Opened 2 years ago

Closed 2 years ago

#1007 closed Bug / Defect (notabug)

iOS : OpenVPN Connect App 1.2.7 udp not working for ports besides 1194

Reported by: TaiwanMobileServices Owned by: Antonio
Priority: major Milestone:
Component: OpenVPN Connect Version: OpenVPN Connect for iOS v1.2.7
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

Hi!

Found iOS OpenVPN Connect App latest Versions or even earlier ones not working if the udp port set to different port other than 1194.

Please investigate this issue and fix it in the future version.

Thanks/Br?,

Birdman Hsu
Taiwan Mobile Services

Change History (11)

comment:1 Changed 2 years ago by Antonio

Component: Generic / unclassifiedOpenVPN Connect
Owner: set to Antonio
Status: newassigned

Hi, I always use my VPN on port 1222/UDP and it just works fine. Are you sure there isn't anything else changing?
When you say "not working", what does it mean exactly?

Could you also post the log the "broken" connection?

comment:2 Changed 2 years ago by TaiwanMobileServices

The vpn is established when using port 9443. But there is no traffic when trying to visit web sites.

Everything is back to normal if I used port 1194.

I wondering may be there is some port limits for the OpenVPN Connect App, meaning if the ports are more than some number as I also have different set up using port 636 and it is working fine.

comment:3 in reply to:  2 Changed 2 years ago by Antonio

Replying to TaiwanMobileServices:

The vpn is established when using port 9443. But there is no traffic when trying to visit web sites.

Everything is back to normal if I used port 1194.

I wondering may be there is some port limits for the OpenVPN Connect App, meaning if the ports are more than some number as I also have different set up using port 636 and it is working fine.

no, there is no limit on the port being used. it does not make any difference to the core.

Maybe you can check what's the difference between those instances on the server side?
If you change the port of that server from 9443 another one, does it work?

comment:4 Changed 2 years ago by TaiwanMobileServices

Hi! Ordex,

In fact, there is no such port 9443 issue on their platforms.

Only iOS OpenVPN Connect App has Such issue!

So, it is not the server end issue.

It is very easy to reproduce this problem.

Could you test at your end?

Thanks/Br?,

Birdman Hsu
Taiwan Mobile Services

comment:5 in reply to:  4 Changed 2 years ago by Antonio

Replying to TaiwanMobileServices:

Could you test at your end?

I can't reproduce it.

Could you please share the client and server configuration files so I can try to see the problem?

comment:6 Changed 2 years ago by TaiwanMobileServices

Hi! Ordex,

The client config is as below and once the remote changed to port 9443, the said connected but no traffic problem will happen.

Sorry, no server config. at this moment.

client
dev tun
proto udp
remote a.b.com 1194
remote c.d.com 1194
remote-random
resolv-retry infinite
nobind
persist-key
persist-tun
persist-remote-ip
auth-user-pass
comp-lzo
verb 3
reneg-sec 0
<ca>
</ca>
<cert>
</cert>
<key>
</key>

Last edited 2 years ago by Antonio (previous) (diff)

comment:7 in reply to:  6 Changed 2 years ago by Antonio

Replying to TaiwanMobileServices:

Hi! Ordex,

The client config is as below and once the remote changed to port 9443, the said connected but no traffic problem will happen.

Sorry, no server config. at this moment.

Thanks for the config (however I'd recommend to not post the private key here). Do you also have the client log?

comment:8 Changed 2 years ago by TaiwanMobileServices

Hi! Order,

Please see below the client log files with port 9443 and 1194, respectively (Actually, there is nothing different but only for port numbers) :

Using port 9443

2018-02-01 09:52:27 ----- OpenVPN Start -----
OpenVPN core 3.1.2 ios arm64 64-bit built on Jan 23 2018 15:56:53
2018-02-01 09:52:27 Frame=512/2048/512 mssfix-ctrl=1250
2018-02-01 09:52:27 UNUSED OPTIONS
6 [resolv-retry] [infinite]
7 [nobind]
8 [persist-key]
9 [persist-tun]
10 [persist-remote-ip]
13 [verb] [3]

2018-02-01 09:52:27 EVENT: RESOLVE
2018-02-01 09:52:27 Contacting [1.2.3.4]:9443/UDP via UDP
2018-02-01 09:52:27 EVENT: WAIT
2018-02-01 09:52:27 Connecting to [tw1.vpn4u.com]:9443 (1.2.3.4) via UDPv4
2018-02-01 09:52:27 EVENT: CONNECTING
2018-02-01 09:52:27 Tunnel Options:V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client
2018-02-01 09:52:27 Creds: Username/Password?
2018-02-01 09:52:27 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.2.7-4
IV_VER=3.1.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO=1
IV_BS64DL=1

2018-02-01 09:52:27 VERIFY OK : depth=1
cert. version : 3
serial number : 8C:F0:24:BE:78:94:71:E0
issuer name : O=vpn4u, CN=vpn4u CA, emailAddress=webmaster@…
subject name : O=vpn4u, CN=vpn4u CA, emailAddress=webmaster@…
issued on : 2010-11-10 15:19:00
expires on : 2020-11-07 15:19:00
signed using : RSA with SHA1
RSA key size : 1024 bits
basic constraints : CA=true

2018-02-01 09:52:27 VERIFY OK : depth=0
cert. version : 3
serial number : 01
issuer name : O=vpn4u, CN=vpn4u CA, emailAddress=webmaster@…
subject name : O=vpn4u, CN=server, emailAddress=webmaster@…
issued on : 2010-11-10 15:45:13
expires on : 2020-11-07 15:45:13
signed using : RSA with SHA1
RSA key size : 1024 bits
basic constraints : CA=false
cert. type : SSL Server
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication

2018-02-01 09:52:29 SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA
2018-02-01 09:52:29 Session is ACTIVE
2018-02-01 09:52:29 EVENT: GET_CONFIG
2018-02-01 09:52:29 Sending PUSH_REQUEST to server...
2018-02-01 09:52:29 OPTIONS:
0 [redirect-gateway]
1 [dhcp-option] [DNS] [10.143.108.1]
2 [route] [10.143.108.1]
3 [topology] [net30]
4 [ping] [10]
5 [ping-restart] [60]
6 [ifconfig] [10.143.108.6] [10.143.108.5]

2018-02-01 09:52:29 PROTOCOL OPTIONS:

cipher: BF-CBC
digest: SHA1
compress: LZO
peer ID: -1

2018-02-01 09:52:29 EVENT: ASSIGN_IP
2018-02-01 09:52:29 NIP: preparing TUN network settings
2018-02-01 09:52:29 NIP: init TUN network settings with endpoint: 1.2.3.4
2018-02-01 09:52:29 NIP: adding IPv4 address to network settings 10.143.108.6/255.255.255.252
2018-02-01 09:52:29 NIP: adding (included) IPv4 route 10.143.108.4/30
2018-02-01 09:52:29 NIP: adding (included) IPv4 route 10.143.108.1/32
2018-02-01 09:52:29 NIP: redirecting all IPv4 traffic to TUN interface
2018-02-01 09:52:29 NIP: adding DNS 10.143.108.1
2018-02-01 09:52:29 Connected via NetworkExtensionTUN
2018-02-01 09:52:29 Per-Key Data Limit: 48000000/48000000
2018-02-01 09:52:29 LZO-ASYM init swap=0 asym=0
2018-02-01 09:52:29 EVENT: CONNECTED 1234@…:9443 (1.2.3.4) via /UDPv4 on NetworkExtensionTUN/10.143.108.6/ gw=/

Using port 1194

2018-02-01 09:43:43 ----- OpenVPN Start -----
OpenVPN core 3.1.2 ios arm64 64-bit built on Jan 23 2018 15:56:53
2018-02-01 09:43:43 Frame=512/2048/512 mssfix-ctrl=1250
2018-02-01 09:43:43 UNUSED OPTIONS
6 [resolv-retry] [infinite]
7 [nobind]
8 [persist-key]
9 [persist-tun]
10 [persist-remote-ip]
13 [verb] [3]

2018-02-01 09:43:43 EVENT: RESOLVE
2018-02-01 09:43:43 Contacting [1.2.3.4]:1194/UDP via UDP
2018-02-01 09:43:43 EVENT: WAIT
2018-02-01 09:43:43 Connecting to [tw2.vpn4u.com]:1194 (1.2.3.4) via UDPv4
2018-02-01 09:43:43 EVENT: CONNECTING
2018-02-01 09:43:43 Tunnel Options:V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client
2018-02-01 09:43:43 Creds: Username/Password?
2018-02-01 09:43:43 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.2.7-4
IV_VER=3.1.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO=1
IV_BS64DL=1

2018-02-01 09:43:44 VERIFY OK : depth=1
cert. version : 3
serial number : 8C:F0:24:BE:78:94:71:E0
issuer name : O=vpn4u, CN=vpn4u CA, emailAddress=webmaster@…
subject name : O=vpn4u, CN=vpn4u CA, emailAddress=webmaster@…
issued on : 2010-11-10 15:19:00
expires on : 2020-11-07 15:19:00
signed using : RSA with SHA1
RSA key size : 1024 bits
basic constraints : CA=true

2018-02-01 09:43:44 VERIFY OK : depth=0
cert. version : 3
serial number : 01
issuer name : O=vpn4u, CN=vpn4u CA, emailAddress=webmaster@…
subject name : O=vpn4u, CN=server, emailAddress=webmaster@…
issued on : 2010-11-10 15:45:13
expires on : 2020-11-07 15:45:13
signed using : RSA with SHA1
RSA key size : 1024 bits
basic constraints : CA=false
cert. type : SSL Server
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication

2018-02-01 09:43:45 SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA
2018-02-01 09:43:45 Session is ACTIVE
2018-02-01 09:43:45 EVENT: GET_CONFIG
2018-02-01 09:43:45 Sending PUSH_REQUEST to server...
2018-02-01 09:43:45 OPTIONS:
0 [redirect-gateway]
1 [dhcp-option] [DNS] [10.143.92.1]
2 [route] [10.143.92.1]
3 [topology] [net30]
4 [ping] [10]
5 [ping-restart] [60]
6 [ifconfig] [10.143.92.10] [10.143.92.9]

2018-02-01 09:43:45 PROTOCOL OPTIONS:

cipher: BF-CBC
digest: SHA1
compress: LZO
peer ID: -1

2018-02-01 09:43:45 EVENT: ASSIGN_IP
2018-02-01 09:43:45 NIP: preparing TUN network settings
2018-02-01 09:43:45 NIP: init TUN network settings with endpoint: 1.2.3.4
2018-02-01 09:43:45 NIP: adding IPv4 address to network settings 10.143.92.10/255.255.255.252
2018-02-01 09:43:45 NIP: adding (included) IPv4 route 10.143.92.8/30
2018-02-01 09:43:45 NIP: adding (included) IPv4 route 10.143.92.1/32
2018-02-01 09:43:45 NIP: redirecting all IPv4 traffic to TUN interface
2018-02-01 09:43:45 NIP: adding DNS 10.143.92.1
2018-02-01 09:43:45 Connected via NetworkExtensionTUN
2018-02-01 09:43:45 Per-Key Data Limit: 48000000/48000000
2018-02-01 09:43:45 LZO-ASYM init swap=0 asym=0
2018-02-01 09:43:45 EVENT: CONNECTED 1234@…:1194 (1.2.3.4) via /UDPv4 on NetworkExtensionTUN/10.143.92.10/ gw=/

Thanks/Br?,

Birdman Hsu
Taiwan Mobile Services

comment:9 Changed 2 years ago by Antonio

Thanks for the log!
It looks like the transport layer and the tunnel interface are setup properly (and that is proved by the log being exactly the same), therefore I am still reluctant to assume that the port is making the difference. There must be something else affecting the traffic.

Have you tried dumping the traffic on the tunnel interface on the server side to see if there is any incoming packet from the iOS device?

What do the bytes statistics in the App say after you connect to port 9443?

comment:10 Changed 2 years ago by TaiwanMobileServices

Hi! Ordex,

I believed it is OpenVPN Connect App related bugs as there is no such problem with client softwares on other platforms like Viscosity for both Mac and Windows when using same ovpn files with port 9443!

I do not know how to attach the screenshots for Byte Stat of the OpenVPN Connect App.

But when using port 1194, the Bytes In is about 420 KB in one min. and all internet is working.

And the Bytes In for using port 9443, it is only 8.35 KB in one min. with the problem of no traffic / stalled.

If needed, I can open some test account for you to test at your end.

If affirmative, please give me your personal email address.

Thanks/Br?,

Birdman Hsu
Taiwan Mobile Services

comment:11 Changed 2 years ago by Antonio

Resolution: notabug
Status: assignedclosed

after performing a couple of tests on the incriminated servers, it seems that the problem was related to the DNS running behind one of the servers. I am closing this ticket for now.

Note: See TracTickets for help on using tickets.