Can't connect from iPhone to the OpenVPN server

[knecht]

Hi,

I try to connect from a iPhone (ios 6.1.3) to my OpenVPN server but it didn't connect success.
I start debugging on the iPhone, but only ----- OpenVPN Start ----- is logged.

openvpn.ovpn

Code: Select all

client
dev tun
proto tcp
port 443
remote openvpn.domain.de 443 tcp
resolv-retry infinite
nobind
auth-user-pass
auth-nocache
persist-key
persist-tun
comp-lzo
reneg-sec 3600
verb 6

<ca>
-----BEGIN CERTIFICATE-----

[CA]
-----END CERTIFICATE-----

</ca>

<cert>
-----BEGIN CERTIFICATE-----
[CERT]
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN PRIVATE KEY-----
[KEY]
-----END PRIVATE KEY-----
</key>

On the OpenVPN server i debug with TCPDUMP and can't see any paket from the iPhone.
Instead of the name openvpn.domain.de i try the real IP address of the server but
it didn't work.
What is wrong in my setup ?

[rvleij]

I have exactly the same problem, though a little different config (UDP and less options). Connecting to the same server works fine from a Mac, but nothing is coming in on the interface on the server (tcpdump on the port gives nothing at all).

I first tried importing the certs as a pkcs12 in the iPhone (latest iOS), but there I get the error that I found here on the forum about the cert format due to polarSSL being used. I then imported the CA and included it into the ovpn file as well. From there on the SSL errors went away, but the log only shows "starting openvpn" nothing more.

Right now I'm running with a config where ca, cert and key are included, according to the help. Same effect there.

Can try with more verbose logging and see what it says.

/Robin

[rvleij]

Ah beh.

That was easy. I saw that I pasted in some screen formatting in the certs when I created my ovpn config file.
So a syntax error in the inline certs won't give any more info than "starting openvpn" and then nothing.

I still didn't get it working, now I just have a "can't resolve hostname" even though the hostname is correct, so something's fishy with the config still.

/robin

[janjust]

show the server config, I'm curious which information is pushed from the server to the (iOS) client.

[rvleij]

Hoi,

show the server config, I'm curious which information is pushed from the server to the (iOS) client.

Basically the sample config with

push "route 10.1.1.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"

not much more. I solved the "no route to host" while connecting on the iOS device with replacing the hostname with IP. Then it worked. Seems like a bug in the iOS client somehow?

/Robin

[janjust]

can the iOS client reach the server by name (e.g. can you do a ping or browse to a website) ?
it seems that name resolution is broken on your iPhone - this is not something that openvpn can fix.

[rvleij]

can the iOS client reach the server by name (e.g. can you do a ping or browse to a website) ?
it seems that name resolution is broken on your iPhone - this is not something that openvpn can fix.

Nicetrace finds the same hostname fine, and I'm using another host in the same domain for mail, which works fine too. Also found other references to the same problem (that's how I got the idea of replacing hostname with IP) googling. But it's working with my "workaround", so fine by me.

/Robin

[knecht]

Hi,
I check my iPhone config file openvpnserver.ovpn with vi on Unix and saw that in the certificate paste some CR so i paste the certificate again and it works now fine.