Opened 3 years ago

Closed 3 years ago

#983 closed Bug / Defect (fixed)

iOS: Unable to reconnect after sleep

Reported by: sn2411 Owned by: Antonio
Priority: major Milestone:
Component: OpenVPN Connect Version: OpenVPN Connect for iOS v1.2.6
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

After waking from sleep (>30s), client does not reconnect to server. Same bug was reported via forums for OpenVPN Connect 1.2.5.

Client: iPhone 7 running iOS 11.2.2
Log as follows:

2018-01-17 14:58:05 OS Event: SLEEP
2018-01-17 14:58:06 EVENT: PAUSE
2018-01-17 14:58:09 OS Event: WAKEUP
2018-01-17 14:58:12 RESUME TEST: Internet:ReachableViaWWAN/WR t------
2018-01-17 14:58:12 STANDARD RESUME
2018-01-17 14:58:12 EVENT: RESUME
2018-01-17 14:58:12 EVENT: RECONNECTING
2018-01-17 14:58:12 EVENT: RESOLVE
2018-01-17 14:58:12 OS Event: SLEEP
2018-01-17 14:58:12 EVENT: PAUSE
2018-01-17 14:58:36 OS Event: WAKEUP
2018-01-17 14:58:39 RESUME TEST: Internet:ReachableViaWWAN/WR t------
2018-01-17 14:58:39 STANDARD RESUME
2018-01-17 14:58:39 EVENT: RESUME
2018-01-17 14:58:39 EVENT: RECONNECTING
2018-01-17 14:58:39 EVENT: RESOLVE
2018-01-17 14:58:49 Server poll timeout, trying next remote entry...
2018-01-17 14:58:49 EVENT: RECONNECTING
2018-01-17 14:58:49 EVENT: RESOLVE
2018-01-17 14:59:00 Server poll timeout, trying next remote entry...
2018-01-17 14:59:00 EVENT: RECONNECTING
2018-01-17 14:59:00 EVENT: RESOLVE

Change History (25)

comment:1 Changed 3 years ago by Antonio

Owner: set to Antonio
Status: newassigned

v1.2.6 has just been launched on AppStore?. Could you please test that version and let us know if the issue is fixed?

Or are you actually already on 1.2.6?

Last edited 3 years ago by Antonio (previous) (diff)

comment:2 in reply to:  1 Changed 3 years ago by sn2411

Replying to ordex:

v1.2.6 has just been launched on AppStore?. Could you please test that version and let us know if the issue is fixed?

Or are you actually already on 1.2.6?

I am on 1.2.6 already.

comment:3 Changed 3 years ago by Antonio

Interesting - the reconnection logic is working, but the app can't resolve the server hostname.
Is it easy to reproduce? Does it happen only when using the mobile connection or also on WiFi??

comment:4 Changed 3 years ago by Antonio

Summary: Unable to reconnect after sleepiOS: Unable to reconnect after sleep

comment:5 in reply to:  3 Changed 3 years ago by sn2411

Replying to ordex:

Interesting - the reconnection logic is working, but the app can't resolve the server hostname.
Is it easy to reproduce? Does it happen only when using the mobile connection or also on WiFi??

Seems to be on cellular only, but will require further testing on a remote WiFi? connection (currently connected to home network, which is my OpenVPN server host), will update after further testing.

comment:6 Changed 3 years ago by ernst

I'm running iOS 11.2.2 and with both OpenVPN Connect 1.2.5 and 1.2.6, I'm losing my connection if I am on a cellular network. The connection seems stable if my iOS device is connected via WiFi?.
My profile runs over TCP

comment:7 in reply to:  6 ; Changed 3 years ago by Antonio

Replying to ernst:

I'm running iOS 11.2.2 and with both OpenVPN Connect 1.2.5 and 1.2.6, I'm losing my connection if I am on a cellular network. The connection seems stable if my iOS device is connected via WiFi?.
My profile runs over TCP

Losing your connection after sleep? If not, please open a new ticket so we can track it properly.
Thanks!

comment:8 in reply to:  7 ; Changed 3 years ago by ernst

Replying to ordex:

Replying to ernst:

I'm running iOS 11.2.2 and with both OpenVPN Connect 1.2.5 and 1.2.6, I'm losing my connection if I am on a cellular network. The connection seems stable if my iOS device is connected via WiFi?.
My profile runs over TCP

Losing your connection after sleep? If not, please open a new ticket so we can track it properly.
Thanks!

I was not clear indeed: this happened this morning after going to sleep. As I was in the train, my connection was not constant and also switching between the masts and also between 3g and 4g. I am sure I saw the same messages as OP in the OpenVPN Connect log.

So, I just tried to reproduce this while I am in the office at 4G (thus I am not moving and switching between masts or 3G / 4G). Now, my VPN is not going away after sleep. I really don't know why.

comment:9 in reply to:  8 Changed 3 years ago by Antonio

Replying to ernst:

Replying to ordex:

Replying to ernst:

I'm running iOS 11.2.2 and with both OpenVPN Connect 1.2.5 and 1.2.6, I'm losing my connection if I am on a cellular network. The connection seems stable if my iOS device is connected via WiFi?.
My profile runs over TCP

Losing your connection after sleep? If not, please open a new ticket so we can track it properly.
Thanks!

I was not clear indeed: this happened this morning after going to sleep. As I was in the train, my connection was not constant and also switching between the masts and also between 3g and 4g. I am sure I saw the same messages as OP in the OpenVPN Connect log.

So, I just tried to reproduce this while I am in the office at 4G (thus I am not moving and switching between masts or 3G / 4G). Now, my VPN is not going away after sleep. I really don't know why.

It's very important to check the log when you have the issue. What the OP reported could also be the symptom of bad connectivity, where iOS sense an uplink and reports that to OpenVPN, but the connection is too flacky to get the traffic through. Not saying this is exactly the same, but it's a possibility.

comment:10 in reply to:  3 ; Changed 3 years ago by sn2411

Replying to ordex:

Interesting - the reconnection logic is working, but the app can't resolve the server hostname.
Is it easy to reproduce? Does it happen only when using the mobile connection or also on WiFi??

I’ve just tested it on a WiFi? connection, this happens instead: https://community.openvpn.net/openvpn/ticket/993

Difference being my server’s running on UDP instead of TCP.

Edit: traffic is being routed in the above state, but DNS option is not being pushed properly.

Last edited 3 years ago by sn2411 (previous) (diff)

comment:11 in reply to:  10 ; Changed 3 years ago by Antonio

Replying to sn2411:

Edit: traffic is being routed in the above state, but DNS option is not being pushed properly.

do you have a log? maybe you can post it in https://community.openvpn.net/openvpn/ticket/982 ?

comment:12 in reply to:  11 ; Changed 3 years ago by sn2411

Replying to ordex:

Replying to sn2411:

Edit: traffic is being routed in the above state, but DNS option is not being pushed properly.

do you have a log? maybe you can post it in https://community.openvpn.net/openvpn/ticket/982 ?

This is the log over WiFi?, where traffic is being routed but not DNS.

I am able to access resources (samba server, etc.) via their IP addresses, but not via hostname, hence the conclusion.

I did not post it on the other ticket as I do not have the push "dhcp-option DOMAIN xxx.xxx" option set on my server.

2018-01-18 19:23:28 ----- OpenVPN Start -----
OpenVPN core 3.1.2 ios arm64 64-bit built on Jan 14 2018 14:23:32
2018-01-18 19:23:28 Frame=512/2048/512 mssfix-ctrl=1250
2018-01-18 19:23:28 UNUSED OPTIONS
3 [sndbuf] [0] 
4 [rcvbuf] [0] 
6 [resolv-retry] [infinite] 
7 [nobind] 
8 [persist-key] 
9 [persist-tun] 
14 [block-outside-dns] 
16 [verb] [3] 

2018-01-18 19:23:28 EVENT: RESOLVE
2018-01-18 19:23:28 Contacting [my.public.ip]:myport/UDP via UDP
2018-01-18 19:23:28 EVENT: WAIT
2018-01-18 19:23:28 Connecting to [my.server.address]:myport (my.public.ip) via UDPv4
2018-01-18 19:23:28 EVENT: CONNECTING
2018-01-18 19:23:28 Tunnel Options:V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client
2018-01-18 19:23:28 Creds: UsernameEmpty/PasswordEmpty
2018-01-18 19:23:28 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.2.6-4
IV_VER=3.1.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_IPv6=0
IV_AUTO_SESS=1

2018-01-18 19:23:28 VERIFY OK : depth=1
cert. version    : 3
serial number    : B7:F1:2A:3F:AA:C2:06:F4
issuer name      : CN=ChangeMe
subject name      : CN=ChangeMe
issued  on        : 2017-12-09 13:00:20
expires on        : 2027-12-07 13:00:20
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=true
key usage        : Key Cert Sign, CRL Sign

2018-01-18 19:23:28 VERIFY OK : depth=0
cert. version    : 3
serial number    : 01
issuer name      : CN=ChangeMe
subject name      : CN=server
issued  on        : 2017-12-09 13:03:28
expires on        : 2027-12-07 13:03:28
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=false
subject alt name  : server
key usage        : Digital Signature, Key Encipherment
ext key usage    : TLS Web Server Authentication

2018-01-18 19:23:28 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
2018-01-18 19:23:28 Session is ACTIVE
2018-01-18 19:23:28 EVENT: GET_CONFIG
2018-01-18 19:23:28 Sending PUSH_REQUEST to server...
2018-01-18 19:23:28 OPTIONS:
0 [route] [192.168.1.0] [255.255.255.0] 
1 [dhcp-option] [DNS] [192.168.1.xxx] 
2 [route-gateway] [10.8.0.1] 
3 [topology] [subnet] 
4 [ping] [10] 
5 [ping-restart] [120] 
6 [ifconfig] [10.8.0.2] [255.255.255.0] 
7 [peer-id] [0] 
8 [cipher] [AES-256-GCM] 
9 [block-ipv6] 

2018-01-18 19:23:28 PROTOCOL OPTIONS:
  cipher: AES-256-GCM
  digest: SHA512
  compress: LZO_STUB
  peer ID: 0
2018-01-18 19:23:28 EVENT: ASSIGN_IP
2018-01-18 19:23:28 NIP: preparing TUN network settings
2018-01-18 19:23:28 NIP: init TUN network settings with endpoint: my.public.ip
2018-01-18 19:23:28 NIP: adding IPv4 address to network settings 10.8.0.2/255.255.255.0
2018-01-18 19:23:28 NIP: adding (included) IPv4 route 192.168.1.0/24
2018-01-18 19:23:28 NIP: adding DNS 192.168.1.xxx
2018-01-18 19:23:28 NIP: blocking all IPv6 traffic - not supported
2018-01-18 19:23:28 NIP: adding match domain ALL
2018-01-18 19:23:28 NIP: adding DNS specific routes:
2018-01-18 19:23:28 NIP: adding (included) IPv4 route 192.168.1.xxx/32
2018-01-18 19:23:28 Connected via NetworkExtensionTUN
2018-01-18 19:23:28 LZO-ASYM init swap=0 asym=1
2018-01-18 19:23:28 Comp-stub init swap=0
2018-01-18 19:23:28 EVENT: CONNECTED @my.server.address:myport (my.public.ip) via /UDPv4 on NetworkExtensionTUN/10.8.0.2/ gw=[/]
2018-01-18 19:23:52 OS Event: SLEEP
2018-01-18 19:23:52 EVENT: PAUSE
2018-01-18 19:24:16 OS Event: WAKEUP
2018-01-18 19:24:19 RESUME TEST: Internet:ReachableViaWiFi/-R t------
2018-01-18 19:24:19 STANDARD RESUME
2018-01-18 19:24:19 EVENT: RESUME
2018-01-18 19:24:19 EVENT: RECONNECTING
2018-01-18 19:24:19 EVENT: RESOLVE
2018-01-18 19:24:19 Contacting [my.public.ip]:myport/UDP via UDP
2018-01-18 19:24:19 EVENT: WAIT
2018-01-18 19:24:19 Connecting to [my.server.address]:myport (my.public.ip) via UDPv4
2018-01-18 19:24:19 EVENT: CONNECTING
2018-01-18 19:24:19 Tunnel Options:V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client
2018-01-18 19:24:19 Creds: UsernameEmpty/PasswordEmpty
2018-01-18 19:24:19 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.2.6-4
IV_VER=3.1.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_IPv6=0
IV_AUTO_SESS=1

2018-01-18 19:24:19 VERIFY OK : depth=1
cert. version    : 3
serial number    : B7:F1:2A:3F:AA:C2:06:F4
issuer name      : CN=ChangeMe
subject name      : CN=ChangeMe
issued  on        : 2017-12-09 13:00:20
expires on        : 2027-12-07 13:00:20
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=true
key usage        : Key Cert Sign, CRL Sign

2018-01-18 19:24:19 VERIFY OK : depth=0
cert. version    : 3
serial number    : 01
issuer name      : CN=ChangeMe
subject name      : CN=server
issued  on        : 2017-12-09 13:03:28
expires on        : 2027-12-07 13:03:28
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=false
subject alt name  : server
key usage        : Digital Signature, Key Encipherment
ext key usage    : TLS Web Server Authentication

2018-01-18 19:24:20 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
2018-01-18 19:24:20 Session is ACTIVE
2018-01-18 19:24:20 EVENT: GET_CONFIG
2018-01-18 19:24:20 Sending PUSH_REQUEST to server...
2018-01-18 19:24:20 OPTIONS:
0 [route] [192.168.1.0] [255.255.255.0] 
1 [dhcp-option] [DNS] [192.168.1.xxx] 
2 [route-gateway] [10.8.0.1] 
3 [topology] [subnet] 
4 [ping] [10] 
5 [ping-restart] [120] 
6 [ifconfig] [10.8.0.2] [255.255.255.0] 
7 [peer-id] [0] 
8 [cipher] [AES-256-GCM] 
9 [block-ipv6] 

2018-01-18 19:24:20 PROTOCOL OPTIONS:
  cipher: AES-256-GCM
  digest: SHA512
  compress: LZO_STUB
  peer ID: 0
2018-01-18 19:24:20 EVENT: ASSIGN_IP
2018-01-18 19:24:20 NIP: preparing TUN network settings
2018-01-18 19:24:20 NIP: init TUN network settings with endpoint: my.public.ip
2018-01-18 19:24:20 NIP: adding IPv4 address to network settings 10.8.0.2/255.255.255.0
2018-01-18 19:24:20 NIP: adding (included) IPv4 route 192.168.1.0/24
2018-01-18 19:24:20 NIP: adding DNS 192.168.1.xxx
2018-01-18 19:24:20 NIP: blocking all IPv6 traffic - not supported
2018-01-18 19:24:20 NIP: adding DNS specific routes:
2018-01-18 19:24:20 NIP: adding (included) IPv4 route 192.168.1.xxx/32
2018-01-18 19:24:20 Connected via NetworkExtensionTUN
2018-01-18 19:24:20 LZO-ASYM init swap=0 asym=1
2018-01-18 19:24:20 Comp-stub init swap=0
2018-01-18 19:24:20 EVENT: CONNECTED @my.server.address:myport (my.public.ip) via /UDPv4 on NetworkExtensionTUN/10.8.0.2/ gw=[/]
2018-01-18 19:24:36 OS Event: SLEEP
2018-01-18 19:24:36 EVENT: PAUSE
2018-01-18 19:25:29 OS Event: WAKEUP
2018-01-18 19:25:32 RESUME TEST: Internet:ReachableViaWiFi/-R t------
2018-01-18 19:25:32 STANDARD RESUME
2018-01-18 19:25:32 EVENT: RESUME
2018-01-18 19:25:32 EVENT: RECONNECTING
2018-01-18 19:25:32 EVENT: RESOLVE
2018-01-18 19:25:33 Contacting [my.public.ip]:myport/UDP via UDP
2018-01-18 19:25:33 EVENT: WAIT
2018-01-18 19:25:33 Connecting to [my.server.address]:myport (my.public.ip) via UDPv4
2018-01-18 19:25:33 EVENT: CONNECTING
2018-01-18 19:25:33 Tunnel Options:V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client
2018-01-18 19:25:33 Creds: UsernameEmpty/PasswordEmpty
2018-01-18 19:25:33 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.2.6-4
IV_VER=3.1.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_IPv6=0
IV_AUTO_SESS=1

2018-01-18 19:25:33 VERIFY OK : depth=1
cert. version    : 3
serial number    : B7:F1:2A:3F:AA:C2:06:F4
issuer name      : CN=ChangeMe
subject name      : CN=ChangeMe
issued  on        : 2017-12-09 13:00:20
expires on        : 2027-12-07 13:00:20
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=true
key usage        : Key Cert Sign, CRL Sign

2018-01-18 19:25:33 VERIFY OK : depth=0
cert. version    : 3
serial number    : 01
issuer name      : CN=ChangeMe
subject name      : CN=server
issued  on        : 2017-12-09 13:03:28
expires on        : 2027-12-07 13:03:28
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=false
subject alt name  : server
key usage        : Digital Signature, Key Encipherment
ext key usage    : TLS Web Server Authentication

2018-01-18 19:25:33 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
2018-01-18 19:25:33 Session is ACTIVE
2018-01-18 19:25:33 EVENT: GET_CONFIG
2018-01-18 19:25:33 Sending PUSH_REQUEST to server...
2018-01-18 19:25:33 OPTIONS:
0 [route] [192.168.1.0] [255.255.255.0] 
1 [dhcp-option] [DNS] [192.168.1.xxx] 
2 [route-gateway] [10.8.0.1] 
3 [topology] [subnet] 
4 [ping] [10] 
5 [ping-restart] [120] 
6 [ifconfig] [10.8.0.2] [255.255.255.0] 
7 [peer-id] [0] 
8 [cipher] [AES-256-GCM] 
9 [block-ipv6] 

2018-01-18 19:25:33 PROTOCOL OPTIONS:
  cipher: AES-256-GCM
  digest: SHA512
  compress: LZO_STUB
  peer ID: 0
2018-01-18 19:25:33 EVENT: ASSIGN_IP
2018-01-18 19:25:33 NIP: preparing TUN network settings
2018-01-18 19:25:33 NIP: init TUN network settings with endpoint: my.public.ip
2018-01-18 19:25:33 NIP: adding IPv4 address to network settings 10.8.0.2/255.255.255.0
2018-01-18 19:25:33 NIP: adding (included) IPv4 route 192.168.1.0/24
2018-01-18 19:25:33 NIP: adding DNS 192.168.1.xxx
2018-01-18 19:25:33 NIP: blocking all IPv6 traffic - not supported
2018-01-18 19:25:33 NIP: adding DNS specific routes:
2018-01-18 19:25:33 NIP: adding (included) IPv4 route 192.168.1.xxx/32
2018-01-18 19:25:33 Connected via NetworkExtensionTUN
2018-01-18 19:25:33 LZO-ASYM init swap=0 asym=1
2018-01-18 19:25:33 Comp-stub init swap=0
2018-01-18 19:25:33 EVENT: CONNECTED @my.server.address:myport (my.public.ip) via /UDPv4 on NetworkExtensionTUN/10.8.0.2/ gw=[/]

comment:13 in reply to:  12 ; Changed 3 years ago by Antonio

Replying to sn2411:

Replying to ordex:

Replying to sn2411:

Edit: traffic is being routed in the above state, but DNS option is not being pushed properly.

do you have a log? maybe you can post it in https://community.openvpn.net/openvpn/ticket/982 ?

This is the log over WiFi?, where traffic is being routed but not DNS.

I am able to access resources (samba server, etc.) via their IP addresses, but not via hostname, hence the conclusion.

I did not post it on the other ticket as I do not have the push "dhcp-option DOMAIN xxx.xxx" option set on my server.

everything seems to be alright from the log..weird. Have you tried dumping the traffic on your VPN server to see if DNS requests were actually incoming or not?

To clarify, the DNS issue started after the sleep and the reconnection only?

comment:14 in reply to:  13 ; Changed 3 years ago by sn2411

To clarify, the DNS issue started after the sleep and the reconnection only?

That's correct, on a 'fresh' connection, i.e. VPN toggled on from an off state, there were no issues with DNS.
To sum up, 2 separate issues currently:

  1. The resolving error when attempting to reconnect on iOS wakeup.
  2. DNS traffic not routed when reconnect happens successfully.

everything seems to be alright from the log..weird. Have you tried dumping the traffic on your VPN server to see if DNS requests were actually incoming or not?

They don't seem to be incoming; my DNS server logs show nothing incoming from the VPN side.
Using an iOS app named Network Analyzer Lite, on a 'fresh' connection, my DNS server listed is correct (the DNS server I'm hosting). After sleep and reconnection (if it was successful), the DNS server listed is the ISP one.

comment:15 in reply to:  14 ; Changed 3 years ago by Antonio

Replying to sn2411:

To clarify, the DNS issue started after the sleep and the reconnection only?

That's correct, on a 'fresh' connection, i.e. VPN toggled on from an off state, there were no issues with DNS.
To sum up, 2 separate issues currently:

  1. The resolving error when attempting to reconnect on iOS wakeup.
  2. DNS traffic not routed when reconnect happens successfully.

everything seems to be alright from the log..weird. Have you tried dumping the traffic on your VPN server to see if DNS requests were actually incoming or not?

They don't seem to be incoming; my DNS server logs show nothing incoming from the VPN side.
Using an iOS app named Network Analyzer Lite, on a 'fresh' connection, my DNS server listed is correct (the DNS server I'm hosting). After sleep and reconnection (if it was successful), the DNS server listed is the ISP one.

Mh ok. Does this happen with seamless tunnel ON ?

comment:16 in reply to:  15 ; Changed 3 years ago by sn2411

Replying to ordex:

Mh ok. Does this happen with seamless tunnel ON ?

With seamless tunnel ON, things get weirder...

  1. If I toggle on VPN via iOS settings app, both issues still occur.
  2. If I toggle on VPN via the OpenVPN Connect app, 1 and 2 are resolved (everything works as expected).

comment:17 in reply to:  16 ; Changed 3 years ago by Antonio

Replying to sn2411:

Replying to ordex:

Mh ok. Does this happen with seamless tunnel ON ?

With seamless tunnel ON, things get weirder...

  1. If I toggle on VPN via iOS settings app, both issues still occur.
  2. If I toggle on VPN via the OpenVPN Connect app, 1 and 2 are resolved (everything works as expected).

Interesting.. could you get the log of a) and b) ? it would be interesting to know if during the interface configuration phase there is any difference.

So, does it mean that the issues you reported before happen with seamless tunnel OFF and no matter how you switch on the connection (iOS settings or App) ?

comment:18 in reply to:  12 ; Changed 3 years ago by Antonio

Replying to sn2411:

....
2018-01-18 19:25:33 EVENT: ASSIGN_IP
2018-01-18 19:25:33 NIP: preparing TUN network settings
2018-01-18 19:25:33 NIP: init TUN network settings with endpoint: my.public.ip
2018-01-18 19:25:33 NIP: adding IPv4 address to network settings 10.8.0.2/255.255.255.0
2018-01-18 19:25:33 NIP: adding (included) IPv4 route 192.168.1.0/24
2018-01-18 19:25:33 NIP: adding DNS 192.168.1.xxx
2018-01-18 19:25:33 NIP: blocking all IPv6 traffic - not supported
2018-01-18 19:25:33 NIP: adding DNS specific routes:
2018-01-18 19:25:33 NIP: adding (included) IPv4 route 192.168.1.xxx/32
2018-01-18 19:25:33 Connected via NetworkExtensionTUN
2018-01-18 19:25:33 LZO-ASYM init swap=0 asym=1
2018-01-18 19:25:33 Comp-stub init swap=0
2018-01-18 19:25:33 EVENT: CONNECTED @my.server.address:myport (my.public.ip) via /UDPv4 on NetworkExtensionTUN/10.8.0.2/ gw=[/]

After re-reading your log some more times I think I found out something wrong. There is no

2018-01-18 19:23:28 NIP: adding match domain ALL

in the reconnections. This is essential to make your DNS work in a split-tunnel scenario (when you don't push redirect-gateway).

comment:19 in reply to:  18 Changed 3 years ago by Antonio

Replying to ordex:

This is essential to make your DNS work in a split-tunnel scenario (when you don't push redirect-gateway).

This will be fixed in the next release.

comment:20 in reply to:  17 Changed 3 years ago by sn2411

Replying to ordex:

Interesting.. could you get the log of a) and b) ? it would be interesting to know if during the interface configuration phase there is any difference.

Strange... for a, nothing appears logged...
Log for b.

2018-01-22 07:40:19 ----- OpenVPN Start -----
OpenVPN core 3.1.2 ios arm64 64-bit built on Jan 14 2018 14:23:32
2018-01-22 07:40:19 Frame=512/2048/512 mssfix-ctrl=1250
2018-01-22 07:40:19 UNUSED OPTIONS
3 [sndbuf] [0] 
4 [rcvbuf] [0] 
6 [resolv-retry] [infinite] 
7 [nobind] 
8 [persist-key] 
9 [persist-tun] 
14 [block-outside-dns] 
16 [verb] [3] 

2018-01-22 07:40:19 EVENT: RESOLVE
2018-01-22 07:40:19 Contacting [my.server.ip]:serverport/UDP via UDP
2018-01-22 07:40:19 EVENT: WAIT
2018-01-22 07:40:19 Connecting to [my.server.address]:serverport (my.server.ip) via UDPv4
2018-01-22 07:40:19 EVENT: CONNECTING
2018-01-22 07:40:19 Tunnel Options:V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client
2018-01-22 07:40:19 Creds: UsernameEmpty/PasswordEmpty
2018-01-22 07:40:19 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.2.6-4
IV_VER=3.1.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_IPv6=0
IV_AUTO_SESS=1

2018-01-22 07:40:19 VERIFY OK : depth=1
cert. version    : 3
serial number    : B7:F1:2A:3F:AA:C2:06:F4
issuer name      : CN=ChangeMe
subject name      : CN=ChangeMe
issued  on        : 2017-12-09 13:00:20
expires on        : 2027-12-07 13:00:20
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=true
key usage        : Key Cert Sign, CRL Sign

2018-01-22 07:40:19 VERIFY OK : depth=0
cert. version    : 3
serial number    : 01
issuer name      : CN=ChangeMe
subject name      : CN=server
issued  on        : 2017-12-09 13:03:28
expires on        : 2027-12-07 13:03:28
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=false
subject alt name  : server
key usage        : Digital Signature, Key Encipherment
ext key usage    : TLS Web Server Authentication

2018-01-22 07:40:19 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
2018-01-22 07:40:19 Session is ACTIVE
2018-01-22 07:40:19 EVENT: GET_CONFIG
2018-01-22 07:40:19 Sending PUSH_REQUEST to server...
2018-01-22 07:40:20 OPTIONS:
0 [route] [192.168.1.0] [255.255.255.0] 
1 [dhcp-option] [DNS] [dns.server.local.ip] 
2 [route-gateway] [10.8.0.1] 
3 [topology] [subnet] 
4 [ping] [10] 
5 [ping-restart] [120] 
6 [ifconfig] [10.8.0.2] [255.255.255.0] 
7 [peer-id] [0] 
8 [cipher] [AES-256-GCM] 
9 [block-ipv6] 

2018-01-22 07:40:20 PROTOCOL OPTIONS:
  cipher: AES-256-GCM
  digest: SHA512
  compress: LZO_STUB
  peer ID: 0
2018-01-22 07:40:20 EVENT: ASSIGN_IP
2018-01-22 07:40:20 NIP: preparing TUN network settings
2018-01-22 07:40:20 NIP: init TUN network settings with endpoint: my.server.ip
2018-01-22 07:40:20 NIP: adding IPv4 address to network settings 10.8.0.2/255.255.255.0
2018-01-22 07:40:20 NIP: adding (included) IPv4 route 192.168.1.0/24
2018-01-22 07:40:20 NIP: adding DNS dns.server.local.ip
2018-01-22 07:40:20 NIP: blocking all IPv6 traffic - not supported
2018-01-22 07:40:20 NIP: adding match domain ALL
2018-01-22 07:40:20 NIP: adding DNS specific routes:
2018-01-22 07:40:20 NIP: adding (included) IPv4 route dns.server.local.ip/32
2018-01-22 07:40:20 Connected via NetworkExtensionTUN
2018-01-22 07:40:20 LZO-ASYM init swap=0 asym=1
2018-01-22 07:40:20 Comp-stub init swap=0
2018-01-22 07:40:20 EVENT: CONNECTED @my.server.address:serverport (my.server.ip) via /UDPv4 on NetworkExtensionTUN/10.8.0.2/ gw=[/]
2018-01-22 07:40:55 OS Event: SLEEP
2018-01-22 07:40:55 EVENT: PAUSE
2018-01-22 07:40:56 OS Event: WAKEUP
2018-01-22 07:40:59 RESUME TEST: Internet:ReachableViaWWAN/WR t------
2018-01-22 07:40:59 STANDARD RESUME
2018-01-22 07:40:59 EVENT: RESUME
2018-01-22 07:40:59 EVENT: RECONNECTING
2018-01-22 07:40:59 Contacting [my.server.ip]:serverport/UDP via UDP
2018-01-22 07:40:59 EVENT: WAIT
2018-01-22 07:40:59 Connecting to [my.server.address]:serverport (my.server.ip) via UDPv4
2018-01-22 07:40:59 EVENT: CONNECTING
2018-01-22 07:40:59 Tunnel Options:V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client
2018-01-22 07:40:59 Creds: UsernameEmpty/PasswordEmpty
2018-01-22 07:40:59 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.2.6-4
IV_VER=3.1.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_IPv6=0
IV_AUTO_SESS=1

2018-01-22 07:40:59 VERIFY OK : depth=1
cert. version    : 3
serial number    : B7:F1:2A:3F:AA:C2:06:F4
issuer name      : CN=ChangeMe
subject name      : CN=ChangeMe
issued  on        : 2017-12-09 13:00:20
expires on        : 2027-12-07 13:00:20
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=true
key usage        : Key Cert Sign, CRL Sign

2018-01-22 07:40:59 VERIFY OK : depth=0
cert. version    : 3
serial number    : 01
issuer name      : CN=ChangeMe
subject name      : CN=server
issued  on        : 2017-12-09 13:03:28
expires on        : 2027-12-07 13:03:28
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=false
subject alt name  : server
key usage        : Digital Signature, Key Encipherment
ext key usage    : TLS Web Server Authentication

2018-01-22 07:40:59 OS Event: SLEEP
2018-01-22 07:40:59 EVENT: PAUSE
2018-01-22 07:41:01 OS Event: WAKEUP
2018-01-22 07:41:04 RESUME TEST: Internet:ReachableViaWWAN/WR t------
2018-01-22 07:41:04 STANDARD RESUME
2018-01-22 07:41:04 EVENT: RESUME
2018-01-22 07:41:04 EVENT: RECONNECTING
2018-01-22 07:41:04 Contacting [my.server.ip]:serverport/UDP via UDP
2018-01-22 07:41:04 EVENT: WAIT
2018-01-22 07:41:04 Connecting to [my.server.address]:serverport (my.server.ip) via UDPv4
2018-01-22 07:41:04 EVENT: CONNECTING
2018-01-22 07:41:04 Tunnel Options:V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client
2018-01-22 07:41:04 Creds: UsernameEmpty/PasswordEmpty
2018-01-22 07:41:04 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.2.6-4
IV_VER=3.1.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_IPv6=0
IV_AUTO_SESS=1

2018-01-22 07:41:04 VERIFY OK : depth=1
cert. version    : 3
serial number    : B7:F1:2A:3F:AA:C2:06:F4
issuer name      : CN=ChangeMe
subject name      : CN=ChangeMe
issued  on        : 2017-12-09 13:00:20
expires on        : 2027-12-07 13:00:20
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=true
key usage        : Key Cert Sign, CRL Sign

2018-01-22 07:41:04 VERIFY OK : depth=0
cert. version    : 3
serial number    : 01
issuer name      : CN=ChangeMe
subject name      : CN=server
issued  on        : 2017-12-09 13:03:28
expires on        : 2027-12-07 13:03:28
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=false
subject alt name  : server
key usage        : Digital Signature, Key Encipherment
ext key usage    : TLS Web Server Authentication

2018-01-22 07:41:04 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
2018-01-22 07:41:04 Session is ACTIVE
2018-01-22 07:41:04 EVENT: GET_CONFIG
2018-01-22 07:41:04 Sending PUSH_REQUEST to server...
2018-01-22 07:41:04 OPTIONS:
0 [route] [192.168.1.0] [255.255.255.0] 
1 [dhcp-option] [DNS] [dns.server.local.ip] 
2 [route-gateway] [10.8.0.1] 
3 [topology] [subnet] 
4 [ping] [10] 
5 [ping-restart] [120] 
6 [ifconfig] [10.8.0.2] [255.255.255.0] 
7 [peer-id] [1] 
8 [cipher] [AES-256-GCM] 
9 [block-ipv6] 

2018-01-22 07:41:04 PROTOCOL OPTIONS:
  cipher: AES-256-GCM
  digest: SHA512
  compress: LZO_STUB
  peer ID: 1
2018-01-22 07:41:04 Connected via NetworkExtensionTUN
2018-01-22 07:41:04 LZO-ASYM init swap=0 asym=1
2018-01-22 07:41:04 Comp-stub init swap=0
2018-01-22 07:41:04 EVENT: CONNECTED @my.server.address:serverport (my.server.ip) via /UDPv4 on NetworkExtensionTUN/10.8.0.2/ gw=[/]

So, does it mean that the issues you reported before happen with seamless tunnel OFF and no matter how you switch on the connection (iOS settings or App) ?

That’s correct.

This will be fixed in the next release.

That’s good to hear, thank you so much for your help! I suppose I’ll test out push redirect-gateway as a workaround meanwhile.

comment:21 Changed 3 years ago by Antonio

v1.2.7 is being rolled out to the various AppStore? as we speak. Please test it once you have a chance to upgrade and update this ticket accordingly, if possible. Thanks!

comment:22 in reply to:  21 ; Changed 3 years ago by sn2411

Replying to ordex:

v1.2.7 is being rolled out to the various AppStore? as we speak. Please test it once you have a chance to upgrade and update this ticket accordingly, if possible. Thanks!

I’ve just gave v1.2.7 a try, here are the results:

  1. The resolving error when attempting to reconnect on iOS wakeup.
  2. DNS traffic not routed when reconnect happens successfully.

No joy on issue 1 with seamless tunnel DISABLED, but issue 2 is resolved completely (DNS settings stick after a reconnection/network change). Yay!

  1. If I toggle on VPN via iOS settings app, both issues still occur.
  2. If I toggle on VPN via the OpenVPN Connect app, 1 and 2 are resolved (everything works as expected).

Down to just issue 1 now, but (b) still holds true, i.e. toggling VPN via iOS settings app with seamless tunnel ENABLED still results in issue 1.

comment:23 in reply to:  22 ; Changed 3 years ago by Antonio

Replying to sn2411:

Replying to ordex:

v1.2.7 is being rolled out to the various AppStore? as we speak. Please test it once you have a chance to upgrade and update this ticket accordingly, if possible. Thanks!

I’ve just gave v1.2.7 a try, here are the results:

  1. The resolving error when attempting to reconnect on iOS wakeup.
  2. DNS traffic not routed when reconnect happens successfully.

No joy on issue 1 with seamless tunnel DISABLED, but issue 2 is resolved completely (DNS settings stick after a reconnection/network change). Yay!

  1. If I toggle on VPN via iOS settings app, both issues still occur.
  2. If I toggle on VPN via the OpenVPN Connect app, 1 and 2 are resolved (everything works as expected).

Down to just issue 1 now, but (b) still holds true, i.e. toggling VPN via iOS settings app with seamless tunnel ENABLED still results in issue 1.

Hi and thanks a lot for the feedback!
It looks like you have a clear understanding about how to replicate the issues, but it's a bit unclear to me because there are too many references to previous behaviours.

Would you mind opening a new ticket and explain there the remaining problems without referring to what was not working before?

In this release there are quite some changes, therefore I wouldn't assume any correlation with previous behaviours.

Starting a new ticket from scratch is probably the best idea.

Thanks!

comment:24 in reply to:  23 Changed 3 years ago by sn2411

Replying to ordex:

It looks like you have a clear understanding about how to replicate the issues, but it's a bit unclear to me because there are too many references to previous behaviours.

Would you mind opening a new ticket and explain there the remaining problems without referring to what was not working before?

Okay will do, thanks for all the help so far!

comment:25 Changed 3 years ago by Antonio

Resolution: fixed
Status: assignedclosed

Most of the issues here have been addressed. Remaining issue is tracked in #1008

Note: See TracTickets for help on using tickets.