OpenVPN on iOS connects, but no traffic

shutch

Hi all,

I have OpenVPN 2.4.4 installed and setup OpenVPN using the wizard and exported client config using the export utility. OpenVPN Connect on iOS connects fine, but no traffic flows through the VPN (websites won't load, can't connect to LAN).

OpenVPN for Android works fine. Any thoughts?

Sanitized iOS OpenVPN Connect log below.

2018-57-19 11:57:35 1

2018-57-19 11:57:35 ----- OpenVPN Start -----
OpenVPN core 3.2 ios arm64 64-bit PT_PROXY built on Oct 3 2018 06:35:04

2018-57-19 11:57:35 Frame=512/2048/512 mssfix-ctrl=1250

2018-57-19 11:57:35 UNUSED OPTIONS
0 [persist-tun] 
1 [persist-key] 
3 [ncp-ciphers] [AES-128-GCM] 
5 [tls-client] 
8 [verify-x509-name] [MyServerName] [name] 

2018-57-19 11:57:35 EVENT: RESOLVE

2018-57-19 11:57:35 Contacting [XX.XX.XX.XX]:1194/UDP via UDP

2018-57-19 11:57:35 EVENT: WAIT

2018-57-19 11:57:35 Connecting to [MyDomain.com]:1194 (XX.XX.XX.XX) via UDPv4

2018-57-19 11:57:35 EVENT: CONNECTING

2018-57-19 11:57:35 Tunnel Options:V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client

2018-57-19 11:57:35 Creds: Username/Password

2018-57-19 11:57:35 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 3.0.2-894
IV_VER=3.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_IPv6=1


2018-57-19 11:57:35 VERIFY OK : depth=1
cert. version : 3
serial number : 00
issuer name : CN=MyCA, C=CA, ST=State, L=Location, O=MyOrganization
subject name : CN=MyServerName, C=CA, ST=State, L=Location, O=MyOrganization
issued on : 2018-10-18 02:07:49
expires on : 2028-10-15 02:07:49
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=true
key usage : Key Cert Sign, CRL Sign


2018-57-19 11:57:35 VERIFY OK : depth=0
cert. version : 3
serial number : 01
issuer name : CN=MyCA, C=CA, ST=State, L=Location, O=MyOrganization
subject name : CN=MyServerName, C=CA, ST=State, L=Location, O=MyOrganization
issued on : 2018-10-18 02:07:50
expires on : 2028-10-15 02:07:50
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=false
subject alt name : MyServerName
cert. type : SSL Server
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication, ???


2018-57-19 11:57:35 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384

2018-57-19 11:57:35 Session is ACTIVE

2018-57-19 11:57:35 EVENT: GET_CONFIG

2018-57-19 11:57:35 Sending PUSH_REQUEST to server...

2018-57-19 11:57:36 Sending PUSH_REQUEST to server...

2018-57-19 11:57:38 Sending PUSH_REQUEST to server...

2018-57-19 11:57:38 OPTIONS:
0 [dhcp-option] [DNS] [1.1.1.1] 
1 [redirect-gateway] [def1] 
2 [route-gateway] [10.0.1.1] 
3 [topology] [subnet] 
4 [ping] [10] 
5 [ping-restart] [60] 
6 [ifconfig] [10.0.1.2] [255.255.255.0] 
7 [peer-id] [1] 
8 [cipher] [AES-128-GCM] 


2018-57-19 11:57:38 PROTOCOL OPTIONS:
cipher: AES-128-GCM
digest: SHA256
compress: COMP_STUB
peer ID: 1

2018-57-19 11:57:38 EVENT: ASSIGN_IP

2018-57-19 11:57:38 NIP: preparing TUN network settings

2018-57-19 11:57:38 NIP: init TUN network settings with endpoint: XX.XX.XX.XX

2018-57-19 11:57:38 NIP: adding IPv4 address to network settings 10.0.1.2/255.255.255.0

2018-57-19 11:57:38 NIP: adding (included) IPv4 route 10.0.1.0/24

2018-57-19 11:57:38 NIP: redirecting all IPv4 traffic to TUN interface

2018-57-19 11:57:38 NIP: adding DNS 1.1.1.1

2018-57-19 11:57:38 Connected via NetworkExtensionTUN

2018-57-19 11:57:38 LZO-ASYM init swap=0 asym=1

2018-57-19 11:57:38 Comp-stub init swap=1

2018-57-19 11:57:38 EVENT: CONNECTED MyUser@MyDomain:1194 (XX.XX.XX.XX) via /UDPv4 on NetworkExtensionTUN/10.0.1.2/ gw=[/]

bigsy

@shutch The latest OpenVPN client on iOS has 'allow compression' disabled by default, because of the VORACLE attack. Try re-enabling it in the settings to see if that helps.

JonH

@bigsy wow! thanks. After trying stuff for 3 hrs this tip was the answer.