OpenVPN Connect 3.3.0 mobile config not working anymore

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
frbr
OpenVpn Newbie
Posts: 1
Joined: Tue Aug 02, 2022 1:59 pm

OpenVPN Connect 3.3.0 mobile config not working anymore

Post by frbr » Tue Aug 02, 2022 2:23 pm

I'm puzzled.

We deployed an openVPN config profile successfully since a couple of years.

Suddenly, after updating to OpenVPN Connect 3.3.0 newly installed config profiles don't work anymore. Already deployed profiles still are connecting fine to the VPN.

If I want to connect with a freshly installed profile in OpenVPN Connect nothing really happens. Not even a log entry. If I'm trying to connect via the iOS VPN toggle I'll get en error in the OpenVPN Connect log:

Code: Select all

[Aug 02, 2022, 13:26:52] NIP: OpenVPN VoD config error: Neither CertificatePayload nor cert/key values configured

[Aug 02, 2022, 13:26:52] EVENT: VOD_CONFIG_ERROR Neither CertificatePayload nor cert/key values configured [ERR]

[Aug 02, 2022, 13:26:52] EVENT: DISCONNECT_PENDING

[Aug 02, 2022, 13:26:52] Raw stats on disconnect:


[Aug 02, 2022, 13:26:52] Performance stats on disconnect:
  CPU usage (microseconds): 5694
  Network bytes per CPU second: 0
  Tunnel bytes per CPU second: 0

[Aug 02, 2022, 13:26:52] NIP: couldn't parse VPN on Demand settings
We didn't change anything on the profile or deployment side.

Sidenote: If I'm importing the ovpn file directly in OpenVPN Connect through Finder, I'm able to connect

Here's the config:

Code: Select all

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1">
  <dict>
    <key>PayloadUUID</key>
    <string>...</string>
    <key>PayloadType</key>
    <string>Configuration</string>
    <key>PayloadOrganization</key>
    <string>MYCompany</string>
    <key>PayloadIdentifier</key>
    <string>...</string>
    <key>PayloadDisplayName</key>
    <string>OpenVPN-Configuration</string>
    <key>PayloadDescription</key>
    <string/>
    <key>PayloadVersion</key>
    <integer>1</integer>
    <key>PayloadEnabled</key>
    <true/>
    <key>PayloadRemovalDisallowed</key>
    <false/>
    <key>PayloadScope</key>
    <string>System</string>
    <key>PayloadContent</key>
    <array>
      <dict>
        <key>PayloadUUID</key>
        <string>...</string>
        <key>PayloadType</key>
        <string>com.apple.vpn.managed</string>
        <key>PayloadOrganization</key>
        <string>MY Company</string>
        <key>PayloadIdentifier</key>
        <string>....</string>
        <key>PayloadDisplayName</key>
        <string>com.apple.vpn.managed</string>
        <key>PayloadDescription</key>
        <string/>
        <key>PayloadVersion</key>
        <integer>1</integer>
        <key>PayloadEnabled</key>
        <true/>
        <key>IPv4</key>
        <dict>
          <key>OverridePrimary</key>
          <integer>1</integer>
        </dict>
        <key>Proxies</key>
        <dict/>
        <key>UserDefinedName</key>
        <string>MY VPN CONNECTION</string>
        <key>VPN</key>
        <dict>
          <key>RemoteAddress</key>
          <string>DEFAULT</string>
          <key>OnDemandUserOverrideDisabled</key>
          <integer>0</integer>
          <key>ExcludeLocalNetworks</key>
          <integer>0</integer>
          <key>AuthName</key>
          <string/>
          <key>ProviderDesignatedRequirement</key>
          <string/>
          <key>AuthenticationMethod</key>
          <string>Password</string>
          <key>ProviderType</key>
          <string>packet-tunnel</string>
          <key>IncludeAllNetworks</key>
          <integer>0</integer>
        </dict>
        <key>VPNType</key>
        <string>VPN</string>
        <key>VPNSubType</key>
        <string>net.openvpn.connect.app</string>
        <key>VendorConfig</key>
        <dict>
          <key>cipher</key>
          <string>AES-128-CBC</string>
          <key>auth</key>
          <string>SHA256</string>
          <key>tls-client</key>
          <string>NOARGS</string>
          <key>setenv</key>
          <string>CLIENT_CERT 0</string>
          <key>remote-cert-tls</key>
          <string>server</string>
          <key>persist-key</key>
          <string>NOARGS</string>
          <key>key-direction</key>
          <string>1</string>
          <key>lport</key>
          <string>0</string>
          <key>remote</key>
          <string>IP Port Protocol</string>
          <key>tls-auth</key>
          <string>-----BEGIN OpenVPN Static key V1-----\n...\n-----END OpenVPN Static key V1-----</string>
          <key>vpn-on-demand</key>
          <string>0</string>
          <key>persist-tun</key>
          <string>NOARGS</string>
          <key>auth-user-pass</key>
          <string>NOARGS</string>
          <key>client</key>
          <string>NOARGS</string>
          <key>ca</key>
          <string>-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----</string>
        </dict>
        <key>OnDemandUserOverrideDisabled</key>
        <integer>0</integer>
      </dict>
    </array>
  </dict>
</plist>
Also, I noticed that in the iOS VPN dialog it only reads "app"

Image

Can someone push me in the right direction to fix this?

r.groesbeek
OpenVpn Newbie
Posts: 3
Joined: Mon Sep 19, 2022 4:29 pm

Re: OpenVPN Connect 3.3.0 mobile config not working anymore

Post by r.groesbeek » Tue Sep 20, 2022 7:40 am

Hi frbr,
We encountered the same problem!
(Old mobileconfigs still worked, reinstalled mobileconfigs could not be started with OpenVPN 3.3.2 build 5086)

I experimented somewhat with creating a VoD version instead, and with converting to Cert based authentication instead, but it didn't feel like our wanted usage user behavior (which is password authentication, and no On Demand activation).

I encountered the following topic, where an OpenVPN Support workaround is being given, by downloading the 3.2.3 Beta via Testflight (or 3.3.1 5056 according to appdetails), and that works for now.
viewtopic.php?t=34569

OpenVPN Support:
================

Code: Select all

There is currently a reported issue with the latest update of OpenVPN Connect with iOS, and will be fixed in the future update which will be 3.3.2.

However, if you want to use the old version you may do so by downloading the application here:
https://testflight.apple.com/join/wG8Ln3FA
By this link they can join beta testing and download older production build instead of 3.3.0

IMPORTANT NOTE: DO NOT UPGRADE FROM 3.3.0. Only uninstall and install this 3.3.1 from the scratch.
Upgrading directly from the APPSTORE will not work, app won’t connect.

IMPORTANT NOTE: Also by doing this, you will going to have to import your user profile, if you are not sure how to retrieve your user profile, then we would suggest to either ask your administrator of the OpenVPN Server or wait for the update.

I would hope to see this fixed in future versions though..

Post Reply