OpenVPN on iOS connects, but no traffic
-
Hi all,
I have OpenVPN 2.4.4 installed and setup OpenVPN using the wizard and exported client config using the export utility. OpenVPN Connect on iOS connects fine, but no traffic flows through the VPN (websites won't load, can't connect to LAN).
OpenVPN for Android works fine. Any thoughts?
Sanitized iOS OpenVPN Connect log below.
2018-57-19 11:57:35 1 2018-57-19 11:57:35 ----- OpenVPN Start ----- OpenVPN core 3.2 ios arm64 64-bit PT_PROXY built on Oct 3 2018 06:35:04 2018-57-19 11:57:35 Frame=512/2048/512 mssfix-ctrl=1250 2018-57-19 11:57:35 UNUSED OPTIONS 0 [persist-tun] 1 [persist-key] 3 [ncp-ciphers] [AES-128-GCM] 5 [tls-client] 8 [verify-x509-name] [MyServerName] [name] 2018-57-19 11:57:35 EVENT: RESOLVE 2018-57-19 11:57:35 Contacting [XX.XX.XX.XX]:1194/UDP via UDP 2018-57-19 11:57:35 EVENT: WAIT 2018-57-19 11:57:35 Connecting to [MyDomain.com]:1194 (XX.XX.XX.XX) via UDPv4 2018-57-19 11:57:35 EVENT: CONNECTING 2018-57-19 11:57:35 Tunnel Options:V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client 2018-57-19 11:57:35 Creds: Username/Password 2018-57-19 11:57:35 Peer Info: IV_GUI_VER=net.openvpn.connect.ios 3.0.2-894 IV_VER=3.2 IV_PLAT=ios IV_NCP=2 IV_TCPNL=1 IV_PROTO=2 IV_LZO_STUB=1 IV_COMP_STUB=1 IV_COMP_STUBv2=1 IV_IPv6=1 2018-57-19 11:57:35 VERIFY OK : depth=1 cert. version : 3 serial number : 00 issuer name : CN=MyCA, C=CA, ST=State, L=Location, O=MyOrganization subject name : CN=MyServerName, C=CA, ST=State, L=Location, O=MyOrganization issued on : 2018-10-18 02:07:49 expires on : 2028-10-15 02:07:49 signed using : RSA with SHA-256 RSA key size : 2048 bits basic constraints : CA=true key usage : Key Cert Sign, CRL Sign 2018-57-19 11:57:35 VERIFY OK : depth=0 cert. version : 3 serial number : 01 issuer name : CN=MyCA, C=CA, ST=State, L=Location, O=MyOrganization subject name : CN=MyServerName, C=CA, ST=State, L=Location, O=MyOrganization issued on : 2018-10-18 02:07:50 expires on : 2028-10-15 02:07:50 signed using : RSA with SHA-256 RSA key size : 2048 bits basic constraints : CA=false subject alt name : MyServerName cert. type : SSL Server key usage : Digital Signature, Key Encipherment ext key usage : TLS Web Server Authentication, ??? 2018-57-19 11:57:35 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 2018-57-19 11:57:35 Session is ACTIVE 2018-57-19 11:57:35 EVENT: GET_CONFIG 2018-57-19 11:57:35 Sending PUSH_REQUEST to server... 2018-57-19 11:57:36 Sending PUSH_REQUEST to server... 2018-57-19 11:57:38 Sending PUSH_REQUEST to server... 2018-57-19 11:57:38 OPTIONS: 0 [dhcp-option] [DNS] [1.1.1.1] 1 [redirect-gateway] [def1] 2 [route-gateway] [10.0.1.1] 3 [topology] [subnet] 4 [ping] [10] 5 [ping-restart] [60] 6 [ifconfig] [10.0.1.2] [255.255.255.0] 7 [peer-id] [1] 8 [cipher] [AES-128-GCM] 2018-57-19 11:57:38 PROTOCOL OPTIONS: cipher: AES-128-GCM digest: SHA256 compress: COMP_STUB peer ID: 1 2018-57-19 11:57:38 EVENT: ASSIGN_IP 2018-57-19 11:57:38 NIP: preparing TUN network settings 2018-57-19 11:57:38 NIP: init TUN network settings with endpoint: XX.XX.XX.XX 2018-57-19 11:57:38 NIP: adding IPv4 address to network settings 10.0.1.2/255.255.255.0 2018-57-19 11:57:38 NIP: adding (included) IPv4 route 10.0.1.0/24 2018-57-19 11:57:38 NIP: redirecting all IPv4 traffic to TUN interface 2018-57-19 11:57:38 NIP: adding DNS 1.1.1.1 2018-57-19 11:57:38 Connected via NetworkExtensionTUN 2018-57-19 11:57:38 LZO-ASYM init swap=0 asym=1 2018-57-19 11:57:38 Comp-stub init swap=1 2018-57-19 11:57:38 EVENT: CONNECTED MyUser@MyDomain:1194 (XX.XX.XX.XX) via /UDPv4 on NetworkExtensionTUN/10.0.1.2/ gw=[/]
-
@shutch The latest OpenVPN client on iOS has 'allow compression' disabled by default, because of the VORACLE attack. Try re-enabling it in the settings to see if that helps.
-
@bigsy wow! thanks. After trying stuff for 3 hrs this tip was the answer.