Share this post:
Responses (16)
-
Accepted Answer
-
Accepted Answer
Nick Howitt wrote:
That suggests it is an OpenVPN Connect issue in iOS. I have not tried it for a year or so so I would not have seen it and my kids devices are WiFi only. How do you see the connection is lost? Is that with WiFi disabled?
On an unrelated issue, I notice you are using the 192.168.1.0/24 LAN subnet. If you're expecting to VPN in using WiFi from homes, your connection may not pass any traffic to your LAN. The subnets 192.168.1.0/24 and 192.168.0.0/24 are best avoided as they are used by too many domestic routers.
Hi Nick,
I've found the issue.
bug_issue_with_openvpn_on_ios_12
I've tested on an other iphone with IOS11 and then it is working -
Accepted Answer
That suggests it is an OpenVPN Connect issue in iOS. I have not tried it for a year or so so I would not have seen it and my kids devices are WiFi only. How do you see the connection is lost? Is that with WiFi disabled?
On an unrelated issue, I notice you are using the 192.168.1.0/24 LAN subnet. If you're expecting to VPN in using WiFi from homes, your connection may not pass any traffic to your LAN. The subnets 192.168.1.0/24 and 192.168.0.0/24 are best avoided as they are used by too many domestic routers. -
Accepted Answer
Nick Howitt wrote:
You have not used the keychain for your certificates so the message should be irrelevant. If the phone can connect to openVPN from your LAN and not your WAN then it is not a phone issue.
Do you see any connection attempts in your messages log?
It is very strange.
I can connect with the OpenVPN app with 4G and it connects.
WHen i go to the browser or other app, but VPN connects is lost.
This is what i see in my log. (Same for 4G as for Wifi)
Jul 14 09:06:12 pdebrabander openvpn: Sat Jul 14 09:06:12 2018 188.206.76.111:38546 TLS: Initial packet from [AF_INET]188.206.76.111:38546 (via [AF_INET]31.151.192.18%enp1s0f0), sid=ec534775 20fce12b
Jul 14 09:06:12 pdebrabander openvpn: Sat Jul 14 09:06:12 2018 188.206.76.111:38546 VERIFY OK: depth=1, C=NL, XXXXXXXXXXXXXXXXXXXXXXX
Jul 14 09:06:12 pdebrabander openvpn: Sat Jul 14 09:06:12 2018 188.206.76.111:38546 VERIFY OK: depth=0, C=NL, XXXXXXXXXXXXXXXXXXXXXXX
Jul 14 09:06:12 pdebrabander openvpn: Sat Jul 14 09:06:12 2018 188.206.76.111:38546 peer info: IV_GUI_VER=net.openvpn.connect.ios_1.2.9-0
Jul 14 09:06:12 pdebrabander openvpn: Sat Jul 14 09:06:12 2018 188.206.76.111:38546 peer info: IV_VER=3.2
Jul 14 09:06:12 pdebrabander openvpn: Sat Jul 14 09:06:12 2018 188.206.76.111:38546 peer info: IV_PLAT=ios
Jul 14 09:06:12 pdebrabander openvpn: Sat Jul 14 09:06:12 2018 188.206.76.111:38546 peer info: IV_NCP=2
Jul 14 09:06:12 pdebrabander openvpn: Sat Jul 14 09:06:12 2018 188.206.76.111:38546 peer info: IV_TCPNL=1
Jul 14 09:06:12 pdebrabander openvpn: Sat Jul 14 09:06:12 2018 188.206.76.111:38546 peer info: IV_PROTO=2
Jul 14 09:06:12 pdebrabander openvpn: Sat Jul 14 09:06:12 2018 188.206.76.111:38546 peer info: IV_LZO=1
Jul 14 09:06:12 pdebrabander openvpn: Sat Jul 14 09:06:12 2018 188.206.76.111:38546 peer info: IV_BS64DL=1
Jul 14 09:06:12 pdebrabander openvpn: Sat Jul 14 09:06:12 2018 188.206.76.111:38546 PLUGIN_CALL: POST /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Jul 14 09:06:12 pdebrabander openvpn: Sat Jul 14 09:06:12 2018 188.206.76.111:38546 TLS: Username/Password authentication succeeded for username 'patrick'
Jul 14 09:06:12 pdebrabander openvpn: Sat Jul 14 09:06:12 2018 188.206.76.111:38546 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Jul 14 09:06:12 pdebrabander openvpn: Sat Jul 14 09:06:12 2018 188.206.76.111:38546 [patrick] Peer Connection Initiated with [AF_INET]188.206.76.111:38546 (via [AF_INET]31.151.192.18%enp1s0f0)
Jul 14 09:06:12 pdebrabander openvpn: Sat Jul 14 09:06:12 2018 patrick/188.206.76.111:38546 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Jul 14 09:06:12 pdebrabander openvpn: Sat Jul 14 09:06:12 2018 patrick/188.206.76.111:38546 MULTI: Learn: 10.8.0.6 -> patrick/188.206.76.111:38546
Jul 14 09:06:12 pdebrabander openvpn: Sat Jul 14 09:06:12 2018 patrick/188.206.76.111:38546 MULTI: primary virtual IP for patrick/188.206.76.111:38546: 10.8.0.6
Jul 14 09:06:12 pdebrabander openvpn: Sat Jul 14 09:06:12 2018 patrick/188.206.76.111:38546 PUSH: Received control message: 'PUSH_REQUEST'
Jul 14 09:06:12 pdebrabander openvpn: Sat Jul 14 09:06:12 2018 patrick/188.206.76.111:38546 SENT CONTROL [patrick]: 'PUSH_REPLY,dhcp-option DNS 192.168.1.1,dhcp-option DOMAIN pdebrabander.nl,route 192.168.1.0 255.255.255.0,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM' (status=1)
Jul 14 09:06:12 pdebrabander openvpn: Sat Jul 14 09:06:12 2018 patrick/188.206.76.111:38546 Data Channel: using negotiated cipher 'AES-256-GCM'
Jul 14 09:06:12 pdebrabander openvpn: Sat Jul 14 09:06:12 2018 patrick/188.206.76.111:38546 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 14 09:06:12 pdebrabander openvpn: Sat Jul 14 09:06:12 2018 patrick/188.206.76.111:38546 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
-
Accepted Answer
-
Accepted Answer
Nick Howitt wrote:
Can you check the "remote" line in the ovpn file points to an FQDN which resolves to your WAN IP when you are not connected to your LAN? You can use your own domain (iirc you have one) or your poweredbyclear.com subdomain.
Also have you opened the firewall to the OpenVPN service or to usp:1194?
Hi Nick,
This is the content of the OVPN files
client
remote pdebrabander.nl 1194
dev tun
proto udp
resolv-retry infinite
nobind
user nobody
group nobody
persist-key
persist-tun
ca ca-cert.pem
cert client-patrick-cert.pem
key client-patrick-key.pem
ns-cert-type server
comp-lzo
verb 3
auth-user-pass
The firewall is open for port 1194.
In the openvpn app on my iphone i see in the CERTS menu the following text
No certificates are present in the Keychain
Note PKCS#12 files need to end ith '.OVPN12', instead of '.p12' or '.pfx' for proper importing (check FAQ) -
Accepted Answer
Can you check the "remote" line in the ovpn file points to an FQDN which resolves to your WAN IP when you are not connected to your LAN? You can use your own domain (iirc you have one) or your poweredbyclear.com subdomain.
Also have you opened the firewall to the OpenVPN service or to usp:1194? -
Accepted Answer
Marcel van Leeuwen wrote:
I've setup again openVPN on my iPhone successfully, and it was very easy again.
One thing, where can I see who's connected to the ClearOS server via OpenVPN?
Hi Marcel,
Can you help with the setup.
I've added the certificates to my iphone with itunes
ca-cert.pem
client-patrick-cert.pem
client-patrick-key.pem
pdebrabander.nl.ovpn
I've can connect when i'm at home with wifi, but with 4G i can not connect. -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
There is an feature/enhancement request which will make it even easier and you can do it manually. See issue #17381. The method is in the tracker and is the same as this forum post. I think I've seen a better document to it as well. There is also a reference here on the wiki.
The advantage of this method for iOS is that you don't need iTunes. You can install the configuration file directly from an e-mail and it should work on all platforms. -
Accepted Answer
-
Accepted Answer
Try to read this manual: https://boxpn.com/setup_o.nvpn_ios.aspx maybe u can find something helpful. -
Accepted Answer
You don't need much documentation. If you download the official OpenVPN app from the App Store, I believe it has instructions. Use iTunes to drop your profile and certificates onto the app. From memory you don't need the pkcs12 cert, just the basic ones. I am assuming the instructions are the same as for the iPad Mini.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »