OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

Upgrade to OpenVPN 1.2.5 (iOS): issues

https://forums.openvpn.net/viewtopic.php?t=25587

Page 4 of 8

Re: Upgrade to OpenVPN 1.2.5 (iOS): issues

Posted: Wed Jan 10, 2018 6:19 am
by rgala
For me the upgrade ruined it completely. However, I do not have problems like other people, maybe it's because I am using unified config with keys and certificates embedded. In my case the connection just stops working after transmitting few megabytes of data. I can see the VPN icon on top of the screen but it just won't transmit anymore bytes. No errors appear in logs on both the server and client side :(

Re: Upgrade to OpenVPN 1.2.5 (iOS): issues

Posted: Wed Jan 10, 2018 6:32 am
by seanob
ordex wrote:
Tue Jan 09, 2018 3:24 pm
Robyn wrote:
Tue Jan 09, 2018 3:06 pm
Robyn wrote:
Tue Jan 09, 2018 11:34 am
 The biggest issue for me in this release (compared to 1.1.1) is that the Network State Detection system does not work anymore. Previously, when switching networks or enabling / disabling airplane mode would result in a succesful reconnection attempt (OpenVPN would simply pause the connection during network changes).

Now, when using a UDP connection and the network state changes, this results in a disconnect. When using a TCP connection, the connection does not pause and when iOS reestablishes the network connection, OpenVPN shows that it is connected but internet connectivity is effectively lost (iOS still shows all the indicators and the VPN symbol).
This is what happens when going into airplane mode when connected to a server through UDP and disabling airplane mode again.
In other words, disabling airplane mode does not lead to reconnecting. When changing from Wifi to mobile, the error is line-by-line the same.

Code: Select all

2018-01-09 16:00:29 UDP send error: SYSTEM/Can't assign requested address
2018-01-09 16:00:29 Transport Error: EADDRNOTAVAIL: Can't assign requested address
2018-01-09 16:00:29 EVENT: TRANSPORT_ERROR EADDRNOTAVAIL: Can't assign requested address [ERR]
2018-01-09 16:00:29 Client terminated, restarting in 5000 ms...
2018-01-09 16:00:29 Raw stats on disconnect:
  BYTES_IN : 26478
  BYTES_OUT : 13793
  PACKETS_IN : 92
  PACKETS_OUT : 114
  TUN_BYTES_IN : 10231
  TUN_BYTES_OUT : 23391
  TUN_PACKETS_IN : 106
  TUN_PACKETS_OUT : 83
  NETWORK_SEND_ERROR : 1
  TRANSPORT_ERROR : 1
Thanks for the log. I am opening an internal ticket with this information.
Yep I’m getting this issue as well when switching networks. Didn’t get this issue on the previous public version.

Re: Upgrade to OpenVPN 1.2.5 (iOS): issues

Posted: Wed Jan 10, 2018 7:30 am
by ocer
mmm007 wrote:
Tue Jan 09, 2018 5:24 am
 Please rollback it to 1.2.4 and I'll not update it at all in future. Version 1.2.4 worked perfectly on my iPad4 with iOS 9. But now is not working (((( On 1.2.4 the connection was ansolutely stable and I was connected to my VPN server for hours, but now is a mess: disconnect every 10-60 seconds and I should every time go to the application and switch it on manualy again and again. I'm not going to update iOS to 11, so why I can not use the app 1.2.4? Please put it to the market again for the users with iOS 9 and below

Or put to the market the stable version 1.2.4 with a different name for example OpenVPN Connect Old for the users who don't need iOS X
same here~

Re: Upgrade to OpenVPN 1.2.5 (iOS): issues

Posted: Wed Jan 10, 2018 7:39 am
by nodefeet
The new version is not working for me either.
The only difference in the logs between 1.1.1 and 1.2.5 are the last two lines:

Log with version 1.2.5:
"tex/10.8.0.2/ gw=[/]"
2018-01-09 15:36:18 EVENT: CONNECTED @xyz.myfritz.net:1724 (xyz) via /TCPv4 on tex/10.8.0.2/ gw=[/]

Log with version 1.1.1:
"tun/10.8.0.2/ gw=[10.8.0.1/"]
2018-01-09 15:29:27 EVENT: CONNECTED @xyz.myfritz.net:1724 (xyz) via /TCPv4 on tun/10.8.0.2/ gw=[10.8.0.1/]

1.1.1 worked perfectly fine for me

Edit: I mixed up version 1.1.1 with 1.2.4

Re: Upgrade to OpenVPN 1.2.5 (iOS): issues

Posted: Wed Jan 10, 2018 7:59 am
by ordex
nodefeet wrote:
Wed Jan 10, 2018 7:39 am
 The new version is not working for me either.
The only difference in the logs between 1.2.4. and 1.2.5 are the last two lines:

Log with version 1.2.5:
"tex/10.8.0.2/ gw=[/]"
2018-01-09 15:36:18 EVENT: CONNECTED @xyz.myfritz.net:1724 (xyz) via /TCPv4 on tex/10.8.0.2/ gw=[/]

Log with version 1.2.4:
"tun/10.8.0.2/ gw=[10.8.0.1/"]
2018-01-09 15:29:27 EVENT: CONNECTED @xyz.myfritz.net:1724 (xyz) via /TCPv4 on tun/10.8.0.2/ gw=[10.8.0.1/]

1.2.4 worked perfectly fine for me
were you a beta-tester for 1.2.4? or are you referring to the previous version in AppStore, namely 1.1.1?

edit:

could you please elaborate on what is not working?
Thanks!

Re: Upgrade to OpenVPN 1.2.5 (iOS): issues

Posted: Wed Jan 10, 2018 9:18 am
by nodefeet
Sorry I mixed up the version. I was indeed referring 1.1.1.

Unfortunetely I am not that technically savvy to point out what exactly is not working except that I cannot connect to my VPN server. Like I said the logs are the same except the last lines. So I can only guess that since my VPN Server adress 10.8.0.1 is not showing in "gw=[/]" it has something to do with this. Also what is tex?

The OpenVPN App itself is not showing any erros and says connected (altough the last line I used from version 1.1.1 "SetStatus Connected" is missing)

Let me know if I can provide further information.

Re: Upgrade to OpenVPN 1.2.5 (iOS): issues

Posted: Wed Jan 10, 2018 9:22 am
by Ozwel
rgala wrote:
Wed Jan 10, 2018 6:19 am
 For me the upgrade ruined it completely. However, I do not have problems like other people, maybe it's because I am using unified config with keys and certificates embedded. In my case the connection just stops working after transmitting few megabytes of data. I can see the VPN icon on top of the screen but it just won't transmit anymore bytes. No errors appear in logs on both the server and client side :(
Same problem than mine, described on page 3.

Re: Upgrade to OpenVPN 1.2.5 (iOS): issues

Posted: Wed Jan 10, 2018 9:28 am
by peter_sm
Posted in wrong place before ...

I got my server working with latest version of the app. I think the key was to move from tls-auto to tls-crypt

PLEASE, if you see any bad or missing settings feel free to let me know :-)


Server config

Code: Select all

server 10.33.0.0 255.255.255.0
local 192.168.0.190
dev tun
port 1199
proto udp
dh /mnt/disks/SSD1/appdata/myVPNserver_rsa/dh.pem
ca /mnt/disks/SSD1/appdata/myVPNserver_rsa/ca.crt
cert /mnt/disks/SSD1/appdata/myVPNserver_rsa/server.crt
key /mnt/disks/SSD1/appdata/myVPNserver_rsa/server.key
push "dhcp-option DNS 192.168.0.1"
tls-server
verb 3
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA
tls-crypt /mnt/disks/SSD1/appdata/myVPNserver_rsa/ta.key
persist-key
persist-tun
keepalive 10 120
user nobody
group users
cipher AES-256-GCM
ncp-disable
auth sha512
comp-lzo adaptive
push "route 192.168.0.0 255.255.255.0"
push "resolv-retry infinite"
status /var/log/openvpnserver-status.log 5
log-append /var/log/openvpnserver.log
status-version 2
explicit-exit-notify 0
remote-cert-tls client
remote-cert-eku "TLS Web Client Authentication"
Client

Code: Select all

remote my.vpnserver.com
tls-client
cipher AES-256-GCM
tls-version-min 1.2
auth sha512
client
dev tun
proto udp
port 1199
nobind
persist-key
persist-tun
resolv-retry infinite
comp-lzo adaptive
verb 3
remote-cert-tls server
remote-cert-eku "TLS Web Server Authentication"
route-delay 2

<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-crypt>

Log

Code: Select all

2018-01-10 06:42:19 ----- OpenVPN Start -----
OpenVPN core 3.1.2 ios arm64 64-bit built on Jan  5 2018 23:09:59
2018-01-10 06:42:19 Frame=512/2048/512 mssfix-ctrl=1250
2018-01-10 06:42:19 UNUSED OPTIONS
1 [tls-client] 
9 [nobind] 
10 [persist-key] 
11 [persist-tun] 
12 [resolv-retry] [infinite] 
14 [verb] [3] 
17 [route-delay] [2] 

2018-01-10 06:42:19 EVENT: RESOLVE
2018-01-10 06:42:19 Contacting [yy.yyy.yyy.yyy]:1199/UDP via UDP
2018-01-10 06:42:19 EVENT: WAIT
2018-01-10 06:42:19 Connecting to [xxx.xxx.com]:1199 (yy.yyy.yyy.yyy) via UDPv4
2018-01-10 06:42:19 EVENT: CONNECTING
2018-01-10 06:42:19 Tunnel Options:V4,dev-type tun,link-mtu 1522,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-GCM,auth SHA512,keysize 256,key-method 2,tls-client
2018-01-10 06:42:19 Creds: UsernameEmpty/PasswordEmpty
2018-01-10 06:42:19 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.2.5-1
IV_VER=3.1.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO=1
IV_AUTO_SESS=1

2018-01-10 06:42:19 VERIFY OK : depth=1
cert. version    : 3
serial number    : A6:8E:1D:AD:5B:E2:A0:D1
issuer name      : CN=Easy-RSA CA
subject name      : CN=Easy-RSA CA
issued  on        : 2018-01-09 17:25:06
expires on        : 2028-01-07 17:25:06
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=true
key usage        : Key Cert Sign, CRL Sign

2018-01-10 06:42:19 VERIFY OK : depth=0
cert. version    : 3
serial number    : 91:9F:27:18:FE:5E:3F:EC:48:4F:84:7E:00:FF:0F:F6
issuer name      : CN=Easy-RSA CA
subject name      : CN=server
issued  on        : 2018-01-09 17:25:07
expires on        : 2028-01-07 17:25:07
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=false
subject alt name  : server
key usage        : Digital Signature, Key Encipherment
ext key usage    : TLS Web Server Authentication

2018-01-10 06:42:19 SSL Handshake: TLSv1.2/TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
2018-01-10 06:42:19 Session is ACTIVE
2018-01-10 06:42:19 EVENT: GET_CONFIG
2018-01-10 06:42:19 Sending PUSH_REQUEST to server...
2018-01-10 06:42:19 OPTIONS:
0 [dhcp-option] [DNS] [192.168.0.1] 
1 [route] [192.168.0.0] [255.255.255.0] 
2 [resolv-retry] [infinite] 
3 [route] [10.33.0.1] 
4 [topology] [net30] 
5 [ping] [10] 
6 [ping-restart] [120] 
7 [ifconfig] [10.33.0.6] [10.33.0.5] 
8 [peer-id] [0] 

2018-01-10 06:42:19 PROTOCOL OPTIONS:
  cipher: AES-256-GCM
  digest: SHA512
  compress: LZO
  peer ID: 0
2018-01-10 06:42:19 EVENT: ASSIGN_IP
2018-01-10 06:42:19 NIP: preparing TUN network settings
2018-01-10 06:42:19 NIP: init TUN network settings with endpoint: yy.yyy.yyy.yyy
2018-01-10 06:42:19 NIP: adding IPv4 address to network settings 10.33.0.6/255.255.255.252
2018-01-10 06:42:19 NIP: adding (included) IPv4 route 192.168.0.0/24
2018-01-10 06:42:19 NIP: adding (included) IPv4 route 10.33.0.1/32
2018-01-10 06:42:19 NIP: adding DNS 192.168.0.1
2018-01-10 06:42:19 NIP: adding search domain 
2018-01-10 06:42:19 Connected via NetworkExtensionTUN
2018-01-10 06:42:19 LZO-ASYM init swap=0 asym=0
2018-01-10 06:42:19 EVENT: CONNECTED @xxx.xxx.com:1199 (yy.yyy.yy.yyy) via /UDPv4 on NetworkExtensionTUN/10.33.0.6/ gw=[/]

Re: Upgrade to OpenVPN 1.2.5 (iOS): issues

Posted: Wed Jan 10, 2018 9:31 am
by ordex
peter_sm wrote:
Wed Jan 10, 2018 9:28 am
 Posted in wrong place before ...

I got my server working with latest version of the app. I think the key was to move from tls-auto to tls-crypt
I did move your post before because it is about tls-auth, thus more related to the other thread.

Re: Upgrade to OpenVPN 1.2.5 (iOS): issues

Posted: Wed Jan 10, 2018 10:50 am
by sn2411
I'm unable to reconnect after my phone sleeps for >30s, unlike in version 1.1.1.

Stuck on "Looking up DNS name", log as follows:

Code: Select all

2018-01-10 18:02:35 EVENT: PAUSE
2018-01-10 18:02:40 OS Event: WAKEUP
2018-01-10 18:02:43 RESUME TEST: Internet:ReachableViaWWAN/WR t------
2018-01-10 18:02:43 STANDARD RESUME
2018-01-10 18:02:43 EVENT: RESUME
2018-01-10 18:02:43 EVENT: RECONNECTING
2018-01-10 18:02:43 EVENT: RESOLVE
2018-01-10 18:02:43 OS Event: SLEEP
2018-01-10 18:02:43 EVENT: PAUSE
2018-01-10 18:03:33 OS Event: WAKEUP
2018-01-10 18:03:36 RESUME TEST: Internet:ReachableViaWWAN/WR t------
2018-01-10 18:03:36 STANDARD RESUME
2018-01-10 18:03:36 EVENT: RESUME
2018-01-10 18:03:36 EVENT: RECONNECTING
2018-01-10 18:03:36 EVENT: RESOLVE
2018-01-10 18:03:46 Server poll timeout, trying next remote entry...
2018-01-10 18:03:46 EVENT: RECONNECTING
2018-01-10 18:03:46 EVENT: RESOLVE
2018-01-10 18:03:57 Server poll timeout, trying next remote entry...
Rinse and repeat bottom 3 lines

Workarounds are to disconnect and reconnect, or to enable seamless tunnel, which is a huge battery hog...

Re: Upgrade to OpenVPN 1.2.5 (iOS): issues

Posted: Wed Jan 10, 2018 10:56 am
by ordex
sn2411 wrote:
Wed Jan 10, 2018 10:50 am
 I'm unable to reconnect after my phone sleeps for >30s, unlike in version 1.1.1.

Stuck on "Looking up DNS name", log as follows:

Code: Select all

2018-01-10 18:02:35 EVENT: PAUSE
2018-01-10 18:02:40 OS Event: WAKEUP
2018-01-10 18:02:43 RESUME TEST: Internet:ReachableViaWWAN/WR t------
2018-01-10 18:02:43 STANDARD RESUME
2018-01-10 18:02:43 EVENT: RESUME
2018-01-10 18:02:43 EVENT: RECONNECTING
2018-01-10 18:02:43 EVENT: RESOLVE
2018-01-10 18:02:43 OS Event: SLEEP
2018-01-10 18:02:43 EVENT: PAUSE
2018-01-10 18:03:33 OS Event: WAKEUP
2018-01-10 18:03:36 RESUME TEST: Internet:ReachableViaWWAN/WR t------
2018-01-10 18:03:36 STANDARD RESUME
2018-01-10 18:03:36 EVENT: RESUME
2018-01-10 18:03:36 EVENT: RECONNECTING
2018-01-10 18:03:36 EVENT: RESOLVE
2018-01-10 18:03:46 Server poll timeout, trying next remote entry...
2018-01-10 18:03:46 EVENT: RECONNECTING
2018-01-10 18:03:46 EVENT: RESOLVE
2018-01-10 18:03:57 Server poll timeout, trying next remote entry...
Rinse and repeat bottom 3 lines

Workarounds are to disconnect and reconnect, or to enable seamless tunnel, which is a huge battery hog...
Hi and thanks for the report.
May I know what device is this and what iOS version are you running?

Thanks

Re: Upgrade to OpenVPN 1.2.5 (iOS): issues

Posted: Wed Jan 10, 2018 11:07 am
by sn2411
sn2411 wrote:
Wed Jan 10, 2018 10:50 am
Hi and thanks for the report.
May I know what device is this and what iOS version are you running?

Thanks
It's an iPhone 7 running iOS 11.2.2

Re: Upgrade to OpenVPN 1.2.5 (iOS): issues

Posted: Wed Jan 10, 2018 11:16 am
by mmm007
Ozwel wrote:
Tue Jan 09, 2018 10:02 pm
mmm007 wrote:
Tue Jan 09, 2018 9:46 pm
I had just the same on my iPad 4 with iOS 9.3.4. Absolutely impossible to use because of continuous disconnects ((((( I decided to downgrade to 1.1.1 - works perfect!
How did you downgrade ? Please don't tell me your device is jailbroken :cry:
Not. I'm not a supporter of jailbrake and I naven't it on my device and haven't even tryed it. But for downgrade it is not needed. You need iTunes and you need to intercept and modify the packet going from your computer to AppStore to ask for older version and then to sync with your device.

Re: Upgrade to OpenVPN 1.2.5 (iOS): issues

Posted: Wed Jan 10, 2018 2:30 pm
by petar pan
The new version of the app does not reconnect after a network change/outage, which makes it worthless. It loses connectivity to the VPN if I stop the WiFi and turn it on again and never tries to restore it, even though I have the seamless tunnel option turned on. Nothing happens after the "EVENT: PAUSE" in the log below, after a few minutes wait.

Code: Select all

2018-01-10 16:06:03 LZO-ASYM init swap=0 asym=0
2018-01-10 16:06:03 EVENT: CONNECTED @46.249.73.212:1194 (46.249.73.212) via /UDPv4 on NetworkExtensionTUN/10.8.0.2/ gw=[/]
2018-01-10 16:06:08 OS Event: NET UNAVAILABLE (PAUSE): Internet:NotReachable/-R tc-----
2018-01-10 16:06:08 UDP send error: SYSTEM/Can't assign requested address
2018-01-10 16:06:08 Transport Error: EADDRNOTAVAIL: Can't assign requested address
2018-01-10 16:06:08 EVENT: TRANSPORT_ERROR EADDRNOTAVAIL: Can't assign requested address [ERR]
2018-01-10 16:06:08 Client terminated, restarting in 5000 ms...
2018-01-10 16:06:08 Raw stats on disconnect:
  BYTES_IN : 4974
  BYTES_OUT : 3239
  PACKETS_IN : 42
  PACKETS_OUT : 42
  TUN_BYTES_IN : 250
  TUN_BYTES_OUT : 1680
  TUN_PACKETS_IN : 4
  TUN_PACKETS_OUT : 4
  NETWORK_SEND_ERROR : 1
  TRANSPORT_ERROR : 1
2018-01-10 16:06:08 Performance stats on disconnect:
  CPU usage (microseconds): 344911
  Tunnel compression ratio (uplink): 12.956
  Tunnel compression ratio (downlink): 2.96071
  Network bytes per CPU second: 23811
  Tunnel bytes per CPU second: 5595
2018-01-10 16:06:08 EVENT: PAUSE

Re: Upgrade to OpenVPN 1.2.5 (iOS): issues

Posted: Wed Jan 10, 2018 2:43 pm
by novaflash
Could you have a look at this page to see if there's anything that applies to you, specifically for example the tls-auth setting?
https://docs.openvpn.net/openvpn-connec ... os-issues/

Re: Upgrade to OpenVPN 1.2.5 (iOS): issues

Posted: Wed Jan 10, 2018 4:25 pm
by dmq
Thanks ordex. I wrote you an email. In another thread peter-sm said, that we could try to change tls-auth with tls-crypt. Is this a valid workaround? But as I said - no packets leave my phone with VoD. In the other thread they all have hmac/auth errors.

Re: Upgrade to OpenVPN 1.2.5 (iOS): issues

Posted: Wed Jan 10, 2018 4:33 pm
by edemalm
My on-demand profiles created with Apple Configurator also stopped working. I cannot connect at all, not within the iPhone Settings and not within the OpenVPN Connect app. The flip switch just jumps back to disconnected. The log window is completely empty, and the server logs sees no traffic as well.

After reading this entire thread I realized the 1.2.5 version is just broken. My profiles has been working fine for many years until now.

As a last resort, just to try things out, I made a new .ovpn profile with inline certs and keys. That DID work, somewhat. I manage to connect, but only from within the OpenVPN app. Still unable to flip the VPN switch within the iPhone Settings.

Next, I notised that the pushed PROXY_HTTP and PROXY_HTTPS options is not honored by Safari and other apps. I see the options being delivered by the server and accepted by the OpenVPN Connect app (NIP: Setting HTTP proxy to...) but they seems to be ignored.

Please, roll back to 1.1.1 and release it as 1.2.5.1 or something...

Re: Upgrade to OpenVPN 1.2.5 (iOS): issues

Posted: Wed Jan 10, 2018 4:38 pm
by dmq
As a last resort, just to try things out, I made a new .ovpn profile with inline certs and keys. That DID work, somewhat. I manage to connect, but only from within the OpenVPN app. Still unable to flip the VPN switch within the iPhone Settings.
But the On-demand part is not working, right?

Re: Upgrade to OpenVPN 1.2.5 (iOS): issues

Posted: Wed Jan 10, 2018 4:44 pm
by edemalm
dmq wrote:
Wed Jan 10, 2018 4:38 pm
As a last resort, just to try things out, I made a new .ovpn profile with inline certs and keys. That DID work, somewhat. I manage to connect, but only from within the OpenVPN app. Still unable to flip the VPN switch within the iPhone Settings.
But the On-demand part is not working, right?
Nope, no On-demand functionality with the ovpn profile installed. The best thing I managed to come up with is a connection with a manual on/off functionality without working proxy options. Not good at all. :-(

Re: Upgrade to OpenVPN 1.2.5 (iOS): issues

Posted: Wed Jan 10, 2018 4:47 pm
by dmq
I opened a ticket - I think we are dealing with nearly the same issue. I'll keep the forum up2date.
All times are UTC
Page 4 of 8
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/