OpenVPN Support Forum

all my .ovpn config that work properly with 3.3.4 in ios 16.6 & 16.7 is not working in openvpn 3.4.0 in ios and iphone even changing security level and try all option in tls version , please add openvpn legacy or earlier version like 3.3.4 or 3.3.3 in apple store all user have problem and various error in new version 3.4.0 , please help us in ios there is no coming back to install older version like android

Hello pooyam61,

I would highly recommend that you look at the logs and let us know what these unsupported config options are.

If these are options that don't belong there, you can just remove them, and get things working again.

Kind regards,
Johan

I have the same problem
iOS 16.6, 16.7 users can no longer connect since they updated to open vpn version 3.4.0.
This means that they connect to the server, but they cannot even see their gateway, and their access to the Internet is completely cut off
Please help me friends

Hello,
I installed a OpenVPN server but I cannot connect my iPhone with the OpenVPN Server. I don't know why because I can connect with my Android smartphone but not with the iPhone. Maybe I made something wrong on iPhone. I use this OpenVPN conncet with Macbook Pro and iMac without any kind of problems.
Please someone can help me?
Thanks.
FabioCD

Have anyonetried connect your vpn server with turned Wi-Fi on your iphone? I have same situation, but i noticed that with wi-fi all works correctly

after check log and remove the line

tun-mtu-extra 32

in my .ovpn config file and set the security level to
Insecure(not recommended)

my conetion connect in iphone with openvpn 3.4.0 version
it is all about tls version 1.1 that remove from config i think
just have tls1 , tls 1.2 and tls 1.3 in setting so you can not choose tls 1.1 in any option setting , please rollback all tls version and options in next vesrion for ios

my tcp config now is :

client
dev tun
proto tcp
remote xxx.xxx.xxx.xxx 84
resolv-retry infinite
nobind
tun-mtu 1500
mssfix 1450
persist-key
persist-tun
auth-user-pass
comp-lzo
verb 3

Had to remove "tun-mtu-extra 32" here too.

While I understand this may be a useless parameter on iOS, many of us have carefully crafted our ovpn files to work optimally on various platforms. For OpenVPN Connect on iOS to suddenly break this one-size-fits-all ovpn file is, well, not cool. IMHO they should've left it at a warning in the log and not a fatal error.

I know it's just one line. But it's one line times X server profiles, times N other users that need hand-holding, etc. This small change can cause quite the headache.

If this was pre-announced somewhere, someone please point me where to look so I can subscribe to such notices.

I have the symptoms that match @sardari.

I do not have the "tun-mtu-extra" option. I also do not have the "unsupported option" log line.

I get "Session Invalidated: KEEPALIVE_TIMEOUT" and then "EVENT: RECONNECTING".

Same .opvn setting as I have had for years. Now on iOS 17 and OpenVPN Connect 3.4.0.

I can connect successfully but then no traffic flows and then about 20 seconds later the timeout hits.

I have the same problem and I cannot find which of my options is unsupported.
client
dev tun
proto udp
explicit-exit-notify
;verify-x509-name "C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Appliance_Certificate_x, emailAddress=na@example.com"
;route remote_host 255.255.255.255 net_gateway
resolv-retry infinite
nobind
persist-key
persist-tun
auth-user-pass
cipher AES-128-CBC
auth SHA256
comp-lzo no
;can_save no
;otp no
;run_logon_script no
;auto_connect
route-delay 4
verb 3
reneg-sec 86400
remote x.org 8443

Actual Issue: IOS Client removed options which are not related to IOS client VPN connection

Fix: You need to remove unsupported options from your .ovpn file

Solution Steps:

1) Open OPenVPN client
2) click notepad like sign on top right corner in top menu bar
3) It will show logs, you can view or also export it by pressing email like icon on top right menu bar
4) Find options which are creating issues

you will get logs like this

Oct 21, 2023, 16:18:25 - NOTE: This configuration contains options that were not used:
Oct 21, 2023, 16:18:25 - Removed deprecated option
Oct 21, 2023, 16:18:25 - 3 [ncp-disable]
Oct 21, 2023, 16:18:25 - EVENT: CORE_THREAD_ERROR option_error: sorry, unsupported options present in configuration: Removed deprecated option [ERR]

one line before last error line shown, parameter which is shown in that line, you need to remove that parameter from your .ovpn file and profile again. here in this case that parameter is ncp-disable

Hopefully this will fix this issue, if vpn connection was working ok but after update to new ios version it stopped working.

Thanks

Hello, I have the same problem. .ovpn files works in every version with 3.3.4 in an ipad but when I try them in the 3.4 version I keep the timeout connection error. Here I leave my the config of the .ovpn file, thanks for the help:

client
resolv-retry 20
keepalive 2 10
nobind
mute-replay-warnings
remote-cert-tls server
compress
verb 1
persist-key
persist-tun
explicit-exit-notify 1
dev tun
proto udp
port 1194
cipher AES-128-CBC

In my case, reviewing the log showed that the unsupported option was “route-delay 4” which does not appear to be in your list. Check the log and see which, if any, options are causing the problem.

same problem as others have noticed. When looking at the log though, only area that says anything about unsupported is for the word 'client' and the next line just says ignored.
Pretty much mirroring the scenario that 513g3 mentioned above.
Seems like this version is more or less unusable for us at the moment...

Hi everyone,
after updating the app to version 3.4.0
with ios 17 users are able to connect to the server but are unable to access internal services, not even the gateway can be reached.
From Win and Android no problem.
There is no warning in the app logs while on the Pfsense firewall "Bad compression stub (swap) decompression header byte: 250"
Can someone help me?
Thank you
Luca Bottini

Hello, 
I have the same problem with the new OpenVPN version 3.4.0. The same connection was working fine with OpenVPN version 3.3.4, but it does not work with 3.4.0.
The issue appears with the new iOS 16.6.1 and iOS 15.8. I cannot access internal services or I cannot ping my VPN IP or gateway IP.

Thanks,
Marco  

I had chatted with OVPN support on this and we narrowed my scenario down to compression. They are not supporting compression in 3.4.x moving forward.
I had to uncheck the line item on BOTH the server and client end. I'm using Untangle/Arista for an appliance and this setting affects all openvpn connections. I didn't see a way to isolate just ios devices.

I solved the problem by removing compression from the server and client.
Thanks for the support!

Hello,

Just want to add my voice to removing compression from another angle; security. Ever since the Voracle vulnerability was found and published it was clear that compression and encryption combined has a security flaw. So compression is on the way out and should be removed or turned off for sure. Just thought that would help for future readers. If you want to learn more about Voracle, you can read up on it online.

Kind regards,
Johan

same issue for me, IOS 17 and once I update to openvpn connect 3.4.0 the config files don't work.
I had to remove the following setting to get my oeck vpn to work:
bcast-buffers

Very annoying openvpn!

And this is the advice that helped me solve it - thanks @mindsgrid

mindsgrid wrote: ↑

Sun Oct 22, 2023 3:46 am

Actual Issue: IOS Client removed options which are not related to IOS client VPN connection

Fix: You need to remove unsupported options from your .ovpn file

Solution Steps:

1) Open OPenVPN client
2) click notepad like sign on top right corner in top menu bar
3) It will show logs, you can view or also export it by pressing email like icon on top right menu bar
4) Find options which are creating issues

you will get logs like this

Oct 21, 2023, 16:18:25 - NOTE: This configuration contains options that were not used:
Oct 21, 2023, 16:18:25 - Removed deprecated option
Oct 21, 2023, 16:18:25 - 3 [ncp-disable]
Oct 21, 2023, 16:18:25 - EVENT: CORE_THREAD_ERROR option_error: sorry, unsupported options present in configuration: Removed deprecated option [ERR]

one line before last error line shown, parameter which is shown in that line, you need to remove that parameter from your .ovpn file and profile again. here in this case that parameter is ncp-disable