Hello,
After update openssl client from version
OpenVPN Connect Release notes for 1.1.13 build 53
to
OpenVPN Connect Release notes for 1.1.14 build 56
there are release info
http://openvpn.net/index.php/component/ ... notes.html
there is link to client.
https://play.google.com/store/apps/deta ... nvpn&hl=en
I already try do force Force AES-CBC ciphersuites - but it doesn't fix the issue.
The logs:
Mikrotik logs TCP session establiished from :V4 IP Address
VPN client log. TCP revev EOL.
Anybody have simillar issue and fix for this?
Mikrotik support, could You confirm the issue?
Best Regards.
Maciej
edit,
Temporary fix, uninstall new version ovpn client, install old (from internet
beware for trojans minimize risk by scanning apk on virustotal!!!), import profile, disable autoupdate on android market. Works again.
Re: OpenVPN doesn't work after client update.
Hello again,
Few holidays bank and I'm found the solution of this issue using google
. The problem: newer clients are changed TLS. Workaround is described here:
http://code.google.com/p/ics-openvpn/wiki/FAQ
look at part: Connections fails with SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
For lazy guys
To work around the problem on the client add the custom option 'tls-cipher DEFAULT' (add this without quotes in .ovpn config file) on the Android client.
After add this option both clients:
https://play.google.com/store/apps/deta ... pn.openvpn
https://play.google.com/store/apps/deta ... kt.openvpn
back to works.
Question to Mikrotik support. In Your opinion it's safe to use this parameter? Maybe it's time to change TLS cipher used by default?
Thanks for Your attention.
Maciej.
Few holidays bank and I'm found the solution of this issue using google
. The problem: newer clients are changed TLS. Workaround is described here: http://code.google.com/p/ics-openvpn/wiki/FAQ
look at part: Connections fails with SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
For lazy guys
To work around the problem on the client add the custom option 'tls-cipher DEFAULT' (add this without quotes in .ovpn config file) on the Android client.
After add this option both clients:
https://play.google.com/store/apps/deta ... pn.openvpn
https://play.google.com/store/apps/deta ... kt.openvpn
back to works.
Question to Mikrotik support. In Your opinion it's safe to use this parameter? Maybe it's time to change TLS cipher used by default?
Thanks for Your attention.
Maciej.
Re: OpenVPN doesn't work after client update.
Any chance this could be added to the Wiki on the OVPN page. Something like:
"As of 2015 many Android (and possibly other) clients default to incompatible tls cipher suites.
Add the following line to the CLIENT config:
tls-cipher DEFAULT
"
"As of 2015 many Android (and possibly other) clients default to incompatible tls cipher suites.
Add the following line to the CLIENT config:
tls-cipher DEFAULT
"
Re: OpenVPN doesn't work after client update.
Hi,
Addind tls-cipher DEFAULT solved the problem to me but in the log I've found this message>
mIRO
Addind tls-cipher DEFAULT solved the problem to me but in the log I've found this message>
DEFAULT instead of DEFAULT, interesting.Deprecated TLS cipher name 'DEFAULT', please use IANA name 'DEFAULT'
mIRO
Re: OpenVPN doesn't work after client update.
adding TLS Default worked for me running Tunnleblick on mac os mojave