I have Windows, OSX, and Android clients connecting to my VPN server. My iOS connected successfully, until I added tls-auth to my server.config. Now the iOS client throws an error: "static_key_parse_error."
iOS ver 10.3.3
OpenVPN 2.3.10
Ubuntu 16.04.3 LTS
Here's the client .ovpn, server.conf and error log:
iOS client
<ca>
-----BEGIN CERTIFICATE-----
......
-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 11 (0xb)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=, L=, O=, OU=, CN= CA/name=/emailAddress=
Validity
Not Before: Sep 4 20:54:50 2017 GMT
Not After : Sep 2 20:54:50 2027 GMT
Subject: C=, ST=, L=, O=, OU=, CN=/name=/emailAddress=
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
......
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
......
X509v3 Authority Key Identifier:
keyid:......
DirName:/C=/ST=/L=/O=/OU=/CN= CA/name=/emailAddress=
serial:
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:
Signature Algorithm: sha256WithRSAEncryption
......
-----BEGIN CERTIFICATE-----
......
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
......
-----END PRIVATE KEY-----
</key>
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
.....
-----END OpenVPN Static key V1-----
</tls-auth>
remote http://www.xxx.yyy.zzz 1194
comp-lzo
client
dev tun
redirect-gateway def1
remote-cert-tls server
cipher AES-128-CBC
auth SHA256
proto udp
resolv-retry infinite
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Set log file verbosity.
verb 4
mute 20
-----BEGIN CERTIFICATE-----
......
-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 11 (0xb)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=, L=, O=, OU=, CN= CA/name=/emailAddress=
Validity
Not Before: Sep 4 20:54:50 2017 GMT
Not After : Sep 2 20:54:50 2027 GMT
Subject: C=, ST=, L=, O=, OU=, CN=/name=/emailAddress=
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
......
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
......
X509v3 Authority Key Identifier:
keyid:......
DirName:/C=/ST=/L=/O=/OU=/CN= CA/name=/emailAddress=
serial:
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:
Signature Algorithm: sha256WithRSAEncryption
......
-----BEGIN CERTIFICATE-----
......
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
......
-----END PRIVATE KEY-----
</key>
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
.....
-----END OpenVPN Static key V1-----
</tls-auth>
remote http://www.xxx.yyy.zzz 1194
comp-lzo
client
dev tun
redirect-gateway def1
remote-cert-tls server
cipher AES-128-CBC
auth SHA256
proto udp
resolv-retry infinite
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Set log file verbosity.
verb 4
mute 20
server
# /etc/openvpn/server.conf
port 1194
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh4096.pem
tls-auth /etc/openvpn/keys/ta.key 0
key-direction 0
cipher AES-128-CBC
auth SHA256
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 4
user nobody
group nogroup
port 1194
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh4096.pem
tls-auth /etc/openvpn/keys/ta.key 0
key-direction 0
cipher AES-128-CBC
auth SHA256
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 4
user nobody
group nogroup
Error log
2017-09-04 14:00:41 ----- OpenVPN Start -----
OpenVPN core 3.1.2 ios arm64 64-bit built on Dec 5 2016 12:50:25
2017-09-04 14:00:41 Frame=512/2048/512 mssfix-ctrl=1250
2017-09-04 14:00:41 EVENT: CORE_ERROR static_key_parse_error [ERR]
2017-09-04 14:00:41 Raw stats on disconnect:
2017-09-04 14:00:41 Performance stats on disconnect:
CPU usage (microseconds): 11555
Network bytes per CPU second: 0
Tunnel bytes per CPU second: 0
2017-09-04 14:00:41 EVENT: DISCONNECT_PENDING
2017-09-04 14:00:41 ----- OpenVPN Stop -----
OpenVPN core 3.1.2 ios arm64 64-bit built on Dec 5 2016 12:50:25
2017-09-04 14:00:41 Frame=512/2048/512 mssfix-ctrl=1250
2017-09-04 14:00:41 EVENT: CORE_ERROR static_key_parse_error [ERR]
2017-09-04 14:00:41 Raw stats on disconnect:
2017-09-04 14:00:41 Performance stats on disconnect:
CPU usage (microseconds): 11555
Network bytes per CPU second: 0
Tunnel bytes per CPU second: 0
2017-09-04 14:00:41 EVENT: DISCONNECT_PENDING
2017-09-04 14:00:41 ----- OpenVPN Stop -----