VPN connects but doesn't route through tunnel

[cudiaco]

After upgrading to the latest iOS 9.3.2 (on an iphone 6s), my VPN connects and established a route, however traffic is not being tunneled through it any more.

My server config looks like the following:

Code: Select all

mode server
tls-server

multihome
port 8757
proto udp

dev tun
up "/etc/openvpn/scripts/runme.sh"

client-to-client
#client-config-dir /etc/openvpn/ccd-tcp

persist-key
persist-tun

ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh2048.pem
tls-auth /etc/openvpn/easy-rsa/2.0/keys/ta.key 0

cipher AES-128-CBC
auth SHA256
comp-lzo

server 10.9.0.0 255.255.255.0

push "topology subnet"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

max-clients 40

#crl-verify /etc/openvpn/easy-rsa/2.0/keys/crl.pem

user nobody
group nogroup
keepalive 10 120
status /etc/openvpn/log/faster-status.log
log /etc/openvpn/log/faster.log
verb 4
mute 20

Code: Select all

remote xxxxx 8757 udp-client
pull
tls-client
ns-cert-type server
tls-auth ta.key 1
persist-key
ca ca.crt
redirect-gateway def1
nobind
cert cert.crt
comp-lzo adaptive
dev tun
key key.key
cipher AES-128-CBC
auth SHA256
resolv-retry infinite
route-delay 5
verb 4

Any help would be appreciated

Thanks

Edit:

Here are connections logs from my iPhone.

Thanks again

Code: Select all

l Signature, Key Encipherment
ext key usage    : TLS Web Server Authentication

2016-05-18 09:57:29 SSL Handshake: TLSv1.2/TLS-DHE-RSA-WITH-AES-256-CBC-SHA
2016-05-18 09:57:29 Session is ACTIVE
2016-05-18 09:57:29 EVENT: GET_CONFIG
2016-05-18 09:57:29 Sending PUSH_REQUEST to server...
2016-05-18 09:57:29 OS Event: SLEEP
2016-05-18 09:57:29 EVENT: PAUSE
2016-05-18 09:59:51 OS Event: WAKEUP
2016-05-18 09:59:54 RESUME TEST: Internet:ReachableViaWWAN/WR t------ WiFi:NotReachable/WR t------
2016-05-18 09:59:54 EVENT: RESUME
2016-05-18 09:59:54 EVENT: RECONNECTING
2016-05-18 09:59:54 LZO-ASYM init swap=0 asym=0
2016-05-18 09:59:54 Contacting [xxxxxx]:8757 via UDP
2016-05-18 09:59:54 EVENT: WAIT
2016-05-18 09:59:54 SetTunnelSocket returned 1
2016-05-18 09:59:54 Transport Error: UDP connect error on 'xxxxxx:8757' ([xxxxxx]:8757): No route to host
2016-05-18 09:59:54 Client terminated, restarting in 2...
2016-05-18 09:59:56 EVENT: RECONNECTING
2016-05-18 09:59:56 LZO-ASYM init swap=0 asym=0
2016-05-18 09:59:56 Contacting xxxxxx:8757 via UDP
2016-05-18 09:59:56 EVENT: WAIT
2016-05-18 09:59:56 SetTunnelSocket returned 1
2016-05-18 09:59:56 Connecting to xxxxxx:8757 (xxxxxx) via UDPv4
2016-05-18 09:59:56 EVENT: CONNECTING
2016-05-18 09:59:56 Tunnel Options:V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client
2016-05-18 09:59:56 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.0.5-177
IV_VER=3.0
IV_PLAT=ios
IV_NCP=1
IV_LZO=1

2016-05-18 09:59:56 VERIFY OK: depth=1
cert. version    : 3
serial number    : CB:CB:6F:A4:D1:5D:C2:F2
issuer name      : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, CN=Fort-Funston CA, emailAddress=me@myhost.mydomain
subject name      : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, CN=Fort-Funston CA, emailAddress=me@myhost.mydomain
issued  on        : 2014-04-05 06:18:53
expires on        : 2024-04-02 06:18:53
signed using      : RSA with SHA1
RSA key size      : 2048 bits
basic constraints : CA=true

2016-05-18 09:59:56 VERIFY OK: depth=0
cert. version    : 3
serial number    : 01
issuer name      : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, CN=Fort-Funston CA, emailAddress=me@myhost.mydomain
subject name      : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, CN=server, emailAddress=me@myhost.mydomain
issued  on        : 2014-04-05 06:25:50
expires on        : 2024-04-02 06:25:50
signed using      : RSA with SHA1
RSA key size      : 2048 bits
basic constraints : CA=false
cert. type        : SSL Server
key usage        : Digital Signature, Key Encipherment
ext key usage    : TLS Web Server Authentication

2016-05-18 09:59:58 SSL Handshake: TLSv1.2/TLS-DHE-RSA-WITH-AES-256-CBC-SHA
2016-05-18 09:59:58 Session is ACTIVE
2016-05-18 09:59:58 EVENT: GET_CONFIG
2016-05-18 09:59:58 Sending PUSH_REQUEST to server...
2016-05-18 09:59:58 OPTIONS:
0 [redirect-gateway] [def1]
1 [topology] [subnet]
2 [dhcp-option] [DNS] [8.8.8.8]
3 [dhcp-option] [DNS] [8.8.4.4]
4 [route] [10.9.0.0] [255.255.255.0]
5 [topology] [net30]
6 [ping] [10]
7 [ping-restart] [120]
8 [ifconfig] [10.9.0.6] [10.9.0.5]

2016-05-18 09:59:58 LZO-ASYM init swap=0 asym=0
2016-05-18 09:59:58 EVENT: ASSIGN_IP
2016-05-18 09:59:58 TunPersist: saving tun context:
Session Name: xxxxxx
Remote Address: xxxxxx
Tunnel Addresses:
  10.9.0.6/30 -> 10.9.0.5 [net30]
Reroute Gateway: IPv4=1 IPv6=0 flags=[ ENABLE REROUTE_GW DEF1 IPv4 ]
Block IPv6: no
Add Routes:
Exclude Routes:
  xxxxxx/128 [IPv6]
DNS Servers:
  8.8.8.8
  8.8.4.4
Search Domains:

2016-05-18 09:59:58 Connected via tun
2016-05-18 09:59:58 EVENT: CONNECTED @xxxxxx:8757 (xxxxxx) via /UDPv4 on tun/10.9.0.6/
2016-05-18 09:59:58 SetStatus Connected
2016-05-18 10:00:00 OS Event: SLEEP
2016-05-18 10:00:00 EVENT: PAUSE
2016-05-18 10:00:22 OS Event: WAKEUP
2016-05-18 10:00:25 RESUME TEST: Internet:ReachableViaWWAN/WR t------ WiFi:NotReachable/WR t------
2016-05-18 10:00:25 EVENT: RESUME
2016-05-18 10:00:25 EVENT: RECONNECTING
2016-05-18 10:00:25 LZO-ASYM init swap=0 asym=0
2016-05-18 10:00:25 Contacting xxxxxx:8757 via UDP
2016-05-18 10:00:25 EVENT: WAIT
2016-05-18 10:00:25 SetTunnelSocket returned 1
2016-05-18 10:00:25 Connecting to xxxxxx:8757 (xxxxxx) via UDPv4
2016-05-18 10:00:26 EVENT: CONNECTING
2016-05-18 10:00:26 Tunnel Options:V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client
2016-05-18 10:00:26 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.0.5-177
IV_VER=3.0
IV_PLAT=ios
IV_NCP=1
IV_LZO=1

[cudiaco]

Issue seems to have solved itself oddly enough. :-/