Opened 6 years ago
Closed 2 years ago
#1139 closed Bug / Defect (wontfix)
OpenVPN 3.0.2 (894) and iOS 12.1 - dhcp-option PROXY_AUTO_CONFIG_URL not working
Reported by: | comphilip | Owned by: | OpenVPN Inc. |
---|---|---|---|
Priority: | major | Milestone: | |
Component: | OpenVPN Connect | Version: | |
Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | |
Cc: |
Description
Environment
OpenVPN Connect Version: 3.0.2 (894)
iOS Version: 12.1 (16B92)
Expected Result
Safari (or other iOS browsers) should use Proxy Autoconfiguration script during the duration of the VPN session.
Actual Result
After connection established, routes and DNS options works well. I can open http://proxy.example.com/wpad.dat in safari.
But safari not use rules in http://proxy.example.com/wpad.dat. The same rule works well in wifi's proxy configuration.
OpenVPN Server config
push "dhcp-option PROXY_AUTO_CONFIG_URL http://proxy.example.com/wpad.dat"
push "dhcp-option DNS 172.30.80.1"
push "dhcp-option DOMAIN exmaple.com"
push "route 172.30.0.0 255.255.0.0 vpn_gateway"
OpenVPN Connect Log
2018-11-07 13:58:01 ----- OpenVPN Start -----
OpenVPN core 3.2 ios arm64 64-bit PT_PROXY built on Oct 3 2018 06:35:04
2018-11-07 13:58:01 Frame=512/2048/512 mssfix-ctrl=1250
2018-11-07 13:58:01 UNUSED OPTIONS
1 [nobind]
2018-11-07 13:58:01 EVENT: RESOLVE
2018-11-07 13:58:01 Contacting [192.168.30.2]:1194/UDP via UDP
2018-11-07 13:58:01 EVENT: WAIT
2018-11-07 13:58:01 Connecting to [abc.3322.org]:1194 (192.168.30.2) via UDPv4
2018-11-07 13:58:01 EVENT: CONNECTING
2018-11-07 13:58:01 Tunnel Options:V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client
2018-11-07 13:58:01 Creds: UsernameEmpty/PasswordEmpty?
2018-11-07 13:58:01 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 3.0.2-894
IV_VER=3.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_AUTO_SESS=1
IV_BS64DL=1
2018-11-07 13:58:01 VERIFY OK : depth=0
cert. version : 3
serial number : 01
issuer name : CN=abc.3322.org
subject name : CN=abc.3322.org
issued on : 2017-06-23 14:50:28
expires on : 2027-06-21 14:50:28
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=false
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication
2018-11-07 13:58:01 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
2018-11-07 13:58:01 Session is ACTIVE
2018-11-07 13:58:01 EVENT: GET_CONFIG
2018-11-07 13:58:01 Sending PUSH_REQUEST to server...
2018-11-07 13:58:01 OPTIONS:
0 [route] [192.168.254.1]
1 [topology] [net30]
2 [ping] [10]
3 [ping-restart] [60]
4 [dhcp-option] [PROXY_AUTO_CONFIG_URL] http://proxy.example.com/wpad.dat
5 [dhcp-option] [DNS] [172.30.80.1]
6 [dhcp-option] [DOMAIN] [example.com]
7 [route] [172.30.0.0] [255.255.0.0] [vpn_gateway]
8 [ifconfig] [192.168.254.6] [192.168.254.5]
9 [peer-id] [0]
10 [cipher] [AES-256-GCM]
2018-11-07 13:58:01 PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: SHA1
compress: NONE
peer ID: 0
2018-11-07 13:58:01 EVENT: ASSIGN_IP
2018-11-07 13:58:01 NIP: preparing TUN network settings
2018-11-07 13:58:01 NIP: init TUN network settings with endpoint: 192.168.30.2
2018-11-07 13:58:01 NIP: adding IPv4 address to network settings 192.168.254.6/255.255.255.252
2018-11-07 13:58:01 NIP: adding (included) IPv4 route 192.168.254.4/30
2018-11-07 13:58:01 NIP: adding (included) IPv4 route 192.168.254.1/32
2018-11-07 13:58:01 NIP: adding (included) IPv4 route 172.30.0.0/16
2018-11-07 13:58:01 NIP: adding DNS 172.30.80.1
2018-11-07 13:58:01 NIP: adding match domain example.com
2018-11-07 13:58:01 NIP: setting proxy auto-config URL to http://proxy.example.com/wpad.dat
2018-11-07 13:58:01 NIP: adding DNS specific routes:
2018-11-07 13:58:01 NIP: adding (included) IPv4 route 172.30.80.1/32
2018-11-07 13:58:01 Connected via NetworkExtensionTUN
2018-11-07 13:58:01 EVENT: CONNECTED abc.3322.org:1194 (192.168.30.2) via /UDPv4 on NetworkExtensionTUN/192.168.254.6/ gw=/
Change History (4)
comment:1 Changed 6 years ago by
comment:2 Changed 4 years ago by
Owner: | changed from yuriy to denys |
---|---|
Status: | new → assigned |
comment:3 Changed 4 years ago by
Owner: | changed from denys to OpenVPN Inc. |
---|
comment:4 Changed 2 years ago by
Resolution: | → wontfix |
---|---|
Status: | assigned → closed |
OpenVPN Inc does not want to receive any feedback for the "Connect"
OpenVPN clients via the community bug trackers (here and in GH issues).
Please resubmit - if still relevant - via https://support.openvpn.net/
I finally find out where the problem is.
dhcp-option proxy settings only works with redirect-gateway def1. It seems due to iOS limitation, iOS only accept proxy setting if VPN routes all traffic.
I removed redirect-gateway def1 and set white list in .pac file, and hoping only sites in white list route via VPN.