OpenVPN Debain<->iOS problem

[willy87]

Hello,
I tried a lot of configuration founded on web between my debian 8.1 X86 64 vps server and my iphone through OpenVPN Connect app.
I would like to connect and create a VPN between my VPS and my iphone using openVPN!
With payment .ovpn file (privatetunnel provider) I can connect and surf correctly under VPN but i can't with mine home made
I attach my configuration and log!

Could you help me guys?
Thanks!


SERVER
port 1194
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3

CLIENT
client
dev tun
proto tcp
remote 185.115.243.227 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
comp-lzo
verb 3
set CLIENT_CERT 0


LOG
2016-04-26 22:17:21 ----- OpenVPN Start -----
OpenVPN core 3.0 ios armv7s thumb2 32-bit
2016-04-26 22:17:22 UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [persist-key]
7 [persist-tun]
8 [mute-replay-warnings]
11 [verb] [3]
12 [set] [CLIENT_CERT] [0]

2016-04-26 22:17:22 LZO-ASYM init swap=0 asym=0
2016-04-26 22:17:22 EVENT: RESOLVE
2016-04-26 22:17:22 Contacting 185.115.243.227:1194 via TCP
2016-04-26 22:17:22 EVENT: WAIT
2016-04-26 22:17:22 SetTunnelSocket returned 1
2016-04-26 22:17:23 Connecting to 185.115.243.227:1194 (185.115.243.227) via TCPv4
2016-04-26 22:17:23 EVENT: CONNECTING
2016-04-26 22:17:23 Tunnel Options:V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client
2016-04-26 22:17:23 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.0.5-177
IV_VER=3.0
IV_PLAT=ios
IV_NCP=1
IV_LZO=1

2016-04-26 22:17:38 VERIFY OK: depth=1
cert. version : 3
serial number : 93:8D:1A:CD:64:84:97:C9
issuer name : C=NL, ST=AM, L=Amsterdam, O=ServerBabbo, OU=MyOrganizationalUnit, CN=ServerBabbo CA, ??=server, emailAddress=me@myhost.mydomain
subject name : C=NL, ST=AM, L=Amsterdam, O=ServerBabbo, OU=MyOrganizationalUnit, CN=ServerBabbo CA, ??=server, emailAddress=me@myhost.mydomain
issued on : 2016-04-26 17:43:50
expires on : 2026-04-24 17:43:50
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=true

2016-04-26 22:17:38 VERIFY OK: depth=0
cert. version : 3
serial number : 01
issuer name : C=NL, ST=AM, L=Amsterdam, O=ServerBabbo, OU=MyOrganizationalUnit, CN=ServerBabbo CA, ??=server, emailAddress=me@myhost.mydomain
subject name : C=NL, ST=AM, L=Amsterdam, O=ServerBabbo, OU=MyOrganizationalUnit, CN=server, ??=server, emailAddress=me@myhost.mydomain
issued on : 2016-04-26 17:44:12
expires on : 2026-04-24 17:44:12
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=false
subject alt name : server
cert. type : SSL Server
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication

2016-04-26 22:17:47 SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-AES-256-CBC-SHA
2016-04-26 22:17:47 Session is ACTIVE
2016-04-26 22:17:47 EVENT: GET_CONFIG
2016-04-26 22:17:47 Sending PUSH_REQUEST to server...
2016-04-26 22:17:48 Sending PUSH_REQUEST to server...
2016-04-26 22:17:49 OPTIONS:
0 [redirect-gateway] [def1] [bypass-dhcp]
1 [dhcp-option] [DNS] [8.8.8.8]
2 [route] [10.8.0.1]
3 [topology] [net30]
4 [ping] [10]
5 [ping-restart] [120]
6 [ifconfig] [10.8.0.6] [10.8.0.5]

2016-04-26 22:17:49 LZO-ASYM init swap=0 asym=0
2016-04-26 22:17:49 EVENT: ASSIGN_IP
2016-04-26 22:17:49 Connected via tun
2016-04-26 22:17:49 EVENT: CONNECTED @185.115.243.227:1194 (185.115.243.227) via /TCPv4 on tun/10.8.0.6/
2016-04-26 22:17:49 SetStatus Connected
2016-04-26 22:19:50 TUN reset routes
2016-04-26 22:19:50 EVENT: DISCONNECTED
2016-04-26 22:19:50 Raw stats on disconnect:
BYTES_IN : 6601
BYTES_OUT : 10467
PACKETS_IN : 38
PACKETS_OUT : 122
TUN_BYTES_IN : 4124
TUN_PACKETS_IN : 59
2016-04-26 22:19:50 Performance stats on disconnect:
CPU usage (microseconds): 369177
Tunnel compression ratio (downlink): inf
Network bytes per CPU second: 46232
Tunnel bytes per CPU second: 11170
2016-04-26 22:19:50 ----- OpenVPN Stop -----

[Traffic]

This is the official HOWTO:
HOWTO: Routing all client traffic (including web-traffic) through the VPN

As the server is a VPS you need to use the right iptables rule :

Code: Select all

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 12.34.56.78

Change 12.34.56.78 to your VPS public IP address.

If this does not work please post you complete iptables rules.

[willy87]

Thank you for quirck reply.

My IP Table:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- 10.9.8.0/24 anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- 10.9.8.0/24 anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

[willy87]

Yes it workss!!
But now another important issue:
i have server1.conf and server2.conf that are running correctly;
Server2 is linked with client2 (just same configuration of client 1 but under http proxy.
I follow this instruction:

Configure OpenVPN on server side by adding port 443 and proto tcp-server to the configuration file.
Configure OpenVPN on the client side by adding port 443, proto tcp-client and http-proxy 172.27.X.X 8080 to the configuration file.

But as initially I cannot surf: it is connected on VPN correctly but no surfing..

Should I set another rule to iptable?
Like:
"

Code: Select all

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 172.27.X.X

?
(Change 172.27.X.X to your http address)

Can the VPS server has both rules?
"iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 172.27.X.X" and "iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 185.115.243.227" ???

Thanks guys for helping me

[Traffic]

I suggest you start a new thread in this forum.

Please see the Forum rules (top of that page)

[willy87]

Ok really thanks Traffic!!!

[other man]

Hello

Today just started learning OVPN

if you please tell me how to connect the iPhone 5 to the server
if I understood correctly that here you can not put the configuration files
You can send me the file
beta_max@mail.ru
sorry for the English