Page 1 of 1

topology subnet does not work

Posted: Wed Mar 08, 2017 9:06 am
by chriscde
I am trying to get the VPN working on mobile devices in my company, and i stumbled upon a problem.
We are using the Iphone app OpenVPN Connect.
The problem is that when i try to connect (using the same configuration as on PC, i get this error:

2017-03-07 11:20:06 ----- OpenVPN Start -----
OpenVPN core 3.1.2 ios arm64 64-bit built on Dec 5 2016 12:50:25
2017-03-07 11:20:06 Frame=512/2048/512 mssfix-ctrl=1250
2017-03-07 11:20:06 UNUSED OPTIONS
2 [topology] [subnet]
3 [link-mtu] [1472]
4 [mssfix] [1472]
5 [tls-client]
6 [pull]
9 [verify-x509-name] [C=DE, ST=Bayern, L=Pfaffenhofen, O=exentra GmbH, CN=vpn.exentra....]
10 [resolv-retry] [infinite]
11 [nobind]
17 [push] [topology subnet]
18 [script-security] [2]
19 [verb] [3]

2017-03-07 11:20:06 EVENT: RESOLVE
2017-03-07 11:20:07 Contacting via UDP
2017-03-07 11:20:07 EVENT: WAIT
2017-03-07 11:20:07 SetTunnelSocket returned 1
2017-03-07 11:20:07 Connecting to []:1194 ( via UDPv4
2017-03-07 11:20:07 EVENT: CONNECTING
2017-03-07 11:20:07 Tunnel Options:V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client
2017-03-07 11:20:07 Creds: UsernameEmpty/PasswordEmpty
2017-03-07 11:20:07 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.1.1-212

2017-03-07 11:20:07 NET Internet:ReachableViaWWAN/WR t------
2017-03-07 11:20:07 VERIFY OK: depth=1
cert. version : 3
serial number : 01
issuer name : C=DE, ST=Bayern, L=Pfaffenhofen, O=exentra GmbH,,
subject name : C=DE, ST=Bayern, L=Pfaffenhofen, O=exentra GmbH,,
issued on : 2013-03-05 00:00:00
expires on : 2021-03-04 23:59:59
signed using : RSA with SHA1
RSA key size : 2048 bits
basic constraints : CA=true

2017-03-07 11:20:07 VERIFY OK: depth=0
cert. version : 3
serial number : 11
issuer name : C=DE, ST=Bayern, L=Pfaffenhofen, O=exentra GmbH,,
subject name : C=DE, ST=Bayern, L=Pfaffenhofen, O=exentra GmbH,,
issued on : 2016-03-07 00:00:00
expires on : 2018-03-06 23:59:59
signed using : RSA with SHA1
RSA key size : 2048 bits
basic constraints : CA=false

2017-03-07 11:20:08 SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA
2017-03-07 11:20:08 Session is ACTIVE
2017-03-07 11:20:08 EVENT: GET_CONFIG
2017-03-07 11:20:08 Sending PUSH_REQUEST to server...
2017-03-07 11:20:08 OPTIONS:
0 [route-gateway] []
1 [route] [] []
2 [route] [] []
3 [route] [] []
4 [route] [remote_host] [] [net_gateway]
5 [route] [] []
6 [ping] [3]
7 [ping-restart] [12]
8 [ifconfig] [] []

2017-03-07 11:20:08 PROTOCOL OPTIONS:
cipher: AES-256-CBC
digest: SHA1
compress: LZO
peer ID: -1
2017-03-07 11:20:08 EVENT: ASSIGN_IP
2017-03-07 11:20:08 TUN Error: tun_prop_error: ifconfig addresses are not in the same /30 subnet (topology net30)
2017-03-07 11:20:08 EVENT: TUN_SETUP_FAILED tun_prop_error: ifconfig addresses are not in the same /30 subnet (topology net30) [ERR]
2017-03-07 11:20:08 EVENT: DISCONNECTED
2017-03-07 11:20:08 Client exception in transport_recv: tun_exception: not connected
2017-03-07 11:20:08 Raw stats on disconnect:
BYTES_IN : 4163

BYTES_OUT : 3420
2017-03-07 11:20:08 Performance stats on disconnect:
CPU usage (microseconds): 214557
Network bytes per CPU second: 35342
Tunnel bytes per CPU second: 0
2017-03-07 11:20:08 EVENT: DISCONNECT_PENDING
2017-03-07 11:20:08 ----- OpenVPN Stop ——

Can anyone help me with that?

Best regards,

Re: topology subnet does not work

Posted: Wed Mar 08, 2017 1:00 pm
by TinCanTech
It would appear that the Iphone app OpenVPN Connect does not support --topology subnet ..

Re: topology subnet does not work

Posted: Sun Jul 30, 2017 9:41 am
by hggh
I also use the new topology mode subnet. In my client config I had "topology subnet" but this statement is ignored by the version 1.1.1.

But if you add push "topology subnet" to the client ccd it works with the OpenVPN Connect app.

It seems that the OpenVPN Connect App ignored the topology statement.