OpenVPN Connect not routing traffic

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
jitjack
OpenVpn Newbie
Posts: 1
Joined: Tue Apr 11, 2023 11:12 pm

OpenVPN Connect not routing traffic

Post by jitjack » Tue Apr 11, 2023 11:38 pm

I've been using an OpenVPN Access Server on AWS to route all traffic successfully using the Windows 11 and android OpenVPN Connect apps. When trying to connect from an iphone (iOS 16.4.1) using app ver. 3.3.3, I can connect successfully, but the browser traffic is not routed through the VPN.
This is the .opvn configuration file exported from the Access Server:

Code: Select all

cipher AES-256-CBC
client
server-poll-timeout 4
nobind
remote XXX.XXX.XXX.XXX 1194 udp
remote XXX.XXX.XXX.XXX 443 tcp
dev tun
dev-type tun
remote-cert-tls server
tls-version-min 1.2
reneg-sec 604800
verb 3
push-peer-info

<ca>
-----BEGIN CERTIFICATE-----
REDACTED
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
REDACTED
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
REDACTED
-----END PRIVATE KEY-----
</key>
<tls-crypt-v2>
REDACTED
-----END OpenVPN tls-crypt-v2 client key-----
</tls-crypt-v2>
And this is the client's log.

Code: Select all

[Apr 11, 2023, 17:58:00] START CONNECTION
[Apr 11, 2023, 17:58:00] ----- OpenVPN Start ----- 
OpenVPN core 3.git::081bfebe ios arm64 64-bit 
[Apr 11, 2023, 17:58:00] OpenVPN core 3.git::081bfebe ios arm64 64-bit 
[Apr 11, 2023, 17:58:00] Frame=512/2048/512 mssfix-ctrl=1250 
[Apr 11, 2023, 17:58:00] UNUSED OPTIONS 
 [nobind] 
17 [verb] [3] 
29 [CLI_PREF_ALLOW_WEB_IMPORT] [True] 
30 [CLI_PREF_BASIC_CLIENT] [False] 
31 [CLI_PREF_ENABLE_CONNECT] [False] 
32 [CLI_PREF_ENABLE_XD_PROXY] [True] 
33 [WSHOST] [XX.XXX.XXX.XXX:443] 
34 [WEB_CA_BUNDLE] [-----BEGIN CERTIFICATE----- BgkqhkiG...] 
35 [IS_OPENVPN_WEB_CA] [1] 
[Apr 11, 2023, 17:58:00] EVENT: RESOLVE 
[Apr 11, 2023, 17:58:00] Contacting XX.XXX.XXX.XXX:1194 via UDP 
[Apr 11, 2023, 17:58:00] EVENT: WAIT 
[Apr 11, 2023, 17:58:00] Connecting to [XX.XXX.XXX.XXX]:1194 (XX.XXX.XXX.XXX) via UDPv4 
[Apr 11, 2023, 17:58:00] EVENT: CONNECTING 
[Apr 11, 2023, 17:58:00] Tunnel Options:V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client 
[Apr 11, 2023, 17:58:00] Creds: Username/PasswordEmpty 
[Apr 11, 2023, 17:58:00] Peer Info: 
IV_VER=3.git::081bfebe 
IV_PLAT=ios 
IV_NCP=2 
IV_TCPNL=1 
IV_PROTO=30 
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC 
IV_AUTO_SESS=1 
UV_ASCLI_VER=3.3.3-5109 
UV_PLAT_REL=16.4.1 
UV_UUID=ffff 
IV_GUI_VER=net.openvpn.connect.ios_3.3.3-5109 
IV_SSO=webauth,openurl,crtext 
IV_HWADDR=fff 
IV_SSL=OpenSSL 1.1.1n 15 Mar 2022 
[Apr 11, 2023, 17:58:00] VERIFY OK: depth=1, /CN=OpenVPN CA, signature: RSA-SHA256 
[Apr 11, 2023, 17:58:00] VERIFY OK: depth=0, /CN=OpenVPN Server, signature: RSA-SHA256 
[Apr 11, 2023, 17:58:00] SSL Handshake: peer certificate: CN=OpenVPN Server, 2048 bit RSA, cipher: TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD 
[Apr 11, 2023, 17:58:00] Session is ACTIVE 
[Apr 11, 2023, 17:58:00] EVENT: GET_CONFIG 
[Apr 11, 2023, 17:58:00] Sending PUSH_REQUEST to server... 
[Apr 11, 2023, 17:58:01] OPTIONS: 
0 [explicit-exit-notify] 
1 [topology] [subnet] 
2 [route-delay] [5] [30] 
3 [dhcp-pre-release] 
4 [dhcp-renew] 
5 [dhcp-release] 
6 [route-metric] [101] 
7 [ping] [12] 
8 [ping-restart] [50] 
9 [redirect-private] [def1] 
10 [redirect-private] [bypass-dhcp] 
11 [redirect-private] [autolocal] 
12 [redirect-private] [bypass-dns] 
13 [route-gateway] [172.27.224.129] 
14 [route] [172.xx.xx.xx] 
15 [route] [172.xx.xx.xx] [255.255.255.0] 
16 [route] [172.xx.xx.xx] [255.255.255.0] 
17 [block-ipv6] 
18 [ifconfig] [172.xx.xx.xx] [255.255.255.128] 
19 [peer-id] [0] 
20 [auth-token] ... 
21 [cipher] [AES-256-GCM] 
22 [key-derivation] [tls-ekm] 
[Apr 11, 2023, 17:58:01] Session token: [redacted] 
[Apr 11, 2023, 17:58:01] PROTOCOL OPTIONS: 
cipher: AES-256-GCM 
digest: NONE 
key-derivation: TLS Keying Material Exporter [RFC5705] 
compress: NONE 
peer ID: 0 
control channel: tls-crypt v2 enabled 
[Apr 11, 2023, 17:58:01] EVENT: ASSIGN_IP 
[Apr 11, 2023, 17:58:01] NIP: preparing TUN network settings 
[Apr 11, 2023, 17:58:01] NIP: init TUN network settings with endpoint: XX.XXX.XXX.XXX 
[Apr 11, 2023, 17:58:01] NIP: adding IPv4 address to network settings 172.xx.xx.xx/255.255.255.128 
[Apr 11, 2023, 17:58:01] NIP: adding (included) IPv4 route 172.xx.xx.xx/25 
[Apr 11, 2023, 17:58:01] NIP: adding (included) IPv4 route 172.xx.xx.xx/32 
[Apr 11, 2023, 17:58:01] NIP: adding (included) IPv4 route 172.xx.xx.xx/24 
[Apr 11, 2023, 17:58:01] NIP: adding (included) IPv4 route 172.xx.xx.xx/24 
[Apr 11, 2023, 17:58:01] NIP: blocking all IPv6 traffic 
[Apr 11, 2023, 17:58:01] Connected via NetworkExtensionTUN 
[Apr 11, 2023, 17:58:01] EVENT: CONNECTED user@XX.XXX.XXX.XXX:1194 (XX.XXX.XXX.XXX) via /UDPv4 on NetworkExtensionTUN/172.xx.xx.xx/ gw=[/] 
Any sugestions?

Post Reply