Page 3 of 8
Re: Upgrade to OpenVPN 1.2.5 (iOS): issues
Posted: Tue Jan 09, 2018 6:30 pm
by mvonk
ahx-fos wrote: ↑Tue Jan 09, 2018 4:09 pm
Can't you just revert to using the old API, which worked? Because the API itself has not changed, only the OpenVPN client
I suspect the API is being deprecated hence the change to the new public one being required. I'll check my Apple Developer notes later today and see what I can find out, but I strongly suspect that's the reason.
Regardless though, this was communicated terribly! This critical change isn't even in the damn initial release notes within the AppStore! (which I note this morning have now been fully updated - too late now unfortunately.)
Also, why was this issue not found during Q/A?
It clearly wasn't QA'ed. If it was, the QA Director needs to be made redundant after this shambles. This is possibly one of the worst App upgrades I have witnessed in 10 years of iOS development.
I might be deprecated in the future, but it still is not deprecated. So why not revert it back and help the customers now. After that, they would have enough time to implement the new api. Depreciation of api’s is typically not done in dot releases like 11.3. So it probably won’t be deprecated until iOS 12..
Re: Upgrade to OpenVPN 1.2.5 (iOS): 1.2.5 is broken - OnDemandEnabled
Posted: Tue Jan 09, 2018 6:41 pm
by danquel
Have had a working iOS configuration profile with connect on demand for a while. Unfortunately, the upgrade to version 1.2.5 completely broke. Looks like it has no access to the bundled certificates in the keychain
Re: Upgrade to OpenVPN 1.2.5 (iOS): issues
Posted: Tue Jan 09, 2018 6:48 pm
by iPhrankie
Please note our company is offline now too. Put in our vote to roll back the app to the previous version as suggested in a another thread.
Looks like a lot of unhappy companies out there.
ahx-fos wrote: ↑Tue Jan 09, 2018 4:12 pm
ordex wrote: ↑Tue Jan 09, 2018 2:37 pm
Unfortunately the AppStore does not allow that. That why we are striving to collect as much information as possible and fix the bugs.
This isn't good enough.
Applications can _absolutely_ be pulled. You need to pull this application; re-submit the previous version with an incremental version release and put back a working version until you can fix the absolute piss up that is 1.2.5.
Re: Upgrade to OpenVPN 1.2.5 (iOS): issues
Posted: Tue Jan 09, 2018 6:51 pm
by lkuipers
mvonk wrote: ↑Tue Jan 09, 2018 6:30 pm
ahx-fos wrote: ↑Tue Jan 09, 2018 4:09 pm
Can't you just revert to using the old API, which worked? Because the API itself has not changed, only the OpenVPN client
I suspect the API is being deprecated hence the change to the new public one being required. I'll check my Apple Developer notes later today and see what I can find out, but I strongly suspect that's the reason.
Regardless though, this was communicated terribly! This critical change isn't even in the damn initial release notes within the AppStore! (which I note this morning have now been fully updated - too late now unfortunately.)
Also, why was this issue not found during Q/A?
It clearly wasn't QA'ed. If it was, the QA Director needs to be made redundant after this shambles. This is possibly one of the worst App upgrades I have witnessed in 10 years of iOS development.
I might be deprecated in the future, but it still is not deprecated. So why not revert it back and help the customers now. After that, they would have enough time to implement the new api. Depreciation of api’s is typically not done in dot releases like 11.3. So it probably won’t be deprecated until iOS 12..
Common guys, We have big problems now in our MDM solution which is based on the OpenVPN connection. Rolling out a new client based on version 1.1.1 seems the best quick win. That way a lot of users are helped soon. Than take some time to take a deep dive in the problems with the new Apple API.
An other option would be to release version 1.1.1 as an unsigned IPA for download. That way we could distribute the client ourself through MDM. Than we have a workaround until the problem with the API is solved.
Re: Upgrade to OpenVPN 1.2.5 (iOS): issues
Posted: Tue Jan 09, 2018 6:53 pm
by mvonk
iPhrankie wrote: ↑Tue Jan 09, 2018 6:48 pm
Please note our company is offline now too. Put in our vote to roll back the app to the previous version as suggested in a another thread.
Looks like a lot of unhappy companies out there.
ahx-fos wrote: ↑Tue Jan 09, 2018 4:12 pm
ordex wrote: ↑Tue Jan 09, 2018 2:37 pm
Unfortunately the AppStore does not allow that. That why we are striving to collect as much information as possible and fix the bugs.
This isn't good enough.
Applications can _absolutely_ be pulled. You need to pull this application; re-submit the previous version with an incremental version release and put back a working version until you can fix the absolute piss up that is 1.2.5.
With some many different bugs and a shitload of people registering to this forum just for this update, this does indeed seem like the best choice. Fix the bugs later, now focus on getting it to work as before.
Re: Upgrade to OpenVPN 1.2.5 (iOS): issues
Posted: Tue Jan 09, 2018 7:12 pm
by mmm007
anatoli wrote: ↑Tue Jan 09, 2018 5:46 pm
Version 1.2.6 with the code from 1.1.1 seems like THE solution for all the problem at this time. Trying to fix all the problems now would take a lot of time and the fixes made in a hurry could introduce new problems themselves. The situation is rather critical.
Completely agree with you! Dear developers, please just do this. If some people want something new for their new iOS let them wait
Re: Upgrade to OpenVPN 1.2.5 (iOS): issues
Posted: Tue Jan 09, 2018 7:24 pm
by agelwarg
ordex wrote: ↑Tue Jan 09, 2018 2:24 pm
agelwarg wrote: ↑Tue Jan 09, 2018 11:44 am
I had a working mobileconfig deployed profile with connect on demand. After upgrading to 1.2.5, that stopped working. I followed the instructions to separately add my p12 cert via an .ovpn12 extension, and now I can see the cert in the OpenVPN app. However, it still won't connect and I see no logs (on either side). I'm not sure where / how I am supposed to reference this certificate in the (openvpn connect) config because I had previously bundled the cert along with the config when building the mobileconfig profile through the Apple Configurator AND selected it.
after importing the profile, if it is missing the cert/key entries, the app will show a line called "Certificated" right above the status. If you click that line, it will open the certificate list.
I did import the ovpn12 cert/key bundle and I do see it where you reference. For adding a client config via an ovpn file directly, things work fine. My issue is that I'm adding the client config via a mobileconfig profile with Connect On Demand, and it simply fails to connect immediately, and there is absolutely nothing in the OpenVPN Connect log (nor is there anything on the VPN server side). I'm assuming at this point that it's related to the cert/key, but without any log, I can't tell anything.
Re: Upgrade to OpenVPN 1.2.5 (iOS): issues
Posted: Tue Jan 09, 2018 8:06 pm
by mvonk
I am afraid nothing will come soon. There is a statement here:
https://docs.openvpn.net/openvpn-connec ... os-issues/
They will be bug-fixing instead of reverting back to the old codebase.
To be honest, I find the statement pretty uninformed. For example: "The latest version of OpenVPN Connect for iOS, version 1.2.5, works with the new API in iOS called Network Extensions."
The Network Extensions framework has been introduced in iOS 8 (2014!) and the new VPN capabilities in iOS 9. This is not a new API, but apparently new to OpenVPN developers. Guess they also could not release of new version of the App, because Apple disallowed the old methods / APIs in apps already summer of last year...
Re: Upgrade to OpenVPN 1.2.5 (iOS): issues
Posted: Tue Jan 09, 2018 8:12 pm
by Ozwel
Hi,
iOS 11.2.1 here on iPhone 8, OpenVPN has become fully
unusable since the update.
I simply use a .ovpn file profile and enter my password to connect. since the update, I can connect, the connection works for 10 to 30 seconds then drops off... while OpenVPN still seems to run fine and iOS displays the VPN logo at the top. For example, WhatsApp displays "connecting" forever after sending one or two messages, Safari does not display pages anymore, etc. All I have to do is disconnect the VPN.
The logs are pasted below but don't seem to show any issue. Maybe you can find something in the config which is not compatible with the new client anymore.
Code: Select all
2018-01-09 20:57:00 ----- OpenVPN Start -----
OpenVPN core 3.1.2 ios arm64 64-bit built on Jan 5 2018 23:09:59
2018-01-09 20:57:00 Frame=512/2048/512 mssfix-ctrl=1250
2018-01-09 20:57:00 UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [persist-key]
7 [persist-tun]
11 [verify-x509-name] [pivpn] [name]
15 [verb] [1]
2018-01-09 20:57:00 EVENT: RESOLVE
2018-01-09 20:57:00 Contacting [176.175.x.x]:443/TCP via TCP
2018-01-09 20:57:00 EVENT: WAIT
2018-01-09 20:57:00 Connecting to [my.dns]:443 (176.175.x.x) via TCPv4
2018-01-09 20:57:00 EVENT: CONNECTING
2018-01-09 20:57:00 Tunnel Options:V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client
2018-01-09 20:57:00 Creds: UsernameEmpty/PasswordEmpty
2018-01-09 20:57:00 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.2.5-1
IV_VER=3.1.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO=1
IV_AUTO_SESS=1
2018-01-09 20:57:01 VERIFY OK : depth=1
cert. version : 3
serial number : 81:60:47:9B:34:D1:58:54
issuer name : C=CO, ST=ST, L=CITY, O=ORG, OU=ORG-UNIT, CN=COMMON-NAME, ??=NAME, emailAddress=EMAIL
subject name : C=CO, ST=ST, L=CITY, O=ORG, OU=ORG-UNIT, CN=COMMON-NAME, ??=NAME, emailAddress=EMAIL
issued on : 2016-08-31 09:24:11
expires on : 2026-08-29 09:24:11
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=true
2018-01-09 20:57:01 VERIFY OK : depth=0
cert. version : 3
serial number : 01
issuer name : C=CO, ST=ST, L=CITY, O=ORG, OU=ORG-UNIT, CN=COMMON-NAME, ??=NAME, emailAddress=EMAIL
subject name : C=FR, ST=IDF, L=Paris, O=xxxx, OU=PiVPN, CN=pivpn, ??=EasyRSA, emailAddress=me@myhost.mydomain
issued on : 20xx-08-31 09:24:14
expires on : 20xx-08-29 09:24:14
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=false
subject alt name : pivpn
cert. type : SSL Server
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication
2018-01-09 20:57:02 SSL Handshake: TLSv1.2/TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
2018-01-09 20:57:02 Session is ACTIVE
2018-01-09 20:57:02 EVENT: GET_CONFIG
2018-01-09 20:57:02 Sending PUSH_REQUEST to server...
2018-01-09 20:57:02 OPTIONS:
0 [route] [10.8.0.1] [255.255.255.255]
1 [route] [10.8.0.0] [255.255.255.0]
2 [route] [192.168.x.x] [255.255.255.0]
3 [dhcp-option] [DNS] [208.67.222.222]
4 [dhcp-option] [DNS] [208.67.220.220]
5 [redirect-gateway] [def1]
6 [route] [10.8.0.0] [255.255.255.0]
7 [topology] [net30]
8 [ping] [10]
9 [ping-restart] [120]
10 [ifconfig] [10.8.0.6] [10.8.0.5]
2018-01-09 20:57:02 PROTOCOL OPTIONS:
cipher: AES-256-CBC
digest: SHA256
compress: LZO
peer ID: -1
2018-01-09 20:57:02 EVENT: ASSIGN_IP
2018-01-09 20:57:02 NIP: preparing TUN network settings
2018-01-09 20:57:02 NIP: init TUN network settings with endpoint: 176.175.x.x
2018-01-09 20:57:02 NIP: adding IPv4 address to network settings 10.8.0.6/255.255.255.252
2018-01-09 20:57:02 NIP: adding (included) IPv4 route 10.8.0.1/32
2018-01-09 20:57:02 NIP: adding (included) IPv4 route 10.8.0.0/24
2018-01-09 20:57:02 NIP: adding (included) IPv4 route 10.8.0.0/24
2018-01-09 20:57:02 NIP: redirecting all IPv4 traffic to TUN interface
2018-01-09 20:57:02 NIP: adding DNS 208.67.222.222
2018-01-09 20:57:02 NIP: adding DNS 208.67.220.220
2018-01-09 20:57:02 Connected via NetworkExtensionTUN
2018-01-09 20:57:02 LZO-ASYM init swap=0 asym=0
2018-01-09 20:57:02 EVENT: CONNECTED @my.dns:443 (176.175.x.x) via /TCPv4 on NetworkExtensionTUN/10.8.0.6/ gw=[/]
<Worked fine for maybe 1 minute... then I disconnected manually from the app.>
2018-01-09 21:01:03 Raw stats on disconnect:
BYTES_IN : 9700911
BYTES_OUT : 1399992
PACKETS_IN : 6418
PACKETS_OUT : 9153
TUN_BYTES_IN : 904069
TUN_BYTES_OUT : 8984158
TUN_PACKETS_IN : 9854
TUN_PACKETS_OUT : 11044
TCP_OVERFLOW : 684
2018-01-09 21:01:03 Performance stats on disconnect:
CPU usage (microseconds): 2412132
Tunnel compression ratio (uplink): 1.54855
Tunnel compression ratio (downlink): 1.07978
Network bytes per CPU second: 4602112
Tunnel bytes per CPU second: 4099372
2018-01-09 21:01:03 EVENT: DISCONNECTED
Re: Upgrade to OpenVPN 1.2.5 (iOS): issues
Posted: Tue Jan 09, 2018 8:46 pm
by ahx-fos
This is a lesson in how to completely stuff up an application upgrade and then how NOT to react to it.
Re: Upgrade to OpenVPN 1.2.5 (iOS): issues
Posted: Tue Jan 09, 2018 9:36 pm
by mmm007
I downgraded to the 1.1.1 build 212 - works brilliant!!! Now I'll switch off the automatic updates and I'll never update this app anymore
Re: Upgrade to OpenVPN 1.2.5 (iOS): issues
Posted: Tue Jan 09, 2018 9:46 pm
by mmm007
Ozwel wrote: ↑Tue Jan 09, 2018 8:12 pm
Hi,
iOS 11.2.1 here on iPhone 8, OpenVPN has become fully
unusable since the update.
I simply use a .ovpn file profile and enter my password to connect. since the update, I can connect, the connection works for 10 to 30 seconds then drops off... while OpenVPN still seems to run fine and iOS displays the VPN logo at the top. For example, WhatsApp displays "connecting" forever after sending one or two messages, Safari does not display pages anymore, etc. All I have to do is disconnect the VPN.
The logs are pasted below but don't seem to show any issue. Maybe you can find something in the config which is not compatible with the new client anymore.
Code: Select all
2018-01-09 20:57:00 ----- OpenVPN Start -----
OpenVPN core 3.1.2 ios arm64 64-bit built on Jan 5 2018 23:09:59
2018-01-09 20:57:00 Frame=512/2048/512 mssfix-ctrl=1250
2018-01-09 20:57:00 UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [persist-key]
7 [persist-tun]
11 [verify-x509-name] [pivpn] [name]
15 [verb] [1]
2018-01-09 20:57:00 EVENT: RESOLVE
2018-01-09 20:57:00 Contacting [176.175.x.x]:443/TCP via TCP
2018-01-09 20:57:00 EVENT: WAIT
2018-01-09 20:57:00 Connecting to [my.dns]:443 (176.175.x.x) via TCPv4
2018-01-09 20:57:00 EVENT: CONNECTING
2018-01-09 20:57:00 Tunnel Options:V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client
2018-01-09 20:57:00 Creds: UsernameEmpty/PasswordEmpty
2018-01-09 20:57:00 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.2.5-1
IV_VER=3.1.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO=1
IV_AUTO_SESS=1
2018-01-09 20:57:01 VERIFY OK : depth=1
cert. version : 3
serial number : 81:60:47:9B:34:D1:58:54
issuer name : C=CO, ST=ST, L=CITY, O=ORG, OU=ORG-UNIT, CN=COMMON-NAME, ??=NAME, emailAddress=EMAIL
subject name : C=CO, ST=ST, L=CITY, O=ORG, OU=ORG-UNIT, CN=COMMON-NAME, ??=NAME, emailAddress=EMAIL
issued on : 2016-08-31 09:24:11
expires on : 2026-08-29 09:24:11
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=true
2018-01-09 20:57:01 VERIFY OK : depth=0
cert. version : 3
serial number : 01
issuer name : C=CO, ST=ST, L=CITY, O=ORG, OU=ORG-UNIT, CN=COMMON-NAME, ??=NAME, emailAddress=EMAIL
subject name : C=FR, ST=IDF, L=Paris, O=xxxx, OU=PiVPN, CN=pivpn, ??=EasyRSA, emailAddress=me@myhost.mydomain
issued on : 20xx-08-31 09:24:14
expires on : 20xx-08-29 09:24:14
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=false
subject alt name : pivpn
cert. type : SSL Server
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication
2018-01-09 20:57:02 SSL Handshake: TLSv1.2/TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
2018-01-09 20:57:02 Session is ACTIVE
2018-01-09 20:57:02 EVENT: GET_CONFIG
2018-01-09 20:57:02 Sending PUSH_REQUEST to server...
2018-01-09 20:57:02 OPTIONS:
0 [route] [10.8.0.1] [255.255.255.255]
1 [route] [10.8.0.0] [255.255.255.0]
2 [route] [192.168.x.x] [255.255.255.0]
3 [dhcp-option] [DNS] [208.67.222.222]
4 [dhcp-option] [DNS] [208.67.220.220]
5 [redirect-gateway] [def1]
6 [route] [10.8.0.0] [255.255.255.0]
7 [topology] [net30]
8 [ping] [10]
9 [ping-restart] [120]
10 [ifconfig] [10.8.0.6] [10.8.0.5]
2018-01-09 20:57:02 PROTOCOL OPTIONS:
cipher: AES-256-CBC
digest: SHA256
compress: LZO
peer ID: -1
2018-01-09 20:57:02 EVENT: ASSIGN_IP
2018-01-09 20:57:02 NIP: preparing TUN network settings
2018-01-09 20:57:02 NIP: init TUN network settings with endpoint: 176.175.x.x
2018-01-09 20:57:02 NIP: adding IPv4 address to network settings 10.8.0.6/255.255.255.252
2018-01-09 20:57:02 NIP: adding (included) IPv4 route 10.8.0.1/32
2018-01-09 20:57:02 NIP: adding (included) IPv4 route 10.8.0.0/24
2018-01-09 20:57:02 NIP: adding (included) IPv4 route 10.8.0.0/24
2018-01-09 20:57:02 NIP: redirecting all IPv4 traffic to TUN interface
2018-01-09 20:57:02 NIP: adding DNS 208.67.222.222
2018-01-09 20:57:02 NIP: adding DNS 208.67.220.220
2018-01-09 20:57:02 Connected via NetworkExtensionTUN
2018-01-09 20:57:02 LZO-ASYM init swap=0 asym=0
2018-01-09 20:57:02 EVENT: CONNECTED @my.dns:443 (176.175.x.x) via /TCPv4 on NetworkExtensionTUN/10.8.0.6/ gw=[/]
<Worked fine for maybe 1 minute... then I disconnected manually from the app.>
2018-01-09 21:01:03 Raw stats on disconnect:
BYTES_IN : 9700911
BYTES_OUT : 1399992
PACKETS_IN : 6418
PACKETS_OUT : 9153
TUN_BYTES_IN : 904069
TUN_BYTES_OUT : 8984158
TUN_PACKETS_IN : 9854
TUN_PACKETS_OUT : 11044
TCP_OVERFLOW : 684
2018-01-09 21:01:03 Performance stats on disconnect:
CPU usage (microseconds): 2412132
Tunnel compression ratio (uplink): 1.54855
Tunnel compression ratio (downlink): 1.07978
Network bytes per CPU second: 4602112
Tunnel bytes per CPU second: 4099372
2018-01-09 21:01:03 EVENT: DISCONNECTED
I had just the same on my iPad 4 with iOS 9.3.4. Absolutely impossible to use because of continuous disconnects ((((( I decided to downgrade to 1.1.1 - works perfect!
Re: Upgrade to OpenVPN 1.2.5 (iOS): issues
Posted: Tue Jan 09, 2018 10:02 pm
by Ozwel
mmm007 wrote: ↑Tue Jan 09, 2018 9:46 pm
I had just the same on my iPad 4 with iOS 9.3.4. Absolutely impossible to use because of continuous disconnects ((((( I decided to downgrade to 1.1.1 - works perfect!
How did you downgrade ?
Please don't tell me your device is jailbroken 
Re: Upgrade to OpenVPN 1.2.5 (iOS): issues
Posted: Tue Jan 09, 2018 10:04 pm
by brugerard
If an additional complain can help accessing ASAP a renamed OpenVPN 1.1.1 on Apple Store. Ver 1.2.5 not working at all with BufferVPN profiles on both my iPhone and iPad. Really disruptive
Re: Upgrade to OpenVPN 1.2.5 (iOS): issues
Posted: Tue Jan 09, 2018 10:27 pm
by rusherfan1560
Greetings,
I just wanted to mention that if anyone is in a pinch using mobileconfig files to provision On Demand VPN, the workaround that seems to have helped me is to add the "CERT" and "KEY" strings into the mobileconfig file.
Just as an example, my mobileconfig file previously only had my encrypted certificate bundle and the "CA" cert for the OpenVPN vendor specific settings listed as a key and string value. I added the base64 encoded versions of the certificate and the private key the same way that I added the "CA" in the OpenVPN settings.
This allowed my mobileconfig file to provision and use VPN On-Demand as before.
So if you were to edit the mobileconfig directly you would add the following (note: I'm just using some random keystrokes to simulate the base64 string for illustration purposes) :
<key>cert</key>
<string>-----BEGIN CERTIFICATE-----\n
Mkkjslkjslkjsnenlkjsnnldkckjslknslks\n
kjkllksndnsljnsndslnsnklsflsknsfdlnsd\n
...
-----END CERTIFICATE-----\n
</string>
<key>key</key>
<string>-----BEGIN PRIVATE KEY-----\n
jkljafdljljlkjdaflksjlkjlkjslkjslkjensef\n
ljlkjdkjskjskjslkjslkjslkjsldjlkjsjlsljsd\n
...
-----END PRIVATE KEY -----\n
</string>
If you do this through Apple Configurator 2 it's easier, just add the Key and paste the value (as plain text) under "Custom Data" (do NOT forget to add the "\n" at the end of each new line)
I realize this won't be practical for everyone but if you are in a pinch it might help.
To the developers, I think all of us have struggled with this update to some degree but I don't want to forget that OpenVPN itself (and this app in particular) has been a blessing and very useful to me. I know you all are likely frustrated (as many of us are) but hey, we appreciate the software, we appreciate your work, and we appreciate you. Hang in there, we know you'll get it worked out.
Re: Upgrade to OpenVPN 1.2.5 (iOS): issues
Posted: Tue Jan 09, 2018 10:46 pm
by iPhrankie
Ozwel wrote: ↑Tue Jan 09, 2018 10:02 pm
mmm007 wrote: ↑Tue Jan 09, 2018 9:46 pm
I had just the same on my iPad 4 with iOS 9.3.4. Absolutely impossible to use because of continuous disconnects ((((( I decided to downgrade to 1.1.1 - works perfect!
How did you downgrade ?
Please don't tell me your device is jailbroken
Yes, please tell us how you downgraded.
Re: Upgrade to OpenVPN 1.2.5 (iOS): issues
Posted: Tue Jan 09, 2018 11:16 pm
by agelwarg
rusherfan1560 wrote: ↑Tue Jan 09, 2018 10:27 pm
Greetings,
I just wanted to mention that if anyone is in a pinch using mobileconfig files to provision On Demand VPN, the workaround that seems to have helped me is to add the "CERT" and "KEY" strings into the mobileconfig file.
Just as an example, my mobileconfig file previously only had my encrypted certificate bundle and the "CA" cert for the OpenVPN vendor specific settings listed as a key and string value. I added the base64 encoded versions of the certificate and the private key the same way that I added the "CA" in the OpenVPN settings.
This allowed my mobileconfig file to provision and use VPN On-Demand as before.
So if you were to edit the mobileconfig directly you would add the following (note: I'm just using some random keystrokes to simulate the base64 string for illustration purposes) :
<key>cert</key>
<string>-----BEGIN CERTIFICATE-----\n
Mkkjslkjslkjsnenlkjsnnldkckjslknslks\n
kjkllksndnsljnsndslnsnklsflsknsfdlnsd\n
...
-----END CERTIFICATE-----\n
</string>
<key>key</key>
<string>-----BEGIN PRIVATE KEY-----\n
jkljafdljljlkjdaflksjlkjlkjslkjslkjensef\n
ljlkjdkjskjskjslkjslkjslkjsldjlkjsjlsljsd\n
...
-----END PRIVATE KEY -----\n
</string>
If you do this through Apple Configurator 2 it's easier, just add the Key and paste the value (as plain text) under "Custom Data" (do NOT forget to add the "\n" at the end of each new line)
I realize this won't be practical for everyone but if you are in a pinch it might help.
To the developers, I think all of us have struggled with this update to some degree but I don't want to forget that OpenVPN itself (and this app in particular) has been a blessing and very useful to me. I know you all are likely frustrated (as many of us are) but hey, we appreciate the software, we appreciate your work, and we appreciate you. Hang in there, we know you'll get it worked out.
I had previously tried what you recommended above with no success initially as my private key was encrypted with a passphrase. After I removed the passphrase (not what I WANTED to do), I found that this worked. So, it appears to be a valid workaround for the time being if you're willing to remove the passphrase from your key.
FWIW, I also tried creating an .ovpn12 bundle where the private key internally is also NOT encrypted -- that doesn't work.
Re: Upgrade to OpenVPN 1.2.5 (iOS): issues
Posted: Wed Jan 10, 2018 12:04 am
by Mark Gillespie
Please give us something to use whilst you fix this, I'm tearing my hair out here, searching the Net for some kind of workaround
Re: Upgrade to OpenVPN 1.2.5 (iOS): issues
Posted: Wed Jan 10, 2018 1:30 am
by bearever
For those who want to roll back to v1.1.1, you don’t need to jailbreak your phone. You can accomplish the roll back with these steps. First of all you will need to download these tools:
iTunes 12.6.3 (the latest version of iTunes no longer has App Store so you will need install an older version):
http://osxdaily.com/2017/10/09/get-itun ... app-store/
Fiddler (to trick App Store to give you an older version of iPhone/iPad app):
https://www.telerik.com/fiddler
And follow this generic tutorial:
https://m.youtube.com/watch?v=LBNHia-lqs8
You will also need to disable auto update for apps in iPhone settings (Settings -> iTunes & App Store -> Updates -> toggle to OFF).
Good luck!
Re: Upgrade to OpenVPN 1.2.5 (iOS): issues
Posted: Wed Jan 10, 2018 2:06 am
by taiwanmobileservices
Hi!
Please make this iOS OpenVPN Connect App with Paid, say, US 2.99 ~ 3.99, to support you guys at the developing and supporting team!
I believe in this way you should get some more skilled resources to make the OpenVPN Connect App more Secured and Reliable plus even more features.
I also believe people like us need to use OpenVPN Connect App for our daily life and work are will to pay.
Thanks/Br,
Birdman Hsu
ordex wrote: ↑Tue Jan 09, 2018 2:14 am
Hello and thanks for reporting your issues with the new App.
Unfortunately, due to the way the new Apple API works, the App is restricted from accessing the iOS keychain.
Keys have to be imported in the OpenVPN Connect App keychain directly in order to be visible.
This can be done by renaming the extension of your PKCS#12 file to .ovpn12 (instead of .p12 of .pfx) and then sharing the file with the App (same as you would do with a ovpn profile).
Once you shared the file, the key/cert will be saved in the App keychain and will be available for use.
We are currently working with Apple to find a way to have at least partly access to the iOS keychain again.
We are sorry for this change in behaviour. We tried to highlight this change in the changelog, but it was probably not enough.
For those unable to import profiles at all, could you please let us know if you get any error message at all?