OpenVPN Client on Iphone

Official client software for OpenVPN Access Server and OpenVPN Cloud.
ahmadalkhraisha
OpenVpn Newbie
Posts: 2
Joined: Mon Mar 26, 2018 6:20 pm

OpenVPN Client on Iphone

Post by ahmadalkhraisha » Mon Mar 26, 2018 6:32 pm

Hello friends,

Hope all in good health.

I have problem with openvpn connect app on iphone, when I connect to the server it give me pausing ( network is unavailable) then disconnect and try connect again then the same message (every 2 seconds).

I have tested the vpn connection on many android smartphones. no problem at all, this case just with iphone even i tested with another iphone, but with the same problem.

My OpenVpn server is on Grandstream GWN7000. these configuration are used:

Server mode: User Auth ( also I tried ssl , same problem)
Protocol: udp
Port: 1194
Encryption Algorithm:BF-CBC
Digest Algorithm: SHA1

the ovpn config file like this :

Code: Select all

client
dev tun
proto udp
remote 213.6.48.90 1194
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
auth-user-pass
comp-lzo
reneg-sec 0
verb 3

<ca>
-----BEGIN CERTIFICATE-----
* Removed *
-----END CERTIFICATE-----
</ca>

The event log from the iphone:

Image

*P.S. On wifi the connection hold 5 minutes then get down. but the main problem with 3G it disconnecting continuously once it connect.

In attachment the logs.

Please advise where is the problem.

With all my respect,

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN Client on Iphone

Post by TinCanTech » Mon Mar 26, 2018 8:08 pm

You posted your server CA.crt and your public IP address .. so consider that your current CA is compromised.
You should create a new one from scratch.

To diagnose the problem take a look at your server logs for errors.

ahmadalkhraisha
OpenVpn Newbie
Posts: 2
Joined: Mon Mar 26, 2018 6:20 pm

Re: OpenVPN Client on Iphone

Post by ahmadalkhraisha » Tue Mar 27, 2018 6:43 pm

Hello TinaCanTech,

Thank you for answering,

Please note that the IP address and CA are in testing enviroment so don't worry. I need just to understand where is the problem with the attached logs above.

apastor
OpenVpn Newbie
Posts: 12
Joined: Wed May 02, 2018 3:54 pm

Re: OpenVPN Client on Iphone

Post by apastor » Wed May 02, 2018 4:08 pm

Have same issue.

Running two instances of OpenVPN server. Identical configuration but for one using TCP transport, UDP for the other. TCP works flawlessly. UDP keeps connecting and disconnecting every 1-2 seconds while the app reports "Connecting", then "Connected" following immediately with "Pausing (network is unavailable)" just to start over again.

This has to be an iOS issue with the OpenVPN Client app.

Used to work great. Not sure when it broke, if either with an 11.x iOS upgrade or with an OpenVPN client upgrade. UDP is my backup in case TCP is blocked so I'd really appreciate if someone can shed some light into this.

Client logs don't show anything useful:
<timestamp> EVENT: CONNECTED <details>
<timestamp> NIP: iOS reported network status unavailable <--- THIS IS THE ISSUE!!
<timestamp> OS Event: NET UNAVAILABLE (PAUSE): Internet:ReachableViaWWAN/WR tc-----
<timestamp> NIP: iOS reported network status available
<timestamp> OS Event: NET UNAVAILABLE (RESUME): Internet:ReachableViaWWAN/WR t------ allow=1

Server logs show connects and drops.

Before anyone suggests the obvious, already tried it all short of using a different device with older iOS and OpenVPN client (will try at some point).

Thanks!

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN Client on Iphone

Post by TinCanTech » Wed May 02, 2018 4:50 pm

TinCanTech wrote:
Mon Mar 26, 2018 8:08 pm
To diagnose the problem take a look at your server logs for errors
apastor wrote:
Wed May 02, 2018 4:08 pm
Server logs show connects and drops
And what else ?

apastor
OpenVpn Newbie
Posts: 12
Joined: Wed May 02, 2018 3:54 pm

Re: OpenVPN Client on Iphone

Post by apastor » Wed May 02, 2018 7:50 pm

TinCanTech wrote:
Wed May 02, 2018 4:50 pm
And what else ?
Well... you piqued my interest.

Nothing else.

I set verb to 15 on the server. Restarted and tried to connect.

On TCP it works, and it logs and entry per client as in:
<virt-ip><hostname><real-ip><timestamp>

On UDP... nothing.
Max bcast/mcast queue length,0

I can imagine the bloody thing is receiving UDP packages as if I kill the server process it never connects. So client and server are UDP-ing each other, but the server doesn't log a successful connection even though the client says it's connected.

Will keep trying to get more out of this shy server of mine. In the meantime, any other suggestion? I have the same behaviour on several iOS clients. Can't imagine it's only two of us with this issue.

apastor
OpenVpn Newbie
Posts: 12
Joined: Wed May 02, 2018 3:54 pm

Re: OpenVPN Client on Iphone

Post by apastor » Wed May 02, 2018 8:21 pm

Yeah... misery loves company.

https://forum.lede-project.org/t/openvp ... phone/2484

Where would the iOS client code react to ReachableViaWWAN changes?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN Client on Iphone

Post by TinCanTech » Wed May 02, 2018 9:02 pm

apastor wrote:
Wed May 02, 2018 7:50 pm
TinCanTech wrote:
Wed May 02, 2018 4:50 pm
And what else ?
Well... you piqued my interest.

Nothing else.

I set verb to 15 on the server. Restarted and tried to connect.

On TCP it works, and it logs and entry per client as in:
<virt-ip><hostname><real-ip><timestamp>

On UDP... nothing.
Please set --verb 4 in your server and try again .. then please post the complete log showing the client connecting and disconnecting.

apastor wrote:
Wed May 02, 2018 8:21 pm
Yeah... misery loves company.

https://forum.lede-project.org/t/openvp ... phone/2484

Where would the iOS client code react to ReachableViaWWAN changes?
Maybe it is an LEDE thing ..

apastor
OpenVpn Newbie
Posts: 12
Joined: Wed May 02, 2018 3:54 pm

Re: OpenVPN Client on Iphone

Post by apastor » Thu May 03, 2018 3:29 pm

TinCanTech wrote:
Wed May 02, 2018 9:02 pm

Maybe it is an LEDE thing ..
Doubt it. It used to work. The OpenVPN server is running on an old OpenWRT installation that has not changed in a while. (I know... it probably has security holes a Mac truck can go through, TLS 1.0 to begin with... planning to rebuild it soon).

Trying to find time to test and will post any additional details I can find. I don't know if I will get anything else out of the server which, as you mention, is an LEDE thing so it is compiled to be minimal footprint and probably that meant taking logging out.

However... since it used to work and the server hasn't changed in ages... I'm not convinced the server will put light on the subject. This smells like an issue w/the OpenVPN client on iOS, probably when using cellular networking (not WiFi).

apastor
OpenVpn Newbie
Posts: 12
Joined: Wed May 02, 2018 3:54 pm

Re: OpenVPN Client on Iphone

Post by apastor » Fri May 04, 2018 2:55 am

TinCanTech wrote:
Wed May 02, 2018 4:50 pm
And what else ?
Alright. Got more details for you.

This issue doesn't happen at all with TCP, regardless if iOS is using WiFi or cellular. UDP works if on WiFi (at home at least - have to find a friendly WiFi network out there that I trust and doesn't block UDP - guess I'll have to show up at a friend's with some beer). UDP does not work on cellular.

It's not a port problem either. Created a new instance on a different port and have the same issue.

I don't think its firewall or NAT related, as server sees the client and establishes the connection.

The server is oblivious to the problem. Log excerpts (removed all information I'd consider personal... not thinking it too much so if some IP's don't make sense that's my editing fault, not the server or the config):

STARTUP

Code: Select all

Thu May  3 21:34:50 2018 us=175343 OpenVPN 2.3.6 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jul 25 2015
Thu May  3 21:34:50 2018 us=184445 library versions: OpenSSL 1.0.2f  28 Jan 2016, LZO 2.08
Thu May  3 21:34:50 2018 us=222655 Diffie-Hellman initialized with 2048 bit key
Thu May  3 21:34:50 2018 us=232857 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu May  3 21:34:50 2018 us=240772 Socket Buffers: R=[163840->131072] S=[163840->131072]
Thu May  3 21:34:50 2018 us=248853 TUN/TAP device tun0 opened
Thu May  3 21:34:50 2018 us=272664 TUN/TAP TX queue length set to 100
Thu May  3 21:34:50 2018 us=283027 do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
Thu May  3 21:34:50 2018 us=294908 /sbin/ifconfig tun0 <local IP> netmask 255.255.255.128 mtu 1500 broadcast <local mask>
Thu May  3 21:34:50 2018 us=346935 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Thu May  3 21:34:50 2018 us=382127 GID set to nogroup
Thu May  3 21:34:50 2018 us=396928 UID set to nobody
Thu May  3 21:34:50 2018 us=416783 UDPv4 link local (bound): [undef]
Thu May  3 21:34:50 2018 us=434152 UDPv4 link remote: [undef]
Thu May  3 21:34:50 2018 us=448532 MULTI: multi_init called, r=256 v=256
Thu May  3 21:34:50 2018 us=456239 IFCONFIG POOL: base=<local IP base> size=124, ipv6=0
Thu May  3 21:34:50 2018 us=463754 Initialization Sequence Completed
On WiFi, 1st connection (successful)

Code: Select all

Thu May  3 22:03:24 2018 us=71422 MULTI: multi_create_instance called
Thu May  3 22:03:24 2018 us=76937 <WiFi IP>:50214 Re-using SSL/TLS context
Thu May  3 22:03:24 2018 us=81827 <WiFi IP>:50214 LZO compression initialized
Thu May  3 22:03:24 2018 us=87549 <WiFi IP>:50214 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu May  3 22:03:24 2018 us=92395 <WiFi IP>:50214 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Thu May  3 22:03:24 2018 us=97327 <WiFi IP>:50214 TLS: Initial packet from [AF_INET]<gateway IP>:50214, sid=843ed6 762d7b
Thu May  3 22:03:25 2018 us=454797 <WiFi IP>:50214 VERIFY OK: <CA Details>
Thu May  3 22:03:25 2018 us=464522 <WiFi IP>:50214 VERIFY OK: <Cert Details>
Thu May  3 22:03:26 2018 us=233030 <WiFi IP>:50214 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu May  3 22:03:26 2018 us=238433 <WiFi IP>:50214 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu May  3 22:03:26 2018 us=243482 <WiFi IP>:50214 NOTE: --mute triggered...
Thu May  3 22:03:26 2018 us=254498 <WiFi IP>:50214 3 variation(s) on previous 5 message(s) suppressed by --mute
Thu May  3 22:03:26 2018 us=259742 <WiFi IP>:50214 [iPhone] Peer Connection Initiated with [AF_INET]<gateway IP>:50214
Thu May  3 22:03:26 2018 us=264720 iPhone/<WiFi IP>:50214 MULTI_sva: pool returned IPv4=<Device IP>, IPv6=(Not enabled)
Thu May  3 22:03:26 2018 us=269984 iPhone/<WiFi IP>:50214 MULTI: Learn: <Device IP> -> iPhone/<WiFi IP>:50214
Thu May  3 22:03:26 2018 us=274800 iPhone/<WiFi IP>:50214 MULTI: primary virtual IP for iPhone/<WiFi IP>:50214: <Device IP>
Thu May  3 22:03:26 2018 us=279931 iPhone/<WiFi IP>:50214 PUSH: Received control message: 'PUSH_REQUEST'
Thu May  3 22:03:26 2018 us=284752 iPhone/<WiFi IP>:50214 send_push_reply(): safe_cap=940
Thu May  3 22:03:26 2018 us=290084 iPhone/<WiFi IP>:50214 SENT CONTROL [iPhone]: 'PUSH_REPLY,comp-lzo yes,persist-key,persist-tun,topology subnet,route-gateway dhcp,route 0.0.0.0 128.0.0.0,route 128.0.0.0 128.0.0.0,dhcp-option DNS <Server IP>,route-gateway <Gateway IP>,topology subnet,ping 10,ping-restart 120,ifconfig <Device IP> 255.255.255.128' (status=1)
Thu May  3 22:04:06 2018 us=365857 iPhone/<gateway IP>:50214 IP packet with unknown IP version=2 seen
Disconnect client, disconnect from WiFi (go cellular), connect again

Code: Select all

Thu May  3 22:04:16 2018 us=547680 MULTI: multi_create_instance called
Thu May  3 22:04:16 2018 us=554946 <Cell IP>:60634 Re-using SSL/TLS context
Thu May  3 22:04:16 2018 us=559844 <Cell IP>:60634 LZO compression initialized
Thu May  3 22:04:16 2018 us=565404 <Cell IP>:60634 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu May  3 22:04:16 2018 us=570201 <Cell IP>:60634 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Thu May  3 22:04:16 2018 us=575106 <Cell IP>:60634 TLS: Initial packet from [AF_INET]<Cell IP>:60634, sid=695a6bfa 5019477d
Thu May  3 22:04:17 2018 us=921674 <Cell IP>:60634 VERIFY OK: <CA>
Thu May  3 22:04:17 2018 us=931321 <Cell IP>:60634 VERIFY OK: <CERT>
Thu May  3 22:04:18 2018 us=333886 <Cell IP>:60634 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu May  3 22:04:18 2018 us=339095 <Cell IP>:60634 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu May  3 22:04:18 2018 us=344279 <Cell IP>:60634 NOTE: --mute triggered...
Thu May  3 22:04:18 2018 us=382991 <Cell IP>:60634 3 variation(s) on previous 5 message(s) suppressed by --mute
Thu May  3 22:04:18 2018 us=388165 <Cell IP>:60634 [iPhone] Peer Connection Initiated with [AF_INET]<Cell IP>:60634
Thu May  3 22:04:18 2018 us=394527 MULTI: new connection by client 'iPhone' will cause previous active sessions by this client to be dropped.  Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Thu May  3 22:04:18 2018 us=399342 MULTI_sva: pool returned IPv4=<Device IP>, IPv6=(Not enabled)
Thu May  3 22:04:18 2018 us=404558 MULTI: Learn: <Device IP> -> iPhone/<Cell IP>:60634
Thu May  3 22:04:18 2018 us=409362 MULTI: primary virtual IP for iPhone/<Cell IP>:60634: <Device IP>
Thu May  3 22:04:18 2018 us=414489 iPhone/<Cell IP>:60634 PUSH: Received control message: 'PUSH_REQUEST'
Thu May  3 22:04:18 2018 us=419306 iPhone/<Cell IP>:60634 send_push_reply(): safe_cap=940
Thu May  3 22:04:18 2018 us=424638 iPhone/<Cell IP>:60634 SENT CONTROL [iPhone]: 'PUSH_REPLY,comp-lzo yes,persist-key,persist-tun,topology subnet,route-gateway dhcp,route 0.0.0.0 128.0.0.0,route 128.0.0.0 128.0.0.0,dhcp-option DNS <Server IP>,route-gateway <Gateway IP>,topology subnet,ping 10,ping-restart 120,ifconfig <Device IP> 255.255.255.128' (status=1)
Thu May  3 22:04:19 2018 us=363700 iPhone/<Cell IP>:60634 IP packet with unknown IP version=2 seen
          ------>>>> NOTE: HERE HAPPENS THE CLIENT DISCONNECT AND RECONNECTION ATTEMPT... NOTHING SHOWS IN LOG... NEW CONNECTION STARTS BELOW <<<<<------
Thu May  3 22:04:24 2018 us=518110 MULTI: multi_create_instance called
Thu May  3 22:04:24 2018 us=523653 <Cell IP>:65186 Re-using SSL/TLS context
          ------>>>> NOTE: LOG REPEATS AS FROM LINE "Thu May  3 22:04:16 2018 us=559844" ABOVE <<<<<-----
So... the server is clueless of the iOS client having any issues. It just sees a new connection request every 5 seconds (and complains that session was already taken by client so old one will be lost - as per my config).

Problem is the iOS client or iOS itself. Once UDP connects, iOS is sensing WWAN unavailable. This causes the iOS client to drop the connection and reconnect. On WiFi there is no WWAN unavailable notification so connection is not dropped and it works.

Any suggestions?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN Client on Iphone

Post by TinCanTech » Fri May 04, 2018 11:57 am

Thanks for posting your server log.
apastor wrote:
Fri May 04, 2018 2:55 am
Thu May 3 22:03:26 2018 us=290084 iPhone/<WiFi IP>:50214 SENT CONTROL [iPhone]: 'PUSH_REPLY,comp-lzo yes,persist-key,persist-tun,topology subnet,route-gateway dhcp,route 0.0.0.0 128.0.0.0,route 128.0.0.0 128.0.0.0,dhcp-option DNS <Server IP>,route-gateway <Gateway IP>,topology subnet,ping 10,ping-restart 120,ifconfig <Device IP> 255.255.255.128' (status=1)
Thu May 3 22:04:06 2018 us=365857 iPhone/<gateway IP>:50214 IP packet with unknown IP version=2 seen
I am not 100% sure but I believe this is caused when using upto date and really old openvpn versions at either end.

Your server is quite old:
apastor wrote:
Fri May 04, 2018 2:55 am
OpenVPN 2.3.6 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jul 25 2015
library versions: OpenSSL 1.0.2f 28 Jan 2016, LZO 2.08
This is problem:
apastor wrote:
Wed May 02, 2018 4:08 pm
Client logs don't show anything useful:
<timestamp> EVENT: CONNECTED <details>
<timestamp> NIP: iOS reported network status unavailable <--- THIS IS THE ISSUE!!
<timestamp> OS Event: NET UNAVAILABLE (PAUSE): Internet:ReachableViaWWAN/WR tc-----
<timestamp> NIP: iOS reported network status available
<timestamp> OS Event: NET UNAVAILABLE (RESUME): Internet:ReachableViaWWAN/WR t------ allow=1
Why does iOS report network status unavailable ?

I would try :
  • Another phone, perhaps that phone has a hardware fault ?
    Another cellular network, maybe ask a friend to help ..
    Contact your cellular provider for technical support, have them confirm the problem.
I do not believe there is anything openvpn can do to help.

apastor
OpenVpn Newbie
Posts: 12
Joined: Wed May 02, 2018 3:54 pm

Re: OpenVPN Client on Iphone

Post by apastor » Fri May 04, 2018 2:34 pm

Hi again!
TinCanTech wrote:
Fri May 04, 2018 11:57 am
Thanks for posting your server log.
You're welcome.
TinCanTech wrote:
Fri May 04, 2018 11:57 am
I am not 100% sure but I believe this is caused when using upto date and really old openvpn versions at either end.
Your server is quite old.
Yes... borders ancient. I had some unfounded hopes upgrading it might help, but I've been convinced this is a client-side issue for a while. The LEDE link I posted above dashed any hopes. It's a ton of work to rebuild this "server" so I'd rather take it slowly and not rush it to see if UDP works. I will upgrade it to close network vulnerabilities, but not in a hurry (only port exposed to the public are OpenVPN ones).
TinCanTech wrote:
Fri May 04, 2018 11:57 am
This is problem:
...
<timestamp> NIP: iOS reported network status unavailable <--- THIS IS THE ISSUE!!
...
Why does iOS report network status unavailable ?
Violently agree with you.


I would try :
TinCanTech wrote:
Fri May 04, 2018 11:57 am
  • Another phone, perhaps that phone has a hardware fault ?
Done. iPad, second iPhone... all crap out the same way.
TinCanTech wrote:
Fri May 04, 2018 11:57 am
Another cellular network, maybe ask a friend to help ..
Hadn't thought of that. I'll see if I can borrow a SIM card for a minute.
TinCanTech wrote:
Fri May 04, 2018 11:57 am
Contact your cellular provider for technical support, have them confirm the problem.[/list]
Just trying to explain this to my carried might require the same amount of effort put into designing the Falcon Heavy program and not sure they would give a squirrel's nut about it.
TinCanTech wrote:
Fri May 04, 2018 11:57 am
I do not believe there is anything openvpn can do to help.
Well... if you happen to be able to look at the code or know someone that can... maybe there's some bug on how the iOS client is registering for notifications from the OS. It's a feeble hope, but I can dream. After all (as you can see from the old version I'm running), when I say it used to work, you have to give me the benefit of the doubt at least.

Thank you for your time.

Cheers!

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN Client on Iphone

Post by TinCanTech » Fri May 04, 2018 3:11 pm

apastor wrote:
Fri May 04, 2018 2:34 pm
TinCanTech wrote:
Fri May 04, 2018 11:57 am
I am not 100% sure but I believe this is caused when using upto date and really old openvpn versions at either end.
Your server is quite old.
Yes... borders ancient. I had some unfounded hopes upgrading it might help, but I've been convinced this is a client-side issue for a while. The LEDE link I posted above dashed any hopes. It's a ton of work to rebuild this "server" so I'd rather take it slowly and not rush it to see if UDP works. I will upgrade it to close network vulnerabilities, but not in a hurry (only port exposed to the public are OpenVPN ones).
I don't think this is releated to your real problem because it is the server end .. just a heads up ;)

apastor wrote:
Fri May 04, 2018 2:34 pm
TinCanTech wrote:
Fri May 04, 2018 11:57 am
This is problem:
...
<timestamp> NIP: iOS reported network status unavailable <--- THIS IS THE ISSUE!!
...
Why does iOS report network status unavailable ?
Violently agree with you.


I would try :
TinCanTech wrote:
Fri May 04, 2018 11:57 am
  • Another phone, perhaps that phone has a hardware fault ?
Done. iPad, second iPhone... all crap out the same way.
Sounds very much like the carrier does not like UDP or blocks a port or something ..
apastor wrote:
Fri May 04, 2018 2:34 pm
TinCanTech wrote:
Fri May 04, 2018 11:57 am
Another cellular network, maybe ask a friend to help ..
Hadn't thought of that. I'll see if I can borrow a SIM card for a minute.
I think this is an important test to try and also with multiple devices.
apastor wrote:
Fri May 04, 2018 2:34 pm
TinCanTech wrote:
Fri May 04, 2018 11:57 am
Contact your cellular provider for technical support, have them confirm the problem.[/list]
Just trying to explain this to my carried might require the same amount of effort put into designing the Falcon Heavy program and not sure they would give a squirrel's nut about it.
They may at least be able to confirm if they allow UDP or something along those lines ..
apastor wrote:
Fri May 04, 2018 2:34 pm
TinCanTech wrote:
Fri May 04, 2018 11:57 am
I do not believe there is anything openvpn can do to help.
Well... if you happen to be able to look at the code or know someone that can... maybe there's some bug on how the iOS client is registering for notifications from the OS. It's a feeble hope, but I can dream. After all (as you can see from the old version I'm running), when I say it used to work, you have to give me the benefit of the doubt at least.

Thank you for your time.

Cheers!
All I am saying is you are the only person to clearly report such a problem so I suspect it is not openvpn at fault but something else.

apastor
OpenVpn Newbie
Posts: 12
Joined: Wed May 02, 2018 3:54 pm

Re: OpenVPN Client on Iphone

Post by apastor » Mon May 07, 2018 6:21 pm

Thank you for your notes.

Most important: I have experienced the same issue on WiFi now that I've been testing over & over again. It is less frequent (or it gets stay connected some times after a couple reconnects that I had not noticed before) but it does happen while on WiFi on same WiFi network than the router.
TinCanTech wrote:
Fri May 04, 2018 3:11 pm
I would try :
  • Another phone, perhaps that phone has a hardware fault ?
Tried with a couple more Apple devices. Same thing. I have a stone age Android tablet... it doesn't do cellular but now that I see the issue on WiFi too, will test on it if I get it to boot.
TinCanTech wrote:
Fri May 04, 2018 3:11 pm
Another cellular network, maybe ask a friend to help ..
Got a SIM from a different provider that hates my provider with passion (to ensure no shared infrastructure is in place). Same thing.
TinCanTech wrote:
Fri May 04, 2018 3:11 pm
Contact your cellular provider for technical support, have them confirm the problem.[/list]
Asked my carrier if they block or filter UDP. They strongly condemned the idea in views of net neutrality. Couldn't get anything else out of them.
TinCanTech wrote:
Fri May 04, 2018 3:11 pm
All I am saying is you are the only person to clearly report such a problem so I suspect it is not openvpn at fault but something else.
I'm a bit more stubborn than most. I could've thrown the towel in when you asked for server logs. The person opening this thread seems to have done so. I've found a couple similar threads here & there and since TCP is a workaround that seems to make people drop the issue. I have a valid use case when I need UDP so I still hope this is an issue with the client app that can be fixed.

It used to work with an older iOS version and older OpenVPN client app...

Cheers!

apastor
OpenVpn Newbie
Posts: 12
Joined: Wed May 02, 2018 3:54 pm

Re: OpenVPN Client on Iphone

Post by apastor » Thu May 10, 2018 1:19 pm

Tested w/an android tablet on WiFi. Works.

I don't think I'm making this up. Can anyone confirm that an iOS client (specify version) running on iOS 11.x can connect via UDP to any port? Please?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN Client on Iphone

Post by TinCanTech » Thu May 10, 2018 1:46 pm

ahmadalkhraisha wrote:
Mon Mar 26, 2018 6:32 pm
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
Please remove these from your client config and try again.

apastor
OpenVpn Newbie
Posts: 12
Joined: Wed May 02, 2018 3:54 pm

Re: OpenVPN Client on Iphone

Post by apastor » Thu May 10, 2018 3:06 pm

You are looking at the original config posted by ahmadalkhraisha.

I don't have:
- tun-mtu
- tun-mtu-extra
- mssfix

Do have persist-key and persist-tun. I can try take them out but honestly don't have much hopes in it.

I stand by my challenge... anyone can confirm, iOS 11.x and Client App latest version, working on UDP?

Cheers!

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN Client on Iphone

Post by TinCanTech » Thu May 10, 2018 4:21 pm

apastor wrote:
Thu May 10, 2018 3:06 pm
You are looking at the original config posted by ahmadalkhraisha.

I don't have:
Well, that is what happens when you don't start your own thread ..

apastor
OpenVpn Newbie
Posts: 12
Joined: Wed May 02, 2018 3:54 pm

Re: OpenVPN Client on Iphone

Post by apastor » Thu May 10, 2018 6:19 pm

TinCanTech wrote:
Thu May 10, 2018 4:21 pm
Well, that is what happens when you don't start your own thread ..
Agree, apologies.

We both have the same problem though. Same client log, same issue...

Monkeydo
OpenVpn Newbie
Posts: 2
Joined: Sun Jun 24, 2018 4:47 am

Re: OpenVPN Client on Iphone

Post by Monkeydo » Sun Jun 24, 2018 4:56 am

apastor wrote:
Thu May 10, 2018 1:19 pm
Tested w/an android tablet on WiFi. Works.

I don't think I'm making this up. Can anyone confirm that an iOS client (specify version) running on iOS 11.x can connect via UDP to any port? Please?
Confirming iOS 11.4 w/ OpenVPN Connect 1.2.9 CANNOT connect via UDP. I have the same issue.
I have more details, just let me know which thread you want me to post to, this OPs or your thread.

And yes I registered to reply only, but thanks to this thread, I switched to TCP only instead of Adaptive.

Post Reply