 Connection reset, restarting [0]
Oct 24 21:11:00	openvpn	21712	192.168.5.30:40419 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1627 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Oct 24 21:11:00	openvpn	21712	TCPv4_SERVER link remote: [AF_INET]192.168.5.30:40419
Oct 24 21:11:00	openvpn	21712	TCPv4_SERVER link local: (not bound)
Oct 24 21:11:00	openvpn	21712	TCP connection established with [AF_INET]192.168.5.30:40419
Oct 24 21:11:00	openvpn	21712	Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client'
Oct 24 21:11:00	openvpn	21712	Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-server'
Oct 24 21:11:00	openvpn	21712	Data Channel MTU parms [ L:1624 D:1450 EF:124 EB:406 ET:0 EL:3 ]
Oct 24 21:11:00	openvpn	21712	Control Channel MTU parms [ L:1624 D:1170 EF:80 EB:0 ET:0 EL:3 ]
Oct 24 21:11:00	openvpn	21712	LZO compression initializing
Oct 24 21:11:00	openvpn	21712	Re-using SSL/TLS context
Oct 24 21:11:00	openvpn	21712	MULTI: multi_create_instance called
Oct 24 21:11:00	openvpn	21712	TCP/UDP: Closing socket
Oct 24 21:11:00	openvpn	21712	192.168.5.30:40418 SIGUSR1[soft,connection-reset] received, client-instance restarting
Oct 24 21:11:00	openvpn	21712	192.168.5.30:40418 Connection reset, restarting [0]
Oct 24 21:11:00	openvpn	21712	192.168.5.30:40418 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1627 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Oct 24 21:11:00	openvpn	21712	TCPv4_SERVER link remote: [AF_INET]192.168.5.30:40418
Oct 24 21:11:00	openvpn	21712	TCPv4_SERVER link local: (not bound)
Oct 24 21:11:00	openvpn	21712	TCP connection established with [AF_INET]192.168.5.30:40418
Oct 24 21:11:00	openvpn	21712	Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client'
Oct 24 21:11:00	openvpn	21712	Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-server'
Oct 24 21:11:00	openvpn	21712	Data Channel MTU parms [ L:1624 D:1450 EF:124 EB:406 ET:0 EL:3 ]
Oct 24 21:11:00	openvpn	21712	Control Channel MTU parms [ L:1624 D:1170 EF:80 EB:0 ET:0 EL:3 ]
Oct 24 21:11:00	openvpn	21712	LZO compression initializing
Oct 24 21:11:00	openvpn	21712	Re-using SSL/TLS context
Oct 24 21:11:00	openvpn	21712	MULTI: multi_create_instance called
Oct 24 21:11:00	openvpn	21712	TCP/UDP: Closing socket
Oct 24 21:11:00	openvpn	21712	192.168.5.30:40416 SIGUSR1[soft,connection-reset] received, client-instance restarting
Oct 24 21:11:00	openvpn	21712	192.168.5.30:40416 Connection reset, restarting [0]
Oct 24 21:11:00	openvpn	21712	192.168.5.30:40416 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1627 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Oct 24 21:11:00	openvpn	21712	TCPv4_SERVER link remote: [AF_INET]192.168.5.30:40416
Oct 24 21:11:00	openvpn	21712	TCPv4_SERVER link local: (not bound)
Oct 24 21:11:00	openvpn	21712	TCP connection established with [AF_INET]192.168.5.30:40416
Oct 24 21:11:00	openvpn	21712	Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client'
Oct 24 21:11:00	openvpn	21712	Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-server'
Oct 24 21:11:00	openvpn	21712	Data Channel MTU parms [ L:1624 D:1450 EF:124 EB:406 ET:0 EL:3 ]
Oct 24 21:11:00	openvpn	21712	Control Channel MTU parms [ L:1624 D:1170 EF:80 EB:0 ET:0 EL:3 ]
Oct 24 21:11:00	openvpn	21712	LZO compression initializing
Oct 24 21:11:00	openvpn	21712	Re-using SSL/TLS context
Oct 24 21:11:00	openvpn	21712	MULTI: multi_create_instance called
Oct 24 21:10:28	openvpn	21712	TCP/UDP: Closing socket
Oct 24 21:10:28	openvpn	21712	192.168.5.30:39187 SIGUSR1[soft,connection-reset] received, client-instance restarting
Oct 24 21:10:28	openvpn	21712	192.168.5.30:39187 Connection reset, restarting [0]
Oct 24 21:10:28	openvpn	21712	192.168.5.30:39187 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1627 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Oct 24 21:10:28	openvpn	21712	TCPv4_SERVER link remote: [AF_INET]192.168.5.30:39187
Oct 24 21:10:28	openvpn	21712	TCPv4_SERVER link local: (not bound)
Oct 24 21:10:28	openvpn	21712	TCP connection established with [AF_INET]192.168.5.30:39187
Oct 24 21:10:28	openvpn	21712	Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client'
Oct 24 21:10:28	openvpn	21712	Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-server'
Oct 24 21:10:28	openvpn	21712	Data Channel MTU parms [ L:1624 D:1450 EF:124 EB:406 ET:0 EL:3 ]
Oct 24 21:10:28	openvpn	21712	Control Channel MTU parms [ L:1624 D:1170 EF:80 EB:0 ET:0 EL:3 ]
Oct 24 21:10:28	openvpn	21712	LZO compression initializing
Oct 24 21:10:28	openvpn	21712	Re-using SSL/TLS context
Oct 24 21:10:28	openvpn	21712	MULTI: multi_create_instance called
Oct 24 21:10:28	openvpn	21712	TCP/UDP: Closing socket
Oct 24 21:10:28	openvpn	21712	192.168.5.30:39186 SIGUSR1[soft,connection-reset] received, client-instance restarting
Oct 24 21:10:28	openvpn	21712	192.168.5.30:39186 Connection reset, restarting [0]
Oct 24 21:10:28	openvpn	21712	192.168.5.30:39186 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1627 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Oct 24 21:10:28	openvpn	21712	TCPv4_SERVER link remote: [AF_INET]192.168.5.30:39186
Oct 24 21:10:28	openvpn	21712	TCPv4_SERVER link local: (not bound)
Oct 24 21:10:28	openvpn	21712	TCP connection established with [AF_INET]192.168.5.30:39186
Oct 24 21:10:28	openvpn	21712	Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client'
Oct 24 21:10:28	openvpn	21712	Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-server'
Oct 24 21:10:28	openvpn	21712	Data Channel MTU parms [ L:1624 D:1450 EF:124 EB:406 ET:0 EL:3 ]
Oct 24 21:10:28	openvpn	21712	Control Channel MTU parms [ L:1624 D:1170 EF:80 EB:0 ET:0 EL:3 ]
Oct 24 21:10:28	openvpn	21712	LZO compression initializing
Oct 24 21:10:28	openvpn	21712	Re-using SSL/TLS context
Oct 24 21:10:28	openvpn	21712	MULTI: multi_create_instance called
Oct 24 21:10:28	openvpn	21712	TCP/UDP: Closing socket
Oct 24 21:10:28	openvpn	21712	192.168.5.30:39185 SIGUSR1[soft,connection-reset] received, client-instance restarting
Oct 24 21:10:28	openvpn	21712	192.168.5.30:39185 Connection reset, restarting [0]
Oct 24 21:10:28	openvpn	21712	192.168.5.30:39185 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1627 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Oct 24 21:10:28	openvpn	21712	TCPv4_SERVER link remote: [AF_INET]192.168.5.30:39185
Oct 24 21:10:28	openvpn	21712	TCPv4_SERVER link local: (not bound)
Oct 24 21:10:28	openvpn	21712	TCP connection established with [AF_INET]192.168.5.30:39185
Oct 24 21:10:28	openvpn	21712	Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client'
iPhone openvpn log file

Code: Select all

2017-10-24 21:09:29 ----- OpenVPN Start -----
OpenVPN core 3.1.2 ios arm64 64-bit built on Dec  5 2016 12:50:25
2017-10-24 21:09:29 Frame=512/2048/512 mssfix-ctrl=1250
2017-10-24 21:09:29 UNUSED OPTIONS
0 [persist-tun]
1 [persist-key]
3 [ncp-ciphers] [AES-256-CBC]
5 [tls-client]
8 [lport] [0]
9 [verify-x509-name] [plex2_cert] [name]

2017-10-24 21:09:29 EVENT: RESOLVE
2017-10-24 21:09:29 Contacting x.x.x.x:443 via TCP
2017-10-24 21:09:29 EVENT: WAIT
2017-10-24 21:09:29 SetTunnelSocket returned 1
2017-10-24 21:09:29 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 21:09:29 EVENT: CONNECTING
2017-10-24 21:09:29 Tunnel Options:V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client
2017-10-24 21:09:29 Creds: UsernameEmpty/PasswordEmpty
2017-10-24 21:09:29 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.1.1-212
IV_VER=3.1.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO=1
IV_AUTO_SESS=1

2017-10-24 21:09:29 VERIFY OK: depth=1
cert. version    : 3
serial number    : 00
issuer name      : C=US, ST=xxxx, L=xxxx, O=xxxx, emailAddress=xxxx@gmail.com, CN=plex2-ca
subject name      : C=US, ST=xxxx, L=xxxx, O=xxxx, emailAddress=xxxx@gmail.com, CN=plex2-ca
issued  on        : 2017-06-21 22:50:24
expires on        : 2027-06-19 22:50:24
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=true
key usage        : Key Cert Sign, CRL Sign

2017-10-24 21:09:29 VERIFY OK: depth=0
cert. version    : 3
serial number    : 01
issuer name      : C=US, ST=xxxx, L=xxxx, O=xxxx, emailAddress=xxxx@gmail.com, CN=plex2-ca
subject name      : C=US, ST=xxxx, L=xxxx, O=xxxx, emailAddress=xxxx@gmail.com, CN=plex2_cert
issued  on        : 2017-06-21 22:51:15
expires on        : 2027-06-19 22:51:15
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=false
subject alt name  : plex2_cert
cert. type        : SSL Server
key usage        : Digital Signature, Key Encipherment
ext key usage    : TLS Web Server Authentication, ???

2017-10-24 21:09:29 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
2017-10-24 21:09:29 Session is ACTIVE
2017-10-24 21:09:29 EVENT: GET_CONFIG
2017-10-24 21:09:29 Sending PUSH_REQUEST to server...
2017-10-24 21:09:29 OPTIONS:
0 [route] [192.168.5.1] [255.255.255.0]
1 [dhcp-option] [DNS] [208.67.222.222]
2 [dhcp-option] [DNS] [208.67.220.220]
3 [redirect-gateway] [def1]
4 [route-gateway] [172.16.4.1]
5 [topology] [subnet]
6 [ping] [10]
7 [ping-restart] [60]
8 [ifconfig] [172.16.4.2] [255.255.255.0]
9 [peer-id] [0]
10 [cipher] [AES-256-CBC]

2017-10-24 21:09:29 PROTOCOL OPTIONS:
  cipher: AES-256-CBC
  digest: SHA256
  compress: LZO
  peer ID: 0
2017-10-24 21:09:29 EVENT: ASSIGN_IP
2017-10-24 21:09:29 Error parsing IPv4 route: [route] [192.168.5.1] [255.255.255.0]  : tun_prop_error: route is not canonical
2017-10-24 21:09:29 Connected via tun
2017-10-24 21:09:29 LZO-ASYM init swap=0 asym=0
2017-10-24 21:09:29 EVENT: CONNECTED @xxxx.ddns.net:443 (x.x.x.x) via /TCPv4 on tun/172.16.4.2/ gw=[172.16.4.1/]
2017-10-24 21:09:29 SetStatus Connected
2017-10-24 21:09:30 NET Internet:ReachableViaWiFi/-R t------
2017-10-24 21:09:43 TUN reset routes
2017-10-24 21:09:43 EVENT: DISCONNECTED
2017-10-24 21:09:43 Raw stats on disconnect:
  BYTES_IN : 4339
  BYTES_OUT : 9643
  PACKETS_IN : 11
  PACKETS_OUT : 62
  TUN_BYTES_IN : 3204
  TUN_PACKETS_IN : 51
2017-10-24 21:09:43 Performance stats on disconnect:
  CPU usage (microseconds): 50665
  Tunnel compression ratio (downlink): inf
  Network bytes per CPU second: 275969
  Tunnel bytes per CPU second: 63238
2017-10-24 21:09:43 ----- OpenVPN Stop -----
2017-10-24 21:09:52 ----- OpenVPN Start -----
OpenVPN core 3.1.2 ios arm64 64-bit built on Dec  5 2016 12:50:25
2017-10-24 21:09:52 Frame=512/2048/512 mssfix-ctrl=1250
2017-10-24 21:09:52 UNUSED OPTIONS
0 [persist-tun]
1 [persist-key]
3 [ncp-ciphers] [AES-256-CBC]
5 [tls-client]
8 [lport] [0]
9 [verify-x509-name] [plex2_cert] [name]

2017-10-24 21:09:52 EVENT: RESOLVE
2017-10-24 21:09:52 Contacting x.x.x.x:443 via TCP
2017-10-24 21:09:52 EVENT: WAIT
2017-10-24 21:09:52 SetTunnelSocket returned 1
2017-10-24 21:09:52 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 21:09:52 TCP packet extract error: embedded_packet_size_error
2017-10-24 21:09:52 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 21:09:52 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 21:09:52 Client terminated, restarting in 5000 ms...
2017-10-24 21:09:52 NET Internet:ReachableViaWWAN/WR t------
2017-10-24 21:09:55 RECONNECT TEST: Internet:ReachableViaWWAN/WR t------
2017-10-24 21:09:55 Client terminated, reconnecting in 1...
2017-10-24 21:09:56 EVENT: RECONNECTING
2017-10-24 21:09:56 EVENT: RESOLVE
2017-10-24 21:09:56 Contacting x.x.x.x:443 via TCP
2017-10-24 21:09:56 EVENT: WAIT
2017-10-24 21:09:56 SetTunnelSocket returned 1
2017-10-24 21:09:56 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 21:09:56 TCP packet extract error: embedded_packet_size_error
2017-10-24 21:09:56 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 21:09:56 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 21:09:56 Client terminated, restarting in 5000 ms...
2017-10-24 21:09:59 RECONNECT TEST: Internet:ReachableViaWWAN/WR t------
2017-10-24 21:09:59 Client terminated, reconnecting in 1...
2017-10-24 21:10:00 EVENT: RECONNECTING
2017-10-24 21:10:00 EVENT: RESOLVE
2017-10-24 21:10:00 Contacting x.x.x.x:443 via TCP
2017-10-24 21:10:00 EVENT: WAIT
2017-10-24 21:10:00 SetTunnelSocket returned 1
2017-10-24 21:10:00 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 21:10:00 TCP packet extract error: embedded_packet_size_error
2017-10-24 21:10:00 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 21:10:00 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 21:10:00 Client terminated, restarting in 5000 ms...
2017-10-24 21:10:03 RECONNECT TEST: Internet:ReachableViaWWAN/WR t------
2017-10-24 21:10:03 Client terminated, reconnecting in 1...
2017-10-24 21:10:04 EVENT: RECONNECTING
2017-10-24 21:10:04 EVENT: RESOLVE
2017-10-24 21:10:04 Contacting x.x.x.x:443 via TCP
2017-10-24 21:10:04 EVENT: WAIT
2017-10-24 21:10:04 SetTunnelSocket returned 1
2017-10-24 21:10:04 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 21:10:04 TCP packet extract error: embedded_packet_size_error
2017-10-24 21:10:04 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 21:10:04 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 21:10:04 Client terminated, restarting in 5000 ms...
2017-10-24 21:10:07 RECONNECT TEST: Internet:ReachableViaWWAN/WR t------
2017-10-24 21:10:07 Client terminated, reconnecting in 1...
2017-10-24 21:10:09 EVENT: RECONNECTING
2017-10-24 21:10:09 EVENT: RESOLVE
2017-10-24 21:10:09 Contacting x.x.x.x:443 via TCP
2017-10-24 21:10:09 EVENT: WAIT
2017-10-24 21:10:09 SetTunnelSocket returned 1
2017-10-24 21:10:09 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 21:10:09 TCP packet extract error: embedded_packet_size_error
2017-10-24 21:10:09 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 21:10:09 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 21:10:09 Client terminated, restarting in 5000 ms...
2017-10-24 21:10:12 RECONNECT TEST: Internet:ReachableViaWWAN/WR t------
2017-10-24 21:10:12 Client terminated, reconnecting in 1...
2017-10-24 21:10:13 EVENT: RECONNECTING
2017-10-24 21:10:13 EVENT: RESOLVE
2017-10-24 21:10:13 Contacting x.x.x.x:443 via TCP
2017-10-24 21:10:13 EVENT: WAIT
2017-10-24 21:10:13 SetTunnelSocket returned 1
2017-10-24 21:10:13 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 21:10:13 TCP packet extract error: embedded_packet_size_error
2017-10-24 21:10:13 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 21:10:13 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 21:10:13 Client terminated, restarting in 5000 ms...
2017-10-24 21:10:16 RECONNECT TEST: Internet:ReachableViaWWAN/WR t------
2017-10-24 21:10:16 Client terminated, reconnecting in 1...
2017-10-24 21:10:17 EVENT: RECONNECTING
2017-10-24 21:10:17 EVENT: RESOLVE
2017-10-24 21:10:17 Contacting x.x.x.x:443 via TCP
2017-10-24 21:10:17 EVENT: WAIT
2017-10-24 21:10:17 SetTunnelSocket returned 1
2017-10-24 21:10:17 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 21:10:17 TCP packet extract error: embedded_packet_size_error
2017-10-24 21:10:17 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 21:10:17 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 21:10:17 Client terminated, restarting in 5000 ms...
2017-10-24 21:10:20 RECONNECT TEST: Internet:ReachableViaWWAN/WR t------
2017-10-24 21:10:20 Client terminated, reconnecting in 1...
2017-10-24 21:10:21 EVENT: RECONNECTING
2017-10-24 21:10:21 EVENT: RESOLVE
2017-10-24 21:10:21 Contacting x.x.x.x:443 via TCP
2017-10-24 21:10:21 EVENT: WAIT
2017-10-24 21:10:21 SetTunnelSocket returned 1
2017-10-24 21:10:21 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 21:10:22 TCP packet extract error: embedded_packet_size_error
2017-10-24 21:10:22 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 21:10:22 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 21:10:22 Client terminated, restarting in 5000 ms...
2017-10-24 21:10:25 RECONNECT TEST: Internet:ReachableViaWWAN/WR t------
2017-10-24 21:10:25 Client terminated, reconnecting in 1...
2017-10-24 21:10:26 EVENT: RECONNECTING
2017-10-24 21:10:26 EVENT: RESOLVE
2017-10-24 21:10:26 Contacting x.x.x.x:443 via TCP
2017-10-24 21:10:26 EVENT: WAIT
2017-10-24 21:10:26 SetTunnelSocket returned 1
2017-10-24 21:10:26 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 21:10:26 TCP packet extract error: embedded_packet_size_error
2017-10-24 21:10:26 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 21:10:26 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 21:10:26 Client terminated, restarting in 5000 ms...
2017-10-24 21:10:29 RECONNECT TEST: Internet:ReachableViaWWAN/WR t------
2017-10-24 21:10:29 Client terminated, reconnecting in 1...
2017-10-24 21:10:30 EVENT: RECONNECTING
2017-10-24 21:10:30 EVENT: RESOLVE
2017-10-24 21:10:30 Contacting x.x.x.x:443 via TCP
2017-10-24 21:10:30 EVENT: WAIT
2017-10-24 21:10:30 SetTunnelSocket returned 1
2017-10-24 21:10:30 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 21:10:30 TCP packet extract error: embedded_packet_size_error
2017-10-24 21:10:30 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 21:10:30 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 21:10:30 Client terminated, restarting in 5000 ms...
2017-10-24 21:10:33 RECONNECT TEST: Internet:ReachableViaWWAN/WR t------
2017-10-24 21:10:33 Client terminated, reconnecting in 1...
2017-10-24 21:10:34 EVENT: RECONNECTING
2017-10-24 21:10:34 EVENT: RESOLVE
2017-10-24 21:10:34 Contacting x.x.x.x:443 via TCP
2017-10-24 21:10:34 EVENT: WAIT
2017-10-24 21:10:34 SetTunnelSocket returned 1
2017-10-24 21:10:34 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 21:10:34 TCP packet extract error: embedded_packet_size_error
2017-10-24 21:10:34 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 21:10:34 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 21:10:34 Client terminated, restarting in 5000 ms...
2017-10-24 21:10:37 RECONNECT TEST: Internet:ReachableViaWWAN/WR t------
2017-10-24 21:10:37 Client terminated, reconnecting in 1...
2017-10-24 21:10:38 EVENT: RECONNECTING
2017-10-24 21:10:38 EVENT: RESOLVE
2017-10-24 21:10:38 Contacting x.x.x.x:443 via TCP
2017-10-24 21:10:38 EVENT: WAIT
2017-10-24 21:10:38 SetTunnelSocket returned 1
2017-10-24 21:10:39 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 21:10:39 TCP packet extract error: embedded_packet_size_error
2017-10-24 21:10:39 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 21:10:39 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 21:10:39 Client terminated, restarting in 5000 ms...
2017-10-24 21:10:42 RECONNECT TEST: Internet:ReachableViaWWAN/WR t------
2017-10-24 21:10:42 Client terminated, reconnecting in 1...
2017-10-24 21:10:43 EVENT: RECONNECTING
2017-10-24 21:10:43 EVENT: RESOLVE
2017-10-24 21:10:43 Contacting x.x.x.x:443 via TCP
2017-10-24 21:10:43 EVENT: WAIT
2017-10-24 21:10:43 SetTunnelSocket returned 1
2017-10-24 21:10:43 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 21:10:43 TCP packet extract error: embedded_packet_size_error
2017-10-24 21:10:43 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 21:10:43 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 21:10:43 Client terminated, restarting in 5000 ms...
2017-10-24 21:10:46 RECONNECT TEST: Internet:ReachableViaWWAN/WR t------
2017-10-24 21:10:46 Client terminated, reconnecting in 1...
2017-10-24 21:10:47 EVENT: RECONNECTING
2017-10-24 21:10:47 EVENT: RESOLVE
2017-10-24 21:10:47 Contacting x.x.x.x:443 via TCP
2017-10-24 21:10:47 EVENT: WAIT
2017-10-24 21:10:47 SetTunnelSocket returned 1
2017-10-24 21:10:47 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 21:10:47 TCP packet extract error: embedded_packet_size_error
2017-10-24 21:10:47 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 21:10:47 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 21:10:47 Client terminated, restarting in 5000 ms...
2017-10-24 21:10:50 RECONNECT TEST: Internet:ReachableViaWWAN/WR t------
2017-10-24 21:10:50 Client terminated, reconnecting in 1...
2017-10-24 21:10:51 EVENT: RECONNECTING
2017-10-24 21:10:51 EVENT: RESOLVE
2017-10-24 21:10:51 Contacting x.x.x.x:443 via TCP
2017-10-24 21:10:51 EVENT: WAIT
2017-10-24 21:10:51 SetTunnelSocket returned 1
2017-10-24 21:10:51 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-24 21:10:52 TCP packet extract error: embedded_packet_size_error
2017-10-24 21:10:52 Transport Error: Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR
2017-10-24 21:10:52 EVENT: TRANSPORT_ERROR Transport error on 'xxxx.ddns.net: TCP_SIZE_ERROR [ERR]
2017-10-24 21:10:52 Client terminated, restarting in 5000 ms...
2017-10-24 21:10:52 EVENT: CONNECTION_TIMEOUT [ERR]
2017-10-24 21:10:52 EVENT: DISCONNECTED
2017-10-24 21:10:52 Raw stats on disconnect:
  BYTES_IN : 5625
  BYTES_OUT : 840
  PACKETS_IN : 15
  PACKETS_OUT : 15
  TRANSPORT_ERROR : 15
  TCP_SIZE_ERROR : 15
  CONNECTION_TIMEOUT : 1
  N_RECONNECT : 14
2017-10-24 21:10:52 Performance stats on disconnect:
  CPU usage (microseconds): 77078
  Network bytes per CPU second: 83876
  Tunnel bytes per CPU second: 0
2017-10-24 21:10:52 EVENT: DISCONNECT_PENDING
2017-10-24 21:10:52 ----- OpenVPN Stop -----

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 3243
Joined: Fri Jun 03, 2016 1:17 pm

Re: Can't connect IOS to openvpn server on port 443

Post by TinCanTech » Wed Oct 25, 2017 11:34 am

NasKar wrote:
Wed Oct 25, 2017 1:20 am
Here is the server log, 192.168.5.30 is my main computer on the LAN

Code: Select all

<snip>
Oct 24 21:11:00	openvpn	21712	TCPv4_SERVER link remote: [AF_INET]192.168.5.30:40420
Oct 24 21:11:00	openvpn	21712	TCPv4_SERVER link local: (not bound)
Oct 24 21:11:00	openvpn	21712	TCP connection established with [AF_INET]192.168.5.30:40420
192.168 again .. I think you have something interfering, like the pfSense router.

Unless the server and client are on the same LAN, connecting to 192.168.x.x is basically invalid ..

NasKar
OpenVPN User
Posts: 12
Joined: Tue Nov 01, 2016 10:54 pm

Re: Can't connect IOS to openvpn server on port 443

Post by NasKar » Wed Oct 25, 2017 2:34 pm

I logged onto the VPN from my iPhone on the cellular network with wifi turned off. Then got on my main computer on the 192.168.5.30 network to access the server log. If I have the IPhone wifi turned on then they would be on the same LAN 192.168.5.x. My guess from your help so far is it's a problem from my nextcloud server on port 443 causing a problem. I'll try to turn it off and see what happens.

NasKar
OpenVPN User
Posts: 12
Joined: Tue Nov 01, 2016 10:54 pm

Re: Can't connect IOS to openvpn server on port 443

Post by NasKar » Thu Oct 26, 2017 11:21 pm

I think I found part of the problem. I had port 443 forwarded to the 192.168.5.80 (nextcloud server) in pfsense. I removed it and added port-share 192.168.5.80 443 to the server config per this link https://doc.pfsense.org/index.php/Shari ... Web_Server. I'm now able to connect and view pages but the progress bar stops in the middle. It seem like there is still some issue. TinCan Tech I hope you won't mind looking at my new log files to troubleshoot for me.

iphone config

Code: Select all

persist-tun
persist-key
cipher AES-256-CBC
ncp-ciphers AES-256-CBC
auth SHA256
tls-client
client
remote xxxx.ddns.net 443 tcp
lport 0
verify-x509-name "plex2_cert" name
remote-cert-tls server
comp-lzo adaptive

<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----

-----END PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----

-----END OpenVPN Static key V1-----
</tls-auth>
key-direction 1
iPhone Log

Code: Select all

2017-10-26 18:52:22 ----- OpenVPN Start -----
OpenVPN core 3.1.2 ios arm64 64-bit built on Dec  5 2016 12:50:25
2017-10-26 18:52:22 Frame=512/2048/512 mssfix-ctrl=1250
2017-10-26 18:52:22 UNUSED OPTIONS
0 [persist-tun]
1 [persist-key]
3 [ncp-ciphers] [AES-256-CBC]
5 [tls-client]
8 [lport] [0]
9 [verify-x509-name] [plex2_cert] [name]

2017-10-26 18:52:22 EVENT: RESOLVE
2017-10-26 18:52:22 Contacting x.x.x.x:443 via TCP
2017-10-26 18:52:22 EVENT: WAIT
2017-10-26 18:52:22 SetTunnelSocket returned 1
2017-10-26 18:52:22 Connecting to [xxxx.ddns.net]:443 (x.x.x.x) via TCPv4
2017-10-26 18:52:22 EVENT: CONNECTING
2017-10-26 18:52:22 Tunnel Options:V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client
2017-10-26 18:52:22 Creds: UsernameEmpty/PasswordEmpty
2017-10-26 18:52:22 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.1.1-212
IV_VER=3.1.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO=1
IV_AUTO_SESS=1

2017-10-26 18:52:22 VERIFY OK: depth=1
cert. version    : 3
serial number    : 00
issuer name      : C=US, ST=xxxx, L=xxxx, O=xxxx, emailAddress=xxxx@gmail.com, CN=plex2-ca
subject name      : C=US, ST=xxxx, L=xxxx, O=xxxx, emailAddress=xxxx@gmail.com, CN=plex2-ca
issued  on        : 2017-06-21 22:50:24
expires on        : 2027-06-19 22:50:24
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=true
key usage        : Key Cert Sign, CRL Sign

2017-10-26 18:52:22 VERIFY OK: depth=0
cert. version    : 3
serial number    : 01
issuer name      : C=US, ST=xxxx, L=xxxx, O=xxxx, emailAddress=xxxx@gmail.com, CN=plex2-ca
subject name      : C=US, ST=xxxx, L=xxxx, O=xxxx, emailAddress=xxxx@gmail.com, CN=plex2_cert
issued  on        : 2017-06-21 22:51:15
expires on        : 2027-06-19 22:51:15
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=false
subject alt name  : plex2_cert
cert. type        : SSL Server
key usage        : Digital Signature, Key Encipherment
ext key usage    : TLS Web Server Authentication, ???

2017-10-26 18:52:23 NET Internet:ReachableViaWWAN/WR t------
2017-10-26 18:52:23 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
2017-10-26 18:52:23 Session is ACTIVE
2017-10-26 18:52:23 EVENT: GET_CONFIG
2017-10-26 18:52:23 Sending PUSH_REQUEST to server...
2017-10-26 18:52:23 OPTIONS:
0 [route] [192.168.5.1] [255.255.255.0]
1 [dhcp-option] [DNS] [208.67.222.222]
2 [dhcp-option] [DNS] [208.67.220.220]
3 [redirect-gateway] [def1]
4 [route-gateway] [172.16.4.1]
5 [topology] [subnet]
6 [ping] [10]
7 [ping-restart] [60]
8 [ifconfig] [172.16.4.2] [255.255.255.0]
9 [peer-id] [0]
10 [cipher] [AES-256-CBC]

2017-10-26 18:52:23 PROTOCOL OPTIONS:
  cipher: AES-256-CBC
  digest: SHA256
  compress: LZO
  peer ID: 0
2017-10-26 18:52:23 EVENT: ASSIGN_IP
2017-10-26 18:52:23 Error parsing IPv4 route: [route] [192.168.5.1] [255.255.255.0]  : tun_prop_error: route is not canonical
2017-10-26 18:52:23 Connected via tun
2017-10-26 18:52:23 LZO-ASYM init swap=0 asym=0
2017-10-26 18:52:23 EVENT: CONNECTED @xxxx.ddns.net:443 (x.x.x.x) via /TCPv4 on tun/172.16.4.2/ gw=[172.16.4.1/]
2017-10-26 18:52:23 SetStatus Connected
Server config

Code: Select all

dev ovpns2
verb 4
dev-type tun
dev-node /dev/tun2
writepid /var/run/openvpn_server2.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto tcp4-server
cipher AES-256-CBC
auth SHA256
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local x.x.x.x
tls-server
server 172.16.4.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc/server2
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'plex2_cert' 1"
lport 443
management /var/etc/openvpn/server2.sock unix
max-clients 10
push "route 192.168.5.1 255.255.255.0"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
push "redirect-gateway def1"
client-to-client
ca /var/etc/openvpn/server2.ca 
cert /var/etc/openvpn/server2.cert 
key /var/etc/openvpn/server2.key 
dh /etc/dh-parameters.2048
tls-auth /var/etc/openvpn/server2.tls-auth 0
ncp-ciphers AES-256-CBC
comp-lzo adaptive
persist-remote-ip
float
topology subnet
port-share 192.168.5.80 443
Server Log

Code: Select all

Oct 26 18:53:24	openvpn	53975	MANAGEMENT: Client disconnected
Oct 26 18:53:24	openvpn	53975	MANAGEMENT: CMD 'quit'
Oct 26 18:53:24	openvpn	53975	MANAGEMENT: CMD 'status 2'
Oct 26 18:53:23	openvpn	53975	MANAGEMENT: Client connected from /var/etc/openvpn/server3.sock
Oct 26 18:53:23	openvpn	41671	MANAGEMENT: Client disconnected
Oct 26 18:53:23	openvpn	41671	MANAGEMENT: CMD 'quit'
Oct 26 18:53:23	openvpn	41671	MANAGEMENT: CMD 'status 2'
Oct 26 18:53:23	openvpn	41671	MANAGEMENT: Client connected from /var/etc/openvpn/server2.sock
Oct 26 18:53:23	openvpn	61689	MANAGEMENT: Client disconnected
Oct 26 18:53:23	openvpn	61689	MANAGEMENT: CMD 'quit'
Oct 26 18:53:23	openvpn	61689	MANAGEMENT: CMD 'status 2'
Oct 26 18:53:23	openvpn	61689	MANAGEMENT: Client connected from /var/etc/openvpn/server4.sock
Oct 26 18:52:50	openvpn	41671	Plex2User/174.204.5.224:2845 Incoming Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
Oct 26 18:52:50	openvpn	41671	Plex2User/174.204.5.224:2845 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Oct 26 18:52:50	openvpn	41671	Plex2User/174.204.5.224:2845 Outgoing Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
Oct 26 18:52:50	openvpn	41671	Plex2User/174.204.5.224:2845 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Oct 26 18:52:50	openvpn	41671	Plex2User/174.204.5.224:2845 Data Channel MTU parms [ L:1572 D:1450 EF:72 EB:406 ET:0 EL:3 ]
Oct 26 18:52:50	openvpn	41671	Plex2User/174.204.5.224:2845 SENT CONTROL [Plex2User]: 'PUSH_REPLY,route 192.168.5.1 255.255.255.0,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,redirect-gateway def1,route-gateway 172.16.4.1,topology subnet,ping 10,ping-restart 60,ifconfig 172.16.4.2 255.255.255.0,peer-id 0,cipher AES-256-CBC' (status=1)
Oct 26 18:52:50	openvpn	41671	Plex2User/174.204.5.224:2845 PUSH: Received control message: 'PUSH_REQUEST'
Oct 26 18:52:50	openvpn	41671	Plex2User/174.204.5.224:2845 MULTI: primary virtual IP for Plex2User/174.204.5.224:2845: 172.16.4.2
Oct 26 18:52:50	openvpn	41671	Plex2User/174.204.5.224:2845 MULTI: Learn: 172.16.4.2 -> Plex2User/174.204.5.224:2845
Oct 26 18:52:50	openvpn	41671	Plex2User/174.204.5.224:2845 MULTI_sva: pool returned IPv4=172.16.4.2, IPv6=(Not enabled)
Oct 26 18:52:50	openvpn	41671	174.204.5.224:2845 [Plex2User] Peer Connection Initiated with [AF_INET]174.204.5.224:2845
Oct 26 18:52:50	openvpn	41671	174.204.5.224:2845 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Oct 26 18:52:50	openvpn	41671	174.204.5.224:2845 peer info: IV_AUTO_SESS=1
Oct 26 18:52:50	openvpn	41671	174.204.5.224:2845 peer info: IV_LZO=1
Oct 26 18:52:50	openvpn	41671	174.204.5.224:2845 peer info: IV_PROTO=2
Oct 26 18:52:50	openvpn	41671	174.204.5.224:2845 peer info: IV_TCPNL=1
Oct 26 18:52:50	openvpn	41671	174.204.5.224:2845 peer info: IV_NCP=2
Oct 26 18:52:50	openvpn	41671	174.204.5.224:2845 peer info: IV_PLAT=ios
Oct 26 18:52:50	openvpn	41671	174.204.5.224:2845 peer info: IV_VER=3.1.2
Oct 26 18:52:50	openvpn	41671	174.204.5.224:2845 peer info: IV_GUI_VER=net.openvpn.connect.ios_1.1.1-212
Oct 26 18:52:50	openvpn	41671	174.204.5.224:2845 VERIFY OK: depth=0, C=US, ST=xxxx, L=xxxx, O=xxxx, emailAddress=xxxx@gmail.com, CN=Plex2User
Oct 26 18:52:50	openvpn	41671	174.204.5.224:2845 VERIFY SCRIPT OK: depth=0, C=US, ST=xxxx, L=xxxx, O=xxxx, emailAddress=xxxx@gmail.com, CN=Plex2User
Oct 26 18:52:50	openvpn	41671	174.204.5.224:2845 VERIFY OK: depth=1, C=US, ST=xxxx, L=xxxx, O=xxxx, emailAddress=xxxx@gmail.com, CN=plex2-ca
Oct 26 18:52:50	openvpn	41671	174.204.5.224:2845 VERIFY SCRIPT OK: depth=1, C=US, ST=xxxx, L=xxxx, O=xxxx, emailAddress=xxxx@gmail.com, CN=plex2-ca
Oct 26 18:52:50	openvpn	41671	174.204.5.224:2845 TLS: Initial packet from [AF_INET]174.204.5.224:2845, sid=e6bce7ec 7c0ca6c5
Oct 26 18:52:50	openvpn	41671	TCPv4_SERVER link remote: [AF_INET]174.204.5.224:2845
Oct 26 18:52:50	openvpn	41671	TCPv4_SERVER link local: (not bound)
Oct 26 18:52:50	openvpn	41671	TCP connection established with [AF_INET]174.204.5.224:2845
Oct 26 18:52:50	openvpn	41671	Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client'
Oct 26 18:52:50	openvpn	41671	Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-server'
Oct 26 18:52:50	openvpn	41671	Data Channel MTU parms [ L:1624 D:1450 EF:124 EB:406 ET:0 EL:3 ]
Oct 26 18:52:50	openvpn	41671	Control Channel MTU parms [ L:1624 D:1170 EF:80 EB:0 ET:0 EL:3 ]
Oct 26 18:52:50	openvpn	41671	LZO compression initializing
Oct 26 18:52:50	openvpn	41671	Re-using SSL/TLS context
Oct 26 18:52:50	openvpn	41671	MULTI: multi_create_instance called
Oct 26 18:52:21	openvpn	53975	MANAGEMENT: Client disconnected
Oct 26 18:52:21	openvpn	53975	MANAGEMENT: CMD 'quit'
Oct 26 18:52:21	openvpn	53975	MANAGEMENT: CMD 'status 2'
Oct 26 18:52:21	openvpn	53975	MANAGEMENT: Client connected from /var/etc/openvpn/server3.sock
Oct 26 18:52:21	openvpn	41671	MANAGEMENT: Client disconnected
Oct 26 18:52:21	openvpn	41671	MANAGEMENT: CMD 'quit'
Oct 26 18:52:20	openvpn	41671	MANAGEMENT: CMD 'status 2'
Oct 26 18:52:20	openvpn	41671	MANAGEMENT: Client connected from /var/etc/openvpn/server2.sock
Oct 26 18:52:20	openvpn	61689	MANAGEMENT: Client disconnected
Oct 26 18:52:20	openvpn	61689	MANAGEMENT: CMD 'quit'
Oct 26 18:52:20	openvpn	61689	MANAGEMENT: CMD 'status 2'
Oct 26 18:52:20	openvpn	61689	MANAGEMENT: Client connected from /var/etc/openvpn/server4.sock

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 3243
Joined: Fri Jun 03, 2016 1:17 pm

Re: Can't connect IOS to openvpn server on port 443

Post by TinCanTech » Fri Oct 27, 2017 12:31 am

If you can .. avoid "port sharing" .. then go from there !

There is some Icy model or something .. :mrgreen:

Post Reply