Help With iOS Clients

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
Texangeek
OpenVpn Newbie
Posts: 2
Joined: Mon Sep 16, 2019 6:55 pm

Help With iOS Clients

Post by Texangeek » Mon Sep 16, 2019 7:16 pm

I have configured a VPN server on a Digital Ocean droplet and can successfully connect to it from my MacBook Pro.

Code: Select all

client
nobind
dev tun
remote-cert-tls server

remote celticvpn.ddns.net 1194 udp
dhcp-option DNS 192.168.10.251  # pihole on local network

<key>
-----BEGIN PRIVATE KEY-----

-----END PRIVATE KEY-----
</key>
<cert>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</cert>
<ca>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</ca>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----

-----END OpenVPN Static key V1-----
</tls-auth>

redirect-gateway def1
I specify 192.168.10.251 as the DNS address as this is the location of my Pi-hole (ad removal) on my local network. Whoerr shows that my IP address has changed when I am on the VPN and ads are correctly filtered.

I created a similar client file to use on my IOS devices (iPad, iPhone) however while both devices appear to connect I have no internet connectivity on either device. I've attached the log file from my iPad client.

Code: Select all

2019-04-16 14:04:01 ----- OpenVPN Start -----
OpenVPN core 3.git::728733ae ios arm64 64-bit PT_PROXY built on Aug 15 2019 06:21:05

2019-04-16 14:04:01 OpenVPN core 3.git::728733ae ios arm64 64-bit PT_PROXY built on Aug 15 2019 06:21:05

2019-04-16 14:04:01 Frame=512/2048/512 mssfix-ctrl=1250

2019-04-16 14:04:01 UNUSED OPTIONS
1 [nobind] 

2019-04-16 14:04:01 EVENT: RESOLVE

2019-04-16 14:04:01 Contacting [xxx.xxx.xxx.xx]:1194/UDP via UDP

2019-04-16 14:04:01 EVENT: WAIT

2019-04-16 14:04:01 Connecting to [celticvpn.ddns.net]:1194 (xxx.xxx.xxx.xx) via UDPv4

2019-04-16 14:04:01 EVENT: CONNECTING

2019-04-16 14:04:01 Tunnel Options:V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client

2019-04-16 14:04:01 Creds: UsernameEmpty/PasswordEmpty

2019-04-16 14:04:01 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 3.0.3-2104
IV_VER=3.git::728733ae
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_AUTO_SESS=1
IV_BS64DL=1

2019-04-16 14:04:01 VERIFY OK : depth=1
cert. version     : 3
serial number     : 6E:09:67:CB:B5:A6:34:9A:DA:05:F8:7B:8E:C8:E3:C9:FA:68:C9:8E
issuer name       : 
subject name      : 
issued  on        : 2019-09-14 19:01:05
expires on        : 2029-09-11 19:01:05
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=true
key usage         : Key Cert Sign, CRL Sign

2019-04-16 14:04:01 VERIFY OK : depth=0
cert. version     : 3
serial number     : C2:51:EF:A0:DB:9E:59:0B:8B:9E:10:4D:C5:05:0E:1F
issuer name       : 
subject name      : 
issued  on        : 2019-09-14 19:01:31
expires on        : 2022-08-29 19:01:31
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=false
subject alt name  : celticvpn.ddns.net
key usage         : Digital Signature, Key Encipherment
ext key usage     : TLS Web Server Authentication


2019-04-16 14:04:01 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384

2019-04-16 14:04:01 Session is ACTIVE

2019-04-16 14:04:01 EVENT: GET_CONFIG

2019-04-16 14:04:01 Sending PUSH_REQUEST to server...

2019-04-16 14:04:01 OPTIONS:
0 [redirect-gateway] [def1] 
1 [dhcp-option] [DNS] [192.168.10.251] 
2 [comp-lzo] [no] 
3 [route] [192.168.255.1] 
4 [topology] [net30] 
5 [ping] [10] 
6 [ping-restart] [60] 
7 [ifconfig] [192.168.255.10] [192.168.255.9] 
8 [peer-id] [0] 
9 [cipher] [AES-256-GCM] 


2019-04-16 14:04:01 PROTOCOL OPTIONS:
  cipher: AES-256-GCM
  digest: SHA1
  compress: LZO_STUB
  peer ID: 0

2019-04-16 14:04:01 EVENT: ASSIGN_IP

2019-04-16 14:04:01 NIP: preparing TUN network settings

2019-04-16 14:04:01 NIP: init TUN network settings with endpoint: xxx.xxx.xxx.xx

2019-04-16 14:04:01 NIP: adding IPv4 address to network settings 192.168.255.10/255.255.255.252

2019-04-16 14:04:01 NIP: adding (included) IPv4 route 192.168.255.8/30

2019-04-16 14:04:01 NIP: adding (included) IPv4 route 192.168.255.1/32

2019-04-16 14:04:01 NIP: redirecting all IPv4 traffic to TUN interface

2019-04-16 14:04:01 NIP: adding DNS 192.168.10.251

2019-04-16 14:04:01 Connected via NetworkExtensionTUN

2019-04-16 14:04:01 LZO-ASYM init swap=0 asym=1

2019-04-16 14:04:01 Comp-stub init swap=0

2019-04-16 14:04:01 EVENT: CONNECTED xxxxxxx.ddns.net:1194 (xxx.xxx.xxx.xx) via /UDPv4 on NetworkExtensionTUN/192.168.255.10/ gw=[/]
I really don't have a great grasp of OpenVPN or networking so I'm sure there is something I'm missing or doing incorrectly in the IOS client configurations. However having read a bunch of posts online I can't, for the life of me, figure out what it is.

Can anyone help?

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 6186
Joined: Fri Jun 03, 2016 1:17 pm

Re: Help With iOS Clients

Post by TinCanTech » Mon Sep 16, 2019 9:01 pm

This will only work for your iphone & iOS when they are connected to your client LAN, it will not work when those devices are on cellular network.

Texangeek
OpenVpn Newbie
Posts: 2
Joined: Mon Sep 16, 2019 6:55 pm

Re: Help With iOS Clients

Post by Texangeek » Wed Sep 18, 2019 6:15 pm

TinCanTech wrote:
Mon Sep 16, 2019 9:01 pm
This will only work for your iphone & iOS when they are connected to your client LAN, it will not work when those devices are on cellular network.
Yeah, I was intending to add the external IP for my pinhole once I got things up and running. I've read quite a few posts that seem to imply that there is a bug or issue with the latest version of the OpenVPN Connect. Is this what is causing my problem or is there a configuration issue with my setup?

Post Reply