Opened 6 years ago

Closed 2 years ago

#1139 closed Bug / Defect (wontfix)

OpenVPN 3.0.2 (894) and iOS 12.1 - dhcp-option PROXY_AUTO_CONFIG_URL not working

Reported by: comphilip Owned by: OpenVPN Inc.
Priority: major Milestone:
Component: OpenVPN Connect Version:
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

Environment

OpenVPN Connect Version: 3.0.2 (894)
iOS Version: 12.1 (16B92)

Expected Result

Safari (or other iOS browsers) should use Proxy Autoconfiguration script during the duration of the VPN session.

Actual Result

After connection established, routes and DNS options works well. I can open http://proxy.example.com/wpad.dat in safari.
But safari not use rules in http://proxy.example.com/wpad.dat. The same rule works well in wifi's proxy configuration.

OpenVPN Server config

push "dhcp-option PROXY_AUTO_CONFIG_URL http://proxy.example.com/wpad.dat"
push "dhcp-option DNS 172.30.80.1"
push "dhcp-option DOMAIN exmaple.com"
push "route 172.30.0.0 255.255.0.0 vpn_gateway"

OpenVPN Connect Log

2018-11-07 13:58:01 ----- OpenVPN Start -----
OpenVPN core 3.2 ios arm64 64-bit PT_PROXY built on Oct 3 2018 06:35:04
2018-11-07 13:58:01 Frame=512/2048/512 mssfix-ctrl=1250
2018-11-07 13:58:01 UNUSED OPTIONS
1 [nobind]
2018-11-07 13:58:01 EVENT: RESOLVE
2018-11-07 13:58:01 Contacting [192.168.30.2]:1194/UDP via UDP
2018-11-07 13:58:01 EVENT: WAIT
2018-11-07 13:58:01 Connecting to [abc.3322.org]:1194 (192.168.30.2) via UDPv4
2018-11-07 13:58:01 EVENT: CONNECTING
2018-11-07 13:58:01 Tunnel Options:V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client
2018-11-07 13:58:01 Creds: UsernameEmpty/PasswordEmpty?
2018-11-07 13:58:01 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 3.0.2-894
IV_VER=3.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_AUTO_SESS=1
IV_BS64DL=1

2018-11-07 13:58:01 VERIFY OK : depth=0
cert. version : 3
serial number : 01
issuer name : CN=abc.3322.org
subject name : CN=abc.3322.org
issued on : 2017-06-23 14:50:28
expires on : 2027-06-21 14:50:28
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=false
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication

2018-11-07 13:58:01 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
2018-11-07 13:58:01 Session is ACTIVE
2018-11-07 13:58:01 EVENT: GET_CONFIG
2018-11-07 13:58:01 Sending PUSH_REQUEST to server...
2018-11-07 13:58:01 OPTIONS:
0 [route] [192.168.254.1]
1 [topology] [net30]
2 [ping] [10]
3 [ping-restart] [60]
4 [dhcp-option] [PROXY_AUTO_CONFIG_URL] http://proxy.example.com/wpad.dat
5 [dhcp-option] [DNS] [172.30.80.1]
6 [dhcp-option] [DOMAIN] [example.com]
7 [route] [172.30.0.0] [255.255.0.0] [vpn_gateway]
8 [ifconfig] [192.168.254.6] [192.168.254.5]
9 [peer-id] [0]
10 [cipher] [AES-256-GCM]

2018-11-07 13:58:01 PROTOCOL OPTIONS:

cipher: AES-256-GCM
digest: SHA1
compress: NONE
peer ID: 0

2018-11-07 13:58:01 EVENT: ASSIGN_IP
2018-11-07 13:58:01 NIP: preparing TUN network settings
2018-11-07 13:58:01 NIP: init TUN network settings with endpoint: 192.168.30.2
2018-11-07 13:58:01 NIP: adding IPv4 address to network settings 192.168.254.6/255.255.255.252
2018-11-07 13:58:01 NIP: adding (included) IPv4 route 192.168.254.4/30
2018-11-07 13:58:01 NIP: adding (included) IPv4 route 192.168.254.1/32
2018-11-07 13:58:01 NIP: adding (included) IPv4 route 172.30.0.0/16
2018-11-07 13:58:01 NIP: adding DNS 172.30.80.1
2018-11-07 13:58:01 NIP: adding match domain example.com
2018-11-07 13:58:01 NIP: setting proxy auto-config URL to http://proxy.example.com/wpad.dat
2018-11-07 13:58:01 NIP: adding DNS specific routes:
2018-11-07 13:58:01 NIP: adding (included) IPv4 route 172.30.80.1/32
2018-11-07 13:58:01 Connected via NetworkExtensionTUN
2018-11-07 13:58:01 EVENT: CONNECTED abc.3322.org:1194 (192.168.30.2) via /UDPv4 on NetworkExtensionTUN/192.168.254.6/ gw=/

Change History (4)

comment:1 Changed 6 years ago by comphilip

I finally find out where the problem is.

dhcp-option proxy settings only works with redirect-gateway def1. It seems due to iOS limitation, iOS only accept proxy setting if VPN routes all traffic.

I removed redirect-gateway def1 and set white list in .pac file, and hoping only sites in white list route via VPN.

comment:2 Changed 4 years ago by Gert Döring

Owner: changed from yuriy to denys
Status: newassigned

comment:3 Changed 4 years ago by Antonio Quartulli

Owner: changed from denys to OpenVPN Inc.

comment:4 Changed 2 years ago by Gert Döring

Resolution: wontfix
Status: assignedclosed

OpenVPN Inc does not want to receive any feedback for the "Connect"
OpenVPN clients via the community bug trackers (here and in GH issues).

Please resubmit - if still relevant - via https://support.openvpn.net/

Note: See TracTickets for help on using tickets.