iOS: app not routing entire VPN network

[karpuzvepeynir]

Openvpn runs on my Mikrotik CCR1016 router (ver 6.39.3) very well. Tunnelbrick on Mac, OpenVpn? GUI on Windows, OpenVpn? Client Free on Android can connect to the Mikrotik. They work fine also. OpenVpn? Connect on IOS used to work fine also before updated to 1.2.5. OpenVpn? Connect 1.2.6 is also not working.

Now, when IOS device connects to the Mikrotik like before, I can ping the IOS device from LAN. I also see dns and ping traffic to the dns servers. But, from the ios device to LAN, there is no traffic pass except to dns servers.

I've added "redirect-gateway def1" to ovpn client file. It's worked fine.

[plaisthos]

Server is not pushing redirect-gateway nor does the client file include redirect-gateway. So the behaviour looks completely fine to me. If the previous version routed everything over VPN, that sounds more like a bug in previous version than this.

[karpuzvepeynir]

I've added "redirect-gateway def1" to ovpn client file.

But all device traffic routes to LAN. This was for just testing. I don't want to use like that.

If I don't add the "redirect-gateway def1" to ovpn client file, device traffic to LAN will be routed to LAN via vpn server. But other traffic except LAN will be routed to internet. Am I right?

If you answer yes, I will say that Openvpn Connect 1.2.6 doesn't work like that.

[karpuzvepeynir]

Device traffic to LAN does not to be routed to LAN via vpn server without "redirect-gateway def1".

This is the problem.

[Antonio Quartulli]

Replying to karpuzvepeynir:

Device traffic to LAN does not to be routed to LAN via vpn server without "redirect-gateway def1".

This is the problem.

what IP class does the "LAN" belong to? and what is the VPN range?

[karpuzvepeynir]

LAN: 10.10.0.0/16
VPN range is same with lan.

Tunnelbrick on Mac, Openvpn Gui on Windows, Openvpn Client Free on Android works good with the same client conf file.

[plaisthos]

Still neither the OpenVPN client config has 10.0.0.0/16 in it nor does the server push that route. So the behaviour is correct. I bet OpneVPN Connect and OpenVPN for Android on Android will behave as the iOS client.

[plaisthos]

Since you blanked out your config we cannot really tell what is going on with the ips.

[karpuzvepeynir]

I've attached the ios client log file with local IPs, but not included real IP.

Tomorrow I will send the log of Openvpn Gui for Windows, if you wish. You will see that the server pushes the 10.10.0.0/16 route on Windows log file also.

[Antonio Quartulli]

This apparently is still a glitch in the Apple API.

When adding X/16 as interface IP it is expected to automatically create a route for the entire subnet, but apparently this does not happen and needs to be done "manually" (by the app).

[Antonio Quartulli]

A fix will be shipped in the next release. Thanks

[Antonio Quartulli]

as a workaround for now you can push the route from your server with:

push "route <my network> <subnet mask>"

[karpuzvepeynir]

Thanks for your understanding.

Is there a estimated date to next release?

[Antonio Quartulli]

v1.2.7 is being rolled out to the various AppStore? as we speak. Please test it once you have a chance to upgrade and update this ticket accordingly, if possible. Thanks!

[karpuzvepeynir]

1.2.7 works now!

The route came back:
2018-01-31 08:46:26 NIP: adding (included) IPv4 route 10.10.0.0/16

Thank you so much ordex!

[Antonio Quartulli]

Glad to hear that and thanks for the update!
I am closing this ticket.