Cannot Connect on Android: Client exception in transport_recv: option_error: server-pushed options data too large

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
youni
OpenVpn Newbie
Posts: 1
Joined: Thu Mar 16, 2023 10:05 am

Cannot Connect on Android: Client exception in transport_recv: option_error: server-pushed options data too large

Post by youni » Thu Mar 16, 2023 10:37 am

Hello! I connect to my server from PC fine. And now I try to connect to my server using Openvpn App on Android 11. I edited config my.ovpn and wrote in unified format as described here https://openvpn.net/vpn-server-resource ... t-android/
I imported profile from this my.ovpn and try to connect. But repeatedly get this:

Client exception in transport_recv: option_error: server-pushed options data too large

The lines of my config are the same as on PC with only ca, cert, key in XML format.
This is my config (certificates and keys are deleted here):

my.ovpn

client
proto tcp
port 12500
dev tun0
remote xxroutexx.myservdot.com
remote 11.55.88.11
<ca>
-----BEGIN CERTIFICATE-----
..cert characters here...
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
..another cert characters here...
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
..key characters here...
-----END RSA PRIVATE KEY-----
</key>
keepalive 10 120
status __tmp_status.vpn
script-security 2


Resulting log on Android Openvpn App:

Code: Select all

13:14:54.360 -- EVENT: RECONNECTING
13:14:54.364 -- EVENT: RESOLVE
13:14:54.366 -- Contacting 11.55.88.11:12500 via TCPv4
13:14:54.366 -- EVENT: WAIT
13:14:54.407 -- Connecting to [11.55.88.11]:12500 (11.55.88.11) via TCPv4
13:14:54.438 -- EVENT: CONNECTING
13:14:54.442 -- Tunnel Options:V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client
13:14:54.443 -- Creds: UsernameEmpty/PasswordEmpty
13:14:54.443 -- Peer Info:
IV_VER=3.git::d3f8b18b:Release
IV_PLAT=android
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC
IV_AUTO_SESS=1
IV_GUI_VER=net.openvpn.connect.android_3.3.1-9079
IV_SSO
=webauth,openurl
IV_BS64DL=1

13:14:54.498 -- VERIFY OK: depth=1, /O=XIssuer/CN=XSession-CA-v2, signature: RSA-SHA256
13:14:54.499 -- VERIFY OK: depth=0, /CN=xserv-xnet-xdom, signature: RSA-SHA256
13:14:54.604 -- SSL Handshake: peer certificate: CN=xserv-xnet-xdom, 2048 bit RSA, cipher: TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD

13:14:54.605 -- Session is ACTIVE
13:14:54.606 -- EVENT: GET_CONFIG
13:14:54.609 -- Sending PUSH_REQUEST to server...
13:14:54.636 -- Options continuation...
13:14:54.637 -- Options continuation...
13:14:54.638 -- Options continuation...
13:14:54.661 -- Options continuation...
13:14:54.662 -- Options continuation...
13:14:54.663 -- Options continuation...
13:14:54.664 -- Options continuation...
13:14:54.687 -- Options continuation...
13:14:54.687 -- Options continuation...
13:14:54.690 -- Options continuation...
13:14:54.711 -- Options continuation...
13:14:54.712 -- Options continuation...
13:14:54.713 -- Options continuation...
13:14:54.715 -- Options continuation...
13:14:54.736 -- Options continuation...
13:14:54.740 -- Options continuation...
13:14:54.741 -- Options continuation...
13:14:54.741 -- Options continuation...
13:14:54.761 -- Options continuation...
13:14:54.765 -- Options continuation...
13:14:54.766 -- Options continuation...
13:14:54.788 -- Options continuation...
13:14:54.791 -- Options continuation...
13:14:54.792 -- Options continuation...
13:14:54.794 -- Options continuation...
13:14:54.814 -- Options continuation...
13:14:54.821 -- Options continuation...
13:14:54.822 -- Options continuation...
13:14:54.823 -- Options continuation...
13:14:54.843 -- Options continuation...
13:14:54.847 -- Options continuation...
13:14:54.848 -- Options continuation...
13:14:54.868 -- Options continuation...
13:14:54.872 -- Options continuation...
13:14:54.873 -- Options continuation...
13:14:54.875 -- Options continuation...
13:14:54.894 -- Options continuation...
13:14:54.901 -- Options continuation...
13:14:54.902 -- Options continuation...
13:14:54.920 -- Options continuation...
13:14:54.921 -- Options continuation...
13:14:54.925 -- Options continuation...
13:14:54.927 -- Options continuation...
13:14:54.945 -- Options continuation...
13:14:54.952 -- Options continuation...
13:14:54.954 -- Options continuation...
13:14:54.956 -- Options continuation...
13:14:54.971 -- Options continuation...
13:14:54.981 -- Options continuation...
13:14:54.981 -- Options continuation...
13:14:54.999 -- Options continuation...
13:14:55.000 -- Options continuation...
13:14:55.006 -- Options continuation...
13:14:55.007 -- Options continuation...
13:14:55.024 -- Options continuation...
13:14:55.033 -- Options continuation...
13:14:55.035 -- Options continuation...
13:14:55.036 -- Options continuation...
13:14:55.051 -- Options continuation...
13:14:55.060 -- Options continuation...
13:14:55.061 -- Options continuation...
13:14:55.078 -- Client exception in transport_recv: option_error: server-pushed options data too large
13:14:55.078 -- Client terminated, restarting in 2000 ms...
13:14:57.078 -- EVENT: RECONNECTING
Also I tried another way: added Android Keychain as described here https://openvpn.net/faq/how-do-i-use-a- ... -keychain/ and used config like this:

my-android-keychain.ovpn

client
proto tcp
port 12500
dev tun0
remote xxroutexx.myservdot.com
remote 11.55.88.11
keepalive 10 120
status __tmp_status.vpn
script-security 2


Using this config without ca, cert, key, Openvpn App asked me to use Android Keychain, and I chosen one. But got same error: Client exception in transport_recv: option_error: server-pushed options data too large.

Can you advise something? Why options are so large? Seems like on Android should be some features that I have to edit my config, but did not get yet what exactly.

Setting up "Allow compression (insecure)" to "Full" did not change result.

Post Reply