CONFIG_FILE_READ_ERROR with iOS 15.6 and Connect 3.3.0

[maibua]

Hi,

after updating OpenVPN Connect from 3.2.3 to 3.3.0 my VPN connection is broken.

Code: Select all

[Jul 22, 2022, 13:04:41] EVENT: CONFIG_FILE_READ_ERROR One of ProfileContent, ProfilePath, or ProfileDict must be defined [ERR]

[Jul 22, 2022, 13:04:41] EVENT: DISCONNECT_PENDING

[Jul 22, 2022, 13:04:41] Raw stats on disconnect:


[Jul 22, 2022, 13:04:41] Performance stats on disconnect:
  CPU usage (microseconds): 3605
  Network bytes per CPU second: 0
  Tunnel bytes per CPU second: 0

[Jul 22, 2022, 13:04:41] NIP: couldn't parse native profile

[Jul 22, 2022, 13:04:41] EVENT: CONFIG_FILE_READ_ERROR One of ProfileContent, ProfilePath, or ProfileDict must be defined [ERR]

[Jul 22, 2022, 13:04:41] EVENT: DISCONNECT_PENDING

[Jul 22, 2022, 13:04:41] Raw stats on disconnect:


[Jul 22, 2022, 13:04:41] Performance stats on disconnect:
  CPU usage (microseconds): 6689
  Network bytes per CPU second: 0
  Tunnel bytes per CPU second: 0

[Jul 22, 2022, 13:04:41] NIP: couldn't parse native profile

What does this error message mean? I'm using an Provisioning Profile to deploy the configuration on my iOS 15.6 iPhone

Thanks
maibua

[yuriy]

Hello! Could you please post here your profile without sensitive information? Thanks.

[maibua]

Code: Select all

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>IPv4</key>
			<dict>
				<key>OverridePrimary</key>
				<integer>0</integer>
			</dict>
			<key>PayloadDescription</key>
			<string>Configures VPN settings, including authentication.</string>
			<key>PayloadDisplayName</key>
			<string>MyVPN</string>
			<key>PayloadIdentifier</key>
			<string>com.apple.vpn.managed.39506897-0201-4EF5-8EC5-0A4A076B5B26</string>
			<key>PayloadOrganization</key>
			<string></string>
			<key>PayloadType</key>
			<string>com.apple.vpn.managed</string>
			<key>PayloadUUID</key>
			<string>39506897-0201-4EF5-8EC5-0A4A076B5B26</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
			<key>Proxies</key>
			<dict/>
			<key>UserDefinedName</key>
			<string>MyProfile</string>
			<key>VPN</key>
			<dict>
				<key>AuthenticationMethod</key>
				<string>Certificate</string>
				<key>DisconnectOnIdle</key>
				<integer>0</integer>
				<key>OnDemandEnabled</key>
				<integer>1</integer>
				<key>OnDemandMatchDomainsAlways</key>
				<array>
					<string>intern</string>
				</array>
				<key>OnDemandMatchDomainsOnRetry</key>
				<array>
					<string>local.lan</string>
				</array>
				<key>PayloadCertificateUUID</key>
				<string>427E26E4-0578-4570-B678-B30664A8C8E3</string>
				<key>RemoteAddress</key>
				<string>myvpn.host.de</string>
			</dict>
			<key>VPNSubType</key>
			<string>net.openvpn.connect.app</string>
			<key>VPNType</key>
			<string>VPN</string>
			<key>VendorConfig</key>
			<dict>
				<key>auth-nocache</key>
				<string>Value</string>
				<key>ca</key>
				<string>-----BEGIN CERTIFICATE-----\n ... my cert ... \n-----END CERTIFICATE-----</string>
				<key>cipher</key>
				<string>AES-256-GCM</string>
				<key>compress</key>
				<string>lz4</string>
				<key>dev</key>
				<string>tun</string>
				<key>port</key>
				<string>1195</string>
				<key>proto</key>
				<string>udp</string>
				<key>remote</key>
				<string>myvpn.host.de 1195</string>
				<key>remote-cert-tls</key>
				<string>server</string>
				<key>verb</key>
				<string>2</string>
			</dict>
		</dict>
		<dict>
			<key>Password</key>
			<string>mypassword</string>
			<key>PayloadCertificateFileName</key>
			<string>mycert.p12</string>
			<key>PayloadContent</key>
			<data>
			mydata
			</data>
			<key>PayloadDescription</key>
			<string>Adds a PKCS#12-formatted certificate</string>
			<key>PayloadDisplayName</key>
			<string>mycert.p12</string>
			<key>PayloadIdentifier</key>
			<string>com.apple.security.pkcs12.427E26E4-0578-4570-B678-B30664A8C8E3</string>
			<key>PayloadType</key>
			<string>com.apple.security.pkcs12</string>
			<key>PayloadUUID</key>
			<string>427E26E4-0578-4570-B678-B30664A8C8E3</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
		</dict>
	</array>
	<key>PayloadDescription</key>
	<string>Profilbeschreibung.</string>
	<key>PayloadDisplayName</key>
	<string>MyProfile</string>
	<key>PayloadIdentifier</key>
	<string>de.my.company.profile</string>
	<key>PayloadOrganization</key>
	<string></string>
	<key>PayloadRemovalDisallowed</key>
	<false/>
	<key>PayloadType</key>
	<string>Configuration</string>
	<key>PayloadUUID</key>
	<string>EA93F898-B35B-422F-ACC3-02B1B9329B90</string>
	<key>PayloadVersion</key>
	<integer>1</integer>
</dict>
</plist>

[Oleh]

Hello!
Can you please add a vpn-on-demand key with value 1 to your profile via Apple Configurator?
Probably, this solution solves your problem.

[maibua]

Hi Oleh,
thanks for your advice. vpn-on-demand solves the problem!

[foobar0815]

Hi,

we also face this problem starting with 3.3.0.

Where in a provisioned mobileconfig do I have to add this key? Is there any documentation, why this is now needed?

This thread is currently the only match in google, and I also cannot find any valuable information regarding the the vpn-on-demand-key.

Edit:
seems like profiles with

Code: Select all

<key>OnDemandEnabled</key>
<integer>0</integer>

generate the error above and also profiles with

Code: Select all

<key>OnDemandEnabled</key>
<integer>1</integer>

but with no

Code: Select all

<dict>
    <key>Action</key>
    <string>EvaluateConnection</string>
    <key>ActionParameters</key>
    <array>
        <dict>
            <key>Domains</key>
            <array><string>local</string></array>
            <key>DomainAction</key>
            <string>ConnectIfNeeded</string>
        </dict>
    </array>
</dict>

Thanks!