Opened 6 years ago
Closed 6 years ago
#955 closed Bug / Defect (fixed)
OpenVPN Connect unable to connect to OpenVPN server
Reported by: | kiemlicz | Owned by: | Antonio Quartulli |
---|---|---|---|
Priority: | blocker | Milestone: | |
Component: | OpenVPN Connect | Version: | 1.1.12 |
Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | |
Cc: |
Description
OpenVPN Connect 1.1.12 (build 89)
OpenVPN server 2.3.2
Client is unable to connect to server, fails with error:
Transport error: TCP connect error on 'myfancydomain': Connection refused
The server logs:
openvpn[925]: TCP connection established with [AF_INET]SOME_IP:57796 openvpn[925]: SOME_IP:57796 TLS: Initial packet from [AF_INET]SOME_IP:57796, sid=a08ab2d8 40a042c2 openvpn[925]: SOME_IP:57796 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC3200, emailAddress=me@myhost.mydomain openvpn[925]: SOME_IP:57796 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, CN=client, emailAddress=me@myhost.mydomain openvpn[925]: SOME_IP:57796 Assertion failed at ssl.c:2005 openvpn[925]: SOME_IP:57796 Exiting due to fatal error openvpn[925]: SOME_IP:57796 /sbin/route del -net SOME_NET_IP netmask 255.255.255.0 openvpn[925]: SOME_IP:57796 Closing TUN/TAP interface openvpn[925]: SOME_IP:57796 /sbin/ifconfig tun21 0.0.0.0
The bug occured in one of the latest OpenVPN connect versions
Previously worked flawlessly
Marking as blocker because the OpenVPN is totally unusable
Please confirm
Kind regards
Change History (12)
comment:1 Changed 6 years ago by
comment:2 Changed 6 years ago by
Hi and thanks for reporting the issue.
We are already working on a mitigation on the OpenVPN Connect app for Android.
I used the word "mitigation" because, as you may understand, the server version you are running is bugged and prone to crash.
This "assert bug" (which leads to the server to stop running) has been fixed in the v2.3.7 release and we highly recommend to upgrade, because v2.3.2 is very old and vulnerable (latest release from the 2.3 series is v2.3.18).
If I am not wrong, your log comes from an ASUS device. I'd suggest to report this issue back to their support team in the hope that they move to a newer and safer version some time soon.
Speaking more about the issue: it occurs because your openvpn server is still using the ancient TLS v1.0, while the Connect app is using a much more recent SSL engine that does not cooperate pretty well with that TLS version.
We should be able to make the app more resilient to this problem, but what I said above will still apply.
Cheers,
comment:3 Changed 6 years ago by
Fully understood
Thank you for information and very fast response&action.
Will report this directly to ASUS as I believe their action would require full firmware upgrade to be conducted...
Thank you!
comment:4 Changed 6 years ago by
Hi,
FYI we have managed to fix the glitch in OpenVPN Connect that triggered the bug in openvpn2.3.2.
OpenVPN Connect should now be able to talk to the server without crashing it This is v1.1.23 and it's available in PlayStore? already.
However, this shouldn't prevent you from reporting the issue to ASUS, because the server is still vulnerable and should really be upgraded.
Cheers,
comment:5 Changed 6 years ago by
Thank you
I've submitted issue via their support website
Will see if they will take any action.
comment:6 Changed 6 years ago by
That's great. Let us know how it goes. May you also tell us what's the router model you have been using?
Thanks
comment:8 Changed 6 years ago by
Sure:
Asus | RT-AC3200 from Polish distributor
Will provide update when they respond back to me
comment:9 Changed 6 years ago by
ASUS got back with me and basically they acknowledged that they are aware
of very old OpenVPN server in their firmware.
They claim that update will be provided but the release date is unknown
We will see how it turns out
comment:10 Changed 6 years ago by
Owner: | set to Antonio Quartulli |
---|---|
Status: | new → accepted |
The app has been fixed.
@kiemlicz, can we close this ticket?
comment:11 follow-up: 12 Changed 6 years ago by
Yes, please
Thank you.
(just to update) ASUS firmware is still not updated with new OpenVPN server
comment:12 Changed 6 years ago by
Resolution: | → fixed |
---|---|
Status: | accepted → closed |
Replying to kiemlicz:
Yes, please
Thank you.
(just to update) ASUS firmware is still not updated with new OpenVPN server
I imagined that. They normally take a bit before the change can be deployed.
EDIT:
OpenVPN Connect 1.1.22 (build 89)