After troubleshooting to fix the PolarSSL certificate error and solving it via importing the CA.CRT + CLIENT.P12 into iOS keychain, I have bumped into a new error.
I am able to connect to the VPN on 4G, but not on wifi. As soon as I connect to a wifi network, the connection goes to timeout and eventually stops.
Here are the logs from the iOS client when trying to connect to the VPN while already connected to wifi:
iPhone 6S running ios 11.0.3
Code: Select all
2017-10-24 16:42:30 ----- OpenVPN Start -----
OpenVPN core 3.1.2 ios arm64 64-bit built on Dec 5 2016 12:50:25
2017-10-24 16:42:30 Keychain Cert Extraction: 2 certificate(s) found
2017-10-24 16:42:30 Frame=512/2048/512 mssfix-ctrl=1250
2017-10-24 16:42:30 UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [persist-key]
7 [persist-tun]
11 [verify-x509-name] [server_v0zacJQCkXqL82uW] [name]
15 [verb] [1]
2017-10-24 16:42:30 EVENT: RESOLVE
2017-10-24 16:42:30 Contacting A.B.C.D:1189 via UDP
2017-10-24 16:42:30 EVENT: WAIT
2017-10-24 16:42:30 SetTunnelSocket returned 1
2017-10-24 16:42:30 Connecting to [A.B.C.D]:1189 (A.B.C.D) via UDPv4
2017-10-24 16:42:30 NET Internet:ReachableViaWiFi/-R t------
2017-10-24 16:42:40 Server poll timeout, trying next remote entry...
2017-10-24 16:42:40 EVENT: RECONNECTING
2017-10-24 16:42:40 EVENT: RESOLVE
2017-10-24 16:42:40 Contacting A.B.C.D:1189 via UDP
2017-10-24 16:42:40 EVENT: WAIT
2017-10-24 16:42:40 SetTunnelSocket returned 1
2017-10-24 16:42:40 Connecting to [A.B.C.D]:1189 (A.B.C.D) via UDPv4
2017-10-24 16:42:50 Server poll timeout, trying next remote entry...
2017-10-24 16:42:50 EVENT: RECONNECTING
2017-10-24 16:42:50 EVENT: RESOLVE
2017-10-24 16:42:50 Contacting A.B.C.D:1189 via UDP
2017-10-24 16:42:50 EVENT: WAIT
2017-10-24 16:42:50 SetTunnelSocket returned 1
2017-10-24 16:42:50 Connecting to [A.B.C.D]:1189 (A.B.C.D) via UDPv4
2017-10-24 16:43:00 Server poll timeout, trying next remote entry...
2017-10-24 16:43:00 EVENT: RECONNECTING
2017-10-24 16:43:00 EVENT: RESOLVE
2017-10-24 16:43:00 Contacting A.B.C.D:1189 via UDP
2017-10-24 16:43:00 EVENT: WAIT
2017-10-24 16:43:00 SetTunnelSocket returned 1
2017-10-24 16:43:00 Connecting to [A.B.C.D]:1189 (A.B.C.D) via UDPv4
2017-10-24 16:43:10 Server poll timeout, trying next remote entry...
2017-10-24 16:43:10 EVENT: RECONNECTING
2017-10-24 16:43:10 EVENT: RESOLVE
2017-10-24 16:43:10 Contacting A.B.C.D:1189 via UDP
2017-10-24 16:43:10 EVENT: WAIT
2017-10-24 16:43:10 SetTunnelSocket returned 1
2017-10-24 16:43:10 Connecting to [A.B.C.D]:1189 (A.B.C.D) via UDPv4
2017-10-24 16:43:20 Server poll timeout, trying next remote entry...
2017-10-24 16:43:20 EVENT: RECONNECTING
2017-10-24 16:43:20 EVENT: RESOLVE
2017-10-24 16:43:20 Contacting A.B.C.D:1189 via UDP
2017-10-24 16:43:20 EVENT: WAIT
2017-10-24 16:43:20 SetTunnelSocket returned 1
2017-10-24 16:43:20 Connecting to [A.B.C.D]:1189 (A.B.C.D) via UDPv4
2017-10-24 16:43:30 EVENT: CONNECTION_TIMEOUT [ERR]
2017-10-24 16:43:30 EVENT: DISCONNECTED
2017-10-24 16:43:30 Raw stats on disconnect:
BYTES_OUT : 3240
PACKETS_OUT : 60
CONNECTION_TIMEOUT : 1
N_RECONNECT : 5
2017-10-24 16:43:30 Performance stats on disconnect:
CPU usage (microseconds): 40772
Network bytes per CPU second: 79466
Tunnel bytes per CPU second: 0
2017-10-24 16:43:30 EVENT: DISCONNECT_PENDING
2017-10-24 16:43:30 ----- OpenVPN Stop -----
Here are the logs when the ios client is connected to VPN and the phone connects to wifi. Initially, the VPN is up with no connectivity, and then the VPN is broken and traffic starts flowing outside the VPN.
Code: Select all
2017-10-25 10:14:08 EVENT: RESOLVE
2017-10-25 10:14:08 Contacting A.B.C.D:1189 via UDP
2017-10-25 10:14:08 EVENT: WAIT
2017-10-25 10:14:08 SetTunnelSocket returned 1
2017-10-25 10:14:08 Connecting to [A.B.C.D]:1189 (A.B.C.D) via UDPv4
2017-10-25 10:14:08 EVENT: CONNECTING
2017-10-25 10:14:08 Tunnel Options:V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client
2017-10-25 10:14:08 Creds: UsernameEmpty/PasswordEmpty
2017-10-25 10:14:08 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.1.1-212
IV_VER=3.1.2
IV_PLAT=ios
IV_LZO=1
IV_AUTO_SESS=1
2017-10-25 10:14:08 VERIFY OK: depth=1
cert. version : 3
serial number : B3:4B:75:52:A4:14:AD:E5
issuer name : CN=ChangeMe
subject name : CN=ChangeMe
issued on : 2017-10-20 13:23:23
expires on : 2027-10-18 13:23:23
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=true
key usage : Key Cert Sign, CRL Sign
2017-10-25 10:14:08 VERIFY OK: depth=0
cert. version : 3
serial number : 01
issuer name : CN=ChangeMe
subject name : CN=server_v0zacJQCkXqL82uW
issued on : 2017-10-20 13:23:29
expires on : 2027-10-18 13:23:29
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=false
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication
2017-10-25 10:14:09 NET Internet:ReachableViaWWAN/WR t------
2017-10-25 10:14:09 SSL Handshake: TLSv1.2/TLS-DHE-RSA-WITH-AES-256-CBC-SHA
2017-10-25 10:14:09 Session is ACTIVE
2017-10-25 10:14:09 EVENT: GET_CONFIG
2017-10-25 10:14:09 Sending PUSH_REQUEST to server...
2017-10-25 10:14:09 OPTIONS:
0 [redirect-gateway] [ipv6]
1 [route] [10.8.0.1] [255.255.255.255]
2 [route] [10.8.0.0] [255.255.255.0]
3 [route] [0.0.0.0]
4 [dhcp-option] [DNS] [8.8.8.8]
5 [dhcp-option] [DNS] [8.8.4.4]
6 [redirect-gateway] [def1]
7 [route-gateway] [10.8.0.1]
8 [topology] [subnet]
9 [ping] [10]
10 [ping-restart] [120]
11 [ifconfig] [10.8.0.4] [255.255.255.0]
2017-10-25 10:14:09 PROTOCOL OPTIONS:
cipher: AES-256-CBC
digest: SHA256
compress: LZO
peer ID: -1
2017-10-25 10:14:09 EVENT: ASSIGN_IP
2017-10-25 10:14:09 TunPersist: saving tun context:
Session Name: A.B.C.D
Layer: OSI_LAYER_3
Remote Address: A.B.C.D
Tunnel Addresses:
10.8.0.4/24 -> 10.8.0.1
Reroute Gateway: IPv4=1 IPv6=0 flags=[ ENABLE REROUTE_GW DEF1 IPv4 IPv6 ]
Block IPv6: no
Add Routes:
10.8.0.1/32
10.8.0.0/24
0.0.0.0/32
Exclude Routes:
DNS Servers:
8.8.8.8
8.8.4.4
Search Domains:
2017-10-25 10:14:09 Connected via tun
2017-10-25 10:14:09 LZO-ASYM init swap=0 asym=0
2017-10-25 10:14:09 EVENT: CONNECTED @A.B.C.D:1189 (A.B.C.D) via /UDPv4 on tun/10.8.0.4/ gw=[10.8.0.1/]
2017-10-25 10:14:09 SetStatus Connected
2017-10-25 10:14:37 OS Event: NET AVAILABLE (RESUME): ReachableViaWiFi allow=1
2017-10-25 10:14:39 OS Event: NET UNAVAILABLE (PAUSE): ReachableViaWiFi
2017-10-25 10:14:39 OS Event: NET AVAILABLE (RESUME): ReachableViaWiFi allow=1
2017-10-25 10:14:39 EVENT: PAUSE
2017-10-25 10:14:39 NET Internet:ReachableViaWiFi/-R t------
2017-10-25 10:14:42 RECONNECT TEST: ReachableViaWiFi
2017-10-25 10:14:43 RESUME TEST: ReachableViaWiFi
2017-10-25 10:14:43 EVENT: RESUME
2017-10-25 10:14:43 EVENT: RECONNECTING
2017-10-25 10:14:43 Contacting A.B.C.D:1189 via UDP
2017-10-25 10:14:43 EVENT: WAIT
2017-10-25 10:14:43 SetTunnelSocket returned 1
2017-10-25 10:14:43 Connecting to [A.B.C.D]:1189 (A.B.C.D) via UDPv4
2017-10-25 10:14:53 Server poll timeout, trying next remote entry...
2017-10-25 10:14:53 EVENT: RECONNECTING
2017-10-25 10:14:53 Contacting A.B.C.D:1189 via UDP
2017-10-25 10:14:53 EVENT: WAIT
2017-10-25 10:14:53 SetTunnelSocket returned 1
2017-10-25 10:14:53 Connecting to [A.B.C.D]:1189 (A.B.C.D) via UDPv4
2017-10-25 10:15:03 Server poll timeout, trying next remote entry...
2017-10-25 10:15:03 EVENT: RECONNECTING
2017-10-25 10:15:03 Contacting A.B.C.D:1189 via UDP
2017-10-25 10:15:03 EVENT: WAIT
2017-10-25 10:15:03 SetTunnelSocket returned 1
2017-10-25 10:15:03 Connecting to [A.B.C.D]:1189 (A.B.C.D) via UDPv4
2017-10-25 10:15:13 Server poll timeout, trying next remote entry...
2017-10-25 10:15:13 EVENT: RECONNECTING
2017-10-25 10:15:13 Contacting A.B.C.D:1189 via UDP
2017-10-25 10:15:13 EVENT: WAIT
2017-10-25 10:15:13 SetTunnelSocket returned 1
2017-10-25 10:15:13 Connecting to [A.B.C.D]:1189 (A.B.C.D) via UDPv4
2017-10-25 10:15:23 Server poll timeout, trying next remote entry...
2017-10-25 10:15:23 EVENT: RECONNECTING
2017-10-25 10:15:23 Contacting A.B.C.D:1189 via UDP
2017-10-25 10:15:23 EVENT: WAIT
2017-10-25 10:15:23 SetTunnelSocket returned 1
2017-10-25 10:15:23 Connecting to [A.B.C.D]:1189 (A.B.C.D) via UDPv4
2017-10-25 10:15:33 Server poll timeout, trying next remote entry...
2017-10-25 10:15:33 EVENT: RECONNECTING
2017-10-25 10:15:33 Contacting A.B.C.D:1189 via UDP
2017-10-25 10:15:33 EVENT: WAIT
2017-10-25 10:15:33 SetTunnelSocket returned 1
2017-10-25 10:15:33 Connecting to [A.B.C.D]:1189 (A.B.C.D) via UDPv4
2017-10-25 10:15:43 EVENT: CONNECTION_TIMEOUT [ERR]
2017-10-25 10:15:43 EVENT: DISCONNECTED
2017-10-25 10:15:43 Raw stats on disconnect:
BYTES_IN : 76859
BYTES_OUT : 28245
PACKETS_IN : 108
PACKETS_OUT : 185
TUN_BYTES_IN : 15742
TUN_BYTES_OUT : 67251
TUN_PACKETS_IN : 113
TUN_PACKETS_OUT : 98
CONNECTION_TIMEOUT : 1
N_PAUSE : 1
N_RECONNECT : 6
2017-10-25 10:15:43 Performance stats on disconnect:
CPU usage (microseconds): 195965
Tunnel compression ratio (uplink): 1.79424
Tunnel compression ratio (downlink): 1.14287
Network bytes per CPU second: 536340
Tunnel bytes per CPU second: 423509
2017-10-25 10:15:43 EVENT: DISCONNECT_PENDING
2017-10-25 10:15:43 ----- OpenVPN Stop -----
Code: Select all
client
dev tun
proto udp
remote A.B.C.D 1189
resolv-retry infinite
nobind
persist-key
persist-tun
key-direction 1
remote-cert-tls server
tls-version-min 1.2
verify-x509-name server_v0zacJQCkXqL82uW name
cipher AES-256-CBC
auth SHA256
comp-lzo
redirect-gateway ipv6
verb 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-auth>
RASP-PI 3 running: Linux raspberrypi 4.9.41-v7+ #1023 SMP Tue Aug 8 16:00:15 BST 2017 armv7l GNU/Linux
Code: Select all
client
dev tun
proto udp
remote A.B.C.D 1189
resolv-retry infinite
nobind
persist-key
persist-tun
key-direction 1
remote-cert-tls server
tls-version-min 1.2
verify-x509-name server_v0zacJQCkXqL82uW name
cipher AES-256-CBC
auth SHA256
comp-lzo
push "redirect-gateway ipv6"
verb 1
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
-----END ENCRYPTED PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-auth>
Any help/advice on how to correctly configure/setup the VPN to also work on wifi is greatly appreciated.
Best regards,
Alex