Client connects to VPN, but immediately disconnects

asanz · Post by **asanz** » Thu Dec 26, 2019 9:46 pm

Hi, I'm connecting to the built-in VPN in a TP-Link Archer A9 v.6 router, from an Android 7.1.1 phone.

I was able to connect Ok for several months, but then I started having this problem: I open "OpenVPN Connect", tap the gray button to connect to my VPN. The button turns green, slides to the right, and the text above changes to "CONNECTED". But immediately (in a fraction of a second) the button slides to the left, turn gray and the text changes back to "DISCONNECTED".

I have this problem almost always, but sometimes I'm still able to connect (but if I then manually disconnect and try to connect again, it doesn't work anymore).

I tried deleting the profile and importing again the .ovpn file created by the router, but to no avail. Stopping the app, clearing cache memory, deleting data, or rebooting the phone also does not solve the problem.
I have the same issue with the phone connected via WiFi or LTE.

This is the configuration file generated by the router:

Client config

client
dev tun
proto tcp
float
nobind
cipher AES-128-CBC
comp-lzo adaptive
resolv-retry infinite
remote-cert-tls server
persist-key
persist-tun
remote xxxxxxxx.ddns.net 1194
<ca>
......
</ca>
<cert>
......
</cert>
<key>
......
</key>

And this is an example log:

Code: Select all

17:47:20.404 -- ----- OpenVPN Start -----
17:47:20.406 -- EVENT: CORE_THREAD_ACTIVE
17:47:20.418 -- OpenVPN core 3.git::728733ae:Release android arm64 64-bit PT_PROXY built on Aug 14 2019 14:13:26
17:47:20.419 -- Frame=512/2048/512 mssfix-ctrl=1250
17:47:20.421 -- UNUSED OPTIONS
4 [nobind] 
7 [resolv-retry] [infinite] 
9 [persist-key] 
10 [persist-tun] 
17:47:20.422 -- EVENT: RESOLVE
17:47:20.615 -- Contacting xxx.xxx.xxx.xxx:1194 via TCPv4
17:47:20.616 -- EVENT: WAIT
17:47:20.653 -- Connecting to [xxxxxxxx.ddns.net]:1194 (xxx.xxx.xxx.xxx) via TCPv4
17:47:20.689 -- EVENT: CONNECTING
17:47:20.692 -- Tunnel Options:V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client
17:47:20.693 -- Creds: UsernameEmpty/PasswordEmpty
17:47:20.695 -- Peer Info:
IV_GUI_VER=OC30Android
IV_VER=3.git::728733ae:Release
IV_PLAT=android
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_AUTO_SESS=1
17:47:21.019 -- VERIFY OK : depth=1
cert. version     : 3
serial number     : C1:B0:31:A0:2E:DD:FF:50
issuer name       : C=CN, ST=GD, L=ShenZhen, O=TP-Link, OU=SOHO-I18N, CN=TP-Link CA, ??=EasyRSA, emailAddress=xxxx@xxxx
subject name      : C=CN, ST=GD, L=ShenZhen, O=TP-Link, OU=SOHO-I18N, CN=TP-Link CA, ??=EasyRSA, emailAddress=xxxx@xxxx
issued  on        : 2019-07-24 02:54:48
expires on        : 2029-07-21 02:54:48
signed using      : RSA with SHA-256
RSA key size      : 1024 bits
basic constraints : CA=true
17:47:21.022 -- VERIFY OK : depth=0
cert. version     : 3
serial number     : 01
issuer name       : C=CN, ST=GD, L=ShenZhen, O=TP-Link, OU=SOHO-I18N, CN=TP-Link CA, ??=EasyRSA, emailAddress=xxxx@xxxx
subject name      : C=CN, ST=GD, L=ShenZhen, O=TP-Link, OU=SOHO-I18N, CN=server, ??=EasyRSA, emailAddress=xxxx@xxxx
issued  on        : 2019-07-24 02:58:03
expires on        : 2029-07-21 02:58:03
signed using      : RSA with SHA-256
RSA key size      : 1024 bits
basic constraints : CA=false
cert. type        : SSL Server
key usage         : Digital Signature, Key Encipherment
ext key usage     : TLS Web Server Authentication
17:47:21.427 -- SSL Handshake: TLSv1.2/TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
17:47:21.431 -- Session is ACTIVE
17:47:21.432 -- EVENT: GET_CONFIG
17:47:21.437 -- Sending PUSH_REQUEST to server...
17:47:21.548 -- OPTIONS:
0 [route] [0.0.0.0] [0.0.0.0] 
1 [redirect-gateway] [def1] 
2 [route] [xxx.xxx.xxx.xxx] [255.255.255.0] 
3 [route] [xxx.xxx.xxx.xxx] [255.255.255.0] 
4 [dhcp-option] [DNS] [xxx.xxx.xxx.xxx] 
5 [dhcp-option] [DNS] [8.8.8.8] 
6 [route] [xxx.xxx.xxx.xxx] [255.255.255.0] 
7 [topology] [net30] 
8 [ping] [10] 
9 [ping-restart] [120] 
10 [ifconfig] [xxx.xxx.xxx.xxx] [xxx.xxx.xxx.xxx] 
17:47:21.549 -- PROTOCOL OPTIONS:
  cipher: AES-128-CBC
  digest: SHA1
  compress: LZO_STUB
  peer ID: -1
17:47:21.551 -- EVENT: ASSIGN_IP
17:47:21.568 -- Connected via tun
17:47:21.570 -- LZO-ASYM init swap=0 asym=1
17:47:21.571 -- Comp-stub init swap=0
17:47:21.572 -- EVENT: CONNECTED info='xxxxxxxx.ddns.net:1194 (xxx.xxx.xxx.xxx) via /TCPv4 on tun/xxx.xxx.xxx.xxx/ gw=[xxx.xxx.xxx.xxx/]' trans=TO_CONNECTED
17:47:21.883 -- EVENT: CORE_THREAD_INACTIVE trans=TO_DISCONNECTED
17:47:21.883 -- Tunnel bytes per CPU second: 0
17:47:21.884 -- ----- OpenVPN Stop -----

Thank you very much!

info4tim · Post by **info4tim** » Fri Feb 07, 2020 1:59 pm

asanz wrote:Hi, I'm connecting to the built-in VPN in a TP-Link Archer A9 v.6 router, from an Android 7.1.1 phone.

I was able to connect Ok for several months, but then I started having this problem: I open "OpenVPN Connect", tap the gray button to connect to my VPN. The button turns green, slides to the right, and the text above changes to "CONNECTED". But immediately (in a fraction of a second) the button slides to the left, turn gray and the text changes back to "DISCONNECTED".

I have this problem almost always, but sometimes I'm still able to connect (but if I then manually disconnect and try to connect again, it doesn't work anymore).

I tried deleting the profile and importing again the .ovpn file created by the router, but to no avail. Stopping the app, clearing cache memory, deleting data, or rebooting the phone also does not solve the problem.
I have the same issue with the phone connected via WiFi or LTE.

This is the configuration file generated by the router:

Client config

client
dev tun
proto tcp
float
nobind
cipher AES-128-CBC
comp-lzo adaptive
resolv-retry infinite
remote-cert-tls server
persist-key
persist-tun
remote xxxxxxxx.ddns.net 1194
<ca>
......
</ca>
<cert>
......
</cert>
<key>
......
</key>

And this is an example log:

Code: Select all

17:47:20.404 -- ----- OpenVPN Start -----
17:47:20.406 -- EVENT: CORE_THREAD_ACTIVE
17:47:20.418 -- OpenVPN core 3.git::728733ae:Release android arm64 64-bit PT_PROXY built on Aug 14 2019 14:13:26
17:47:20.419 -- Frame=512/2048/512 mssfix-ctrl=1250
17:47:20.421 -- UNUSED OPTIONS
4 [nobind] 
7 [resolv-retry] [infinite] 
9 [persist-key] 
10 [persist-tun] 
17:47:20.422 -- EVENT: RESOLVE
17:47:20.615 -- Contacting xxx.xxx.xxx.xxx:1194 via TCPv4
17:47:20.616 -- EVENT: WAIT
17:47:20.653 -- Connecting to [xxxxxxxx.ddns.net]:1194 (xxx.xxx.xxx.xxx) via TCPv4
17:47:20.689 -- EVENT: CONNECTING
17:47:20.692 -- Tunnel Options:V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client
17:47:20.693 -- Creds: UsernameEmpty/PasswordEmpty
17:47:20.695 -- Peer Info:
IV_GUI_VER=OC30Android
IV_VER=3.git::728733ae:Release
IV_PLAT=android
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_AUTO_SESS=1
17:47:21.019 -- VERIFY OK : depth=1
cert. version     : 3
serial number     : C1:B0:31:A0:2E:DD:FF:50
issuer name       : C=CN, ST=GD, L=ShenZhen, O=TP-Link, OU=SOHO-I18N, CN=TP-Link CA, ??=EasyRSA, emailAddress=xxxx@xxxx
subject name      : C=CN, ST=GD, L=ShenZhen, O=TP-Link, OU=SOHO-I18N, CN=TP-Link CA, ??=EasyRSA, emailAddress=xxxx@xxxx
issued  on        : 2019-07-24 02:54:48
expires on        : 2029-07-21 02:54:48
signed using      : RSA with SHA-256
RSA key size      : 1024 bits
basic constraints : CA=true
17:47:21.022 -- VERIFY OK : depth=0
cert. version     : 3
serial number     : 01
issuer name       : C=CN, ST=GD, L=ShenZhen, O=TP-Link, OU=SOHO-I18N, CN=TP-Link CA, ??=EasyRSA, emailAddress=xxxx@xxxx
subject name      : C=CN, ST=GD, L=ShenZhen, O=TP-Link, OU=SOHO-I18N, CN=server, ??=EasyRSA, emailAddress=xxxx@xxxx
issued  on        : 2019-07-24 02:58:03
expires on        : 2029-07-21 02:58:03
signed using      : RSA with SHA-256
RSA key size      : 1024 bits
basic constraints : CA=false
cert. type        : SSL Server
key usage         : Digital Signature, Key Encipherment
ext key usage     : TLS Web Server Authentication
17:47:21.427 -- SSL Handshake: TLSv1.2/TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
17:47:21.431 -- Session is ACTIVE
17:47:21.432 -- EVENT: GET_CONFIG
17:47:21.437 -- Sending PUSH_REQUEST to server...
17:47:21.548 -- OPTIONS:
0 [route] [0.0.0.0] [0.0.0.0] 
1 [redirect-gateway] [def1] 
2 [route] [xxx.xxx.xxx.xxx] [255.255.255.0] 
3 [route] [xxx.xxx.xxx.xxx] [255.255.255.0] 
4 [dhcp-option] [DNS] [xxx.xxx.xxx.xxx] 
5 [dhcp-option] [DNS] [8.8.8.8] 
6 [route] [xxx.xxx.xxx.xxx] [255.255.255.0] 
7 [topology] [net30] 
8 [ping] [10] 
9 [ping-restart] [120] 
10 [ifconfig] [xxx.xxx.xxx.xxx] [xxx.xxx.xxx.xxx] 
17:47:21.549 -- PROTOCOL OPTIONS:
  cipher: AES-128-CBC
  digest: SHA1
  compress: LZO_STUB
  peer ID: -1
17:47:21.551 -- EVENT: ASSIGN_IP
17:47:21.568 -- Connected via tun
17:47:21.570 -- LZO-ASYM init swap=0 asym=1
17:47:21.571 -- Comp-stub init swap=0
17:47:21.572 -- EVENT: CONNECTED info='xxxxxxxx.ddns.net:1194 (xxx.xxx.xxx.xxx) via /TCPv4 on tun/xxx.xxx.xxx.xxx/ gw=[xxx.xxx.xxx.xxx/]' trans=TO_CONNECTED
17:47:21.883 -- EVENT: CORE_THREAD_INACTIVE trans=TO_DISCONNECTED
17:47:21.883 -- Tunnel bytes per CPU second: 0
17:47:21.884 -- ----- OpenVPN Stop -----

Thank you very much!

Bump anyone?

Sent from my SM-G973U using Tapatalk

OpenVPN Support Forum

Client connects to VPN, but immediately disconnects

Client connects to VPN, but immediately disconnects

Re: Client connects to VPN, but immediately disconnects