CONFIG_FILE_READ_ERROR with iOS 15.6 and Connect 3.3.0

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
maibua
OpenVpn Newbie
Posts: 3
Joined: Fri Jul 22, 2022 11:12 am

CONFIG_FILE_READ_ERROR with iOS 15.6 and Connect 3.3.0

Post by maibua » Fri Jul 22, 2022 11:18 am

Hi,

after updating OpenVPN Connect from 3.2.3 to 3.3.0 my VPN connection is broken.

Code: Select all

[Jul 22, 2022, 13:04:41] EVENT: CONFIG_FILE_READ_ERROR One of ProfileContent, ProfilePath, or ProfileDict must be defined [ERR]

[Jul 22, 2022, 13:04:41] EVENT: DISCONNECT_PENDING

[Jul 22, 2022, 13:04:41] Raw stats on disconnect:


[Jul 22, 2022, 13:04:41] Performance stats on disconnect:
  CPU usage (microseconds): 3605
  Network bytes per CPU second: 0
  Tunnel bytes per CPU second: 0

[Jul 22, 2022, 13:04:41] NIP: couldn't parse native profile

[Jul 22, 2022, 13:04:41] EVENT: CONFIG_FILE_READ_ERROR One of ProfileContent, ProfilePath, or ProfileDict must be defined [ERR]

[Jul 22, 2022, 13:04:41] EVENT: DISCONNECT_PENDING

[Jul 22, 2022, 13:04:41] Raw stats on disconnect:


[Jul 22, 2022, 13:04:41] Performance stats on disconnect:
  CPU usage (microseconds): 6689
  Network bytes per CPU second: 0
  Tunnel bytes per CPU second: 0

[Jul 22, 2022, 13:04:41] NIP: couldn't parse native profile

What does this error message mean? I'm using an Provisioning Profile to deploy the configuration on my iOS 15.6 iPhone

Thanks
maibua

yuriy
OpenVpn Newbie
Posts: 4
Joined: Sat Feb 17, 2018 2:32 am

Re: CONFIG_FILE_READ_ERROR with iOS 15.6 and Connect 3.3.0

Post by yuriy » Mon Jul 25, 2022 8:15 am

Hello! Could you please post here your profile without sensitive information? Thanks.

maibua
OpenVpn Newbie
Posts: 3
Joined: Fri Jul 22, 2022 11:12 am

Re: CONFIG_FILE_READ_ERROR with iOS 15.6 and Connect 3.3.0

Post by maibua » Mon Jul 25, 2022 12:34 pm

Code: Select all

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>IPv4</key>
			<dict>
				<key>OverridePrimary</key>
				<integer>0</integer>
			</dict>
			<key>PayloadDescription</key>
			<string>Configures VPN settings, including authentication.</string>
			<key>PayloadDisplayName</key>
			<string>MyVPN</string>
			<key>PayloadIdentifier</key>
			<string>com.apple.vpn.managed.39506897-0201-4EF5-8EC5-0A4A076B5B26</string>
			<key>PayloadOrganization</key>
			<string></string>
			<key>PayloadType</key>
			<string>com.apple.vpn.managed</string>
			<key>PayloadUUID</key>
			<string>39506897-0201-4EF5-8EC5-0A4A076B5B26</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
			<key>Proxies</key>
			<dict/>
			<key>UserDefinedName</key>
			<string>MyProfile</string>
			<key>VPN</key>
			<dict>
				<key>AuthenticationMethod</key>
				<string>Certificate</string>
				<key>DisconnectOnIdle</key>
				<integer>0</integer>
				<key>OnDemandEnabled</key>
				<integer>1</integer>
				<key>OnDemandMatchDomainsAlways</key>
				<array>
					<string>intern</string>
				</array>
				<key>OnDemandMatchDomainsOnRetry</key>
				<array>
					<string>local.lan</string>
				</array>
				<key>PayloadCertificateUUID</key>
				<string>427E26E4-0578-4570-B678-B30664A8C8E3</string>
				<key>RemoteAddress</key>
				<string>myvpn.host.de</string>
			</dict>
			<key>VPNSubType</key>
			<string>net.openvpn.connect.app</string>
			<key>VPNType</key>
			<string>VPN</string>
			<key>VendorConfig</key>
			<dict>
				<key>auth-nocache</key>
				<string>Value</string>
				<key>ca</key>
				<string>-----BEGIN CERTIFICATE-----\n ... my cert ... \n-----END CERTIFICATE-----</string>
				<key>cipher</key>
				<string>AES-256-GCM</string>
				<key>compress</key>
				<string>lz4</string>
				<key>dev</key>
				<string>tun</string>
				<key>port</key>
				<string>1195</string>
				<key>proto</key>
				<string>udp</string>
				<key>remote</key>
				<string>myvpn.host.de 1195</string>
				<key>remote-cert-tls</key>
				<string>server</string>
				<key>verb</key>
				<string>2</string>
			</dict>
		</dict>
		<dict>
			<key>Password</key>
			<string>mypassword</string>
			<key>PayloadCertificateFileName</key>
			<string>mycert.p12</string>
			<key>PayloadContent</key>
			<data>
			mydata
			</data>
			<key>PayloadDescription</key>
			<string>Adds a PKCS#12-formatted certificate</string>
			<key>PayloadDisplayName</key>
			<string>mycert.p12</string>
			<key>PayloadIdentifier</key>
			<string>com.apple.security.pkcs12.427E26E4-0578-4570-B678-B30664A8C8E3</string>
			<key>PayloadType</key>
			<string>com.apple.security.pkcs12</string>
			<key>PayloadUUID</key>
			<string>427E26E4-0578-4570-B678-B30664A8C8E3</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
		</dict>
	</array>
	<key>PayloadDescription</key>
	<string>Profilbeschreibung.</string>
	<key>PayloadDisplayName</key>
	<string>MyProfile</string>
	<key>PayloadIdentifier</key>
	<string>de.my.company.profile</string>
	<key>PayloadOrganization</key>
	<string></string>
	<key>PayloadRemovalDisallowed</key>
	<false/>
	<key>PayloadType</key>
	<string>Configuration</string>
	<key>PayloadUUID</key>
	<string>EA93F898-B35B-422F-ACC3-02B1B9329B90</string>
	<key>PayloadVersion</key>
	<integer>1</integer>
</dict>
</plist>


Oleh
OpenVpn Newbie
Posts: 1
Joined: Tue Jul 26, 2022 9:23 am

Re: CONFIG_FILE_READ_ERROR with iOS 15.6 and Connect 3.3.0

Post by Oleh » Tue Jul 26, 2022 9:28 am

Hello!
Can you please add a vpn-on-demand key with value 1 to your profile via Apple Configurator?
Probably, this solution solves your problem.

maibua
OpenVpn Newbie
Posts: 3
Joined: Fri Jul 22, 2022 11:12 am

Re: CONFIG_FILE_READ_ERROR with iOS 15.6 and Connect 3.3.0

Post by maibua » Wed Jul 27, 2022 10:26 am

Hi Oleh,
thanks for your advice. vpn-on-demand solves the problem!

foobar0815
OpenVpn Newbie
Posts: 6
Joined: Wed Dec 08, 2021 5:20 pm

Re: CONFIG_FILE_READ_ERROR with iOS 15.6 and Connect 3.3.0

Post by foobar0815 » Thu Aug 04, 2022 7:02 am

Hi,

we also face this problem starting with 3.3.0.

Where in a provisioned mobileconfig do I have to add this key? Is there any documentation, why this is now needed?

This thread is currently the only match in google, and I also cannot find any valuable information regarding the the vpn-on-demand-key.

Edit:
seems like profiles with

Code: Select all

<key>OnDemandEnabled</key>
<integer>0</integer>
generate the error above and also profiles with

Code: Select all

<key>OnDemandEnabled</key>
<integer>1</integer>
but with no

Code: Select all

<dict>
    <key>Action</key>
    <string>EvaluateConnection</string>
    <key>ActionParameters</key>
    <array>
        <dict>
            <key>Domains</key>
            <array><string>local</string></array>
            <key>DomainAction</key>
            <string>ConnectIfNeeded</string>
        </dict>
    </array>
</dict>
Thanks!

Post Reply