SOLVED: OpenVPN and IOS - I must be missing something

silverblaze
Posts: 20
Joined: Fri Jan 30, 2015 1:06 pm

SOLVED: OpenVPN and IOS - I must be missing something

Postby silverblaze » Tue Jun 20, 2017 11:12 am

For the record, I have successfully uploaded a .ovpn for my connection into the OpenVPN Connect ios App. My problem is that when I attempt to create the VPN it says it is connected and then spins for about a minute and then disconnects. I just stumbled across the log on the app and I am noticing the following line in the output:

Creds: UsernameEmpty/PasswordEmpty

which I suspect is the problem since it is never prompting my for a user name/ password and I have not found a place in the app to specify them. Where or how do you enable being able to enter the username/password combo? I have OpenVPN Connect 1.1.1 on ios 10.3.2 if it happens to matter.

Please note that this same vpn is already working on PC using the HDAConnect software so I know the vpn is functioning, I am just confused about how to enable the credentials dialog. If this is already documented somewhere feel free to point me to the documentation, but I have already used the info on https://wiki.amahi.org/index.php/OpenVPN_on_iOS to get me this far.

Thanks in advance for any insight somebody can offer me.

silverblaze
Posts: 20
Joined: Fri Jan 30, 2015 1:06 pm

Re: OpenVPN and IOS - I must be missing something

Postby silverblaze » Tue Jun 20, 2017 11:39 am

In looking around I found this page - http://accc.uic.edu/answer/how-do-i-con ... e-and-ipad which shows their imported profile as being "Standard Profile" - the one I imported based on https://wiki.amahi.org/index.php/OpenVPN_on_iOS is showing as "Autologin profile" - is this problem and if so does any one know what causes the distinction? Actually, I just double checked and I have auto-user-pass instead of auth-user-pass, that is probably the problem - oh well, time to re-import tonight and see if that will fix it.

User avatar
bigfoot65
Project Manager
Posts: 11924
Joined: Mon May 25, 2009 4:31 pm

Re: OpenVPN and IOS - I must be missing something

Postby bigfoot65 » Tue Jun 20, 2017 1:28 pm

Did you install the certificates on iOS?
ßîgƒσστ65
Applications Manager

My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2

silverblaze
Posts: 20
Joined: Fri Jan 30, 2015 1:06 pm

Re: OpenVPN and IOS - I must be missing something

Postby silverblaze » Wed Jun 21, 2017 6:50 am

Nah, my typo was the problem (I typed in that ovpn over multiple layers of remote connections so I couldn't see the typo when I initially created it) - I was just surprised that typos in the configuration file don't output any type of diagnostic message in the log on OpenVPN connect. I am now able to connect with the iPhone, but this has exposed a different issue.

I am testing the iPhone at where I work and I normally have a PC vpn connection into the home network while I am at work (which is why I knew that the vpn server itself was working). When I connect with iPhone and then try to do anything (in this case bring up a webpage that is only accessible on my homenet), the PC VPN connection is dropped. This is happening even if I use different user credentials (I created a second user on amahi just for the iPhone thinking it might be that the same user cannot be connected twice). Is there a limitation or some other setting in the amahi OpenVPN setup that limits it to just 1 active connection? (In this case my iPhone is on wifi, so it would be 2 different vpns coming from the same external network, but I wouldn't expect those to collide with each other). I am using the base OpenVPN install addin on amahi at this stage.

From what I can see on web searches OpenVPN is capable of multiple connections, but so far I haven't found anything that says how to enable it (all of the pages I found so far are questions about how many connections can be handled). Any insight you can provide will be appreciated.

User avatar
bigfoot65
Project Manager
Posts: 11924
Joined: Mon May 25, 2009 4:31 pm

Re: OpenVPN and IOS - I must be missing something

Postby bigfoot65 » Wed Jun 21, 2017 10:29 am

Is there a limitation or some other setting in the amahi OpenVPN setup that limits it to just 1 active connection?
I am not aware of any limitations.

I don't use wifi when accessing from my phone typically. I do have problems when using my iPad on a wifi network. Not sure if it's due to a setup issue on the device or something with OpenVPN.

This will require a bit more research.
ßîgƒσστ65
Applications Manager

My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2

silverblaze
Posts: 20
Joined: Fri Jan 30, 2015 1:06 pm

Re: OpenVPN and IOS - I must be missing something

Postby silverblaze » Wed Jun 21, 2017 10:45 am

hmm, if I have stumped you I am getting nervous :)

I have stumbled across this link which might apply - https://forum.pfsense.org/index.php?topic=71790.0

tldr; it appears that the productized OpenVPN server has an option you have to enable to allow multiple connections with the same certificate and common name - I know that with amahi we are using common certificates that might be part of the puzzle (although I would have thought that using a second username would have gotten around this).

I just did a quick test of completely stopping the OpenVPN connect app (to make sure that old credentials were flushed) and it definitely still kicks me out of the PC once the Angular 2 based web page starts feeding into the iPhone with each connection using a different user name. I guess I will keep digging as well to see if I can find anyone else seeing this behavior on OpenVPN.

silverblaze
Posts: 20
Joined: Fri Jan 30, 2015 1:06 pm

Re: OpenVPN and IOS - I must be missing something

Postby silverblaze » Wed Jun 21, 2017 10:50 am

I think this explains it - http://www.linuxquestions.org/questions ... on-925896/

from the base server.conf file:

Code:
# Uncomment this directive if multiple clients
# might connect with the same certificate/key
# files or common names. This is recommended
# only for testing purposes. For production use,
# each client should have its own certificate/key
# pair.
#
# IF YOU HAVE NOT GENERATED INDIVIDUAL
# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
# UNCOMMENT THIS LINE OUT.
;duplicate-cn

silverblaze
Posts: 20
Joined: Fri Jan 30, 2015 1:06 pm

Re: OpenVPN and IOS - I must be missing something

Postby silverblaze » Wed Jun 21, 2017 11:02 am

Sorry to ask this (I am more of Ubuntu user than a fedora one), what command line do I need to run to restart the openvpn service remotely (to test if this change will work)? I tried this and it didn't like it

[root@localhost openvpn]# systemctl restart openvpn@server.service
Job for openvpn@server.service failed because the control process exited with error code. See "systemctl status openvpn@server.service" and "journalctl -xe" for details.

I didn't see anything in journalctl -xe about openvpn or any real error messages so that didn't help me.

Worst case is I will wait until I get home to restart the openvpn.

User avatar
bigfoot65
Project Manager
Posts: 11924
Joined: Mon May 25, 2009 4:31 pm

Re: OpenVPN and IOS - I must be missing something

Postby bigfoot65 » Wed Jun 21, 2017 11:17 am

Do the following:

Code: Select all

sudo systemctl restart openvpn@amahi.service
That should restart the server.
ßîgƒσστ65
Applications Manager

My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2

silverblaze
Posts: 20
Joined: Fri Jan 30, 2015 1:06 pm

Re: OpenVPN and IOS - I must be missing something

Postby silverblaze » Wed Jun 21, 2017 11:47 am

ok, that command worked (I will have to write that one down) and adding the duplicate-cn line to the amahi.conf made it so that both connections can stay open.

For what it is worth I put it after the persist-tun line, I don't know exactly where it has/should be but it works placed there.

Code: Select all

persist-key persist-tun duplicate-cn status /var/log/openvpn-status.log
Thanks for you assistance!

Who is online

Users browsing this forum: No registered users and 12 guests