Additionally, here are the logs for the upgraded iOS app and successful connection
Client Log:
Code: Select all
----- OpenVPN Start -----
OpenVPN core 3.2 ios arm64 64-bit PT_PROXY built on Sep 4 2018 09:41:09
Frame=512/2048/512 mssfix-ctrl=1250
UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [user] [nobody]
7 [group] [nogroup]
8 [persist-key]
9 [persist-tun]
11 [tls-cipher] [TLS-DHE-RSA-WITH-AES-256-CBC-SHA]
15 [verb] [3]
18 [auth-nocache]
EVENT: RESOLVE
Contacting [X.X.X.X]:PORT/UDP via UDP
EVENT: WAIT
Connecting to [domain]:PORT (X.X.X.X) via UDPv4
EVENT: CONNECTING
Tunnel Options:V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client
Creds: StaticChallenge
Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 3.0.1-770
IV_VER=3.2
IV_PLAT=ios
IV_LZO=1
IV_LZO_SWAP=1
IV_LZ4=1
IV_COMP_STUB=1
VERIFY OK : depth=1
cert. version : X
serial number : XX:XX:XX:XX:XX:XX:XX:XX
issuer name : C=US, ST=Illinois, L=Chicago, O=Company, OU=DOMAIN, CN=domain.com, ??=Certificate Authority, emailAddress=email
subject name : C=US, ST=Illinois, L=Chicago, O=Comany, OU=DOMAIN, CN=domain.com, ??=Certificate Authority, emailAddress=email
issued on : 2018-06-27 16:51:02
expires on : 2028-06-24 16:51:02
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=true
VERIFY OK : depth=0
cert. version : 3
serial number : 01
issuer name : C=US, ST=Illinois, L=Chicago, O=Company, OU=DOMAIN, CN=domain.com, ??=DOMAIN Certificate Authority, emailAddress=email
subject name : C=US, ST=Illinois, L=Chicago, O=Company, OU=DOMAIN, CN=domain.com, ??=DOMAIN Server Cert, emailAddress=email
issued on : 2018-06-27 16:51:03
expires on : 2028-06-24 16:51:03
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=false
subject alt name : domain.com
cert. type : SSL Server
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication
SSL Handshake: TLSv1.2/TLS-DHE-RSA-WITH-AES-256-CBC-SHA
Session is ACTIVE
EVENT: GET_CONFIG
Sending PUSH_REQUEST to server...
OPTIONS:
0 [route] [X.X.X.X] [X.X.X.X]
1 [route] [X.X.X.X] [X.X.X.X]
2 [dhcp-option] [DNS] [X.X.X.X]
3 [dhcp-option] [DNS] [X.X.X.X]
4 [dhcp-option] [DNS] [X.X.X.X]
5 [compress] [lz4-v2]
6 [route] [X.X.X.X]
7 [topology] [net30]
8 [ping] [10]
9 [ping-restart] [120]
10 [ifconfig] [X.X.X.X] [X.X.X.X]
PROTOCOL OPTIONS:
cipher: AES-256-CBC
digest: SHA512
compress: LZ4v2
peer ID: -1
EVENT: ASSIGN_IP
NIP: preparing TUN network settings
NIP: init TUN network settings with endpoint: X.X.X.X
NIP: adding IPv4 address to network settings X.X.X.X/255.255.255.252
NIP: adding (included) IPv4 route X.X.X.X/30
NIP: adding (included) IPv4 route X.X.X.X/16
NIP: adding (included) IPv4 route X.X.X.X/16
NIP: adding (included) IPv4 route X.X.X.X/32
NIP: adding DNS X.X.X.X
NIP: adding DNS X.X.X.X
NIP: adding DNS X.X.X.X
NIP: adding match domain ALL
NIP: adding DNS specific routes:
NIP: adding (included) IPv4 route X.X.X.X/32
NIP: adding (included) IPv4 route X.X.X.X/32
NIP: adding (included) IPv4 route X.X.X.X/32
Connected via NetworkExtensionTUN
LZ4v2 init asym=0
EVENT: CONNECTED username@domain:PORT (X.X.X.X) via /UDPv4 on NetworkExtensionTUN/X.X.X.X/ gw=[/]
Server Log:
Code: Select all
X.X.X.X:46391 TLS: Initial packet from [AF_INET]X.X.X.X:46391, sid=dafac842 38ac4828
X.X.X.X:46391 VERIFY OK: depth=1, C=US, ST=Illinois, L=Chicago, O=Company, OU=DOMAIN, CN=domain.com, name=Certificate Authority, emailAddress=email
X.X.X.X:46391 VERIFY OK: depth=0, C=US, ST=Illinois, L=Chicago, O=Company, OU=DOMAIN, CN=domain, name=DOMAIN Client Cert, emailAddress=email
X.X.X.X:46391 peer info: IV_GUI_VER=net.openvpn.connect.ios_3.0.1-770
X.X.X.X:46391 peer info: IV_VER=3.2
X.X.X.X:46391 peer info: IV_PLAT=ios
X.X.X.X:46391 peer info: IV_LZO=1
X.X.X.X:46391 peer info: IV_LZO_SWAP=1
X.X.X.X:46391 peer info: IV_LZ4=1
X.X.X.X:46391 peer info: IV_COMP_STUB=1
X.X.X.X:46391 PLUGIN_CALL: POST /usr/lib/openvpn/openvpn-auth-ldap.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
X.X.X.X:46391 PLUGIN_CALL: POST /usr/lib/openvpn/openvpn-otp.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
X.X.X.X:46391 TLS: Username/Password authentication succeeded for username 'username'
X.X.X.X:46391 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
X.X.X.X:46391 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
X.X.X.X:46391 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
X.X.X.X:46391 Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
X.X.X.X:46391 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
X.X.X.X:46391 [domain] Peer Connection Initiated with [AF_INET]X.X.X.X:46391
domain/X.X.X.X:46391 MULTI_sva: pool returned IPv4=X.X.X.X, IPv6=(Not enabled)
domain/X.X.X.X:46391 PLUGIN_CALL: POST /usr/lib/openvpn/openvpn-auth-ldap.so/PLUGIN_CLIENT_CONNECT status=0
domain/X.X.X.X:46391 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_7d8594863b0dec8f3ffcd46312862a90.tmp
domain/X.X.X.X:46391 MULTI: Learn: X.X.X.X -> domain/X.X.X.X:46391
domain/X.X.X.X:46391 MULTI: primary virtual IP for domain/X.X.X.X:46391: X.X.X.X
domain/X.X.X.X:46391 PUSH: Received control message: 'PUSH_REQUEST'
domain/X.X.X.X:46391 SENT CONTROL [domain]: 'PUSH_REPLY,route X.X.X.X 255.255.0.0,route X.X.X.X 255.255.0.0,dhcp-option DNS X.X.X.X,dhcp-option DNS X.X.X.X,dhcp-option DNS X.X.X.X,compress lz4-v2,route X.X.X.X,topology net30,ping 10,ping-restart 120,ifconfig X.X.X.X X.X.X.X' (status=1)
domain/X.X.X.X:46391 SIGTERM[soft,remote-exit] received, client-instance exiting
PLUGIN_CALL: POST /usr/lib/openvpn/openvpn-auth-ldap.so/PLUGIN_CLIENT_DISCONNECT status=0
MANAGEMENT: Client connected from [AF_INET]X.X.X.X:PORT
EDITED FOR FORMATTING