OpenVPN Connect

[spitfire]

OpenVPN Connect (free app - https://itunes.apple.com/pl/app/openvpn-connect/id590379981?mt=8) fails to connect when xCon (& xCon alias) is installed. Works after these are uninstalled.

[Lunat1k]

I have plans to have an exclude list at some point in settings

[Lineos]

YES YES Please do!

I had to remove the jailbreak because of this problem. To watch TV anywhere on my jailbroken iPhone/iPad I need both OpenVPN and xCon.

Any estimate on when we can expect this list?

Kind Regards.

[spitfire]

Why don't you exclude it right now (before you implement this feature)?

[Lunat1k]

Because the current design hooks into all apps and it's not easy to just add a line of code to exclude it. I would have to do it in multiple places and it will take time. Easier to just do it when I implement the exclude app list feature.

[Lineos]

Would an all on/off toggle be a solution? Then I could toggle it off to start OpenVPN, then toggle on before for the TV app. Don't know if this would effect the VPN connection though.

[Lunat1k]

It would be a per app off solution

[jam206]

Just checking this is still on the 2 do list. I have the same issue have resorted to guizmovpn for now but it's not as good as openvpn from app store in my opinion.

[Lunat1k]

I have a bugfix build ready that you can test. Here is the deb file. Please install it with iFile or dpkg from ssh.

http://goo.gl/xPPnn

[jam206]

Thanks for quick reply..But still same error plus broke sky go 2.3 Iphone 5 ios6.1 -Uninstalled old version, uninstalled openvpn, rebooted -Installed new version with iFile, rebooted, installed openvpn, tried to reinstall sky go 2.3 -Same error and also sky go 2.3 which was previously working fine displays doesnt work on jailbroke devices error.

Sorry and thanks for your work tho :)

[jam206]

Removed beta 3, reinstalled beta 2. Now error 9 on Sky go 2.3 which was reported on another thread but I've only just got it after trying beta 3 and rebooting/reverting. ouchh :)

Let me know if you need further info.

[Lunat1k]

Hmm I think I commented something out on the SkyGo stuff. Let me put it back in and give you Beta 4

[jam206]

cool, i had to ring sky cos i've mashed my 4 device limit up now but there gonna get a manager to reset it for me apparently. Will let you know resuilts. Cheers again honestly appreciate the work even though it messed up my sky go.

[Lunat1k]

Here is Beta 4. Hopefully that'll fix your skygo stuff. http://goo.gl/azouI

[jam206]

let you know in a month, have reached my device limit now. it doesnt fix openvpn anyway.

[spitfire]

OpenVPN does NOT work with Beta 4

[jam206]

I'm ok with guizmovpn now to be fair.

[Lineos]

I also updated to beta 4, but still get the same error with OpenVPN: "VPN-On-Demand configuration error: CertificateRef undefined"

[Lunat1k]

K I guess I'll have to setup an OVPN server and see if I can find what is going on.

[Lineos]

In my case the OpenVPN app gives the error before making any connection. Just after flipping the toggle.

[jam206]

yea i would agree with jay, setting up a server probably not necessary it seems to fail as soon as you click the toggle not making any sort of handshaking connection atall. doesnt write anything to the log file either,.

[Lunat1k]

Beta 5 deb file. Let me know. http://goo.gl/FdLh4

[Lunat1k]

Beta 6. Minor fix. http://goo.gl/xPwnr

[Lineos]

Sorry, still the same error. Installed with putty, did a reboot, but still no luck.

[Lunat1k]

K thx. I haven't focused on this specifically but I had some other changes and was curious if it fixed it.

[Lunat1k]

FYI I discovered an iOS 6 behavior change with one of the functions I use. I have adjusted for it. Here is the V38 Beta 7 deb file. Install with iFile or dpkg over ssh.

Please test and provide feedback http://goo.gl/EfC7C

It appears that I do need an OpenVPN profile to test so if I get some more time today I'll setup a server. If you guys can test it for me then please let me know.

[Lineos]

Hi,

I updated to 38b7, but still the same error. A fake client profile would be enough, because the error occurs before connecting.

[Lunat1k]

If you think a fake profile will work can someone generate one. It's been years since i've played with OVPN and I really don't want to have to relearn if you know what i mean.

[jam206]

Indeed a fake profile does replicate the issue. Try this

http://fs06n4.sendspace.com/dl/1d81d4a20a847bd14dc50ff8e89a29ef/51334c7a728f4bf5/nwbrcr/fakeprofile.ovpn

[Lineos]

Yes, Lunat1k, if you share this file in iTunes with OpenVPN, you can reproduce the error

[Lunat1k]

Hmm I get a different error.

2013-03-03 14:52:54 ----- OpenVPN Start ----- 2013-03-03 14:52:54 EVENT: CORE_ERROR PolarSSL: error parsing ca certificate : X509 - The certificate format is invalid, e.g. different type expected [ERR] 2013-03-03 14:52:54 Raw stats on disconnect: 2013-03-03 14:52:54 Performance stats on disconnect: CPU usage (microseconds): 11667 Network bytes per CPU second: 0 Tunnel bytes per CPU second: 0 2013-03-03 14:52:54 ----- OpenVPN Stop ----- 2013-03-03 14:52:54 EVENT: DISCONNECT_PENDING

[Lunat1k]

Even when i'm in safe mode which means xcon isn't loaded I'm getting the same error.

[Lunat1k]

If the profile is using a self signed cert my guess is that you'll need to load the cert into iOS.

[jam206]

hmmm, it is self signed in a linux ovpn server, but the cert is irrelevant if you open it up in notepad you'll see i just changed all the details, then i e-mailed the attached cert to myself, opened it in native e-mail app on iphone and open the attachment it opens up the openvpn client, click import, then it adds the server and you press connect which reproduses the error.

Are you saying you dont get the same behavior?

[Lunat1k]

You have to create valid certs. This is definately not valid.

-----BEGIN CERTIFICATE----- aaaa -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- aaaa -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- aaaa -----END PRIVATE KEY-----

[jam206]

yea its not valid to connect to my server, but it still reproduces the same error in the native openvpn client, I tested by e-mailing it to myself and opening it on ios, are you sure it doesn't reproduce as above?

[Lunat1k]

Until I get a proper ovpn profile I cannot trouble shoot it. And the only hook I see it accessing from my debug logs is not being blocked. I don't think xcon is the problem here.

[Lunat1k]

@jimmy01 the problem with a fake profile is that it has to parse and validate the certificates. If you could just throw a bogus certificate that is a major security violation. of course it'll give you a cert error in this case.

[Lunat1k]

And the point of having a valid cert and private key is for it to encrypt the packets. If the cert is invalid it can't encrypt the data. And if you can't encrypt the data you can't vpn.

[jam206]

well, the thing is when I try to open the fake.ovpn profile on my iphone, it produces the exact same error, infact it doesnt even write to the log file on ios? can you confirm you have added it to your iphone?

The problem is replicated as soon as you click the "on" toggle, it doesnt even attempt to connect to the server and pass certificates.

[jam206]

like this:

[Lunat1k]

That is correct. If you actually tap on the error you'll see the same logs as I do.

[jam206]

hmm. does not write to the log file for me. To be honest Guizmovpn works for me and I recently purchased it so I'm not willing to pass on a proper opvn file to my server without sounding rude.

[Lunat1k]

I don't need your profile. I just need a valid profile. Meaning it has to include valid certs. looking at it I may be able to just put one of my self signed certs in here for now.

[Lineos]

@Lunat1k: When I uninstall xcon and use Jimmy's profile, I get exactly the same error log as you did. That's because it's a fake. But when xcon is installed, I don't get any error log. Just the error shown in Jimmy's image posted earlier. When I tap on that error, the log is clean/blank. GuizmoVPN did work for me too, but I refused to buy it since OpenVPN should work properly.

[jam206]

Well that's strange, I get the same error with my completely valid cert so It would appear a valid ovpn file is irrelevant then seems you can reproduce the error without xcon installed. I'm on 6.01 xcon beta 6, and all cydia updates installed(sbettings + intelliscreen mainly). I could be tempted to send a valid cert but as I said I have it working with guizmovpn so its not a big deal maybe people should just write it off and pay the guizmo its a decent app and you can stick a toggle on sbsettings for it too..

[jam206]

When I remove xcon I get the same error as you with the fakeovpn file. Error parsing CA certificate, with Xcon I get the screenshot above.

[Lunat1k]

Hmm the log should be working. May want to try Beta 7 and see if it fixes the log issue. http://goo.gl/EfC7C However I'll play with the cert piece with a self signed cert. But Usually if it's giving a cert error that means something is wrong with the cert.

[jam206]

Same error, no log file being created so must be to do with something else..

[jam206]

*written, the old log file still exists

[Lunat1k]

From what I noticed it won't create a new log file. It just appends to the same logfile.