Opened 7 years ago
Closed 7 years ago
#983 closed Bug / Defect (fixed)
iOS: Unable to reconnect after sleep
Reported by: | sn2411 | Owned by: | Antonio Quartulli |
---|---|---|---|
Priority: | major | Milestone: | |
Component: | OpenVPN Connect | Version: | OpenVPN Connect for iOS v1.2.6 |
Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | |
Cc: |
Description
After waking from sleep (>30s), client does not reconnect to server. Same bug was reported via forums for OpenVPN Connect 1.2.5.
Client: iPhone 7 running iOS 11.2.2
Log as follows:
2018-01-17 14:58:05 OS Event: SLEEP 2018-01-17 14:58:06 EVENT: PAUSE 2018-01-17 14:58:09 OS Event: WAKEUP 2018-01-17 14:58:12 RESUME TEST: Internet:ReachableViaWWAN/WR t------ 2018-01-17 14:58:12 STANDARD RESUME 2018-01-17 14:58:12 EVENT: RESUME 2018-01-17 14:58:12 EVENT: RECONNECTING 2018-01-17 14:58:12 EVENT: RESOLVE 2018-01-17 14:58:12 OS Event: SLEEP 2018-01-17 14:58:12 EVENT: PAUSE 2018-01-17 14:58:36 OS Event: WAKEUP 2018-01-17 14:58:39 RESUME TEST: Internet:ReachableViaWWAN/WR t------ 2018-01-17 14:58:39 STANDARD RESUME 2018-01-17 14:58:39 EVENT: RESUME 2018-01-17 14:58:39 EVENT: RECONNECTING 2018-01-17 14:58:39 EVENT: RESOLVE 2018-01-17 14:58:49 Server poll timeout, trying next remote entry... 2018-01-17 14:58:49 EVENT: RECONNECTING 2018-01-17 14:58:49 EVENT: RESOLVE 2018-01-17 14:59:00 Server poll timeout, trying next remote entry... 2018-01-17 14:59:00 EVENT: RECONNECTING 2018-01-17 14:59:00 EVENT: RESOLVE
Change History (25)
comment:1 follow-up: 2 Changed 7 years ago by
Owner: | set to Antonio Quartulli |
---|---|
Status: | new → assigned |
comment:2 Changed 7 years ago by
comment:3 follow-ups: 5 10 Changed 7 years ago by
Interesting - the reconnection logic is working, but the app can't resolve the server hostname.
Is it easy to reproduce? Does it happen only when using the mobile connection or also on WiFi??
comment:4 Changed 7 years ago by
Summary: | Unable to reconnect after sleep → iOS: Unable to reconnect after sleep |
---|
comment:5 Changed 7 years ago by
Replying to ordex:
Interesting - the reconnection logic is working, but the app can't resolve the server hostname.
Is it easy to reproduce? Does it happen only when using the mobile connection or also on WiFi??
Seems to be on cellular only, but will require further testing on a remote WiFi? connection (currently connected to home network, which is my OpenVPN server host), will update after further testing.
comment:6 follow-up: 7 Changed 7 years ago by
I'm running iOS 11.2.2 and with both OpenVPN Connect 1.2.5 and 1.2.6, I'm losing my connection if I am on a cellular network. The connection seems stable if my iOS device is connected via WiFi?.
My profile runs over TCP
comment:7 follow-up: 8 Changed 7 years ago by
Replying to ernst:
I'm running iOS 11.2.2 and with both OpenVPN Connect 1.2.5 and 1.2.6, I'm losing my connection if I am on a cellular network. The connection seems stable if my iOS device is connected via WiFi?.
My profile runs over TCP
Losing your connection after sleep? If not, please open a new ticket so we can track it properly.
Thanks!
comment:8 follow-up: 9 Changed 7 years ago by
Replying to ordex:
Replying to ernst:
I'm running iOS 11.2.2 and with both OpenVPN Connect 1.2.5 and 1.2.6, I'm losing my connection if I am on a cellular network. The connection seems stable if my iOS device is connected via WiFi?.
My profile runs over TCP
Losing your connection after sleep? If not, please open a new ticket so we can track it properly.
Thanks!
I was not clear indeed: this happened this morning after going to sleep. As I was in the train, my connection was not constant and also switching between the masts and also between 3g and 4g. I am sure I saw the same messages as OP in the OpenVPN Connect log.
So, I just tried to reproduce this while I am in the office at 4G (thus I am not moving and switching between masts or 3G / 4G). Now, my VPN is not going away after sleep. I really don't know why.
comment:9 Changed 7 years ago by
Replying to ernst:
Replying to ordex:
Replying to ernst:
I'm running iOS 11.2.2 and with both OpenVPN Connect 1.2.5 and 1.2.6, I'm losing my connection if I am on a cellular network. The connection seems stable if my iOS device is connected via WiFi?.
My profile runs over TCP
Losing your connection after sleep? If not, please open a new ticket so we can track it properly.
Thanks!
I was not clear indeed: this happened this morning after going to sleep. As I was in the train, my connection was not constant and also switching between the masts and also between 3g and 4g. I am sure I saw the same messages as OP in the OpenVPN Connect log.
So, I just tried to reproduce this while I am in the office at 4G (thus I am not moving and switching between masts or 3G / 4G). Now, my VPN is not going away after sleep. I really don't know why.
It's very important to check the log when you have the issue. What the OP reported could also be the symptom of bad connectivity, where iOS sense an uplink and reports that to OpenVPN, but the connection is too flacky to get the traffic through. Not saying this is exactly the same, but it's a possibility.
comment:10 follow-up: 11 Changed 7 years ago by
Replying to ordex:
Interesting - the reconnection logic is working, but the app can't resolve the server hostname.
Is it easy to reproduce? Does it happen only when using the mobile connection or also on WiFi??
I’ve just tested it on a WiFi? connection, this happens instead: https://community.openvpn.net/openvpn/ticket/993
Difference being my server’s running on UDP instead of TCP.
Edit: traffic is being routed in the above state, but DNS option is not being pushed properly.
comment:11 follow-up: 12 Changed 7 years ago by
Replying to sn2411:
Edit: traffic is being routed in the above state, but DNS option is not being pushed properly.
do you have a log? maybe you can post it in https://community.openvpn.net/openvpn/ticket/982 ?
comment:12 follow-ups: 13 18 Changed 7 years ago by
Replying to ordex:
Replying to sn2411:
Edit: traffic is being routed in the above state, but DNS option is not being pushed properly.
do you have a log? maybe you can post it in https://community.openvpn.net/openvpn/ticket/982 ?
This is the log over WiFi?, where traffic is being routed but not DNS.
I am able to access resources (samba server, etc.) via their IP addresses, but not via hostname, hence the conclusion.
I did not post it on the other ticket as I do not have the push "dhcp-option DOMAIN xxx.xxx" option set on my server.
2018-01-18 19:23:28 ----- OpenVPN Start ----- OpenVPN core 3.1.2 ios arm64 64-bit built on Jan 14 2018 14:23:32 2018-01-18 19:23:28 Frame=512/2048/512 mssfix-ctrl=1250 2018-01-18 19:23:28 UNUSED OPTIONS 3 [sndbuf] [0] 4 [rcvbuf] [0] 6 [resolv-retry] [infinite] 7 [nobind] 8 [persist-key] 9 [persist-tun] 14 [block-outside-dns] 16 [verb] [3] 2018-01-18 19:23:28 EVENT: RESOLVE 2018-01-18 19:23:28 Contacting [my.public.ip]:myport/UDP via UDP 2018-01-18 19:23:28 EVENT: WAIT 2018-01-18 19:23:28 Connecting to [my.server.address]:myport (my.public.ip) via UDPv4 2018-01-18 19:23:28 EVENT: CONNECTING 2018-01-18 19:23:28 Tunnel Options:V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client 2018-01-18 19:23:28 Creds: UsernameEmpty/PasswordEmpty 2018-01-18 19:23:28 Peer Info: IV_GUI_VER=net.openvpn.connect.ios 1.2.6-4 IV_VER=3.1.2 IV_PLAT=ios IV_NCP=2 IV_TCPNL=1 IV_PROTO=2 IV_LZO_STUB=1 IV_COMP_STUB=1 IV_COMP_STUBv2=1 IV_IPv6=0 IV_AUTO_SESS=1 2018-01-18 19:23:28 VERIFY OK : depth=1 cert. version : 3 serial number : B7:F1:2A:3F:AA:C2:06:F4 issuer name : CN=ChangeMe subject name : CN=ChangeMe issued on : 2017-12-09 13:00:20 expires on : 2027-12-07 13:00:20 signed using : RSA with SHA-256 RSA key size : 2048 bits basic constraints : CA=true key usage : Key Cert Sign, CRL Sign 2018-01-18 19:23:28 VERIFY OK : depth=0 cert. version : 3 serial number : 01 issuer name : CN=ChangeMe subject name : CN=server issued on : 2017-12-09 13:03:28 expires on : 2027-12-07 13:03:28 signed using : RSA with SHA-256 RSA key size : 2048 bits basic constraints : CA=false subject alt name : server key usage : Digital Signature, Key Encipherment ext key usage : TLS Web Server Authentication 2018-01-18 19:23:28 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 2018-01-18 19:23:28 Session is ACTIVE 2018-01-18 19:23:28 EVENT: GET_CONFIG 2018-01-18 19:23:28 Sending PUSH_REQUEST to server... 2018-01-18 19:23:28 OPTIONS: 0 [route] [192.168.1.0] [255.255.255.0] 1 [dhcp-option] [DNS] [192.168.1.xxx] 2 [route-gateway] [10.8.0.1] 3 [topology] [subnet] 4 [ping] [10] 5 [ping-restart] [120] 6 [ifconfig] [10.8.0.2] [255.255.255.0] 7 [peer-id] [0] 8 [cipher] [AES-256-GCM] 9 [block-ipv6] 2018-01-18 19:23:28 PROTOCOL OPTIONS: cipher: AES-256-GCM digest: SHA512 compress: LZO_STUB peer ID: 0 2018-01-18 19:23:28 EVENT: ASSIGN_IP 2018-01-18 19:23:28 NIP: preparing TUN network settings 2018-01-18 19:23:28 NIP: init TUN network settings with endpoint: my.public.ip 2018-01-18 19:23:28 NIP: adding IPv4 address to network settings 10.8.0.2/255.255.255.0 2018-01-18 19:23:28 NIP: adding (included) IPv4 route 192.168.1.0/24 2018-01-18 19:23:28 NIP: adding DNS 192.168.1.xxx 2018-01-18 19:23:28 NIP: blocking all IPv6 traffic - not supported 2018-01-18 19:23:28 NIP: adding match domain ALL 2018-01-18 19:23:28 NIP: adding DNS specific routes: 2018-01-18 19:23:28 NIP: adding (included) IPv4 route 192.168.1.xxx/32 2018-01-18 19:23:28 Connected via NetworkExtensionTUN 2018-01-18 19:23:28 LZO-ASYM init swap=0 asym=1 2018-01-18 19:23:28 Comp-stub init swap=0 2018-01-18 19:23:28 EVENT: CONNECTED @my.server.address:myport (my.public.ip) via /UDPv4 on NetworkExtensionTUN/10.8.0.2/ gw=[/] 2018-01-18 19:23:52 OS Event: SLEEP 2018-01-18 19:23:52 EVENT: PAUSE 2018-01-18 19:24:16 OS Event: WAKEUP 2018-01-18 19:24:19 RESUME TEST: Internet:ReachableViaWiFi/-R t------ 2018-01-18 19:24:19 STANDARD RESUME 2018-01-18 19:24:19 EVENT: RESUME 2018-01-18 19:24:19 EVENT: RECONNECTING 2018-01-18 19:24:19 EVENT: RESOLVE 2018-01-18 19:24:19 Contacting [my.public.ip]:myport/UDP via UDP 2018-01-18 19:24:19 EVENT: WAIT 2018-01-18 19:24:19 Connecting to [my.server.address]:myport (my.public.ip) via UDPv4 2018-01-18 19:24:19 EVENT: CONNECTING 2018-01-18 19:24:19 Tunnel Options:V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client 2018-01-18 19:24:19 Creds: UsernameEmpty/PasswordEmpty 2018-01-18 19:24:19 Peer Info: IV_GUI_VER=net.openvpn.connect.ios 1.2.6-4 IV_VER=3.1.2 IV_PLAT=ios IV_NCP=2 IV_TCPNL=1 IV_PROTO=2 IV_LZO_STUB=1 IV_COMP_STUB=1 IV_COMP_STUBv2=1 IV_IPv6=0 IV_AUTO_SESS=1 2018-01-18 19:24:19 VERIFY OK : depth=1 cert. version : 3 serial number : B7:F1:2A:3F:AA:C2:06:F4 issuer name : CN=ChangeMe subject name : CN=ChangeMe issued on : 2017-12-09 13:00:20 expires on : 2027-12-07 13:00:20 signed using : RSA with SHA-256 RSA key size : 2048 bits basic constraints : CA=true key usage : Key Cert Sign, CRL Sign 2018-01-18 19:24:19 VERIFY OK : depth=0 cert. version : 3 serial number : 01 issuer name : CN=ChangeMe subject name : CN=server issued on : 2017-12-09 13:03:28 expires on : 2027-12-07 13:03:28 signed using : RSA with SHA-256 RSA key size : 2048 bits basic constraints : CA=false subject alt name : server key usage : Digital Signature, Key Encipherment ext key usage : TLS Web Server Authentication 2018-01-18 19:24:20 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 2018-01-18 19:24:20 Session is ACTIVE 2018-01-18 19:24:20 EVENT: GET_CONFIG 2018-01-18 19:24:20 Sending PUSH_REQUEST to server... 2018-01-18 19:24:20 OPTIONS: 0 [route] [192.168.1.0] [255.255.255.0] 1 [dhcp-option] [DNS] [192.168.1.xxx] 2 [route-gateway] [10.8.0.1] 3 [topology] [subnet] 4 [ping] [10] 5 [ping-restart] [120] 6 [ifconfig] [10.8.0.2] [255.255.255.0] 7 [peer-id] [0] 8 [cipher] [AES-256-GCM] 9 [block-ipv6] 2018-01-18 19:24:20 PROTOCOL OPTIONS: cipher: AES-256-GCM digest: SHA512 compress: LZO_STUB peer ID: 0 2018-01-18 19:24:20 EVENT: ASSIGN_IP 2018-01-18 19:24:20 NIP: preparing TUN network settings 2018-01-18 19:24:20 NIP: init TUN network settings with endpoint: my.public.ip 2018-01-18 19:24:20 NIP: adding IPv4 address to network settings 10.8.0.2/255.255.255.0 2018-01-18 19:24:20 NIP: adding (included) IPv4 route 192.168.1.0/24 2018-01-18 19:24:20 NIP: adding DNS 192.168.1.xxx 2018-01-18 19:24:20 NIP: blocking all IPv6 traffic - not supported 2018-01-18 19:24:20 NIP: adding DNS specific routes: 2018-01-18 19:24:20 NIP: adding (included) IPv4 route 192.168.1.xxx/32 2018-01-18 19:24:20 Connected via NetworkExtensionTUN 2018-01-18 19:24:20 LZO-ASYM init swap=0 asym=1 2018-01-18 19:24:20 Comp-stub init swap=0 2018-01-18 19:24:20 EVENT: CONNECTED @my.server.address:myport (my.public.ip) via /UDPv4 on NetworkExtensionTUN/10.8.0.2/ gw=[/] 2018-01-18 19:24:36 OS Event: SLEEP 2018-01-18 19:24:36 EVENT: PAUSE 2018-01-18 19:25:29 OS Event: WAKEUP 2018-01-18 19:25:32 RESUME TEST: Internet:ReachableViaWiFi/-R t------ 2018-01-18 19:25:32 STANDARD RESUME 2018-01-18 19:25:32 EVENT: RESUME 2018-01-18 19:25:32 EVENT: RECONNECTING 2018-01-18 19:25:32 EVENT: RESOLVE 2018-01-18 19:25:33 Contacting [my.public.ip]:myport/UDP via UDP 2018-01-18 19:25:33 EVENT: WAIT 2018-01-18 19:25:33 Connecting to [my.server.address]:myport (my.public.ip) via UDPv4 2018-01-18 19:25:33 EVENT: CONNECTING 2018-01-18 19:25:33 Tunnel Options:V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client 2018-01-18 19:25:33 Creds: UsernameEmpty/PasswordEmpty 2018-01-18 19:25:33 Peer Info: IV_GUI_VER=net.openvpn.connect.ios 1.2.6-4 IV_VER=3.1.2 IV_PLAT=ios IV_NCP=2 IV_TCPNL=1 IV_PROTO=2 IV_LZO_STUB=1 IV_COMP_STUB=1 IV_COMP_STUBv2=1 IV_IPv6=0 IV_AUTO_SESS=1 2018-01-18 19:25:33 VERIFY OK : depth=1 cert. version : 3 serial number : B7:F1:2A:3F:AA:C2:06:F4 issuer name : CN=ChangeMe subject name : CN=ChangeMe issued on : 2017-12-09 13:00:20 expires on : 2027-12-07 13:00:20 signed using : RSA with SHA-256 RSA key size : 2048 bits basic constraints : CA=true key usage : Key Cert Sign, CRL Sign 2018-01-18 19:25:33 VERIFY OK : depth=0 cert. version : 3 serial number : 01 issuer name : CN=ChangeMe subject name : CN=server issued on : 2017-12-09 13:03:28 expires on : 2027-12-07 13:03:28 signed using : RSA with SHA-256 RSA key size : 2048 bits basic constraints : CA=false subject alt name : server key usage : Digital Signature, Key Encipherment ext key usage : TLS Web Server Authentication 2018-01-18 19:25:33 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 2018-01-18 19:25:33 Session is ACTIVE 2018-01-18 19:25:33 EVENT: GET_CONFIG 2018-01-18 19:25:33 Sending PUSH_REQUEST to server... 2018-01-18 19:25:33 OPTIONS: 0 [route] [192.168.1.0] [255.255.255.0] 1 [dhcp-option] [DNS] [192.168.1.xxx] 2 [route-gateway] [10.8.0.1] 3 [topology] [subnet] 4 [ping] [10] 5 [ping-restart] [120] 6 [ifconfig] [10.8.0.2] [255.255.255.0] 7 [peer-id] [0] 8 [cipher] [AES-256-GCM] 9 [block-ipv6] 2018-01-18 19:25:33 PROTOCOL OPTIONS: cipher: AES-256-GCM digest: SHA512 compress: LZO_STUB peer ID: 0 2018-01-18 19:25:33 EVENT: ASSIGN_IP 2018-01-18 19:25:33 NIP: preparing TUN network settings 2018-01-18 19:25:33 NIP: init TUN network settings with endpoint: my.public.ip 2018-01-18 19:25:33 NIP: adding IPv4 address to network settings 10.8.0.2/255.255.255.0 2018-01-18 19:25:33 NIP: adding (included) IPv4 route 192.168.1.0/24 2018-01-18 19:25:33 NIP: adding DNS 192.168.1.xxx 2018-01-18 19:25:33 NIP: blocking all IPv6 traffic - not supported 2018-01-18 19:25:33 NIP: adding DNS specific routes: 2018-01-18 19:25:33 NIP: adding (included) IPv4 route 192.168.1.xxx/32 2018-01-18 19:25:33 Connected via NetworkExtensionTUN 2018-01-18 19:25:33 LZO-ASYM init swap=0 asym=1 2018-01-18 19:25:33 Comp-stub init swap=0 2018-01-18 19:25:33 EVENT: CONNECTED @my.server.address:myport (my.public.ip) via /UDPv4 on NetworkExtensionTUN/10.8.0.2/ gw=[/]
comment:13 follow-up: 14 Changed 7 years ago by
Replying to sn2411:
Replying to ordex:
Replying to sn2411:
Edit: traffic is being routed in the above state, but DNS option is not being pushed properly.
do you have a log? maybe you can post it in https://community.openvpn.net/openvpn/ticket/982 ?
This is the log over WiFi?, where traffic is being routed but not DNS.
I am able to access resources (samba server, etc.) via their IP addresses, but not via hostname, hence the conclusion.
I did not post it on the other ticket as I do not have the push "dhcp-option DOMAIN xxx.xxx" option set on my server.
everything seems to be alright from the log..weird. Have you tried dumping the traffic on your VPN server to see if DNS requests were actually incoming or not?
To clarify, the DNS issue started after the sleep and the reconnection only?
comment:14 follow-up: 15 Changed 7 years ago by
To clarify, the DNS issue started after the sleep and the reconnection only?
That's correct, on a 'fresh' connection, i.e. VPN toggled on from an off state, there were no issues with DNS.
To sum up, 2 separate issues currently:
- The resolving error when attempting to reconnect on iOS wakeup.
- DNS traffic not routed when reconnect happens successfully.
everything seems to be alright from the log..weird. Have you tried dumping the traffic on your VPN server to see if DNS requests were actually incoming or not?
They don't seem to be incoming; my DNS server logs show nothing incoming from the VPN side.
Using an iOS app named Network Analyzer Lite, on a 'fresh' connection, my DNS server listed is correct (the DNS server I'm hosting). After sleep and reconnection (if it was successful), the DNS server listed is the ISP one.
comment:15 follow-up: 16 Changed 7 years ago by
Replying to sn2411:
To clarify, the DNS issue started after the sleep and the reconnection only?
That's correct, on a 'fresh' connection, i.e. VPN toggled on from an off state, there were no issues with DNS.
To sum up, 2 separate issues currently:
- The resolving error when attempting to reconnect on iOS wakeup.
- DNS traffic not routed when reconnect happens successfully.
everything seems to be alright from the log..weird. Have you tried dumping the traffic on your VPN server to see if DNS requests were actually incoming or not?
They don't seem to be incoming; my DNS server logs show nothing incoming from the VPN side.
Using an iOS app named Network Analyzer Lite, on a 'fresh' connection, my DNS server listed is correct (the DNS server I'm hosting). After sleep and reconnection (if it was successful), the DNS server listed is the ISP one.
Mh ok. Does this happen with seamless tunnel ON ?
comment:16 follow-up: 17 Changed 7 years ago by
Replying to ordex:
Mh ok. Does this happen with seamless tunnel ON ?
With seamless tunnel ON, things get weirder...
- If I toggle on VPN via iOS settings app, both issues still occur.
- If I toggle on VPN via the OpenVPN Connect app, 1 and 2 are resolved (everything works as expected).
comment:17 follow-up: 20 Changed 7 years ago by
Replying to sn2411:
Replying to ordex:
Mh ok. Does this happen with seamless tunnel ON ?
With seamless tunnel ON, things get weirder...
- If I toggle on VPN via iOS settings app, both issues still occur.
- If I toggle on VPN via the OpenVPN Connect app, 1 and 2 are resolved (everything works as expected).
Interesting.. could you get the log of a) and b) ? it would be interesting to know if during the interface configuration phase there is any difference.
So, does it mean that the issues you reported before happen with seamless tunnel OFF and no matter how you switch on the connection (iOS settings or App) ?
comment:18 follow-up: 19 Changed 7 years ago by
Replying to sn2411:
.... 2018-01-18 19:25:33 EVENT: ASSIGN_IP 2018-01-18 19:25:33 NIP: preparing TUN network settings 2018-01-18 19:25:33 NIP: init TUN network settings with endpoint: my.public.ip 2018-01-18 19:25:33 NIP: adding IPv4 address to network settings 10.8.0.2/255.255.255.0 2018-01-18 19:25:33 NIP: adding (included) IPv4 route 192.168.1.0/24 2018-01-18 19:25:33 NIP: adding DNS 192.168.1.xxx 2018-01-18 19:25:33 NIP: blocking all IPv6 traffic - not supported 2018-01-18 19:25:33 NIP: adding DNS specific routes: 2018-01-18 19:25:33 NIP: adding (included) IPv4 route 192.168.1.xxx/32 2018-01-18 19:25:33 Connected via NetworkExtensionTUN 2018-01-18 19:25:33 LZO-ASYM init swap=0 asym=1 2018-01-18 19:25:33 Comp-stub init swap=0 2018-01-18 19:25:33 EVENT: CONNECTED @my.server.address:myport (my.public.ip) via /UDPv4 on NetworkExtensionTUN/10.8.0.2/ gw=[/]
After re-reading your log some more times I think I found out something wrong. There is no
2018-01-18 19:23:28 NIP: adding match domain ALL
in the reconnections. This is essential to make your DNS work in a split-tunnel scenario (when you don't push redirect-gateway).
comment:19 Changed 7 years ago by
Replying to ordex:
This is essential to make your DNS work in a split-tunnel scenario (when you don't push redirect-gateway).
This will be fixed in the next release.
comment:20 Changed 7 years ago by
Replying to ordex:
Interesting.. could you get the log of a) and b) ? it would be interesting to know if during the interface configuration phase there is any difference.
Strange... for a, nothing appears logged...
Log for b.
2018-01-22 07:40:19 ----- OpenVPN Start ----- OpenVPN core 3.1.2 ios arm64 64-bit built on Jan 14 2018 14:23:32 2018-01-22 07:40:19 Frame=512/2048/512 mssfix-ctrl=1250 2018-01-22 07:40:19 UNUSED OPTIONS 3 [sndbuf] [0] 4 [rcvbuf] [0] 6 [resolv-retry] [infinite] 7 [nobind] 8 [persist-key] 9 [persist-tun] 14 [block-outside-dns] 16 [verb] [3] 2018-01-22 07:40:19 EVENT: RESOLVE 2018-01-22 07:40:19 Contacting [my.server.ip]:serverport/UDP via UDP 2018-01-22 07:40:19 EVENT: WAIT 2018-01-22 07:40:19 Connecting to [my.server.address]:serverport (my.server.ip) via UDPv4 2018-01-22 07:40:19 EVENT: CONNECTING 2018-01-22 07:40:19 Tunnel Options:V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client 2018-01-22 07:40:19 Creds: UsernameEmpty/PasswordEmpty 2018-01-22 07:40:19 Peer Info: IV_GUI_VER=net.openvpn.connect.ios 1.2.6-4 IV_VER=3.1.2 IV_PLAT=ios IV_NCP=2 IV_TCPNL=1 IV_PROTO=2 IV_LZO_STUB=1 IV_COMP_STUB=1 IV_COMP_STUBv2=1 IV_IPv6=0 IV_AUTO_SESS=1 2018-01-22 07:40:19 VERIFY OK : depth=1 cert. version : 3 serial number : B7:F1:2A:3F:AA:C2:06:F4 issuer name : CN=ChangeMe subject name : CN=ChangeMe issued on : 2017-12-09 13:00:20 expires on : 2027-12-07 13:00:20 signed using : RSA with SHA-256 RSA key size : 2048 bits basic constraints : CA=true key usage : Key Cert Sign, CRL Sign 2018-01-22 07:40:19 VERIFY OK : depth=0 cert. version : 3 serial number : 01 issuer name : CN=ChangeMe subject name : CN=server issued on : 2017-12-09 13:03:28 expires on : 2027-12-07 13:03:28 signed using : RSA with SHA-256 RSA key size : 2048 bits basic constraints : CA=false subject alt name : server key usage : Digital Signature, Key Encipherment ext key usage : TLS Web Server Authentication 2018-01-22 07:40:19 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 2018-01-22 07:40:19 Session is ACTIVE 2018-01-22 07:40:19 EVENT: GET_CONFIG 2018-01-22 07:40:19 Sending PUSH_REQUEST to server... 2018-01-22 07:40:20 OPTIONS: 0 [route] [192.168.1.0] [255.255.255.0] 1 [dhcp-option] [DNS] [dns.server.local.ip] 2 [route-gateway] [10.8.0.1] 3 [topology] [subnet] 4 [ping] [10] 5 [ping-restart] [120] 6 [ifconfig] [10.8.0.2] [255.255.255.0] 7 [peer-id] [0] 8 [cipher] [AES-256-GCM] 9 [block-ipv6] 2018-01-22 07:40:20 PROTOCOL OPTIONS: cipher: AES-256-GCM digest: SHA512 compress: LZO_STUB peer ID: 0 2018-01-22 07:40:20 EVENT: ASSIGN_IP 2018-01-22 07:40:20 NIP: preparing TUN network settings 2018-01-22 07:40:20 NIP: init TUN network settings with endpoint: my.server.ip 2018-01-22 07:40:20 NIP: adding IPv4 address to network settings 10.8.0.2/255.255.255.0 2018-01-22 07:40:20 NIP: adding (included) IPv4 route 192.168.1.0/24 2018-01-22 07:40:20 NIP: adding DNS dns.server.local.ip 2018-01-22 07:40:20 NIP: blocking all IPv6 traffic - not supported 2018-01-22 07:40:20 NIP: adding match domain ALL 2018-01-22 07:40:20 NIP: adding DNS specific routes: 2018-01-22 07:40:20 NIP: adding (included) IPv4 route dns.server.local.ip/32 2018-01-22 07:40:20 Connected via NetworkExtensionTUN 2018-01-22 07:40:20 LZO-ASYM init swap=0 asym=1 2018-01-22 07:40:20 Comp-stub init swap=0 2018-01-22 07:40:20 EVENT: CONNECTED @my.server.address:serverport (my.server.ip) via /UDPv4 on NetworkExtensionTUN/10.8.0.2/ gw=[/] 2018-01-22 07:40:55 OS Event: SLEEP 2018-01-22 07:40:55 EVENT: PAUSE 2018-01-22 07:40:56 OS Event: WAKEUP 2018-01-22 07:40:59 RESUME TEST: Internet:ReachableViaWWAN/WR t------ 2018-01-22 07:40:59 STANDARD RESUME 2018-01-22 07:40:59 EVENT: RESUME 2018-01-22 07:40:59 EVENT: RECONNECTING 2018-01-22 07:40:59 Contacting [my.server.ip]:serverport/UDP via UDP 2018-01-22 07:40:59 EVENT: WAIT 2018-01-22 07:40:59 Connecting to [my.server.address]:serverport (my.server.ip) via UDPv4 2018-01-22 07:40:59 EVENT: CONNECTING 2018-01-22 07:40:59 Tunnel Options:V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client 2018-01-22 07:40:59 Creds: UsernameEmpty/PasswordEmpty 2018-01-22 07:40:59 Peer Info: IV_GUI_VER=net.openvpn.connect.ios 1.2.6-4 IV_VER=3.1.2 IV_PLAT=ios IV_NCP=2 IV_TCPNL=1 IV_PROTO=2 IV_LZO_STUB=1 IV_COMP_STUB=1 IV_COMP_STUBv2=1 IV_IPv6=0 IV_AUTO_SESS=1 2018-01-22 07:40:59 VERIFY OK : depth=1 cert. version : 3 serial number : B7:F1:2A:3F:AA:C2:06:F4 issuer name : CN=ChangeMe subject name : CN=ChangeMe issued on : 2017-12-09 13:00:20 expires on : 2027-12-07 13:00:20 signed using : RSA with SHA-256 RSA key size : 2048 bits basic constraints : CA=true key usage : Key Cert Sign, CRL Sign 2018-01-22 07:40:59 VERIFY OK : depth=0 cert. version : 3 serial number : 01 issuer name : CN=ChangeMe subject name : CN=server issued on : 2017-12-09 13:03:28 expires on : 2027-12-07 13:03:28 signed using : RSA with SHA-256 RSA key size : 2048 bits basic constraints : CA=false subject alt name : server key usage : Digital Signature, Key Encipherment ext key usage : TLS Web Server Authentication 2018-01-22 07:40:59 OS Event: SLEEP 2018-01-22 07:40:59 EVENT: PAUSE 2018-01-22 07:41:01 OS Event: WAKEUP 2018-01-22 07:41:04 RESUME TEST: Internet:ReachableViaWWAN/WR t------ 2018-01-22 07:41:04 STANDARD RESUME 2018-01-22 07:41:04 EVENT: RESUME 2018-01-22 07:41:04 EVENT: RECONNECTING 2018-01-22 07:41:04 Contacting [my.server.ip]:serverport/UDP via UDP 2018-01-22 07:41:04 EVENT: WAIT 2018-01-22 07:41:04 Connecting to [my.server.address]:serverport (my.server.ip) via UDPv4 2018-01-22 07:41:04 EVENT: CONNECTING 2018-01-22 07:41:04 Tunnel Options:V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client 2018-01-22 07:41:04 Creds: UsernameEmpty/PasswordEmpty 2018-01-22 07:41:04 Peer Info: IV_GUI_VER=net.openvpn.connect.ios 1.2.6-4 IV_VER=3.1.2 IV_PLAT=ios IV_NCP=2 IV_TCPNL=1 IV_PROTO=2 IV_LZO_STUB=1 IV_COMP_STUB=1 IV_COMP_STUBv2=1 IV_IPv6=0 IV_AUTO_SESS=1 2018-01-22 07:41:04 VERIFY OK : depth=1 cert. version : 3 serial number : B7:F1:2A:3F:AA:C2:06:F4 issuer name : CN=ChangeMe subject name : CN=ChangeMe issued on : 2017-12-09 13:00:20 expires on : 2027-12-07 13:00:20 signed using : RSA with SHA-256 RSA key size : 2048 bits basic constraints : CA=true key usage : Key Cert Sign, CRL Sign 2018-01-22 07:41:04 VERIFY OK : depth=0 cert. version : 3 serial number : 01 issuer name : CN=ChangeMe subject name : CN=server issued on : 2017-12-09 13:03:28 expires on : 2027-12-07 13:03:28 signed using : RSA with SHA-256 RSA key size : 2048 bits basic constraints : CA=false subject alt name : server key usage : Digital Signature, Key Encipherment ext key usage : TLS Web Server Authentication 2018-01-22 07:41:04 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 2018-01-22 07:41:04 Session is ACTIVE 2018-01-22 07:41:04 EVENT: GET_CONFIG 2018-01-22 07:41:04 Sending PUSH_REQUEST to server... 2018-01-22 07:41:04 OPTIONS: 0 [route] [192.168.1.0] [255.255.255.0] 1 [dhcp-option] [DNS] [dns.server.local.ip] 2 [route-gateway] [10.8.0.1] 3 [topology] [subnet] 4 [ping] [10] 5 [ping-restart] [120] 6 [ifconfig] [10.8.0.2] [255.255.255.0] 7 [peer-id] [1] 8 [cipher] [AES-256-GCM] 9 [block-ipv6] 2018-01-22 07:41:04 PROTOCOL OPTIONS: cipher: AES-256-GCM digest: SHA512 compress: LZO_STUB peer ID: 1 2018-01-22 07:41:04 Connected via NetworkExtensionTUN 2018-01-22 07:41:04 LZO-ASYM init swap=0 asym=1 2018-01-22 07:41:04 Comp-stub init swap=0 2018-01-22 07:41:04 EVENT: CONNECTED @my.server.address:serverport (my.server.ip) via /UDPv4 on NetworkExtensionTUN/10.8.0.2/ gw=[/]
So, does it mean that the issues you reported before happen with seamless tunnel OFF and no matter how you switch on the connection (iOS settings or App) ?
That’s correct.
This will be fixed in the next release.
That’s good to hear, thank you so much for your help! I suppose I’ll test out push redirect-gateway as a workaround meanwhile.
comment:21 follow-up: 22 Changed 7 years ago by
v1.2.7 is being rolled out to the various AppStore? as we speak. Please test it once you have a chance to upgrade and update this ticket accordingly, if possible. Thanks!
comment:22 follow-up: 23 Changed 7 years ago by
Replying to ordex:
v1.2.7 is being rolled out to the various AppStore? as we speak. Please test it once you have a chance to upgrade and update this ticket accordingly, if possible. Thanks!
I’ve just gave v1.2.7 a try, here are the results:
- The resolving error when attempting to reconnect on iOS wakeup.
- DNS traffic not routed when reconnect happens successfully.
No joy on issue 1 with seamless tunnel DISABLED, but issue 2 is resolved completely (DNS settings stick after a reconnection/network change). Yay!
- If I toggle on VPN via iOS settings app,
both issues still occur.- If I toggle on VPN via the OpenVPN Connect app, 1 and 2 are resolved (everything works as expected).
Down to just issue 1 now, but (b) still holds true, i.e. toggling VPN via iOS settings app with seamless tunnel ENABLED still results in issue 1.
comment:23 follow-up: 24 Changed 7 years ago by
Replying to sn2411:
Replying to ordex:
v1.2.7 is being rolled out to the various AppStore? as we speak. Please test it once you have a chance to upgrade and update this ticket accordingly, if possible. Thanks!
I’ve just gave v1.2.7 a try, here are the results:
- The resolving error when attempting to reconnect on iOS wakeup.
- DNS traffic not routed when reconnect happens successfully.
No joy on issue 1 with seamless tunnel DISABLED, but issue 2 is resolved completely (DNS settings stick after a reconnection/network change). Yay!
- If I toggle on VPN via iOS settings app,
both issues still occur.- If I toggle on VPN via the OpenVPN Connect app, 1 and 2 are resolved (everything works as expected).
Down to just issue 1 now, but (b) still holds true, i.e. toggling VPN via iOS settings app with seamless tunnel ENABLED still results in issue 1.
Hi and thanks a lot for the feedback!
It looks like you have a clear understanding about how to replicate the issues, but it's a bit unclear to me because there are too many references to previous behaviours.
Would you mind opening a new ticket and explain there the remaining problems without referring to what was not working before?
In this release there are quite some changes, therefore I wouldn't assume any correlation with previous behaviours.
Starting a new ticket from scratch is probably the best idea.
Thanks!
comment:24 Changed 7 years ago by
Replying to ordex:
It looks like you have a clear understanding about how to replicate the issues, but it's a bit unclear to me because there are too many references to previous behaviours.
Would you mind opening a new ticket and explain there the remaining problems without referring to what was not working before?
Okay will do, thanks for all the help so far!
comment:25 Changed 7 years ago by
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
Most of the issues here have been addressed. Remaining issue is tracked in #1008
v1.2.6 has just been launched on AppStore?. Could you please test that version and let us know if the issue is fixed?
Or are you actually already on 1.2.6?