CONFIG_FILE_READ_ERROR with iOS 15.6 and Connect 3.3.0

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
maibua
OpenVpn Newbie
Posts: 3
Joined: Fri Jul 22, 2022 11:12 am

CONFIG_FILE_READ_ERROR with iOS 15.6 and Connect 3.3.0

Post by maibua » Fri Jul 22, 2022 11:18 am

Hi,

after updating OpenVPN Connect from 3.2.3 to 3.3.0 my VPN connection is broken.

Code: Select all

[Jul 22, 2022, 13:04:41] EVENT: CONFIG_FILE_READ_ERROR One of ProfileContent, ProfilePath, or ProfileDict must be defined [ERR]

[Jul 22, 2022, 13:04:41] EVENT: DISCONNECT_PENDING

[Jul 22, 2022, 13:04:41] Raw stats on disconnect:


[Jul 22, 2022, 13:04:41] Performance stats on disconnect:
  CPU usage (microseconds): 3605
  Network bytes per CPU second: 0
  Tunnel bytes per CPU second: 0

[Jul 22, 2022, 13:04:41] NIP: couldn't parse native profile

[Jul 22, 2022, 13:04:41] EVENT: CONFIG_FILE_READ_ERROR One of ProfileContent, ProfilePath, or ProfileDict must be defined [ERR]

[Jul 22, 2022, 13:04:41] EVENT: DISCONNECT_PENDING

[Jul 22, 2022, 13:04:41] Raw stats on disconnect:


[Jul 22, 2022, 13:04:41] Performance stats on disconnect:
  CPU usage (microseconds): 6689
  Network bytes per CPU second: 0
  Tunnel bytes per CPU second: 0

[Jul 22, 2022, 13:04:41] NIP: couldn't parse native profile

What does this error message mean? I'm using an Provisioning Profile to deploy the configuration on my iOS 15.6 iPhone

Thanks
maibua

yuriy
OpenVpn Newbie
Posts: 5
Joined: Sat Feb 17, 2018 2:32 am

Re: CONFIG_FILE_READ_ERROR with iOS 15.6 and Connect 3.3.0

Post by yuriy » Mon Jul 25, 2022 8:15 am

Hello! Could you please post here your profile without sensitive information? Thanks.

maibua
OpenVpn Newbie
Posts: 3
Joined: Fri Jul 22, 2022 11:12 am

Re: CONFIG_FILE_READ_ERROR with iOS 15.6 and Connect 3.3.0

Post by maibua » Mon Jul 25, 2022 12:34 pm

Code: Select all

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>IPv4</key>
			<dict>
				<key>OverridePrimary</key>
				<integer>0</integer>
			</dict>
			<key>PayloadDescription</key>
			<string>Configures VPN settings, including authentication.</string>
			<key>PayloadDisplayName</key>
			<string>MyVPN</string>
			<key>PayloadIdentifier</key>
			<string>com.apple.vpn.managed.39506897-0201-4EF5-8EC5-0A4A076B5B26</string>
			<key>PayloadOrganization</key>
			<string></string>
			<key>PayloadType</key>
			<string>com.apple.vpn.managed</string>
			<key>PayloadUUID</key>
			<string>39506897-0201-4EF5-8EC5-0A4A076B5B26</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
			<key>Proxies</key>
			<dict/>
			<key>UserDefinedName</key>
			<string>MyProfile</string>
			<key>VPN</key>
			<dict>
				<key>AuthenticationMethod</key>
				<string>Certificate</string>
				<key>DisconnectOnIdle</key>
				<integer>0</integer>
				<key>OnDemandEnabled</key>
				<integer>1</integer>
				<key>OnDemandMatchDomainsAlways</key>
				<array>
					<string>intern</string>
				</array>
				<key>OnDemandMatchDomainsOnRetry</key>
				<array>
					<string>local.lan</string>
				</array>
				<key>PayloadCertificateUUID</key>
				<string>427E26E4-0578-4570-B678-B30664A8C8E3</string>
				<key>RemoteAddress</key>
				<string>myvpn.host.de</string>
			</dict>
			<key>VPNSubType</key>
			<string>net.openvpn.connect.app</string>
			<key>VPNType</key>
			<string>VPN</string>
			<key>VendorConfig</key>
			<dict>
				<key>auth-nocache</key>
				<string>Value</string>
				<key>ca</key>
				<string>-----BEGIN CERTIFICATE-----\n ... my cert ... \n-----END CERTIFICATE-----</string>
				<key>cipher</key>
				<string>AES-256-GCM</string>
				<key>compress</key>
				<string>lz4</string>
				<key>dev</key>
				<string>tun</string>
				<key>port</key>
				<string>1195</string>
				<key>proto</key>
				<string>udp</string>
				<key>remote</key>
				<string>myvpn.host.de 1195</string>
				<key>remote-cert-tls</key>
				<string>server</string>
				<key>verb</key>
				<string>2</string>
			</dict>
		</dict>
		<dict>
			<key>Password</key>
			<string>mypassword</string>
			<key>PayloadCertificateFileName</key>
			<string>mycert.p12</string>
			<key>PayloadContent</key>
			<data>
			mydata
			</data>
			<key>PayloadDescription</key>
			<string>Adds a PKCS#12-formatted certificate</string>
			<key>PayloadDisplayName</key>
			<string>mycert.p12</string>
			<key>PayloadIdentifier</key>
			<string>com.apple.security.pkcs12.427E26E4-0578-4570-B678-B30664A8C8E3</string>
			<key>PayloadType</key>
			<string>com.apple.security.pkcs12</string>
			<key>PayloadUUID</key>
			<string>427E26E4-0578-4570-B678-B30664A8C8E3</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
		</dict>
	</array>
	<key>PayloadDescription</key>
	<string>Profilbeschreibung.</string>
	<key>PayloadDisplayName</key>
	<string>MyProfile</string>
	<key>PayloadIdentifier</key>
	<string>de.my.company.profile</string>
	<key>PayloadOrganization</key>
	<string></string>
	<key>PayloadRemovalDisallowed</key>
	<false/>
	<key>PayloadType</key>
	<string>Configuration</string>
	<key>PayloadUUID</key>
	<string>EA93F898-B35B-422F-ACC3-02B1B9329B90</string>
	<key>PayloadVersion</key>
	<integer>1</integer>
</dict>
</plist>


Oleh
OpenVpn Newbie
Posts: 1
Joined: Tue Jul 26, 2022 9:23 am

Re: CONFIG_FILE_READ_ERROR with iOS 15.6 and Connect 3.3.0

Post by Oleh » Tue Jul 26, 2022 9:28 am

Hello!
Can you please add a vpn-on-demand key with value 1 to your profile via Apple Configurator?
Probably, this solution solves your problem.

maibua
OpenVpn Newbie
Posts: 3
Joined: Fri Jul 22, 2022 11:12 am

Re: CONFIG_FILE_READ_ERROR with iOS 15.6 and Connect 3.3.0

Post by maibua » Wed Jul 27, 2022 10:26 am

Hi Oleh,
thanks for your advice. vpn-on-demand solves the problem!

foobar0815
OpenVpn Newbie
Posts: 5
Joined: Wed Dec 08, 2021 5:20 pm

Re: CONFIG_FILE_READ_ERROR with iOS 15.6 and Connect 3.3.0

Post by foobar0815 » Thu Aug 04, 2022 7:02 am

Hi,

we also face this problem starting with 3.3.0.

Where in a provisioned mobileconfig do I have to add this key? Is there any documentation, why this is now needed?

This thread is currently the only match in google, and I also cannot find any valuable information regarding the the vpn-on-demand-key.

Edit:
seems like profiles with

Code: Select all

<key>OnDemandEnabled</key>
<integer>0</integer>
generate the error above and also profiles with

Code: Select all

<key>OnDemandEnabled</key>
<integer>1</integer>
but with no

Code: Select all

<dict>
    <key>Action</key>
    <string>EvaluateConnection</string>
    <key>ActionParameters</key>
    <array>
        <dict>
            <key>Domains</key>
            <array><string>local</string></array>
            <key>DomainAction</key>
            <string>ConnectIfNeeded</string>
        </dict>
    </array>
</dict>
Thanks!

mb
OpenVpn Newbie
Posts: 2
Joined: Fri Nov 09, 2018 3:20 pm

Re: CONFIG_FILE_READ_ERROR with iOS 15.6 and Connect 3.3.0

Post by mb » Wed Aug 24, 2022 8:40 pm

*bump* - there's a sudden deeply discouraging feeling when you stumble upon an issue with a single Google result.

I've got in touch with support, and they came back with some useful info on this - sharing here, as this is still the only Google result to run with :)
There is currently a reported issue with the latest update of OpenVPN Connect with iOS, and will be fixed in the future update which will be 3.3.2.

However, if you want to use the old version you may do so by downloading the application here:
https://testflight.apple.com/join/wG8Ln3FA
By this link they can join beta testing and download older production build instead of 3.3.0

IMPORTANT NOTE: DO NOT UPGRADE FROM 3.3.0. Only uninstall and install this 3.3.1 from the scratch.
Upgrading directly from the APPSTORE will not work, app won’t connect.

IMPORTANT NOTE: Also by doing this, you will going to have to import your user profile, if you are not sure how to retrieve your user profile, then we would suggest to either ask your administrator of the OpenVPN Server or wait for the update.
Massive shoutout to Sir Ed V for this info.

mb

eviljazz
OpenVpn Newbie
Posts: 2
Joined: Fri Aug 26, 2022 5:26 pm

Re: CONFIG_FILE_READ_ERROR with iOS 15.6 and Connect 3.3.0

Post by eviljazz » Fri Aug 26, 2022 5:27 pm

Same here. Since 3.3.0 all our users using OpenVPn Connect to connect to Azure VPN is not longer working. On android i had to revert back to 3.2.5.

Is there any fix coming very soon?

foobar0815
OpenVpn Newbie
Posts: 5
Joined: Wed Dec 08, 2021 5:20 pm

Re: CONFIG_FILE_READ_ERROR with iOS 15.6 and Connect 3.3.0

Post by foobar0815 » Wed Aug 31, 2022 10:42 am

@mb: thanks for sharing your info.

The recommended procedure (uninstall+new install) did not work here with the newest version 3.3.2 from the app store.

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1332
Joined: Tue Feb 16, 2021 10:41 am

Re: CONFIG_FILE_READ_ERROR with iOS 15.6 and Connect 3.3.0

Post by openvpn_inc » Thu Sep 01, 2022 7:31 pm

Hello guys,

You might want to check if they're using x509-verify type directives in the profile. If they do check if they're using single or double quotes. One or the other doesn't work, so if you change it, it may start working again.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

foobar0815
OpenVpn Newbie
Posts: 5
Joined: Wed Dec 08, 2021 5:20 pm

Re: CONFIG_FILE_READ_ERROR with iOS 15.6 and Connect 3.3.0

Post by foobar0815 » Fri Sep 02, 2022 9:29 am

Thanks for your attention.
We do not use that configuration. Please find the mobileconfig below (credentials stripped)

Code: Select all

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>IPv4</key>
			<dict>
				<key>OverridePrimary</key>
				<integer>0</integer>
			</dict>
			<key>PayloadDescription</key>
			<string>VPN-Einstellungen konfigurieren, inkl. Authentifizierung.</string>
			<key>PayloadDisplayName</key>
			<string>VPN</string>
			<key>PayloadIdentifier</key>
			<string>device.vpn1</string>
			<key>PayloadOrganization</key>
			<string></string>
			<key>PayloadType</key>
			<string>com.apple.vpn.managed</string>
			<key>PayloadUUID</key>
			<string>11b2c633-5106-47ce-92da-4648bc3d2540</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
			<key>Proxies</key>
			<dict/>
			<key>UserDefinedName</key>
			<string>VPN</string>
			<key>VPN</key>
			<dict>
				<key>AuthenticationMethod</key>
				<string>Certificate</string>
				<key>OnDemandEnabled</key>
				<integer>1</integer>
				<key>OnDemandRules</key>
				<array>
					<dict>
						<key>Action</key>
						<string>Disconnect</string>
						<key>InterfaceTypeMatch</key>
						<string>WiFi</string>
						<key>SSIDMatch</key>
						<array>
							<string>Placeholder_SSID_hgfwerubUZ#Buerg8J73hwg_1</string>
							<string>Placeholder_SSID_hgfwerubUZ#Buerg8J73hwg_2</string>
							<string>Placeholder_SSID_hgfwerubUZ#Buerg8J73hwg_3</string>
							<string>Placeholder_SSID_hgfwerubUZ#Buerg8J73hwg_4</string>
							<string>Placeholder_SSID_hgfwerubUZ#Buerg8J73hwg_5</string>
							<string>Placeholder_SSID_hgfwerubUZ#Buerg8J73hwg_6</string>
						</array>
					</dict>
					<dict>
						<key>Action</key>
						<string>EvaluateConnection</string>
						<key>ActionParameters</key>
						<array>
							<dict>
								<key>Domains</key>
								<array>
									<string>*.fitz.box</string>
								</array>
								<key>DomainAction</key>
								<string>ConnectIfNeeded</string>
							</dict>
						</array>
					</dict>
					<dict>
						<key>Action</key>
						<string>Ignore</string>
					</dict>
				</array>
				<key>PayloadCertificateUUID</key>
				<string>77abca45-4018-4108-a0b2-7ddf6403c335</string>
				<key>RemoteAddress</key>
				<string>DEFAULT</string>
			</dict>
			<key>VPNSubType</key>
			<string>net.openvpn.connect.app</string>
			<key>VPNType</key>
			<string>VPN</string>
			<key>VendorConfig</key>
			<dict>
				<key>ca</key><string>-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----</string>
				<key>cipher</key>
				<string>AES-256-CBC</string>
				<key>client</key>
				<string>NOARGS</string>
				<key>dev</key>
				<string>tun</string>
				<key>inactive</key><string>180 30720</string>
				<key>key-direction</key>
				<string>1</string>
				<key>nobind</key>
				<string>NOARGS</string>
				<key>persist-key</key>
				<string>NOARGS</string>
				<key>persist-tun</key>
				<string>NOARGS</string>
				<key>port</key><string>1194</string>
				<key>proto</key>
				<string>udp</string>
				<key>pull</key>
				<string>NOARGS</string>
				<key>remote</key><string>example.com</string>
				<key>remote-cert-tls</key>
				<string>server</string>
				<key>tls-auth</key><string>#\n# 2048 bit OpenVPN static key\n#\n-----BEGIN OpenVPN Static key V1-----\n...\n-----END OpenVPN Static key V1-----</string>
				<key>tls-client</key>
				<string>NOARGS</string>
				<key>verb</key>
				<string>3</string>
			</dict>
		</dict>
		<dict>
			<key>PayloadCertificateFileName</key><string>user:test.p12</string>
			<key>PayloadContent</key>
			<data>
MIINEQIBAzCCDNcGCSqGSIb3DQEHAaCCDMgEggzEMIIMwDCCB3cGCSqGSIb3DQEHBqCCB2gwggdk
...
AgEAMIIHA==
			</data>
			<key>PayloadDescription</key>
			<string>Sorgt für die Geräte-Authentifizierung (Zertifikat oder Identität).</string>
			<key>PayloadDisplayName</key><string>user:test.p12</string>
			<key>PayloadIdentifier</key>
			<string>device.Zertifikat</string>
			<key>PayloadOrganization</key>
			<string></string>
			<key>PayloadType</key>
			<string>com.apple.security.pkcs12</string>
			<key>PayloadUUID</key>
			<string>77abca45-4018-4108-a0b2-7ddf6403c335</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
		</dict>
	</array>
	<key>PayloadDescription</key>
	<string>Profile
</string>
	<key>PayloadDisplayName</key>
	<string>VPN</string>
	<key>PayloadIdentifier</key>
	<string>device</string>
	<key>PayloadOrganization</key>
	<string></string>
	<key>PayloadRemovalDisallowed</key>
	<false/>
	<key>PayloadType</key>
	<string>Configuration</string>
	<key>PayloadUUID</key>
	<string>9c725f51-5b19-4d2e-a81e-6505866bd5af</string>
	<key>PayloadVersion</key>
	<integer>1</integer>
</dict>
</plist>
The profile is accepted by iOS but loads to the following errors in OpenVPN connect:

Code: Select all

[Aug 31, 2022, 12:27:49] NIP: couldn't parse native profile
[Aug 31, 2022, 12:27:49] EVENT: CONFIG_FILE_READ_ERROR One of ProfileContent, ProfilePath, or ProfileDict must be defined [ERR]
[Aug 31, 2022, 12:27:49] EVENT: DISCONNECT_PENDING
[Aug 31, 2022, 12:27:49] Raw stats on disconnect:
[Aug 31, 2022, 12:27:49] Performance stats on disconnect:
CPU usage (microseconds): 8100
Network bytes per CPU second: 0
Tunnel bytes per CPU second: 0
The same profiles used to work before updating to 3.3.0/3.3.2.

Any other ideas? Thanks!

r.groesbeek
OpenVpn Newbie
Posts: 3
Joined: Mon Sep 19, 2022 4:29 pm

Re: CONFIG_FILE_READ_ERROR with iOS 15.6 and Connect 3.3.0

Post by r.groesbeek » Tue Sep 20, 2022 7:47 am

We had to revert to version 3.2.3 (testflight beta or 3.3.1 5056 according to appdetails) as well. In this case because of new mobileconfig problems (they could not be activated anymore).
Is there any news on a new release (>3.3.2 build 5086) already?

Because running on a 50 days valid testflight version is not very comfortable...

See also: viewtopic.php?p=108637#p108637

foobar0815
OpenVpn Newbie
Posts: 5
Joined: Wed Dec 08, 2021 5:20 pm

Re: CONFIG_FILE_READ_ERROR with iOS 15.6 and Connect 3.3.0

Post by foobar0815 » Fri Sep 30, 2022 9:23 am

openvpn_inc wrote:
Thu Sep 01, 2022 7:31 pm
Hello guys
Hello Johan,
any news on that issue? Is this an issue that will be fixed or do we have to find a workaround here (config above)?

Thanks!

foobar0815
OpenVpn Newbie
Posts: 5
Joined: Wed Dec 08, 2021 5:20 pm

Re: CONFIG_FILE_READ_ERROR with iOS 15.6 and Connect 3.3.0

Post by foobar0815 » Tue Oct 25, 2022 10:00 am

As it may be of interest for others (iOS 16.0.2, OpenVPN Connect 3.3.2):

Manually trying to open a VPN connection from a mobileconfig like posted above fails with the reported error. An automatically opened VPN connection by accessing an onDemand DNS address configured in the mobileconfig however works as desired.

For profiles without onDemand, adding the profile as ovpn instead of mobileconfig also works for us.

Though it would be nice to see this bug fixed in future, we are OK with that compromise.

Post Reply