Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN no longer connects from iOS Devices following upgrade to 2.1.5

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 4 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cpressland
      last edited by

      Hey Guys,

      I upgraded one of my pfSense boxes this morning and since then iOS Clients can no longer connect to the OpenVPN instance running on this box.

      Server Log:

      Sep  8 15:13:44 pfsense openvpn[75741]: <sourceip>:53947 TLS_ERROR: BIO read tls_read_plaintext error: error:04075070:rsa routines:RSA_sign:digest too big for rsa key: error:1409B006:SSL routines:SSL3_SEND_SERVER_KEY_EXCHANGE:EVP lib
      Sep  8 15:13:44 pfsense openvpn[75741]: <sourceip>:53947 TLS Error: TLS object -> incoming plaintext read error
      Sep  8 15:13:44 pfsense openvpn[75741]: <sourceip>:53947 TLS Error: TLS handshake failed</sourceip></sourceip></sourceip>
      

      Client Log:

      2014-09-08 15:13:01 LZO-ASYM init swap=0 asym=0
      2014-09-08 15:13:01 EVENT: RESOLVE
      2014-09-08 15:13:01 Contacting <destinationip>:1194 via UDP
      2014-09-08 15:13:01 EVENT: WAIT
      2014-09-08 15:13:01 Connecting to <destinationip>:1194 (<destinationip>) via UDPv4
      2014-09-08 15:13:01 EVENT: CONNECTING
      2014-09-08 15:13:01 Tunnel Options:V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client
      2014-09-08 15:13:01 Creds: Username/Password
      2014-09-08 15:13:01 Peer Info:
      IV_GUI_VER=net.openvpn.connect.ios 1.0.4-140
      IV_VER=3.0
      IV_PLAT=ios
      IV_NCP=1
      IV_LZO=1
      
      2014-09-08 15:13:42 Session invalidated: KEEPALIVE_TIMEOUT
      2014-09-08 15:13:42 Client terminated, restarting in 2...
      2014-09-08 15:13:44 EVENT: RECONNECTING
      2014-09-08 15:13:44 LZO-ASYM init swap=0 asym=0
      2014-09-08 15:13:44 EVENT: RESOLVE
      2014-09-08 15:13:44 Contacting 86.28.107.90:1194 via UDP
      2014-09-08 15:13:44 EVENT: WAIT
      2014-09-08 15:13:44 Connecting to <destinationip>:1194 (<destinationip>) via UDPv4
      2014-09-08 15:13:44 EVENT: CONNECTING
      2014-09-08 15:13:44 Tunnel Options:V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client
      2014-09-08 15:13:44 Creds: Username/Password
      2014-09-08 15:13:44 Peer Info:
      IV_GUI_VER=net.openvpn.connect.ios 1.0.4-140
      IV_VER=3.0
      IV_PLAT=ios
      IV_NCP=1
      IV_LZO=1
      
      2014-09-08 15:14:01 EVENT: CONNECTION_TIMEOUT [ERR]
      2014-09-08 15:14:01 EVENT: DISCONNECTED
      2014-09-08 15:14:01 Raw stats on disconnect:
       BYTES_IN : 208
       BYTES_OUT : 3672
       PACKETS_IN : 4
       PACKETS_OUT : 34
       KEEPALIVE_TIMEOUT : 1
       CONNECTION_TIMEOUT : 1
       N_RECONNECT : 1
      2014-09-08 15:14:01 Performance stats on disconnect:
       CPU usage (microseconds): 19638
       Network bytes per CPU second: 197576
       Tunnel bytes per CPU second: 0
      2014-09-08 15:14:01 ----- OpenVPN Stop -----
      2014-09-08 15:14:01 EVENT: DISCONNECT_PENDING</destinationip></destinationip></destinationip></destinationip></destinationip>
      

      Googling around didn't produce anything directly tied to the new versions of OpenVPN or pfSense.

      Note that Desktop devices seem to connect using the community client running as a service fine.

      Any ideas or anything else I can provide to help?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • R
        rbrooks8
        last edited by

        Did you ever have a resolution on this?

        1 Reply Last reply Reply Quote 0
        • D
          doktornotor Banned
          last edited by

          Dude, you are posting into over one year dead thread about 2.1.5. Why'd you be "upgrading" to completely obsolete release now?

          1 Reply Last reply Reply Quote 0
          • D
            divsys
            last edited by

            Why'd you be "upgrading" to completely obsolete release now?

            Yup, +1 on that.

            From all accounts 2.2.5 is stable, especially as far as OpenVPN.
            I've got more than a few iOS devices talking to  various 2.2.5 sites using OPenVPN.

            I'd be inclined to make sure your pfSense is up to date, then make sure the iOS client is as well.

            -jfp

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.