Slow connection from iPhone
-
- OpenVPN User
- Posts: 24
- Joined: Thu Jul 02, 2015 6:52 pm
Slow connection from iPhone
When connecting back to my home server from my iPhone, everything is running really, really slow. So slow that the majority of web sites I try to connect to time-out. I'm fairly sure it's not a routing issue back on the server, because there are some sites I can connect to and I also don't have any rules that would differentiate between sites.
I can also confirm it's not a cell data speed issue, because if I hot-spot my iPad to the same phone and then connect via OpenVPN on the iPad, everything runs well. I can also run NordVPN from the phone without issues and also a Wireguard VPN back to my home server.
So, the only combination seeing the issue is running OpenVPN on the iPhone.
This is an iPhone Xs Max, iOS 14.6, running OpenVPN 3.2.3.(3760) connecting to a CentOS 7.9.2009 system running OpenVPN 2.4.11-1.el7.
Any ideas where I start to investigate/debug this.
Cheers.
I can also confirm it's not a cell data speed issue, because if I hot-spot my iPad to the same phone and then connect via OpenVPN on the iPad, everything runs well. I can also run NordVPN from the phone without issues and also a Wireguard VPN back to my home server.
So, the only combination seeing the issue is running OpenVPN on the iPhone.
This is an iPhone Xs Max, iOS 14.6, running OpenVPN 3.2.3.(3760) connecting to a CentOS 7.9.2009 system running OpenVPN 2.4.11-1.el7.
Any ideas where I start to investigate/debug this.
Cheers.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Slow connection from iPhone
Your home server ..
-
- OpenVPN User
- Posts: 24
- Joined: Thu Jul 02, 2015 6:52 pm
Re: Slow connection from iPhone
If that were the case, then running OpenVPN on the iPad connected to the hotspot on the iPhone would have the same issue. It doesn't.
Cheers.
Cheers.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
-
- OpenVPN User
- Posts: 24
- Joined: Thu Jul 02, 2015 6:52 pm
Re: Slow connection from iPhone
Here are the configs and logs:
dev tunrw
server 192.168.160.0 255.255.255.0
push "redirect-gateway def1"
ifconfig-pool-persist host-to-net.pool 0
# UDP server
port 1194
proto udp
topology subnet
client-connect /usr/libexec/nethserver/openvpn-connect
client-disconnect /usr/libexec/nethserver/openvpn-disconnect
script-security 3
float
multihome
dh /var/lib/nethserver/certs/dh1024.pem
ca /etc/pki/tls/certs/NSRV.crt
cert /etc/pki/tls/certs/NSRV.crt
key /etc/pki/tls/private/NSRV.key
crl-verify /var/lib/nethserver/certs/crl.pem
push "dhcp-option DOMAIN BogoLinux.net"
push "dhcp-option DNS 192.168.160.1"
push "dhcp-option WINS 192.168.160.1"
push "dhcp-option NBDD 192.168.160.1"
push "dhcp-option NBT 2"
push "route 192.168.0.0 255.255.255.0"
# Authentication: certificate
status /var/log/openvpn/host-to-net-status.log
log-append /var/log/openvpn/openvpn.log
passtos
keepalive 20 120
client-config-dir ccd
persist-key
persist-tun
management /var/spool/openvpn/host-to-net unix
verb 4
And
dev tun
client
remote MyDomain.net
port 1194
proto udp
explicit-exit-notify 1
float
# Authentication: certificate
<cert>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
</key>
<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>
verb 4
persist-key
persist-tun
nobind
passtos
Now the Server log:
And the Client log:
*** Update ***
I forgot to add, that the exact same configuration is pushed to the iPad where I don't see any issues.
Cheers.
Server Config
dev tunrw
server 192.168.160.0 255.255.255.0
push "redirect-gateway def1"
ifconfig-pool-persist host-to-net.pool 0
# UDP server
port 1194
proto udp
topology subnet
client-connect /usr/libexec/nethserver/openvpn-connect
client-disconnect /usr/libexec/nethserver/openvpn-disconnect
script-security 3
float
multihome
dh /var/lib/nethserver/certs/dh1024.pem
ca /etc/pki/tls/certs/NSRV.crt
cert /etc/pki/tls/certs/NSRV.crt
key /etc/pki/tls/private/NSRV.key
crl-verify /var/lib/nethserver/certs/crl.pem
push "dhcp-option DOMAIN BogoLinux.net"
push "dhcp-option DNS 192.168.160.1"
push "dhcp-option WINS 192.168.160.1"
push "dhcp-option NBDD 192.168.160.1"
push "dhcp-option NBT 2"
push "route 192.168.0.0 255.255.255.0"
# Authentication: certificate
status /var/log/openvpn/host-to-net-status.log
log-append /var/log/openvpn/openvpn.log
passtos
keepalive 20 120
client-config-dir ccd
persist-key
persist-tun
management /var/spool/openvpn/host-to-net unix
verb 4
And
Client Config
dev tun
client
remote MyDomain.net
port 1194
proto udp
explicit-exit-notify 1
float
# Authentication: certificate
<cert>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
</key>
<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>
verb 4
persist-key
persist-tun
nobind
passtos
Now the Server log:
Code: Select all
Sat Jun 12 13:24:38 2021 us=411976 Current Parameter Settings:
Sat Jun 12 13:24:38 2021 us=412053 config = 'host-to-net.conf'
Sat Jun 12 13:24:38 2021 us=412062 mode = 1
Sat Jun 12 13:24:38 2021 us=412069 persist_config = DISABLED
Sat Jun 12 13:24:38 2021 us=412075 persist_mode = 1
Sat Jun 12 13:24:38 2021 us=412081 show_ciphers = DISABLED
Sat Jun 12 13:24:38 2021 us=412086 show_digests = DISABLED
Sat Jun 12 13:24:38 2021 us=412092 show_engines = DISABLED
Sat Jun 12 13:24:38 2021 us=412098 genkey = DISABLED
Sat Jun 12 13:24:38 2021 us=412104 key_pass_file = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412109 show_tls_ciphers = DISABLED
Sat Jun 12 13:24:38 2021 us=412115 connect_retry_max = 0
Sat Jun 12 13:24:38 2021 us=412121 Connection profiles [0]:
Sat Jun 12 13:24:38 2021 us=412127 proto = udp
Sat Jun 12 13:24:38 2021 us=412141 local = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412148 local_port = '1194'
Sat Jun 12 13:24:38 2021 us=412154 remote = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412159 remote_port = '1194'
Sat Jun 12 13:24:38 2021 us=412165 remote_float = ENABLED
Sat Jun 12 13:24:38 2021 us=412171 bind_defined = DISABLED
Sat Jun 12 13:24:38 2021 us=412177 bind_local = ENABLED
Sat Jun 12 13:24:38 2021 us=412182 bind_ipv6_only = DISABLED
Sat Jun 12 13:24:38 2021 us=412188 connect_retry_seconds = 5
Sat Jun 12 13:24:38 2021 us=412194 connect_timeout = 120
Sat Jun 12 13:24:38 2021 us=412200 socks_proxy_server = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412206 socks_proxy_port = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412211 tun_mtu = 1500
Sat Jun 12 13:24:38 2021 us=412217 tun_mtu_defined = ENABLED
Sat Jun 12 13:24:38 2021 us=412223 link_mtu = 1500
Sat Jun 12 13:24:38 2021 us=412229 link_mtu_defined = DISABLED
Sat Jun 12 13:24:38 2021 us=412234 tun_mtu_extra = 0
Sat Jun 12 13:24:38 2021 us=412240 tun_mtu_extra_defined = DISABLED
Sat Jun 12 13:24:38 2021 us=412246 mtu_discover_type = -1
Sat Jun 12 13:24:38 2021 us=412252 fragment = 0
Sat Jun 12 13:24:38 2021 us=412257 mssfix = 1450
Sat Jun 12 13:24:38 2021 us=412263 explicit_exit_notification = 0
Sat Jun 12 13:24:38 2021 us=412269 Connection profiles END
Sat Jun 12 13:24:38 2021 us=412275 remote_random = DISABLED
Sat Jun 12 13:24:38 2021 us=412280 ipchange = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412286 dev = 'tunrw'
Sat Jun 12 13:24:38 2021 us=412292 dev_type = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412297 dev_node = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412303 lladdr = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412309 topology = 3
Sat Jun 12 13:24:38 2021 us=412314 ifconfig_local = '192.168.160.1'
Sat Jun 12 13:24:38 2021 us=412320 ifconfig_remote_netmask = '255.255.255.0'
Sat Jun 12 13:24:38 2021 us=412334 ifconfig_noexec = DISABLED
Sat Jun 12 13:24:38 2021 us=412340 ifconfig_nowarn = DISABLED
Sat Jun 12 13:24:38 2021 us=412346 ifconfig_ipv6_local = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412352 ifconfig_ipv6_netbits = 0
Sat Jun 12 13:24:38 2021 us=412358 ifconfig_ipv6_remote = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412364 shaper = 0
Sat Jun 12 13:24:38 2021 us=412369 mtu_test = 0
Sat Jun 12 13:24:38 2021 us=412375 mlock = DISABLED
Sat Jun 12 13:24:38 2021 us=412381 keepalive_ping = 20
Sat Jun 12 13:24:38 2021 us=412387 keepalive_timeout = 120
Sat Jun 12 13:24:38 2021 us=412392 inactivity_timeout = 0
Sat Jun 12 13:24:38 2021 us=412398 ping_send_timeout = 20
Sat Jun 12 13:24:38 2021 us=412404 ping_rec_timeout = 240
Sat Jun 12 13:24:38 2021 us=412410 ping_rec_timeout_action = 2
Sat Jun 12 13:24:38 2021 us=412416 ping_timer_remote = DISABLED
Sat Jun 12 13:24:38 2021 us=412422 remap_sigusr1 = 0
Sat Jun 12 13:24:38 2021 us=412428 persist_tun = ENABLED
Sat Jun 12 13:24:38 2021 us=412433 persist_local_ip = DISABLED
Sat Jun 12 13:24:38 2021 us=412439 persist_remote_ip = DISABLED
Sat Jun 12 13:24:38 2021 us=412445 persist_key = ENABLED
Sat Jun 12 13:24:38 2021 us=412451 passtos = ENABLED
Sat Jun 12 13:24:38 2021 us=412457 resolve_retry_seconds = 1000000000
Sat Jun 12 13:24:38 2021 us=412463 resolve_in_advance = DISABLED
Sat Jun 12 13:24:38 2021 us=412469 username = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412474 groupname = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412480 chroot_dir = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412486 cd_dir = '/etc/openvpn/'
Sat Jun 12 13:24:38 2021 us=412492 selinux_context = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412498 writepid = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412504 up_script = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412509 down_script = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412515 down_pre = DISABLED
Sat Jun 12 13:24:38 2021 us=412521 up_restart = DISABLED
Sat Jun 12 13:24:38 2021 us=412527 up_delay = DISABLED
Sat Jun 12 13:24:38 2021 us=412533 daemon = DISABLED
Sat Jun 12 13:24:38 2021 us=412538 inetd = 0
Sat Jun 12 13:24:38 2021 us=412544 log = ENABLED
Sat Jun 12 13:24:38 2021 us=412550 suppress_timestamps = DISABLED
Sat Jun 12 13:24:38 2021 us=412556 machine_readable_output = DISABLED
Sat Jun 12 13:24:38 2021 us=412561 nice = 0
Sat Jun 12 13:24:38 2021 us=412567 verbosity = 4
Sat Jun 12 13:24:38 2021 us=412573 mute = 0
Sat Jun 12 13:24:38 2021 us=412578 gremlin = 0
Sat Jun 12 13:24:38 2021 us=412584 status_file = '/var/log/openvpn/host-to-net-status.log'
Sat Jun 12 13:24:38 2021 us=412590 status_file_version = 1
Sat Jun 12 13:24:38 2021 us=412595 status_file_update_freq = 60
Sat Jun 12 13:24:38 2021 us=412601 occ = ENABLED
Sat Jun 12 13:24:38 2021 us=412607 rcvbuf = 0
Sat Jun 12 13:24:38 2021 us=412612 sndbuf = 0
Sat Jun 12 13:24:38 2021 us=412618 mark = 0
Sat Jun 12 13:24:38 2021 us=412624 sockflags = 1
Sat Jun 12 13:24:38 2021 us=412629 fast_io = DISABLED
Sat Jun 12 13:24:38 2021 us=412635 comp.alg = 0
Sat Jun 12 13:24:38 2021 us=412641 comp.flags = 0
Sat Jun 12 13:24:38 2021 us=412647 route_script = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412653 route_default_gateway = '192.168.160.2'
Sat Jun 12 13:24:38 2021 us=412659 route_default_metric = 0
Sat Jun 12 13:24:38 2021 us=412664 route_noexec = DISABLED
Sat Jun 12 13:24:38 2021 us=412670 route_delay = 0
Sat Jun 12 13:24:38 2021 us=412676 route_delay_window = 30
Sat Jun 12 13:24:38 2021 us=412682 route_delay_defined = DISABLED
Sat Jun 12 13:24:38 2021 us=412688 route_nopull = DISABLED
Sat Jun 12 13:24:38 2021 us=412693 route_gateway_via_dhcp = DISABLED
Sat Jun 12 13:24:38 2021 us=412699 allow_pull_fqdn = DISABLED
Sat Jun 12 13:24:38 2021 us=412705 management_addr = '/var/spool/openvpn/host-to-net'
Sat Jun 12 13:24:38 2021 us=412711 management_port = 'unix'
Sat Jun 12 13:24:38 2021 us=412717 management_user_pass = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412725 management_log_history_cache = 250
Sat Jun 12 13:24:38 2021 us=412733 management_echo_buffer_size = 100
Sat Jun 12 13:24:38 2021 us=412741 management_write_peer_info_file = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412747 management_client_user = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412753 management_client_group = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412759 management_flags = 256
Sat Jun 12 13:24:38 2021 us=412765 shared_secret_file = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412771 key_direction = not set
Sat Jun 12 13:24:38 2021 us=412777 ciphername = 'BF-CBC'
Sat Jun 12 13:24:38 2021 us=412783 ncp_enabled = ENABLED
Sat Jun 12 13:24:38 2021 us=412789 ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Sat Jun 12 13:24:38 2021 us=412794 authname = 'SHA1'
Sat Jun 12 13:24:38 2021 us=412800 prng_hash = 'SHA1'
Sat Jun 12 13:24:38 2021 us=412806 prng_nonce_secret_len = 16
Sat Jun 12 13:24:38 2021 us=412812 keysize = 0
Sat Jun 12 13:24:38 2021 us=412818 engine = DISABLED
Sat Jun 12 13:24:38 2021 us=412824 replay = ENABLED
Sat Jun 12 13:24:38 2021 us=412830 mute_replay_warnings = DISABLED
Sat Jun 12 13:24:38 2021 us=412836 replay_window = 64
Sat Jun 12 13:24:38 2021 us=412842 replay_time = 15
Sat Jun 12 13:24:38 2021 us=412848 packet_id_file = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412853 use_iv = ENABLED
Sat Jun 12 13:24:38 2021 us=412859 test_crypto = DISABLED
Sat Jun 12 13:24:38 2021 us=412865 tls_server = ENABLED
Sat Jun 12 13:24:38 2021 us=412871 tls_client = DISABLED
Sat Jun 12 13:24:38 2021 us=412876 key_method = 2
Sat Jun 12 13:24:38 2021 us=412882 ca_file = '/etc/pki/tls/certs/NSRV.crt'
Sat Jun 12 13:24:38 2021 us=412888 ca_path = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412894 dh_file = '/var/lib/nethserver/certs/dh1024.pem'
Sat Jun 12 13:24:38 2021 us=412900 cert_file = '/etc/pki/tls/certs/NSRV.crt'
Sat Jun 12 13:24:38 2021 us=412906 extra_certs_file = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412912 priv_key_file = '/etc/pki/tls/private/NSRV.key'
Sat Jun 12 13:24:38 2021 us=412917 pkcs12_file = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412923 cipher_list = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412929 cipher_list_tls13 = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412935 tls_cert_profile = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412940 tls_verify = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412946 tls_export_cert = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412952 verify_x509_type = 0
Sat Jun 12 13:24:38 2021 us=412957 verify_x509_name = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=412963 crl_file = '/var/lib/nethserver/certs/crl.pem'
Sat Jun 12 13:24:38 2021 us=412969 ns_cert_type = 0
Sat Jun 12 13:24:38 2021 us=412975 remote_cert_ku[i] = 0
Sat Jun 12 13:24:38 2021 us=412981 remote_cert_ku[i] = 0
Sat Jun 12 13:24:38 2021 us=412986 remote_cert_ku[i] = 0
Sat Jun 12 13:24:38 2021 us=412992 remote_cert_ku[i] = 0
Sat Jun 12 13:24:38 2021 us=412998 remote_cert_ku[i] = 0
Sat Jun 12 13:24:38 2021 us=413003 remote_cert_ku[i] = 0
Sat Jun 12 13:24:38 2021 us=413009 remote_cert_ku[i] = 0
Sat Jun 12 13:24:38 2021 us=413015 remote_cert_ku[i] = 0
Sat Jun 12 13:24:38 2021 us=413021 remote_cert_ku[i] = 0
Sat Jun 12 13:24:38 2021 us=413026 remote_cert_ku[i] = 0
Sat Jun 12 13:24:38 2021 us=413032 remote_cert_ku[i] = 0
Sat Jun 12 13:24:38 2021 us=413038 remote_cert_ku[i] = 0
Sat Jun 12 13:24:38 2021 us=413043 remote_cert_ku[i] = 0
Sat Jun 12 13:24:38 2021 us=413049 remote_cert_ku[i] = 0
Sat Jun 12 13:24:38 2021 us=413054 remote_cert_ku[i] = 0
Sat Jun 12 13:24:38 2021 us=413060 remote_cert_ku[i] = 0
Sat Jun 12 13:24:38 2021 us=413066 remote_cert_eku = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=413071 ssl_flags = 0
Sat Jun 12 13:24:38 2021 us=413077 tls_timeout = 2
Sat Jun 12 13:24:38 2021 us=413083 renegotiate_bytes = -1
Sat Jun 12 13:24:38 2021 us=413089 renegotiate_packets = 0
Sat Jun 12 13:24:38 2021 us=413095 renegotiate_seconds = 3600
Sat Jun 12 13:24:38 2021 us=413100 handshake_window = 60
Sat Jun 12 13:24:38 2021 us=413106 transition_window = 3600
Sat Jun 12 13:24:38 2021 us=413114 single_session = DISABLED
Sat Jun 12 13:24:38 2021 us=413120 push_peer_info = DISABLED
Sat Jun 12 13:24:38 2021 us=413126 tls_exit = DISABLED
Sat Jun 12 13:24:38 2021 us=413135 tls_auth_file = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=413142 tls_crypt_file = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=413149 pkcs11_protected_authentication = DISABLED
Sat Jun 12 13:24:38 2021 us=413156 pkcs11_protected_authentication = DISABLED
Sat Jun 12 13:24:38 2021 us=413161 pkcs11_protected_authentication = DISABLED
Sat Jun 12 13:24:38 2021 us=413167 pkcs11_protected_authentication = DISABLED
Sat Jun 12 13:24:38 2021 us=413173 pkcs11_protected_authentication = DISABLED
Sat Jun 12 13:24:38 2021 us=413179 pkcs11_protected_authentication = DISABLED
Sat Jun 12 13:24:38 2021 us=413184 pkcs11_protected_authentication = DISABLED
Sat Jun 12 13:24:38 2021 us=413190 pkcs11_protected_authentication = DISABLED
Sat Jun 12 13:24:38 2021 us=413196 pkcs11_protected_authentication = DISABLED
Sat Jun 12 13:24:38 2021 us=413201 pkcs11_protected_authentication = DISABLED
Sat Jun 12 13:24:38 2021 us=413207 pkcs11_protected_authentication = DISABLED
Sat Jun 12 13:24:38 2021 us=413213 pkcs11_protected_authentication = DISABLED
Sat Jun 12 13:24:38 2021 us=413218 pkcs11_protected_authentication = DISABLED
Sat Jun 12 13:24:38 2021 us=413224 pkcs11_protected_authentication = DISABLED
Sat Jun 12 13:24:38 2021 us=413229 pkcs11_protected_authentication = DISABLED
Sat Jun 12 13:24:38 2021 us=413235 pkcs11_protected_authentication = DISABLED
Sat Jun 12 13:24:38 2021 us=413241 pkcs11_private_mode = 00000000
Sat Jun 12 13:24:38 2021 us=413247 pkcs11_private_mode = 00000000
Sat Jun 12 13:24:38 2021 us=413253 pkcs11_private_mode = 00000000
Sat Jun 12 13:24:38 2021 us=413258 pkcs11_private_mode = 00000000
Sat Jun 12 13:24:38 2021 us=413264 pkcs11_private_mode = 00000000
Sat Jun 12 13:24:38 2021 us=413270 pkcs11_private_mode = 00000000
Sat Jun 12 13:24:38 2021 us=413276 pkcs11_private_mode = 00000000
Sat Jun 12 13:24:38 2021 us=413281 pkcs11_private_mode = 00000000
Sat Jun 12 13:24:38 2021 us=413287 pkcs11_private_mode = 00000000
Sat Jun 12 13:24:38 2021 us=413292 pkcs11_private_mode = 00000000
Sat Jun 12 13:24:38 2021 us=413298 pkcs11_private_mode = 00000000
Sat Jun 12 13:24:38 2021 us=413304 pkcs11_private_mode = 00000000
Sat Jun 12 13:24:38 2021 us=413309 pkcs11_private_mode = 00000000
Sat Jun 12 13:24:38 2021 us=413315 pkcs11_private_mode = 00000000
Sat Jun 12 13:24:38 2021 us=413321 pkcs11_private_mode = 00000000
Sat Jun 12 13:24:38 2021 us=413326 pkcs11_private_mode = 00000000
Sat Jun 12 13:24:38 2021 us=413332 pkcs11_cert_private = DISABLED
Sat Jun 12 13:24:38 2021 us=413337 pkcs11_cert_private = DISABLED
Sat Jun 12 13:24:38 2021 us=413343 pkcs11_cert_private = DISABLED
Sat Jun 12 13:24:38 2021 us=413349 pkcs11_cert_private = DISABLED
Sat Jun 12 13:24:38 2021 us=413354 pkcs11_cert_private = DISABLED
Sat Jun 12 13:24:38 2021 us=413360 pkcs11_cert_private = DISABLED
Sat Jun 12 13:24:38 2021 us=413365 pkcs11_cert_private = DISABLED
Sat Jun 12 13:24:38 2021 us=413371 pkcs11_cert_private = DISABLED
Sat Jun 12 13:24:38 2021 us=413377 pkcs11_cert_private = DISABLED
Sat Jun 12 13:24:38 2021 us=413382 pkcs11_cert_private = DISABLED
Sat Jun 12 13:24:38 2021 us=413388 pkcs11_cert_private = DISABLED
Sat Jun 12 13:24:38 2021 us=413394 pkcs11_cert_private = DISABLED
Sat Jun 12 13:24:38 2021 us=413399 pkcs11_cert_private = DISABLED
Sat Jun 12 13:24:38 2021 us=413405 pkcs11_cert_private = DISABLED
Sat Jun 12 13:24:38 2021 us=413410 pkcs11_cert_private = DISABLED
Sat Jun 12 13:24:38 2021 us=413416 pkcs11_cert_private = DISABLED
Sat Jun 12 13:24:38 2021 us=413422 pkcs11_pin_cache_period = -1
Sat Jun 12 13:24:38 2021 us=413428 pkcs11_id = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=413434 pkcs11_id_management = DISABLED
Sat Jun 12 13:24:38 2021 us=413440 server_network = 192.168.160.0
Sat Jun 12 13:24:38 2021 us=413447 server_netmask = 255.255.255.0
Sat Jun 12 13:24:38 2021 us=413459 server_network_ipv6 = ::
Sat Jun 12 13:24:38 2021 us=413465 server_netbits_ipv6 = 0
Sat Jun 12 13:24:38 2021 us=413472 server_bridge_ip = 0.0.0.0
Sat Jun 12 13:24:38 2021 us=413478 server_bridge_netmask = 0.0.0.0
Sat Jun 12 13:24:38 2021 us=413485 server_bridge_pool_start = 0.0.0.0
Sat Jun 12 13:24:38 2021 us=413491 server_bridge_pool_end = 0.0.0.0
Sat Jun 12 13:24:38 2021 us=413497 push_entry = 'redirect-gateway def1'
Sat Jun 12 13:24:38 2021 us=413503 push_entry = 'dhcp-option DOMAIN MyDomain.net'
Sat Jun 12 13:24:38 2021 us=413509 push_entry = 'dhcp-option DNS 192.168.160.1'
Sat Jun 12 13:24:38 2021 us=413515 push_entry = 'dhcp-option WINS 192.168.160.1'
Sat Jun 12 13:24:38 2021 us=413520 push_entry = 'dhcp-option NBDD 192.168.160.1'
Sat Jun 12 13:24:38 2021 us=413526 push_entry = 'dhcp-option NBT 2'
Sat Jun 12 13:24:38 2021 us=413532 push_entry = 'route 192.168.0.0 255.255.255.0'
Sat Jun 12 13:24:38 2021 us=413538 push_entry = 'route-gateway 192.168.160.1'
Sat Jun 12 13:24:38 2021 us=413544 push_entry = 'topology subnet'
Sat Jun 12 13:24:38 2021 us=413550 push_entry = 'ping 20'
Sat Jun 12 13:24:38 2021 us=413555 push_entry = 'ping-restart 120'
Sat Jun 12 13:24:38 2021 us=413561 ifconfig_pool_defined = ENABLED
Sat Jun 12 13:24:38 2021 us=413568 ifconfig_pool_start = 192.168.160.2
Sat Jun 12 13:24:38 2021 us=413574 ifconfig_pool_end = 192.168.160.253
Sat Jun 12 13:24:38 2021 us=413583 ifconfig_pool_netmask = 255.255.255.0
Sat Jun 12 13:24:38 2021 us=413589 ifconfig_pool_persist_filename = 'host-to-net.pool'
Sat Jun 12 13:24:38 2021 us=413595 ifconfig_pool_persist_refresh_freq = 0
Sat Jun 12 13:24:38 2021 us=413601 ifconfig_ipv6_pool_defined = DISABLED
Sat Jun 12 13:24:38 2021 us=413608 ifconfig_ipv6_pool_base = ::
Sat Jun 12 13:24:38 2021 us=413614 ifconfig_ipv6_pool_netbits = 0
Sat Jun 12 13:24:38 2021 us=413620 n_bcast_buf = 256
Sat Jun 12 13:24:38 2021 us=413626 tcp_queue_limit = 64
Sat Jun 12 13:24:38 2021 us=413631 real_hash_size = 256
Sat Jun 12 13:24:38 2021 us=413637 virtual_hash_size = 256
Sat Jun 12 13:24:38 2021 us=413643 client_connect_script = '/usr/libexec/nethserver/openvpn-connect'
Sat Jun 12 13:24:38 2021 us=413649 learn_address_script = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=413655 client_disconnect_script = '/usr/libexec/nethserver/openvpn-disconnect'
Sat Jun 12 13:24:38 2021 us=413661 client_config_dir = 'ccd'
Sat Jun 12 13:24:38 2021 us=413667 ccd_exclusive = DISABLED
Sat Jun 12 13:24:38 2021 us=413673 tmp_dir = '/tmp'
Sat Jun 12 13:24:38 2021 us=413679 push_ifconfig_defined = DISABLED
Sat Jun 12 13:24:38 2021 us=413685 push_ifconfig_local = 0.0.0.0
Sat Jun 12 13:24:38 2021 us=413692 push_ifconfig_remote_netmask = 0.0.0.0
Sat Jun 12 13:24:38 2021 us=413698 push_ifconfig_ipv6_defined = DISABLED
Sat Jun 12 13:24:38 2021 us=413704 push_ifconfig_ipv6_local = ::/0
Sat Jun 12 13:24:38 2021 us=413710 push_ifconfig_ipv6_remote = ::
Sat Jun 12 13:24:38 2021 us=413716 enable_c2c = DISABLED
Sat Jun 12 13:24:38 2021 us=413722 duplicate_cn = DISABLED
Sat Jun 12 13:24:38 2021 us=413728 cf_max = 0
Sat Jun 12 13:24:38 2021 us=413734 cf_per = 0
Sat Jun 12 13:24:38 2021 us=413740 max_clients = 1024
Sat Jun 12 13:24:38 2021 us=413746 max_routes_per_client = 256
Sat Jun 12 13:24:38 2021 us=413752 auth_user_pass_verify_script = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=413758 auth_user_pass_verify_script_via_file = DISABLED
Sat Jun 12 13:24:38 2021 us=413764 auth_token_generate = DISABLED
Sat Jun 12 13:24:38 2021 us=413769 auth_token_lifetime = 0
Sat Jun 12 13:24:38 2021 us=413775 port_share_host = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=413781 port_share_port = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=413787 client = DISABLED
Sat Jun 12 13:24:38 2021 us=413793 pull = DISABLED
Sat Jun 12 13:24:38 2021 us=413799 auth_user_pass_file = '[UNDEF]'
Sat Jun 12 13:24:38 2021 us=413808 OpenVPN 2.4.11 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 21 2021
Sat Jun 12 13:24:38 2021 us=413822 library versions: OpenSSL 1.0.2k-fips 26 Jan 2017, LZO 2.06
Sat Jun 12 13:24:38 2021 us=413934 MANAGEMENT: unix domain socket listening on /var/spool/openvpn/host-to-net
Sat Jun 12 13:24:38 2021 us=421869 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Sat Jun 12 13:24:38 2021 us=421887 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Jun 12 13:24:38 2021 us=422594 Diffie-Hellman initialized with 1024 bit key
Sat Jun 12 13:24:38 2021 us=423143 CRL: loaded 1 CRLs from file /var/lib/nethserver/certs/crl.pem
Sat Jun 12 13:24:38 2021 us=423194 TLS-Auth MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Sat Jun 12 13:24:38 2021 us=423546 TUN/TAP device tunrw opened
Sat Jun 12 13:24:38 2021 us=423608 TUN/TAP TX queue length set to 100
Sat Jun 12 13:24:38 2021 us=423623 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sat Jun 12 13:24:38 2021 us=423638 /sbin/ip link set dev tunrw up mtu 1500
Sat Jun 12 13:24:38 2021 us=424906 /sbin/ip addr add dev tunrw 192.168.160.1/24 broadcast 192.168.160.255
Sat Jun 12 13:24:38 2021 us=426068 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Sat Jun 12 13:24:38 2021 us=426112 Could not determine IPv4/IPv6 protocol. Using AF_INET
Sat Jun 12 13:24:38 2021 us=426142 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sat Jun 12 13:24:38 2021 us=426174 UDPv4 link local (bound): [AF_INET][undef]:1194
Sat Jun 12 13:24:38 2021 us=426188 UDPv4 link remote: [AF_UNSPEC]
Sat Jun 12 13:24:38 2021 us=426212 MULTI: multi_init called, r=256 v=256
Sat Jun 12 13:24:38 2021 us=426248 IFCONFIG POOL: base=192.168.160.2 size=252, ipv6=0
Sat Jun 12 13:24:38 2021 us=426269 ifconfig_pool_read(), in='', TODO: IPv6
Sat Jun 12 13:24:38 2021 us=426283 IFCONFIG POOL LIST
Sat Jun 12 13:24:38 2021 us=426375 Initialization Sequence Completed
Sat Jun 12 13:25:10 2021 us=197831 MULTI: multi_create_instance called
Sat Jun 12 13:25:10 2021 us=197969 172.58.19.52:55554 Re-using SSL/TLS context
Sat Jun 12 13:25:10 2021 us=198246 172.58.19.52:55554 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Sat Jun 12 13:25:10 2021 us=198281 172.58.19.52:55554 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Sat Jun 12 13:25:10 2021 us=198335 172.58.19.52:55554 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sat Jun 12 13:25:10 2021 us=198352 172.58.19.52:55554 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sat Jun 12 13:25:10 2021 us=198527 172.58.19.52:55554 TLS: Initial packet from [AF_INET]172.58.19.52:55554 (via [AF_INET]192.168.0.254%br0), sid=e2151b15 da0fc665
Sat Jun 12 13:25:10 2021 us=512311 172.58.19.52:55554 VERIFY OK: depth=1, CN=NethServer, O=MyDomain, ST=CA, emailAddress=admin@MyDomain.net, subjectAltName=*.MyDomain.net, OU=Main, C=US, L=Los Angeles
Sat Jun 12 13:25:10 2021 us=512592 172.58.19.52:55554 VERIFY OK: depth=0, C=--, ST=SomeState, L=Los Angeles, O=MyDomain, OU=SomeDepartment, CN=eddie@MyDomain.net, emailAddress=admin@Nethserver.MyDomain.net
Sat Jun 12 13:25:10 2021 us=831730 172.58.19.52:55554 peer info: IV_VER=3.git::58b92569
Sat Jun 12 13:25:10 2021 us=831782 172.58.19.52:55554 peer info: IV_PLAT=ios
Sat Jun 12 13:25:10 2021 us=831799 172.58.19.52:55554 peer info: IV_NCP=2
Sat Jun 12 13:25:10 2021 us=831812 172.58.19.52:55554 peer info: IV_TCPNL=1
Sat Jun 12 13:25:10 2021 us=831826 172.58.19.52:55554 peer info: IV_PROTO=2
Sat Jun 12 13:25:10 2021 us=831839 172.58.19.52:55554 peer info: IV_AUTO_SESS=1
Sat Jun 12 13:25:10 2021 us=831854 172.58.19.52:55554 peer info: IV_GUI_VER=net.openvpn.connect.ios_3.2.3-3760
Sat Jun 12 13:25:10 2021 us=831881 172.58.19.52:55554 peer info: IV_SSO=openurl
Sat Jun 12 13:25:10 2021 us=831896 172.58.19.52:55554 peer info: IV_BS64DL=1
Sat Jun 12 13:25:10 2021 us=909044 172.58.19.52:55554 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sat Jun 12 13:25:10 2021 us=909115 172.58.19.52:55554 [eddie@MyDomain.net] Peer Connection Initiated with [AF_INET]172.58.19.52:55554 (via [AF_INET]192.168.0.254%br0)
Sat Jun 12 13:25:10 2021 us=909183 eddie@MyDomain.net/172.58.19.52:55554 MULTI_sva: pool returned IPv4=192.168.160.2, IPv6=(Not enabled)
Sat Jun 12 13:25:11 2021 us=172667 eddie@MyDomain.net/172.58.19.52:55554 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_371393219abcfc05164e4adb283898f.tmp
Sat Jun 12 13:25:11 2021 us=172847 eddie@MyDomain.net/172.58.19.52:55554 MULTI: Learn: 192.168.160.2 -> eddie@MyDomain.net/172.58.19.52:55554
Sat Jun 12 13:25:11 2021 us=172874 eddie@MyDomain.net/172.58.19.52:55554 MULTI: primary virtual IP for eddie@MyDomain.net/172.58.19.52:55554: 192.168.160.2
Sat Jun 12 13:25:11 2021 us=173197 eddie@MyDomain.net/172.58.19.52:55554 PUSH: Received control message: 'PUSH_REQUEST'
Sat Jun 12 13:25:11 2021 us=173284 eddie@MyDomain.net/172.58.19.52:55554 SENT CONTROL [eddie@MyDomain.net]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DOMAIN MyDomain.net,dhcp-option DNS 192.168.160.1,dhcp-option WINS 192.168.160.1,dhcp-option NBDD 192.168.160.1,dhcp-option NBT 2,route 192.168.0.0 255.255.255.0,route-gateway 192.168.160.1,topology subnet,ping 20,ping-restart 120,ifconfig 192.168.160.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
Sat Jun 12 13:25:11 2021 us=173307 eddie@MyDomain.net/172.58.19.52:55554 Data Channel: using negotiated cipher 'AES-256-GCM'
Sat Jun 12 13:25:11 2021 us=173333 eddie@MyDomain.net/172.58.19.52:55554 Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
Sat Jun 12 13:25:11 2021 us=173456 eddie@MyDomain.net/172.58.19.52:55554 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Jun 12 13:25:11 2021 us=173490 eddie@MyDomain.net/172.58.19.52:55554 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Jun 12 13:27:48 2021 us=812090 eddie@MyDomain.net/172.58.19.52:55554 SIGTERM[soft,remote-exit] received, client-instance exiting
Code: Select all
2021-06-12 13:25:09 1
2021-06-12 13:25:09 ----- OpenVPN Start -----
OpenVPN core 3.git::58b92569 ios arm64 64-bit
2021-06-12 13:25:09 OpenVPN core 3.git::58b92569 ios arm64 64-bit
2021-06-12 13:25:09 Frame=512/2048/512 mssfix-ctrl=1250
2021-06-12 13:25:09 UNUSED OPTIONS
5 [explicit-exit-notify] [1]
10 [verb] [4]
11 [persist-key]
12 [persist-tun]
13 [nobind]
14 [passtos]
2021-06-12 13:25:09 EVENT: RESOLVE
2021-06-12 13:25:10 Contacting [aaa.184.10.zzz]:1194/UDP via UDP
2021-06-12 13:25:10 EVENT: WAIT
2021-06-12 13:25:10 Connecting to [MyDomain.net]:1194 (aaa.184.10.zzz) via UDPv4
2021-06-12 13:25:10 EVENT: CONNECTING
2021-06-12 13:25:10 Tunnel Options:V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client
2021-06-12 13:25:10 Creds: UsernameEmpty/PasswordEmpty
2021-06-12 13:25:10 Peer Info:
IV_VER=3.git::58b92569
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_AUTO_SESS=1
IV_GUI_VER=net.openvpn.connect.ios_3.2.3-3760
IV_SSO=openurl
IV_BS64DL=1
2021-06-12 13:25:10 VERIFY OK: depth=0, /CN=NethServer/O=MyDomain/ST=CA/emailAddress=admin@MyDomain.net/subjectAltName=*.MyDomain.net/OU=Main/C=US/L=Los Angeles
2021-06-12 13:25:10 SSL Handshake: CN=NethServer, TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
2021-06-12 13:25:10 Session is ACTIVE
2021-06-12 13:25:10 EVENT: GET_CONFIG
2021-06-12 13:25:10 Sending PUSH_REQUEST to server...
2021-06-12 13:25:11 OPTIONS:
0 [redirect-gateway] [def1]
1 [dhcp-option] [DOMAIN] [MyDomain.net]
2 [dhcp-option] [DNS] [192.168.160.1]
3 [dhcp-option] [WINS] [192.168.160.1]
4 [dhcp-option] [NBDD] [192.168.160.1]
5 [dhcp-option] [NBT] [2]
6 [route] [192.168.0.0] [255.255.255.0]
7 [route-gateway] [192.168.160.1]
8 [topology] [subnet]
9 [ping] [20]
10 [ping-restart] [120]
11 [ifconfig] [192.168.160.2] [255.255.255.0]
12 [peer-id] [0]
13 [cipher] [AES-256-GCM]
2021-06-12 13:25:11 PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: NONE
compress: NONE
peer ID: 0
2021-06-12 13:25:11 EVENT: ASSIGN_IP
2021-06-12 13:25:11 NIP: preparing TUN network settings
2021-06-12 13:25:11 NIP: init TUN network settings with endpoint: aaa.184.10.zzz
2021-06-12 13:25:11 NIP: adding IPv4 address to network settings 192.168.160.2/255.255.255.0
2021-06-12 13:25:11 NIP: adding (included) IPv4 route 192.168.160.0/24
2021-06-12 13:25:11 NIP: adding (included) IPv4 route 192.168.0.0/24
2021-06-12 13:25:11 NIP: redirecting all IPv4 traffic to TUN interface
2021-06-12 13:25:11 NIP: adding match domain MyDomain.net
2021-06-12 13:25:11 NIP: adding DNS 192.168.160.1
2021-06-12 13:25:11 Connected via NetworkExtensionTUN
2021-06-12 13:25:11 EVENT: CONNECTED MyDomain.net:1194 (aaa.184.10.zzz) via /UDPv4 on NetworkExtensionTUN/192.168.160.2/ gw=[/]
2021-06-12 13:27:48 EVENT: DISCONNECTED
2021-06-12 13:27:48 Raw stats on disconnect:
BYTES_IN : 499862
BYTES_OUT : 153984
PACKETS_IN : 708
PACKETS_OUT : 656
TUN_BYTES_IN : 134904
TUN_BYTES_OUT : 480565
TUN_PACKETS_IN : 644
TUN_PACKETS_OUT : 698
2021-06-12 13:27:48 Performance stats on disconnect:
CPU usage (microseconds): 481285
Tunnel compression ratio (uplink): 1.14143
Tunnel compression ratio (downlink): 1.04015
Network bytes per CPU second: 1358542
Tunnel bytes per CPU second: 1278803
I forgot to add, that the exact same configuration is pushed to the iPad where I don't see any issues.
Cheers.
Last edited by EddieA on Sat Jun 12, 2021 9:08 pm, edited 1 time in total.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Slow connection from iPhone
It looks like openvpn is working as it should.
-
- OpenVPN User
- Posts: 24
- Joined: Thu Jul 02, 2015 6:52 pm
Re: Slow connection from iPhone
Exactly, that's why I'm so confused. It works great from devices attached to the iPhone, just not on the iPhone itself.
Now, where's the "hair tearing" icon.
Cheers.
Now, where's the "hair tearing" icon.
Cheers.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Slow connection from iPhone
Try using a real DNS server eg 1.1.1.1 through your VPN.
-
- OpenVpn Newbie
- Posts: 12
- Joined: Wed Jul 22, 2020 3:03 pm
Re: Slow connection from iPhone
maybe you could check openvpn on another device and check if you have the same result?