Openvpn connect for android client problem

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
IronUbuntu
OpenVpn Newbie
Posts: 3
Joined: Sat Jun 18, 2022 3:26 pm

Openvpn connect for android client problem

Post by IronUbuntu » Sat Jun 18, 2022 4:51 pm

I had installed openvpn server 2.5 on ubuntu 20.04 server and openvpn connect for android client. The connection server-client establishes without error messages, but internet on my android don't work via vpn. Also I have vpn clients on ubuntu and windows machines and they work properly.
Can anybody help me?

Server configuration:

Code: Select all

mssfix 1460
port 443
proto tcp-server
dev tun
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh none
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
tls-crypt ta.key
data-ciphers AES-256-GCM
auth SHA256
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log-append  /var/log/openvpn/openvpn.log
verb 4
explicit-exit-notify 0
Client configuration:

Code: Select all

client
pull
dev tun
proto tcp-client
remote {ip addr} 443
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-GCM
auth SHA256
key-direction 1
verb 3
mssfix=1460
link-mtu=1500

<ca>
-----BEGIN CERTIFICATE-----
{certificate data}
-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
    Data:
    {Data...}
-----BEGIN CERTIFICATE-----
{certificate data}
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
{Private key data}
-----END PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
{tls-crypt data}
-----END OpenVPN Static key V1-----
</tls-crypt>
Server log:

Code: Select all

2022-06-18 16:40:43 us=140684 WARNING: --topology net30 support for server configs with IPv4 pools will be removed in a future release. Please migrate to --topology subnet as soon as possible.
2022-06-18 16:40:43 us=140811 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2022-06-18 16:40:43 us=141042 Current Parameter Settings:
2022-06-18 16:40:43 us=141055   config = 'server.conf'
2022-06-18 16:40:43 us=141060   mode = 1
2022-06-18 16:40:43 us=141065   persist_config = DISABLED
2022-06-18 16:40:43 us=141069   persist_mode = 1
2022-06-18 16:40:43 us=141074   show_ciphers = DISABLED
2022-06-18 16:40:43 us=141078   show_digests = DISABLED
2022-06-18 16:40:43 us=141082   show_engines = DISABLED
2022-06-18 16:40:43 us=141087   genkey = DISABLED
2022-06-18 16:40:43 us=141091   genkey_filename = '[UNDEF]'
2022-06-18 16:40:43 us=141095   key_pass_file = '[UNDEF]'
2022-06-18 16:40:43 us=141100   show_tls_ciphers = DISABLED
2022-06-18 16:40:43 us=141104   connect_retry_max = 0
2022-06-18 16:40:43 us=141109 Connection profiles [0]:
2022-06-18 16:40:43 us=141114   proto = tcp-server
2022-06-18 16:40:43 us=141118   local = '[UNDEF]'
2022-06-18 16:40:43 us=141126   local_port = '443'
2022-06-18 16:40:43 us=141131   remote = '[UNDEF]'
2022-06-18 16:40:43 us=141135   remote_port = '443'
2022-06-18 16:40:43 us=141139   remote_float = DISABLED
2022-06-18 16:40:43 us=141143   bind_defined = DISABLED
2022-06-18 16:40:43 us=141148   bind_local = ENABLED
2022-06-18 16:40:43 us=141152   bind_ipv6_only = DISABLED
2022-06-18 16:40:43 us=141156   connect_retry_seconds = 5
2022-06-18 16:40:43 us=141161   connect_timeout = 120
2022-06-18 16:40:43 us=141165   socks_proxy_server = '[UNDEF]'
2022-06-18 16:40:43 us=141170   socks_proxy_port = '[UNDEF]'
2022-06-18 16:40:43 us=141174   tun_mtu = 1500
2022-06-18 16:40:43 us=141178   tun_mtu_defined = ENABLED
2022-06-18 16:40:43 us=141183   link_mtu = 1500
2022-06-18 16:40:43 us=141187   link_mtu_defined = DISABLED
2022-06-18 16:40:43 us=141191   tun_mtu_extra = 0
2022-06-18 16:40:43 us=141196   tun_mtu_extra_defined = DISABLED
2022-06-18 16:40:43 us=141200   mtu_discover_type = -1
2022-06-18 16:40:43 us=141204   fragment = 0
2022-06-18 16:40:43 us=141209   mssfix = 1460
2022-06-18 16:40:43 us=141213   explicit_exit_notification = 0
2022-06-18 16:40:43 us=141218   tls_auth_file = '[UNDEF]'
2022-06-18 16:40:43 us=141222   key_direction = not set
2022-06-18 16:40:43 us=141229   tls_crypt_file = '[INLINE]'
2022-06-18 16:40:43 us=141239   tls_crypt_v2_file = '[UNDEF]'
2022-06-18 16:40:43 us=141253 Connection profiles END
2022-06-18 16:40:43 us=141264   remote_random = DISABLED
2022-06-18 16:40:43 us=141270   ipchange = '[UNDEF]'
2022-06-18 16:40:43 us=141277   dev = 'tun'
2022-06-18 16:40:43 us=141284   dev_type = '[UNDEF]'
2022-06-18 16:40:43 us=141291   dev_node = '[UNDEF]'
2022-06-18 16:40:43 us=141299   lladdr = '[UNDEF]'
2022-06-18 16:40:43 us=141306   topology = 1
2022-06-18 16:40:43 us=141313   ifconfig_local = '10.8.0.1'
2022-06-18 16:40:43 us=141319   ifconfig_remote_netmask = '10.8.0.2'
2022-06-18 16:40:43 us=141325   ifconfig_noexec = DISABLED
2022-06-18 16:40:43 us=141332   ifconfig_nowarn = DISABLED
2022-06-18 16:40:43 us=141338   ifconfig_ipv6_local = '[UNDEF]'
2022-06-18 16:40:43 us=141344   ifconfig_ipv6_netbits = 0
2022-06-18 16:40:43 us=141351   ifconfig_ipv6_remote = '[UNDEF]'
2022-06-18 16:40:43 us=141359   shaper = 0
2022-06-18 16:40:43 us=141365   mtu_test = 0
2022-06-18 16:40:43 us=141369   mlock = DISABLED
2022-06-18 16:40:43 us=141374   keepalive_ping = 10
2022-06-18 16:40:43 us=141378   keepalive_timeout = 120
2022-06-18 16:40:43 us=141383   inactivity_timeout = 0
2022-06-18 16:40:43 us=141400   inactivity_minimum_bytes = 0
2022-06-18 16:40:43 us=141408   ping_send_timeout = 10
2022-06-18 16:40:43 us=141415   ping_rec_timeout = 240
2022-06-18 16:40:43 us=141422   ping_rec_timeout_action = 2
2022-06-18 16:40:43 us=141539   ping_timer_remote = DISABLED
2022-06-18 16:40:43 us=141548   remap_sigusr1 = 0
2022-06-18 16:40:43 us=141552   persist_tun = ENABLED
2022-06-18 16:40:43 us=141557   persist_local_ip = DISABLED
2022-06-18 16:40:43 us=141561   persist_remote_ip = DISABLED
2022-06-18 16:40:43 us=141566   persist_key = ENABLED
2022-06-18 16:40:43 us=141570   passtos = DISABLED
2022-06-18 16:40:43 us=141575   resolve_retry_seconds = 1000000000
2022-06-18 16:40:43 us=141580   resolve_in_advance = DISABLED
2022-06-18 16:40:43 us=141584   username = 'nobody'
2022-06-18 16:40:43 us=141588   groupname = 'nogroup'
2022-06-18 16:40:43 us=141593   chroot_dir = '[UNDEF]'
2022-06-18 16:40:43 us=141597   cd_dir = '[UNDEF]'
2022-06-18 16:40:43 us=141601   writepid = '[UNDEF]'
2022-06-18 16:40:43 us=141606   up_script = '[UNDEF]'
2022-06-18 16:40:43 us=141610   down_script = '[UNDEF]'
2022-06-18 16:40:43 us=141615   down_pre = DISABLED
2022-06-18 16:40:43 us=141619   up_restart = DISABLED
2022-06-18 16:40:43 us=141623   up_delay = DISABLED
2022-06-18 16:40:43 us=141628   daemon = DISABLED
2022-06-18 16:40:43 us=141641   inetd = 0
2022-06-18 16:40:43 us=141653   log = ENABLED
2022-06-18 16:40:43 us=141661   suppress_timestamps = DISABLED
2022-06-18 16:40:43 us=141668   machine_readable_output = DISABLED
2022-06-18 16:40:43 us=141675   nice = 0
2022-06-18 16:40:43 us=141683   verbosity = 4
2022-06-18 16:40:43 us=141689   mute = 0
2022-06-18 16:40:43 us=141693   gremlin = 0
2022-06-18 16:40:43 us=141698   status_file = '/var/log/openvpn/openvpn-status.log'
2022-06-18 16:40:43 us=141702   status_file_version = 2
2022-06-18 16:40:43 us=141707   status_file_update_freq = 60
2022-06-18 16:40:43 us=141711   occ = ENABLED
2022-06-18 16:40:43 us=141717   rcvbuf = 0
2022-06-18 16:40:43 us=141721   sndbuf = 0
2022-06-18 16:40:43 us=141726   mark = 0
2022-06-18 16:40:43 us=141730   sockflags = 0
2022-06-18 16:40:43 us=141735   fast_io = DISABLED
2022-06-18 16:40:43 us=141739   comp.alg = 0
2022-06-18 16:40:43 us=141744   comp.flags = 0
2022-06-18 16:40:43 us=141748   route_script = '[UNDEF]'
2022-06-18 16:40:43 us=141753   route_default_gateway = '[UNDEF]'
2022-06-18 16:40:43 us=141757   route_default_metric = 0
2022-06-18 16:40:43 us=141762   route_noexec = DISABLED
2022-06-18 16:40:43 us=141766   route_delay = 0
2022-06-18 16:40:43 us=141771   route_delay_window = 30
2022-06-18 16:40:43 us=141776   route_delay_defined = DISABLED
2022-06-18 16:40:43 us=141780   route_nopull = DISABLED
2022-06-18 16:40:43 us=141784   route_gateway_via_dhcp = DISABLED
2022-06-18 16:40:43 us=141789   allow_pull_fqdn = DISABLED
2022-06-18 16:40:43 us=141794   route 10.8.0.0/255.255.255.0/default (not set)/default (not set)
2022-06-18 16:40:43 us=141799   management_addr = '[UNDEF]'
2022-06-18 16:40:43 us=141804   management_port = '[UNDEF]'
2022-06-18 16:40:43 us=141808   management_user_pass = '[UNDEF]'
2022-06-18 16:40:43 us=141813   management_log_history_cache = 250
2022-06-18 16:40:43 us=141818   management_echo_buffer_size = 100
2022-06-18 16:40:43 us=141822   management_write_peer_info_file = '[UNDEF]'
2022-06-18 16:40:43 us=141827   management_client_user = '[UNDEF]'
2022-06-18 16:40:43 us=141831   management_client_group = '[UNDEF]'
2022-06-18 16:40:43 us=141836   management_flags = 0
2022-06-18 16:40:43 us=141840   shared_secret_file = '[UNDEF]'
2022-06-18 16:40:43 us=141845   key_direction = not set
2022-06-18 16:40:43 us=141850   ciphername = 'BF-CBC'
2022-06-18 16:40:43 us=141855   ncp_enabled = ENABLED
2022-06-18 16:40:43 us=141859   ncp_ciphers = 'AES-256-GCM'
2022-06-18 16:40:43 us=141864   authname = 'SHA256'
2022-06-18 16:40:43 us=141869   prng_hash = 'SHA1'
2022-06-18 16:40:43 us=141873   prng_nonce_secret_len = 16
2022-06-18 16:40:43 us=141879   keysize = 0
2022-06-18 16:40:43 us=141887   engine = DISABLED
2022-06-18 16:40:43 us=141895   replay = ENABLED
2022-06-18 16:40:43 us=141900   mute_replay_warnings = DISABLED
2022-06-18 16:40:43 us=141905   replay_window = 64
2022-06-18 16:40:43 us=141909   replay_time = 15
2022-06-18 16:40:43 us=141914   packet_id_file = '[UNDEF]'
2022-06-18 16:40:43 us=141924   test_crypto = DISABLED
2022-06-18 16:40:43 us=141932   tls_server = ENABLED
2022-06-18 16:40:43 us=141939   tls_client = DISABLED
2022-06-18 16:40:43 us=141945   ca_file = 'ca.crt'
2022-06-18 16:40:43 us=141952   ca_path = '[UNDEF]'
2022-06-18 16:40:43 us=141958   dh_file = '[UNDEF]'
2022-06-18 16:40:43 us=141966   cert_file = 'server.crt'
2022-06-18 16:40:43 us=141972   extra_certs_file = '[UNDEF]'
2022-06-18 16:40:43 us=141979   priv_key_file = 'server.key'
2022-06-18 16:40:43 us=141985   pkcs12_file = '[UNDEF]'
2022-06-18 16:40:43 us=141993   cipher_list = '[UNDEF]'
2022-06-18 16:40:43 us=142000   cipher_list_tls13 = '[UNDEF]'
2022-06-18 16:40:43 us=142008   tls_cert_profile = '[UNDEF]'
2022-06-18 16:40:43 us=142012   tls_verify = '[UNDEF]'
2022-06-18 16:40:43 us=142017   tls_export_cert = '[UNDEF]'
2022-06-18 16:40:43 us=142021   verify_x509_type = 0
2022-06-18 16:40:43 us=142026   verify_x509_name = '[UNDEF]'
2022-06-18 16:40:43 us=142030   crl_file = '[UNDEF]'
2022-06-18 16:40:43 us=142035   ns_cert_type = 0
2022-06-18 16:40:43 us=142039   remote_cert_ku[i] = 0
2022-06-18 16:40:43 us=142044   remote_cert_ku[i] = 0
2022-06-18 16:40:43 us=142057   remote_cert_ku[i] = 0
2022-06-18 16:40:43 us=142070   remote_cert_ku[i] = 0
2022-06-18 16:40:43 us=142078   remote_cert_ku[i] = 0
2022-06-18 16:40:43 us=142084   remote_cert_ku[i] = 0
2022-06-18 16:40:43 us=142092   remote_cert_ku[i] = 0
2022-06-18 16:40:43 us=142098   remote_cert_ku[i] = 0
2022-06-18 16:40:43 us=142103   remote_cert_ku[i] = 0
2022-06-18 16:40:43 us=142107   remote_cert_ku[i] = 0
2022-06-18 16:40:43 us=142112   remote_cert_ku[i] = 0
2022-06-18 16:40:43 us=142116   remote_cert_ku[i] = 0
2022-06-18 16:40:43 us=142121   remote_cert_ku[i] = 0
2022-06-18 16:40:43 us=142125   remote_cert_ku[i] = 0
2022-06-18 16:40:43 us=142129   remote_cert_ku[i] = 0
2022-06-18 16:40:43 us=142134   remote_cert_ku[i] = 0
2022-06-18 16:40:43 us=142138   remote_cert_eku = '[UNDEF]'
2022-06-18 16:40:43 us=142143   ssl_flags = 0
2022-06-18 16:40:43 us=142147   tls_timeout = 2
2022-06-18 16:40:43 us=142152   renegotiate_bytes = -1
2022-06-18 16:40:43 us=142157   renegotiate_packets = 0
2022-06-18 16:40:43 us=142161   renegotiate_seconds = 3600
2022-06-18 16:40:43 us=142166   handshake_window = 60
2022-06-18 16:40:43 us=142170   transition_window = 3600
2022-06-18 16:40:43 us=142211   single_session = DISABLED
2022-06-18 16:40:43 us=142217   push_peer_info = DISABLED
2022-06-18 16:40:43 us=142222   tls_exit = DISABLED
2022-06-18 16:40:43 us=142226   tls_crypt_v2_metadata = '[UNDEF]'
2022-06-18 16:40:43 us=142231   pkcs11_protected_authentication = DISABLED
2022-06-18 16:40:43 us=142236   pkcs11_protected_authentication = DISABLED
2022-06-18 16:40:43 us=142244   pkcs11_protected_authentication = DISABLED
2022-06-18 16:40:43 us=142249   pkcs11_protected_authentication = DISABLED
2022-06-18 16:40:43 us=142254   pkcs11_protected_authentication = DISABLED
2022-06-18 16:40:43 us=142258   pkcs11_protected_authentication = DISABLED
2022-06-18 16:40:43 us=142262   pkcs11_protected_authentication = DISABLED
2022-06-18 16:40:43 us=142267   pkcs11_protected_authentication = DISABLED
2022-06-18 16:40:43 us=142271   pkcs11_protected_authentication = DISABLED
2022-06-18 16:40:43 us=142276   pkcs11_protected_authentication = DISABLED
2022-06-18 16:40:43 us=142280   pkcs11_protected_authentication = DISABLED
2022-06-18 16:40:43 us=142285   pkcs11_protected_authentication = DISABLED
2022-06-18 16:40:43 us=142289   pkcs11_protected_authentication = DISABLED
2022-06-18 16:40:43 us=142294   pkcs11_protected_authentication = DISABLED
2022-06-18 16:40:43 us=142298   pkcs11_protected_authentication = DISABLED
2022-06-18 16:40:43 us=142303   pkcs11_protected_authentication = DISABLED
2022-06-18 16:40:43 us=142307   pkcs11_private_mode = 00000000
2022-06-18 16:40:43 us=142312   pkcs11_private_mode = 00000000
2022-06-18 16:40:43 us=142316   pkcs11_private_mode = 00000000
2022-06-18 16:40:43 us=142321   pkcs11_private_mode = 00000000
2022-06-18 16:40:43 us=142325   pkcs11_private_mode = 00000000
2022-06-18 16:40:43 us=142334   pkcs11_private_mode = 00000000
2022-06-18 16:40:43 us=142340   pkcs11_private_mode = 00000000
2022-06-18 16:40:43 us=142347   pkcs11_private_mode = 00000000
2022-06-18 16:40:43 us=142355   pkcs11_private_mode = 00000000
2022-06-18 16:40:43 us=142362   pkcs11_private_mode = 00000000
2022-06-18 16:40:43 us=142367   pkcs11_private_mode = 00000000
2022-06-18 16:40:43 us=142372   pkcs11_private_mode = 00000000
2022-06-18 16:40:43 us=142376   pkcs11_private_mode = 00000000
2022-06-18 16:40:43 us=142381   pkcs11_private_mode = 00000000
2022-06-18 16:40:43 us=142385   pkcs11_private_mode = 00000000
2022-06-18 16:40:43 us=142389   pkcs11_private_mode = 00000000
2022-06-18 16:40:43 us=142394   pkcs11_cert_private = DISABLED
2022-06-18 16:40:43 us=142398   pkcs11_cert_private = DISABLED
2022-06-18 16:40:43 us=142402   pkcs11_cert_private = DISABLED
2022-06-18 16:40:43 us=142407   pkcs11_cert_private = DISABLED
2022-06-18 16:40:43 us=142411   pkcs11_cert_private = DISABLED
2022-06-18 16:40:43 us=142415   pkcs11_cert_private = DISABLED
2022-06-18 16:40:43 us=142420   pkcs11_cert_private = DISABLED
2022-06-18 16:40:43 us=142424   pkcs11_cert_private = DISABLED
2022-06-18 16:40:43 us=142428   pkcs11_cert_private = DISABLED
2022-06-18 16:40:43 us=142433   pkcs11_cert_private = DISABLED
2022-06-18 16:40:43 us=142437   pkcs11_cert_private = DISABLED
2022-06-18 16:40:43 us=142441   pkcs11_cert_private = DISABLED
2022-06-18 16:40:43 us=142446   pkcs11_cert_private = DISABLED
2022-06-18 16:40:43 us=142450   pkcs11_cert_private = DISABLED
2022-06-18 16:40:43 us=142454   pkcs11_cert_private = DISABLED
2022-06-18 16:40:43 us=142458   pkcs11_cert_private = DISABLED
2022-06-18 16:40:43 us=142463   pkcs11_pin_cache_period = -1
2022-06-18 16:40:43 us=142468   pkcs11_id = '[UNDEF]'
2022-06-18 16:40:43 us=142472   pkcs11_id_management = DISABLED
2022-06-18 16:40:43 us=142478   server_network = 10.8.0.0
2022-06-18 16:40:43 us=142484   server_netmask = 255.255.255.0
2022-06-18 16:40:43 us=142495   server_network_ipv6 = ::
2022-06-18 16:40:43 us=142503   server_netbits_ipv6 = 0
2022-06-18 16:40:43 us=142511   server_bridge_ip = 0.0.0.0
2022-06-18 16:40:43 us=142520   server_bridge_netmask = 0.0.0.0
2022-06-18 16:40:43 us=142527   server_bridge_pool_start = 0.0.0.0
2022-06-18 16:40:43 us=142534   server_bridge_pool_end = 0.0.0.0
2022-06-18 16:40:43 us=142541   push_entry = 'dhcp-option DNS 208.67.222.222'
2022-06-18 16:40:43 us=142548   push_entry = 'dhcp-option DNS 208.67.220.220'
2022-06-18 16:40:43 us=142556   push_entry = 'route 10.8.0.1'
2022-06-18 16:40:43 us=142563   push_entry = 'topology net30'
2022-06-18 16:40:43 us=142571   push_entry = 'ping 10'
2022-06-18 16:40:43 us=142578   push_entry = 'ping-restart 120'
2022-06-18 16:40:43 us=142584   ifconfig_pool_defined = ENABLED
2022-06-18 16:40:43 us=142589   ifconfig_pool_start = 10.8.0.4
2022-06-18 16:40:43 us=142594   ifconfig_pool_end = 10.8.0.251
2022-06-18 16:40:43 us=142599   ifconfig_pool_netmask = 0.0.0.0
2022-06-18 16:40:43 us=142604   ifconfig_pool_persist_filename = '/var/log/openvpn/ipp.txt'
2022-06-18 16:40:43 us=142609   ifconfig_pool_persist_refresh_freq = 600
2022-06-18 16:40:43 us=142613   ifconfig_ipv6_pool_defined = DISABLED
2022-06-18 16:40:43 us=142618   ifconfig_ipv6_pool_base = ::
2022-06-18 16:40:43 us=142623   ifconfig_ipv6_pool_netbits = 0
2022-06-18 16:40:43 us=142628   n_bcast_buf = 256
2022-06-18 16:40:43 us=142632   tcp_queue_limit = 64
2022-06-18 16:40:43 us=142637   real_hash_size = 256
2022-06-18 16:40:43 us=142641   virtual_hash_size = 256
2022-06-18 16:40:43 us=142646   client_connect_script = '[UNDEF]'
2022-06-18 16:40:43 us=142650   learn_address_script = '[UNDEF]'
2022-06-18 16:40:43 us=142655   client_disconnect_script = '[UNDEF]'
2022-06-18 16:40:43 us=142659   client_config_dir = '[UNDEF]'
2022-06-18 16:40:43 us=142664   ccd_exclusive = DISABLED
2022-06-18 16:40:43 us=142668   tmp_dir = '/tmp'
2022-06-18 16:40:43 us=142673   push_ifconfig_defined = DISABLED
2022-06-18 16:40:43 us=142678   push_ifconfig_local = 0.0.0.0
2022-06-18 16:40:43 us=142687   push_ifconfig_remote_netmask = 0.0.0.0
2022-06-18 16:40:43 us=142692   push_ifconfig_ipv6_defined = DISABLED
2022-06-18 16:40:43 us=142697   push_ifconfig_ipv6_local = ::/0
2022-06-18 16:40:43 us=142702   push_ifconfig_ipv6_remote = ::
2022-06-18 16:40:43 us=142706   enable_c2c = DISABLED
2022-06-18 16:40:43 us=142711   duplicate_cn = DISABLED
2022-06-18 16:40:43 us=142715   cf_max = 0
2022-06-18 16:40:43 us=142720   cf_per = 0
2022-06-18 16:40:43 us=142725   max_clients = 1024
2022-06-18 16:40:43 us=142729   max_routes_per_client = 256
2022-06-18 16:40:43 us=142734   auth_user_pass_verify_script = '[UNDEF]'
2022-06-18 16:40:43 us=142738   auth_user_pass_verify_script_via_file = DISABLED
2022-06-18 16:40:43 us=142743   auth_token_generate = DISABLED
2022-06-18 16:40:43 us=142747   auth_token_lifetime = 0
2022-06-18 16:40:43 us=142752   auth_token_secret_file = '[UNDEF]'
2022-06-18 16:40:43 us=142756   port_share_host = '[UNDEF]'
2022-06-18 16:40:43 us=142761   port_share_port = '[UNDEF]'
2022-06-18 16:40:43 us=142765   vlan_tagging = DISABLED
2022-06-18 16:40:43 us=142770   vlan_accept = all
2022-06-18 16:40:43 us=142774   vlan_pvid = 1
2022-06-18 16:40:43 us=142779   client = DISABLED
2022-06-18 16:40:43 us=142784   pull = DISABLED
2022-06-18 16:40:43 us=142788   auth_user_pass_file = '[UNDEF]'
2022-06-18 16:40:43 us=142794 OpenVPN 2.5.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 24 2022
2022-06-18 16:40:43 us=142835 library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
2022-06-18 16:40:43 us=144346 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-06-18 16:40:43 us=144372 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-06-18 16:40:43 us=144378 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-06-18 16:40:43 us=144386 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-06-18 16:40:43 us=144397 TLS-Auth MTU parms [ L:1623 D:1154 EF:96 EB:0 ET:0 EL:3 ]
2022-06-18 16:40:43 us=144656 ROUTE_GATEWAY 164.92.160.1/255.255.240.0 IFACE=eth0 HWADDR=c2:82:c8:f6:b3:e6
2022-06-18 16:40:43 us=146194 TUN/TAP device tun0 opened
2022-06-18 16:40:43 us=146231 do_ifconfig, ipv4=1, ipv6=0
2022-06-18 16:40:43 us=146248 /sbin/ip link set dev tun0 up mtu 1500
2022-06-18 16:40:43 us=151957 /sbin/ip link set dev tun0 up
2022-06-18 16:40:43 us=154140 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
2022-06-18 16:40:43 us=158734 /sbin/ip route add 10.8.0.0/24 via 10.8.0.2
2022-06-18 16:40:43 us=160963 Data Channel MTU parms [ L:1623 D:1460 EF:123 EB:406 ET:0 EL:3 ]
2022-06-18 16:40:43 us=161374 Could not determine IPv4/IPv6 protocol. Using AF_INET
2022-06-18 16:40:43 us=161502 Socket Buffers: R=[131072->131072] S=[16384->16384]
2022-06-18 16:40:43 us=161527 Listening for incoming TCP connection on [AF_INET][undef]:443
2022-06-18 16:40:43 us=161543 TCPv4_SERVER link local (bound): [AF_INET][undef]:443
2022-06-18 16:40:43 us=161551 TCPv4_SERVER link remote: [AF_UNSPEC]
2022-06-18 16:40:43 us=161566 GID set to nogroup
2022-06-18 16:40:43 us=161624 UID set to nobody
2022-06-18 16:40:43 us=161642 MULTI: multi_init called, r=256 v=256
2022-06-18 16:40:43 us=161678 IFCONFIG POOL IPv4: base=10.8.0.4 size=62
2022-06-18 16:40:43 us=161720 ifconfig_pool_read(), in='client1,10.8.0.4,'
2022-06-18 16:40:43 us=161731 succeeded -> ifconfig_pool_set(hand=0)
2022-06-18 16:40:43 us=161739 ifconfig_pool_read(), in='client2,10.8.0.8,'
2022-06-18 16:40:43 us=161746 succeeded -> ifconfig_pool_set(hand=1)
2022-06-18 16:40:43 us=161753 ifconfig_pool_read(), in='client_andr,10.8.0.12,'
2022-06-18 16:40:43 us=161767 succeeded -> ifconfig_pool_set(hand=2)
2022-06-18 16:40:43 us=161775 IFCONFIG POOL LIST
2022-06-18 16:40:43 us=161784 client1,10.8.0.4,
2022-06-18 16:40:43 us=161792 client2,10.8.0.8,
2022-06-18 16:40:43 us=161799 client_andr,10.8.0.12,
2022-06-18 16:40:43 us=161857 MULTI: TCP INIT maxclients=1024 maxevents=1028
2022-06-18 16:40:43 us=161960 Initialization Sequence Completed
2022-06-18 16:41:01 us=891843 MULTI: multi_create_instance called
2022-06-18 16:41:01 us=891975 Re-using SSL/TLS context
2022-06-18 16:41:01 us=892073 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-06-18 16:41:01 us=892094 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-06-18 16:41:01 us=892109 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-06-18 16:41:01 us=892121 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-06-18 16:41:01 us=892248 Control Channel MTU parms [ L:1623 D:1154 EF:96 EB:0 ET:0 EL:3 ]
2022-06-18 16:41:01 us=892279 Data Channel MTU parms [ L:1623 D:1460 EF:123 EB:406 ET:0 EL:3 ]
2022-06-18 16:41:01 us=892315 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1555,tun-mtu 1500,proto TCPv4_SERVER,auth SHA256,keysize 128,key-method 2,tls-server'
2022-06-18 16:41:01 us=892324 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1555,tun-mtu 1500,proto TCPv4_CLIENT,auth SHA256,keysize 128,key-method 2,tls-client'
2022-06-18 16:41:01 us=892370 TCP connection established with [AF_INET]{client ip}:34188
2022-06-18 16:41:01 us=892386 TCPv4_SERVER link local: (not bound)
2022-06-18 16:41:01 us=892396 TCPv4_SERVER link remote: [AF_INET]{client ip}:34188
2022-06-18 16:41:01 us=893253 {client ip}:34188 TLS: Initial packet from [AF_INET]{client ip}:34188, sid=7f89319e aff33aae
2022-06-18 16:41:02 us=233946 {client ip}:34188 VERIFY OK: depth=1, CN=Easy-RSA CA
2022-06-18 16:41:02 us=235799 {client ip}:34188 VERIFY OK: depth=0, CN=client_andr
2022-06-18 16:41:02 us=237581 {client ip}:34188 peer info: IV_VER=3.git::d3f8b18b:Release
2022-06-18 16:41:02 us=237627 {client ip}:34188 peer info: IV_PLAT=android
2022-06-18 16:41:02 us=237637 {client ip}:34188 peer info: IV_NCP=2
2022-06-18 16:41:02 us=237645 {client ip}:34188 peer info: IV_TCPNL=1
2022-06-18 16:41:02 us=237652 {client ip}:34188 peer info: IV_PROTO=30
2022-06-18 16:41:02 us=237660 {client ip}:34188 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
2022-06-18 16:41:02 us=237668 {client ip}:34188 peer info: IV_IPv6=0
2022-06-18 16:41:02 us=237676 {client ip}:34188 peer info: IV_AUTO_SESS=1
2022-06-18 16:41:02 us=237684 {client ip}:34188 peer info: IV_GUI_VER=net.openvpn.connect.android_3.2.7-7957
2022-06-18 16:41:02 us=237693 {client ip}:34188 peer info: IV_SSO=webauth,openurl
2022-06-18 16:41:02 us=237712 {client ip}:34188 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1555', remote='link-mtu 1523'
2022-06-18 16:41:02 us=237729 {client ip}:34188 WARNING: 'auth' is used inconsistently, local='auth SHA256', remote='auth [null-digest]'
2022-06-18 16:41:02 us=237743 {client ip}:34188 WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256'
2022-06-18 16:41:02 us=404979 {client ip}:34188 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 384 bit EC, curve secp384r1, signature: ecdsa-with-SHA512
2022-06-18 16:41:02 us=405055 {client ip}:34188 [client_andr] Peer Connection Initiated with [AF_INET]{client ip}:34188
2022-06-18 16:41:02 us=405083 client_andr/{client ip}:34188 MULTI_sva: pool returned IPv4=10.8.0.14, IPv6=(Not enabled)
2022-06-18 16:41:02 us=405116 client_andr/{client ip}:34188 MULTI: Learn: 10.8.0.14 -> client_andr/{client ip}:34188
2022-06-18 16:41:02 us=405124 client_andr/{client ip}:34188 MULTI: primary virtual IP for client_andr/{client ip}:34188: 10.8.0.14
2022-06-18 16:41:02 us=405147 client_andr/{client ip}:34188 Data Channel: using negotiated cipher 'AES-256-GCM'
2022-06-18 16:41:02 us=405166 client_andr/{client ip}:34188 Data Channel MTU parms [ L:1551 D:1460 EF:51 EB:406 ET:0 EL:3 ]
2022-06-18 16:41:02 us=405237 client_andr/{client ip}:34188 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-06-18 16:41:02 us=405267 client_andr/{client ip}:34188 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-06-18 16:41:02 us=405301 client_andr/{client ip}:34188 SENT CONTROL [client_andr]: 'PUSH_REPLY,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.14 10.8.0.13,peer-id 0,cipher AES-256-GCM' (status=1)
2022-06-18 16:41:02 us=405500 client_andr/{client ip}:34188 PUSH: Received control message: 'PUSH_REQUEST'
2022-06-18 16:42:17 us=704218 client_andr/{client ip}:34188 Connection reset, restarting [0]
2022-06-18 16:42:17 us=704295 client_andr/{client ip}:34188 SIGUSR1[soft,connection-reset] received, client-instance restarting
2022-06-18 16:42:17 us=704462 TCP/UDP: Closing socket

Client log

Code: Select all

19:41:01.010 -- ----- OpenVPN Start -----
19:41:01.011 -- EVENT: CORE_THREAD_ACTIVE
19:41:01.016 -- OpenVPN core 3.git::d3f8b18b:Release android arm64 64-bit PT_PROXY
19:41:01.018 -- Frame=512/2048/512 mssfix-ctrl=1250
19:41:01.019 -- UNUSED OPTIONS
1 [pull]
5 [resolv-retry] [infinite]
6 [nobind]
7 [persist-key]
8 [persist-tun]
13 [verb] [3]
14 [mssfix=1460]
15 [link-mtu=1500]
19:41:01.024 -- EVENT: RESOLVE
19:41:01.028 -- Contacting {server ip}:443 via TCPv4
19:41:01.030 -- EVENT: WAIT
19:41:01.190 -- Connecting to [{server ip}]:443 ({server ip}) via TCPv4
19:41:01.294 -- EVENT: CONNECTING
19:41:01.298 -- Tunnel Options:V4,dev-type tun,link-mtu 1523,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-client
19:41:01.300 -- Creds: UsernameEmpty/PasswordEmpty
19:41:01.302 -- Peer Info:
IV_VER=3.git::d3f8b18b:Release
IV_PLAT=android
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
IV_IPv6=0
IV_AUTO_SESS=1
IV_GUI_VER=net.openvpn.connect.android_3.2.7-7957
IV_SSO=webauth,openurl

19:41:01.497 -- VERIFY OK: depth=1, /CN=Easy-RSA CA, signature: ecdsa-with-SHA512
19:41:01.506 -- VERIFY OK: depth=0, /CN=iron, signature: ecdsa-with-SHA512
19:41:01.703 -- SSL Handshake: peer certificate: CN=iron, 384 bit EC, curve:secp384r1, cipher: TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD

19:41:01.705 -- Session is ACTIVE
19:41:01.709 -- EVENT: GET_CONFIG
19:41:01.718 -- Sending PUSH_REQUEST to server...

19:41:01.749 -- OPTIONS:
0 [dhcp-option] [DNS] [208.67.222.222]
1 [dhcp-option] [DNS] [208.67.220.220]
2 [route] [10.8.0.1]
3 [topology] [net30]
4 [ping] [10]
5 [ping-restart] [120]
6 [ifconfig] [10.8.0.14] [10.8.0.13]
7 [peer-id] [0]
8 [cipher] [AES-256-GCM]
9 [block-ipv6]


19:41:01.752 -- PROTOCOL OPTIONS:
  cipher: AES-256-GCM
  digest: NONE
  key-derivation: OpenVPN PRF
  compress: NONE
  peer ID: 0
  control channel: tls-crypt enabled

19:41:01.754 -- EVENT: ASSIGN_IP
19:41:01.795 -- Connected via tun
19:41:01.802 -- EVENT: CONNECTED info='{server ip}:443 ({server ip}) via /TCPv4 on tun/10.8.0.14/ gw=[10.8.0.13/]'
19:42:17.011 -- EVENT: DISCONNECTED trans=TO_DISCONNECTED
19:42:17.013 -- Tunnel bytes per CPU second: 0
19:42:17.013 -- ----- OpenVPN Stop -----

IronUbuntu
OpenVpn Newbie
Posts: 3
Joined: Sat Jun 18, 2022 3:26 pm

Re: Openvpn connect for android client problem

Post by IronUbuntu » Sat Jun 18, 2022 9:17 pm

I saw the answer from TinCanTech (he said that my server don't answer to client PUST_REQUEST), but this answer is disappeared now, may be it is deleted . Should I take into account this answer?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Openvpn connect for android client problem

Post by TinCanTech » Sat Jun 18, 2022 10:36 pm

You need to use --redirect-gateway .. but it is easier to use a script: https://github.com/angristan/openvpn-install

IronUbuntu
OpenVpn Newbie
Posts: 3
Joined: Sat Jun 18, 2022 3:26 pm

Re: Openvpn connect for android client problem

Post by IronUbuntu » Sun Jun 19, 2022 8:27 pm

TinCanTech wrote:
Sat Jun 18, 2022 10:36 pm
You need to use --redirect-gateway .. but it is easier to use a script: https://github.com/angristan/openvpn-install
Thank you, uncommenting --redirect-gateway... in server config helps me to fix android client.

Post Reply