Opened 10 years ago
Closed 7 years ago
#428 closed Bug / Defect (wontfix)
tls-auth broken on android kitkat (over cellular)
Reported by: | semiosis | Owned by: | jamesyonan |
---|---|---|---|
Priority: | blocker | Milestone: | |
Component: | OpenVPN Connect | Version: | |
Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | |
Cc: |
Description
Problem with OpenVPN Connect on Android 4.4 KitKat?...
My connection profiles don't work on KitKat? (they used to work on 4.2 Jelly Bean) if I have tls-auth enabled AND try to connect over cellular data. If I disable tls-auth then I can connect over cellular data. With tls-auth in use I can only connect over WiFi?, not cellular.
Others also seem to have this problem. I commented on a thread in the forums here: https://forums.openvpn.net/post42737.html#p42737
I also posted to stack overflow about this here: http://stackoverflow.com/questions/24666803/openvpn-tls-auth-hmac-firewall-broken-on-android-4-4-kitkat
Any help would be much appreciated. Thanks!
Change History (12)
comment:1 Changed 10 years ago by
Owner: | set to jamesyonan |
---|---|
Status: | new → assigned |
comment:2 Changed 10 years ago by
Component: | Generic / unclassified → OpenVPN Connect |
---|
comment:3 Changed 10 years ago by
comment:4 Changed 10 years ago by
Not having any idea about OpenVPN Connect: could you try with "Android for OpenVPN"? That's the community version based on the 2.x code - if it's a bug in Android in that particular mobile, the other app won't work either. If it's a bug in the VPN API in that particular phone (happens...) it will still be broken, but then we can't do anything about it.
comment:5 Changed 10 years ago by
Version: | 2.2.2 |
---|
comment:6 Changed 10 years ago by
I just tried "OpenVPN for Android" and had the same disconnect issue as "OpenVPN Connect" on a 4G LTE cellular network (Verizon). My phone is a LG G2 with Android version 4.4.2, build KOT49I.VS98026A. I'm unable to test on a WiFi? network at the moment.
comment:7 Changed 10 years ago by
I'm still experiencing this issue (which appears to be HMAC authentication preventing connections) on the latest OpenVPN Connect client (version 1.1.14) and Android 5.0.1 Lollipop (on my Nexus 6).
Disabling HMAC in the config on my OpenVPN server allows my phone to connect, however this is a bad workaround due to the reduction in security.
comment:8 Changed 10 years ago by
I do not believe the VPN connection problems (with 4.4.2 in my case) are limited to cellular connections. I was connecting via wifi a few times, Open Connect on a Samsung Tab4, then it simply would not connect. Reinstall everything, still no.
"192.168.0.227:44876 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
openvpn[9765]: 192.168.0.227:44876 TLS Error: TLS handshake failed"
Same ovpn file in a Galaxy S3 works fine.
comment:9 Changed 9 years ago by
Does this problem persist on latest OpenVPN Connect and Android versions?
comment:10 Changed 9 years ago by
This problem persists on my Samsung Galaxy S4, running the latest OpenVPN Connect. I'm using Android 4.4.2.
I've read elsewhere that the problem is Android's VPN Framework. It sometimes incorrectly routes VPN packets to the mobile network, which then disconnects. See the link below. The explanation is compatible with my experences..
https://community.verizonwireless.com/thread/826624?start=60&tstart=0
comment:11 Changed 9 years ago by
This problem persists on my Samsung Galaxy S4, running the latest OpenVPN Connect. I'm using Android 4.4.2.
I've read elsewhere that the problem is Android's VPN Framework. It sometimes incorrectly routes VPN packets to the mobile network, which then disconnects. See the link below. The explanation is compatible with my experences..
https://community.verizonwireless.com/thread/826624?start=60&tstart=0
comment:12 Changed 7 years ago by
Resolution: | → wontfix |
---|---|
Status: | assigned → closed |
As this seems to be an Android problem, we can't do much. OpenVPN Connect with tls-auth on newer Android releases works as expected.
Confirm this with tls-auth and 3G cellular data line; connecting to hotspot wifi of another 3G connected cellular works.
Thanks.
Matteo