After upgrade my devices to iOS7, i found an issue with OpenVPN Connect:
When the VPN route just the traffic to my work place (not all the traffic), the DNS servers published by my VPN server are not updated.
I can ping from any computer in my work place to my iOS device (IPv4 and IPv6 both) and from my iOS device using IPv4 (I do not found any tool which allow me use explicit IPv6 addresses)
My client config is:
Code: Select all
client
dev tun
proto tcp
remote IPv4_SERVER1 443
remote-random
resolv-retry 10
nobind
persist-key
persist-tun
ca MY_CA.pem
pkcs12 client.p12
ns-cert-type server
tls-auth ta.key 1
cipher AES-256-CBC
verb 3
script-security 3
tun-ipv6
topology subnet
Code: Select all
local IPv4_SERVER1
port 443
proto tcp
dev tun
ca /etc/openvpn/MY_CA.pem
cert /etc/openvpn/MY_SERVER.pem
key /etc/openvpn/MY_SERVER.key
dh dh2048.pem
server 192.168.107.0 255.255.255.0
ifconfig-pool-persist ipp-https.txt
push "route 192.168.144.0 255.255.248.0"
push "route 10.0.12.0 255.255.252.0"
push "route 10.1.12.0 255.255.252.0"
push "dhcp-option DNS 192.168.151.101" <--- THESE NEW DNS SERVER ARE NOT USED IN THE VPN CONNECTION
push "dhcp-option DNS 192.168.151.100" <--- THESE NEW DNS SERVER ARE NOT USED IN THE VPN CONNECTION
push "dhcp-option DOMAIN MY.DOMAIN"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nobody
persist-key
persist-tun
status openvpn-status-https.log
verb 3
management localhost 7506
crl-verify /etc/openvpn/MY_CRL.pem
tls-auth /etc/openvpn/ta.key 0
topology subnet
tun-ipv6
server-ipv6 fec0:0:0:1230:0:0:1::/112
push "route-ipv6 fec0:0:0:1040::/64"
push "route-ipv6 fec0:0:0:1230::/64"
push "route-ipv6 fec0:0:0:1234::/64"
Code: Select all
2013-09-19 11:21:46 ----- OpenVPN Start -----
2013-09-19 11:21:46 EVENT: RESOLVE
2013-09-19 11:21:46 Contacting MY_SERVER_IPV4:443 via TCP
2013-09-19 11:21:46 EVENT: WAIT
2013-09-19 11:21:46 Connecting to MY_SERVER_IPV4 (MY_SERVER_IPV4) via TCPv4
2013-09-19 11:21:46 EVENT: CONNECTING
2013-09-19 11:21:46 Tunnel Options:V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client
2013-09-19 11:21:46 Peer Info:
IV_VER=1.0
IV_PLAT=ios
IV_NCP=1
2013-09-19 11:21:47 VERIFY OK: depth=0
cert. version : 3
serial number : 01:B1:75
issuer name : MY_CA
subject name : MY_SERVER
issued on : 2012-06-11 20:29:03
expires on : 2015-08-18 23:00:00
signed using : RSA+SHA1
RSA key size : 2048 bits
2013-09-19 11:21:47 VERIFY OK: depth=1
cert. version : 3
serial number : 01:B0:01
issuer name : MY_CA
subject name : MY_CA
issued on : 2005-08-18 23:00:00
expires on : 2015-08-18 23:00:00
signed using : RSA+SHA1
RSA key size : 2048 bits
2013-09-19 11:21:48 SSL Handshake: TLSv1.0/SSL-EDH-RSA-AES-256-SHA
2013-09-19 11:21:48 Session is ACTIVE
2013-09-19 11:21:49 EVENT: GET_CONFIG
2013-09-19 11:21:49 Sending PUSH_REQUEST to server...
2013-09-19 11:21:49 OPTIONS:
0 [ifconfig-ipv6] [fec0::1230:0:0:1:1017/112] [fec0::1230:0:0:1:1]
1 [route] [192.168.144.0] [255.255.248.0]
2 [route] [10.0.12.0] [255.255.252.0]
3 [route] [10.1.12.0] [255.255.252.0]
4 [dhcp-option] [DNS] [192.168.151.100]
5 [dhcp-option] [DNS] [192.168.151.101]
6 [dhcp-option] [DOMAIN] [MY_DOMAIN]
7 [route-ipv6] [fec0:0:0:1040::/64]
8 [route-ipv6] [fec0:0:0:1230::/64]
9 [route-ipv6] [fec0:0:0:1234::/64]
10 [tun-ipv6]
11 [route-gateway] [192.168.107.1]
12 [topology] [subnet]
13 [ping] [10]
14 [ping-restart] [120]
15 [ifconfig] [192.168.107.25] [255.255.255.0]
2013-09-19 11:21:49 EVENT: ASSIGN_IP
2013-09-19 11:21:49 Connected via tun
2013-09-19 11:21:49 EVENT: CONNECTED @MY_SERVER_IPV4:443 (MY_SERVER_IPV4) via /TCPv4 on tun/192.168.107.25/fec0::1230:0:0:1:1017
2013-09-19 11:27:36 EVENT: DISCONNECTED
2013-09-19 11:27:36 Raw stats on disconnect:
BYTES_IN : 32901
BYTES_OUT : 32061
PACKETS_IN : 255
PACKETS_OUT : 287
TUN_BYTES_IN : 16400
TUN_BYTES_OUT : 15984
TUN_PACKETS_IN : 212
TUN_PACKETS_OUT : 208
2013-09-19 11:27:36 Performance stats on disconnect:
CPU usage (microseconds): 1273679
Tunnel compression ratio (uplink): 1.95494
Tunnel compression ratio (downlink): 2.05837
Network bytes per CPU second: 51003
Tunnel bytes per CPU second: 25425
2013-09-19 11:27:36 ----- OpenVPN Stop -----