Page 1 of 2 12 LastLast
Results 1 to 10 of 13
  1. #1
    Newbie
    Join Date
    Mar 2019
    Posts
    2

    Default Can connect to OpenVPN server, no traffic is passed

    I'm having a problem with OpenVPN. My Android client will connect, but no traffic is passed. My Windows laptop client, however, will connect and work fine. I also have a site-to-site connection to another untangle box that works fine. What information is needed to help troubleshoot this issue? I'm not even sure where to start. I'm on Untangle 4.2, but the issue also existed in 4.1.2.

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,510

    Default

    How old is your OpenVPN install?
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Newbie
    Join Date
    Mar 2019
    Posts
    2

    Default

    You mean on untangle? Less than a year. On my phone? Also less than a year. My laptop has the latest version.

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,510

    Default

    Before you go too nuts, remove your OpenVPN module on Untangle, reinstall it, and reissue your VPN client.

    There were some certificate changes with OpenVPN in the last year, and if your server instance is too old, the certificate is too weak to work with the android and iOS clients. Sadly, the easy fix for that is a rip / replace of your OpenVPN instance.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Newbie
    Join Date
    Feb 2019
    Posts
    6

    Default

    Quote Originally Posted by sky-knight View Post
    Before you go too nuts, remove your OpenVPN module on Untangle, reinstall it, and reissue your VPN client.

    There were some certificate changes with OpenVPN in the last year, and if your server instance is too old, the certificate is too weak to work with the android and iOS clients. Sadly, the easy fix for that is a rip / replace of your OpenVPN instance.
    having the same issue, did the remove and re-install and can connect but no traffic passed to the internal network. it appears untangle updated to 14.2, but not sure when.
    this was working as of 8/2 but now both android and ios phones can connect via openvpn but no traffic to internal network. I can ping devices but that is all.

  6. #6
    Untangler
    Join Date
    Aug 2019
    Posts
    31

    Default

    i am also having the same problem under iOS. The android client works fine for me.

    you can make the iOS app work by enabling compression in the client (its recommended that you dont do this for security reasons).

    i also installed passeportout but i couldnt make that work with any options.

  7. #7
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    7,991
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  8. #8
    Untangler
    Join Date
    Aug 2019
    Posts
    31

    Default

    Unfortunately none of that is relevant to the issue at hand here, "out of the box" all you can do is ping clients on the network, you cannot connect to the local DNS server or any servers on the internal network.

    You have to enable compression to make it work, once you do that you can quite happily hit any server on the internal network.

    Everything looks good in what the server sends, routes, DNS etc, it just doesn't work. I suspect it's a problem with the OpenVPN client, but I guess you guys might be able to debug it a bit more to find out the root cause of the issue.

  9. #9
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,510

    Default

    Compression issues were the root of several changes in v14.1's OpenVPN implementation. And yes, it's client side limitations. The .ovpn file distributed to your phone has compression enabled, if your client is putting that setting elsewhere, and making that setting a user side thing... that's the client's fault, not Untangle.

    If you want to confirm this, check your OpenVPN module's advanced tab, in the server configuration you should see compress lz4, that means compression is enabled, required, and using the lz4 method.

    Then down in the client configuration you'll see the very same compress lz4, that directive is inserted into the .conf, and .ovpn files generated by Untnagle to configure the client.

    If you want compression gone, just tick the appropriate exclude boxes for those two lines, and redistribute your clients.

    Note, older OpenVPN installs on Untangle might show comp-lzo, or compress lzo instead.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  10. #10
    Untangler
    Join Date
    Aug 2019
    Posts
    31

    Default

    Thank you for the detailed answer, absolutely spot on and you’ve solved the issue!

    There’s been quite a few posts about this issue over the past week or so and yours is the only reply which has the solution.

    For everybody else, disable the compression options on both the server and client and hopefully you should find openvpn working again under iOS.

    As I’m new here I can’t quote you, but thank you so much!

    my next question is why is compression enabled by default on untangle? Unless I’ve been looking at outdated information, it’s recommended not to use compression due to possible attack vectors.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2