OVPN export to iOS fails
-
Client profile export
persist-tun
persist-key
cipher AES-256-CBC
ncp-ciphers AES-128-GCM
auth SHA512
tls-client
client
remote [Server WAN address] 1195 udp4
verify-x509-name "Home vpn" name
auth-user-pass
remote-cert-tls server
compress -
Bump
-
The difference to my working iOS config (running the latest iOS and OpenVPN app) is this:
dev tun
cipher AES-256-GCM
ncp-disable
auth SHA256
resolv-retry infinite
remote [Server WAN address] 1195 udp-Rico
-
This works also just fine with all kind of "I" stuff :
dev tun
tun-ipv6
persist-tun
persist-key
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
auth SHA256
tls-client
client
resolv-retry infinite
remote work.work-domain.tld 1194 udp4
..... -
Maybe there is a problem with
auth SHA512and iOS?-Rico
-
@Rico said in OVPN export to iOS fails:
Maybe there is a problem with auth SHA512 and iOS?
No since I just set it and worked just fine..
iphone XR running 13.5.1 with openvpn connect 3.1.2 (3096)
persist-tun persist-key cipher AES-128-CBC ncp-ciphers AES-128-GCM:AES-192-GCM:AES-256-GCM:AES-128-CBC:AES-192-CBC:AES-256-CBC auth SHA512 tls-client client remote 64.53.x.x 1194 udp4 verify-x509-name "pfsenseopenvpn" name remote-cert-tls server
-
udp4VSudp? :-)-Rico
-
Well not running it on IPv6.. So yeah its set to UDP v4 only...
-
Yeah NM, I see Gertjan is also using udp4 in the config like TO.
-Rico
-
Why would I set it for both if I only want it on v4 ;)
The export wizard auto does that, since that is how the server instance is set.
The wan interface doesn't have v6, so if I wanted to do vpn over ipv6 I would have to setup a different instance via the he tunnel interface. No point in that even though my phone only gets an IPv6 address, it can connect to the IPv4 address just fine.. Many a mobile carrier going that route.. T-mobile only hands out IPv6 for phones atleast here in chicagoland.
The one real use of IPv6 currently - supply IPs to the BILLIONS of mobile phones ;)
-
@Rico said in OVPN export to iOS fails:
Yeah NM, I see Gertjan is also using udp4 in the config like TO.
You bet it is !
I'm actually VPN-into-work just to get my iPhone 'multistacked' ^^
All this over an UDP IPV4 link of course.
