Opened 5 years ago

Closed 13 months ago

#335 closed Bug / Defect (invalid)

OpenVPN for iOS 1.0.1 route pull not working correctly

Reported by: lawless96 Owned by: jamesyonan
Priority: major Milestone:
Component: OpenVPN Connect Version:
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords: iOS
Cc:

Description

iOS side shows a default route associated with 'utun0' but no network address+mask appears in the entry. No ping or TCP connectivity to hosts in desired target subnet. Can ping server-end of OpenVPN tunnel and establish working SSH session to system at end of tunnel.

Using "IT Tools" app by Kevin Koltzau to examine iPhone side.

iOS 6.1.3 on VZ iPhone 4

Attachments (3)

FLM_geileis_ios.ovpn (129 bytes) - added by lawless96 5 years ago.
iOS side confg
openvpn1.conf (557 bytes) - added by lawless96 5 years ago.
server-side config
openvpn_ios_route_issue_log.txt (2.8 KB) - added by lawless96 5 years ago.
iOS side session log

Download all attachments as: .zip

Change History (13)

Changed 5 years ago by lawless96

Attachment: FLM_geileis_ios.ovpn added

iOS side confg

Changed 5 years ago by lawless96

Attachment: openvpn1.conf added

server-side config

comment:1 Changed 5 years ago by JoshC

Component: Generic / unclassifiedOpenVPN Connect

Changed 5 years ago by lawless96

iOS side session log

comment:2 Changed 5 years ago by lawless96

iOS log shows that route information was correctly
pulled across the tunnel. So the issue can be
narrowed to a problem applying the route to
the 'utun0' virtual interface.

comment:3 Changed 5 years ago by lawless96

Description is fuzzy, more precisly:

1) see "utun0" in interface list with

172.29.85.22/24 local address
bcast address is 172.29.85.22 as well

2) routes associated with "utun0" are

"default" with gw "link#0" flags UCSI
172.29.85.0/24 gw 172.29.85.22 flags UGSc
172.29.85.22 gw 172.29.85.22 flags UH
172.29.87.1 gw "link#0" flags UHWIi

3) can ping 172.29.85.1 (OpenVPN server endpoint)

can't ping 172.29.87.1 (on OpenVPN server)
can't ping any other 172.29.0.0/16 subnet addresses

comment:4 Changed 5 years ago by Samuli Seppänen

Keywords: iOS added
Owner: set to jamesyonan
Status: newassigned
Version: 2.2.2

comment:5 Changed 5 years ago by lawless96

Tested 1.0.2. Still a problem.

comment:6 Changed 5 years ago by Gert Döring

if I read this right, it's telling you in the log file what the problem is:

2013-09-16 17:49:07 Error parsing IPv4 route: [route] [172.29.0.0] [255.255.0.0] [172.29.85.1] : tun_builder_route_error: route destinations other than vpn_gateway or net_gateway are not supported

... so just leave off the "172.29.85.1" at the end, it's not needed anyway (a gateway address is relevant if you have a tap interface, but not for tun - and iOS only supports tun anyway)

comment:7 Changed 5 years ago by lawless96

yes, that fixed it

thanks!

comment:8 Changed 5 years ago by lawless96

You are wrong about the route-thru host begin
unnecessary.

Tried taking it out of all the configs
and it broke the linux-to-linux routing.

So if the iPhone version of OpenVPN is
to work correctly it must ignore the
gateway specification.

comment:9 Changed 3 years ago by sanjupal491

mod: spam. removed.

Last edited 13 months ago by Antonio (previous) (diff)

comment:10 Changed 13 months ago by Antonio

Resolution: invalid
Status: assignedclosed

It seems this was a configuration issue in the iOS profile. Closing the ticket.

Note: See TracTickets for help on using tickets.