Android connected but no Internet or LAN pages load

[cmderden79]

So I finally managed to get a connection between Android phone and OpenVPN server on Windows...but have run into another roadblock. When I attempt to open a LAN up address (say to log into router or camera) Chrome times out. I read about compression causing this issue, commented those lines out on both serv/client config...no help. Not really sure where to go next. Again, very new to this so apologize for the questions. Attempting to format my questions correctly per the instructions, so hope they are close to correct. Will come back and update server confi/logs when I am near computer.

View Originalclient config

# Config for OpenVPN 2.x
# Enables connection to GUI
management /data/user/0/de.blinkt.openvpn/cache/mgmtsocket unix
management-client
management-query-passwords
management-hold

setenv IV_GUI_VER "de.blinkt.openvpn 0.7.15"
setenv IV_SSO openurl,crtext
setenv IV_PLAT_VER "28 9 arm64-v8a samsung msm8998 SM-G950U"
machine-readable-output
allow-recursive-routing
ifconfig-nowarn
client
verb 4
connect-retry 2 300
resolv-retry 60
dev tun
remote xx.xx.xx.xxx.xxx udp
<ca>
-----BEGIN CERTIFICATE-----
M...
-----END CERTIFICATE-----
</ca>
<key>
-----BEGIN PRIVATE KEY-----
MIIJ...
-----END PRIVATE KEY-----
</key>
<cert>
-----BEGIN CERTIFICATE-----
M...
-----END CERTIFICATE-----
</cert>
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
7...
-----END OpenVPN Static key V1-----
</tls-auth>
#comp-lzo
nobind
remote-cert-tls server
cipher AES-256-CBC
persist-tun
# persist-tun also enables pre resolving to avoid DNS resolve problem
preresolve
# Use system proxy setting
management-query-proxy
# Custom configuration options
# You are on your on own here
# These options found in the config file do not map to config settings:
keepalive 10 120

Client log

Code: Select all

2020-06-23 21:09:26 official build 0.7.15 running on samsung SM-G950U (msm8998), Android 9 (PPR1.180610.011) API 28, ABI arm64-v8a, (samsung/dreamqltesq/dreamqltesq:9/PPR1.180610.011/G950USQS7DTC1:user/release-keys)
2020-06-23 21:09:26 Building configuration…
2020-06-23 21:09:26 started Socket Thread
2020-06-23 21:09:26 Network Status: CONNECTED  to WIFI 
2020-06-23 21:09:26 Debug state info: CONNECTED  to WIFI , pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED 
2020-06-23 21:09:26 Debug state info: CONNECTED  to WIFI , pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED 
2020-06-23 21:09:26 P:WARNING: linker: Warning: "/data/app/de.blinkt.openvpn-FngHtl-kSZgfjtMb5UNwfg==/lib/arm64/libovpnexec.so" is not a directory (ignoring)
2020-06-23 21:09:26 Current Parameter Settings:
2020-06-23 21:09:26   config = '/data/user/0/de.blinkt.openvpn/cache/android.conf'
2020-06-23 21:09:26   mode = 0
2020-06-23 21:09:26   show_ciphers = DISABLED
2020-06-23 21:09:26   show_digests = DISABLED
2020-06-23 21:09:26   show_engines = DISABLED
2020-06-23 21:09:26   genkey = DISABLED
2020-06-23 21:09:26   genkey_filename = '[UNDEF]'
2020-06-23 21:09:26   key_pass_file = '[UNDEF]'
2020-06-23 21:09:26   show_tls_ciphers = DISABLED
2020-06-23 21:09:26   connect_retry_max = 0
2020-06-23 21:09:26 Connection profiles [0]:
2020-06-23 21:09:26   proto = udp
2020-06-23 21:09:26   local = '[UNDEF]'
2020-06-23 21:09:26   local_port = '[UNDEF]'
2020-06-23 21:09:26   remote = '47.38.246.205'
2020-06-23 21:09:26   remote_port = '443'
2020-06-23 21:09:26   remote_float = DISABLED
2020-06-23 21:09:26   bind_defined = DISABLED
2020-06-23 21:09:26   bind_local = DISABLED
2020-06-23 21:09:26   bind_ipv6_only = DISABLED
2020-06-23 21:09:26   connect_retry_seconds = 2
2020-06-23 21:09:26   connect_timeout = 120
2020-06-23 21:09:26   socks_proxy_server = '[UNDEF]'
2020-06-23 21:09:26   socks_proxy_port = '[UNDEF]'
2020-06-23 21:09:26   tun_mtu = 1500
2020-06-23 21:09:26   tun_mtu_defined = ENABLED
2020-06-23 21:09:26   link_mtu = 1500
2020-06-23 21:09:26   link_mtu_defined = DISABLED
2020-06-23 21:09:26   tun_mtu_extra = 0
2020-06-23 21:09:26   tun_mtu_extra_defined = DISABLED
2020-06-23 21:09:26   mtu_discover_type = -1
2020-06-23 21:09:26   fragment = 0
2020-06-23 21:09:26   mssfix = 1450
2020-06-23 21:09:26   explicit_exit_notification = 0
2020-06-23 21:09:26   tls_auth_file = '[[INLINE]]'
2020-06-23 21:09:26   key_direction = 1
2020-06-23 21:09:26   tls_crypt_file = '[UNDEF]'
2020-06-23 21:09:26   tls_crypt_v2_file = '[UNDEF]'
2020-06-23 21:09:26 Connection profiles END
2020-06-23 21:09:26   remote_random = DISABLED
2020-06-23 21:09:26   ipchange = '[UNDEF]'
2020-06-23 21:09:26   dev = 'tun'
2020-06-23 21:09:26   dev_type = '[UNDEF]'
2020-06-23 21:09:26   dev_node = '[UNDEF]'
2020-06-23 21:09:26   lladdr = '[UNDEF]'
2020-06-23 21:09:26   topology = 1
2020-06-23 21:09:26   ifconfig_local = '[UNDEF]'
2020-06-23 21:09:26   ifconfig_remote_netmask = '[UNDEF]'
2020-06-23 21:09:26   ifconfig_noexec = DISABLED
2020-06-23 21:09:26   ifconfig_nowarn = ENABLED
2020-06-23 21:09:26   ifconfig_ipv6_local = '[UNDEF]'
2020-06-23 21:09:26   ifconfig_ipv6_netbits = 0
2020-06-23 21:09:26   ifconfig_ipv6_remote = '[UNDEF]'
2020-06-23 21:09:26   shaper = 0
2020-06-23 21:09:26   mtu_test = 0
2020-06-23 21:09:26   mlock = DISABLED
2020-06-23 21:09:26   keepalive_ping = 10
2020-06-23 21:09:26   keepalive_timeout = 120
2020-06-23 21:09:26   inactivity_timeout = 0
2020-06-23 21:09:26   ping_send_timeout = 10
2020-06-23 21:09:26   ping_rec_timeout = 120
2020-06-23 21:09:26 Waiting 0s seconds between connection attempt
2020-06-23 21:09:26   ping_rec_timeout_action = 2
2020-06-23 21:09:26   ping_timer_remote = DISABLED
2020-06-23 21:09:26   remap_sigusr1 = 0
2020-06-23 21:09:26   persist_tun = ENABLED
2020-06-23 21:09:26   persist_local_ip = DISABLED
2020-06-23 21:09:26   persist_remote_ip = DISABLED
2020-06-23 21:09:26   persist_key = DISABLED
2020-06-23 21:09:26   passtos = DISABLED
2020-06-23 21:09:26   resolve_retry_seconds = 60
2020-06-23 21:09:26   resolve_in_advance = ENABLED
2020-06-23 21:09:26   username = '[UNDEF]'
2020-06-23 21:09:26   groupname = '[UNDEF]'
2020-06-23 21:09:26   chroot_dir = '[UNDEF]'
2020-06-23 21:09:26   cd_dir = '[UNDEF]'
2020-06-23 21:09:26   writepid = '[UNDEF]'
2020-06-23 21:09:26   up_script = '[UNDEF]'
2020-06-23 21:09:26   down_script = '[UNDEF]'
2020-06-23 21:09:26   down_pre = DISABLED
2020-06-23 21:09:26   up_restart = DISABLED
2020-06-23 21:09:26   up_delay = DISABLED
2020-06-23 21:09:26   daemon = DISABLED
2020-06-23 21:09:26   inetd = 0
2020-06-23 21:09:26   log = DISABLED
2020-06-23 21:09:26   suppress_timestamps = DISABLED
2020-06-23 21:09:26   machine_readable_output = ENABLED
2020-06-23 21:09:26   nice = 0
2020-06-23 21:09:26   verbosity = 4
2020-06-23 21:09:26   mute = 0
2020-06-23 21:09:26   gremlin = 0
2020-06-23 21:09:26   status_file = '[UNDEF]'
2020-06-23 21:09:26   status_file_version = 1
2020-06-23 21:09:26   status_file_update_freq = 60
2020-06-23 21:09:26   occ = ENABLED
2020-06-23 21:09:26   rcvbuf = 0
2020-06-23 21:09:26   sndbuf = 0
2020-06-23 21:09:26   sockflags = 0
2020-06-23 21:09:26   fast_io = DISABLED
2020-06-23 21:09:26   comp.alg = 0
2020-06-23 21:09:26   comp.flags = 0
2020-06-23 21:09:26   route_script = '[UNDEF]'
2020-06-23 21:09:26   route_default_gateway = '[UNDEF]'
2020-06-23 21:09:26   route_default_metric = 0
2020-06-23 21:09:26   route_noexec = DISABLED
2020-06-23 21:09:26   route_delay = 0
2020-06-23 21:09:26   route_delay_window = 30
2020-06-23 21:09:26   route_delay_defined = DISABLED
2020-06-23 21:09:26   route_nopull = DISABLED
2020-06-23 21:09:26   route_gateway_via_dhcp = DISABLED
2020-06-23 21:09:26   allow_pull_fqdn = DISABLED
2020-06-23 21:09:26   management_addr = '/data/user/0/de.blinkt.openvpn/cache/mgmtsocket'
2020-06-23 21:09:26   management_port = 'unix'
2020-06-23 21:09:26   management_user_pass = '[UNDEF]'
2020-06-23 21:09:26   management_log_history_cache = 250
2020-06-23 21:09:26   management_echo_buffer_size = 100
2020-06-23 21:09:26   management_write_peer_info_file = '[UNDEF]'
2020-06-23 21:09:26   management_client_user = '[UNDEF]'
2020-06-23 21:09:26   management_client_group = '[UNDEF]'
2020-06-23 21:09:26   management_flags = 16678
2020-06-23 21:09:26   shared_secret_file = '[UNDEF]'
2020-06-23 21:09:26   key_direction = 1
2020-06-23 21:09:26   ciphername = 'AES-256-CBC'
2020-06-23 21:09:26   ncp_enabled = ENABLED
2020-06-23 21:09:26   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
2020-06-23 21:09:26   authname = 'SHA1'
2020-06-23 21:09:26   prng_hash = 'SHA1'
2020-06-23 21:09:26   prng_nonce_secret_len = 16
2020-06-23 21:09:26   keysize = 0
2020-06-23 21:09:26   engine = DISABLED
2020-06-23 21:09:26   replay = ENABLED
2020-06-23 21:09:26   mute_replay_warnings = DISABLED
2020-06-23 21:09:26   replay_window = 64
2020-06-23 21:09:26   replay_time = 15
2020-06-23 21:09:26   packet_id_file = '[UNDEF]'
2020-06-23 21:09:26   test_crypto = DISABLED
2020-06-23 21:09:26   tls_server = DISABLED
2020-06-23 21:09:26   tls_client = ENABLED
2020-06-23 21:09:26   key_method = 2
2020-06-23 21:09:26   ca_file = '[[INLINE]]'
2020-06-23 21:09:26   ca_path = '[UNDEF]'
2020-06-23 21:09:26   dh_file = '[UNDEF]'
2020-06-23 21:09:26   cert_file = '[[INLINE]]'
2020-06-23 21:09:26   extra_certs_file = '[UNDEF]'
2020-06-23 21:09:26   priv_key_file = '[[INLINE]]'
2020-06-23 21:09:26   pkcs12_file = '[UNDEF]'
2020-06-23 21:09:26   cipher_list = '[UNDEF]'
2020-06-23 21:09:26   cipher_list_tls13 = '[UNDEF]'
2020-06-23 21:09:26   tls_cert_profile = '[UNDEF]'
2020-06-23 21:09:26   tls_verify = '[UNDEF]'
2020-06-23 21:09:26   tls_export_cert = '[UNDEF]'
2020-06-23 21:09:26   verify_x509_type = 0
2020-06-23 21:09:26   verify_x509_name = '[UNDEF]'
2020-06-23 21:09:26   crl_file = '[UNDEF]'
2020-06-23 21:09:26   ns_cert_type = 0
2020-06-23 21:09:26   remote_cert_ku[i] = 65535
2020-06-23 21:09:26   remote_cert_ku[i] = 0
2020-06-23 21:09:26   remote_cert_ku[i] = 0
2020-06-23 21:09:26   remote_cert_ku[i] = 0
2020-06-23 21:09:26   remote_cert_ku[i] = 0
2020-06-23 21:09:26   remote_cert_ku[i] = 0
2020-06-23 21:09:26   remote_cert_ku[i] = 0
2020-06-23 21:09:26   remote_cert_ku[i] = 0
2020-06-23 21:09:26   remote_cert_ku[i] = 0
2020-06-23 21:09:26   remote_cert_ku[i] = 0
2020-06-23 21:09:26   remote_cert_ku[i] = 0
2020-06-23 21:09:26   remote_cert_ku[i] = 0
2020-06-23 21:09:26   remote_cert_ku[i] = 0
2020-06-23 21:09:26   remote_cert_ku[i] = 0
2020-06-23 21:09:26   remote_cert_ku[i] = 0
2020-06-23 21:09:26   remote_cert_ku[i] = 0
2020-06-23 21:09:26   remote_cert_eku = 'TLS Web Server Authentication'
2020-06-23 21:09:26   ssl_flags = 0
2020-06-23 21:09:26   tls_timeout = 2
2020-06-23 21:09:26   renegotiate_bytes = -1
2020-06-23 21:09:26   renegotiate_packets = 0
2020-06-23 21:09:26   renegotiate_seconds = 3600
2020-06-23 21:09:26   handshake_window = 60
2020-06-23 21:09:26   transition_window = 3600
2020-06-23 21:09:26   single_session = DISABLED
2020-06-23 21:09:26   push_peer_info = DISABLED
2020-06-23 21:09:26   tls_exit = DISABLED
2020-06-23 21:09:26   tls_crypt_v2_metadata = '[UNDEF]'
2020-06-23 21:09:26   client = ENABLED
2020-06-23 21:09:26   pull = ENABLED
2020-06-23 21:09:26   auth_user_pass_file = '[UNDEF]'
2020-06-23 21:09:26 OpenVPN 2.5-icsopenvpn [git:icsopenvpn/v0.7.14-0-gb3eb7a46] arm64-v8a [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar  5 2020
2020-06-23 21:09:26 library versions: OpenSSL 1.1.1d  10 Sep 2019, LZO 2.10
2020-06-23 21:09:26 MANAGEMENT: Connected to management server at /data/user/0/de.blinkt.openvpn/cache/mgmtsocket
2020-06-23 21:09:26 MANAGEMENT: CMD 'version 3'
2020-06-23 21:09:26 MANAGEMENT: CMD 'hold release'
2020-06-23 21:09:26 MANAGEMENT: CMD 'proxy NONE'
2020-06-23 21:09:26 MANAGEMENT: CMD 'bytecount 2'
2020-06-23 21:09:26 MANAGEMENT: CMD 'state on'
2020-06-23 21:09:27 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2020-06-23 21:09:27 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2020-06-23 21:09:27 Control Channel MTU parms [ L:1621 D:1184 EF:66 EB:0 ET:0 EL:3 ]
2020-06-23 21:09:27 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
2020-06-23 21:09:27 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
2020-06-23 21:09:27 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
2020-06-23 21:09:27 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xx.xx.xxx.xxx
2020-06-23 21:09:27 Socket Buffers: R=[229376->229376] S=[229376->229376]
2020-06-23 21:09:27 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2020-06-23 21:09:27 UDP link local: (not bound)
2020-06-23 21:09:27 UDP link remote: [AF_INET]47.38.246.205:443
2020-06-23 21:09:27 MANAGEMENT: >STATE:1592964567,WAIT,,,,,,
2020-06-23 21:09:27 MANAGEMENT: >STATE:1592964567,AUTH,,,,,,
2020-06-23 21:09:27 TLS: Initial packet from [AF_INET]xx.xx.xxx.xxx:xxx, sid="xxxxxxxxxxx
2020-06-23 21:09:27 VERIFY OK: depth=1, C=US, ST=TX, L=city, O=OpenVPN, OU=changeme, CN=ServerVPN, name=changeme, emailAddress=email@.com
2020-06-23 21:09:27 VERIFY KU OK
2020-06-23 21:09:27 Validating certificate extended key usage
2020-06-23 21:09:27 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2020-06-23 21:09:27 VERIFY EKU OK
2020-06-23 21:09:27 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=OpenVPN, OU=changeme, CN=ServerVPN, name=changeme, emailAddress=mail@host.domain
2020-06-23 21:09:27 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 4096 bit RSA
2020-06-23 21:09:27 [ServerVPN] Peer Connection Initiated with [AF_INET]xx.xx.xxx.xxx:xx
2020-06-23 21:09:28 MANAGEMENT: >STATE:1592964568,GET_CONFIG,,,,,,
2020-06-23 21:09:28 SENT CONTROL [ServerVPN]: 'PUSH_REQUEST' (status=1)
2020-06-23 21:09:28 PUSH: Received control message: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,route 192.168.87.0 255.255.255.0,topology net30,ping 15,ping-restart 60,ifconfig 192.168.87.6 192.168.87.5,peer-id 0,cipher AES-256-GCM'
2020-06-23 21:09:28 OPTIONS IMPORT: timers and/or timeouts modified
2020-06-23 21:09:28 OPTIONS IMPORT: --ifconfig/up options modified
2020-06-23 21:09:28 OPTIONS IMPORT: route options modified
2020-06-23 21:09:28 OPTIONS IMPORT: peer-id set
2020-06-23 21:09:28 OPTIONS IMPORT: adjusting link_mtu to 1624
2020-06-23 21:09:28 OPTIONS IMPORT: data channel crypto options modified
2020-06-23 21:09:28 Data Channel: using negotiated cipher 'AES-256-GCM'
2020-06-23 21:09:28 Data Channel MTU parms [ L:1552 D:1450 EF:52 EB:406 ET:0 EL:3 ]
2020-06-23 21:09:28 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2020-06-23 21:09:28 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2020-06-23 21:09:28 ROUTE_GATEWAY 127.100.103.119 IFACE=android-gw
2020-06-23 21:09:28 do_ifconfig, ipv4=1, ipv6=0
2020-06-23 21:09:28 MANAGEMENT: >STATE:1592964568,ASSIGN_IP,,192.168.87.6,,,,
2020-06-23 21:09:28 MANAGEMENT: CMD 'needok 'IFCONFIG' ok'
2020-06-23 21:09:28 MANAGEMENT: >STATE:1592964568,ADD_ROUTES,,,,,,
2020-06-23 21:09:28 MANAGEMENT: CMD 'needok 'ROUTE' ok'
2020-06-23 21:09:28 MANAGEMENT: CMD 'needok 'ROUTE' ok'
2020-06-23 21:09:28 MANAGEMENT: CMD 'needok 'PERSIST_TUN_ACTION' OPEN_BEFORE_CLOSE'
2020-06-23 21:09:28 Opening tun interface:
2020-06-23 21:09:28 Local IPv4: 192.168.87.6/30 IPv6: (not set) MTU: 1500
2020-06-23 21:09:28 DNS Server: , Domain: null
2020-06-23 21:09:28 Routes: 192.168.0.0/24, 192.168.87.0/24, 192.168.87.4/30 
2020-06-23 21:09:28 Routes excluded: 192.168.1.137/24 2600:6c56:7f08:3046:ac07:d8de:d739:39e7/64, fe80:0:0:0:e317:42ff:1f1d:10b/64
2020-06-23 21:09:28 VpnService routes installed: 192.168.0.0/24, 192.168.87.0/24 
2020-06-23 21:09:28 Disallowed VPN apps: 
2020-06-23 21:09:28 No DNS servers being used. Name resolution may not work. Consider setting custom DNS Servers. Please also note that Android will keep using your proxy settings specified for your mobile/Wi-Fi connection when no DNS servers are set.
2020-06-23 21:09:29 MANAGEMENT: CMD 'needok 'OPENTUN' ok'
2020-06-23 21:09:29 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2020-06-23 21:09:29 Initialization Sequence Completed
2020-06-23 21:09:29 MANAGEMENT: >STATE:1592964569,CONNECTED,SUCCESS,192.168.87.6,xx.xx.xxx.xxx:xx,,
2020-06-23 21:09:29 Debug state info: CONNECTED  to WIFI , pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED 

[cmderden79]

Updated: Server log and config now added. Any assistance would be greatly appreciated. At this point I don't know if it is a router/firewall issue (did not forward the openVPN port correctly?), a config error on client/server, or something that I didn't even know existed which is probably a lot. Thanks in advance for any direction...and if I made mistakes in how to frame this request please feel free to guide me as I am sure it won't be my last.

View Originalserver config

server 192.168.XX.X 255.255.255.0
port XXX
proto udp4
dev tun

client-to-client

cipher AES-256-CBC

#comp-lzo no

keepalive 15 60

ping-timer-rem

ifconfig-pool-persist server/ipp

verb 3

persist-tun
persist-key


# Keys
tls-auth "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ta.key" 0
ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ServerVPN.crt"
key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ServerVPN.key"
dh "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\dh2048.pem"

#route-delay 5
#route-method exe

#push "route 192.168.0.0 255.255.255.0"
#route 192.168.182.0 255.255.255.0

server log

Code: Select all

Tue Jun 23 21:09:28 2020 192.168.1.1:43025 TLS: Initial packet from [AF_INET]192.168.1.1:43025, sid=257c92f8 038b7ff5
Tue Jun 23 21:09:28 2020 192.168.1.1:43025 VERIFY OK: depth=1, C=xx, ST=xx, L=xxx, O=OpenVPN, OU=changeme, CN=ServerVPN, name=changeme, emailAddress=xxx
Tue Jun 23 21:09:28 2020 192.168.1.1:43025 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=OpenVPN, OU=changeme, CN=ClientVPN1, name=changeme, emailAddress=mail@host.domain
Tue Jun 23 21:09:28 2020 192.168.1.1:43025 peer info: IV_VER=2.5_master
Tue Jun 23 21:09:28 2020 192.168.1.1:43025 peer info: IV_PLAT=android
Tue Jun 23 21:09:28 2020 192.168.1.1:43025 peer info: IV_PROTO=2
Tue Jun 23 21:09:28 2020 192.168.1.1:43025 peer info: IV_NCP=2
Tue Jun 23 21:09:28 2020 192.168.1.1:43025 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM
Tue Jun 23 21:09:28 2020 192.168.1.1:43025 peer info: IV_LZ4=1
Tue Jun 23 21:09:28 2020 192.168.1.1:43025 peer info: IV_LZ4v2=1
Tue Jun 23 21:09:28 2020 192.168.1.1:43025 peer info: IV_LZO=1
Tue Jun 23 21:09:28 2020 192.168.1.1:43025 peer info: IV_COMP_STUB=1
Tue Jun 23 21:09:28 2020 192.168.1.1:43025 peer info: IV_COMP_STUBv2=1
Tue Jun 23 21:09:28 2020 192.168.1.1:43025 peer info: IV_TCPNL=1
Tue Jun 23 21:09:28 2020 192.168.1.1:43025 peer info: IV_GUI_VER=de.blinkt.openvpn_0.7.15
Tue Jun 23 21:09:28 2020 192.168.1.1:43025 peer info: IV_SSO=openurl,crtext
Tue Jun 23 21:09:28 2020 192.168.1.1:43025 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 4096 bit RSA
Tue Jun 23 21:09:28 2020 192.168.1.1:43025 [ClientVPN1] Peer Connection Initiated with [AF_INET]192.168.1.1:43025
Tue Jun 23 21:09:28 2020 ClientVPN1/192.168.1.1:43025 MULTI_sva: pool returned IPv4=192.168.87.6, IPv6=(Not enabled)
Tue Jun 23 21:09:28 2020 ClientVPN1/192.168.1.1:43025 MULTI: Learn: 192.168.87.6 -> ClientVPN1/192.168.1.1:43025
Tue Jun 23 21:09:28 2020 ClientVPN1/192.168.1.1:43025 MULTI: primary virtual IP for ClientVPN1/192.168.1.1:43025: 192.168.87.6
Tue Jun 23 21:09:29 2020 ClientVPN1/192.168.1.1:43025 PUSH: Received control message: 'PUSH_REQUEST'
Tue Jun 23 21:09:29 2020 ClientVPN1/192.168.1.1:43025 SENT CONTROL [ClientVPN1]: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,route 192.168.87.0 255.255.255.0,topology net30,ping 15,ping-restart 60,ifconfig 192.168.87.6 192.168.87.5,peer-id 0,cipher AES-256-GCM' (status=1)
Tue Jun 23 21:09:29 2020 ClientVPN1/192.168.1.1:43025 Data Channel: using negotiated cipher 'AES-256-GCM'
Tue Jun 23 21:09:29 2020 ClientVPN1/192.168.1.1:43025 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Jun 23 21:09:29 2020 ClientVPN1/192.168.1.1:43025 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Jun 23 21:31:26 2020 ClientVPN1/192.168.1.1:43025 [ClientVPN1] Inactivity timeout (--ping-restart), restarting
Tue Jun 23 21:31:26 2020 ClientVPN1/192.168.1.1:43025 SIGUSR1[soft,ping-restart] received, client-instance restarting

[TinCanTech]

I finally managed to get a connection between Android phone and OpenVPN server on Windows

You need to setup Windows correctly and that is not easy because Windows is crap.

There are some tutorials here by Bebop:
viewforum.php?f=7

[cmderden79]

I finally managed to get a connection between Android phone and OpenVPN server on Windows

You need to setup Windows correctly and that is not easy because Windows is crap.

There are some tutorials here by Bebop:
viewforum.php?f=7

Thanks. I will look at that tutorial as well but I feel like I have watched every video, read every tutorial etc and while they have helped along the way this time I am stumped. I don't see any errors in the logs that point me to where my problem is, which makes it more difficult to trouble shoot. However I am not well versed in what anything in the logs mean so had hoped someone here may see something I am missing. I hate to change the config too much because it took about 100 iterations for me to even establish a connection. Server side was actually fairly easy, but I struggled with Android.

[TinCanTech]

I don't see any errors in the logs that point me to where my problem is

The problems are not with openvpn they are with your server setup.

but I struggled with Android

Your client config is still a mess, for example:

setenv IV_GUI_VER "de.blinkt.openvpn 0.7.15"
setenv IV_SSO openurl,crtext
setenv IV_PLAT_VER "28 9 arm64-v8a samsung msm8998 SM-G950U"

These values cannot be set in a config file.

[cmderden79]

Yes I had multiple issues with even connecting with a much simpler config. I actually found that OpenVPN for Android would create a config file based on some criteria, so I gave it a go and that is what it created. While I was able to connect (I was having tls-auth issues), the new config file did look ridiculous. Then I had multiple formatting issues with the keys (assume being cut and pasted so many times the x.509 got messed up). Figured that out from the logs. And here I am lol.

When you say server...do mean something in the OpenVPN server itself, or something with regards to the machine i.e. firewall, defender, router issues, etc. Just looking for the place I should start. Reading the link you gave me now.

[TinCanTech]

When you say server...do mean something in the OpenVPN server itself, or something with regards to the machine i.e. firewall, defender, router issues, etc. Just looking for the place I should start

something with regards to the machine i.e. firewall, defender, router issues, etc

Also, you have not even used --redirect-gateway at all
so my guess is that you have not read the OpenVPN howto ..

https://community.openvpn.net/openvpn/wiki/HOWTO

[cmderden79]

No I have read it, it's more the "intended audience" that is the problem. I understand a "bit" about networking, but my knowledge level is not deep and am not 100% familiar with all of the concepts. So in short, I am attempting to learn everything at the same time which has been pretty overwhelming to take in all at once. I appreciate the help/guidance this far, and will continue to absorb as much as I can from this group and the prior help topics provided.

For what it is worth, this all started from wanting to view my cameras over a secure connection. I was told that port forwarding us not only dangerous for my network, but for everyone else's and in short, you are a &nbsp; if you don't use some sort of protection, and OpenVPN was the choice of most. So that lead me down this path. However I am finding it isn't as simple as, hey, I need a VPN...so away we go.

[TinCanTech]

I have the Howto and the Manual open on my desktop practically every day ..