No Longer Connecting to ANY of my VPN Servers

Support requests about VPN Client Pro
Post Reply
jdw
Posts: 3
Joined: Wed Oct 16, 2019 4:42 pm

No Longer Connecting to ANY of my VPN Servers

Post by jdw »

Hi "Everyone",

I've been using this software successfully in the "Legacy" days and now in the current days. However, recently things stopped working. I've been unable to connect to two different VPN instances with the software. I've tried a different VPN client (the official OpenVPN Client) and it worked fine, so I'm not quite sure where the problem lies!

Over the last week the application was updated to 1.00.22 AND Google released the October update for the Pixel 3 XL. Either one of these things could be related to the issue.

The status remains in the "Wait" state and my VPN server reports "tls-crypt unwrap error: packet authentication failed" Perhaps this is due to an updated OpenSSL library? The latest update for this app includes a comment about newer openssl libraries (version 1.1.1d)

The "OpenVPN Connect" client that works just fine hasn't been updated since August 14 so it could be using older openssl libraries. However, I've also tested older (Legacy) version of this VPN Client Pro and it still fails to connect (however it reports older openssl binaries, as well FEB 2019, version 1.1.1b). Therefore, I'm not convinced it's the client, but ANY help would be great, as I'm a subscription based user and don't want to have to cancel the subscription.

I can provide firewall/VPN server logs and if there is a way to get more detailed logging on the app, I can provide that too.

Thanks!
admin
Site Admin
Posts: 670
Joined: Fri Feb 15, 2019 4:04 pm
Contact:

Re: No Longer Connecting to ANY of my VPN Servers

Post by admin »

I don't think that the problem is related to the app/android updates.
Maybe there is a problem on the VPN profile configuration.
Please, try to delete the VPN profile and import it again from the ovpn file.
jdw
Posts: 3
Joined: Wed Oct 16, 2019 4:42 pm

Re: No Longer Connecting to ANY of my VPN Servers

Post by jdw »

I've deleted and recreated the VPN server configuration, tested it successfully from Linux workstation(s), tried multiple types of profiles and none work on the phone. I then changed the VPN server from UDP to TCP (changing nothing else) and it works. The firewall is set to allow TCP/UDP 1194 into the vpn server so I simply change the profile on my phone to use TCP and it works. Changing nothing else except the protocol solves the issue. Again, using the official OpenVPN Client app works fine for both protocols, so there seems to be something happening here. I was hoping that someone else might be aware of the issue and have reported it, even if it wasn't related to the app.

Thoughts?
admin
Site Admin
Posts: 670
Joined: Fri Feb 15, 2019 4:04 pm
Contact:

Re: No Longer Connecting to ANY of my VPN Servers

Post by admin »

It's very strange.

I just tried a VPN configured with UDP and tsl-crypt and work without problem.

Please, can you tell me the options used in the ovpn file?
jdw
Posts: 3
Joined: Wed Oct 16, 2019 4:42 pm

Re: No Longer Connecting to ANY of my VPN Servers

Post by jdw »

======TCP=====
persist-tun
persist-key
cipher AES-128-CBC
auth SHA256
tls-client
client
remote VPN-SERVER-NAME-REMOVED 1194 tcp-client
auth-user-pass
remote-cert-tls server
======TCP=====

======UDP=====
persist-tun
persist-key
cipher AES-128-CBC
auth SHA256
tls-client
client
remote VPN-SERVER-NAME-REMOVED 1194 udp
auth-user-pass
remote-cert-tls server
======UDP=====


Both have the same following contents below:
<ca>
-----BEGIN CERTIFICATE-----
CERTIFICATE REMOVED FOR THIS POST
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
CERTIFICATE REMOVED FOR THIS POST
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
PRIVATE KEY REMOVED FOR THIS POST
-----END PRIVATE KEY-----
</key>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
KEY REMOVED FOR THIS POST
-----END OpenVPN Static key V1-----
</tls-auth>
admin
Site Admin
Posts: 670
Joined: Fri Feb 15, 2019 4:04 pm
Contact:

Re: No Longer Connecting to ANY of my VPN Servers

Post by admin »

Thank you for the informations.
From the error messages I though that your configuration use tls-crypt instead of tls-auth. Anyway tomorrow I will make some tests and I will tell you the results
admin
Site Admin
Posts: 670
Joined: Fri Feb 15, 2019 4:04 pm
Contact:

Re: No Longer Connecting to ANY of my VPN Servers

Post by admin »

I made some tests with tls-crypt and tls-auth options and on my side all works correctly.
In my opinion, the problem may be on the server side and/or on the connectivity.
Post Reply