OpenVPN Connect IOS 9.x routing problem

[winanjaya]

Hello All,

I am facing OpenVPN connect with IOS 9.x ..it connected but routing function not working properly as expected..
this problem only occurs on IOS 9.x .. tried with IOS 8.x working very good.

any body experienced on this?..

please help

thanks & Regards
Win

[Electra]

Hi,

Would like to help, but it seems forbidden, here, to ask config files .ovpn, more than once per day, perhaps. Funny!
The admin notified me, really.

Sometimes, wrong anti spamming process is making an issue even worse )

I configure OpenVPN Connect and connect from IOS9.3.1 with no pub at all.

[winanjaya]

Hi

I able to connect but unable to route thats the problem.

[Electra]

Are you able to connect to VPN service (ex. Hidemyass) and route to I-net?

Could you expose your client .ovpn profile?

If you "show my ip" unconnected, and do the same when connected, are getting same IP, or 2 different?

You can use any free VPN service to evaluate this.

[winanjaya]

I have my own OpenVPN AS server, on IOS 8.x I was able to connect and route to hosts on VPN Net. Now on IOS 9.x I only able to connect but I am unable to route.

I never use Hidemyass and dont have its account.
Please help.
Thanks a lot in advance.

[winanjaya]

Different IP

I able to connect to OpenVPN AS but can't route.
The IP shown was in the range of VPN IPs.

The problem ONLY occurs on IOS9.x neither IOS8.x or lower

[Electra]

Google free VPN service having open VPN
Create a free user account
Setup an .ovpn or get it from this service
Connect to it using iOS 9 with the ovpn from above
Can you reach Internet and surf ok?
Google what's yip or my is or show my ip, pick one and write your ip (thus obtained thru this VPN service)
Now, disconnect, and get your ip the same way
Are these 2 ip's the same or different?

If you get the same ip, you don't route thru OpenVPN tunnel, even if link is established
Probably, the IPv6 machinery built into ios9 is forcing IPv4 traffic outside the tunnel

Please follow precisely this process, with answers, in order to analyze the issue.
Good luck!
Z

[winanjaya]

Hi..
my client.ovpn is below.. to make me sure.. I tried to install OpenVPN Client on IOS 8.x just now, I can confirm.. it works properly ..

# Automatically generated OpenVPN client config file
# Generated on Mon Apr 25 06:17:18 2016 by ovpn.mytest.co.id
# Note: this config file contains inline private keys
# and therefore should be kept confidential!
# Note: this configuration is user-locked to the username below
# OVPN_ACCESS_SERVER_USERNAME=win
# Define the profile name of this particular configuration file
# OVPN_ACCESS_SERVER_PROFILE=win@ovpn.mytest.co.id
# OVPN_ACCESS_SERVER_CLI_PREF_ALLOW_WEB_IMPORT=True
# OVPN_ACCESS_SERVER_CLI_PREF_ENABLE_CONNECT=True
# OVPN_ACCESS_SERVER_CLI_PREF_ENABLE_XD_PROXY=True
# OVPN_ACCESS_SERVER_WSHOST=ovpn.mytest.co.id:4430
# OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_START
# -----BEGIN CERTIFICATE-----
#
#
# -----END CERTIFICATE-----
# OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_STOP
# OVPN_ACCESS_SERVER_IS_OPENVPN_WEB_CA=1
# OVPN_ACCESS_SERVER_ORGANIZATION=OpenVPN Technologies, Inc.
setenv FORWARD_COMPATIBLE 1
client
server-poll-timeout 4
nobind
remote ovpn.mytest.co.id 11940 udp
remote ovpn.mytest.co.id 11940 udp
remote ovpn.mytest.co.id 4430 tcp
remote ovpn.mytest.co.id 11940 udp
remote ovpn.mytest.co.id 11940 udp
remote ovpn.mytest.co.id 11940 udp
remote ovpn.mytest.co.id 11940 udp
remote ovpn.mytest.co.id 11940 udp
dev tun
dev-type tun
ns-cert-type server
reneg-sec 604800
sndbuf 100000
rcvbuf 100000
auth-user-pass
# NOTE: LZO commands are pushed by the Access Server at connect time.
# NOTE: The below line doesn't disable LZO.
comp-lzo no
verb 3
setenv PUSH_PEER_INFO

<ca>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</ca>

<cert>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN PRIVATE KEY-----

-----END PRIVATE KEY-----
</key>

key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key (Server Agent)
#
-----BEGIN OpenVPN Static key V1-----

-----END OpenVPN Static key V1-----
</tls-auth>

## -----BEGIN RSA SIGNATURE-----
## DIGEST:sha256
##
## -----END RSA SIGNATURE-----
## -----BEGIN CERTIFICATE-----
##
## -----END CERTIFICATE-----
## -----BEGIN CERTIFICATE-----
##
## -----END CERTIFICATE-----
# Automatically generated OpenVPN client config file
# Generated on Mon Apr 25 06:17:18 2016 by ovpn.mytest.co.id
# Note: this config file contains inline private keys
# and therefore should be kept confidential!
# Note: this configuration is user-locked to the username below
# OVPN_ACCESS_SERVER_USERNAME=win
# Define the profile name of this particular configuration file
# OVPN_ACCESS_SERVER_PROFILE=win@ovpn.mytest.co.id
# OVPN_ACCESS_SERVER_CLI_PREF_ALLOW_WEB_IMPORT=True
# OVPN_ACCESS_SERVER_CLI_PREF_ENABLE_CONNECT=True
# OVPN_ACCESS_SERVER_CLI_PREF_ENABLE_XD_PROXY=True
# OVPN_ACCESS_SERVER_WSHOST=ovpn.mytest.co.id:4430
# OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_START
# -----BEGIN CERTIFICATE-----
#
#
# -----END CERTIFICATE-----
# OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_STOP
# OVPN_ACCESS_SERVER_IS_OPENVPN_WEB_CA=1
# OVPN_ACCESS_SERVER_ORGANIZATION=OpenVPN Technologies, Inc.
setenv FORWARD_COMPATIBLE 1
client
server-poll-timeout 4
nobind
remote ovpn.mytest.co.id 11940 udp
remote ovpn.mytest.co.id 11940 udp
remote ovpn.mytest.co.id 4430 tcp
remote ovpn.mytest.co.id 11940 udp
remote ovpn.mytest.co.id 11940 udp
remote ovpn.mytest.co.id 11940 udp
remote ovpn.mytest.co.id 11940 udp
remote ovpn.mytest.co.id 11940 udp
dev tun
dev-type tun
ns-cert-type server
reneg-sec 604800
sndbuf 100000
rcvbuf 100000
auth-user-pass
# NOTE: LZO commands are pushed by the Access Server at connect time.
# NOTE: The below line doesn't disable LZO.
comp-lzo no
verb 3
setenv PUSH_PEER_INFO

<ca>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</ca>

<cert>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN PRIVATE KEY-----

-----END PRIVATE KEY-----
</key>

key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key (Server Agent)
#
-----BEGIN OpenVPN Static key V1-----

-----END OpenVPN Static key V1-----
</tls-auth>

## -----BEGIN RSA SIGNATURE-----
## DIGEST:sha256
##
## -----END RSA SIGNATURE-----
## -----BEGIN CERTIFICATE-----
##
## -----END CERTIFICATE-----
## -----BEGIN CERTIFICATE-----
##
## -----END CERTIFICATE-----

[winanjaya]

I put:

redirect-gateway ipv6

into my client.ovpn

but still no luck!

[Electra]

perhaps you should start with simpler elementary config, if i may.
i would use the simplest config to focus on networking/routing and set it ok, for clarity sake.

About routing, you could read these:
http://backreference.org/2009/11/15/openvpn-and-iroute/
https://blog.remibergsma.com/2013/01/13 ... e-routing/
https://community.openvpn.net/openvpn/wiki/RoutedLans

[winanjaya]

Just want to share.

This problem resolved ... Thanks a lot to Johan Draaisma (OpenVPN Support).

He suggests me to add: FAVOR_LZO = 1 to as.conf

Anyway. Thanks to everyone here for helping me.