Inconsistent connection, unable to resolve DNS when using VPN on demand profile

[hawkeye217]

I have a VPN-on-demand profile set up on my iPhone to connect to my vpn server running on my ddwrt router so that I can employ a DNS server from a pi-hole behind my firewall. I have the connection rules set up to connect when I'm not on my home wifi network. All works well, most of the time. Sometimes it gets stuck in a loop, unable to connect. When it doesn't connect initially, I can open the OpenVPN Connect iOS app and I see these messages repeated over and over in the log:

Code: Select all

2019-54-24 08:54:33 EVENT: Server poll timeout, trying next remote entry...
2019-54-24 08:54:33 EVENT: RECONNECTING
2019-54-24 08:54:33 EVENT: RESOLVE
2019-54-24 08:54:43 EVENT: Server poll timeout, trying next remote entry...
2019-54-24 08:54:43 EVENT: RECONNECTING
2019-54-24 08:54:44 EVENT: RESOLVE
...

When I manually disconnect at that point, iOS will retry automatically and then I will always connect successfully.

Of course the wifi and vpn disconnects when the phone is sleeping. Upon wakeup, it seems like my vpn server name is unresolvable until I manually disconnect and then let iOS automatically reconnect. Again, this is inconsistent - it works probably 80% of the time when I wake up the phone and view the home screen. I have noticed that if I unlock the phone via TouchID and wait about a second before pressing the home button to actually go to the home screen, it connects every time. But if I unlock it and go to the home screen without a delay, it sometimes but does not always connect.

My pertinent app settings are as follows:

Reconnect after wakeup: on
Seamless tunnel: on
VPN protocol: adaptive
Connection timeout: continuously retry
Connect via: any network
Layer 2 reachability: on

App version: 3.0.2.(894)
iOS version: 12.3.1

Has anyone else ever run across this issue before? Anyone have any ideas on what I could try to make it consistently connect or prevent the server name from being unresolvable?

Thanks in advance!

[TinCanTech]

Remove

Code: Select all

persist-tun
persist-key

from your config files.

[hawkeye217]

Neither my server or client config files have either option in them...

[hawkeye217]

I should mention again that the inconsistent connecting only happens when VPN-on-demand is enabled in iOS's settings, and the VPN-on-demand profile is selected in the OpenVPN Connect app. If I disable VoD and just enable a normal "profile" in OpenVPN Connect, it always connects without issue. But when disabling VoD, I of course lose the ability to set conditions on when it connects (I don't want it to try to connect when I'm using my home network).

Perhaps there's some sort of race condition between when the phone wakes up and attempts to resolve my vpn server name?

[TinCanTech]

Sorry, I do not have an IOS device to test. Perhaps you can post your complete client log.

[hawkeye217]

Found a similar issue someone else was having in this open ticket here: https://community.openvpn.net/openvpn/ticket/1008

[TinCanTech]

Your best bet is to raise a support ticket here:
https://openvpn.net/portal/login/#/modal-support

[erich1899]

@hawkeye217: how did you create the .proifle for your mobile device?
is it a certificate-based connection?

i'm struggling with my on-demand-connection sind update to 3.2.x