iOS client 3.3.2 (5086) issue
Posted: Mon Sep 19, 2022 4:04 pm
Server:
Client:
iPhone 8, IOS 15.5. After upgrading client from 3.2.3 (3760) to latest 3.3.2 (5086) I've got an error on client side:
Client config:
Server config has these parameters:
What's the problem?
I will be glad for any help! There are many clients, only some of them have been updated and got a problem. I'm afraid there may be more such cases in the near future. It is not possible to roll back the application to a previous version.
Regard,
Denis.
Code: Select all
-> # uname -a
OpenBSD openvpn1 7.0 GENERIC.MP#232 amd64
-> # openvpn --version
OpenVPN 2.5.3 x86_64-unknown-openbsd7.0 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 26 2021
library versions: LibreSSL 3.4.1, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_gtk_doc=no enable_iproute2=no enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=no enable_plugin_auth_pam=no enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=no enable_werror=no enable_win32_dll=yes enable_x509_alt_username=no with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=no with_mem_check=no with_sysroot=no
iPhone 8, IOS 15.5. After upgrading client from 3.2.3 (3760) to latest 3.3.2 (5086) I've got an error on client side:
Code: Select all
[Sep 19, 2022, 13:29:04] START CONNECTION
[Sep 19, 2022, 13:29:04] ----- OpenVPN Start -----
OpenVPN core 3.git::081bfebe ios arm64 64-bit
[Sep 19, 2022, 13:29:04] OpenVPN core 3.git::081bfebe ios arm64 64-bit
[Sep 19, 2022, 13:29:04] Frame=512/2048/512 mssfix-ctrl=1250
[Sep 19, 2022, 13:29:04] EVENT: CORE_THREAD_ERROR PKey::parse_pem: error in private key:: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt / error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error / error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe ... [ERR]
[Sep 19, 2022, 13:29:05] EVENT: CORE_THREAD_DONE
[Sep 19, 2022, 13:29:05] EVENT: DISCONNECT_PENDING
[Sep 19, 2022, 13:29:05] Raw stats on disconnect:
[Sep 19, 2022, 13:29:05] Performance stats on disconnect:
CPU usage (microseconds): 39064
Network bytes per CPU second: 0
Tunnel bytes per CPU second: 0
Code: Select all
client
dev tun
proto udp4
remote X.X.X.X 1234
remote Y.Y.Y.Y 1234
remote-random
nobind
resolv-retry infinite
data-ciphers AES-128-GCM
auth SHA256
remote-cert-tls server
persist-key
persist-tun
verb 3
...
Code: Select all
auth SHA256
data-ciphers AES-128-GCM
data-ciphers-fallback AES-128-CBC
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
I will be glad for any help! There are many clients, only some of them have been updated and got a problem. I'm afraid there may be more such cases in the near future. It is not possible to roll back the application to a previous version.
Regard,
Denis.