OpenVPN 3.0.2 (894) and IOS 12.0.1 Connects but no traffic

[ClemFM]

As per other similar posts, since updating to 12.0.1 I continue to have no trouble connecting (to an Opengear device), however, other apps cannot access anything. A very small mount of traffic is indicated by the OpenVPN app. This issue exists on all of our IOS devices.

I have tried:
1. No compression set on the app and the OpenVPN server
2. Compression 'on' and 'downlink only' settings
3. Including # compress lz4-v2 and # push "compress lz4-v2" in the config pushed out by the server

The current de-identified app log follows:

2018-30-01 09:30:57 1

2018-30-01 09:30:57 ----- OpenVPN Start -----
OpenVPN core 3.2 ios arm64 64-bit PT_PROXY built on Oct 3 2018 06:35:04

2018-30-01 09:30:57 Frame=512/2048/512 mssfix-ctrl=1250

2018-30-01 09:30:57 UNUSED OPTIONS
1 [nobind]
3 [persist-tun]
4 [persist-key]
6 [pull]
7 [tls-client]
11 [route-delay] [5]

2018-30-01 09:30:57 EVENT: RESOLVE

2018-30-01 09:30:57 Contacting [101.173.XXX.XXX]:443/TCP via TCP

2018-30-01 09:30:57 EVENT: WAIT

2018-30-01 09:30:57 Connecting to [XXX.biz]:443 (101.173.XXX.XXX) via TCPv4

2018-30-01 09:30:57 EVENT: CONNECTING

2018-30-01 09:30:57 Tunnel Options:V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client

2018-30-01 09:30:57 Creds: UsernameEmpty/PasswordEmpty

2018-30-01 09:30:57 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 3.0.2-894
IV_VER=3.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO=1
IV_LZO_SWAP=1
IV_LZ4=1
IV_LZ4v2=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_IPv6=0
IV_AUTO_SESS=1
IV_BS64DL=1


2018-31-01 09:31:02 VERIFY OK : depth=1
cert. version : 3
serial number : 01
issuer name : C=XXX, ST=XXX, L=XXX, O=XXX, OU=Networks, emailAddress=XXX.com, CN=XXX
subject name : C=XXX, ST=XXX, L=XXX, O=XXX, OU=Networks, emailAddress=XXX.com, CN=XXX
issued on : 2018-08-09 09:57:26
expires on : 2028-08-06 09:57:26
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=true


2018-31-01 09:31:02 VERIFY OK : depth=0
cert. version : 3
serial number : 02
issuer name : C=XXX, ST=XX, L=XXX, O=XXX, OU=Networks, emailAddress=XXX.com, CN=XXX
subject name : C=XXX, ST=XX, L=XXX, O=XXX, emailAddress=XXX.com, CN=server
issued on : 2018-08-09 10:00:48
expires on : 2028-08-06 10:00:48
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=false
cert. type : SSL Server
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication


2018-31-01 09:31:07 SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA

2018-31-01 09:31:07 Session is ACTIVE

2018-31-01 09:31:07 EVENT: GET_CONFIG

2018-31-01 09:31:07 Sending PUSH_REQUEST to server...

2018-31-01 09:31:07 OPTIONS:
0 [route] [192.168.0.1]
1 [topology] [net30]
2 [ping] [10]
3 [ping-restart] [120]
4 [ifconfig] [192.168.0.10] [192.168.0.9]
5 [block-ipv6]


2018-31-01 09:31:07 PROTOCOL OPTIONS:
cipher: BF-CBC
digest: SHA1
compress: ANY
peer ID: -1

2018-31-01 09:31:07 EVENT: ASSIGN_IP

2018-31-01 09:31:07 NIP: preparing TUN network settings

2018-31-01 09:31:07 NIP: init TUN network settings with endpoint: 101.173.XXX.XXX

2018-31-01 09:31:07 NIP: adding IPv4 address to network settings 192.168.0.10/255.255.255.252

2018-31-01 09:31:07 NIP: adding (included) IPv4 route 192.168.0.8/30

2018-31-01 09:31:07 NIP: adding (included) IPv4 route 192.168.0.1/32

2018-31-01 09:31:07 NIP: blocking all IPv6 traffic

2018-31-01 09:31:07 Connected via NetworkExtensionTUN

2018-31-01 09:31:07 Per-Key Data Limit: 48000000/48000000

2018-31-01 09:31:07 LZO-ASYM init swap=0 asym=1

2018-31-01 09:31:07 Comp-stub init swap=0

2018-31-01 09:31:07 EVENT: CONNECTED XXX.biz:443 (101.173.XXX.XXX) via /TCPv4 on NetworkExtensionTUN/192.168.0.10/ gw=[/]

[TinCanTech]

Without your complete configs and logs (including your server) it is difficult to say ..

But .. never use 192.168.0.0/24 as your base network because you will probably suffer
from network conflicts. So change that.

[ClemFM]

Without your complete configs and logs (including your server) it is difficult to say ..

But .. never use 192.168.0.0/24 as your base network because you will probably suffer
from network conflicts. So change that.

The LAN is using 192.168.15.0/24, I’m not sure how this would conflict with 192.168.0.0/24?

[poishish]

i have the same kind of problem. i see data passing trought the network (bytes) but no access.

[TinCanTech]

viewtopic.php?f=30&t=22603

[FTP]

OpenVPN 3.0.2 (894) and IOS 12.0.1 Connects but no traffic

I have the same problem.

Client
OpenVPN 3.0.2 (894) on IOS 12.0.1

Config...

View Originalclient.openvpn

dev tun
tls-client
remote 0.0.0.0 1194
redirect-gateway def1
dhcp-option DNS 192.168.0.254
pull
proto udp
script-security 2
reneg-sec 0
cipher AES-256-CBC
auth SHA256
auth-user-pass
<ca>
-----BEGIN CERTIFICATE-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END CERTIFICATE-----
</ca>

Log...

Code: Select all

2018-11-03 23:02:20 1

2018-11-03 23:02:20 ----- OpenVPN Start -----
OpenVPN core 3.2 ios arm64 64-bit PT_PROXY built on Oct  3 2018 06:35:04

2018-11-03 23:02:20 Frame=512/2048/512 mssfix-ctrl=1250

2018-11-03 23:02:20 UNUSED OPTIONS
1 [tls-client]
5 [pull]
7 [script-security] [2]

2018-11-03 23:02:20 EVENT: RESOLVE

2018-11-03 23:02:20 Contacting [0.0.0.0]:1194/UDP via UDP

2018-11-03 23:02:20 EVENT: WAIT

2018-11-03 23:02:20 Connecting to [0.0.0.0]:1194 (0.0.0.0) via UDPv4

2018-11-03 23:02:20 EVENT: CONNECTING

2018-11-03 23:02:20 Tunnel Options:V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client

2018-11-03 23:02:20 Creds: Username/Password

2018-11-03 23:02:20 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 3.0.2-894
IV_VER=3.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2


2018-11-03 23:02:20 VERIFY OK : depth=1
cert. version    : 3
serial number    : 00:00:00:00:00:00:00:00
issuer name      : C=TW, L=Taipei, O=Synology Inc., CN=Synology Inc. CA
subject name      : C=TW, L=Taipei, O=Synology Inc., CN=Synology Inc. CA
issued  on        : 2017-11-20 10:32:46
expires on        : 2037-08-07 10:32:46
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=true


2018-11-03 23:02:20 VERIFY OK : depth=0
cert. version    : 1
serial number    : 00:00:00:00:00:00:00:00
issuer name      : C=TW, L=Taipei, O=Synology Inc., CN=Synology Inc. CA
subject name      : C=TW, L=Taipei, O=Synology Inc., CN=synology.com
issued  on        : 2017-11-20 10:32:46
expires on        : 2037-08-07 10:32:46
signed using      : RSA with SHA-256
RSA key size      : 2048 bits


2018-11-03 23:02:21 SSL Handshake: TLSv1.2/TLS-DHE-RSA-WITH-AES-256-GCM-SHA384

2018-11-03 23:02:21 Session is ACTIVE

2018-11-03 23:02:21 EVENT: GET_CONFIG

2018-11-03 23:02:21 Sending PUSH_REQUEST to server...

2018-11-03 23:02:21 OPTIONS:
0 [redirect-gateway] [def1]
1 [dhcp-option] [DNS] [192.168.0.254]
2 [route] [10.8.0.0] [255.255.255.0]
3 [route] [10.8.0.1]
4 [topology] [net30]
5 [ping] [10]
6 [ping-restart] [60]
7 [ifconfig] [10.8.0.6] [10.8.0.5]


2018-11-03 23:02:21 PROTOCOL OPTIONS:
  cipher: AES-256-CBC
  digest: SHA256
  compress: NONE
  peer ID: -1

2018-11-03 23:02:21 EVENT: ASSIGN_IP

2018-11-03 23:02:21 NIP: preparing TUN network settings

2018-11-03 23:02:21 NIP: init TUN network settings with endpoint: 0.0.0.0

2018-11-03 23:02:21 NIP: adding IPv4 address to network settings 10.8.0.6/255.255.255.252

2018-11-03 23:02:21 NIP: adding (included) IPv4 route 10.8.0.4/30

2018-11-03 23:02:21 NIP: adding (included) IPv4 route 10.8.0.0/24

2018-11-03 23:02:21 NIP: adding (included) IPv4 route 10.8.0.1/32

2018-11-03 23:02:21 NIP: redirecting all IPv4 traffic to TUN interface

2018-11-03 23:02:21 NIP: adding DNS 192.168.0.254

2018-11-03 23:02:21 Connected via NetworkExtensionTUN

2018-11-03 23:02:21 EVENT: CONNECTED Username@0.0.0.0:1194 (0.0.0.0) via /UDPv4 on NetworkExtensionTUN/10.8.0.6/ gw=[/]

Server
VPN Server 1.3.9-2770 (last version) on Synology NAS, DSM 6.2.1-23824 Update 1 (last version).

On this side, I don't know where to find any detailed log.
There's one on the VPN Server app, but it just says...

Code: Select all

Type            Date and Time           Protocole     Username      Event
Information 	2018/11/03 23:02:46	OpenVPN	      Username      Disconnected from [0.0.0.0] as [10.8.0.6].
Information 	2018/11/03 23:02:21	OpenVPN	      Username      Connected from [0.0.0.0] as [10.8.0.6].

Issue
I can connect but there's no trafic, while the compression is disabled on server and client sides.

[FTP]

Any one can help?
It's really blocking
Thanks!

[mrdindon]

Same here.
Everything stopped working a few days ago
Connection is done with the server but then, no communication possible. It was working well when I was with the testflight beta version.

[mrdindon]

Same here.
Everything stopped working a few days ago
Connection is done with the server but then, no communication possible. It was working well when I was with the testflight beta version.

Sorry.. my bad... mtu issue... all good now.
Had to put "tun-mtu 1500" on the server side and on the client side :
tun-mtu 1492
mssfix 1400