OpenVPN 3.0.2 (894) and IOS 12.0.1 Connects but no traffic
-
- OpenVpn Newbie
- Posts: 4
- Joined: Wed Oct 31, 2018 10:13 pm
OpenVPN 3.0.2 (894) and IOS 12.0.1 Connects but no traffic
As per other similar posts, since updating to 12.0.1 I continue to have no trouble connecting (to an Opengear device), however, other apps cannot access anything. A very small mount of traffic is indicated by the OpenVPN app. This issue exists on all of our IOS devices.
I have tried:
1. No compression set on the app and the OpenVPN server
2. Compression 'on' and 'downlink only' settings
3. Including # compress lz4-v2 and # push "compress lz4-v2" in the config pushed out by the server
The current de-identified app log follows:
2018-30-01 09:30:57 1
2018-30-01 09:30:57 ----- OpenVPN Start -----
OpenVPN core 3.2 ios arm64 64-bit PT_PROXY built on Oct 3 2018 06:35:04
2018-30-01 09:30:57 Frame=512/2048/512 mssfix-ctrl=1250
2018-30-01 09:30:57 UNUSED OPTIONS
1 [nobind]
3 [persist-tun]
4 [persist-key]
6 [pull]
7 [tls-client]
11 [route-delay] [5]
2018-30-01 09:30:57 EVENT: RESOLVE
2018-30-01 09:30:57 Contacting [101.173.XXX.XXX]:443/TCP via TCP
2018-30-01 09:30:57 EVENT: WAIT
2018-30-01 09:30:57 Connecting to [XXX.biz]:443 (101.173.XXX.XXX) via TCPv4
2018-30-01 09:30:57 EVENT: CONNECTING
2018-30-01 09:30:57 Tunnel Options:V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client
2018-30-01 09:30:57 Creds: UsernameEmpty/PasswordEmpty
2018-30-01 09:30:57 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 3.0.2-894
IV_VER=3.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO=1
IV_LZO_SWAP=1
IV_LZ4=1
IV_LZ4v2=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_IPv6=0
IV_AUTO_SESS=1
IV_BS64DL=1
2018-31-01 09:31:02 VERIFY OK : depth=1
cert. version : 3
serial number : 01
issuer name : C=XXX, ST=XXX, L=XXX, O=XXX, OU=Networks, emailAddress=XXX.com, CN=XXX
subject name : C=XXX, ST=XXX, L=XXX, O=XXX, OU=Networks, emailAddress=XXX.com, CN=XXX
issued on : 2018-08-09 09:57:26
expires on : 2028-08-06 09:57:26
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=true
2018-31-01 09:31:02 VERIFY OK : depth=0
cert. version : 3
serial number : 02
issuer name : C=XXX, ST=XX, L=XXX, O=XXX, OU=Networks, emailAddress=XXX.com, CN=XXX
subject name : C=XXX, ST=XX, L=XXX, O=XXX, emailAddress=XXX.com, CN=server
issued on : 2018-08-09 10:00:48
expires on : 2028-08-06 10:00:48
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=false
cert. type : SSL Server
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication
2018-31-01 09:31:07 SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA
2018-31-01 09:31:07 Session is ACTIVE
2018-31-01 09:31:07 EVENT: GET_CONFIG
2018-31-01 09:31:07 Sending PUSH_REQUEST to server...
2018-31-01 09:31:07 OPTIONS:
0 [route] [192.168.0.1]
1 [topology] [net30]
2 [ping] [10]
3 [ping-restart] [120]
4 [ifconfig] [192.168.0.10] [192.168.0.9]
5 [block-ipv6]
2018-31-01 09:31:07 PROTOCOL OPTIONS:
cipher: BF-CBC
digest: SHA1
compress: ANY
peer ID: -1
2018-31-01 09:31:07 EVENT: ASSIGN_IP
2018-31-01 09:31:07 NIP: preparing TUN network settings
2018-31-01 09:31:07 NIP: init TUN network settings with endpoint: 101.173.XXX.XXX
2018-31-01 09:31:07 NIP: adding IPv4 address to network settings 192.168.0.10/255.255.255.252
2018-31-01 09:31:07 NIP: adding (included) IPv4 route 192.168.0.8/30
2018-31-01 09:31:07 NIP: adding (included) IPv4 route 192.168.0.1/32
2018-31-01 09:31:07 NIP: blocking all IPv6 traffic
2018-31-01 09:31:07 Connected via NetworkExtensionTUN
2018-31-01 09:31:07 Per-Key Data Limit: 48000000/48000000
2018-31-01 09:31:07 LZO-ASYM init swap=0 asym=1
2018-31-01 09:31:07 Comp-stub init swap=0
2018-31-01 09:31:07 EVENT: CONNECTED XXX.biz:443 (101.173.XXX.XXX) via /TCPv4 on NetworkExtensionTUN/192.168.0.10/ gw=[/]
I have tried:
1. No compression set on the app and the OpenVPN server
2. Compression 'on' and 'downlink only' settings
3. Including # compress lz4-v2 and # push "compress lz4-v2" in the config pushed out by the server
The current de-identified app log follows:
2018-30-01 09:30:57 1
2018-30-01 09:30:57 ----- OpenVPN Start -----
OpenVPN core 3.2 ios arm64 64-bit PT_PROXY built on Oct 3 2018 06:35:04
2018-30-01 09:30:57 Frame=512/2048/512 mssfix-ctrl=1250
2018-30-01 09:30:57 UNUSED OPTIONS
1 [nobind]
3 [persist-tun]
4 [persist-key]
6 [pull]
7 [tls-client]
11 [route-delay] [5]
2018-30-01 09:30:57 EVENT: RESOLVE
2018-30-01 09:30:57 Contacting [101.173.XXX.XXX]:443/TCP via TCP
2018-30-01 09:30:57 EVENT: WAIT
2018-30-01 09:30:57 Connecting to [XXX.biz]:443 (101.173.XXX.XXX) via TCPv4
2018-30-01 09:30:57 EVENT: CONNECTING
2018-30-01 09:30:57 Tunnel Options:V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client
2018-30-01 09:30:57 Creds: UsernameEmpty/PasswordEmpty
2018-30-01 09:30:57 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 3.0.2-894
IV_VER=3.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO=1
IV_LZO_SWAP=1
IV_LZ4=1
IV_LZ4v2=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_IPv6=0
IV_AUTO_SESS=1
IV_BS64DL=1
2018-31-01 09:31:02 VERIFY OK : depth=1
cert. version : 3
serial number : 01
issuer name : C=XXX, ST=XXX, L=XXX, O=XXX, OU=Networks, emailAddress=XXX.com, CN=XXX
subject name : C=XXX, ST=XXX, L=XXX, O=XXX, OU=Networks, emailAddress=XXX.com, CN=XXX
issued on : 2018-08-09 09:57:26
expires on : 2028-08-06 09:57:26
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=true
2018-31-01 09:31:02 VERIFY OK : depth=0
cert. version : 3
serial number : 02
issuer name : C=XXX, ST=XX, L=XXX, O=XXX, OU=Networks, emailAddress=XXX.com, CN=XXX
subject name : C=XXX, ST=XX, L=XXX, O=XXX, emailAddress=XXX.com, CN=server
issued on : 2018-08-09 10:00:48
expires on : 2028-08-06 10:00:48
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=false
cert. type : SSL Server
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication
2018-31-01 09:31:07 SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA
2018-31-01 09:31:07 Session is ACTIVE
2018-31-01 09:31:07 EVENT: GET_CONFIG
2018-31-01 09:31:07 Sending PUSH_REQUEST to server...
2018-31-01 09:31:07 OPTIONS:
0 [route] [192.168.0.1]
1 [topology] [net30]
2 [ping] [10]
3 [ping-restart] [120]
4 [ifconfig] [192.168.0.10] [192.168.0.9]
5 [block-ipv6]
2018-31-01 09:31:07 PROTOCOL OPTIONS:
cipher: BF-CBC
digest: SHA1
compress: ANY
peer ID: -1
2018-31-01 09:31:07 EVENT: ASSIGN_IP
2018-31-01 09:31:07 NIP: preparing TUN network settings
2018-31-01 09:31:07 NIP: init TUN network settings with endpoint: 101.173.XXX.XXX
2018-31-01 09:31:07 NIP: adding IPv4 address to network settings 192.168.0.10/255.255.255.252
2018-31-01 09:31:07 NIP: adding (included) IPv4 route 192.168.0.8/30
2018-31-01 09:31:07 NIP: adding (included) IPv4 route 192.168.0.1/32
2018-31-01 09:31:07 NIP: blocking all IPv6 traffic
2018-31-01 09:31:07 Connected via NetworkExtensionTUN
2018-31-01 09:31:07 Per-Key Data Limit: 48000000/48000000
2018-31-01 09:31:07 LZO-ASYM init swap=0 asym=1
2018-31-01 09:31:07 Comp-stub init swap=0
2018-31-01 09:31:07 EVENT: CONNECTED XXX.biz:443 (101.173.XXX.XXX) via /TCPv4 on NetworkExtensionTUN/192.168.0.10/ gw=[/]
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: OpenVPN 3.0.2 (894) and IOS 12.0.1 Connects but no traffic
Without your complete configs and logs (including your server) it is difficult to say ..
But .. never use 192.168.0.0/24 as your base network because you will probably suffer
from network conflicts. So change that.
But .. never use 192.168.0.0/24 as your base network because you will probably suffer
from network conflicts. So change that.
-
- OpenVpn Newbie
- Posts: 4
- Joined: Wed Oct 31, 2018 10:13 pm
Re: OpenVPN 3.0.2 (894) and IOS 12.0.1 Connects but no traffic
The LAN is using 192.168.15.0/24, I’m not sure how this would conflict with 192.168.0.0/24?TinCanTech wrote: ↑Thu Nov 01, 2018 11:51 amWithout your complete configs and logs (including your server) it is difficult to say ..
But .. never use 192.168.0.0/24 as your base network because you will probably suffer
from network conflicts. So change that.
-
- OpenVpn Newbie
- Posts: 3
- Joined: Fri Nov 02, 2018 1:48 pm
Re: OpenVPN 3.0.2 (894) and IOS 12.0.1 Connects but no traffic
i have the same kind of problem. i see data passing trought the network (bytes) but no access.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
-
- OpenVpn Newbie
- Posts: 5
- Joined: Sat Nov 03, 2018 10:07 pm
Re: OpenVPN 3.0.2 (894) and IOS 12.0.1 Connects but no traffic
I have the same problem.OpenVPN 3.0.2 (894) and IOS 12.0.1 Connects but no traffic
Client
OpenVPN 3.0.2 (894) on IOS 12.0.1
Config...
client.openvpn
dev tun
tls-client
remote 0.0.0.0 1194
redirect-gateway def1
dhcp-option DNS 192.168.0.254
pull
proto udp
script-security 2
reneg-sec 0
cipher AES-256-CBC
auth SHA256
auth-user-pass
<ca>
-----BEGIN CERTIFICATE-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END CERTIFICATE-----
</ca>
tls-client
remote 0.0.0.0 1194
redirect-gateway def1
dhcp-option DNS 192.168.0.254
pull
proto udp
script-security 2
reneg-sec 0
cipher AES-256-CBC
auth SHA256
auth-user-pass
<ca>
-----BEGIN CERTIFICATE-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END CERTIFICATE-----
</ca>
Log...
Code: Select all
2018-11-03 23:02:20 1
2018-11-03 23:02:20 ----- OpenVPN Start -----
OpenVPN core 3.2 ios arm64 64-bit PT_PROXY built on Oct 3 2018 06:35:04
2018-11-03 23:02:20 Frame=512/2048/512 mssfix-ctrl=1250
2018-11-03 23:02:20 UNUSED OPTIONS
1 [tls-client]
5 [pull]
7 [script-security] [2]
2018-11-03 23:02:20 EVENT: RESOLVE
2018-11-03 23:02:20 Contacting [0.0.0.0]:1194/UDP via UDP
2018-11-03 23:02:20 EVENT: WAIT
2018-11-03 23:02:20 Connecting to [0.0.0.0]:1194 (0.0.0.0) via UDPv4
2018-11-03 23:02:20 EVENT: CONNECTING
2018-11-03 23:02:20 Tunnel Options:V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client
2018-11-03 23:02:20 Creds: Username/Password
2018-11-03 23:02:20 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 3.0.2-894
IV_VER=3.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
2018-11-03 23:02:20 VERIFY OK : depth=1
cert. version : 3
serial number : 00:00:00:00:00:00:00:00
issuer name : C=TW, L=Taipei, O=Synology Inc., CN=Synology Inc. CA
subject name : C=TW, L=Taipei, O=Synology Inc., CN=Synology Inc. CA
issued on : 2017-11-20 10:32:46
expires on : 2037-08-07 10:32:46
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=true
2018-11-03 23:02:20 VERIFY OK : depth=0
cert. version : 1
serial number : 00:00:00:00:00:00:00:00
issuer name : C=TW, L=Taipei, O=Synology Inc., CN=Synology Inc. CA
subject name : C=TW, L=Taipei, O=Synology Inc., CN=synology.com
issued on : 2017-11-20 10:32:46
expires on : 2037-08-07 10:32:46
signed using : RSA with SHA-256
RSA key size : 2048 bits
2018-11-03 23:02:21 SSL Handshake: TLSv1.2/TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
2018-11-03 23:02:21 Session is ACTIVE
2018-11-03 23:02:21 EVENT: GET_CONFIG
2018-11-03 23:02:21 Sending PUSH_REQUEST to server...
2018-11-03 23:02:21 OPTIONS:
0 [redirect-gateway] [def1]
1 [dhcp-option] [DNS] [192.168.0.254]
2 [route] [10.8.0.0] [255.255.255.0]
3 [route] [10.8.0.1]
4 [topology] [net30]
5 [ping] [10]
6 [ping-restart] [60]
7 [ifconfig] [10.8.0.6] [10.8.0.5]
2018-11-03 23:02:21 PROTOCOL OPTIONS:
cipher: AES-256-CBC
digest: SHA256
compress: NONE
peer ID: -1
2018-11-03 23:02:21 EVENT: ASSIGN_IP
2018-11-03 23:02:21 NIP: preparing TUN network settings
2018-11-03 23:02:21 NIP: init TUN network settings with endpoint: 0.0.0.0
2018-11-03 23:02:21 NIP: adding IPv4 address to network settings 10.8.0.6/255.255.255.252
2018-11-03 23:02:21 NIP: adding (included) IPv4 route 10.8.0.4/30
2018-11-03 23:02:21 NIP: adding (included) IPv4 route 10.8.0.0/24
2018-11-03 23:02:21 NIP: adding (included) IPv4 route 10.8.0.1/32
2018-11-03 23:02:21 NIP: redirecting all IPv4 traffic to TUN interface
2018-11-03 23:02:21 NIP: adding DNS 192.168.0.254
2018-11-03 23:02:21 Connected via NetworkExtensionTUN
2018-11-03 23:02:21 EVENT: CONNECTED Username@0.0.0.0:1194 (0.0.0.0) via /UDPv4 on NetworkExtensionTUN/10.8.0.6/ gw=[/]
VPN Server 1.3.9-2770 (last version) on Synology NAS, DSM 6.2.1-23824 Update 1 (last version).
On this side, I don't know where to find any detailed log.
There's one on the VPN Server app, but it just says...
Code: Select all
Type Date and Time Protocole Username Event
Information 2018/11/03 23:02:46 OpenVPN Username Disconnected from [0.0.0.0] as [10.8.0.6].
Information 2018/11/03 23:02:21 OpenVPN Username Connected from [0.0.0.0] as [10.8.0.6].
I can connect but there's no trafic, while the compression is disabled on server and client sides.
-
- OpenVpn Newbie
- Posts: 5
- Joined: Sat Nov 03, 2018 10:07 pm
Re: OpenVPN 3.0.2 (894) and IOS 12.0.1 Connects but no traffic
Any one can help?
It's really blocking
Thanks!
It's really blocking
Thanks!
-
- OpenVpn Newbie
- Posts: 6
- Joined: Mon Apr 16, 2012 3:23 pm
Re: OpenVPN 3.0.2 (894) and IOS 12.0.1 Connects but no traffic
Same here.
Everything stopped working a few days ago
Connection is done with the server but then, no communication possible. It was working well when I was with the testflight beta version.
Everything stopped working a few days ago
Connection is done with the server but then, no communication possible. It was working well when I was with the testflight beta version.
-
- OpenVpn Newbie
- Posts: 6
- Joined: Mon Apr 16, 2012 3:23 pm
Re: OpenVPN 3.0.2 (894) and IOS 12.0.1 Connects but no traffic
Sorry.. my bad... mtu issue... all good now.
Had to put "tun-mtu 1500" on the server side and on the client side :
tun-mtu 1492
mssfix 1400