iOS log:
iOS ovpn file:2015-04-07 21:47:17 ----- OpenVPN Start -----
OpenVPN core 3.0 ios armv7s thumb2 32-bit
2015-04-07 21:47:17 UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [user] [nobody]
7 [group] [nogroup]
8 [persist-key]
9 [persist-tun]
12 [verb] [3]
2015-04-07 21:47:17 LZO-ASYM init swap=0 asym=0
2015-04-07 21:47:17 EVENT: RESOLVE
2015-04-07 21:47:18 Contacting ip address:port via UDP
2015-04-07 21:47:18 EVENT: WAIT
2015-04-07 21:47:18 SetTunnelSocket returned 1
2015-04-07 21:47:18 Connecting to ip address:port via UDPv4
2015-04-07 21:47:18 EVENT: CONNECTING
2015-04-07 21:47:18 Tunnel Options:V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client
2015-04-07 21:47:18 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.0.5-177
IV_VER=3.0
IV_PLAT=ios
IV_NCP=1
IV_LZO=1
2015-04-07 21:47:19 VERIFY OK: depth=1
cert. version : 3
serial number :
issuer name :
subject name :
issued on : 2015-04-03 16:01:51
expires on : 2025-03-31 16:01:51
signed using : RSA with SHA-256
RSA key size : 1024 bits
basic constraints : CA=true
2015-04-07 21:47:19 VERIFY OK: depth=0
cert. version : 3
serial number : 01
issuer name :
subject name :
issued on : 2015-04-03 16:02:50
expires on : 2025-03-31 16:02:50
signed using : RSA with SHA-256
RSA key size : 1024 bits
basic constraints : CA=false
subject alt name : server
cert. type : SSL Server
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication
2015-04-07 21:47:19 SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-AES-256-CBC-SHA
2015-04-07 21:47:19 Session is ACTIVE
2015-04-07 21:47:19 EVENT: GET_CONFIG
2015-04-07 21:47:19 Sending PUSH_REQUEST to server...
2015-04-07 21:47:19 OPTIONS:
0 [redirect-gateway] [def1] [bypass-dhcp]
1 [dhcp-option] [DNS] [8.8.8.8]
2 [dhcp-option] [DNS] [8.8.4.4]
3 [sndbuf] [393216]
4 [rcvbuf] [393216]
5 [route] [10.8.0.1]
6 [topology] [net30]
7 [ping] [10]
8 [ping-restart] [120]
9 [ifconfig] [10.8.0.10] [10.8.0.9]
2015-04-07 21:47:19 LZO-ASYM init swap=0 asym=0
2015-04-07 21:47:19 EVENT: ASSIGN_IP
2015-04-07 21:47:19 Connected via tun
2015-04-07 21:47:19 EVENT: CONNECTED ip address:port via /UDPv4 on tun/10.8.0.10/
2015-04-07 21:47:19 TUN reset routes
2015-04-07 21:47:19 EVENT: DISCONNECTED
2015-04-07 21:47:19 Raw stats on disconnect:
BYTES_IN : 3876
BYTES_OUT : 2782
PACKETS_IN : 38
PACKETS_OUT : 40
2015-04-07 21:47:19 Performance stats on disconnect:
CPU usage (microseconds): 101972
Network bytes per CPU second: 65292
Tunnel bytes per CPU second: 0
2015-04-07 21:47:19 ----- OpenVPN Stop -----
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
;proto tcp
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote ip address port
;remote my-server-2 1194
# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.
;remote-random
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Downgrade privileges after initialization (non-Windows only)
user nobody
group nogroup
# Try to preserve some state across restarts.
persist-key
persist-tun
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings
# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
#ca ca.crt
#cert client.crt
#key client.key
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
ns-cert-type server
# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher x
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
# Set log file verbosity.
verb 3
# Silence repeating messages
;mute 20
tun-mtu 48000
mssfix 1360
<ca>
-----BEGIN CERTIFICATE-----
....................................................
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
....................................................
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
....................................................
-----END PRIVATE KEY-----
</key>