Page 2 of 2
Re: Upgrade to OpenVPN 1.2.5 (iOS): tls-auth not working
Posted: Wed Jan 10, 2018 8:08 am
by ordex
Sure, I'll keep you posted by updating this thread!
Re: Upgrade to OpenVPN 1.2.5 (iOS): tls-auth not working
Posted: Wed Jan 10, 2018 10:59 am
by ordex
Can any of you confirm that this error exists also when the server is running OpenVPN 2.4.x ?
Or have you seen it only against 2.3.x servers?
thanks
Re: Upgrade to OpenVPN 1.2.5 (iOS): tls-auth not working
Posted: Wed Jan 10, 2018 11:23 am
by markymarrow
Getting the Authenticate/Decrypt packet error on a server running 2.4.4
I've been using a mobileconfig for VoD, have just switched to embedding the cert/key in the vendor config instead of a payload (as that no longer works).
If I set vpn-on-demand:0, I can connect without a problem via the OpenVPN app, but I get the above issue when trying to connect via the settings app.
Re: Upgrade to OpenVPN 1.2.5 (iOS): tls-auth not working
Posted: Wed Jan 10, 2018 11:30 am
by ordex
Regarding the tls-auth issue: I believe we have found the root cause. It is a subtle change in behaviour that diverted from the community edition.
As far as I can see from the posted configurations, those of you having the issue are using the *tls-auth* option without *key-direction*.
The *key-direction* is a number (either 0 or 1) that is specified after the tls-auth file. Would you please specify it and see if it works?
An option is to have 0 on the server and 1 on the client, like this:
server:
client:
Those of you using an embedded tls-auth, can specify the key direction with an additional config option like this:
Code: Select all
<tls-auth>
XXXXXXX
xxxxxxxxx
XXXXXXX
</tls-auth>
key-direction Z
where Z is either 0 or 1 like above.
Re: Upgrade to OpenVPN 1.2.5 (iOS): tls-auth not working
Posted: Wed Jan 10, 2018 11:31 am
by ordex
markymarrow wrote: ↑Wed Jan 10, 2018 11:23 am
Getting the Authenticate/Decrypt packet error on a server running 2.4.4
I've been using a mobileconfig for VoD, have just switched to embedding the cert/key in the vendor config instead of a payload (as that no longer works).
If I set vpn-on-demand:0, I can connect without a problem via the OpenVPN app, but I get the above issue when trying to connect via the settings app.
could you please open another thread and paste the full log? Given what you are saying it seems like a different problem.
Thanks!
Re: Upgrade to OpenVPN 1.2.5 (iOS): tls-auth not working
Posted: Wed Jan 10, 2018 8:09 pm
by Tg92
hi,
I have solve my trouble. On server side I replace
tls-auth /path/ta.key
by
tls-auth /path/ta.key 1
and in the ovpn client configuration file I add
key-direction 0
It is just the opposite of the documentation found on
https://gist.github.com/frengky/79597bad4eda1a3f1f24
Code: Select all
In the server configuration, add:
tls-auth ta.key 0
In the client configuration, add:
tls-auth ta.key 1
but it is working.
Now, I have another trouble. When I establish the connection and lock my iPhone version 11.2.2. When I unlock it after 2-3 minutes,
the vpn connection is not established automatically like before.
I have sometimes this behavior with the old version but with the new one it is systematic
Re: Upgrade to OpenVPN 1.2.5 (iOS): tls-auth not working
Posted: Thu Jan 11, 2018 12:00 am
by anatoli
I can confirm that with 'tls-auth file.key 0/1' and/or 'key-direction X' on *both* client and server 1.2.5 works fine. When do you expect the new release to be available in the AppStore?
Re: Upgrade to OpenVPN 1.2.5 (iOS): tls-auth not working
Posted: Thu Jan 11, 2018 1:50 am
by anatoli
With respect to what @Tg92 reports at the bottom of his/her latest message that:
when I unlock it after 2-3 minutes, the vpn connection is not established automatically like before
I'm testing this for more than a hour already and everything looks fine (I have in the iOS settings: Seamless tunnel, Reconnect on wakeup, Timeout none, NW state detection active and Layer 2 reachability). Moreover, it looks to work better than the 1.1.1 version in the sense that 1.1.1 was dropping the connection on sleep and reconnecting on wakeup, but this version maintains it permanently on, so push notifications while on WiFi and some apps that depend on the tunnel (e.g. VoIP with inside-VPN PBX) are working better now.
I can imagine this should have some impact on battery, but in my case the latest phones have enough energy for a working day so no problem.
Anyway, I'm waiting for a fix to the 'tls-auth' option
requiring the direction in 1.2.5 as it's not feasible to update all the endpoints currently in production. BTW, according to the official documentation, the direction is an
optional param both in 2.3 and 2.4.
Re: Upgrade to OpenVPN 1.2.5 (iOS): tls-auth not working
Posted: Thu Jan 11, 2018 1:56 am
by ordex
anatoli wrote: ↑Thu Jan 11, 2018 1:50 am
With respect to what @Tg92 reports at the bottom of his/her latest message that:
when I unlock it after 2-3 minutes, the vpn connection is not established automatically like before
I'm testing this for more than a hour already and everything looks fine (I have in the iOS settings: Seamless tunnel, Reconnect on wakeup, Timeout none, NW state detection active and Layer 2 reachability). Moreover, it looks to work better than the 1.1.1 version in the sense that 1.1.1 was dropping the connection on sleep and reconnecting on wakeup, but this version maintains it permanently on, so push notifications while on WiFi and some apps that depend on the tunnel (e.g. VoIP with inside-VPN PBX) are working better now.
Glad to hear that. However, if anybody wants to continue this topic, please let's open another thread so we can continue the discussion there.
anatoli wrote: ↑Thu Jan 11, 2018 1:50 am
I can imagine this should have some impact on battery, but in my case the latest phones have enough energy for a working day so no problem.
Yeah, that's the drawback.
anatoli wrote: ↑Thu Jan 11, 2018 1:50 am
Anyway, I'm waiting for a fix to the 'tls-auth' option
requiring the direction in 1.2.5 as it's not feasible to update all the endpoints currently in production. BTW, according to the official documentation, the direction is an
optional param both in 2.3 and 2.4.
Yeah, it's
optional. That's why a fix is required
Re: Upgrade to OpenVPN 1.2.5 (iOS): tls-auth not working
Posted: Thu Jan 11, 2018 2:08 am
by anatoli
ordex, now that the root causes for most of the reported bugs are identified, any ETA for the new release?
Re: Upgrade to OpenVPN 1.2.5 (iOS): tls-auth not working
Posted: Thu Jan 11, 2018 4:17 am
by ordex
anatoli wrote: ↑Thu Jan 11, 2018 2:08 am
ordex, now that the root causes for most of the reported bugs are identified, any ETA for the new release?
We're already rolling out a beta release including what we have fixed so far. If you are interested in joining the beta program, please drop me a PM.
Thanks
Re: Upgrade to OpenVPN 1.2.5 (iOS): tls-auth not working
Posted: Thu Jan 11, 2018 5:16 am
by peter_sm
ordex wrote: ↑Thu Jan 11, 2018 4:17 am
[
We're already rolling out a beta release including what we have fixed so far. If you are interested in joining the beta program, please drop me a PM.
Thanks
Hi , I'm not authorised to send private messages.
Can you add me to the beta program?
Thanks
Re: Upgrade to OpenVPN 1.2.5 (iOS): tls-auth not working
Posted: Fri Jan 12, 2018 8:39 pm
by Tg92
ordex wrote: ↑Thu Jan 11, 2018 1:56 am
anatoli wrote: ↑Thu Jan 11, 2018 1:50 am
With respect to what @Tg92 reports at the bottom of his/her latest message that:
when I unlock it after 2-3 minutes, the vpn connection is not established automatically like before
I'm testing this for more than a hour already and everything looks fine (I have in the iOS settings: Seamless tunnel, Reconnect on wakeup, Timeout none, NW state detection active and Layer 2 reachability). Moreover, it looks to work better than the 1.1.1 version in the sense that 1.1.1 was dropping the connection on sleep and reconnecting on wakeup, but this version maintains it permanently on, so push notifications while on WiFi and some apps that depend on the tunnel (e.g. VoIP with inside-VPN PBX) are working better now.
Glad to hear that. However, if anybody wants to continue this topic, please let's open another thread so we can continue the discussion there.
anatoli wrote: ↑Thu Jan 11, 2018 1:50 am
I can imagine this should have some impact on battery, but in my case the latest phones have enough energy for a working day so no problem.
Yeah, that's the drawback.
anatoli wrote: ↑Thu Jan 11, 2018 1:50 am
Anyway, I'm waiting for a fix to the 'tls-auth' option
requiring the direction in 1.2.5 as it's not feasible to update all the endpoints currently in production. BTW, according to the official documentation, the direction is an
optional param both in 2.3 and 2.4.
Yeah, it's
optional. That's why a fix is required
I have still the trouble. I have an iPhone SE with the last version of IOS.
I put my openVPN configuration below
Re: Upgrade to OpenVPN 1.2.5 (iOS): tls-auth not working
Posted: Fri Jan 12, 2018 9:14 pm
by anatoli
I suggest you open a new post with the detailed description of the problem, the steps to reproduce it (if you know) and the server and client configs and logs, as this thread is about a different problem.
Re: Upgrade to OpenVPN 1.2.5 (iOS): tls-auth not working
Posted: Sat Jan 13, 2018 8:00 pm
by anatoli
For me this issue is solved in the 1.2.6.1-3 betas. Waiting for the release in AppStore.
Re: Upgrade to OpenVPN 1.2.5 (iOS): tls-auth not working
Posted: Sun Jan 14, 2018 2:37 pm
by samide
ordex wrote: ↑Thu Jan 11, 2018 4:17 am
We're already rolling out a beta release including what we have fixed so far. If you are interested in joining the beta program, please drop me a PM.
Thanks
Hi , I tried to message you but I’m still not allowed to send private messages.
can you add me to the beta program ?
Thanks
Re: Upgrade to OpenVPN 1.2.5 (iOS): tls-auth not working
Posted: Wed Jan 17, 2018 6:03 am
by ordex
OpenVPN Connect for iOS 1.2.6 is out!
Please refer to this post if you want to submit bugs of feature requests:
viewtopic.php?f=36&t=25650
Thanks!