Results 1 to 9 of 9
  1. #1
    Master Untangler
    Join Date
    Dec 2018
    Posts
    207

    Default OpenVPN Connect on iOS 15.02 is painfully slow...any thoughts?

    Wireguard is working fine and is as snappy as usual, however, OpenVPN is unusable and is only showing 5.4Kb of traffic. I can't even run a speed test as it fails to connect.

    I have tried on 2 different up to date Untangle machines each with gigabit internet connections. One is home (mine) and the other is work.

    I am using the .ovpn file marked "For use with OpenVPN Connect App) from Untangle and am using the OpenVPN Connect App on the iOS device.

    Any thoughts would be useful as I'm at a loss.
    Last edited by jlficken; 10-12-2021 at 04:11 PM.

  2. #2
    Master Untangler
    Join Date
    Dec 2018
    Posts
    207

    Default

    As an update I set up L2TP at home and it works just fine. I would test Wireguard but I'm on the Home Pro license so I don't have that ability.
    Last edited by jlficken; 10-12-2021 at 05:03 PM.

  3. #3
    Master Untangler
    Join Date
    Dec 2018
    Posts
    207

    Default

    It's not just iOS as a coworker tried Android as well. It connects but no traffic will pass.

    PC's work fine with OpenVPN.

    Android and iOS works fine with ProtonVPN to New Zealand using the same OpenVPN Connect app.

    There's something wrong with OpenVPN and mobile devices on Untangle at the moment.

    I restarted the Untangle machine at my house and nothing changed.

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,174

    Default

    OpenVPN Community client... Gold Standard, works every time.
    OpenVPN Connect client? Giant steaming pile of excrement, works until the next update and then stops again. And when it does work, features are missing... Want MFA support? Nope... Want push DNS? Also nope...

    My advice? Don't use Connect.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Master Untangler
    Join Date
    Dec 2018
    Posts
    207

    Default

    I don't see an option besides Passepartout (which I tried with no change) for OpenVPN on iOS or at least I can't find the OpenVPN Community client for it anywhere?

    I'm trying to get Untangle support to help but it's not going well. I have an advanced setting that isn't being exported that they said I need to delete and then I guess our install is older and is using lz4 compression so I was told to delete OpenVPN from Untangle and reinstall it....ugh.

    I'm not sure when/if I'll get around to that as it'll be a pain.

  6. #6
    Master Untangler
    Join Date
    Dec 2018
    Posts
    207

    Default

    I decided to take the plunge at home and exported everything, deleted OpenVPN from Untangle, reinstalled it, and reimported everything.

    OpenVPN Connect on iOS and Passerpartout both seem to work now!!!

    I'll try work later tonight.

  7. #7
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,174

    Default

    If you look at the advanced tab in OpenVPN you'll see a ton of settings there both client and server. Those settings are defined when the OpenVPN module is installed. Over time, things change and Untangle makes adjustments in there. The problem? They don't change for older installs... because if they did bad things would happen.

    The hard reality here is that for the OpenVPN module, there is a functional lifespan of those settings and the only way to fix them is to either understand OpenVPN well enough to fix them yourself, or do what you just did... nuke the module and start all over.

    So yes, what you did fixing things makes a ton of sense. And you will likely have to do it again in the future.
    Last edited by sky-knight; 10-13-2021 at 05:14 PM.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  8. #8
    Master Untangler
    Join Date
    Dec 2018
    Posts
    207

    Default

    That's good to know Rob and I appreciate the explanation!

    I did perform the update on the office box but in testing at home I noticed that I had to re-export all of the user ovpn files after the reinstall so I'm sending those to people now that have logged in over the last several days.

    If I missed anyone I'm sure I'll hear about it tomorrow morning

    Hopefully Wireguard is a little better about this but we'll see as time goes on.

    It's still very strange that the only devices affected were mobile devices as all PC based connections were humming along like normal.

  9. #9
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,174

    Default

    I blame that on the volatility of the OpenVPN Connect client, I don't care if it's mobile or PC the thing is just flaky.

    Mobile is arguably even worse because thanks to the Google Play Store, or the Apple Store, they get updated automatically. Each update has to be tested, and possibly requires adjustments on the server as the configuration isn't interpreted in quite the same way.

    Untangle does a ton of this work for us, but it's never really completely handled. Wireguard should be better... but will likely require an RMM of some sort to keep the software up to date, and the configuration details current. I'm currently working on that in my lab personally as I attempt to extend by RMM such that I can use WireGuard to SDLAN all the things I need.

    When I'm done I won't need the VPN modules on Untangle at all anymore. Which is a huge deal thanks to their absurd pricing on SDWan and the Wireguard module on NG Firewall. I'll pay for support, I'm not paying for base level tech that's free in the Linux kernel.

    Besides, I need a solution for roaming machines, and a statically installed Untangle, while powerful isn't that solution. I can put it in Azure with a Wireguard server behind it, and that does work but it's got its own drawbacks.
    jlficken and donhwyo like this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2