VPN connects but doesn't route through tunnel
Posted: Wed May 18, 2016 7:13 am
After upgrading to the latest iOS 9.3.2 (on an iphone 6s), my VPN connects and established a route, however traffic is not being tunneled through it any more.
My server config looks like the following:
Any help would be appreciated
Thanks
Edit:
Here are connections logs from my iPhone.
Thanks again
My server config looks like the following:
Code: Select all
mode server
tls-server
multihome
port 8757
proto udp
dev tun
up "/etc/openvpn/scripts/runme.sh"
client-to-client
#client-config-dir /etc/openvpn/ccd-tcp
persist-key
persist-tun
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh2048.pem
tls-auth /etc/openvpn/easy-rsa/2.0/keys/ta.key 0
cipher AES-128-CBC
auth SHA256
comp-lzo
server 10.9.0.0 255.255.255.0
push "topology subnet"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
max-clients 40
#crl-verify /etc/openvpn/easy-rsa/2.0/keys/crl.pem
user nobody
group nogroup
keepalive 10 120
status /etc/openvpn/log/faster-status.log
log /etc/openvpn/log/faster.log
verb 4
mute 20
Code: Select all
remote xxxxx 8757 udp-client
pull
tls-client
ns-cert-type server
tls-auth ta.key 1
persist-key
ca ca.crt
redirect-gateway def1
nobind
cert cert.crt
comp-lzo adaptive
dev tun
key key.key
cipher AES-128-CBC
auth SHA256
resolv-retry infinite
route-delay 5
verb 4
Thanks
Edit:
Here are connections logs from my iPhone.
Thanks again
Code: Select all
l Signature, Key Encipherment
ext key usage : TLS Web Server Authentication
2016-05-18 09:57:29 SSL Handshake: TLSv1.2/TLS-DHE-RSA-WITH-AES-256-CBC-SHA
2016-05-18 09:57:29 Session is ACTIVE
2016-05-18 09:57:29 EVENT: GET_CONFIG
2016-05-18 09:57:29 Sending PUSH_REQUEST to server...
2016-05-18 09:57:29 OS Event: SLEEP
2016-05-18 09:57:29 EVENT: PAUSE
2016-05-18 09:59:51 OS Event: WAKEUP
2016-05-18 09:59:54 RESUME TEST: Internet:ReachableViaWWAN/WR t------ WiFi:NotReachable/WR t------
2016-05-18 09:59:54 EVENT: RESUME
2016-05-18 09:59:54 EVENT: RECONNECTING
2016-05-18 09:59:54 LZO-ASYM init swap=0 asym=0
2016-05-18 09:59:54 Contacting [xxxxxx]:8757 via UDP
2016-05-18 09:59:54 EVENT: WAIT
2016-05-18 09:59:54 SetTunnelSocket returned 1
2016-05-18 09:59:54 Transport Error: UDP connect error on 'xxxxxx:8757' ([xxxxxx]:8757): No route to host
2016-05-18 09:59:54 Client terminated, restarting in 2...
2016-05-18 09:59:56 EVENT: RECONNECTING
2016-05-18 09:59:56 LZO-ASYM init swap=0 asym=0
2016-05-18 09:59:56 Contacting xxxxxx:8757 via UDP
2016-05-18 09:59:56 EVENT: WAIT
2016-05-18 09:59:56 SetTunnelSocket returned 1
2016-05-18 09:59:56 Connecting to xxxxxx:8757 (xxxxxx) via UDPv4
2016-05-18 09:59:56 EVENT: CONNECTING
2016-05-18 09:59:56 Tunnel Options:V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client
2016-05-18 09:59:56 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.0.5-177
IV_VER=3.0
IV_PLAT=ios
IV_NCP=1
IV_LZO=1
2016-05-18 09:59:56 VERIFY OK: depth=1
cert. version : 3
serial number : CB:CB:6F:A4:D1:5D:C2:F2
issuer name : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, CN=Fort-Funston CA, emailAddress=me@myhost.mydomain
subject name : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, CN=Fort-Funston CA, emailAddress=me@myhost.mydomain
issued on : 2014-04-05 06:18:53
expires on : 2024-04-02 06:18:53
signed using : RSA with SHA1
RSA key size : 2048 bits
basic constraints : CA=true
2016-05-18 09:59:56 VERIFY OK: depth=0
cert. version : 3
serial number : 01
issuer name : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, CN=Fort-Funston CA, emailAddress=me@myhost.mydomain
subject name : C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, CN=server, emailAddress=me@myhost.mydomain
issued on : 2014-04-05 06:25:50
expires on : 2024-04-02 06:25:50
signed using : RSA with SHA1
RSA key size : 2048 bits
basic constraints : CA=false
cert. type : SSL Server
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication
2016-05-18 09:59:58 SSL Handshake: TLSv1.2/TLS-DHE-RSA-WITH-AES-256-CBC-SHA
2016-05-18 09:59:58 Session is ACTIVE
2016-05-18 09:59:58 EVENT: GET_CONFIG
2016-05-18 09:59:58 Sending PUSH_REQUEST to server...
2016-05-18 09:59:58 OPTIONS:
0 [redirect-gateway] [def1]
1 [topology] [subnet]
2 [dhcp-option] [DNS] [8.8.8.8]
3 [dhcp-option] [DNS] [8.8.4.4]
4 [route] [10.9.0.0] [255.255.255.0]
5 [topology] [net30]
6 [ping] [10]
7 [ping-restart] [120]
8 [ifconfig] [10.9.0.6] [10.9.0.5]
2016-05-18 09:59:58 LZO-ASYM init swap=0 asym=0
2016-05-18 09:59:58 EVENT: ASSIGN_IP
2016-05-18 09:59:58 TunPersist: saving tun context:
Session Name: xxxxxx
Remote Address: xxxxxx
Tunnel Addresses:
10.9.0.6/30 -> 10.9.0.5 [net30]
Reroute Gateway: IPv4=1 IPv6=0 flags=[ ENABLE REROUTE_GW DEF1 IPv4 ]
Block IPv6: no
Add Routes:
Exclude Routes:
xxxxxx/128 [IPv6]
DNS Servers:
8.8.8.8
8.8.4.4
Search Domains:
2016-05-18 09:59:58 Connected via tun
2016-05-18 09:59:58 EVENT: CONNECTED @xxxxxx:8757 (xxxxxx) via /UDPv4 on tun/10.9.0.6/
2016-05-18 09:59:58 SetStatus Connected
2016-05-18 10:00:00 OS Event: SLEEP
2016-05-18 10:00:00 EVENT: PAUSE
2016-05-18 10:00:22 OS Event: WAKEUP
2016-05-18 10:00:25 RESUME TEST: Internet:ReachableViaWWAN/WR t------ WiFi:NotReachable/WR t------
2016-05-18 10:00:25 EVENT: RESUME
2016-05-18 10:00:25 EVENT: RECONNECTING
2016-05-18 10:00:25 LZO-ASYM init swap=0 asym=0
2016-05-18 10:00:25 Contacting xxxxxx:8757 via UDP
2016-05-18 10:00:25 EVENT: WAIT
2016-05-18 10:00:25 SetTunnelSocket returned 1
2016-05-18 10:00:25 Connecting to xxxxxx:8757 (xxxxxx) via UDPv4
2016-05-18 10:00:26 EVENT: CONNECTING
2016-05-18 10:00:26 Tunnel Options:V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client
2016-05-18 10:00:26 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.0.5-177
IV_VER=3.0
IV_PLAT=ios
IV_NCP=1
IV_LZO=1