OpenVPN for iOS - Finally Available!
-
Works great for me. But is there any way to send all data through OpenVPN on iPhone?
-
Works great for me. But is there any way to send all data through OpenVPN on iPhone?
Yup! Just add the following to the config file before importing:
redirect-gateway -
Works great for me. But is there any way to send all data through OpenVPN on iPhone?
Yup! Just add the following to the config file before importing:
redirect-gatewaythanks a lot!
-
I have put the 'mute-replay-warnings' in my config's but those messages stays…
Lyserge, have you tried "verb 1" in your config?
-
The number one suspect for repeated replay warnings is a mismatched clock between the two nodes.
-
The number one suspect for repeated replay warnings is a mismatched clock between the two nodes.
Should I also check the time/date in the BIOS of my Soekris net5501 (with crypto card) ? :-\
pfSense and my laptop is configured with time.euro.apple.com and is in sync with my iPhone 4 (tried to manually set the time, reboot etc).
Every connection has very similar logs, the connection time is always 21 seconds and bad packet ID #3 and #43 is shown every time in the serverlogs.
Running OpenVPN server on UDP/443. CA and server/user certs is 2048 bits (RSA+SHA1)
pfSense WebConfigurator running on custom port…
-
This freaking ROCKS!!!! I have been waiting for this for a while.. Works great - bing bang zoom. I just used dropbox to get my inline config to my ipad.
Seem its does not support tcp though? I tried my tcp config and it gave error about proto tcp. But works like a champ using udp.
Thanks!!!! And great doc as well, I would add the dropbox option as way to get your .opvn file to your device – oh I can edit docs, might have to add that. Again thanks this is SWEET!
Now just have to see if can get the ipv6 over openvpn working.
-
It does support TCP but read back a few posts for the edit to make so it works.
I will have to make separate inline export options for iOS and "everything else" since this client seems to have a lot of quirks with what it accepts, and there's no need to nerf the other platforms because this one hasn't (yet) caught up.
-
I tried the
with "option tcp"
In the config - it now loads it, since I removed proto tcp, but its not connecting - looks like its trying to connect with udp on my tcp port. Could you post an example client config you got for using tcp?
I use my current tcp configuration on my windows desktop everyday without any issues. So I know the server is working, etc.
edit: odd, now its working - I put back the proto tcp, along with option tcp and its working via tcp! Sweet!
edit: working great now, did a couple of edits on my files. And works great now have a tcp profile and upd profile. Now this thread mentions android.. So asking too much I am sure but this going to work with kindle fire?? That would be the icing on the cake!
-
The VPN on Demand feature is really nice, and the iPhone Configuration Utility's generated plist file is a nice way to "package" the VPN profile for users. I found this project to convert PHPs data structures into plists (https://github.com/rodneyrehm/CFPropertyList) which could be a way to quickly generate the profile to iOS devices.
If anyone wants to try this route, here are the instructions from the "Help" section of the OpenVPN app (attached).
[openvpn vod for ios.txt](/public/imported_attachments/1/openvpn vod for ios.txt)
-
OK, I put up a new version of the OpenVPN client export package again. Using the feedback from this thread and other sources, I fixed all the issues I'm aware of with the iOS client and options like tcp, etc.
It should be more aware of a wider range of quirks needed for the iOS and Android OpenVPN clients, and configs should import without any complaints on both platforms.
Note that if you're on 2.1 and you intend to use IPv6, you need to be on a snapshot from later today or tomorrow, and check the option to use topology subnet on the OpenVPN server. You can alternately put in "topology subnet" in the server's advanced configuration field if you're on an older snapshot.
-
Getting a lot of these in the logs. Is this normal?
Jan 23 09:19:56 openvpn[19318]: xxx.xxx.xxx.xxx:59847 TLS Error: TLS handshake failed
Jan 23 09:19:56 openvpn[19318]: xxx.xxx.xxx.xxx:59847 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan 23 09:19:46 openvpn[19318]: xxx.xxx.xxx.xxx:54073 TLS Error: TLS handshake failed
Jan 23 09:19:46 openvpn[19318]: xxx.xxx.xxx.xxx:54073 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan 23 09:19:38 openvpn[19318]: xxx.xxx.xxx.xxx:60430 TLS Error: TLS handshake failed
Jan 23 09:19:38 openvpn[19318]: xxx.xxx.xxx.xxx:60430 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan 23 09:19:04 openvpn[19318]: xxx.xxx.xxx.xxx:59847 TLS Error: incoming packet authentication failed from [AF_INET]xxx.xxx.xxx.xxx:59847
Jan 23 09:19:04 openvpn[19318]: xxx.xxx.xxx.xxx:59847 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1358950734) Wed Jan 23 09:18:54 2013 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 23 09:19:02 openvpn[19318]: xxx.xxx.xxx.xxx:59847 TLS Error: incoming packet authentication failed from [AF_INET]xxx.xxx.xxx.xxx:59847
Jan 23 09:19:02 openvpn[19318]: xxx.xxx.xxx.xxx:59847 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1358950734) Wed Jan 23 09:18:54 2013 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 23 09:19:00 openvpn[19318]: xxx.xxx.xxx.xxx:59847 TLS Error: incoming packet authentication failed from [AF_INET]xxx.xxx.xxx.xxx:59847
Jan 23 09:19:00 openvpn[19318]: xxx.xxx.xxx.xxx:59847 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1358950734) Wed Jan 23 09:18:54 2013 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 23 09:18:58 openvpn[19318]: xxx.xxx.xxx.xxx:59847 TLS Error: incoming packet authentication failed from [AF_INET]xxx.xxx.xxx.xxx:59847
Jan 23 09:18:58 openvpn[19318]: xxx.xxx.xxx.xxx:59847 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1358950734) Wed Jan 23 09:18:54 2013 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 23 09:18:56 openvpn[19318]: xxx.xxx.xxx.xxx:59847 LZO compression initialized
Jan 23 09:18:56 openvpn[19318]: xxx.xxx.xxx.xxx:59847 Re-using SSL/TLS context
Jan 23 09:18:54 openvpn[19318]: xxx.xxx.xxx.xxx:54073 TLS Error: incoming packet authentication failed from [AF_INET]xxx.xxx.xxx.xxx:54073
Jan 23 09:18:54 openvpn[19318]: xxx.xxx.xxx.xxx:54073 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1358950724) Wed Jan 23 09:18:44 2013 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings -
Getting a lot of these in the logs. Is this normal?
Jan 23 09:19:38 openvpn[19318]: xxx.xxx.xxx.xxx:60430 TLS Error: TLS handshake failed
Jan 23 09:19:38 openvpn[19318]: xxx.xxx.xxx.xxx:60430 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan 23 09:19:04 openvpn[19318]: xxx.xxx.xxx.xxx:59847 TLS Error: incoming packet authentication failed from [AF_INET]xxx.xxx.xxx.xxx:59847
Jan 23 09:19:04 openvpn[19318]: xxx.xxx.xxx.xxx:59847 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1358950734) Wed Jan 23 09:18:54 2013 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 23 09:19:02 openvpn[19318]: xxx.xxx.xxx.xxx:59847 TLS Error: incoming packet authentication failed from [AF_INET]xxx.xxx.xxx.xxx:59847
Jan 23 09:19:02 openvpn[19318]: xxx.xxx.xxx.xxx:59847 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1358950734) Wed Jan 23 09:18:54 2013 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warningsThat was already covered in this thread, at the end of the previous page/top of this one.
-
So adding "verb 1" in the config file will stop the errors?
-
With the new client package, import is sucessful on Android. But now I get a new error when trying to connect.
OpenVPN core error: option_error: tls-remote not supported
-
With the new client package, import is sucessful on Android. But now I get a new error when trying to connect.
OpenVPN core error: option_error: tls-remote not supported
Is that error from Android or iOS? The Android client supports tls-remote, but the iOS client does not.
Note that in the latest client export package there are separate links for the Android and iOS configs - they don't all go to the same file.
-
This error is coming from my Android device. I updated with Android config.. also tried "All Other Platforms" .. same error.
This wasn't an issue earlier when I used the basic inline config.
-
Just tested the iOS config on an iPhone and that worked. Though I still saw the below error.
Jan 23 11:07:17 openvpn[19318]: xxx.xxx.xxx.xxx:62546 TLS Error: incoming packet authentication failed from [AF_INET]xxx.xxx.xxx.xxx:62546
Jan 23 11:07:17 openvpn[19318]: xxx.xxx.xxx.xxx:62546 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1358957236) Wed Jan 23 11:07:16 2013 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings -
Funny.. I used the iOS config on my Android and it worked. Something definitely is messing up the Android config generation.
-
Which Android client are you using?
If it's the "OpenVPN Connect" client it may suffer the same limits as the iOS app.
I use this app on Android:
https://play.google.com/store/apps/details?id=de.blinkt.openvpn
