Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN on iOS connects, but no traffic

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 3 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      shutch
      last edited by

      Hi all,

      I have OpenVPN 2.4.4 installed and setup OpenVPN using the wizard and exported client config using the export utility. OpenVPN Connect on iOS connects fine, but no traffic flows through the VPN (websites won't load, can't connect to LAN).

      OpenVPN for Android works fine. Any thoughts?

      Sanitized iOS OpenVPN Connect log below.

      2018-57-19 11:57:35 1
      
      2018-57-19 11:57:35 ----- OpenVPN Start -----
      OpenVPN core 3.2 ios arm64 64-bit PT_PROXY built on Oct 3 2018 06:35:04
      
      2018-57-19 11:57:35 Frame=512/2048/512 mssfix-ctrl=1250
      
      2018-57-19 11:57:35 UNUSED OPTIONS
      0 [persist-tun] 
      1 [persist-key] 
      3 [ncp-ciphers] [AES-128-GCM] 
      5 [tls-client] 
      8 [verify-x509-name] [MyServerName] [name] 
      
      2018-57-19 11:57:35 EVENT: RESOLVE
      
      2018-57-19 11:57:35 Contacting [XX.XX.XX.XX]:1194/UDP via UDP
      
      2018-57-19 11:57:35 EVENT: WAIT
      
      2018-57-19 11:57:35 Connecting to [MyDomain.com]:1194 (XX.XX.XX.XX) via UDPv4
      
      2018-57-19 11:57:35 EVENT: CONNECTING
      
      2018-57-19 11:57:35 Tunnel Options:V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client
      
      2018-57-19 11:57:35 Creds: Username/Password
      
      2018-57-19 11:57:35 Peer Info:
      IV_GUI_VER=net.openvpn.connect.ios 3.0.2-894
      IV_VER=3.2
      IV_PLAT=ios
      IV_NCP=2
      IV_TCPNL=1
      IV_PROTO=2
      IV_LZO_STUB=1
      IV_COMP_STUB=1
      IV_COMP_STUBv2=1
      IV_IPv6=1
      
      
      2018-57-19 11:57:35 VERIFY OK : depth=1
      cert. version : 3
      serial number : 00
      issuer name : CN=MyCA, C=CA, ST=State, L=Location, O=MyOrganization
      subject name : CN=MyServerName, C=CA, ST=State, L=Location, O=MyOrganization
      issued on : 2018-10-18 02:07:49
      expires on : 2028-10-15 02:07:49
      signed using : RSA with SHA-256
      RSA key size : 2048 bits
      basic constraints : CA=true
      key usage : Key Cert Sign, CRL Sign
      
      
      2018-57-19 11:57:35 VERIFY OK : depth=0
      cert. version : 3
      serial number : 01
      issuer name : CN=MyCA, C=CA, ST=State, L=Location, O=MyOrganization
      subject name : CN=MyServerName, C=CA, ST=State, L=Location, O=MyOrganization
      issued on : 2018-10-18 02:07:50
      expires on : 2028-10-15 02:07:50
      signed using : RSA with SHA-256
      RSA key size : 2048 bits
      basic constraints : CA=false
      subject alt name : MyServerName
      cert. type : SSL Server
      key usage : Digital Signature, Key Encipherment
      ext key usage : TLS Web Server Authentication, ???
      
      
      2018-57-19 11:57:35 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
      
      2018-57-19 11:57:35 Session is ACTIVE
      
      2018-57-19 11:57:35 EVENT: GET_CONFIG
      
      2018-57-19 11:57:35 Sending PUSH_REQUEST to server...
      
      2018-57-19 11:57:36 Sending PUSH_REQUEST to server...
      
      2018-57-19 11:57:38 Sending PUSH_REQUEST to server...
      
      2018-57-19 11:57:38 OPTIONS:
      0 [dhcp-option] [DNS] [1.1.1.1] 
      1 [redirect-gateway] [def1] 
      2 [route-gateway] [10.0.1.1] 
      3 [topology] [subnet] 
      4 [ping] [10] 
      5 [ping-restart] [60] 
      6 [ifconfig] [10.0.1.2] [255.255.255.0] 
      7 [peer-id] [1] 
      8 [cipher] [AES-128-GCM] 
      
      
      2018-57-19 11:57:38 PROTOCOL OPTIONS:
      cipher: AES-128-GCM
      digest: SHA256
      compress: COMP_STUB
      peer ID: 1
      
      2018-57-19 11:57:38 EVENT: ASSIGN_IP
      
      2018-57-19 11:57:38 NIP: preparing TUN network settings
      
      2018-57-19 11:57:38 NIP: init TUN network settings with endpoint: XX.XX.XX.XX
      
      2018-57-19 11:57:38 NIP: adding IPv4 address to network settings 10.0.1.2/255.255.255.0
      
      2018-57-19 11:57:38 NIP: adding (included) IPv4 route 10.0.1.0/24
      
      2018-57-19 11:57:38 NIP: redirecting all IPv4 traffic to TUN interface
      
      2018-57-19 11:57:38 NIP: adding DNS 1.1.1.1
      
      2018-57-19 11:57:38 Connected via NetworkExtensionTUN
      
      2018-57-19 11:57:38 LZO-ASYM init swap=0 asym=1
      
      2018-57-19 11:57:38 Comp-stub init swap=1
      
      2018-57-19 11:57:38 EVENT: CONNECTED MyUser@MyDomain:1194 (XX.XX.XX.XX) via /UDPv4 on NetworkExtensionTUN/10.0.1.2/ gw=[/]
      
      B 1 Reply Last reply Reply Quote 0
      • B
        bigsy @shutch
        last edited by

        @shutch The latest OpenVPN client on iOS has 'allow compression' disabled by default, because of the VORACLE attack. Try re-enabling it in the settings to see if that helps.

        J 1 Reply Last reply Reply Quote 0
        • J
          JonH @bigsy
          last edited by

          @bigsy wow! thanks. After trying stuff for 3 hrs this tip was the answer.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.