Page 1 of 1
3.3.2 Broke connection ios15 and 16
Posted: Wed Sep 07, 2022 1:35 am
by dmgadmin
This was working a few weeks ago, confirmed it was still working on a phone that had not gotten the app update
It looks like I cannot even add this profile now because of the "*." of the address so i tried "1." based on something else i read, and tried without which is what works on macOS.
Any thoughts? It does not even produce a log when trying to turn it on, it just does nothing
Code: Select all
client
dev tun
proto udp
remote *.cvpn-endpoint-000000.prod.clientvpn.us-west-1.amazonaws.com 443
remote-random-hostname
resolv-retry infinite
nobind
remote-cert-tls server
cipher AES-256-GCM
verb 3
<ca>
-----BEGIN CERTIFICATE-----
XX
-----END CERTIFICATE-----
</ca>
auth-user-pass
reneg-sec 0
static-challenge "Enter 2Step code " 1
Re: 3.3.2 Broke connection ios15 and 16
Posted: Wed Sep 14, 2022 9:47 pm
by flezama
Hi dmgadmin!
Sir, did you ever resolve this issue? I'm experiencing the same issue with iPhone updating to 3.3.2 version...
Thank you!
Re: 3.3.2 Broke connection ios15 and 16
Posted: Thu Sep 15, 2022 12:09 pm
by ordex
Hi, normally it is not required to prepend the "*." part to the remote address. "remote-random-hostname" will take care of that for you.
Can you try removing the "*." and try again?
Also, is this a profile you got from OpenVPN Cloud?
Re: 3.3.2 Broke connection ios15 and 16
Posted: Thu Sep 15, 2022 5:14 pm
by openvpn_inc
Hello ordex,
Just pitching in - this is not an OpenVPN Cloud profile since the one in this thread connects to some amazonaws.com URL which is not what OpenVPN Cloud uses. OpenVPN Cloud connects to (something).openvpn.com.
dmgadmin, flezama, if you have a profile with verify-x509-name in it, check what kind of quotes are being used, as I've seen issues with using single quotes in this directive.
Kind regards,
Johan
Re: 3.3.2 Broke connection ios15 and 16
Posted: Fri Sep 23, 2022 2:45 pm
by dmgadmin
still have not solved yet.
Will try without the *. however this was the only way it would work previously.
I posted my whole profile minus the cert. - Which quotes would i be looking at?
Thanks for the help!
Update: Tried no *. allows the profile to be added. The issue then is after entering the 2step code, it just does nothing, no spinning, no log. just no connection.
Re: 3.3.2 Broke connection ios15 and 16
Posted: Fri Sep 23, 2022 2:51 pm
by openvpn_inc
Hello dmgadmin,
If this was all the directives in your profile then my comment is irrelevant to your situation.
However I do notice that you're using a profile that does server verification using certificate (in the <ca></ca> block) but does not use a client profile (there's no <cert></cert> block). If that's the case you may need to add this in to account for this;
setenv CLIENT_CERT 0
Kind regards,
Johan
Re: 3.3.2 Broke connection ios15 and 16
Posted: Mon Nov 28, 2022 6:30 pm
by dmgadmin
I had some luck... adding in "setenv CLIENT_CERT 0" to my profile with no other changes, allows it to TRY To connect. But now i am receiving a DNS error. Which honestly is great, because before there were no longs.
Transport Error: DNS resolve on 'cvpn-endpoint-000000.prod.clientvpn.us-west-1.amazonaws.com" for UDP session: Host not found (authoritative)
Re: 3.3.2 Broke connection ios15 and 16
Posted: Mon Nov 28, 2022 7:03 pm
by dmgadmin
--remote-random-hostname
Prepend a random string (6 bytes, 12 hex characters) to hostname to prevent DNS caching. For example, "foo.bar.gov" would be modified to "<random-chars>.foo.bar.gov".
This does not work.
"FIXED" the problem
By adding the "setenv CLIENT_CERT 0" to my profile I got the DNS Error, from there i manually set my remote address with a prepended string. Then i removed remote-random-hostname because it does not matter at that point.
Code: Select all
client
dev tun
proto udp
remote iostest.cvpn-endpoint-000000.prod.clientvpn.us-west-1.amazonaws.com 443
resolv-retry infinite
nobind
remote-cert-tls server
cipher AES-256-GCM
verb 3
setenv CLIENT_CERT 0
<ca>
-----BEGIN CERTIFICATE-----
XX
-----END CERTIFICATE-----
</ca>
auth-user-pass
reneg-sec 0
static-challenge "Enter 2Step code " 1