Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Openvpn mit TUN und iPhone

    Scheduled Pinned Locked Moved Deutsch
    8 Posts 2 Posters 6.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      ace0018
      last edited by

      Hallo Zusammen,

      bin im Thema pfsense und Openvpn ganz neu unterwegs.

      Openvpn Server habe ich auf der pfsense eingerichtet und mich mit nem W7 Client verbunden. Es geht alles / alles gut.

      Wenn ich mich mit dem iPhone verbinden will, baut er kurz die Verbindung auf, bricht diese wieder ab und wieder von vorne.

      Kann mir jemand helfen?

      iPhone log:

      -13 09:39:45 Contacting x.x.x.x:443 via TCP
      2013-08-13 09:39:45 EVENT: WAIT
      2013-08-13 09:39:45 Connecting to x.x.x.x:443 (x.x.x.x) via TCPv4
      2013-08-13 09:39:45 TCP recv EOF
      2013-08-13 09:39:45 Transport Error: Transport error on 'x.x.x.x: NETWORK_EOF_ERROR
      2013-08-13 09:39:45 Client terminated, restarting in 2…
      2013-08-13 09:39:47 EVENT: RECONNECTING
      2013-08-13 09:39:47 LZO-ASYM init swap=0 asym=0
      2013-08-13 09:39:47 EVENT: RESOLVE
      2013-08-13 09:39:47 Contacting x.x.x.x:443 via TCP
      2013-08-13 09:39:47 EVENT: WAIT
      2013-08-13 09:39:47 Connecting to x.x.x.x:443 (x.x.x.x) via TCPv4
      2013-08-13 09:39:47 EVENT: CONNECTING
      2013-08-13 09:39:47 Tunnel Options:V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client
      2013-08-13 09:39:47 Peer Info:
      IV_VER=1.0
      IV_PLAT=ios
      IV_NCP=1
      IV_LZO=1

      2013-08-13 09:39:48 VERIFY OK: depth=0
      cert. version : 3
      serial number : 02
      issuer name  : C=DE, ST=Bavaria, L=Munich,
      subject name  : C=DE, ST=Bavaria, L=Munich,
      issued  on    : 2013-08-10 21:55:33
      expires on    : 2023-08-08 21:55:33
      signed using  : RSA+SHA1
      RSA key size  : 2048 bits

      2013-08-13 09:39:48 VERIFY OK: depth=1
      cert. version : 3
      serial number : 00
      issuer name  : C=DE, ST=Bavaria, L=Munich,
      subject name  : C=DE, ST=Bavaria, L=Munich,
      issued  on    : 2013-08-10 21:49:17
      expires on    : 2023-08-08 21:49:17
      signed using  : RSA+SHA1
      RSA key size  : 2048 bits

      2013-08-13 09:39:49 SSL Handshake: TLSv1.0/SSL-EDH-RSA-AES-256-SHA
      2013-08-13 09:39:49 Session is ACTIVE
      2013-08-13 09:39:50 EVENT: GET_CONFIG
      2013-08-13 09:39:50 Sending PUSH_REQUEST to server...
      2013-08-13 09:39:50 OPTIONS:
      0 [route] [10.100.0.0] [255.255.255.0]
      1 [route] [10.0.20.1]
      2 [topology] [net30]
      3 [ping] [10]
      4 [ping-restart] [60]
      5 [ifconfig] [10.0.20.6] [10.0.20.5]

      2013-08-13 09:39:50 LZO-ASYM init swap=0 asym=0
      2013-08-13 09:39:50 EVENT: ASSIGN_IP
      2013-08-13 09:39:50 Connected via tun
      2013-08-13 09:39:50 EVENT: CONNECTED @x.x.x.x:443 (x.x.x.x) via /TCPv4 on tun/10.0.20.6/
      2013-08-13 09:40:01 TCP recv EOF
      2013-08-13 09:40:01 Transport Error: Transport error on 'x.x.x.x: NETWORK_EOF_ERROR
      2013-08-13 09:40:01 Client terminated, restarting in 2…
      2013-08-13 09:40:03 EVENT: RECONNECTING
      2013-08-13 09:40:03 LZO-ASYM init swap=0 asym=0
      2013-08-13 09:40:03 Contacting x.x.x.x:443 via TCP
      2013-08-13 09:40:03 EVENT: WAIT
      2013-08-13 09:40:03 Connecting to x.x.x.x:443 (x.x.x.x) via TCPv4
      2013-08-13 09:40:03 TCP recv EOF
      2013-08-13 09:40:03 Transport Error: Transport error on 'x.x.x.x: NETWORK_EOF_ERROR
      2013-08-13 09:40:03 Client terminated, restarting in 2...
      2013-08-13 09:40:05 EVENT: RECONNECTING
      2013-08-13 09:40:05 LZO-ASYM init swap=0 asym=0
      2013-08-13 09:40:05 EVENT: RESOLVE
      2013-08-13 09:40:05 Contacting x.x.x.x:443 via TCP
      2013-08-13 09:40:05 EVENT: WAIT
      2013-08-13 09:40:05 Connecting to x.x.x.x:443 (x.x.x.x) via TCPv4
      2013-08-13 09:40:05 EVENT: CONNECTING
      2013-08-13 09:40:05 Tunnel Options:V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client
      2013-08-13 09:40:05 Peer Info:
      IV_VER=1.0
      IV_PLAT=ios
      IV_NCP=1
      IV_LZO=1

      ServerConfig:

      ServerMode: Remote Access (SSL/TLS)
      Protocol: TCP
      Device Mode: TUN
      Local Port: 443
      DH Parameters Length: 2048 bits
      Encryption algorithm: AES-128-CBC (128-bit)
      Hardware Crypto: BSD cryptodev engine
      Certificate Depth: One (Client + Server)
      Tunnel Network: xxxx
      Local Network: xxxx
      Concurrent connections: 10
      Compression: aktive
      Dynamic IP: aktive
      Address Pool: aktive

      1 Reply Last reply Reply Quote 0
      • A
        ace0018
        last edited by

        UPDATE:

        Wenn sich nur da iPhone verbindet geht es! Sprich keine andere VPN Session offen ist.
        Sobald ich mit dem Win7 Client wieder ne Session auf mache, fliegt das iPhone alle 6 Sekunden raus.

        1 Reply Last reply Reply Quote 0
        • JeGrJ
          JeGr LAYER 8 Moderator
          last edited by

          Ahoi,

          Hast du evtl. einen Fehler bei der Einrichtung des Servers oder bei den Clients, dass diese sich die gleiche IP streitig machen? Oder gehen beide mit dem gleichen Account/Zertifikat/User online und es dürfen nicht mehrere Verbindungen vom gleichen User eingeloggt sein?

          Grüße

          Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

          If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

          1 Reply Last reply Reply Quote 0
          • A
            ace0018
            last edited by

            Concurrent connections: 10
            Specify the maximum number of clients allowed to concurrently connect to this server.

            ja ist der gleiche User, sollte aber doch mit der Einstellung gehen, oder?

            Wo kann ich bestimmen, welche Ip´s wer bekommt. Das geht doch automatisch, oder?

            Tunnel Network

            This is the virtual network used for private communications between this server and client hosts expressed using CIDR (eg. 10.0.8.0/24). The first network address will be assigned to the server virtual interface. The remaining network addresses can optionally be assigned to connecting clients. (see Address Pool)

            1 Reply Last reply Reply Quote 0
            • A
              ace0018
              last edited by

              du hast recht…wenn ich einen anderen User nimm, gehts.

              Wenn ich den gleichen User nimm, probiert er die selbe IP zu nehmen.... Wieso nur?

              1 Reply Last reply Reply Quote 0
              • JeGrJ
                JeGr LAYER 8 Moderator
                last edited by

                Ahoi,

                moment, das sind concurrent connections. Nicht der selbe User. Es gibt in den Server Settings eine Einstellung "duplicate connections":

                Allow multiple concurrent connections from clients using the same Common Name.
                NOTE: This is not generally recommended, but may be needed for some scenarios.

                Genau. Normalerweise soll man das nicht machen. Eben aus genau dem Punkt ;) Aber damit sollte es dann gehen.

                Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

                If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

                1 Reply Last reply Reply Quote 0
                • A
                  ace0018
                  last edited by

                  @JeGr:

                  Ahoi,

                  moment, das sind concurrent connections. Nicht der selbe User. Es gibt in den Server Settings eine Einstellung "duplicate connections":

                  Allow multiple concurrent connections from clients using the same Common Name.
                  NOTE: This is not generally recommended, but may be needed for some scenarios.

                  Genau. Normalerweise soll man das nicht machen. Eben aus genau dem Punkt ;) Aber damit sollte es dann gehen.

                  Wie stell ich das dann am besten an, wenn ich nur einen User machen will, der sich aber gleichzeitig einwählen darf?
                  Gibts noch einen anderen Weg?

                  1 Reply Last reply Reply Quote 0
                  • JeGrJ
                    JeGr LAYER 8 Moderator
                    last edited by

                    Ein User darf doch mehrere Zertifikate haben (aka mehrere common names)? Wo genau ist da das Problem? Und wenns nicht anders geht kann man immer noch duplicate Connections aktivieren?

                    Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

                    If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.