Bug #15131
open
OpenVPN client export issues with iPhone and IPV6 connections
Added by Jonathan Lee 12 months ago.
Updated 6 months ago.
Category:
OpenVPN Client Export
Affected Plus Version:
23.05.1
Affected Architecture:
SG-2100
Description
I have researched and found an issue within the OpenVPN's client export config file for iPhones (OpenVPN Connect (iOS/Android))
it exports with udp4 listed and this does not work with iPhones because of ipv6 in the config (.ovpn) file and must be changed to udp for iOS iPhones to work with OpenVPN and pfSense.
That is the only adaption needed to fix this issue.
Tried this in an iPhone 13 with latest iOS version, but on IPv4 and it worked fine. This seems to be related to IPv6 specifically.
Tested this with IPv4+6 multihome and the client export spits out a config with remote [hostname] udp, not udp4.
What are the exact settings in your OpenVPN server config to make this happen?
- Status changed from New to Incomplete
Someone on OpenVPN forum as an admin deleted the post with the fix that was not mine and also banned my user name I was instructed by OpenVPN Server support email to create a new account and ask why I was banned, they explained that I was banned for spamming. It was a very punitive admin that was banning users for no reason. Again, he has banned all posts related to this issue.
The links are now invalid, I was using normal OpenVPN wizard settings and this occurs the export file displayed upd4 and was not useable with my new iPhone. I had to delete the 4 and the client file worked fine.
They have sense reactivated my username and all posts are erased related to this fix and issue on both the other user and mine. Must have been a security issue and they wanted it all removed.
I tested this on 24.03 and am unable to reproduce this. The config file on a new multihome config spits out with udp, not udp4.
Testing with IPv4 only configured does spit out with udp4, but this is expected:
remote [IP Here] 1194 udp4
If someone with an iPhone can confirm whether udp4 somehow breaks the OpenVPN Connect application, I'd appreciate it, but I don't see any indication of that.
Just tested a config with udp4 in the remote host line on OpenVPN Connect on Android. The config imported just fine. I suspect the same on iOS, but don't have a device to test this behavior.
My original test was from a cellphone iOS iPhone SE latest SE from cell network remote connection to DSL IPv4 only ISP. The only way it would work was to adapt the configuration file to have it listed as udp4.
remote f.q.d.n 1194 udp4
to
remote f.q.d.n 1194 udp
I am opening a redmine for this as the iPhone uses ipv6 and it does not know what udp4 is anymore
OpenVPN forum has deleted all of my posts on this and the other users posts in reference also. They said an admin marked all of the content as spam and deleted it. Negate forum does have the information still. Also digital ocean seems to piggy back on the VPN connections once created. I had to creat a block on alias to stop digital ocean IP block from doing this. It was weird, it was connected after and enumerated my network.
Unrelated but if you’re not logging and locking down your VPN use make sure you do.
- Status changed from Incomplete to Confirmed
I was able to replicate this on 24.03, removing the 4 at the end of udp4 allowed the config from the export package to connect. Otherwise with just a basic out of the box setup I was getting the remote server endpoint is undefined when trying to connect from ios 17.5.1 with openVPN connect 3.4.2
Also available in: Atom
PDF