Openvpn connect iOS causing server to exit on disconnect

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
dave4444
OpenVpn Newbie
Posts: 7
Joined: Sat Nov 01, 2014 5:04 pm

Openvpn connect iOS causing server to exit on disconnect

Post by dave4444 » Sat Nov 01, 2014 5:21 pm

I'm trying to setup Openvpn connect iOS against my own router.

The basics are working, however whenever I disconnect the client from within the iOS app, it causes the server openvpn process to exit on my router.

I have openvpn on the server configured for persist-tun with an appropriate ping-restart set so that the server process will never exit.

Logs on the server are:

Nov 1 12:57:20 gw ovpn-iphone4s[1768]: TCP/UDP: Closing socket
Nov 1 12:57:20 gw ovpn-iphone4s[1768]: Closing TUN/TAP interface
Nov 1 12:57:20 gw ovpn-iphone4s[1768]: SIGTERM[soft,remote-exit] received, process exiting

From the linux openvpn code it looks like the iOS client is sending an OCC_EXIT event to the server.

I've tried to set "explicit-exit-notify 0" on both the client config and as a push message from the server.

I think that "explicit-exit-notify 0" should disable this behavior. in process_sigterm(), if c->options.explicit_exit_notification is zero, the
process_explicit_exit_notification_init() and process_explicit_exit_notification_timer_wakeup() should not be called resulting in no OCC_EXIT message to the server.

The iOS client seems to ignore the explicit-exit-notify option?

Any other thoughts on how to prevent the server from exiting?
Top
User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Openvpn connect iOS causing server to exit on disconnect

Post by Traffic » Sun Nov 02, 2014 12:53 pm

Sounds quite unusual .. can you please post your server config.
Top
dave4444
OpenVpn Newbie
Posts: 7
Joined: Sat Nov 01, 2014 5:04 pm

Re: Openvpn connect iOS causing server to exit on disconnect

Post by dave4444 » Sun Nov 02, 2014 2:45 pm

SERVER CONFIG
=============

cd /etc/openvpn

multihome
proto udp
port XXXX

dev tun4
verb 3
persist-tun

ping 30
ping-restart 182
ping-timer-rem

comp-lzo
link-mtu 1400
replay-window 90

tls-server

ca pki/keys/ca.crt
cert pki/keys/XXXXXX.crt
key pki/keys/XXXXXX.key
dh pki/keys/dh2048.pem

push "dhcp-option DNS XXXXXX"
push "dhcp-option DOMAIN XXXXXX"
push "ifconfig XX.XX.XX.2 XX.XX.XX.1"
push "link-mtu 1400"
push "tun-mtu 1358"

tun-ipv6
push tun-ipv6
push "ifconfig-ipv6 XXXX:XXXX:XXXX:XXXX::2/64 XXXX:XXXX:XXXX:XXXX::1"
push "redirect-gateway bypass-dhcp ipv6"

push "explicit-exit-notify 0"


CLIENT CONFIG
=============

client

remote XXXXXX
proto udp
port XXXX
float

dev tun

ping 30
ping-restart 62

comp-lzo
link-mtu 1400
tun-mtu 1358

tls-remote XXXXXX
ns-cert-type server
reneg-sec 86400

explicit-exit-notify 0

<ca>
XXXXXX
</ca>

<cert>
XXXXXX
</cert>

<key>
XXXXXX
</key>
Top
User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Openvpn connect iOS causing server to exit on disconnect

Post by Traffic » Sun Nov 02, 2014 6:38 pm

I can not see any specific problems .. please post your complete logs at verb 4
Top
dave4444
OpenVpn Newbie
Posts: 7
Joined: Sat Nov 01, 2014 5:04 pm

Re: Openvpn connect iOS causing server to exit on disconnect

Post by dave4444 » Sun Nov 02, 2014 8:08 pm

Nov 2 14:59:56 gw ovpn-iphone4s[20888]: Current Parameter Settings:
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: config = '/etc/openvpn/iphone4s.conf'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: mode = 0
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: persist_config = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: persist_mode = 1
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: show_ciphers = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: show_digests = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: show_engines = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: genkey = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: key_pass_file = '[UNDEF]'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: show_tls_ciphers = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: Connection profiles [default]:
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: proto = udp
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: local = '[UNDEF]'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: local_port = 905
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: remote = '[UNDEF]'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: remote_port = 905
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: remote_float = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: bind_defined = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: bind_local = ENABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: connect_retry_seconds = 5
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: connect_timeout = 10
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: connect_retry_max = 0
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: socks_proxy_server = '[UNDEF]'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: socks_proxy_port = 0
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: socks_proxy_retry = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: Connection profiles END
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: remote_random = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: ipchange = '[UNDEF]'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: dev = 'tun4'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: dev_type = '[UNDEF]'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: dev_node = '[UNDEF]'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: lladdr = '[UNDEF]'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: topology = 1
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: tun_ipv6 = ENABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: ifconfig_local = '[UNDEF]'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: ifconfig_remote_netmask = '[UNDEF]'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: ifconfig_noexec = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: ifconfig_nowarn = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: shaper = 0
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: tun_mtu = 1500
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: tun_mtu_defined = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: link_mtu = 1400
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: link_mtu_defined = ENABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: tun_mtu_extra = 0
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: tun_mtu_extra_defined = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: fragment = 0
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: mtu_discover_type = -1
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: mtu_test = 0
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: mlock = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: keepalive_ping = 0
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: keepalive_timeout = 0
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: inactivity_timeout = 0
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: ping_send_timeout = 30
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: ping_rec_timeout = 182
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: ping_rec_timeout_action = 2
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: ping_timer_remote = ENABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: remap_sigusr1 = 0
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: explicit_exit_notification = 0
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: persist_tun = ENABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: persist_local_ip = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: persist_remote_ip = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: persist_key = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: mssfix = 1450
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: passtos = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: resolve_retry_seconds = 1000000000
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: username = '[UNDEF]'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: groupname = '[UNDEF]'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: chroot_dir = '[UNDEF]'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: cd_dir = '/etc/openvpn'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: writepid = '/var/run/openvpn.iphone4s.pid'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: up_script = '[UNDEF]'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: down_script = '[UNDEF]'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: down_pre = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: up_restart = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: up_delay = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: daemon = ENABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: inetd = 0
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: log = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: suppress_timestamps = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: nice = 0
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: verbosity = 4
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: mute = 0
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: gremlin = 0
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: status_file = '/var/run/openvpn.iphone4s.status'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: status_file_version = 1
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: status_file_update_freq = 10
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: occ = ENABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: rcvbuf = 65536
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: sndbuf = 65536
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: sockflags = 1
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: fast_io = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: lzo = 7
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: route_script = '[UNDEF]'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: route_default_gateway = '[UNDEF]'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: route_default_metric = 0
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: route_noexec = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: route_delay = 0
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: route_delay_window = 30
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: route_delay_defined = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: route_nopull = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: route_gateway_via_dhcp = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: max_routes = 100
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: allow_pull_fqdn = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: management_addr = '[UNDEF]'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: management_port = 0
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: management_user_pass = '[UNDEF]'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: management_log_history_cache = 250
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: management_echo_buffer_size = 100
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: management_write_peer_info_file = '[UNDEF]'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: management_client_user = '[UNDEF]'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: management_client_group = '[UNDEF]'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: management_flags = 0
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: shared_secret_file = '[UNDEF]'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: key_direction = 0
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: ciphername_defined = ENABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: ciphername = 'BF-CBC'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: authname_defined = ENABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: authname = 'SHA1'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: prng_hash = 'SHA1'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: prng_nonce_secret_len = 16
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: keysize = 0
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: engine = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: replay = ENABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: mute_replay_warnings = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: replay_window = 90
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: replay_time = 15
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: packet_id_file = '[UNDEF]'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: use_iv = ENABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: test_crypto = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: tls_server = ENABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: tls_client = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: key_method = 2
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: ca_file = 'pki/keys/ca.crt'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: ca_path = '[UNDEF]'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: dh_file = 'pki/keys/dh2048.pem'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: cert_file = 'pki/keys/vpngw.XXXXXXXXXX.XXX.crt'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: priv_key_file = 'pki/keys/vpngw.XXXXXXXXXX.XXX.key'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: pkcs12_file = '[UNDEF]'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: cipher_list = '[UNDEF]'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: tls_verify = '[UNDEF]'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: tls_remote = '[UNDEF]'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: crl_file = '[UNDEF]'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: ns_cert_type = 0
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: remote_cert_ku = 0
Nov 2 14:59:56 gw last message repeated 15 times
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: remote_cert_eku = '[UNDEF]'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: tls_timeout = 2
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: renegotiate_bytes = 0
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: renegotiate_packets = 0
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: renegotiate_seconds = 3600
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: handshake_window = 60
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: transition_window = 3600
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: single_session = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: push_peer_info = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: tls_exit = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: tls_auth_file = '[UNDEF]'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: pkcs11_protected_authentication = DISABLED
Nov 2 14:59:56 gw last message repeated 15 times
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: pkcs11_private_mode = 00000000
Nov 2 14:59:56 gw last message repeated 15 times
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: pkcs11_cert_private = DISABLED
Nov 2 14:59:56 gw last message repeated 15 times
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: pkcs11_pin_cache_period = -1
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: pkcs11_id = '[UNDEF]'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: pkcs11_id_management = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: server_network = 0.0.0.0
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: server_netmask = 0.0.0.0
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: server_bridge_ip = 0.0.0.0
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: server_bridge_netmask = 0.0.0.0
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: server_bridge_pool_start = 0.0.0.0
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: server_bridge_pool_end = 0.0.0.0
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: push_entry = 'dhcp-option DNS XX.XX.XX.XX'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: push_entry = 'dhcp-option DOMAIN XXXXXXXXXX.XXX'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: push_entry = 'ifconfig XX.XX.XX.2 XX.XX.XX.1'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: push_entry = 'link-mtu 1400'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: push_entry = 'tun-mtu 1358'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: push_entry = 'tun-ipv6'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: push_entry = 'ifconfig-ipv6 XXXX:XXXX:XXXX:XXXX::2/64 XXXX:XXXX:XXXX:XXXX::1'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: push_entry = 'redirect-gateway bypass-dhcp ipv6'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: push_entry = 'explicit-exit-notify 0'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: ifconfig_pool_defined = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: ifconfig_pool_start = 0.0.0.0
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: ifconfig_pool_end = 0.0.0.0
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: ifconfig_pool_netmask = 0.0.0.0
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: ifconfig_pool_persist_filename = '[UNDEF]'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: ifconfig_pool_persist_refresh_freq = 600
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: n_bcast_buf = 256
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: tcp_queue_limit = 64
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: real_hash_size = 256
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: virtual_hash_size = 256
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: client_connect_script = '[UNDEF]'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: learn_address_script = '[UNDEF]'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: client_disconnect_script = '[UNDEF]'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: client_config_dir = '[UNDEF]'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: ccd_exclusive = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: tmp_dir = '[UNDEF]'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: push_ifconfig_defined = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: push_ifconfig_local = 0.0.0.0
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: push_ifconfig_remote_netmask = 0.0.0.0
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: enable_c2c = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: duplicate_cn = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: cf_max = 0
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: cf_per = 0
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: max_clients = 1024
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: max_routes_per_client = 256
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: auth_user_pass_verify_script = '[UNDEF]'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: auth_user_pass_verify_script_via_file = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: ssl_flags = 0
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: port_share_host = '[UNDEF]'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: port_share_port = 0
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: client = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: pull = DISABLED
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: auth_user_pass_file = '[UNDEF]'
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: OpenVPN 2.1.3 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Jun 6 2013
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: Diffie-Hellman initialized with 2048 bit key
Nov 2 14:59:56 gw ovpn-iphone4s[20888]: /usr/bin/openssl-vulnkey -q -b 2048 -m <modulus omitted>
Nov 2 14:59:56 gw ovpn-iphone4s[20729]: SIGTERM[hard,] received, process exiting
Nov 2 14:59:57 gw ovpn-iphone4s[20888]: LZO compression initialized
Nov 2 14:59:57 gw ovpn-iphone4s[20888]: WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1358)
Nov 2 14:59:57 gw ovpn-iphone4s[20888]: Control Channel MTU parms [ L:1400 D:138 EF:38 EB:0 ET:0 EL:0 ]
Nov 2 14:59:57 gw ovpn-iphone4s[20888]: Socket Buffers: R=[112640->131072] S=[112640->131072]
Nov 2 14:59:57 gw ovpn-iphone4s[20888]: TUN/TAP device tun4 opened
Nov 2 14:59:57 gw ovpn-iphone4s[20888]: TUN/TAP TX queue length set to 100
Nov 2 14:59:57 gw ovpn-iphone4s[20888]: Data Channel MTU parms [ L:1400 D:1400 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Nov 2 14:59:57 gw ovpn-iphone4s[20888]: Local Options String: 'V4,dev-type tun,link-mtu 1400,tun-mtu 1358,proto UDPv4,tun-ipv6,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Nov 2 14:59:57 gw ovpn-iphone4s[20888]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1400,tun-mtu 1358,proto UDPv4,tun-ipv6,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Nov 2 14:59:57 gw ovpn-iphone4s[20888]: Local Options hash (VER=V4): '6897892f'
Nov 2 14:59:57 gw ovpn-iphone4s[20888]: Expected Remote Options hash (VER=V4): 'ea604f4a'
Nov 2 14:59:57 gw ovpn-iphone4s[20894]: UDPv4 link local (bound): [undef]
Nov 2 14:59:57 gw kernel: [5196378.542949] tun4: Disabled Privacy Extensions
Nov 2 14:59:57 gw ovpn-iphone4s[20894]: UDPv4 link remote: [undef]
Nov 2 15:00:00 gw ovpn-iphone4s[20894]: TLS: Initial packet from [AF_INET]XX.XX.XX.XX:61234 (via [AF_INET]XX.XX.XX.XX), sid=b712644f 96655150
Nov 2 15:00:01 gw ovpn-iphone4s[20894]: VERIFY OK: depth=1, /O=vpngw.XXXXXXXXXX.XXX/CN=vpngw.XXXXXXXXXX.XXX_CA
Nov 2 15:00:01 gw ovpn-iphone4s[20894]: VERIFY OK: depth=0, /O=vpngw.XXXXXXXXXX.XXX/CN=iphone4s.vpn.XXXXXXXXXX.XXX
Nov 2 15:00:02 gw ovpn-iphone4s[20894]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1400', remote='link-mtu 1542'
Nov 2 15:00:02 gw ovpn-iphone4s[20894]: WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1358', remote='tun-mtu 1500'
Nov 2 15:00:02 gw ovpn-iphone4s[20894]: WARNING: 'tun-ipv6' is present in local config but missing in remote config, local='tun-ipv6'
Nov 2 15:00:02 gw ovpn-iphone4s[20894]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Nov 2 15:00:02 gw ovpn-iphone4s[20894]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Nov 2 15:00:02 gw ovpn-iphone4s[20894]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Nov 2 15:00:02 gw ovpn-iphone4s[20894]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Nov 2 15:00:02 gw ovpn-iphone4s[20894]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Nov 2 15:00:02 gw ovpn-iphone4s[20894]: [iphone4s.vpn.XXXXXXXXXX.XXX] Peer Connection Initiated with [AF_INET]XX.XX.XX.XX:61234 (via [AF_INET]XX.XX.XX.XX)
Nov 2 15:00:02 gw ovpn-iphone4s[20894]: PUSH: Received control message: 'PUSH_REQUEST'
Nov 2 15:00:02 gw ovpn-iphone4s[20894]: SENT CONTROL [iphone4s.vpn.XXXXXXXXXX.XXX]: 'PUSH_REPLY,dhcp-option DNS XX.XX.XX.XX,dhcp-option DOMAIN XXXXXXXXXX.XXX,ifconfig XX.XX.XX.2 XX.XX.XX.1,link-mtu 1400,tun-mtu 1358,tun-ipv6,ifconfig-ipv6 XXXX:XXXX:XXXX:XXXX::2/64 XXXX:XXXX:XXXX:XXXX::1,redirect-gateway bypass-dhcp ipv6,explicit-exit-notify 0' (status=1)
Nov 2 15:00:04 gw ovpn-iphone4s[20894]: Initialization Sequence Completed
Nov 2 15:00:05 gw ovpn-iphone4s[20894]: TCP/UDP: Closing socket
Nov 2 15:00:05 gw ovpn-iphone4s[20894]: Closing TUN/TAP interface
Nov 2 15:00:06 gw ovpn-iphone4s[20894]: SIGTERM[soft,remote-exit] received, process exiting




2014-11-02 15:00:02 ----- OpenVPN Start -----
OpenVPN core 3.0 ios armv7a thumb2 32-bit
2014-11-02 15:00:02 UNUSED OPTIONS
13 [explicit-exit-notify] [0]

2014-11-02 15:00:02 LZO-ASYM init swap=0 asym=0
2014-11-02 15:00:02 EVENT: RESOLVE
2014-11-02 15:00:02 Contacting XX.XX.XX.XX:905 via UDP
2014-11-02 15:00:02 EVENT: WAIT
2014-11-02 15:00:02 SetTunnelSocket returned 1
2014-11-02 15:00:02 Connecting to vpngw.XXXXXXXXXX.XXX:905 (XX.XX.XX.XX) via UDPv4
2014-11-02 15:00:02 EVENT: CONNECTING
2014-11-02 15:00:02 Tunnel Options:V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client
2014-11-02 15:00:02 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.0.5-177
IV_VER=3.0
IV_PLAT=ios
IV_NCP=1
IV_LZO=1

2014-11-02 15:00:03 VERIFY OK: depth=1
cert. version : 3
serial number : C9:DE:2B:4F:0A:67:1B:96
issuer name : O=vpngw.XXXXXXXXXX.XXX, CN=vpngw.XXXXXXXXXX.XXX CA
subject name : O=vpngw.XXXXXXXXXX.XXX, CN=vpngw.XXXXXXXXXX.XXX CA
issued on : 2014-10-31 20:48:23
expires on : 2024-10-28 20:48:23
signed using : RSA with SHA1
RSA key size : 2048 bits
basic constraints : CA=true

2014-11-02 15:00:03 VERIFY OK: depth=0
cert. version : 3
serial number : 01
issuer name : O=vpngw.XXXXXXXXXX.XXX, CN=vpngw.XXXXXXXXXX.XXX CA
subject name : O=vpngw.XXXXXXXXXX.XXX, CN=vpngw.XXXXXXXXXX.XXX
issued on : 2014-10-31 20:48:32
expires on : 2024-10-28 20:48:32
signed using : RSA with SHA1
RSA key size : 2048 bits
basic constraints : CA=false
cert. type : SSL Server
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication

2014-11-02 15:00:03 tls-remote validation
tls-remote: 'vpngw.XXXXXXXXXX.XXX'
Subj: '/O=vpngw.XXXXXXXXXX.XXX/CN=vpngw.XXXXXXXXXX.XXX'
CN: 'vpngw.XXXXXXXXXX.XXX'
2014-11-02 15:00:03 SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-AES-256-CBC-SHA
2014-11-02 15:00:03 Session is ACTIVE
2014-11-02 15:00:03 EVENT: GET_CONFIG
2014-11-02 15:00:03 Sending PUSH_REQUEST to server...
2014-11-02 15:00:03 OPTIONS:
0 [dhcp-option] [DNS] [XX.XX.XX.XX]
1 [dhcp-option] [DOMAIN] [XXXXXXXXXX.XXX]
2 [ifconfig] [XX.XX.XX.2] [XX.XX.XX.1]
3 [link-mtu] [1400]
4 [tun-mtu] [1358]
5 [tun-ipv6]
6 [ifconfig-ipv6] [XXXX:XXXX:XXXX:XXXX::2/64] [XXXX:XXXX:XXXX:XXXX::1]
7 [redirect-gateway] [bypass-dhcp] [ipv6]
8 [explicit-exit-notify] [0]

2014-11-02 15:00:03 LZO-ASYM init swap=0 asym=0
2014-11-02 15:00:03 EVENT: ASSIGN_IP
2014-11-02 15:00:03 Connected via tun
2014-11-02 15:00:03 EVENT: CONNECTED @vpngw.XXXXXXXXXX.XXX:905 (XX.XX.XX.XX) via /UDPv4 on tun/XX.XX.XX.2/XXXX:XXXX:XXXX:XXXX::2
2014-11-02 15:00:03 SetStatus Connected
2014-11-02 15:00:03 NET Internet:ReachableViaWiFi/-R -----l-
2014-11-02 15:00:04 NET Internet:ReachableViaWiFi/-R t----l-
2014-11-02 15:00:07 TUN reset routes
2014-11-02 15:00:07 EVENT: DISCONNECTED
2014-11-02 15:00:07 Raw stats on disconnect:
BYTES_IN : 7596
BYTES_OUT : 4788
PACKETS_IN : 56
PACKETS_OUT : 60
TUN_BYTES_IN : 1113
TUN_BYTES_OUT : 3833
TUN_PACKETS_IN : 16
TUN_PACKETS_OUT : 14
2014-11-02 15:00:07 Performance stats on disconnect:
CPU usage (microseconds): 655416
Tunnel compression ratio (uplink): 4.30189
Tunnel compression ratio (downlink): 1.98174
Network bytes per CPU second: 18894
Tunnel bytes per CPU second: 7546
2014-11-02 15:00:07 ----- OpenVPN Stop -----
Top
User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Openvpn connect iOS causing server to exit on disconnect

Post by Traffic » Sun Nov 02, 2014 9:29 pm

If possible you really need to update your server:
dave4444 wrote:OpenVPN 2.1.3 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Jun 6 2013
That may well solve the problem.

Let us know .. thanks
Top
dave4444
OpenVpn Newbie
Posts: 7
Joined: Sat Nov 01, 2014 5:04 pm

Re: Openvpn connect iOS causing server to exit on disconnect

Post by dave4444 » Sun Nov 02, 2014 10:57 pm

Upgraded server to 2.2.1. Same behavior.

Also took a look at source for 2.3.5.

The OCC_EXIT path looks unchanged. On server side, receipt of OCC_EXIT in process_received_occ_msg() is unfiltered, causes internal SIGTERM if client sends it, no way to mask it on server side.

Assuming iOS client uses the same code base, on the client side, setting explicit_exit_notification to 0 will disable sending OCC_EXIT.

However, iOS client does not support explicit-exit-notify:

2014-11-02 15:00:02 UNUSED OPTIONS
13 [explicit-exit-notify] [0]
Top
User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Openvpn connect iOS causing server to exit on disconnect

Post by Traffic » Wed Nov 05, 2014 4:46 am

Did you get any further with this ?
Top
dave4444
OpenVpn Newbie
Posts: 7
Joined: Sat Nov 01, 2014 5:04 pm

Re: Openvpn connect iOS causing server to exit on disconnect

Post by dave4444 » Thu Nov 06, 2014 2:52 am

I modified the code on the server side to make OCC_EXIT perform a SIGUSR1 instead of SIGTERM. This cause it to drop the connection without exiting when the IOS client disconnects.

Not sure if the patch below is proper (the maintainers would need to judge that), but it works for me.


diff -Nur openvpn-2.2.1.orig/occ.c openvpn-2.2.1/occ.c
--- openvpn-2.2.1.orig/occ.c 2014-11-05 21:20:28.000000000 -0500
+++ openvpn-2.2.1/occ.c 2014-11-05 21:21:02.000000000 -0500
@@ -381,7 +381,7 @@

case OCC_EXIT:
dmsg (D_PACKET_CONTENT, "RECEIVED OCC_EXIT");
- c->sig->signal_received = SIGTERM;
+ c->sig->signal_received = SIGUSR1;
c->sig->signal_text = "remote-exit";
break;
}
Top
User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Openvpn connect iOS causing server to exit on disconnect

Post by Traffic » Thu Nov 06, 2014 3:38 am

This might be worth a mail to the openvpn developer mailing list or their IRC channel.

I did ask them to take a look but for some reason (possibly due to you using old code) they have chosen not to comment.

You could also try using --keepalive instead of defining --ping & --ping-restart .. perhaps the code stream is better.

Up to date OpenVPN will warn you if your server does not use --keepalive like so:

Code: Select all

Tue Nov  4 12:47:41 2014 us=827380 OpenVPN 2.3.4 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on May  3 2014
Tue Nov  4 12:47:41 2014 us=827928 library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.08
Tue Nov  4 12:47:41 2014 us=828814 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:~~~
Tue Nov  4 12:47:41 2014 us=829471 WARNING: --keepalive option is missing from server config
Top
ratiox
OpenVpn Newbie
Posts: 3
Joined: Thu Jan 15, 2015 6:59 pm

Re: Openvpn connect iOS causing server to exit on disconnect

Post by ratiox » Thu Jan 15, 2015 8:37 pm

Thank you for figuring out this problem and the solution. Same problem here. With this bug, I wonder if one can use OpenVPN with iOS at all. Sure, you can do server-side checks (polling), if the openvpn server process is still running (not very elegant). Or you can modify source code, replacing SIGTERM by SIGUSR1.

I created a bug report here:

https://community.openvpn.net/openvpn/ticket/503

And I sent an email to ios@openvpn.net, referring to this bug report.

Thank you

Martin
Top
User avatar
jamesyonan
OpenVPN Inc.
Posts: 169
Joined: Thu Jan 24, 2013 12:13 am

Re: Openvpn connect iOS causing server to exit on disconnect

Post by jamesyonan » Thu Jan 15, 2015 9:14 pm

It's actually a design feature that clients send an OCC_EXIT to the server when disconnecting. This lets the server (in UDP mode) disconnect the client instance immediately and free up server-side resources, without needing to wait for a timeout.

Now I think the problem is that this feature was originally designed to work with OpenVPN server running in client/server mode as 99% of OpenVPN sites use. In multi-client mode, the OCC_EXIT will only terminate the specific client instance object on the server, not the whole server itself.

However if you are running OpenVPN in peer-to-peer mode (not client/server), then you will probably see this behaviour because the OCC_EXIT still terminates the client instance object, but because that object essentially represents the whole state of the running server, it also triggers a server exit.

So I would recommend that you use client/server mode on the server if possible.

The alternative would be to patch OpenVPN to change the interpretation of OCC_EXIT when OpenVPN is running in peer-to-peer mode.

James
Top
User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Openvpn connect iOS causing server to exit on disconnect

Post by Traffic » Fri Jan 16, 2015 2:37 am

Thank you James for your concise explanation ..

If only this forum were better organised.
Top
ratiox
OpenVpn Newbie
Posts: 3
Joined: Thu Jan 15, 2015 6:59 pm

Re: Openvpn connect iOS causing server to exit on disconnect

Post by ratiox » Fri Jan 16, 2015 9:39 am

I created a bug report yesterday here:

https://community.openvpn.net/openvpn/ticket/503
Top
ratiox
OpenVpn Newbie
Posts: 3
Joined: Thu Jan 15, 2015 6:59 pm

[solved] Re: Openvpn connect iOS causing server to exit on d

Post by ratiox » Fri Jan 16, 2015 10:03 am

Thank you James.

So the simple solution is to add the following line to the server config.

Code: Select all

mode server
Works perfect.
Top
gurubert
OpenVpn Newbie
Posts: 1
Joined: Wed Aug 30, 2023 8:44 am

Re: Openvpn connect iOS causing server to exit on disconnect

Post by gurubert » Wed Aug 30, 2023 8:45 am

Adding "mode server" does not work with a static secret (option --secret).

I added a systemd override to the openvpn service unit that configures Restart=on-success. Now systemd restarts the openvpn instance.
Top
Post Reply

Return to “OpenVPN Connect (iOS)”