iPAD Air iOS 7.1.1 connection problems

[murga]

Hello,

I have an iPAD Air with iOS updated to 7.1.1.

I have a problem with the connection using OpenVpn 1.04.

It coonects with no problem , but I cannot connect to any IP for which this tunnel exists.

In the log I have an infinite loop that shows that it is constantly reconnecting:


2014-05-06 10:40:19 LZO-ASYM init swap=0 asym=0
2014-05-06 10:40:19 EVENT: ASSIGN_IP
2014-05-06 10:40:19 Connected via tun
2014-05-06 10:40:19 EVENT: CONNECTED
2014-05-06 10:41:19 Session invalidated: KEEPALIVE_TIMEOUT
2014-05-06 10:41:19 TUN teardown
2014-05-06 10:41:19 Client terminated, restarting in 2...
2014-05-06 10:41:21 EVENT: RECONNECTING
2014-05-06 10:41:21 LZO-ASYM init swap=0 asym=0
2014-05-06 10:41:21 Contacting ....

Does anybody have an idea what could be wrong?

It works perfectlu on windows OpenVpn client.

Cheers!

M

[silvio]

Hi,

i have the same problem (also with Ipad air) with iOS 7.1.1 (newest so far) and I know, that was definitly working with older ios 7 versions...

I like to post my server and client config tomorrow or post a solution if I found one.

cheers,
Silvio

[silvio]

This are my configs (i have masked some informations like network addresses)

> server.conf

mode server
tls-server
local 0.0.0.0
port 443
proto tcp
dev tun0
server 10.0.0.0 255.255.255.0

verb 3
status /var/log/openvpn-status.log
user nobody

client-to-client
client-config-dir /etc/openvpn/client-configs/
tls-verify "./scripts/ovpncncheck.py /etc/openvpn/cert_connect_whitelist"
script-security 2
duplicate-cn
keepalive 10 120
push route 172.0.0.0 255.255.255.0
push "dhcp-option DNS 172.0.0.1"
push "dhcp-option DOMAIN internal-domain.local"

ca /etc/openvpn/certs/server-ca.pem
cert /etc/openvpn/certs/server.pem
key /etc/openvpn/certs/server.key
dh /etc/openvpn/certs/dh2048.pem
tls-auth /etc/openvpn/certs/tls_secret.key


> client config for my x.509 certificate (on server site)

ifconfig-push 10.0.0.5 10.0.0.6
comp-lzo yes
push "comp-lzo yes"


> client config for my iOS device:

client
dev tun
proto tcp
pull
remote 80.0.0.0 443
pkcs12 client.p12
ca ca.pem
tls-auth tls_secret.key
script-security 2
nobind

[silvio]

Usually openvpn wont start, if your configuation is syntax incorrect, but you are right. I will try it with udp, as soon as i find the time.

[silvio]

I have found the problem. Its working for me, when I remove the compression, i have to remove: "comp-lzo yes"

--proto p

Use protocol p for communicating with remote host. p can be udp, tcp-client, or tcp-server.

Please allow me this comment. This is very confusing, cause udp is a network transport protocol, this is Ok, but tcp-client and tcp-server not, this are network roles, not protocols. And you are define the role of the configuration in the server/client configuration with "mode server" or "client", its, as i said before: confusing...

But thanks a lot for your help/input.


PS This configuration above - with comp-lzo yes - was working with iOS before 7.1.1.