frequent reconnect openvpn - ios 7(OpenVPN 1.0.1 build 88)

[firefedot]

Hello...
Have a working openvpn server config works on Win and MacOS, Linux

I try to set up all this stuff on iPads.
Generating a new key and collect openssl and ather OpenSSL PKCS # 12 container

Code: Select all

openssl rsa-in ios.key-out ios_rsa.key
openssl pkcs12-export-in ios.crt-inkey ios_rsa.key-certfile ca.crt-name ios-out ios.p12

Config on the client

client
tls-client
dev tun
proto tcp

remote mydomain.org 8080

resolv-retry infinite
nobind
pull

auth SHA512
cipher BF-CBC
keysize 256
ns-cert-type server

persist-tun
persist-key

comp-lzo
verb 3
auth-user-pass

route-delay 2
pkcs12 ios.p12

setenv CLIENT_CERT 1

<ca>
-----BEGIN CERTIFICATE-----
-----ca------
-----END CERTIFICATE-----
</ca>

<key>
-----BEGIN RSA PRIVATE KEY-----
----key-------
-----END RSA PRIVATE KEY-----
</key>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
----ta.key-------
-----END OpenVPN Static key V1-----
</tls-auth>

<dh>
-----BEGIN DH PARAMETERS-----
----dh2048.pem-----
-----END DH PARAMETERS-----
</dh>

<cert>
-----BEGIN CERTIFICATE-----
-----cert------
-----END CERTIFICATE-----
</cert>

Throws all this through aytyuns on aypad. Certificate can see I enter username and password and I press Connect, but ... occurs immediately after the trip and get the address of the gap and re-connected, and so many times.
On the server logs that there is not received on or issued by aypad address.
Here's the log at the iPad:

2013-10-18 09:41:21 ----- OpenVPN Start -----
2013-10-18 09:41:21 LZO-ASYM init swap=0 asym=0
2013-10-18 09:41:21 EVENT: RESOLVE
2013-10-18 09:41:21 Contacting mydomain.org:8080 via TCP
2013-10-18 09:41:21 EVENT: WAIT
2013-10-18 09:41:21 Connecting to mydomain.org:8080 (mydomain.org) via TCPv4
2013-10-18 09:41:21 EVENT: CONNECTING
2013-10-18 09:41:21 Tunnel Options:V4,dev-type tun,link-mtu 1588,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher BF-CBC,auth SHA512,keysize 128,tls-auth,key-method 2,tls-client
2013-10-18 09:41:21 Peer Info:
IV_VER=1.0
IV_PLAT=ios
IV_NCP=1
IV_LZO=1

2013-10-18 09:41:23 VERIFY OK: depth=0
cert. version : 3
serial number : 01
issuer name : C=RU, ST=SAM, L=SAM, O=AP, OU=ITDPT, CN=AP CA, 0x29=AP, emailAddress=netmaster@mydomain.org
subject name : C=RU, ST=SAM, L=SAM, O=AP, OU=ITDPT, CN=srv, 0x29=Communication Server AP.NET, emailAddress=netmaster@mydomain.org
issued on : 2011-07-22 07:40:44
expires on : 2021-07-19 07:40:44
signed using : RSA+SHA1
RSA key size : 2048 bits

2013-10-18 09:41:23 VERIFY OK: depth=1
cert. version : 3
serial number : 81:71:ED:B1:B3:8D:56:DC
issuer name : C=RU, ST=SAM, L=SAM, O=AP, OU=ITDPT, CN=AP CA, 0x29=AP, emailAddress=netmaster@mydomain.org
subject name : C=RU, ST=SAM, L=SAM, O=AP, OU=ITDPT, CN=AP CA, 0x29=AP, emailAddress=netmaster@mydomain.org
issued on : 2011-07-22 07:30:42
expires on : 2021-07-19 07:30:42
signed using : RSA+SHA1
RSA key size : 2048 bits

2013-10-18 09:41:24 SSL Handshake: TLSv1.0/SSL-EDH-RSA-AES-256-SHA
2013-10-18 09:41:24 Session is ACTIVE
2013-10-18 09:41:25 EVENT: GET_CONFIG
2013-10-18 09:41:25 Sending PUSH_REQUEST to server...
2013-10-18 09:41:25 OPTIONS:
0 [route] [10.1.1.0] [255.255.255.0]
1 [route] [10.1.2.1]
2 [topology] [net30]
3 [ping] [10]
4 [ping-restart] [120]
5 [ifconfig] [10.1.2.146] [10.1.2.145]

2013-10-18 09:41:25 LZO-ASYM init swap=0 asym=0
2013-10-18 09:41:25 EVENT: ASSIGN_IP
2013-10-18 09:41:25 Connected via tun
2013-10-18 09:41:25 EVENT: CONNECTED ios@mydomain.org:8080 (mydomain.org) via /TCPv4 on tun/10.1.2.146/
2013-10-18 09:41:26 TCP recv EOF
2013-10-18 09:41:26 Transport Error: Transport error on 'mydomain.org: NETWORK_EOF_ERROR
2013-10-18 09:41:26 Client terminated, restarting in 2...
2013-10-18 09:41:28 EVENT: RECONNECTING
2013-10-18 09:41:28 LZO-ASYM init swap=0 asym=0
2013-10-18 09:41:28 Contacting mydomain.org:8080 via TCP
2013-10-18 09:41:28 EVENT: WAIT
2013-10-18 09:41:28 Connecting to mydomain.org:8080 (mydomain.org) via TCPv4
2013-10-18 09:41:28 EVENT: CONNECTING
2013-10-18 09:41:28 Tunnel Options:V4,dev-type tun,link-mtu 1588,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher BF-CBC,auth SHA512,keysize 128,tls-auth,key-method 2,tls-client
2013-10-18 09:41:28 Peer Info:
IV_VER=1.0
IV_PLAT=ios
IV_NCP=1
IV_LZO=1

2013-10-18 09:41:29 VERIFY OK: depth=0
cert. version : 3
serial number : 01
issuer name : C=RU, ST=SAM, L=SAM, O=AP, OU=ITDPT, CN=AP CA, 0x29=AP, emailAddress=netmaster@mydomain.org
subject name : C=RU, ST=SAM, L=SAM, O=AP, OU=ITDPT, CN=srv, 0x29=Communication Server AP.NET, emailAddress=netmaster@mydomain.org
issued on : 2011-07-22 07:40:44
expires on : 2021-07-19 07:40:44
signed using : RSA+SHA1
RSA key size : 2048 bits

2013-10-18 09:41:29 VERIFY OK: depth=1
cert. version : 3
serial number : 81:71:ED:B1:B3:8D:56:DC
issuer name : C=RU, ST=SAM, L=SAM, O=AP, OU=ITDPT, CN=AP CA, 0x29=AP, emailAddress=netmaster@mydomain.org
subject name : C=RU, ST=SAM, L=SAM, O=AP, OU=ITDPT, CN=AP CA, 0x29=AP, emailAddress=netmaster@mydomain.org
issued on : 2011-07-22 07:30:42
expires on : 2021-07-19 07:30:42
signed using : RSA+SHA1
RSA key size : 2048 bits

2013-10-18 09:41:31 SSL Handshake: TLSv1.0/SSL-EDH-RSA-AES-256-SHA
2013-10-18 09:41:31 Session is ACTIVE
2013-10-18 09:41:32 EVENT: GET_CONFIG
2013-10-18 09:41:32 Sending PUSH_REQUEST to server...
2013-10-18 09:41:32 OPTIONS:
0 [route] [10.1.1.0] [255.255.255.0]
1 [route] [10.1.2.1]
2 [topology] [net30]
3 [ping] [10]
4 [ping-restart] [120]
5 [ifconfig] [10.1.2.146] [10.1.2.145]

2013-10-18 09:41:32 LZO-ASYM init swap=0 asym=0
2013-10-18 09:41:32 EVENT: ASSIGN_IP
2013-10-18 09:41:32 Connected via tun
2013-10-18 09:41:32 EVENT: CONNECTED ios@mydomain.org:8080 (mydomain.org) via /TCPv4 on tun/10.1.2.146/
2013-10-18 09:41:33 TCP recv EOF
2013-10-18 09:41:33 Transport Error: Transport error on 'speedframe.dyndns-free.com: NETWORK_EOF_ERROR
2013-10-18 09:41:33 Client terminated, restarting in 2...
2013-10-18 09:41:35 EVENT: RECONNECTING
2013-10-18 09:41:35 LZO-ASYM init swap=0 asym=0
2013-10-18 09:41:35 Contacting mydomain.org:8080 via TCP
2013-10-18 09:41:35 EVENT: WAIT
2013-10-18 09:41:35 Connecting to mydomain.org:8080 (mydomain.org) via TCPv4
2013-10-18 09:41:35 EVENT: CONNECTING
2013-10-18 09:41:35 Tunnel Options:V4,dev-type tun,link-mtu 1588,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher BF-CBC,auth SHA512,keysize 128,tls-auth,key-method 2,tls-client
2013-10-18 09:41:35 Peer Info:
IV_VER=1.0
IV_PLAT=ios
IV_NCP=1
IV_LZO=1

2013-10-18 09:41:36 VERIFY OK: depth=0
cert. version : 3
serial number : 01
issuer name : C=RU, ST=SAM, L=SAM, O=AP, OU=ITDPT, CN=AP CA, 0x29=AP, emailAddress=netmaster@mydomain.org
subject name : C=RU, ST=SAM, L=SAM, O=AP, OU=ITDPT, CN=srv, 0x29=Communication Server AP.NET, emailAddress=netmaster@mydomain.org
issued on : 2011-07-22 07:40:44
expires on : 2021-07-19 07:40:44
signed using : RSA+SHA1
RSA key size : 2048 bits

2013-10-18 09:41:36 VERIFY OK: depth=1
cert. version : 3
serial number : 81:71:ED:B1:B3:8D:56:DC
issuer name : C=RU, ST=SAM, L=SAM, O=AP, OU=ITDPT, CN=AP CA, 0x29=AP, emailAddress=netmaster@mydomain.org
subject name : C=RU, ST=SAM, L=SAM, O=AP, OU=ITDPT, CN=AP CA, 0x29=AP, emailAddress=netmaster@mydomain.org
issued on : 2011-07-22 07:30:42
expires on : 2021-07-19 07:30:42
signed using : RSA+SHA1
RSA key size : 2048 bits

2013-10-18 09:41:38 SSL Handshake: TLSv1.0/SSL-EDH-RSA-AES-256-SHA
2013-10-18 09:41:38 Session is ACTIVE
2013-10-18 09:41:39 EVENT: GET_CONFIG
2013-10-18 09:41:39 Sending PUSH_REQUEST to server...
2013-10-18 09:41:39 OPTIONS:
0 [route] [10.1.1.0] [255.255.255.0]
1 [route] [10.1.2.1]
2 [topology] [net30]
3 [ping] [10]
4 [ping-restart] [120]
5 [ifconfig] [10.1.2.146] [10.1.2.145]

2013-10-18 09:41:39 LZO-ASYM init swap=0 asym=0
2013-10-18 09:41:39 EVENT: ASSIGN_IP
2013-10-18 09:41:39 Connected via tun
2013-10-18 09:41:39 EVENT: CONNECTED ios@mydomain.org:8080 (mydomain.org) via /TCPv4 on tun/10.1.2.146/
2013-10-18 09:41:40 TCP recv error: Connection reset by peer
2013-10-18 09:41:40 Transport Error: Transport error on 'speedframe.dyndns-free.com: NETWORK_RECV_ERROR
2013-10-18 09:41:40 Client terminated, restarting in 2...
2013-10-18 09:41:42 EVENT: RECONNECTING
2013-10-18 09:41:42 LZO-ASYM init swap=0 asym=0
2013-10-18 09:41:42 Contacting mydomain.org:8080 via TCP
2013-10-18 09:41:42 EVENT: WAIT
2013-10-18 09:41:42 Connecting to mydomain.org:8080 (mydomain.org) via TCPv4
2013-10-18 09:41:42 EVENT: CONNECTING
2013-10-18 09:41:42 Tunnel Options:V4,dev-type tun,link-mtu 1588,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher BF-CBC,auth SHA512,keysize 128,tls-auth,key-method 2,tls-client
2013-10-18 09:41:42 Peer Info:
IV_VER=1.0
IV_PLAT=ios
IV_NCP=1
IV_LZO=1

2013-10-18 09:41:43 VERIFY OK: depth=0
cert. version : 3
serial number : 01
issuer name : C=RU, ST=SAM, L=SAM, O=AP, OU=ITDPT, CN=AP CA, 0x29=AP, emailAddress=netmaster@mydomain.org
subject name : C=RU, ST=SAM, L=SAM, O=AP, OU=ITDPT, CN=srv, 0x29=Communication Server AP.NET, emailAddress=netmaster@mydomain.org
issued on : 2011-07-22 07:40:44
expires on : 2021-07-19 07:40:44
signed using : RSA+SHA1
RSA key size : 2048 bits

2013-10-18 09:41:43 VERIFY OK: depth=1
cert. version : 3
serial number : 81:71:ED:B1:B3:8D:56:DC
issuer name : C=RU, ST=SAM, L=SAM, O=AP, OU=ITDPT, CN=AP CA, 0x29=AP, emailAddress=netmaster@mydomain.org
subject name : C=RU, ST=SAM, L=SAM, O=AP, OU=ITDPT, CN=AP CA, 0x29=AP, emailAddress=netmaster@mydomain.org
issued on : 2011-07-22 07:30:42
expires on : 2021-07-19 07:30:42
signed using : RSA+SHA1
RSA key size : 2048 bits

2013-10-18 09:41:44 SSL Handshake: TLSv1.0/SSL-EDH-RSA-AES-256-SHA
2013-10-18 09:41:44 Session is ACTIVE
2013-10-18 09:41:45 EVENT: GET_CONFIG
2013-10-18 09:41:45 Sending PUSH_REQUEST to server...
2013-10-18 09:41:46 OPTIONS:
0 [route] [10.1.1.0] [255.255.255.0]
1 [route] [10.1.2.1]
2 [topology] [net30]
3 [ping] [10]
4 [ping-restart] [120]
5 [ifconfig] [10.1.2.146] [10.1.2.145]

2013-10-18 09:41:46 LZO-ASYM init swap=0 asym=0
2013-10-18 09:41:46 EVENT: ASSIGN_IP
2013-10-18 09:41:46 Connected via tun
2013-10-18 09:41:46 EVENT: CONNECTED ios@mydomain.org:8080 (46.173.208.53) via /TCPv4 on tun/10.1.2.146/
2013-10-18 09:41:46 TCP recv EOF
2013-10-18 09:41:46 Transport Error: Transport error on 'speedframe.dyndns-free.com: NETWORK_EOF_ERROR
2013-10-18 09:41:46 Client terminated, restarting in 2...
2013-10-18 09:41:47 EVENT: DISCONNECTED
2013-10-18 09:41:47 Raw stats on disconnect:
BYTES_IN : 33096
BYTES_OUT : 29116
PACKETS_IN : 100
PACKETS_OUT : 204
TUN_BYTES_IN : 576
TUN_PACKETS_IN : 12
NETWORK_RECV_ERROR : 1
NETWORK_EOF_ERROR : 3
N_RECONNECT : 3
2013-10-18 09:41:47 Performance stats on disconnect:
CPU usage (microseconds): 3523618
Tunnel compression ratio (downlink): inf
Network bytes per CPU second: 17655
Tunnel bytes per CPU second: 163
2013-10-18 09:41:47 ----- OpenVPN Stop -----

This may be due to non-standard ports?
and that is it EVENT: CONNECTED ios@mydomain.org: 8080 (mydomain.org) via / TCPv4 on tun/10.1.2.146 /
was not like this before
Ask for my clumsy English)))
The forum is not found or could not find an answer.
Who can help)
Thank you)

[firefedot]

config server:

port 9980
proto tcp
dev tun
user nobody
group nobody
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/srv.crt
key /etc/openvpn/keys/srv.key
dh /etc/openvpn/keys/dh2048.pem
server 10.1.2.0 255.255.255.0
mode server
client-config-dir ccd
push "route 10.1.1.0 255.255.255.0"
route 10.1.3.0 255.255.255.0
route 10.1.4.0 255.255.255.0
route 10.1.5.0 255.255.255.0
route 10.1.6.0 255.255.255.0
route 10.1.7.0 255.255.255.0
route 10.1.8.0 255.255.255.0
tls-server
tls-auth /etc/openvpn/keys/ta.key 0
tls-timeout 120
auth SHA512
cipher BF-CBC
keysize 256
keepalive 10 120
comp-lzo
status-version 2
log-append /var/log/openvpn-tun/openvpn-tun.log
status /etc/openvpn/status-tun.log
crl-verify /etc/openvpn/keys/crl.pem
verb 3
mute 20
persist-key
persist-tun
management localhost 7557

[steveOV]

Hello!

After hours of investigation I managed to use OpenVPN on iOS 6 not 7, putting in client.ovpn file all info inline.
No more other external file (.p12) to import. I deleted it from my iPhone.
See 2 last posts of my thread
topic14012.html

Delete from your client.ovpn all references to external file like:

Code: Select all

pkcs12 ios.p12

Perhaps, not tested, there is a quicker method using <pkcs12> tag instead of many tags like I use (<key>, <ca>,<cert>)...
Translate your .p12 into base64 and copy/paste its content into your client.ovpn between <pkcs12> and </pkcs12> tag.
Syntax:

Code: Select all

openssl base64 -in xyz.p12 -out xyz_b64.p12

You should have 'inline' in your client.ovpn file info pasted from base64 .p12 file and info that are not in your .p12 file, pasted from ca.key or ta.key .

Good luck ! It's quite tricky !

Tell me the result...

Regards,

Steve.

[firefedot]

Thank you very much for the help with base64)
I will smoke. as quite get - I'll write carefully .. Today all nochs'll puff)
thanks again for the help

[guru431]

This solution similar problems:
topic12069.html#p34402

[firefedot]

Thank you.
You are the key size in the config client change?