Code: Select all
tun-mtu 1100That is, my android client was running with tun-mtu 1500. And the connection did not succeed.Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
The server log says:
While the client was waiting for server reply before connection timed out.Mon Apr 14 1:26:37 2014 Authenticate/Decrypt packet error: packet HMAC authentication failed
The app behaves the same whether I root or unroot the device. I tried using "OpenVPN for Android," another openvpn client; I had no problem setting tun-mtu to 1100 and connecting to server.
The following is the full client configuration:
Code: Select all
client
hand-window 120
ca ca.crt
cert my.crt
key my.key
tls-auth ta.key 1
replay-persist replayfile
cipher BF-CBC
keysize 128
ns-cert-type server
remote-cert-tls server
comp-lzo
dev tun
tun-mtu 1100
passtos
proto udp
resolv-retry infinite
remote ********.com 5222
nobind
persist-key
persist-tun
persist-remote-ip
persist-local-ip
Code: Select all
proto udp
port 5222
dev tun0
tun-mtu 1100
connect-freq 1 6
server 10.69.193.32 255.255.255.224
topology subnet
ifconfig-pool-persist ipp.txt
client-config-dir ccd
client-to-client
keepalive 10 60
ping-timer-rem
push "explicit-exit-notify 2"
push "inactive 3600 1048576"
push "redirect-gateway def1 autolocal bypass-dhcp"
push-peer-info
opt-verify
hand-window 120
remote-cert-tls client
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
tls-auth ta.key 0
cipher BF-CBC
keysize 128
comp-lzo
crl-verify /etc/openvpn/chase.crl
engine dynamic
passtos
fast-io
persist-key
persist-tun
persist-remote-ip
persist-local-ip
user nobody
group nogroup
status openvpn-status
log openvpn-log
verb 6
mute 20