Cannot connect from Ipad

czarekplpl · Post by **czarekplpl** » Fri Jun 09, 2017 8:31 pm

Hello.
I set up OpenVpn in my linux server. I can connect from PC and Android but I experience problems from Ipad.
Can you help me to fix this problem?

Here is my conf file:

client

1

client

2

dev tun

3

proto udp

4

remote 43.251.157.178 1194

5

resolv-retry infinite

6

nobind

7

persist-key

8

persist-tun

9

verb 3

10

<ta>

11

-----BEGIN OpenVPN Static key V1-----

12

..

13

-----END OpenVPN Static key V1-----

14

</ta>

15

<ca>

16

--STRIPPED INLINE CA CERT--

17

</ca>

18

<cert>

19

--STRIPPED INLINE CERT--

20

</cert>

21

<key>

22

--STRIPPED INLINE KEY--

Here is the log file:

Code: Select all

2017-06-10 03:35:54 ----- OpenVPN Start -----
OpenVPN core 3.1.2 ios armv7a thumb2 32-bit built on Dec  5 2016 12:50:25
2017-06-10 03:35:54 Frame=512/2048/512 mssfix-ctrl=1250
2017-06-10 03:35:54 UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [persist-key]
7 [persist-tun]
8 [verb] [3]
9 [ta] [# # 2048 bit OpenVPN static key # -----BEGIN OpenVPN Static key ...]

2017-06-10 03:35:54 EVENT: RESOLVE
2017-06-10 03:35:54 Contacting 43.251.157.178:1194 via UDP
2017-06-10 03:35:54 EVENT: WAIT
2017-06-10 03:35:54 SetTunnelSocket returned 1
2017-06-10 03:35:54 Connecting to [43.251.157.178]:1194 (43.251.157.178) via UDPv4
2017-06-10 03:36:04 Server poll timeout, trying next remote entry...
2017-06-10 03:36:04 EVENT: RECONNECTING
2017-06-10 03:36:04 EVENT: RESOLVE
2017-06-10 03:36:04 Contacting 43.251.157.178:1194 via UDP
2017-06-10 03:36:04 EVENT: WAIT
2017-06-10 03:36:04 SetTunnelSocket returned 1
2017-06-10 03:36:04 Connecting to [43.251.157.178]:1194 (43.251.157.178) via UDPv4
2017-06-10 03:36:14 Server poll timeout, trying next remote entry...
2017-06-10 03:36:14 EVENT: RECONNECTING
2017-06-10 03:36:14 EVENT: RESOLVE
2017-06-10 03:36:14 Contacting 43.251.157.178:1194 via UDP
2017-06-10 03:36:14 EVENT: WAIT
2017-06-10 03:36:14 SetTunnelSocket returned 1
2017-06-10 03:36:14 Connecting to [43.251.157.178]:1194 (43.251.157.178) via UDPv4
2017-06-10 03:36:24 Server poll timeout, trying next remote entry...
2017-06-10 03:36:24 EVENT: RECONNECTING
2017-06-10 03:36:24 EVENT: RESOLVE
2017-06-10 03:36:24 Contacting 43.251.157.178:1194 via UDP
2017-06-10 03:36:24 EVENT: WAIT
2017-06-10 03:36:24 SetTunnelSocket returned 1
2017-06-10 03:36:24 Connecting to [43.251.157.178]:1194 (43.251.157.178) via UDPv4
2017-06-10 03:36:34 Server poll timeout, trying next remote entry...
2017-06-10 03:36:34 EVENT: RECONNECTING
2017-06-10 03:36:34 EVENT: RESOLVE
2017-06-10 03:36:34 Contacting 43.251.157.178:1194 via UDP
2017-06-10 03:36:34 EVENT: WAIT
2017-06-10 03:36:34 SetTunnelSocket returned 1
2017-06-10 03:36:34 Connecting to [43.251.157.178]:1194 (43.251.157.178) via UDPv4
2017-06-10 03:36:44 Server poll timeout, trying next remote entry...
2017-06-10 03:36:44 EVENT: RECONNECTING
2017-06-10 03:36:44 EVENT: RESOLVE
2017-06-10 03:36:44 Contacting 43.251.157.178:1194 via UDP
2017-06-10 03:36:44 EVENT: WAIT
2017-06-10 03:36:44 SetTunnelSocket returned 1
2017-06-10 03:36:44 Connecting to [43.251.157.178]:1194 (43.251.157.178) via UDPv4
2017-06-10 03:36:54 EVENT: CONNECTION_TIMEOUT [ERR]
2017-06-10 03:36:54 EVENT: DISCONNECTED
2017-06-10 03:36:54 Raw stats on disconnect:
  BYTES_OUT : 840
  PACKETS_OUT : 60
  CONNECTION_TIMEOUT : 1
  N_RECONNECT : 5
2017-06-10 03:36:54 Performance stats on disconnect:
  CPU usage (microseconds): 120144
  Network bytes per CPU second: 6991
  Tunnel bytes per CPU second: 0
2017-06-10 03:36:54 EVENT: DISCONNECT_PENDING
2017-06-10 03:36:54 ----- OpenVPN Stop -----

TinCanTech · Post by **TinCanTech** » Sat Jun 10, 2017 1:38 pm

Perhaps your network provider is blocking your ipad.

czarekplpl · Post by **czarekplpl** » Mon Jun 12, 2017 6:04 pm

I can connet to internet from the same network from PC and Android and also can connect to ExpresVpn as well.
So I think it have to something wrong with the configuration.

TinCanTech · Post by **TinCanTech** » Mon Jun 12, 2017 6:23 pm

czarekplpl wrote: I think it have to something wrong with the configuration.

What about your server config and log .. and check your server firewall.

czarekplpl · Post by **czarekplpl** » Tue Jun 13, 2017 8:37 am

Server conf. looks good. Works well with windows and android.

TinCanTech · Post by **TinCanTech** » Tue Jun 13, 2017 12:31 pm

czarekplpl wrote:looks good

We'll take your word on that ..

baher · Post by **baher** » Wed Jun 14, 2017 2:33 am

Almost the same problem description here... I might add that it was working perfectly the day before! This morning it simply refuses to connect from iOS (iPad) AND Android. I can add some server logs to my case through:

This is what I get when I connect from the iPad today: "Authenticate/Decrypt packet error: bad packet ID (may be a replay)"

I can connect from the Windows PC client with all configured profiles from the same network and the same WiFi AP!!! It's driving me crazy!

I hope someone can shed some light on this mystery

Cheers all

Baher

TinCanTech · Post by **TinCanTech** » Wed Jun 14, 2017 2:46 am

Did you ask your server admin about it ?

baher · Post by **baher** » Wed Jun 14, 2017 2:55 am

TinCanTech wrote:Did you ask your server admin about it ?

You are chatting with him

TinCanTech · Post by **TinCanTech** » Wed Jun 14, 2017 2:57 am

Did you mean to hijack this thread ?

Or is there some other explanation ?

Please see:
HOWTO: Request Help !

baher · Post by **baher** » Wed Jun 14, 2017 2:35 pm

TinCanTech wrote:Did you mean to hijack this thread ?

Or is there some other explanation ?

Please see:
HOWTO: Request Help !

Or course not! what are you talking about? I do have this problem and a the same time I am the one who installed the server! You should have already known that when I said that I have a bit of the "server" log to share to the problem!

Does being the server admin help me? Nope! Just gives me access to the logs so I can ask ppl who are more experienced?

I don't get what you are accusing me of, but that is not me! I'm here for help?

Can anyone help us?

TinCanTech · Post by **TinCanTech** » Wed Jun 14, 2017 3:52 pm

No logs .. No configs .. No idea ..

baher · Post by **baher** » Wed Jun 14, 2017 6:33 pm

Great, I will supply the required info as soon as I get in front of my workstation...

czarekplpl · Post by **czarekplpl** » Thu Jun 15, 2017 12:17 am

Hello.
Here is my server logs.

Code: Select all

hu Jun 15 08:15:20 2017 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]61.140.196.225:31190
Thu Jun 15 08:15:21 2017 client/120.84.10.244:54936 TLS ERROR: received control packet with stale session-id=bdca2f1c dcda0e7d
Thu Jun 15 08:15:23 2017 client/120.84.10.244:54936 TLS ERROR: received control packet with stale session-id=bdca2f1c dcda0e7d
Thu Jun 15 08:15:25 2017 client/120.84.10.244:54936 TLS ERROR: received control packet with stale session-id=bdca2f1c dcda0e7d
Thu Jun 15 08:15:27 2017 client/120.84.10.244:54936 TLS ERROR: received control packet with stale session-id=bdca2f1c dcda0e7d
Thu Jun 15 08:15:29 2017 client/120.84.10.244:54936 TLS ERROR: received control packet with stale session-id=bdca2f1c dcda0e7d
Thu Jun 15 08:15:31 2017 client/120.84.10.244:54936 TLS ERROR: received control packet with stale session-id=bdca2f1c dcda0e7d
Thu Jun 15 08:15:33 2017 client/120.84.10.244:54936 TLS ERROR: received control packet with stale session-id=bdca2f1c dcda0e7d
Thu Jun 15 08:15:35 2017 client/120.84.10.244:54936 TLS ERROR: received control packet with stale session-id=bdca2f1c dcda0e7d
Thu Jun 15 08:15:37 2017 client/120.84.10.244:54936 TLS ERROR: received control packet with stale session-id=bdca2f1c dcda0e7d
Thu Jun 15 08:15:39 2017 client/120.84.10.244:54936 TLS ERROR: received control packet with stale session-id=bdca2f1c dcda0e7d
Thu Jun 15 08:15:43 2017 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]61.140.196.225:31193
Thu Jun 15 08:15:43 2017 client/120.84.10.244:54936 TLS ERROR: received control packet with stale session-id=bdca2f1c dcda0e7d
Thu Jun 15 08:15:44 2017 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]61.140.196.225:31193
Thu Jun 15 08:15:45 2017 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]61.140.196.225:31193
Thu Jun 15 08:15:46 2017 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]61.140.196.225:31193
Thu Jun 15 08:15:47 2017 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]61.140.196.225:31193
Thu Jun 15 08:15:48 2017 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]61.140.196.225:31193
Thu Jun 15 08:15:49 2017 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]61.140.196.225:31193
Thu Jun 15 08:15:49 2017 client/120.84.10.244:54936 TLS ERROR: received control packet with stale session-id=bdca2f1c dcda0e7d
Thu Jun 15 08:15:50 2017 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]61.140.196.225:31193
Thu Jun 15 08:15:51 2017 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]61.140.196.225:31193
Thu Jun 15 08:15:52 2017 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]61.140.196.225:31193
Thu Jun 15 08:15:53 2017 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]61.140.196.225:31194
Thu Jun 15 08:15:54 2017 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]61.140.196.225:31194
Thu Jun 15 08:15:55 2017 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]61.140.196.225:31194
Thu Jun 15 08:15:56 2017 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]61.140.196.225:31194
Thu Jun 15 08:15:57 2017 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]61.140.196.225:31194
Thu Jun 15 08:15:58 2017 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]61.140.196.225:31194
Thu Jun 15 08:15:59 2017 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]61.140.196.225:31194
Thu Jun 15 08:15:59 2017 client/120.84.10.244:54936 TLS ERROR: received control packet with stale session-id=bdca2f1c dcda0e7d
Thu Jun 15 08:16:00 2017 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]61.140.196.225:31194
Thu Jun 15 08:16:01 2017 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]61.140.196.225:31194
Thu Jun 15 08:16:02 2017 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]61.140.196.225:31194
Thu Jun 15 08:16:03 2017 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]61.140.196.225:31195
Thu Jun 15 08:16:04 2017 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]61.140.196.225:31195

czarekplpl · Post by **czarekplpl** » Thu Jun 15, 2017 11:21 am

Hello. I done. This is conf works for me:
If in the <tls-auth> the Static Key V1 - key direction must be 1 (key direction 1)

Code: Select all

client
dev tun
proto udp
remote 43.200.154.178 1194
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
#auth-nocache
ns-cert-type server
verb 3
key-direction 1
<tls-auth>

-----BEGIN OpenVPN Static key V1-----

e5747c0b058db6d7d2e96b6fb486a78b
363d449543e6727db52a29adc6dfcc7a
184874460ae612ee223963ebda312426
97f9bf7559176664e73c51c55e11369c
7b1754015ecabd227cf0f76af8f9aff7
ae6595bfade2614d9e1d81a489c12a2c

-----END OpenVPN Static key V1-----
</tls-auth>
<ca>
-----BEGIN CERTIFICATE-----
MIIEpzCCA4+gAwIBAgIJAOFiucWar1uHMA0GCSqGSIb3DQEBCwUAMIGTMQswCQYD
VQQGEwJoazELMAkGA1UECBMCaGsxCzAJBgNVBAcTAmhrMQ8wDQYDVQQKEwZjemFy
ZWsxDzANBgNVBAsTBmN6YXJlazESMBAGA1UEAxMJY3phcmVrIENBMQ8wDQYDVQQp
sBNoCShSEmsx46O1htziX5qkU4mTK/eoR5PALBQozztucbgLdyseCmDgjTDd3vqd
shkhoAN3L0LkLKZ02x4kJilb79TXh6lnlIuOpckSQMSVLIov+SEQ/D483JN50gGI
yxanBOGKLF5fDdH+AT0ZML0OBL+jD/Wap+V96msmdqZ0eVPp/ODfBzljcQ==
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIE7DCCA9SgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBkzELMAkGA1UEBhMCaGsx
CzAJBgNVBAgTAmhrMQswCQYDVQQHEwJoazEPMA0GA1UEChMGY3phcmVrMQ8wDQYD
tYfLblAthTI1jVKDoNbkwti+MrjHqgVAsc3a1o9NUox1LuGIUfQgFqI4XbmQM/T+
VQGPpQfaLr64QXUlmnzkXQdnUo5cRnkTCvYQilVM08d9YGiQ8Lcgv3wafR52KAD5
cHSgKAULuJaoXLgcgb0zDw==

-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIvpK3dOkm3zwCAggA
MBQGCCqGSIb3DQMHBAh6GxDXYE0xmgSCBMjOqkZsEPFLFNZ+KWAD7R9EFFk3CrZY
bhGlsRx/8zLuYb7k6eCh/ke8D2+3Jp1Lrl2hguooUnLMNPelod6q4WM2szMvr5/Y
9D2uG0tpVqxRE2m6eXd5cj8g35Uhof5ig2tvfTseniz3LITqHtJBwf3YJAX+uiFF
eqU=

-----END ENCRYPTED PRIVATE KEY-----
</key>

TinCanTech · Post by **TinCanTech** » Thu Jun 15, 2017 1:01 pm

czarekplpl wrote:This is conf works for me:

OK.

czarekplpl wrote:If in the <tls-auth> the Static Key V1 - key direction must be 1 (key direction 1)

See:
https://openvpn.net/index.php/open-sour ... l#security

OpenVPN Support Forum

Cannot connect from Ipad

Cannot connect from Ipad

Re: Cannot connect from Ipad

Re: Cannot connect from Ipad

Re: Cannot connect from Ipad

Re: Cannot connect from Ipad

Re: Cannot connect from Ipad

Re: Cannot connect from Ipad

Re: Cannot connect from Ipad

Re: Cannot connect from Ipad

Re: Cannot connect from Ipad

Re: Cannot connect from Ipad

Re: Cannot connect from Ipad

Re: Cannot connect from Ipad

Re: Cannot connect from Ipad

Re: Cannot connect from Ipad

Re: Cannot connect from Ipad