Opened 10 years ago

Closed 7 years ago

#428 closed Bug / Defect (wontfix)

tls-auth broken on android kitkat (over cellular)

Reported by: semiosis Owned by: jamesyonan
Priority: blocker Milestone:
Component: OpenVPN Connect Version:
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

Problem with OpenVPN Connect on Android 4.4 KitKat?...

My connection profiles don't work on KitKat? (they used to work on 4.2 Jelly Bean) if I have tls-auth enabled AND try to connect over cellular data. If I disable tls-auth then I can connect over cellular data. With tls-auth in use I can only connect over WiFi?, not cellular.

Others also seem to have this problem. I commented on a thread in the forums here: https://forums.openvpn.net/post42737.html#p42737

I also posted to stack overflow about this here: http://stackoverflow.com/questions/24666803/openvpn-tls-auth-hmac-firewall-broken-on-android-4-4-kitkat

Any help would be much appreciated. Thanks!

Change History (12)

comment:1 Changed 10 years ago by Gert Döring

Owner: set to jamesyonan
Status: newassigned

comment:2 Changed 10 years ago by Gert Döring

Component: Generic / unclassifiedOpenVPN Connect

comment:3 Changed 10 years ago by onelli

Confirm this with tls-auth and 3G cellular data line; connecting to hotspot wifi of another 3G connected cellular works.

Thanks.
Matteo

comment:4 Changed 10 years ago by Gert Döring

Not having any idea about OpenVPN Connect: could you try with "Android for OpenVPN"? That's the community version based on the 2.x code - if it's a bug in Android in that particular mobile, the other app won't work either. If it's a bug in the VPN API in that particular phone (happens...) it will still be broken, but then we can't do anything about it.

comment:5 Changed 10 years ago by Samuli Seppänen

Version: 2.2.2

comment:6 Changed 10 years ago by mihanson

I just tried "OpenVPN for Android" and had the same disconnect issue as "OpenVPN Connect" on a 4G LTE cellular network (Verizon). My phone is a LG G2 with Android version 4.4.2, build KOT49I.VS98026A. I'm unable to test on a WiFi? network at the moment.

comment:7 Changed 10 years ago by fahrenheit

I'm still experiencing this issue (which appears to be HMAC authentication preventing connections) on the latest OpenVPN Connect client (version 1.1.14) and Android 5.0.1 Lollipop (on my Nexus 6).

Disabling HMAC in the config on my OpenVPN server allows my phone to connect, however this is a bad workaround due to the reduction in security.

comment:8 Changed 10 years ago by jcarerra

I do not believe the VPN connection problems (with 4.4.2 in my case) are limited to cellular connections. I was connecting via wifi a few times, Open Connect on a Samsung Tab4, then it simply would not connect. Reinstall everything, still no.
"192.168.0.227:44876 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
openvpn[9765]: 192.168.0.227:44876 TLS Error: TLS handshake failed"

Same ovpn file in a Galaxy S3 works fine.

Last edited 10 years ago by jcarerra (previous) (diff)

comment:9 Changed 9 years ago by Samuli Seppänen

Does this problem persist on latest OpenVPN Connect and Android versions?

comment:10 Changed 9 years ago by adv44

This problem persists on my Samsung Galaxy S4, running the latest OpenVPN Connect. I'm using Android 4.4.2.

I've read elsewhere that the problem is Android's VPN Framework. It sometimes incorrectly routes VPN packets to the mobile network, which then disconnects. See the link below. The explanation is compatible with my experences..

https://community.verizonwireless.com/thread/826624?start=60&tstart=0

comment:11 Changed 9 years ago by adv44

This problem persists on my Samsung Galaxy S4, running the latest OpenVPN Connect. I'm using Android 4.4.2.

I've read elsewhere that the problem is Android's VPN Framework. It sometimes incorrectly routes VPN packets to the mobile network, which then disconnects. See the link below. The explanation is compatible with my experences..

https://community.verizonwireless.com/thread/826624?start=60&tstart=0

comment:12 Changed 7 years ago by Antonio Quartulli

Resolution: wontfix
Status: assignedclosed

As this seems to be an Android problem, we can't do much. OpenVPN Connect with tls-auth on newer Android releases works as expected.

Note: See TracTickets for help on using tickets.