OpenVPN for iOS - Finally Available!
-
Getting a lot of these in the logs. Is this normal?
Jan 23 09:19:56 openvpn[19318]: xxx.xxx.xxx.xxx:59847 TLS Error: TLS handshake failed
Jan 23 09:19:56 openvpn[19318]: xxx.xxx.xxx.xxx:59847 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan 23 09:19:46 openvpn[19318]: xxx.xxx.xxx.xxx:54073 TLS Error: TLS handshake failed
Jan 23 09:19:46 openvpn[19318]: xxx.xxx.xxx.xxx:54073 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan 23 09:19:38 openvpn[19318]: xxx.xxx.xxx.xxx:60430 TLS Error: TLS handshake failed
Jan 23 09:19:38 openvpn[19318]: xxx.xxx.xxx.xxx:60430 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan 23 09:19:04 openvpn[19318]: xxx.xxx.xxx.xxx:59847 TLS Error: incoming packet authentication failed from [AF_INET]xxx.xxx.xxx.xxx:59847
Jan 23 09:19:04 openvpn[19318]: xxx.xxx.xxx.xxx:59847 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1358950734) Wed Jan 23 09:18:54 2013 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 23 09:19:02 openvpn[19318]: xxx.xxx.xxx.xxx:59847 TLS Error: incoming packet authentication failed from [AF_INET]xxx.xxx.xxx.xxx:59847
Jan 23 09:19:02 openvpn[19318]: xxx.xxx.xxx.xxx:59847 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1358950734) Wed Jan 23 09:18:54 2013 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 23 09:19:00 openvpn[19318]: xxx.xxx.xxx.xxx:59847 TLS Error: incoming packet authentication failed from [AF_INET]xxx.xxx.xxx.xxx:59847
Jan 23 09:19:00 openvpn[19318]: xxx.xxx.xxx.xxx:59847 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1358950734) Wed Jan 23 09:18:54 2013 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 23 09:18:58 openvpn[19318]: xxx.xxx.xxx.xxx:59847 TLS Error: incoming packet authentication failed from [AF_INET]xxx.xxx.xxx.xxx:59847
Jan 23 09:18:58 openvpn[19318]: xxx.xxx.xxx.xxx:59847 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1358950734) Wed Jan 23 09:18:54 2013 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 23 09:18:56 openvpn[19318]: xxx.xxx.xxx.xxx:59847 LZO compression initialized
Jan 23 09:18:56 openvpn[19318]: xxx.xxx.xxx.xxx:59847 Re-using SSL/TLS context
Jan 23 09:18:54 openvpn[19318]: xxx.xxx.xxx.xxx:54073 TLS Error: incoming packet authentication failed from [AF_INET]xxx.xxx.xxx.xxx:54073
Jan 23 09:18:54 openvpn[19318]: xxx.xxx.xxx.xxx:54073 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1358950724) Wed Jan 23 09:18:44 2013 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings -
Getting a lot of these in the logs. Is this normal?
Jan 23 09:19:38 openvpn[19318]: xxx.xxx.xxx.xxx:60430 TLS Error: TLS handshake failed
Jan 23 09:19:38 openvpn[19318]: xxx.xxx.xxx.xxx:60430 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan 23 09:19:04 openvpn[19318]: xxx.xxx.xxx.xxx:59847 TLS Error: incoming packet authentication failed from [AF_INET]xxx.xxx.xxx.xxx:59847
Jan 23 09:19:04 openvpn[19318]: xxx.xxx.xxx.xxx:59847 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1358950734) Wed Jan 23 09:18:54 2013 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 23 09:19:02 openvpn[19318]: xxx.xxx.xxx.xxx:59847 TLS Error: incoming packet authentication failed from [AF_INET]xxx.xxx.xxx.xxx:59847
Jan 23 09:19:02 openvpn[19318]: xxx.xxx.xxx.xxx:59847 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1358950734) Wed Jan 23 09:18:54 2013 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warningsThat was already covered in this thread, at the end of the previous page/top of this one.
-
So adding "verb 1" in the config file will stop the errors?
-
With the new client package, import is sucessful on Android. But now I get a new error when trying to connect.
OpenVPN core error: option_error: tls-remote not supported
-
With the new client package, import is sucessful on Android. But now I get a new error when trying to connect.
OpenVPN core error: option_error: tls-remote not supported
Is that error from Android or iOS? The Android client supports tls-remote, but the iOS client does not.
Note that in the latest client export package there are separate links for the Android and iOS configs - they don't all go to the same file.
-
This error is coming from my Android device. I updated with Android config.. also tried "All Other Platforms" .. same error.
This wasn't an issue earlier when I used the basic inline config.
-
Just tested the iOS config on an iPhone and that worked. Though I still saw the below error.
Jan 23 11:07:17 openvpn[19318]: xxx.xxx.xxx.xxx:62546 TLS Error: incoming packet authentication failed from [AF_INET]xxx.xxx.xxx.xxx:62546
Jan 23 11:07:17 openvpn[19318]: xxx.xxx.xxx.xxx:62546 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1358957236) Wed Jan 23 11:07:16 2013 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings -
Funny.. I used the iOS config on my Android and it worked. Something definitely is messing up the Android config generation.
-
Which Android client are you using?
If it's the "OpenVPN Connect" client it may suffer the same limits as the iOS app.
I use this app on Android:
https://play.google.com/store/apps/details?id=de.blinkt.openvpn -
I am using OpenVPN Connect
-
then that explains it :-)
I'll have to find a way to reword the choices to make that clearer… but the client we link to on the doc wiki for Android is the one I linked above. I haven't tried OpenVPN connect on Android but it appears to function the same as the iOS app so the same config should work for both.
The client I linked for Android, IMO, is better. You can adjust many of the config options directly in the GUI rather than re-importing to make any changes.
-
Updated the export package again, reworded the links a little. Also added a list of links to recommended and other clients at the bottom of the page.
-
meh ::)
LOL !.. well at least that clarifies some confusion. The iOS/Android config download link still has iOS mentioned.. might get a bit confusing for first timers.
-
No there are two options for android, "Android" (for OpenVPN for Android) and "OpenVPN Connect (Android/iOS)" (for OpenVPN connect on both platforms).
The "iOS" config was not specific to iOS, it's only specific to the OpenVPN connect app.
At least their quirks are cross-platform. :-)
-
Ya well I don't see "OpenVPN for Android" written next to them..
This is what I see
- Inline Configurations:
Android OpenVPN Connect (iOS/Android) Others
- Inline Configurations:
-
Yeah there's not a ton of room there to write it all out. I had to make room to put in what is there. I'm hoping someone is smart enough that if they installed OpenVPN Connect they'll at least consider the option of clicking the name of the client they did install.
Or they'll be smarter and not install OpenVPN Connect on Android :p
-
Well I tried OpenVPN for Android.. as you recommended.. now I get this error while importing the android config
Error reading config file
Option tls-remote has 2 parameters, expected between 1 and 1Moving back to my iOS config on the Android. That works on this new client as well.
-
check the box to quote the server cn before exporting.
And in the future, don't put spaces in your certificate common names. :-)
-
Finally.. that worked. Thanks!
Why is the iOS config not affected by the space?
-
It doesn't support tls-remote so that line is left out entirely for the OpenVPN Connect config.
The OpenVPN connect config will also work in the OpenVPN for Android client but it is missing a few lines that can be beneficial for security reasons (like tls-remote)
