Cannot connect to VPN on v3.3.2 / finding the way to downgrade back to v3.2.3 again

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
victor23
OpenVpn Newbie
Posts: 5
Joined: Sat Nov 12, 2022 6:49 am

Cannot connect to VPN on v3.3.2 / finding the way to downgrade back to v3.2.3 again

Post by victor23 » Sat Nov 12, 2022 7:11 am

Hi All,

Since the update to v3.3.2 I cannot connect to the company VPN. After entering an OTP the dialogue screen disappear for a couple of seconds and then asks for OTP again in an infinite loop. Everything works fine with v3.2.3, I used to use the downgraded version from TestFlight but it appears that it was removed from TestFlight and is not available anymore :?

OVPN profile (sensitive info removed)

Code: Select all

client
dev tun
proto udp
remote vpn.YYY.com 1194
resolv-retry infinite
nobind
user nobody
group nobody
user nobody
group nobody
persist-key
persist-tun
cipher AES-256-CBC
verb 3
auth-user-pass
auth-retry interact
auth-nocache
reneg-sec 0

<ca>
-----BEGIN CERTIFICATE-----
MIIDMjCCA.......
-----END CERTIFICATE-----
</ca>
Connection log (sensitive info removed)

Code: Select all

[Nov 12, 2022, 09:47:43] Session is ACTIVE

[Nov 12, 2022, 09:47:43] EVENT: GET_CONFIG

[Nov 12, 2022, 09:47:43] Sending PUSH_REQUEST to server...

[Nov 12, 2022, 09:47:43] AUTH_FAILED

[Nov 12, 2022, 09:47:43] EVENT: DYNAMIC_CHALLENGE CRV1:R,E:CUZBjB7CZqlb5Fxsi:XXX:Enter your TOKEN password [ERR]

[Nov 12, 2022, 09:47:43] EVENT: DISCONNECTED

[Nov 12, 2022, 09:47:43] EVENT: CORE_THREAD_DONE

[Nov 12, 2022, 09:47:43] EVENT: DISCONNECT_PENDING

[Nov 12, 2022, 09:47:43] Raw stats on disconnect:
  BYTES_IN : 2648
  BYTES_OUT : 1134
  PACKETS_IN : 8
  PACKETS_OUT : 7


[Nov 12, 2022, 09:47:43] Performance stats on disconnect:
  CPU usage (microseconds): 65135
  Network bytes per CPU second: 58064
  Tunnel bytes per CPU second: 0

[Nov 12, 2022, 09:47:47] START CONNECTION

[Nov 12, 2022, 09:47:47] ----- OpenVPN Start -----
OpenVPN core 3.git::081bfebe ios arm64 64-bit

[Nov 12, 2022, 09:47:47] OpenVPN core 3.git::081bfebe ios arm64 64-bit

[Nov 12, 2022, 09:47:47] Frame=512/2048/512 mssfix-ctrl=1250

[Nov 12, 2022, 09:47:47] UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [user] [nobody]
7 [group] [nobody]
8 [user] [nobody]
9 [group] [nobody]
10 [persist-key]
11 [persist-tun]
13 [verb] [3]
15 [auth-retry] [interact]
16 [auth-nocache]

[Nov 12, 2022, 09:47:47] EVENT: RESOLVE

[Nov 12, 2022, 09:47:47] Contacting 152.67.134.24:1194 via UDP

[Nov 12, 2022, 09:47:47] EVENT: WAIT

[Nov 12, 2022, 09:47:47] Connecting to [vpn.YYY.com]:1194 (XXX.XX.XXX.XX) via UDPv4

[Nov 12, 2022, 09:47:49] EVENT: CONNECTING

[Nov 12, 2022, 09:47:49] Tunnel Options:V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client

[Nov 12, 2022, 09:47:49] Creds: Username/Password

[Nov 12, 2022, 09:47:49] Peer Info:
IV_VER=3.git::081bfebe
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
IV_GUI_VER=net.openvpn.connect.ios_3.3.2-5086
IV_SSO=webauth,openurl,crtext


[Nov 12, 2022, 09:47:49] VERIFY OK: depth=1, /CN=WebADM CA #20034/O=DNA, signature: RSA-SHA256

[Nov 12, 2022, 09:47:49] VERIFY OK: depth=0, /CN=Ifg1vpn.YYY.local/description=SERVER, signature: RSA-SHA256

[Nov 12, 2022, 09:47:50] SSL Handshake: peer certificate: CN=Ifg1vpn.YYY.local, 2048 bit RSA, cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD


[Nov 12, 2022, 09:47:50] Session is ACTIVE

[Nov 12, 2022, 09:47:50] EVENT: GET_CONFIG

[Nov 12, 2022, 09:47:50] Sending PUSH_REQUEST to server...

[Nov 12, 2022, 09:47:50] AUTH_FAILED

[Nov 12, 2022, 09:47:50] EVENT: DYNAMIC_CHALLENGE CRV1:R,E:C1Nsn9R16hV25AbPI:XXX:Enter your TOKEN password [ERR]

[Nov 12, 2022, 09:47:50] EVENT: DISCONNECTED

[Nov 12, 2022, 09:47:50] EVENT: CORE_THREAD_DONE

[Nov 12, 2022, 09:47:50] EVENT: DISCONNECT_PENDING

[Nov 12, 2022, 09:47:50] Raw stats on disconnect:
  BYTES_IN : 2648
  BYTES_OUT : 1172
  PACKETS_IN : 8
  PACKETS_OUT : 10


[Nov 12, 2022, 09:47:50] Performance stats on disconnect:
  CPU usage (microseconds): 42974
  Network bytes per CPU second: 88890
  Tunnel bytes per CPU second: 0
Please any advice? Or how I can get v3.2.3 back please?
I have a critical situation where I cannot go out without a PC due to the nature of work and responsibilities to have 24/7 access to the VPN :(

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1332
Joined: Tue Feb 16, 2021 10:41 am

Re: Cannot connect to VPN on v3.3.2 / finding the way to downgrade back to v3.2.3 again

Post by openvpn_inc » Sat Nov 12, 2022 9:00 pm

Hello Victor23.

+ On this page you can find the version and build numbers:

https://openvpn.net/client-connect-vpn-for-mac-os/

+ Then just replace them in the URL for downloading the version:

Example for 3.2.7-3220

https://swupdate.openvpn.net/downloads/ ... signed.dmg

Regards,
Marcel
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

victor23
OpenVpn Newbie
Posts: 5
Joined: Sat Nov 12, 2022 6:49 am

Re: Cannot connect to VPN on v3.3.2 / finding the way to downgrade back to v3.2.3 again

Post by victor23 » Sun Nov 13, 2022 12:48 pm

Hello Marcel,

Thanks for your reply. Apologies if I was not clear enough, I am looking a way for iOS (not MacOS), the version 3.2.3 in the TestFlight for iOS is not existing anymore…

Regards,
Victor

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1332
Joined: Tue Feb 16, 2021 10:41 am

Re: Cannot connect to VPN on v3.3.2 / finding the way to downgrade back to v3.2.3 again

Post by openvpn_inc » Sun Nov 13, 2022 2:18 pm

Hello Victor,

Every release of Connect we make we test with all sorts of ways of using MFA before making a release. The only thing out of the ordinary I can identify right now however is that you've added auth-retry interact to the profile, presumably to cater to Linux clients. Can you try removing that line from the profile and then loading that into your OpenVPN Connect client?

I don't have a way for you to roll back to an older client on iOS, sorry. But I'm pretty sure that if the cause of the issue is found and solved, you can use OpenVPN normally on iOS. And there is something out of the ordinary going on here for sure.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

victor23
OpenVpn Newbie
Posts: 5
Joined: Sat Nov 12, 2022 6:49 am

Re: Cannot connect to VPN on v3.3.2 / finding the way to downgrade back to v3.2.3 again

Post by victor23 » Tue Nov 15, 2022 6:28 pm

Hello Johan,

Thanks for your assistance, much appreciated.
I have tried to remove the "auth-retry interact" line and unfortunately, it does not help...

Regards,
Victor

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1332
Joined: Tue Feb 16, 2021 10:41 am

Re: Cannot connect to VPN on v3.3.2 / finding the way to downgrade back to v3.2.3 again

Post by openvpn_inc » Tue Nov 15, 2022 9:36 pm

Hello victor23,

Sorry to hear that. Can you give us information about this server, so that we can try to reproduce the problem?

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

victor23
OpenVpn Newbie
Posts: 5
Joined: Sat Nov 12, 2022 6:49 am

Re: Cannot connect to VPN on v3.3.2 / finding the way to downgrade back to v3.2.3 again

Post by victor23 » Thu Dec 01, 2022 12:47 am

I have retried all possible ways but there is still an issue.
The same ovpn profile works fine on Android, Mac, iOS v3.2.3, but nothing helps on v3.3.2.

Also, I spent days trying to restore/downgrade to v3.2.3 - with no luck, thinking the only way is similar to what I was using before it expired - https://testflight.apple.com/join/wG8Ln3FA

Any help is appreciated.

User avatar
novaflash
OpenVPN Inc.
Posts: 1073
Joined: Fri Apr 13, 2012 8:43 pm

Re: Cannot connect to VPN on v3.3.2 / finding the way to downgrade back to v3.2.3 again

Post by novaflash » Thu Dec 01, 2022 9:01 pm

Hello victor23,

I don't know of a way to downgrade on iOS. Other configurations with MFA work fine. So what is it about this configuration that makes it fail? Can you give us any information about this server, so that we can try to reproduce the problem?

Kind regards,
Johan
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.

victor23
OpenVpn Newbie
Posts: 5
Joined: Sat Nov 12, 2022 6:49 am

Re: Cannot connect to VPN on v3.3.2 / finding the way to downgrade back to v3.2.3 again

Post by victor23 » Tue Dec 13, 2022 5:33 pm

Finally, I managed to get it to work.
I just enabled "Kill Switch" in the profile settings and it started working. I don't know how it could affect but solved the issue.

Hope this can help others having the same issue.

Post Reply