3.3.2 Broke connection ios15 and 16

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
dmgadmin
OpenVpn Newbie
Posts: 6
Joined: Thu Jun 03, 2021 6:19 pm

3.3.2 Broke connection ios15 and 16

Post by dmgadmin » Wed Sep 07, 2022 1:35 am

This was working a few weeks ago, confirmed it was still working on a phone that had not gotten the app update

It looks like I cannot even add this profile now because of the "*." of the address so i tried "1." based on something else i read, and tried without which is what works on macOS.

Any thoughts? It does not even produce a log when trying to turn it on, it just does nothing

Code: Select all

client
dev tun
proto udp
remote *.cvpn-endpoint-000000.prod.clientvpn.us-west-1.amazonaws.com 443
remote-random-hostname
resolv-retry infinite
nobind
remote-cert-tls server
cipher AES-256-GCM
verb 3
<ca>
-----BEGIN CERTIFICATE-----
XX
-----END CERTIFICATE-----

</ca>
auth-user-pass

reneg-sec 0
static-challenge "Enter 2Step code " 1

flezama
OpenVpn Newbie
Posts: 1
Joined: Wed Sep 14, 2022 9:46 pm

Re: 3.3.2 Broke connection ios15 and 16

Post by flezama » Wed Sep 14, 2022 9:47 pm

Hi dmgadmin!

Sir, did you ever resolve this issue? I'm experiencing the same issue with iPhone updating to 3.3.2 version...

Thank you!

User avatar
ordex
OpenVPN Inc.
Posts: 444
Joined: Wed Dec 28, 2016 2:32 am
Location: IRC #openvpn-devel @ libera.chat

Re: 3.3.2 Broke connection ios15 and 16

Post by ordex » Thu Sep 15, 2022 12:09 pm

Hi, normally it is not required to prepend the "*." part to the remote address. "remote-random-hostname" will take care of that for you.
Can you try removing the "*." and try again?

Also, is this a profile you got from OpenVPN Cloud?

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1332
Joined: Tue Feb 16, 2021 10:41 am

Re: 3.3.2 Broke connection ios15 and 16

Post by openvpn_inc » Thu Sep 15, 2022 5:14 pm

Hello ordex,

Just pitching in - this is not an OpenVPN Cloud profile since the one in this thread connects to some amazonaws.com URL which is not what OpenVPN Cloud uses. OpenVPN Cloud connects to (something).openvpn.com.

dmgadmin, flezama, if you have a profile with verify-x509-name in it, check what kind of quotes are being used, as I've seen issues with using single quotes in this directive.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

dmgadmin
OpenVpn Newbie
Posts: 6
Joined: Thu Jun 03, 2021 6:19 pm

Re: 3.3.2 Broke connection ios15 and 16

Post by dmgadmin » Fri Sep 23, 2022 2:45 pm

still have not solved yet.

Will try without the *. however this was the only way it would work previously.

I posted my whole profile minus the cert. - Which quotes would i be looking at?

Thanks for the help!

Update: Tried no *. allows the profile to be added. The issue then is after entering the 2step code, it just does nothing, no spinning, no log. just no connection.

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1332
Joined: Tue Feb 16, 2021 10:41 am

Re: 3.3.2 Broke connection ios15 and 16

Post by openvpn_inc » Fri Sep 23, 2022 2:51 pm

Hello dmgadmin,

If this was all the directives in your profile then my comment is irrelevant to your situation.

However I do notice that you're using a profile that does server verification using certificate (in the <ca></ca> block) but does not use a client profile (there's no <cert></cert> block). If that's the case you may need to add this in to account for this;
setenv CLIENT_CERT 0

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

dmgadmin
OpenVpn Newbie
Posts: 6
Joined: Thu Jun 03, 2021 6:19 pm

Re: 3.3.2 Broke connection ios15 and 16

Post by dmgadmin » Mon Nov 28, 2022 6:30 pm

I had some luck... adding in "setenv CLIENT_CERT 0" to my profile with no other changes, allows it to TRY To connect. But now i am receiving a DNS error. Which honestly is great, because before there were no longs.

Transport Error: DNS resolve on 'cvpn-endpoint-000000.prod.clientvpn.us-west-1.amazonaws.com" for UDP session: Host not found (authoritative)

dmgadmin
OpenVpn Newbie
Posts: 6
Joined: Thu Jun 03, 2021 6:19 pm

Re: 3.3.2 Broke connection ios15 and 16

Post by dmgadmin » Mon Nov 28, 2022 7:03 pm

--remote-random-hostname
Prepend a random string (6 bytes, 12 hex characters) to hostname to prevent DNS caching. For example, "foo.bar.gov" would be modified to "<random-chars>.foo.bar.gov".


This does not work.

"FIXED" the problem

By adding the "setenv CLIENT_CERT 0" to my profile I got the DNS Error, from there i manually set my remote address with a prepended string. Then i removed remote-random-hostname because it does not matter at that point.

Code: Select all

client
dev tun
proto udp
remote iostest.cvpn-endpoint-000000.prod.clientvpn.us-west-1.amazonaws.com 443
resolv-retry infinite
nobind
remote-cert-tls server
cipher AES-256-GCM
verb 3
setenv CLIENT_CERT 0
<ca>
-----BEGIN CERTIFICATE-----
XX
-----END CERTIFICATE-----

</ca>
auth-user-pass

reneg-sec 0
static-challenge "Enter 2Step code " 1

Post Reply