iPhone 3g cannot set up OpenVPN Connect 1.4.0
Posted: Thu Jul 24, 2014 10:36 am
Please do not hesitate to tell me if this question has already been answered, although I didn't find any clue browsing this forum.
I am trying to connect a iPhone 3g client with OpenVPN Connect application to a Debian7 OpenVPN server (official package).
The configuration on server side works well with Android and Linux clients and is quite the same as the Debian documentation. Here is the server configuration:
Here is the openvpn.ovpn file installed on iPhone
Here are the error log message from server side:
Apparently some options are missing on client side, while this is quite surprising as I created my certificate following carefully the instructions given at the debian wiki page.
I have tried to write dev-type tun, link-mtu 1542, tun-mtu 1500 on client configuration side, without any change.
On client side, I always got this error:
Googling only show a ca pathlen=0 problem, which is not my case.
As this configuration is working on Android and Linux, I think the problem comes from iPhone; but got no clue to go forward.
Any help would be greatly appreciated
I am trying to connect a iPhone 3g client with OpenVPN Connect application to a Debian7 OpenVPN server (official package).
The configuration on server side works well with Android and Linux clients and is quite the same as the Debian documentation. Here is the server configuration:
Code: Select all
port 1194
lport 1194
proto udp
dev tun0
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/vpn.pelicanux.net.crt
key /etc/openvpn/easy-rsa/keys/vpn.pelicanux.net.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
server 10.9.8.0 255.255.255.0
ifconfig 10.9.8.1 255.255.255.0
ifconfig-pool-persist ipp.txt
route-gateway 10.9.8.1
client-to-client
push "redirect-gateway 10.9.8.1"
#push "redirect-gateway def1"
push "dhcp-option DNS 172.17.2.11"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status log/openvpn-status.log
verb 5Code: Select all
client
dev tun0
lport 1194
proto udp
remote 5.39.82.22 1194
mute-replay-warnings
comp-lzo
persist-key
persist-tun
set CLIENT_CERT 0
verb 5
pull
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>Code: Select all
Jul 24 12:15:23 server ovpn-server[30830]: client_IP:55890 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Jul 24 12:15:23 server ovpn-server[30830]: client_IP:55890 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Jul 24 12:15:23 server ovpn-server[30830]: client_IP:55890 Local Options hash (VER=V4): '530fdded'
Jul 24 12:15:23 server ovpn-server[30830]: client_IP:55890 Expected Remote Options hash (VER=V4): '41690919'
Jul 24 12:15:23 server ovpn-server[30830]: client_IP:55890 TLS: Initial packet from [AF_INET]client_IP:55890, sid=a6834e43 6d1952d8
Jul 24 12:15:23 server ovpn-server[30830]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111)I have tried to write dev-type tun, link-mtu 1542, tun-mtu 1500 on client configuration side, without any change.
On client side, I always got this error:
Code: Select all
Transport Error: PolarSSL: SSL read error: X509 - Certificate verification failed, e.g. CRL,CA or signature check failedAs this configuration is working on Android and Linux, I think the problem comes from iPhone; but got no clue to go forward.
Any help would be greatly appreciated