OpenVPN Connect will not connect via UDP

[apastor]

Using OpenVPN Connect v1.2.9. Tested with older versions too.

Tested on:

iPhone with iOS 11.3.1
iPad with iOS 11.3
iPod with iOS 11.2.1
ancient iPod with iOS 5.1.1
android 4.2.2 tablet 3.0.1 (for reference)

Using UDP results in immediate disconnect followed up with reconnect. Cycling happens every 5 seconds, tunnel is unusable.

Key client log snippet:

<timestamp> EVENT: CONNECTED <details>
<timestamp> NIP: iOS reported network status unavailable
<timestamp> OS Event: NET UNAVAILABLE (PAUSE): Internet:ReachableViaWWAN/WR tc-----
<timestamp> NIP: iOS reported network status available
<timestamp> OS Event: NET UNAVAILABLE (RESUME): Internet:ReachableViaWWAN/WR t------ allow=1

Server is not involved in connection drop. It reports:

<timestamp> us=388165 <Cell IP>:60634 [iPhone] Peer Connection Initiated with [AF_INET]<Cell IP>:60634
<timestamp> us=394527 MULTI: new connection by client 'iPhone' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.

Issue is experienced always with UDP. TCP connectivity works for all devices.
Issue happens on default port 1194 or any other UDP port.
Issue happens on WiFi? or cellular (3G or LTE), regardless of carrier.

There is no issue with the android tablet. It can establish a stable connection to server with identical client configuration (including certificates) than that used by iOS devices. It can connect through a hotspot provided by the iPhone, which rules out any issues with the carrier and issues with routing.

Used to work with older iOS versions (10.x).

[apastor]

More details:

​https://forums.openvpn.net/viewtopic.php?f=36&t=26106

[tct]

More important than the entire thread, see from this post:
​https://forums.openvpn.net/viewtopic.php?f=36&t=26106#p78606

The OP did not respond any further .. perhaps it was a local problem.

[apastor]

No... problem persists.

Have not replied to thread as haven't had a chance to test removing persist-key and persist-tun from iOS client config. I have tested Android with either/or/both and Android works no problem. Once I test your suggestion on iOS I'll update the thread. I don't see how it will make a difference although willing to give the benefit of the doubt to persist-tun.

Regardless, after testing on several versions of iOS and cross checking on Android, both WiFi? and LTE, including using a non-connecting iPhone as a hotspot for a connecting Android tablet, on separate carriers... I am fairly confident this is an issue w/the OpenVPN Connect App on current iOS.

Absence of proof is not proof of absence.

As I wrote on the thread... can anyone confirm that UDP transport works in iOS 11.x? I can confirm it doesn't on scenarios described above.

[apastor]

Tested with an iPhone 4S running iOS 10 and OpenVPN Connect 1.1. UDP works.

UDP seems to have broke with OpenVPN Connect v.1.2.

Don't want to upgrade that phone's app to 1.2 as right now that is the only client I can connect with.

[Monkeydo]

Confirming iOS 11.4 w/ OpenVPN Connect 1.2.9 CANNOT connect via UDP. I have the same issue.
I have more details, just let me know which thread you want me to post to, this OPs or your thread.

And yes I registered to reply only, but thanks to this thread, I switched to TCP only instead of Adaptive.

[Antonio Quartulli]

Hi there, there is a new release on Testflight which will be released soon. Please test that again and report any issue to ios@…

I am closing this for now