[Solved] iPad apple_digest_error: NONE: not usable

[thufir]

Out of the blue, without any know changes on my part, I can no longer connect with OpenVPN on my iPad. Everything used to work just fine!

I get error message:
CORE_ERROR apple_digest_error: NONE: not usable

The profile I am using works fine on other platforms (Android).
I have tried reboots, uninstall/reinstall and the like.

iOS version 9.3.1
OpenVPN version 1.0.7 build 199

Full error log shown below

Anyone have any idea what this error message means and how to resolve it?

Thanks

----- OpenVPN Start -----
OpenVPN core 3.0.11 ios arm64 64-bit built on Apr 15 2016 14:13:50
2016-06-06 19:39:17 Frame=512/2048/512 mssfix-ctrl=1250
2016-06-06 19:39:17 UNUSED OPTIONS
0 [setenv] [FORWARD_COMPATIBLE] [1]
6 [nobind]
7 [persist-key]
8 [persist-tun]
12 [verb] [3]
16 [sndbuf] [100000]
17 [rcvbuf] [100000]

2016-06-06 19:39:17 EVENT: CORE_ERROR apple_digest_error: NONE: not usable [ERR]
2016-06-06 19:39:17 Raw stats on disconnect:
2016-06-06 19:39:17 Performance stats on disconnect:
CPU usage (microseconds): 18312
Network bytes per CPU second: 0
Tunnel bytes per CPU second: 0
2016-06-06 19:39:17 EVENT: DISCONNECT_PENDING
2016-06-06 19:39:17 ----- OpenVPN Stop -----

[TinCanTech]

Please post your client configuration file.

[thufir]

ovpn config file (with keys removed):

setenv FORWARD_COMPATIBLE 1
client
push-peer-info
server-poll-timeout 5
dev tun
dev-type tun
nobind
persist-key
persist-tun
auth-user-pass
ns-cert-type server
comp-lzo no

verb 3

cipher none
auth none

reneg-sec 0
sndbuf 100000
rcvbuf 100000

key-direction 1

remote ca-tor-1-ne.isvpn.net 161 udp
remote ca-tor-1-ne.isvpn.net 8080 udp
remote ca-tor-1-ne.isvpn.net 8080 tcp
remote ca-tor-1-ne.isvpn.net 161 tcp

[tomcatcw]

Hi,

with Version 1.0.6 everything worked fine. After update to 1.0.7 got the same issue.

Plz help.

[TinCanTech]

auth none

This is the cause of the problem ..

cipher none

This may also cause further problem ..

I suggest you also contact your VPN service provider for further help.

[tomcatcw]

Hi,

I am the VPN-Service Provider I have a Pfsense Firewall with VPN configured and a static public IP. Everything worked fine with Version 1.0.5 OpenVPN. With Version 1.0.7 I got the errors above.

There are some other threads with similar Problems. So I guess Version 1.0.7 is a bit buggy, isn't it.

greetings.

[TinCanTech]

As far as I understand, Apple have decided that the security settings you have chosen are not sufficient .. so --auth none will not work. The default --auth for openvpn is SHA1 .. try that.

I am the VPN-Service Provider

you own the domain ca-tor-1-ne.isvpn.net ?

[thufir]

I found an alternate profile for the same site that has:

cipher AES-256-CBC
auth SHA256

and I can now connect with iPad. Thanks!

[jamesyonan]

There's a known issue with 1.0.7 where if you specify auth none and also tls-auth in your client profile, you will get this error:

apple_digest_error: NONE: not usable

This occurs because tls-auth needs an auth digest, but none was specified. There's a straightforward fix: just remove the tls-auth directive, since it can't be enabled anyway unless you have a non-none auth directive.

James