Opened 5 years ago

Closed 19 months ago

#428 closed Bug / Defect (wontfix)

tls-auth broken on android kitkat (over cellular)

Reported by: semiosis Owned by: jamesyonan
Priority: blocker Milestone:
Component: OpenVPN Connect Version:
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

Problem with OpenVPN Connect on Android 4.4 KitKat?...

My connection profiles don't work on KitKat? (they used to work on 4.2 Jelly Bean) if I have tls-auth enabled AND try to connect over cellular data. If I disable tls-auth then I can connect over cellular data. With tls-auth in use I can only connect over WiFi?, not cellular.

Others also seem to have this problem. I commented on a thread in the forums here: https://forums.openvpn.net/post42737.html#p42737

I also posted to stack overflow about this here: http://stackoverflow.com/questions/24666803/openvpn-tls-auth-hmac-firewall-broken-on-android-4-4-kitkat

Any help would be much appreciated. Thanks!

Change History (12)

comment:1 Changed 5 years ago by Gert Döring

Owner: set to jamesyonan
Status: newassigned

comment:2 Changed 5 years ago by Gert Döring

Component: Generic / unclassifiedOpenVPN Connect

comment:3 Changed 5 years ago by onelli

Confirm this with tls-auth and 3G cellular data line; connecting to hotspot wifi of another 3G connected cellular works.

Thanks.
Matteo

comment:4 Changed 5 years ago by Gert Döring

Not having any idea about OpenVPN Connect: could you try with "Android for OpenVPN"? That's the community version based on the 2.x code - if it's a bug in Android in that particular mobile, the other app won't work either. If it's a bug in the VPN API in that particular phone (happens...) it will still be broken, but then we can't do anything about it.

comment:5 Changed 5 years ago by Samuli Seppänen

Version: 2.2.2

comment:6 Changed 5 years ago by mihanson

I just tried "OpenVPN for Android" and had the same disconnect issue as "OpenVPN Connect" on a 4G LTE cellular network (Verizon). My phone is a LG G2 with Android version 4.4.2, build KOT49I.VS98026A. I'm unable to test on a WiFi? network at the moment.

comment:7 Changed 5 years ago by fahrenheit

I'm still experiencing this issue (which appears to be HMAC authentication preventing connections) on the latest OpenVPN Connect client (version 1.1.14) and Android 5.0.1 Lollipop (on my Nexus 6).

Disabling HMAC in the config on my OpenVPN server allows my phone to connect, however this is a bad workaround due to the reduction in security.

comment:8 Changed 5 years ago by jcarerra

I do not believe the VPN connection problems (with 4.4.2 in my case) are limited to cellular connections. I was connecting via wifi a few times, Open Connect on a Samsung Tab4, then it simply would not connect. Reinstall everything, still no.
"192.168.0.227:44876 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
openvpn[9765]: 192.168.0.227:44876 TLS Error: TLS handshake failed"

Same ovpn file in a Galaxy S3 works fine.

Last edited 5 years ago by jcarerra (previous) (diff)

comment:9 Changed 4 years ago by Samuli Seppänen

Does this problem persist on latest OpenVPN Connect and Android versions?

comment:10 Changed 4 years ago by adv44

This problem persists on my Samsung Galaxy S4, running the latest OpenVPN Connect. I'm using Android 4.4.2.

I've read elsewhere that the problem is Android's VPN Framework. It sometimes incorrectly routes VPN packets to the mobile network, which then disconnects. See the link below. The explanation is compatible with my experences..

https://community.verizonwireless.com/thread/826624?start=60&tstart=0

comment:11 Changed 4 years ago by adv44

This problem persists on my Samsung Galaxy S4, running the latest OpenVPN Connect. I'm using Android 4.4.2.

I've read elsewhere that the problem is Android's VPN Framework. It sometimes incorrectly routes VPN packets to the mobile network, which then disconnects. See the link below. The explanation is compatible with my experences..

https://community.verizonwireless.com/thread/826624?start=60&tstart=0

comment:12 Changed 19 months ago by Antonio

Resolution: wontfix
Status: assignedclosed

As this seems to be an Android problem, we can't do much. OpenVPN Connect with tls-auth on newer Android releases works as expected.

Note: See TracTickets for help on using tickets.