Community discussions

 
macak
just joined
Topic Author
Posts: 4
Joined: Mon Nov 11, 2013 11:19 am

OpenVPN doesn't work after client update.

Tue Feb 03, 2015 5:13 am

Hello,

After update openssl client from version

OpenVPN Connect Release notes for 1.1.13 build 53
to
OpenVPN Connect Release notes for 1.1.14 build 56

there are release info
http://openvpn.net/index.php/component/ ... notes.html

there is link to client.
https://play.google.com/store/apps/deta ... nvpn&hl=en

I already try do force Force AES-CBC ciphersuites - but it doesn't fix the issue.

The logs:
Mikrotik logs TCP session establiished from :V4 IP Address
VPN client log. TCP revev EOL.

Anybody have simillar issue and fix for this?
Mikrotik support, could You confirm the issue?

Best Regards.
Maciej

edit,
Temporary fix, uninstall new version ovpn client, install old (from internet
beware for trojans minimize risk by scanning apk on virustotal!!!), import profile, disable autoupdate on android market. Works again.
 
macak
just joined
Topic Author
Posts: 4
Joined: Mon Nov 11, 2013 11:19 am

Re: OpenVPN doesn't work after client update.

Mon Apr 06, 2015 10:09 pm

Hello again,

Few holidays bank and I'm found the solution of this issue using google :-). The problem: newer clients are changed TLS. Workaround is described here:

http://code.google.com/p/ics-openvpn/wiki/FAQ
look at part: Connections fails with SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

For lazy guys :-)
To work around the problem on the client add the custom option 'tls-cipher DEFAULT' (add this without quotes in .ovpn config file) on the Android client.

After add this option both clients:
https://play.google.com/store/apps/deta ... pn.openvpn
https://play.google.com/store/apps/deta ... kt.openvpn
back to works.

Question to Mikrotik support. In Your opinion it's safe to use this parameter? Maybe it's time to change TLS cipher used by default?

Thanks for Your attention.
Maciej.
 
djmuk
newbie
Posts: 47
Joined: Mon Jan 18, 2010 8:48 pm

Re: OpenVPN doesn't work after client update.

Mon Sep 07, 2015 12:53 pm

Any chance this could be added to the Wiki on the OVPN page. Something like:
"As of 2015 many Android (and possibly other) clients default to incompatible tls cipher suites.
Add the following line to the CLIENT config:
tls-cipher DEFAULT
"
 
User avatar
vmiro
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Sun Jan 29, 2006 6:53 pm

Re: OpenVPN doesn't work after client update.

Wed Jul 06, 2016 9:22 am

Hi,
Addind tls-cipher DEFAULT  solved the problem to me but in the log I've found this message>

Deprecated TLS cipher name 'DEFAULT', please use IANA name 'DEFAULT'
DEFAULT instead of DEFAULT, interesting.

mIRO
 
 
parksj10
just joined
Posts: 5
Joined: Sun Apr 09, 2017 10:45 pm

Re: OpenVPN doesn't work after client update.

Mon Apr 15, 2019 3:02 am

adding TLS Default worked for me running Tunnleblick on mac os mojave
 
Nathan5591
just joined
Posts: 1
Joined: Mon Apr 15, 2019 12:10 pm

Re: OpenVPN doesn't work after client update.

Mon Apr 15, 2019 12:14 pm

I can confirm having the very same problem.

And what do you mean with “with a firewall rule”? You usually achieve this within client config (I am using “OpenVPN für android”).

Who is online

Users browsing this forum: No registered users and 80 guests