id summary reporter owner description type status priority milestone component version severity resolution keywords cc 1233 Connect not working with iOS 13.2 but configuration works with Catalina, TLS handshake failed nextcounter OpenVPN Inc. "OpenVPN Connect on iOS 13.2(.2) is not establishing TLS with my OpenVPN server, although the same configuration works on a Macbook with Catalina and Tunnelblick 3.8.1. The server log shows the ""TLS handshake failed""; the network, firewall, and port routing are all fine. I have also checked: * network connection works (in fact, as mentioned, I can connect using my macbook with the same configuration and certificates) * server and clients certificates comply with https://support.apple.com/en-us/HT210176 The server is on Linux kernel 5.3.9, openvpn 2.4.7 . ** server log: MULTI: multi_create_instance called 172.21.18.1:4561 Re-using SSL/TLS context 172.21.18.1:4561 LZO compression initializing 172.21.18.1:4561 Control Channel MTU parms [ L:1622 D:1156 EF:94 EB:0 ET:0 EL:3 ] 172.21.18.1:4561 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ] 172.21.18.1:4561 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server' 172.21.18.1:4561 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client' R172.21.18.1:4561 TLS: Initial packet from [AF_INET]172.21.18.1:4561, sid=60dc6925 7ca3e47d W172.21.18.1:4561 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 172.21.18.1:4561 TLS Error: TLS handshake failed 172.21.18.1:4561 SIGUSR1[soft,tls-error] received, client-instance restarting ** server.conf: port 1194 proto udp4 dev tun topology subnet tls-server tls-timeout 60 remote-cert-eku ""TLS Web Client Authentication"" ca xx/xx/xx/ca.crt cert /xx/xx/xx/server.crt key /xx/xx/xx/server.key dh /xx/xx/xx/dh.pem server 10.94.176.0 255.255.255.0 push ""redirect-gateway def1 bypass-dhcp"" push ""route 172.21.18.0 255.255.255.0"" push ""dhcp-option DNS 208.67.222.222"" push ""dhcp-option DNS 208.67.220.220"" duplicate-cn keepalive 10 120 comp-lzo persist-key persist-tun daemon status /var/log/openvpn/openvpn-status.log log-append /var/log/openvpn/openvpn.log tls-crypt /xx/xx/xx/ta.key user nobody group users cipher AES-256-CBC verb 5 ** The client configuration, which is the one loaded on the OpenVPN Connect app on the iPhone: tls-client remote x.x.x.x 1194 ca ca.crt cert clientIphone.crt key clientIphone.key dev tun proto udp remote-cert-eku ""TLS Web Server Authentication"" topology subnet pull comp-lzo persist-key persist-tun # hardened security tls-crypt ta.key cipher AES-256-CBC ** the client log: 2019-11-16 11:24:39 1 2019-11-16 11:24:39 ----- OpenVPN Start ----- OpenVPN core 3.git::728733ae ios arm64 64-bit PT_PROXY built on Aug 15 2019 06:21:05 2019-11-16 11:24:39 OpenVPN core 3.git::728733ae ios arm64 64-bit PT_PROXY built on Aug 15 2019 06:21:05 2019-11-16 11:24:39 Frame=512/2048/512 mssfix-ctrl=1250 2019-11-16 11:24:39 UNUSED OPTIONS 0 [tls-client] 8 [topology] [subnet] 9 [pull] 11 [persist-key] 12 [persist-tun] 2019-11-16 11:24:39 EVENT: RESOLVE 2019-11-16 11:24:39 Contacting [x.x.x.x]:1194/UDP via UDP 2019-11-16 11:24:39 EVENT: WAIT 2019-11-16 11:24:39 Connecting to [x.x.x.x]:1194 (x.x.x.x) via UDPv4 2019-11-16 11:24:39 EVENT: CONNECTING 2019-11-16 11:24:39 Tunnel Options:V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client 2019-11-16 11:24:39 Creds: UsernameEmpty/PasswordEmpty 2019-11-16 11:24:39 Peer Info: IV_GUI_VER=net.openvpn.connect.ios 3.0.3-2104 IV_VER=3.git::728733ae IV_PLAT=ios IV_NCP=2 IV_TCPNL=1 IV_PROTO=2 IV_LZO_STUB=1 IV_COMP_STUB=1 IV_COMP_STUBv2=1 IV_AUTO_SESS=1 2019-11-16 11:25:09 EVENT: CONNECTION_TIMEOUT [ERR] 2019-11-16 11:25:09 Raw stats on disconnect: BYTES_IN : 66 BYTES_OUT : 7652 PACKETS_IN : 1 PACKETS_OUT : 30 CONNECTION_TIMEOUT : 1 2019-11-16 11:25:09 Performance stats on disconnect: CPU usage (microseconds): 48539 Network bytes per CPU second: 159006 Tunnel bytes per CPU second: 0 2019-11-16 11:25:09 EVENT: DISCONNECTED 2019-11-16 11:25:09 Raw stats on disconnect: BYTES_IN : 66 BYTES_OUT : 7652 PACKETS_IN : 1 PACKETS_OUT : 30 CONNECTION_TIMEOUT : 1 2019-11-16 11:25:09 Performance stats on disconnect: CPU usage (microseconds): 48539 Network bytes per CPU second: 159006 Tunnel bytes per CPU second: 0" Bug / Defect closed major OpenVPN Connect Not set (select this one, unless your'e a OpenVPN developer) wontfix