OpenVPN 1.29 on iOS 11.4 - Tunnel not working

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
Craig1483
OpenVpn Newbie
Posts: 5
Joined: Wed Jul 11, 2018 3:04 pm

OpenVPN 1.29 on iOS 11.4 - Tunnel not working

Post by Craig1483 » Wed Jul 11, 2018 3:22 pm

After upgrading my iPhone to iOS 11.4 my OpenVPN connection no longer works. The application indicates the tunnel is up, but traffic is not passing. The same client profile works on my ipad (running iOS 10.3.3 with OpenVPN 1.0.5 build 177)

Any ideas?

Thx

Here is the iphone application log:

2018-07-11 11:07:57 ----- OpenVPN Start -----
OpenVPN core 3.2 ios arm64 64-bit built on Feb 22 2018 12:39:28
2018-07-11 11:07:57 Frame=512/2048/512 mssfix-ctrl=1250
2018-07-11 11:07:57 UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [persist-key]
7 [persist-tun]
9 [tun-mtu-extra] [32]
10 [mssfix] [1450]

2018-07-11 11:07:57 EVENT: RESOLVE
2018-07-11 11:07:57 Contacting [xxxxxxxxxxx]:1194/UDP via UDP
2018-07-11 11:07:57 EVENT: WAIT
2018-07-11 11:07:57 Connecting to [xxxxxxxxxxxxx]:1194 (xxxxxxxxxxxx) via UDPv6
2018-07-11 11:07:57 EVENT: CONNECTING
2018-07-11 11:07:57 Tunnel Options:V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client
2018-07-11 11:07:57 Creds: UsernameEmpty/PasswordEmpty
2018-07-11 11:07:57 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.2.9-0
IV_VER=3.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO=1
IV_AUTO_SESS=1

2018-07-11 11:07:57 VERIFY OK : depth=1
cert. version : 3
serial number : removed
issuer name : removed
subject name : removed
issued on : 2009-04-08 17:58:45
expires on : 2019-04-06 17:58:45
signed using : RSA with SHA1
RSA key size : 1024 bits
basic constraints : CA=true

2018-07-11 11:07:57 VERIFY OK : depth=0
cert. version : 1
serial number : removed
issuer name : removed
subject name : removed
issued on : 2018-04-04 23:50:29
expires on : 2019-03-30 23:50:29
signed using : RSA with SHA-256
RSA key size : 2048 bits

2018-07-11 11:07:57 SSL Handshake: TLSv1.2/TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
2018-07-11 11:07:57 Session is ACTIVE
2018-07-11 11:07:57 EVENT: GET_CONFIG
2018-07-11 11:07:57 Sending PUSH_REQUEST to server...
2018-07-11 11:07:57 OPTIONS:
0 [route] [192.168.1.0] [255.255.255.0]
1 [route] [192.168.3.0] [255.255.255.0]
2 [route] [192.168.0.0] [255.255.255.0]
3 [route] [192.168.2.0] [255.255.255.0]
4 [topology] [net30]
5 [ping] [10]
6 [ping-restart] [60]
7 [ifconfig] [192.168.2.6] [192.168.2.5]

2018-07-11 11:07:57 PROTOCOL OPTIONS:
cipher: AES-256-CBC
digest: SHA1
compress: LZO
peer ID: -1
2018-07-11 11:07:57 EVENT: ASSIGN_IP
2018-07-11 11:07:57 NIP: preparing TUN network settings
2018-07-11 11:07:57 NIP: init TUN network settings with endpoint: xxxxxxxxxxxxxxxxxx
2018-07-11 11:07:57 NIP: adding IPv4 address to network settings 192.168.2.6/255.255.255.252
2018-07-11 11:07:57 NIP: adding (included) IPv4 route 192.168.2.4/30
2018-07-11 11:07:57 NIP: adding (included) IPv4 route 192.168.1.0/24
2018-07-11 11:07:57 NIP: adding (included) IPv4 route 192.168.3.0/24
2018-07-11 11:07:57 NIP: adding (included) IPv4 route 192.168.0.0/24
2018-07-11 11:07:57 NIP: adding (included) IPv4 route 192.168.2.0/24
2018-07-11 11:07:57 NIP: setting MTU to 1500
2018-07-11 11:07:57 Connected via NetworkExtensionTUN
2018-07-11 11:07:57 LZO-ASYM init swap=0 asym=0
2018-07-11 11:07:57 EVENT: CONNECTED @removed:1194 (xxxxxxxxxxxxxxxx) via /UDPv6 on NetworkExtensionTUN/192.168.2.6/ gw=[/]

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN 1.29 on iOS 11.4 - Tunnel not working

Post by TinCanTech » Wed Jul 11, 2018 6:08 pm

Can you ping the server at 192.168.2.1 ?

Craig1483
OpenVpn Newbie
Posts: 5
Joined: Wed Jul 11, 2018 3:04 pm

Re: OpenVPN 1.29 on iOS 11.4 - Tunnel not working

Post by Craig1483 » Thu Jul 12, 2018 12:03 pm

Yes I can ping 192.168.2.1

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN 1.29 on iOS 11.4 - Tunnel not working

Post by TinCanTech » Thu Jul 12, 2018 12:31 pm

Then Openvpn is working normally ..

What is it not doing ?

Craig1483
OpenVpn Newbie
Posts: 5
Joined: Wed Jul 11, 2018 3:04 pm

Re: OpenVPN 1.29 on iOS 11.4 - Tunnel not working

Post by Craig1483 » Thu Jul 12, 2018 1:57 pm

I can’t reach any of my lan clients behind the tunnel.

My lan subnets are 192.168.1.0/24 and 192.168.3.0/24

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN 1.29 on iOS 11.4 - Tunnel not working

Post by TinCanTech » Thu Jul 12, 2018 4:52 pm


Craig1483
OpenVpn Newbie
Posts: 5
Joined: Wed Jul 11, 2018 3:04 pm

Re: OpenVPN 1.29 on iOS 11.4 - Tunnel not working

Post by Craig1483 » Thu Jul 12, 2018 5:12 pm

So more testing and it seems some applications work only briefly. I found this is my server logs:

:06
openvpn
49318
MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Jul 12 10:17:06
openvpn
49318
MANAGEMENT: CMD 'status 2'
Jul 12 10:17:06
openvpn
49318
MANAGEMENT: Client disconnected
Jul 12 10:17:06
openvpn
49318
MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Jul 12 10:17:06
openvpn
49318
MANAGEMENT: CMD 'status 2'
Jul 12 10:17:06
openvpn
49318
MANAGEMENT: Client disconnected

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN 1.29 on iOS 11.4 - Tunnel not working

Post by TinCanTech » Thu Jul 12, 2018 5:28 pm

My guess would be, you don't know anything about Openvpn --server ?

Craig1483
OpenVpn Newbie
Posts: 5
Joined: Wed Jul 11, 2018 3:04 pm

Re: OpenVPN 1.29 on iOS 11.4 - Tunnel not working

Post by Craig1483 » Thu Jul 12, 2018 9:33 pm

I won’t dignify the question with a response. Thx for your help

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN 1.29 on iOS 11.4 - Tunnel not working

Post by TinCanTech » Thu Jul 12, 2018 10:13 pm

Please
See --log & --verb in The Manual v24x

Also
Please see:
HOWTO: Request Help ! {2}

Post Reply