Opened 6 years ago
Closed 6 years ago
#989 closed Bug / Defect (fixed)
iOS: No Connection to VPN-Server
Reported by: | nodefeet | Owned by: | Antonio Quartulli |
---|---|---|---|
Priority: | major | Milestone: | |
Component: | OpenVPN Connect | Version: | OpenVPN Connect for iOS v1.2.6 |
Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | no connection |
Cc: |
Description
Since version 1.2.5 I can no longer connect to my VPN Server.
The OpenVPN-App says it is connected (although the last “SetStatus?? Connected” line form the previous version is missing in the log, see below) but I still cannot ping the VPN-Server. When redirecting all traffic through the vpn tunnel with adding:
redirect-gateway def1
to the client *.ovpn - file everything works fine.
Log from the working version 1.1.1
2018-01-09 15:29:23 ----- OpenVPN Start ----- OpenVPN core 3.1.2 ios armv7a thumb2 32-bit built on Dec 5 2016 12:50:25 2018-01-09 15:29:23 Frame=512/2048/512 mssfix-ctrl=1250 2018-01-09 15:29:23 UNUSED OPTIONS 4 [resolv-retry] [infinite] 5 [nobind] 6 [persist-key] 7 [persist-tun] 12 [verb] [4] 13 [mute] [20] 2018-01-09 15:29:23 EVENT: RESOLVE 2018-01-09 15:29:23 Contacting x.x.x.x:1724 via TCP 2018-01-09 15:29:23 EVENT: WAIT 2018-01-09 15:29:23 SetTunnelSocket returned 1 2018-01-09 15:29:23 Connecting to [x.myfritz.net]:1724 (x.x.x.x) via TCPv4 2018-01-09 15:29:23 EVENT: CONNECTING 2018-01-09 15:29:23 Tunnel Options:V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client 2018-01-09 15:29:23 Creds: UsernameEmpty/PasswordEmpty 2018-01-09 15:29:23 Peer Info: IV_GUI_VER=net.openvpn.connect.ios 1.1.1-212 IV_VER=3.1.2 IV_PLAT=ios IV_NCP=2 IV_TCPNL=1 IV_PROTO=2 IV_LZO=1 IV_AUTO_SESS=1 2018-01-09 15:29:23 NET Internet:ReachableViaWiFi/-R t------ 2018-01-09 15:29:25 VERIFY OK: depth=1 cert. version : 3 serial number : FE:1D:6D:D1:E7:E4:C5:CF issuer name : C=DE, ST=NRW, L=Dortmund, O=BAB TECHNOLOGIE GmbH, OU=BAB TECHNOLOGIE Signing CA, CN=BAB TECHNOLOGIE GmbH CA, ??=EasyRSA, emailAddress=info@bab-tec.de subject name : C=DE, ST=NRW, L=Dortmund, O=BAB TECHNOLOGIE GmbH, OU=BAB TECHNOLOGIE Signing CA, CN=BAB TECHNOLOGIE GmbH CA, ??=EasyRSA, emailAddress=info@bab-tec.de issued on : 2017-11-29 10:42:20 expires on : 2027-11-27 10:42:20 signed using : RSA with SHA-256 RSA key size : 2048 bits basic constraints : CA=true 2018-01-09 15:29:25 VERIFY OK: depth=0 cert. version : 3 serial number : 01 issuer name : C=DE, ST=NRW, L=Dortmund, O=BAB TECHNOLOGIE GmbH, OU=BAB TECHNOLOGIE Signing CA, CN=BAB TECHNOLOGIE GmbH CA, ??=EasyRSA, emailAddress=info@bab-tec.de subject name : C=DE, ST=NRW, L=Dortmund, O=BAB TECHNOLOGIE GmbH, OU=BAB TECHNOLOGIE Signing CA, CN=server, ??=EasyRSA, emailAddress=info@bab-tec.de issued on : 2017-11-29 10:42:26 expires on : 2027-11-27 10:42:26 signed using : RSA with SHA-256 RSA key size : 2048 bits basic constraints : CA=false subject alt name : server cert. type : SSL Server key usage : Digital Signature, Key Encipherment ext key usage : TLS Web Server Authentication 2018-01-09 15:29:27 SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA 2018-01-09 15:29:27 Session is ACTIVE 2018-01-09 15:29:27 EVENT: GET_CONFIG 2018-01-09 15:29:27 Sending PUSH_REQUEST to server... 2018-01-09 15:29:27 OPTIONS: 0 [route-gateway] [10.8.0.1] 1 [topology] [subnet] 2 [ping] [10] 3 [ping-restart] [90] 4 [ifconfig] [10.8.0.2] [255.255.255.0] 2018-01-09 15:29:27 PROTOCOL OPTIONS: cipher: AES-256-CBC digest: SHA1 compress: LZO peer ID: -1 2018-01-09 15:29:27 EVENT: ASSIGN_IP 2018-01-09 15:29:27 Connected via tun 2018-01-09 15:29:27 LZO-ASYM init swap=0 asym=0 2018-01-09 15:29:27 EVENT: CONNECTED @x.myfritz.net:1724 (x.x.x.x) via /TCPv4 on tun/10.8.0.2/ gw=[10.8.0.1/] 2018-01-09 15:29:27 SetStatus Connected
Log from the not working version 1.2.6
2018-01-17 08:30:43 ----- OpenVPN Start ----- OpenVPN core 3.1.2 ios arm64 64-bit built on Jan 14 2018 14:23:32 2018-01-17 08:30:43 Frame=512/2048/512 mssfix-ctrl=1250 2018-01-17 08:30:43 UNUSED OPTIONS 4 [resolv-retry] [infinite] 5 [nobind] 6 [persist-key] 7 [persist-tun] 12 [verb] [4] 13 [mute] [20] 2018-01-17 08:30:43 EVENT: RESOLVE 2018-01-17 08:30:43 Contacting [x.x.x.x]:1724/TCP via TCP 2018-01-17 08:30:43 EVENT: WAIT 2018-01-17 08:30:43 Connecting to [x.myfritz.net]:1724 (x.x.x.x) via TCPv4 2018-01-17 08:30:43 EVENT: CONNECTING 2018-01-17 08:30:43 Tunnel Options:V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client 2018-01-17 08:30:43 Creds: UsernameEmpty/PasswordEmpty 2018-01-17 08:30:43 Peer Info: IV_GUI_VER=net.openvpn.connect.ios 1.2.6-4 IV_VER=3.1.2 IV_PLAT=ios IV_NCP=2 IV_TCPNL=1 IV_PROTO=2 IV_LZO=1 IV_AUTO_SESS=1 2018-01-17 08:30:45 VERIFY OK : depth=1 cert. version : 3 serial number : FE:1D:6D:D1:E7:E4:C5:CF issuer name : C=DE, ST=NRW, L=Dortmund, O=BAB TECHNOLOGIE GmbH, OU=BAB TECHNOLOGIE Signing CA, CN=x GmbH CA, ??=EasyRSA, emailAddress=info@bab-tec.de subject name : C=DE, ST=NRW, L=Dortmund, O=BAB TECHNOLOGIE GmbH, OU=BAB TECHNOLOGIE Signing CA, CN=BAB TECHNOLOGIE GmbH CA, ??=EasyRSA, emailAddress=info@bab-tec.de issued on : 2017-11-29 10:42:20 expires on : 2027-11-27 10:42:20 signed using : RSA with SHA-256 RSA key size : 2048 bits basic constraints : CA=true 2018-01-17 08:30:45 VERIFY OK : depth=0 cert. version : 3 serial number : 01 issuer name : C=DE, ST=NRW, L=Dortmund, O=BAB TECHNOLOGIE GmbH, OU=BAB TECHNOLOGIE Signing CA, CN=BAB TECHNOLOGIE GmbH CA, ??=EasyRSA, emailAddress=info@bab-tec.de subject name : C=DE, ST=NRW, L=Dortmund, O=BAB TECHNOLOGIE GmbH, OU=BAB TECHNOLOGIE Signing CA, CN=server, ??=EasyRSA, emailAddress=info@bab-tec.de issued on : 2017-11-29 10:42:26 expires on : 2027-11-27 10:42:26 signed using : RSA with SHA-256 RSA key size : 2048 bits basic constraints : CA=false subject alt name : server cert. type : SSL Server key usage : Digital Signature, Key Encipherment ext key usage : TLS Web Server Authentication 2018-01-17 08:30:47 SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA 2018-01-17 08:30:47 Session is ACTIVE 2018-01-17 08:30:47 EVENT: GET_CONFIG 2018-01-17 08:30:47 Sending PUSH_REQUEST to server... 2018-01-17 08:30:47 OPTIONS: 0 [route-gateway] [10.8.0.1] 1 [topology] [subnet] 2 [ping] [10] 3 [ping-restart] [90] 4 [ifconfig] [10.8.0.2] [255.255.255.0] 2018-01-17 08:30:47 PROTOCOL OPTIONS: cipher: AES-256-CBC digest: SHA1 compress: LZO peer ID: -1 2018-01-17 08:30:47 EVENT: ASSIGN_IP 2018-01-17 08:30:47 NIP: preparing TUN network settings 2018-01-17 08:30:47 NIP: init TUN network settings with endpoint: x.x.x.x 2018-01-17 08:30:47 NIP: adding IPv4 address to network settings 10.8.0.2/255.255.255.0 2018-01-17 08:30:47 Connected via NetworkExtensionTUN 2018-01-17 08:30:47 LZO-ASYM init swap=0 asym=0 2018-01-17 08:30:47 EVENT: CONNECTED @x.myfritz.net:1724 (x.x.x.x) via /TCPv4 on NetworkExtensionTUN/10.8.0.2/ gw=[/]
I would guess it has something to do with the empty
gw=[/]
part in the last line of version 1.2.5 and 1.2.6
Any idea?
Change History (7)
comment:1 Changed 6 years ago by
Component: | Generic / unclassified → OpenVPN Connect |
---|---|
Owner: | set to Antonio Quartulli |
Status: | new → assigned |
comment:2 Changed 6 years ago by
comment:4 Changed 6 years ago by
I am pinging the VPN server 10.8.0.1 and without adding
redirect-gateway def1
to the client file there is no answer.
Here is the client.ovpn:
client dev tun proto tcp remote xxx.myfritz.net 1724 resolv-retry infinite nobind persist-key persist-tun remote-cert-eku "TLS Web Server Authentication" ns-cert-type server cipher AES-256-CBC comp-lzo verb 4 mute 20 key-direction 1 <ca> -----BEGIN CERTIFICATE----- xxx -----END CERTIFICATE----- </ca> <tls-auth> # # 2048 bit OpenVPN static key # -----BEGIN OpenVPN Static key V1----- xxx -----END OpenVPN Static key V1----- </tls-auth> <cert> -----BEGIN CERTIFICATE----- xxx -----END CERTIFICATE----- </cert> <key> -----BEGIN PRIVATE KEY----- xxx -----END PRIVATE KEY----- </key>
comment:5 Changed 6 years ago by
I think this is a duplicate of #999. If so, the next release (1.2.7) should fix this issue
comment:6 Changed 6 years ago by
v1.2.7 is being rolled out to the various AppStore? as we speak. Please test it once you have a chance to upgrade and update this ticket accordingly, if possible. Thanks!
comment:7 Changed 6 years ago by
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
As this ticket was likely to be a duplicate of #999 and we got positive feedback on that one, I am closing this issue.
Feel free to open a new bug report should the problem persist.
Hello and thanks for your report.
Replying to nodefeet:
No, this is just a reporting thing. not really relevant. It seems a routing problem, but it's strange because from the log your config seems pretty similar to one of my basic tests, still something is off.
Could you please share the client profile (of course without any key/ip)?