I updated PFSense from 2.4.0 to 2.5.2 and iOS no longer connects
-
Hello, good morning everyone! I've been using PFSense and OpenVPN for a long time without any problems. So I decided to update the version from 2.4.0 to 2.5.1 and a very strange problem happens. The VPN connects on Android, Windows, OSX without any problems... but on iOS it doesn't connect at all with this message:
[Jun 05, 2023, 11:41:30 am] OPTIONS:
0 [route] [192.168.2.0] [255.255.255.0]
1 [route-gateway] [10.0.59.1]
2 [ping] [10]
3 [ping-restart] [60]
4 [ifconfig] [10.0.59.92] [255.255.255.0]
5 [peer-id] [1]
6 [cipher] [AES-256-GCM][Jun 05, 2023, 11:41:30] PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: NONE
key-derivation: OpenVPN PRF
compress: NONE
peer ID: 1
control channel: tls-auth enabled[Jun 05, 2023, 11:41:30 am] EVENT: ASSIGN_IP
[Jun 05, 2023, 11:41:30] NIP: preparing TUN network settings
[Jun 05, 2023, 11:41:30] NIP: init TUN network settings with endpoint: 206.42.42.176
[Jun 05, 2023, 11:41:30] Client exception in transport_recv: tun_prop_error: ifconfig addresses are not in the same /30 subnet (topology net30)
[Jun 05, 2023, 11:41:30] Client terminated, restarting in 2000 ms...
[Jun 05, 2023, 11:41:32] EVENT: RECONNECTING
[Jun 05, 2023, 11:41:32] EVENT: RESOLVE
[Jun 05, 2023, 11:41:32] Contacting 206.42.42.176:1194 via UDP
[Jun 05, 2023, 11:41:32] EVENT: WAIT
[Jun 05, 2023, 11:41:32] Connecting to [206.42.42.176]:1194 (206.42.42.176) via UDPv4
[Jun 05, 2023, 11:41:32] EVENT: CONNECTING
[Jun 05, 2023, 11:41:32] Tunnel Options:V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls -auth,key-method 2,tls-client
[Jun 05, 2023, 11:41:32] Creds: Username/Password
[Jun 05, 2023, 11:41:32] Peer Info:
IV_VER=3.git::081bfebe
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC
IV_GUI_VER=net.openvpn.connect.ios_3.3.3-5109
IV_SSO=webauth,openurl,crtext
IV_BS64DL=1[Jun 05, 2023, 11:41:32] VERIFY OK: depth=1, /C=BR/ST=PE/L=Belo Jardim/O=Vinfirewall/emailAddress=contato@vinfirewall.com/CN=vinfirewall-ca -internal, signature: RSA-SHA256
[Jun 05, 2023, 11:41:32] VERIFY OK: depth=0, /C=BR/ST=PE/L=Belo Jardim/O=Vinfirewall/emailAddress=contato@vinfirewall.com/CN=vpn-vinfirewall /OU=Vinfirewall, signature: RSA-SHA256
[Jun 05, 2023, 11:41:33] SSL Handshake: peer certificate: CN=vpn-vinfirewall, 2048 bit RSA, cipher: TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
[Jun 05, 2023, 11:41:33] Session is ACTIVE
[Jun 05, 2023, 11:41:33 am] EVENT: GET_CONFIG
[Jun 05, 2023, 11:41:33] Sending PUSH_REQUEST to server...
[Jun 05, 2023, 11:41:34] OPTIONS:
0 [route] [192.168.2.0] [255.255.255.0]
1 [route-gateway] [10.0.59.1]
2 [ping] [10]
3 [ping-restart] [60]
4 [ifconfig] [10.0.59.92] [255.255.255.0]
5 [peer-id] [2]
6 [cipher] [AES-256-GCM][Jun 05, 2023, 11:41:34] PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: NONE
key-derivation: OpenVPN PRF
compress: NONE
peer ID: 2
control channel: tls-auth enabled[Jun 05, 2023, 11:41:34] EVENT: ASSIGN_IP
[Jun 05, 2023, 11:41:34] NIP: preparing TUN network settings
[Jun 05, 2023, 11:41:34] NIP: init TUN network settings with endpoint: 206.42.42.176
[Jun 05, 2023, 11:41:34] Client exception in transport_recv: tun_prop_error: ifconfig addresses are not in the same /30 subnet (topology net30)
[Jun 05, 2023, 11:41:34] Client terminated, restarting in 2000 ms...
stays with this status and does not connect! The phone is an iPhone 13 pro with the latest iOS installed.
Has anyone gone through this that can help me?
-
@Thyagoms-0 said in I updated PFSense from 2.4.0 to 2.5.2 and iOS no longer connects:
[Jun 05, 2023, 11:41:30] Client exception in transport_recv: tun_prop_error: ifconfig addresses are not in the same /30 subnet (topology net30)
I would look at the topology net30 message above.
I'm quite sure that i read that that option would be deprecated by OpenVPN.
I'd suggest to change this in the openVPN server config
to this
I'd actually expect 2.5.2 (Why on earth did you chose to run that , and not 2.6.0 that is in support ???) - to still support NET30
But your clients if newer might not./Bingo
-
@bingo600Thank you for your support! I'm going to update to 2.6.0, but it won't be now. I'm going to make this change and reply if it worked ok? Thanks!
-
This :
@Thyagoms-0 said in I updated PFSense from 2.4.0 to 2.5.2 and iOS no longer connects:
but on iOS
is an phone or ipad app that stays up to date, and uses the latest OpenVPN version.
This :
@Thyagoms-0 said in I updated PFSense from 2.4.0 to 2.5.2 and iOS no longer connects:
2.4.0 to 2.5.1
is an ancient relic, using an OpenVPN < 2.4.5 from the past, A version probably even abandoned for security reasons.
This situation will create, over time, issues, or, as you said, "strange problems".
On the other hand :
Last two weeks or so, when I connected my iOS OpenVPN client app to pfSense, it wouldn't connect.
More strange : the iOS OpenVPn app didn't show any logs .... like it was doing .. nothing.
And it gets better : General => OpenVPN and I selected 'Connect' over there : It was connecting !!
Back in the iOS OpenVPN app : it showed connected, and the logs were "as usual : ok".This morning, I checked : the app wasn't updated or anything, but, now it worked 'as before'.
Hummmm.
Maybe your "strange problems" is correct, I can't make it any better
This situation was mentioned recently on the OpenVPN client App support forum.
-
@bingo600This topology option is not available for my OpenVPN server PFSense 2.5.1 or 2.5.2 (I believe to be the version). In that case, do I have to change the version anyway?
-
@GertjanIn my case, it doesn't even connect! And the OpenVPN I installed on the Iphone 13 Pro, and it gave this problem. The person with the iPhone can also connect over the VPN through his Macbook Pro M1 without any problems. I'll update the version and test to see if it will work.
-
@Thyagoms-0 said in I updated PFSense from 2.4.0 to 2.5.2 and iOS no longer connects:
@bingo600This topology option is not available for my OpenVPN server PFSense 2.5.1 or 2.5.2 (I believe to be the version). In that case, do I have to change the version anyway?
I would not have expected that.
How does your ipv4 tunnel network setting look ?
I use a /24 for my "Dial-In VPN"
/Bingo
-
@bingo600sorry for the delay to answer! I'll make a picture of the settings and post it for you to check! Note that there is no Topology option. PFSense version is 2.5.1, just confirming.
image url) -
@bingo600The IPV4 tunnel option is blank. Could that be the problem there?
