iOS with LTE problem

Post Reply
3735943886
OpenVpn Newbie
Posts: 3
Joined: Wed Dec 23, 2020 12:48 am

iOS with LTE problem

Post by 3735943886 » Thu Dec 24, 2020 12:00 am

Code: Select all

port 1194
proto udp
dev tun
ca pki/ca.crt
cert pki/issued/hub.crt
key pki/private/hub.key
dh pki/dh.pem
topology subnet
server 10.6.0.0 255.255.255.0
push "route 172.30.1.0 255.255.255.0"
keepalive 60 600
tls-auth ta.key 0
key-direction 0
cipher AES-256-GCM
auth SHA256
auth-nocache
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
verb 3
explicit-exit-notify 1
Hello,
I have a set of servers and only gateway server has a public ip (ipv4) and other servers are behind it with private ip (172.30.1.0/24).

Gateway server is running openvpn server daemon, and I can connect all resources behind it through openvpn.
(gateway server = openvpn server)

For years, there were absolutely no problems.

However, recently my mobile carrier keeps giving me only pure ipv6 and problem occured.

When I connect openvpn server through ipv4 environment (PC or mobile with WIFI) there is no problem as usual.

But when I connect openvpn server through ipv6 environment (iPhone with LTE),

1. I CAN connect the gateway server. iOS OpenVPN app works fine. No abnormal logs are found.
2. When I access other servers behind gateway, SOME APPS WORK but SOME DON'T!
2a. Safari CAN access every httpd server behind gateway.
2b. iSH Shell by Theodore Dubois CAN access every sshd/httpd server behind gateway.
2c. FE File Explorer PRO by Skyjos CAN access every sshd/smb server behind gateway.
2d. RDP client by microsoft CANNOT access windows server behind gateway.
2e. Termius by Termius Corp CANNOT access sshd server behind gateway.
2f. Evermusic PRO by Artem Meleshko CANNOT access smbd server behind gateway.
2g. I tested several iOS ping apps and about half works and other half doesn't.

If I add "redirect-gateway def1" or "redirect-gateway ipv6" to server configuration,
all above apps work fine but all network traffics are forwarding through gateway, which is unwanted effect.

This is very weird. And I don't guess which is correct way to solve it.
The 3rd party app developers should enhance their apps for ipv6 compatibilities?
Or the iOS OpenVPN Connect App itself should be updated to support ipv6 environment later?
Or shall I add and/or change some openvpn server or client option?

Client - iOS 14.3/OpenVPN Connect 3.2.2
Server - OpenVPN 2.5.0 x86_64

Thank you in advance.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 8385
Joined: Fri Jun 03, 2016 1:17 pm

Re: iOS with LTE problem

Post by TinCanTech » Thu Dec 24, 2020 12:28 am

3735943886 wrote:
Thu Dec 24, 2020 12:00 am
If I add "redirect-gateway def1" or "redirect-gateway ipv6" to server configuration,
all above apps work fine but all network traffics are forwarding through gateway, which is unwanted effect.
That is how --redirect-gateway is supposed to work..

3735943886
OpenVpn Newbie
Posts: 3
Joined: Wed Dec 23, 2020 12:48 am

Re: iOS with LTE problem

Post by 3735943886 » Thu Dec 24, 2020 3:52 am

TinCanTech wrote:
Thu Dec 24, 2020 12:28 am
That is how --redirect-gateway is supposed to work..
Thank you for reply.
And yes, I know it already.
I'm looking for other way to work without redirect all traffics to gateway.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 8385
Joined: Fri Jun 03, 2016 1:17 pm

Re: iOS with LTE problem

Post by TinCanTech » Thu Dec 24, 2020 5:15 am

As ironic as it sounds, Apps don't trust your VPN.

You could try --block-ipv6 but I don't think that will help.

3735943886
OpenVpn Newbie
Posts: 3
Joined: Wed Dec 23, 2020 12:48 am

Re: iOS with LTE problem

Post by 3735943886 » Thu Jan 07, 2021 11:56 pm

I found out that it was not OpenVPN's fault.

In pure ipv6 environment, some iOS apps convert private ipv4 to unwanted ipv6.
e.g. if I try connecting 172.30.1.10, app convert it to xxxx::AC1E:10A (172 030 in hex and 001 010 in hex)

Screenshot below is one of buggy iOS app, named a-shell.
Image

However, some apps work fine in same condition.
Screenshot below is one of working iOS app, named iSH.
Image

I can hardly understand why so many apps cannot handle ipv6 environment properly.
It might a bug of iOS itself or network library commonly used. I don't have experience of iOS development and could not dig further.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 8385
Joined: Fri Jun 03, 2016 1:17 pm

Re: iOS with LTE problem

Post by TinCanTech » Fri Jan 08, 2021 9:54 pm

Sorry, I don't think I can help.

Post Reply