Opened 19 months ago

Last modified 6 weeks ago

#1083 new Bug / Defect

iOS -- Log does not show route addition errors

Reported by: tincantech Owned by:
Priority: major Milestone:
Component: Generic / unclassified Version: OpenVPN Connect for iOS v1.2.9
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc: Antonio

Description

Source:
https://forums.openvpn.net/viewtopic.php?f=36&t=26855

When pushing a route to iOS setting the gateway parameter is an error (Do not set the gateway because iOS does not allow this).

However, iOS currently silently ignores the error so the user cannot verify what has happened.

iOS log example:

2018-08-06 14:50:37 Sending PUSH_REQUEST to server...
2018-08-06 14:50:37 OPTIONS:
0 [route] [192.168.1.0] [255.255.255.0] [10.8.0.1] 
1 [route-gateway] [10.8.0.1] 
2 [topology] [subnet] 
3 [ping] [1800] 
4 [ping-restart] [3600] 
5 [ifconfig] [10.8.0.3] [255.255.255.0] 
6 [peer-id] [0] 
7 [cipher] [AES-256-GCM] 

2018-08-06 14:50:37 PROTOCOL OPTIONS:
  cipher: AES-256-GCM
  digest: SHA256
  compress: LZ4
  peer ID: 0
2018-08-06 14:50:37 EVENT: ASSIGN_IP
2018-08-06 14:50:37 NIP: preparing TUN network settings
2018-08-06 14:50:37 NIP: init TUN network settings with endpoint: OPENVPN-IP
2018-08-06 14:50:37 NIP: adding IPv4 address to network settings 10.8.0.3/255.255.255.0
2018-08-06 14:50:37 NIP: adding (included) IPv4 route 10.8.0.0/24
2018-08-06 14:50:37 Connected via NetworkExtensionTUN
2018-08-06 14:50:37 LZ4 init asym=0
2018-08-06 14:50:37 EVENT: CONNECTED @OPENVPN-IP:1194 (OPENVPN-IP) via /UDPv4 on NetworkExtensionTUN/10.8.0.3/ gw=[/]

This is the error:

0 [route] [192.168.1.0] [255.255.255.0] [10.8.0.1] 
                                         ^^^^^^^^

But the log does not acknowledge this.

Change History (2)

comment:1 Changed 3 months ago by Gert Döring

not sure I understand this ticket - the gateway has no effect on iOS, but the line is syntactically correct so the route should end up pointing to the VPN?

If you error out on this, very many configs will break that have a gateway which is basically just pointing into the tunnel.

comment:2 Changed 6 weeks ago by tincantech

Cc: Antonio added

I discussed this with ordex quite some time ago and he agreed that this is bad behaviour.

  1. The user configures 'push "route subnet mask gateway"'
    With the correct parameters.
    eg: route 192.168.0.0 255.255.255.0 10.8.0.1
  2. This is pushed to a PC client and it works as expected. (Assume topology subnet)
  3. This is pushed to an IOS client and it silently fails.
    Found in OpenVPN Client: 1.2.9
  4. IOS user is left in the dark that this has failed and why ..
Last edited 6 weeks ago by tincantech (previous) (diff)
Note: See TracTickets for help on using tickets.