openvpn work in win7 , but same file dont work on iphone 5 ?
Posted: Thu Aug 28, 2014 8:18 am
hi all ,
i have openvpn server on centos.
it works fine with win 7 client with openvpn client
but when i get same file with my iphone , i can see that vpn connected , but cant ping anything and cant reach anything ??!!
any help ?
i mean with my win 7 , it work as i want and cant access remote servers , but with iphone with same file it connect , but cant access anything ??!!
================
i will post the config on server & client & my logs
====================
[root@pbx1 ~]# cat /etc/openvpn/server.conf
port 1194 #- port
proto udp #- protocol
dev tun
tun-mtu 1500
mssfix 1450
reneg-sec 0
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status 1194.log
verb 3
===============================================
client
dev tun0
proto udp
remote xxxxx 1194 # - Your server IP and OpenVPN Port
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
persist-key
persist-tun
verb 3
redirect-gateway
#route-nopull
#route 192.168.1.10 255.255.255.255 vpn_gateway
ns-cert-type server
keepalive 10 120
comp-lzo
pull
<ca>
-----BEGIN CERTIFICATE-----
xxxxxx
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
xxxxxx
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
xxxxx
-----END RSA PRIVATE
KEY-----
</key>
==================================
logs on server when iphone connect
Aug 28 09:11:18 pbx1 openvpn[18354]: MULTI: multi_create_instance called
Aug 28 09:11:18 pbx1 openvpn[18354]: 176.58.65.30:58078 Re-using SSL/TLS context
Aug 28 09:11:18 pbx1 openvpn[18354]: 176.58.65.30:58078 LZO compression initialized
Aug 28 09:11:18 pbx1 openvpn[18354]: 176.58.65.30:58078 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Aug 28 09:11:18 pbx1 openvpn[18354]: 176.58.65.30:58078 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Aug 28 09:11:18 pbx1 openvpn[18354]: 176.58.65.30:58078 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Aug 28 09:11:18 pbx1 openvpn[18354]: 176.58.65.30:58078 Local Options hash (VER=V4): '530fdded'
Aug 28 09:11:18 pbx1 openvpn[18354]: 176.58.65.30:58078 Expected Remote Options hash (VER=V4): '41690919'
Aug 28 09:11:18 pbx1 openvpn[18354]: 176.58.65.30:58078 TLS: Initial packet from 176.58.65.30:58078, sid=9b19d55e 1cfc06de
Aug 28 09:11:19 pbx1 openvpn[18354]: 176.58.65.30:58078 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=changeme/CN=changeme/name=a/emailAddress=a@a
Aug 28 09:11:19 pbx1 openvpn[18354]: 176.58.65.30:58078 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=changeme/CN=newclient1/name=changeme/emailAddress=mail@host.domain
Aug 28 09:11:19 pbx1 openvpn[18354]: 176.58.65.30:58078 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=changeme/CN=newclient1/name=changeme/emailAddress=mail@host.domain
Aug 28 09:11:19 pbx1 openvpn[18354]: 176.58.65.30:58078 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Aug 28 09:11:19 pbx1 openvpn[18354]: 176.58.65.30:58078 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Aug 28 09:11:19 pbx1 openvpn[18354]: 176.58.65.30:58078 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Aug 28 09:11:19 pbx1 openvpn[18354]: 176.58.65.30:58078 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Aug 28 09:11:19 pbx1 openvpn[18354]: 176.58.65.30:58078 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Aug 28 09:11:19 pbx1 openvpn[18354]: 176.58.65.30:58078 [newclient1] Peer Connection Initiated with 176.58.65.30:58078
Aug 28 09:11:19 pbx1 openvpn[18354]: newclient1/vv.65.30:58078 MULTI: Learn: 10.8.0.6 -> newclient1/176.58.65.30:58078
Aug 28 09:11:19 pbx1 openvpn[18354]: newclient1/vv.65.30:58078 MULTI: primary virtual IP for newclient1/176.58.65.30:58078: 10.8.0.6
Aug 28 09:11:19 pbx1 openvpn[18354]: newclient1/vv.65.30:58078 MULTI: Learn: 10.8.0.6 -> newclient1/176.58.65.30:58078
Aug 28 09:11:19 pbx1 openvpn[18354]: newclient1/vv.65.30:58078 MULTI: primary virtual IP for newclient1/176.58.65.30:58078: 10.8.0.6
Aug 28 09:11:20 pbx1 openvpn[18354]: newclient1/1vv.65.30:58078 PUSH: Received control message: 'PUSH_REQUEST'
Aug 28 09:11:20 pbx1 openvpn[18354]: newclient1/vv.65.30:58078 SENT CONTROL [newclient1]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
====================
logs from iphone
2014-08-28 11:11:30 LZO-ASYM init swap=0 asym=0
2014-08-28 11:11:30 EVENT: RESOLVE
2014-08-28 11:11:30 Contacting 46.254.255.170:1194 via UDP
2014-08-28 11:11:30 EVENT: WAIT
2014-08-28 11:11:30 Connecting to 46.254.255.170:1194 (46.254.255.170) via UDPv4
2014-08-28 11:11:30 EVENT: CONNECTING
2014-08-28 11:11:30 Tunnel Options:V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client
2014-08-28 11:11:30 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.0.4-140
IV_VER=3.0
IV_PLAT=ios
IV_NCP=1
IV_LZO=1
2014-08-28 11:11:31 VERIFY OK: depth=1
cert. version : 3
serial number : 88:2A:2E:BC:38:ED:49:45
issuer name : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=changeme, 0x29=a, emailAddress=a@a
subject name : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=changeme, 0x29=a, emailAddress=a@a
issued on : 2014-08-24 10:18:46
expires on : 2024-08-21 10:18:46
signed using : RSA+SHA1
RSA key size : 1024 bits
2014-08-28 11:11:31 VERIFY OK: depth=0
cert. version : 3
serial number : 01
issuer name : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=changeme, 0x29=a, emailAddress=a@a
subject name : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=server, 0x29=changeme, emailAddress=mail@host.domain
issued on : 2014-08-24 10:21:15
expires on : 2024-08-21 10:21:15
signed using : RSA+SHA1
RSA key size : 1024 bits
2014-08-28 11:11:31 SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-AES-256-CBC-SHA
2014-08-28 11:11:31 Session is ACTIVE
2014-08-28 11:11:32 EVENT: GET_CONFIG
2014-08-28 11:11:32 Sending PUSH_REQUEST to server...
2014-08-28 11:11:33 OPTIONS:
0 [redirect-gateway]
1 [redirect-gateway] [def1]
2 [dhcp-option] [DNS] [8.8.8.8]
3 [dhcp-option] [DNS] [8.8.4.4]
4 [route] [10.8.0.1]
5 [topology] [net30]
6 [ping] [10]
7 [ping-restart] [120]
8 [ifconfig] [10.8.0.6] [10.8.0.5]
2014-08-28 11:11:33 LZO-ASYM init swap=0 asym=0
2014-08-28 11:11:33 EVENT: ASSIGN_IP
2014-08-28 11:11:33 Connected via tun
2014-08-28 11:11:33 EVENT: CONNECTED @46.254.255.170:1194 (46.254.255.170) via /UDPv4 on tun/10.8.0.6/
2014-08-28 11:11:33 NET Internet:ReachableViaWiFi/-R t----l-
Sent from my iPhone
===================================
with to help me ASAP.
regards
i have openvpn server on centos.
it works fine with win 7 client with openvpn client
but when i get same file with my iphone , i can see that vpn connected , but cant ping anything and cant reach anything ??!!
any help ?
i mean with my win 7 , it work as i want and cant access remote servers , but with iphone with same file it connect , but cant access anything ??!!
================
i will post the config on server & client & my logs
====================
[root@pbx1 ~]# cat /etc/openvpn/server.conf
port 1194 #- port
proto udp #- protocol
dev tun
tun-mtu 1500
mssfix 1450
reneg-sec 0
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status 1194.log
verb 3
===============================================
client
dev tun0
proto udp
remote xxxxx 1194 # - Your server IP and OpenVPN Port
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
persist-key
persist-tun
verb 3
redirect-gateway
#route-nopull
#route 192.168.1.10 255.255.255.255 vpn_gateway
ns-cert-type server
keepalive 10 120
comp-lzo
pull
<ca>
-----BEGIN CERTIFICATE-----
xxxxxx
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
xxxxxx
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
xxxxx
-----END RSA PRIVATE
KEY-----
</key>
==================================
logs on server when iphone connect
Aug 28 09:11:18 pbx1 openvpn[18354]: MULTI: multi_create_instance called
Aug 28 09:11:18 pbx1 openvpn[18354]: 176.58.65.30:58078 Re-using SSL/TLS context
Aug 28 09:11:18 pbx1 openvpn[18354]: 176.58.65.30:58078 LZO compression initialized
Aug 28 09:11:18 pbx1 openvpn[18354]: 176.58.65.30:58078 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Aug 28 09:11:18 pbx1 openvpn[18354]: 176.58.65.30:58078 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Aug 28 09:11:18 pbx1 openvpn[18354]: 176.58.65.30:58078 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Aug 28 09:11:18 pbx1 openvpn[18354]: 176.58.65.30:58078 Local Options hash (VER=V4): '530fdded'
Aug 28 09:11:18 pbx1 openvpn[18354]: 176.58.65.30:58078 Expected Remote Options hash (VER=V4): '41690919'
Aug 28 09:11:18 pbx1 openvpn[18354]: 176.58.65.30:58078 TLS: Initial packet from 176.58.65.30:58078, sid=9b19d55e 1cfc06de
Aug 28 09:11:19 pbx1 openvpn[18354]: 176.58.65.30:58078 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=changeme/CN=changeme/name=a/emailAddress=a@a
Aug 28 09:11:19 pbx1 openvpn[18354]: 176.58.65.30:58078 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=changeme/CN=newclient1/name=changeme/emailAddress=mail@host.domain
Aug 28 09:11:19 pbx1 openvpn[18354]: 176.58.65.30:58078 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=changeme/CN=newclient1/name=changeme/emailAddress=mail@host.domain
Aug 28 09:11:19 pbx1 openvpn[18354]: 176.58.65.30:58078 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Aug 28 09:11:19 pbx1 openvpn[18354]: 176.58.65.30:58078 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Aug 28 09:11:19 pbx1 openvpn[18354]: 176.58.65.30:58078 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Aug 28 09:11:19 pbx1 openvpn[18354]: 176.58.65.30:58078 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Aug 28 09:11:19 pbx1 openvpn[18354]: 176.58.65.30:58078 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Aug 28 09:11:19 pbx1 openvpn[18354]: 176.58.65.30:58078 [newclient1] Peer Connection Initiated with 176.58.65.30:58078
Aug 28 09:11:19 pbx1 openvpn[18354]: newclient1/vv.65.30:58078 MULTI: Learn: 10.8.0.6 -> newclient1/176.58.65.30:58078
Aug 28 09:11:19 pbx1 openvpn[18354]: newclient1/vv.65.30:58078 MULTI: primary virtual IP for newclient1/176.58.65.30:58078: 10.8.0.6
Aug 28 09:11:19 pbx1 openvpn[18354]: newclient1/vv.65.30:58078 MULTI: Learn: 10.8.0.6 -> newclient1/176.58.65.30:58078
Aug 28 09:11:19 pbx1 openvpn[18354]: newclient1/vv.65.30:58078 MULTI: primary virtual IP for newclient1/176.58.65.30:58078: 10.8.0.6
Aug 28 09:11:20 pbx1 openvpn[18354]: newclient1/1vv.65.30:58078 PUSH: Received control message: 'PUSH_REQUEST'
Aug 28 09:11:20 pbx1 openvpn[18354]: newclient1/vv.65.30:58078 SENT CONTROL [newclient1]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
====================
logs from iphone
2014-08-28 11:11:30 LZO-ASYM init swap=0 asym=0
2014-08-28 11:11:30 EVENT: RESOLVE
2014-08-28 11:11:30 Contacting 46.254.255.170:1194 via UDP
2014-08-28 11:11:30 EVENT: WAIT
2014-08-28 11:11:30 Connecting to 46.254.255.170:1194 (46.254.255.170) via UDPv4
2014-08-28 11:11:30 EVENT: CONNECTING
2014-08-28 11:11:30 Tunnel Options:V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client
2014-08-28 11:11:30 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.0.4-140
IV_VER=3.0
IV_PLAT=ios
IV_NCP=1
IV_LZO=1
2014-08-28 11:11:31 VERIFY OK: depth=1
cert. version : 3
serial number : 88:2A:2E:BC:38:ED:49:45
issuer name : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=changeme, 0x29=a, emailAddress=a@a
subject name : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=changeme, 0x29=a, emailAddress=a@a
issued on : 2014-08-24 10:18:46
expires on : 2024-08-21 10:18:46
signed using : RSA+SHA1
RSA key size : 1024 bits
2014-08-28 11:11:31 VERIFY OK: depth=0
cert. version : 3
serial number : 01
issuer name : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=changeme, 0x29=a, emailAddress=a@a
subject name : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=server, 0x29=changeme, emailAddress=mail@host.domain
issued on : 2014-08-24 10:21:15
expires on : 2024-08-21 10:21:15
signed using : RSA+SHA1
RSA key size : 1024 bits
2014-08-28 11:11:31 SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-AES-256-CBC-SHA
2014-08-28 11:11:31 Session is ACTIVE
2014-08-28 11:11:32 EVENT: GET_CONFIG
2014-08-28 11:11:32 Sending PUSH_REQUEST to server...
2014-08-28 11:11:33 OPTIONS:
0 [redirect-gateway]
1 [redirect-gateway] [def1]
2 [dhcp-option] [DNS] [8.8.8.8]
3 [dhcp-option] [DNS] [8.8.4.4]
4 [route] [10.8.0.1]
5 [topology] [net30]
6 [ping] [10]
7 [ping-restart] [120]
8 [ifconfig] [10.8.0.6] [10.8.0.5]
2014-08-28 11:11:33 LZO-ASYM init swap=0 asym=0
2014-08-28 11:11:33 EVENT: ASSIGN_IP
2014-08-28 11:11:33 Connected via tun
2014-08-28 11:11:33 EVENT: CONNECTED @46.254.255.170:1194 (46.254.255.170) via /UDPv4 on tun/10.8.0.6/
2014-08-28 11:11:33 NET Internet:ReachableViaWiFi/-R t----l-
Sent from my iPhone
===================================
with to help me ASAP.
regards