Failover not working

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
0x3333
OpenVpn Newbie
Posts: 1
Joined: Wed Jun 01, 2022 7:31 pm

Failover not working

Post by 0x3333 » Wed Jun 01, 2022 7:36 pm

I have a profile that in PC failover(2 IPs, same server), works great, if the first IP is offline, it times out and try the next remote, and connect, great.

This same profile doesn't work in iOS, if the first IP is OK, great, it connect, everything works, but if the first IP is offline, it doesn't try the next one.

What should I do?

Thanks.

Code: Select all


2022-06-01 16:28:12 1

2022-06-01 16:28:12 ----- OpenVPN Start -----
OpenVPN core 3.git::58b92569 ios arm64 64-bit

2022-06-01 16:28:12 OpenVPN core 3.git::58b92569 ios arm64 64-bit

2022-06-01 16:28:12 Frame=512/2048/512 mssfix-ctrl=1250

2022-06-01 16:28:12 UNUSED OPTIONS
2 [fast-io] 
6 [nobind] 
7 [persist-key] 
8 [persist-tun] 
9 [explicit-exit-notify] [2] 
11 [verb] [3] 
12 [mute] [10] 
15 [user] [nobody] 
16 [group] [nogroup] 

2022-06-01 16:28:12 EVENT: RESOLVE

2022-06-01 16:28:12 Contacting [000.000.000.000]:1194/UDP via UDP

2022-06-01 16:28:12 EVENT: WAIT

2022-06-01 16:28:12 Connecting to [vpn._x_x_x_x_x_x.com.br]:1194 (000.000.000.000) via UDPv4

2022-06-01 16:28:22 Server poll timeout, trying next remote entry...

2022-06-01 16:28:22 EVENT: RECONNECTING

2022-06-01 16:28:22 EVENT: RESOLVE

2022-06-01 16:28:22 EVENT: CONNECTION_TIMEOUT [ERR]

2022-06-01 16:28:22 Raw stats on disconnect:
  BYTES_OUT : 540
  PACKETS_OUT : 10
  CONNECTION_TIMEOUT : 1
  N_RECONNECT : 1

2022-06-01 16:28:22 Performance stats on disconnect:
  CPU usage (microseconds): 32478
  Network bytes per CPU second: 16626
  Tunnel bytes per CPU second: 0

2022-06-01 16:28:22 EVENT: DISCONNECTED

2022-06-01 16:28:22 Raw stats on disconnect:
  BYTES_OUT : 540
  PACKETS_OUT : 10
  CONNECTION_TIMEOUT : 1
  N_RECONNECT : 1

2022-06-01 16:28:22 Performance stats on disconnect:
  CPU usage (microseconds): 43359
  Network bytes per CPU second: 12454
  Tunnel bytes per CPU second: 0

Code: Select all

client
dev tun
fast-io
proto udp4
remote vpn._x_x_x_x_.com.br 1194
remote vpn2._x_x_x_x_.com.br 1194
nobind
persist-key
persist-tun
explicit-exit-notify 2
compress lzo
verb 3
mute 10
cipher AES-256-CBC
auth SHA256
user nobody
group nogroup
remote-cert-tls server
key-direction 1
<ca>
-----BEGIN CERTIFICATE-----
_X_X_X_X_X_X_X_X_X_
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
_X_X_X_X_X_X_X_X_X_
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
_X_X_X_X_X_X_X_X_X_
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
_X_X_X_X_X_X_X_X_X_
-----END PRIVATE KEY-----
</key>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
_X_X_X_X_X_X_X_X_X_
-----END OpenVPN Static key V1-----
</tls-auth>


User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: Failover not working

Post by openvpn_inc » Fri Jun 10, 2022 5:54 am

Hello 0x3333,

I notice that persist-tun is added to the configuration. This option makes it so that in the event the transport of the packets between VPN client and VPN server is interrupted, the VPN tunnel does not get torn down but instead stays up, so that any packets that normally should be going into the VPN tunnel continue to do so - even though of course they would end up getting dropped. This is done so an interruption in the VPN tunnel doesn't immediately mean packets could leak outside of the VPN tunnel. It might be that, and perhaps also due to some difference in implementation between different clients, that this means the client stays connected to one particular server. I am not sure. But I would suggest removing that line from your profile and also to check in OpenVPN Connect for iOS settings that persist-tun or seamless tunnel is turned off, and try again.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

Post Reply