Opened 6 years ago

Closed 6 years ago

#989 closed Bug / Defect (fixed)

iOS: No Connection to VPN-Server

Reported by: nodefeet Owned by: Antonio Quartulli
Priority: major Milestone:
Component: OpenVPN Connect Version: OpenVPN Connect for iOS v1.2.6
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords: no connection
Cc:

Description

Since version 1.2.5 I can no longer connect to my VPN Server.

The OpenVPN-App says it is connected (although the last “SetStatus?? Connected” line form the previous version is missing in the log, see below) but I still cannot ping the VPN-Server. When redirecting all traffic through the vpn tunnel with adding:

redirect-gateway def1 

to the client *.ovpn - file everything works fine.

Log from the working version 1.1.1

2018-01-09 15:29:23 ----- OpenVPN Start ----- OpenVPN core 3.1.2 ios armv7a thumb2 32-bit built on Dec 5 2016 12:50:25
2018-01-09 15:29:23 Frame=512/2048/512 mssfix-ctrl=1250
2018-01-09 15:29:23 UNUSED OPTIONS
4 [resolv-retry] [infinite] 
5 [nobind] 
6 [persist-key] 
7 [persist-tun] 
12 [verb] [4] 
13 [mute] [20] 

2018-01-09 15:29:23 EVENT: RESOLVE
2018-01-09 15:29:23 Contacting x.x.x.x:1724 via TCP
2018-01-09 15:29:23 EVENT: WAIT
2018-01-09 15:29:23 SetTunnelSocket returned 1
2018-01-09 15:29:23 Connecting to [x.myfritz.net]:1724 (x.x.x.x) via TCPv4
2018-01-09 15:29:23 EVENT: CONNECTING
2018-01-09 15:29:23 Tunnel Options:V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client
2018-01-09 15:29:23 Creds: UsernameEmpty/PasswordEmpty
2018-01-09 15:29:23 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.1.1-212
IV_VER=3.1.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO=1
IV_AUTO_SESS=1

2018-01-09 15:29:23 NET Internet:ReachableViaWiFi/-R t------
2018-01-09 15:29:25 VERIFY OK: depth=1
cert. version : 3
serial number : FE:1D:6D:D1:E7:E4:C5:CF
issuer name : C=DE, ST=NRW, L=Dortmund, O=BAB TECHNOLOGIE GmbH, OU=BAB TECHNOLOGIE Signing CA, CN=BAB TECHNOLOGIE GmbH CA, ??=EasyRSA, emailAddress=info@bab-tec.de
subject name : C=DE, ST=NRW, L=Dortmund, O=BAB TECHNOLOGIE GmbH, OU=BAB TECHNOLOGIE Signing CA, CN=BAB TECHNOLOGIE GmbH CA, ??=EasyRSA, emailAddress=info@bab-tec.de
issued on : 2017-11-29 10:42:20
expires on : 2027-11-27 10:42:20
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=true

2018-01-09 15:29:25 VERIFY OK: depth=0
cert. version : 3
serial number : 01
issuer name : C=DE, ST=NRW, L=Dortmund, O=BAB TECHNOLOGIE GmbH, OU=BAB TECHNOLOGIE Signing CA, CN=BAB TECHNOLOGIE GmbH CA, ??=EasyRSA, emailAddress=info@bab-tec.de
subject name : C=DE, ST=NRW, L=Dortmund, O=BAB TECHNOLOGIE GmbH, OU=BAB TECHNOLOGIE Signing CA, CN=server, ??=EasyRSA, emailAddress=info@bab-tec.de
issued on : 2017-11-29 10:42:26
expires on : 2027-11-27 10:42:26
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=false
subject alt name : server
cert. type : SSL Server
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication

2018-01-09 15:29:27 SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA
2018-01-09 15:29:27 Session is ACTIVE
2018-01-09 15:29:27 EVENT: GET_CONFIG
2018-01-09 15:29:27 Sending PUSH_REQUEST to server...
2018-01-09 15:29:27 OPTIONS:
0 [route-gateway] [10.8.0.1] 
1 [topology] [subnet] 
2 [ping] [10] 
3 [ping-restart] [90] 
4 [ifconfig] [10.8.0.2] [255.255.255.0] 

2018-01-09 15:29:27 PROTOCOL OPTIONS:
cipher: AES-256-CBC
digest: SHA1
compress: LZO
peer ID: -1
2018-01-09 15:29:27 EVENT: ASSIGN_IP
2018-01-09 15:29:27 Connected via tun
2018-01-09 15:29:27 LZO-ASYM init swap=0 asym=0
2018-01-09 15:29:27 EVENT: CONNECTED @x.myfritz.net:1724 (x.x.x.x) via /TCPv4 on tun/10.8.0.2/ gw=[10.8.0.1/]
2018-01-09 15:29:27 SetStatus Connected

Log from the not working version 1.2.6

2018-01-17 08:30:43 ----- OpenVPN Start -----
OpenVPN core 3.1.2 ios arm64 64-bit built on Jan 14 2018 14:23:32
2018-01-17 08:30:43 Frame=512/2048/512 mssfix-ctrl=1250
2018-01-17 08:30:43 UNUSED OPTIONS
4 [resolv-retry] [infinite] 
5 [nobind] 
6 [persist-key] 
7 [persist-tun] 
12 [verb] [4] 
13 [mute] [20] 

2018-01-17 08:30:43 EVENT: RESOLVE
2018-01-17 08:30:43 Contacting [x.x.x.x]:1724/TCP via TCP
2018-01-17 08:30:43 EVENT: WAIT
2018-01-17 08:30:43 Connecting to [x.myfritz.net]:1724 (x.x.x.x) via TCPv4
2018-01-17 08:30:43 EVENT: CONNECTING
2018-01-17 08:30:43 Tunnel Options:V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client
2018-01-17 08:30:43 Creds: UsernameEmpty/PasswordEmpty
2018-01-17 08:30:43 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.2.6-4
IV_VER=3.1.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO=1
IV_AUTO_SESS=1

2018-01-17 08:30:45 VERIFY OK : depth=1
cert. version    : 3
serial number    : FE:1D:6D:D1:E7:E4:C5:CF
issuer name      : C=DE, ST=NRW, L=Dortmund, O=BAB TECHNOLOGIE GmbH, OU=BAB TECHNOLOGIE Signing CA, CN=x GmbH CA, ??=EasyRSA, emailAddress=info@bab-tec.de
subject name      : C=DE, ST=NRW, L=Dortmund, O=BAB TECHNOLOGIE GmbH, OU=BAB TECHNOLOGIE Signing CA, CN=BAB TECHNOLOGIE GmbH CA, ??=EasyRSA, emailAddress=info@bab-tec.de
issued  on        : 2017-11-29 10:42:20
expires on        : 2027-11-27 10:42:20
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=true

2018-01-17 08:30:45 VERIFY OK : depth=0
cert. version    : 3
serial number    : 01
issuer name      : C=DE, ST=NRW, L=Dortmund, O=BAB TECHNOLOGIE GmbH, OU=BAB TECHNOLOGIE Signing CA, CN=BAB TECHNOLOGIE GmbH CA, ??=EasyRSA, emailAddress=info@bab-tec.de
subject name      : C=DE, ST=NRW, L=Dortmund, O=BAB TECHNOLOGIE GmbH, OU=BAB TECHNOLOGIE Signing CA, CN=server, ??=EasyRSA, emailAddress=info@bab-tec.de
issued  on        : 2017-11-29 10:42:26
expires on        : 2027-11-27 10:42:26
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=false
subject alt name  : server
cert. type        : SSL Server
key usage        : Digital Signature, Key Encipherment
ext key usage    : TLS Web Server Authentication

2018-01-17 08:30:47 SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA
2018-01-17 08:30:47 Session is ACTIVE
2018-01-17 08:30:47 EVENT: GET_CONFIG
2018-01-17 08:30:47 Sending PUSH_REQUEST to server...
2018-01-17 08:30:47 OPTIONS:
0 [route-gateway] [10.8.0.1] 
1 [topology] [subnet] 
2 [ping] [10] 
3 [ping-restart] [90] 
4 [ifconfig] [10.8.0.2] [255.255.255.0] 

2018-01-17 08:30:47 PROTOCOL OPTIONS:
  cipher: AES-256-CBC
  digest: SHA1
  compress: LZO
  peer ID: -1
2018-01-17 08:30:47 EVENT: ASSIGN_IP
2018-01-17 08:30:47 NIP: preparing TUN network settings
2018-01-17 08:30:47 NIP: init TUN network settings with endpoint: x.x.x.x
2018-01-17 08:30:47 NIP: adding IPv4 address to network settings 10.8.0.2/255.255.255.0
2018-01-17 08:30:47 Connected via NetworkExtensionTUN
2018-01-17 08:30:47 LZO-ASYM init swap=0 asym=0
2018-01-17 08:30:47 EVENT: CONNECTED @x.myfritz.net:1724 (x.x.x.x) via /TCPv4 on NetworkExtensionTUN/10.8.0.2/ gw=[/]

I would guess it has something to do with the empty

gw=[/] 

part in the last line of version 1.2.5 and 1.2.6

Any idea?

Change History (7)

comment:1 Changed 6 years ago by Antonio Quartulli

Component: Generic / unclassifiedOpenVPN Connect
Owner: set to Antonio Quartulli
Status: newassigned

comment:2 in reply to:  description Changed 6 years ago by Antonio Quartulli

Hello and thanks for your report.

Replying to nodefeet:

I would guess it has something to do with the empty

gw=[/] 

part in the last line of version 1.2.5 and 1.2.6

Any idea?

No, this is just a reporting thing. not really relevant. It seems a routing problem, but it's strange because from the log your config seems pretty similar to one of my basic tests, still something is off.

Could you please share the client profile (of course without any key/ip)?

comment:3 Changed 6 years ago by Antonio Quartulli

One more question: what IP are you pinging exactly?

comment:4 Changed 6 years ago by nodefeet

I am pinging the VPN server 10.8.0.1 and without adding

 redirect-gateway def1

to the client file there is no answer.

Here is the client.ovpn:

client
dev tun
proto tcp
remote xxx.myfritz.net 1724
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-eku "TLS Web Server Authentication"
ns-cert-type server
cipher AES-256-CBC
comp-lzo
verb 4
mute 20
key-direction 1

<ca>
-----BEGIN CERTIFICATE-----
xxx
-----END CERTIFICATE-----
</ca>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
xxx
-----END OpenVPN Static key V1-----
</tls-auth>
<cert>
-----BEGIN CERTIFICATE-----
xxx
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
xxx
-----END PRIVATE KEY-----
</key>

comment:5 Changed 6 years ago by Antonio Quartulli

I think this is a duplicate of #999. If so, the next release (1.2.7) should fix this issue

comment:6 Changed 6 years ago by Antonio Quartulli

v1.2.7 is being rolled out to the various AppStore? as we speak. Please test it once you have a chance to upgrade and update this ticket accordingly, if possible. Thanks!

comment:7 Changed 6 years ago by Antonio Quartulli

Resolution: fixed
Status: assignedclosed

As this ticket was likely to be a duplicate of #999 and we got positive feedback on that one, I am closing this issue.

Feel free to open a new bug report should the problem persist.

Note: See TracTickets for help on using tickets.