Works on Windows/Mac/Android but not iOS

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
barsos
OpenVpn Newbie
Posts: 6
Joined: Fri Mar 20, 2015 10:16 am

Works on Windows/Mac/Android but not iOS

Post by barsos » Mon Jun 22, 2015 7:23 pm

Hi,

I'm using a custom configuration that does works perfectly on Windows/Mac/Android but not on iOS (1.0.5 build 177 32-bit). What am I doing wrong?

Client logs:

Code: Select all

2015-06-22 20:06:29 ----- OpenVPN Start -----
OpenVPN core 3.0 ios armv7s thumb2 32-bit
2015-06-22 20:06:29 UNUSED OPTIONS
3 [pull] 
4 [script-security] [2] 
10 [auth-nocache] 
12 [tls-client] 
13 [tls-cipher] [TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-1...] 
18 [verb] [3] 

2015-06-22 20:06:29 LZO-ASYM init swap=0 asym=0
2015-06-22 20:06:29 EVENT: RESOLVE
2015-06-22 20:06:31 Contacting A.B.C.D:443 via TCP
2015-06-22 20:06:31 EVENT: WAIT
2015-06-22 20:06:31 SetTunnelSocket returned 1
2015-06-22 20:06:31 Connecting to hostname:443 (A.B.C.D) via TCPv4
2015-06-22 20:06:31 EVENT: CONNECTING
2015-06-22 20:07:11 Session invalidated: KEEPALIVE_TIMEOUT
2015-06-22 20:07:11 Client terminated, restarting in 2...
2015-06-22 20:07:13 EVENT: RECONNECTING
2015-06-22 20:07:13 LZO-ASYM init swap=0 asym=0
2015-06-22 20:07:13 EVENT: RESOLVE
2015-06-22 20:07:13 Contacting A.B.C.D:443 via TCP
2015-06-22 20:07:13 EVENT: WAIT
2015-06-22 20:07:13 SetTunnelSocket returned 1
2015-06-22 20:07:14 Connecting to hostname:443 (A.B.C.D) via TCPv4
2015-06-22 20:07:14 EVENT: CONNECTING
2015-06-22 20:07:29 EVENT: CONNECTION_TIMEOUT [ERR]
2015-06-22 20:07:29 EVENT: DISCONNECTED
2015-06-22 20:07:29 Raw stats on disconnect:
BYTES_IN : 568
BYTES_OUT : 568
PACKETS_IN : 6
PACKETS_OUT : 6
REPLAY_ERROR : 2
KEEPALIVE_TIMEOUT : 1
CONNECTION_TIMEOUT : 1
N_RECONNECT : 1
PKTID_TCP_OUT_OF_SEQ : 2
2015-06-22 20:07:29 Performance stats on disconnect:
CPU usage (microseconds): 37247
Network bytes per CPU second: 30499
Tunnel bytes per CPU second: 0
2015-06-22 20:07:29 EVENT: DISCONNECT_PENDING
2015-06-22 20:07:29 ----- OpenVPN Stop -----
Server logs:

Code: Select all

Mon Jun 22 20:06:30 2015 TCP connection established with [AF_INET6]::ffff:A.B.C.D:57104                                                                          
Mon Jun 22 20:06:30 2015 ::ffff:A.B.C.D(57104) TLS: Initial packet from [AF_INET6]::ffff:A.B.C.D:57104, sid=dc171508 015958ca                             
Mon Jun 22 20:07:10 2015 ::ffff:A.B.C.D(57104) Connection reset, restarting [0]                                                                                  
Mon Jun 22 20:07:10 2015 ::ffff:A.B.C.D(57104) SIGUSR1[soft,connection-reset] received, client-instance restarting                                               
Mon Jun 22 20:07:13 2015 TCP connection established with [AF_INET6]::ffff:A.B.C.D:7955                                                                           
Mon Jun 22 20:07:13 2015 ::ffff:A.B.C.D(7955) TLS: Initial packet from [AF_INET6]::ffff:A.B.C.D:7955, sid=48ef69ba 8ae10b16                               
Mon Jun 22 20:07:28 2015 ::ffff:A.B.C.D(7955) Connection reset, restarting [0]                                                                                   
Mon Jun 22 20:07:28 2015 ::ffff:A.B.C.D(7955) SIGUSR1[soft,connection-reset] received, client-instance restarting
Client conf:

Code: Select all

setenv CLIENT_CERT 0

remote hostname 443
proto tcp-client
dev tun

pull
script-security 2

# If redirect-gateway is enabled, the client will redirect it's default network gateway through the VPN.
#redirect-gateway

<ca>
-----BEGIN CERTIFICATE-----
//key
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
//key
-----END CERTIFICATE-----
</ca>
comp-lzo
reneg-sec 0
auth SHA512
auth-user-pass
auth-nocache
cipher AES-256-CBC
tls-client
tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
//key
-----END OpenVPN Static key V1-----
</tls-auth>
#tls-auth tls-auth.key 1
tls-version-min 1.2
remote-cert-eku "TLS Web Server Authentication"
verify-x509-name 'OU=blabla, CN=hostname' subject

verb 15
Server conf:

Code: Select all

push "route F.G.H.I 255.255.255.0"
push "route R.S.T.U 255.255.255.0"
server R.S.T.U 255.255.255.0
port 443
proto tcp6-server
dev tun
persist-tun
persist-key
comp-lzo
keepalive 10 60
#mode server
reneg-sec 0

#user anonymous
#group anonymous

#management K.L.M.N 1195

dh /usr/syno/etc/packages/VPNCenter/openvpn/keys/dh2048.pem
ca /usr/syno/etc/ssl/ssl.crt/ca.crt
cert /usr/syno/etc/ssl/ssl.crt/server.crt
key /usr/syno/etc/ssl/ssl.key/server.key
#ca /var/packages/VPNCenter/target/etc/openvpn/keys/ca.crt
#cert /var/packages/VPNCenter/target/etc/openvpn/keys/server.crt
#key /var/packages/VPNCenter/target/etc/openvpn/keys/server.key

auth SHA512
client-cert-not-required
cipher AES-256-CBC
tls-auth /usr/syno/etc/packages/VPNCenter/openvpn/keys/tls-auth.key 0
tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
#tls-cipher ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256
tls-version-min 1.2
remote-cert-eku "TLS Web Client Authentication"
username-as-common-name

max-clients 2

plugin /var/packages/VPNCenter/target/lib/radiusplugin.so /var/packages/VPNCenter/target/etc/openvpn/radiusplugin.cnf

log-append /var/log/openvpn.log
status /var/log/openvpn-status.log 30
status-version 2

verb 3
Top
User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Works on Windows/Mac/Android but not iOS

Post by Traffic » Mon Jun 22, 2015 8:15 pm

Try --verb 4+ on your server ..

It looks like you have failed to authorise your client correctly.
Top
barsos
OpenVpn Newbie
Posts: 6
Joined: Fri Mar 20, 2015 10:16 am

Re: Works on Windows/Mac/Android but not iOS

Post by barsos » Fri Jun 26, 2015 6:29 am

It seems to be a mismatch between the Options hash?

Code: Select all

Thu Jun 25 20:24:30 2015 us=766121 MULTI: REAP range 64 -> 80
Thu Jun 25 20:24:30 2015 us=766173 MULTI: multi_create_instance called
Thu Jun 25 20:24:30 2015 us=766218 Re-using SSL/TLS context
Thu Jun 25 20:24:30 2015 us=766263 LZO compression initialized
Thu Jun 25 20:24:30 2015 us=766272 MTU DYNAMIC mtu=0, flags=1, 0 -> 212
Thu Jun 25 20:24:30 2015 us=766294 PID packet_id_init tcp_mode=1 seq_backtrack=64 time_backtrack=15
Thu Jun 25 20:24:30 2015 us=766456 PID packet_id_init tcp_mode=1 seq_backtrack=64 time_backtrack=15
Thu Jun 25 20:24:30 2015 us=766467 PID packet_id_init tcp_mode=1 seq_backtrack=64 time_backtrack=15
Thu Jun 25 20:24:30 2015 us=766525 PID packet_id_init tcp_mode=1 seq_backtrack=64 time_backtrack=15
Thu Jun 25 20:24:30 2015 us=766535 Control Channel MTU parms [ L:1604 D:212 EF:112 EB:0 ET:0 EL:0 ]
Thu Jun 25 20:24:30 2015 us=766553 MTU DYNAMIC mtu=1450, flags=2, 1604 -> 1450
Thu Jun 25 20:24:30 2015 us=766562 Data Channel MTU parms [ L:1604 D:1450 EF:104 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Jun 25 20:24:30 2015 us=766720 Local Options String: 'V4,dev-type tun,link-mtu 1604,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-
Thu Jun 25 20:24:30 2015 us=766727 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1604,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-met
Thu Jun 25 20:24:30 2015 us=766749 Local Options hash (VER=V4): 'eda38e81'
Thu Jun 25 20:24:30 2015 us=766764 Expected Remote Options hash (VER=V4): 'c19f87b0'
Thu Jun 25 20:24:30 2015 us=766801 TCP connection established with [AF_INET6]::ffff:V.W.X.Y:51599
Thu Jun 25 20:24:30 2015 us=766810 TCPv6_SERVER link local (bound): [undef]
Thu Jun 25 20:24:30 2015 us=766819 TCPv6_SERVER link remote: [AF_INET6]::ffff:V.W.X.Y:51599
Thu Jun 25 20:24:30 2015 us=766844 ::ffff:V.W.X.Y(51599) SENT PING
Thu Jun 25 20:24:30 2015 us=784287 ::ffff:V.W.X.Y(51599) MULTI TCP: instance added: ::ffff:V.W.X.Y(51599)
Thu Jun 25 20:24:30 2015 us=784324 ::ffff:V.W.X.Y(51599) MULTI TCP: multi_tcp_action a=TA_INITIAL p=0
Thu Jun 25 20:24:30 2015 us=784331 ::ffff:V.W.X.Y(51599) MULTI TCP: multi_tcp_dispatch a=TA_INITIAL mi=0x080f7b38
Thu Jun 25 20:24:30 2015 us=784456 ::ffff:V.W.X.Y(51599) MULTI TCP: multi_tcp_post TA_INITIAL -> TA_SOCKET_WRITE
Thu Jun 25 20:24:30 2015 us=784465 ::ffff:V.W.X.Y(51599) MULTI TCP: multi_tcp_action a=TA_SOCKET_WRITE p=1
Thu Jun 25 20:24:30 2015 us=784471 ::ffff:V.W.X.Y(51599) MULTI TCP: multi_tcp_wait_lite a=TA_SOCKET_WRITE mi=0x080f7b38
Thu Jun 25 20:24:30 2015 us=784486 ::ffff:V.W.X.Y(51599) MULTI TCP: multi_tcp_dispatch a=TA_SOCKET_WRITE mi=0x080f7b38
Thu Jun 25 20:24:30 2015 us=784510 ::ffff:V.W.X.Y(51599) TCPv6_SERVER WRITE [86] to [AF_INET6]::ffff:V.W.X.Y:51599: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0
Thu Jun 25 20:24:30 2015 us=784556 MULTI TCP: multi_tcp_post TA_SOCKET_WRITE -> TA_UNDEF
Thu Jun 25 20:24:30 2015 us=784567 MULTI TCP: multi_tcp_action a=TA_SOCKET_READ p=0
Thu Jun 25 20:24:30 2015 us=784573 MULTI TCP: multi_tcp_dispatch a=TA_SOCKET_READ mi=0x080f7b38
Thu Jun 25 20:24:30 2015 us=784595 ::ffff:V.W.X.Y(51599) TCPv6_SERVER READ [86] from [AF_INET6]::ffff:V.W.X.Y:51599: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0
Thu Jun 25 20:24:30 2015 us=784611 ::ffff:V.W.X.Y(51599) TLS: Initial packet from [AF_INET6]::ffff:V.W.X.Y:51599, sid=a89815b9 762dd12f
Thu Jun 25 20:24:30 2015 us=784631 ::ffff:V.W.X.Y(51599) PID_TEST [0] [TLS_AUTH-0] [] 0:0 1435256672:1 t=1435256670[0] r=[0,0,0,0,1]
Thu Jun 25 20:24:30 2015 us=784659 MULTI TCP: multi_tcp_post TA_SOCKET_READ -> TA_SOCKET_WRITE
Thu Jun 25 20:24:30 2015 us=784665 MULTI TCP: multi_tcp_action a=TA_SOCKET_WRITE p=1
Thu Jun 25 20:24:30 2015 us=784671 MULTI TCP: multi_tcp_wait_lite a=TA_SOCKET_WRITE mi=0x080f7b38
Thu Jun 25 20:24:30 2015 us=784678 MULTI TCP: multi_tcp_dispatch a=TA_SOCKET_WRITE mi=0x080f7b38
Thu Jun 25 20:24:30 2015 us=784689 ::ffff:V.W.X.Y(51599) TCPv6_SERVER WRITE [98] to [AF_INET6]::ffff:V.W.X.Y:51599: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #2 ] [ 0 ] pid=0 DATA len=0
Thu Jun 25 20:24:30 2015 us=784706 MULTI TCP: multi_tcp_post TA_SOCKET_WRITE -> TA_UNDEF
Thu Jun 25 20:24:30 2015 us=853267 MULTI TCP: multi_tcp_action a=TA_SOCKET_READ p=0
Thu Jun 25 20:24:30 2015 us=853309 MULTI TCP: multi_tcp_dispatch a=TA_SOCKET_READ mi=0x080f7b38
Thu Jun 25 20:24:30 2015 us=853339 ::ffff:V.W.X.Y(51599) TCPv6_SERVER READ [98] from [AF_INET6]::ffff:V.W.X.Y:51599: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #2 ] [ 0 ] pid=1 DATA len=0
Thu Jun 25 20:24:30 2015 us=853377 ::ffff:V.W.X.Y(51599) PID_TEST [0] [TLS_AUTH-0] [] 1435256672:1 1435256672:2 t=1435256670[0] r=[0,0,0,0,1]
Thu Jun 25 20:24:30 2015 us=853432 MULTI TCP: multi_tcp_post TA_SOCKET_READ -> TA_SOCKET_WRITE
Thu Jun 25 20:24:30 2015 us=853440 MULTI TCP: multi_tcp_action a=TA_SOCKET_WRITE p=1
Thu Jun 25 20:24:30 2015 us=853446 MULTI TCP: multi_tcp_wait_lite a=TA_SOCKET_WRITE mi=0x080f7b38
Thu Jun 25 20:24:30 2015 us=853456 MULTI TCP: multi_tcp_dispatch a=TA_SOCKET_WRITE mi=0x080f7b38
Thu Jun 25 20:24:30 2015 us=853468 ::ffff:V.W.X.Y(51599) TCPv6_SERVER WRITE [94] to [AF_INET6]::ffff:V.W.X.Y:51599: P_ACK_V1 kid=0 pid=[ #3 ] [ 1 ]
Thu Jun 25 20:24:30 2015 us=853490 MULTI TCP: multi_tcp_post TA_SOCKET_WRITE -> TA_UNDEF
Thu Jun 25 20:24:30 2015 us=922426 MULTI TCP: multi_tcp_action a=TA_SOCKET_READ p=0
Thu Jun 25 20:24:30 2015 us=922468 MULTI TCP: multi_tcp_dispatch a=TA_SOCKET_READ mi=0x080f7b38
Thu Jun 25 20:24:30 2015 us=922501 ::ffff:V.W.X.Y(51599) TCPv6_SERVER READ [94] from [AF_INET6]::ffff:V.W.X.Y:51599: P_ACK_V1 kid=0 pid=[ #3 ] [ 0 ]
Thu Jun 25 20:24:30 2015 us=922526 ::ffff:V.W.X.Y(51599) PID_TEST [0] [TLS_AUTH-0] [] 1435256672:2 1435256672:3 t=1435256670[0] r=[0,0,0,0,1]
Thu Jun 25 20:24:30 2015 us=922563 MULTI TCP: multi_tcp_post TA_SOCKET_READ -> TA_UNDEF
Thu Jun 25 20:24:31 2015 us=989408 MULTI: REAP range 80 -> 96
Thu Jun 25 20:24:31 2015 us=989454 MULTI TCP: multi_tcp_action a=TA_TIMEOUT p=0
Thu Jun 25 20:24:31 2015 us=989462 MULTI TCP: multi_tcp_dispatch a=TA_TIMEOUT mi=0x00000000
Thu Jun 25 20:24:31 2015 us=989504 MULTI TCP: multi_tcp_post TA_TIMEOUT -> TA_UNDEF
Thu Jun 25 20:24:33 2015 us=145407 MULTI: REAP range 96 -> 112
Top
User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Works on Windows/Mac/Android but not iOS

Post by Traffic » Sat Jun 27, 2015 6:03 pm

Did you change your password ?
Top
barsos
OpenVpn Newbie
Posts: 6
Joined: Fri Mar 20, 2015 10:16 am

Re: Works on Windows/Mac/Android but not iOS

Post by barsos » Sun Jun 28, 2015 8:49 am

Nope. :-) And the keys are identical on Android and iOS.
Top
Deimos
OpenVpn Newbie
Posts: 4
Joined: Mon Jun 22, 2015 7:36 pm

Re: Works on Windows/Mac/Android but not iOS

Post by Deimos » Sun Jun 28, 2015 11:31 am

(I made two posts on this forum - both have never appeared !!. So I'll try for a 3rd and final time.)

On iOS I find OpenVPN Connect will not roam between networks. I have a number of different WiFi networks in my house (coverage issues) and moving between rooms to a different network, the WiFi will immediately associate with a new Access Point and OpenVPM Connect will just disconnect and not reconnect.

Same with or without Seamless Tunnel (and then with of without both Seamless Tunnel with Level 2 Reachability).

Once on new WiFi network, doing a manual connect will immediately connect to the VPN without and issues.
Top
User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Works on Windows/Mac/Android but not iOS

Post by Traffic » Sat Aug 22, 2015 7:29 pm

Try a lower --keepalive setting in your server : f.e keepalive 3 15
Top
Post Reply

Return to “OpenVPN Connect (iOS)”