search

schwabe / ics-openvpn

OpenVPN for Android
3.36k stars 1.2k forks source link

How to enforce using IPv4 #1464

Closed Lineflyer closed 2 years ago

Lineflyer commented 2 years ago

General information

  1. Android Version

12

  1. Android Vendor/Custom ROM

Stock ROM

  1. Device

Samsung Galaxy S20

  1. Version of the app (version number/play store version/self-built)

0.7.33 Google Play

Description of the issue

It might be a simple question but I failed to get it working.

I have kind of a special condition, that the server I want to establish an OpenVPN connection with returns a DNS resuolution with IPv6 (AAA) as well as IPv4 (A). However the OpenVPN server is only listening at IPv4 but the app always tries to connect via IPv6 first and waits until timeout (of 60 seconds) until falling back to IPv4 which finally works.

I was unable to find out how to enforce this connection to use IPv4 only either by the config file or in app settings.

I tried proto udp4 in the config file as read in some forums, but could not see any difference.

Log (if applicable)

Log can be delivered upon request. Mainly the Open VPN app logs shows a request to IPv6 and after timeout (..failed to occur within 60 seconds...) it tries with IPv4 and is succesful.

Configuration file

Config can be delivered upon request.

Lineflyer commented 2 years ago

Log of connection setup (anonymized):


2022-03-01 23:50:20 official build 0.7.33 running on samsung SM-G980F (exynos990), Android 12 (SP1A.210812.016) API 31, ABI arm64-v8a, (samsung/x1seea/x1s:12/SP1A.210812.016/G980FXXSDEVB1:user/release-keys)
2022-03-01 23:50:20 Building configuration…
2022-03-01 23:50:20 started Socket Thread
2022-03-01 23:50:20 Network Status: CONNECTED LTE to MOBILE internet
2022-03-01 23:50:20 Debug state info: CONNECTED LTE to MOBILE internet, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED 
2022-03-01 23:50:20 Debug state info: CONNECTED LTE to MOBILE internet, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED 
2022-03-01 23:50:20 P:WARNING: linker: Warning: "/data/app/~~FssTNg7a8kzklB63GeS3Mg==/de.blinkt.openvpn-t0rgvEwMyeQvzW0bYthPXg==/lib/arm64/libovpnexec.so" is not a directory (ignoring)
2022-03-01 23:50:20 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2022-03-01 23:50:20 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations. 
2022-03-01 23:50:20 Current Parameter Settings:
2022-03-01 23:50:20   config = '/data/user/0/de.blinkt.openvpn/cache/android.conf'
2022-03-01 23:50:20   mode = 0
2022-03-01 23:50:20   show_ciphers = DISABLED
2022-03-01 23:50:20   show_digests = DISABLED
2022-03-01 23:50:20   show_engines = DISABLED
2022-03-01 23:50:20   genkey = DISABLED
2022-03-01 23:50:20   genkey_filename = '[UNDEF]'
2022-03-01 23:50:20   key_pass_file = '[UNDEF]'
2022-03-01 23:50:20   show_tls_ciphers = DISABLED
2022-03-01 23:50:20   connect_retry_max = 0
2022-03-01 23:50:20 Connection profiles [0]:
2022-03-01 23:50:20   proto = udp
2022-03-01 23:50:20   local = '[UNDEF]'
2022-03-01 23:50:20   local_port = '[UNDEF]'
2022-03-01 23:50:20   remote = 'home.droescher.eu'
2022-03-01 23:50:20   remote_port = '1294'
2022-03-01 23:50:20   remote_float = ENABLED
2022-03-01 23:50:20   bind_defined = DISABLED
2022-03-01 23:50:20   bind_local = DISABLED
2022-03-01 23:50:20   bind_ipv6_only = DISABLED
2022-03-01 23:50:20   connect_retry_seconds = 2
2022-03-01 23:50:20   connect_timeout = 120
2022-03-01 23:50:20   socks_proxy_server = '[UNDEF]'
2022-03-01 23:50:20   socks_proxy_port = '[UNDEF]'
2022-03-01 23:50:20   tun_mtu = 1500
2022-03-01 23:50:20   tun_mtu_defined = ENABLED
2022-03-01 23:50:20   link_mtu = 1500
2022-03-01 23:50:20   link_mtu_defined = DISABLED
2022-03-01 23:50:20   tun_mtu_extra = 0
2022-03-01 23:50:20   tun_mtu_extra_defined = DISABLED
2022-03-01 23:50:20   mtu_discover_type = -1
2022-03-01 23:50:20   fragment = 0
2022-03-01 23:50:20   mssfix = 1492
2022-03-01 23:50:20   mssfix_encap = ENABLED
2022-03-01 23:50:20   explicit_exit_notification = 0
2022-03-01 23:50:20   tls_auth_file = '[UNDEF]'
2022-03-01 23:50:20   key_direction = not set
2022-03-01 23:50:20   tls_crypt_file = '[UNDEF]'
2022-03-01 23:50:20   tls_crypt_v2_file = '[UNDEF]'
2022-03-01 23:50:20 Connection profiles END
2022-03-01 23:50:20   remote_random = DISABLED
2022-03-01 23:50:20   ipchange = '[UNDEF]'
2022-03-01 23:50:20   dev = 'tun'
2022-03-01 23:50:20   dev_type = '[UNDEF]'
2022-03-01 23:50:20   dev_node = '[UNDEF]'
2022-03-01 23:50:20   lladdr = '[UNDEF]'
2022-03-01 23:50:20   topology = 1
2022-03-01 23:50:20   ifconfig_local = '[UNDEF]'
2022-03-01 23:50:20   ifconfig_remote_netmask = '[UNDEF]'
2022-03-01 23:50:20   ifconfig_noexec = DISABLED
2022-03-01 23:50:20   ifconfig_nowarn = ENABLED
2022-03-01 23:50:20   ifconfig_ipv6_local = '[UNDEF]'
2022-03-01 23:50:20   ifconfig_ipv6_netbits = 0
2022-03-01 23:50:20   ifconfig_ipv6_remote = '[UNDEF]'
2022-03-01 23:50:20   shaper = 0
2022-03-01 23:50:20   mtu_test = 0
2022-03-01 23:50:20   mlock = DISABLED
2022-03-01 23:50:20   keepalive_ping = 0
2022-03-01 23:50:20   keepalive_timeout = 0
2022-03-01 23:50:20   inactivity_timeout = 0
2022-03-01 23:50:20   ping_send_timeout = 0
2022-03-01 23:50:20   ping_rec_timeout = 0
2022-03-01 23:50:20   ping_rec_timeout_action = 0
2022-03-01 23:50:20   ping_timer_remote = DISABLED
2022-03-01 23:50:20   remap_sigusr1 = 0
2022-03-01 23:50:20   persist_tun = ENABLED
2022-03-01 23:50:20   persist_local_ip = DISABLED
2022-03-01 23:50:20   persist_remote_ip = DISABLED
2022-03-01 23:50:20   persist_key = DISABLED
2022-03-01 23:50:20   passtos = DISABLED
2022-03-01 23:50:20   resolve_retry_seconds = 1000000000
2022-03-01 23:50:20   resolve_in_advance = ENABLED
2022-03-01 23:50:20   username = '[UNDEF]'
2022-03-01 23:50:20   groupname = '[UNDEF]'
2022-03-01 23:50:20   chroot_dir = '[UNDEF]'
2022-03-01 23:50:20   cd_dir = '[UNDEF]'
2022-03-01 23:50:20   writepid = '[UNDEF]'
2022-03-01 23:50:20   up_script = '[UNDEF]'
2022-03-01 23:50:20   down_script = '[UNDEF]'
2022-03-01 23:50:20   down_pre = DISABLED
2022-03-01 23:50:20   up_restart = DISABLED
2022-03-01 23:50:20   up_delay = DISABLED
2022-03-01 23:50:20   daemon = DISABLED
2022-03-01 23:50:20   log = DISABLED
2022-03-01 23:50:20   suppress_timestamps = DISABLED
2022-03-01 23:50:20   machine_readable_output = ENABLED
2022-03-01 23:50:20   nice = 0
2022-03-01 23:50:20   verbosity = 4
2022-03-01 23:50:20   mute = 0
2022-03-01 23:50:20   gremlin = 0
2022-03-01 23:50:20   status_file = '[UNDEF]'
2022-03-01 23:50:20   status_file_version = 1
2022-03-01 23:50:20   status_file_update_freq = 60
2022-03-01 23:50:20   occ = ENABLED
2022-03-01 23:50:20   rcvbuf = 0
2022-03-01 23:50:20   sndbuf = 0
2022-03-01 23:50:20   sockflags = 0
2022-03-01 23:50:20   fast_io = DISABLED
2022-03-01 23:50:20   comp.alg = 2
2022-03-01 23:50:20   comp.flags = 1
2022-03-01 23:50:20   route_script = '[UNDEF]'
2022-03-01 23:50:20   route_default_gateway = '[UNDEF]'
2022-03-01 23:50:20   route_default_metric = 0
2022-03-01 23:50:20   route_noexec = DISABLED
2022-03-01 23:50:20   route_delay = 0
2022-03-01 23:50:20   route_delay_window = 30
2022-03-01 23:50:20   route_delay_defined = DISABLED
2022-03-01 23:50:20   route_nopull = DISABLED
2022-03-01 23:50:20   route_gateway_via_dhcp = DISABLED
2022-03-01 23:50:20   allow_pull_fqdn = DISABLED
2022-03-01 23:50:20   management_addr = '/data/user/0/de.blinkt.openvpn/cache/mgmtsocket'
2022-03-01 23:50:20   management_port = 'unix'
2022-03-01 23:50:20   management_user_pass = '[UNDEF]'
2022-03-01 23:50:20   management_log_history_cache = 250
2022-03-01 23:50:20   management_echo_buffer_size = 100
2022-03-01 23:50:20   management_write_peer_info_file = '[UNDEF]'
2022-03-01 23:50:20   management_client_user = '[UNDEF]'
2022-03-01 23:50:20   management_client_group = '[UNDEF]'
2022-03-01 23:50:20   management_flags = 16678
2022-03-01 23:50:20   shared_secret_file = '[UNDEF]'
2022-03-01 23:50:20   key_direction = not set
2022-03-01 23:50:20   ciphername = 'AES-128-CBC'
2022-03-01 23:50:20   ncp_ciphers = 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305'
2022-03-01 23:50:20   authname = 'SHA1'
2022-03-01 23:50:20   engine = DISABLED
2022-03-01 23:50:20   replay = ENABLED
2022-03-01 23:50:20   mute_replay_warnings = DISABLED
2022-03-01 23:50:20 Waiting 0s seconds between connection attempt
2022-03-01 23:50:20   replay_window = 64
2022-03-01 23:50:20   replay_time = 15
2022-03-01 23:50:20   packet_id_file = '[UNDEF]'
2022-03-01 23:50:20   test_crypto = DISABLED
2022-03-01 23:50:20   tls_server = DISABLED
2022-03-01 23:50:20   tls_client = ENABLED
2022-03-01 23:50:20   ca_file = '[INLINE]'
2022-03-01 23:50:20   ca_path = '[UNDEF]'
2022-03-01 23:50:20   dh_file = '[UNDEF]'
2022-03-01 23:50:20   cert_file = '[INLINE]'
2022-03-01 23:50:20   extra_certs_file = '[UNDEF]'
2022-03-01 23:50:20   priv_key_file = '[INLINE]'
2022-03-01 23:50:20   pkcs12_file = '[UNDEF]'
2022-03-01 23:50:20   cipher_list = '[UNDEF]'
2022-03-01 23:50:20   cipher_list_tls13 = '[UNDEF]'
2022-03-01 23:50:20   tls_cert_profile = 'legacy'
2022-03-01 23:50:20   tls_verify = '[UNDEF]'
2022-03-01 23:50:20   tls_export_cert = '[UNDEF]'
2022-03-01 23:50:20   verify_x509_type = 0
2022-03-01 23:50:20   verify_x509_name = '[UNDEF]'
2022-03-01 23:50:20   crl_file = '[UNDEF]'
2022-03-01 23:50:20   ns_cert_type = 0
2022-03-01 23:50:20   remote_cert_ku[i] = 65535
2022-03-01 23:50:20   remote_cert_ku[i] = 0
2022-03-01 23:50:20   remote_cert_ku[i] = 0
2022-03-01 23:50:20   remote_cert_ku[i] = 0
2022-03-01 23:50:20   remote_cert_ku[i] = 0
2022-03-01 23:50:20   remote_cert_ku[i] = 0
2022-03-01 23:50:20   remote_cert_ku[i] = 0
2022-03-01 23:50:20   remote_cert_ku[i] = 0
2022-03-01 23:50:20   remote_cert_ku[i] = 0
2022-03-01 23:50:20   remote_cert_ku[i] = 0
2022-03-01 23:50:20   remote_cert_ku[i] = 0
2022-03-01 23:50:20   remote_cert_ku[i] = 0
2022-03-01 23:50:20   remote_cert_ku[i] = 0
2022-03-01 23:50:20   remote_cert_ku[i] = 0
2022-03-01 23:50:20   remote_cert_ku[i] = 0
2022-03-01 23:50:20   remote_cert_ku[i] = 0
2022-03-01 23:50:20   remote_cert_eku = 'TLS Web Server Authentication'
2022-03-01 23:50:20   ssl_flags = 192
2022-03-01 23:50:20   tls_timeout = 2
2022-03-01 23:50:20   renegotiate_bytes = -1
2022-03-01 23:50:20   renegotiate_packets = 0
2022-03-01 23:50:20   renegotiate_seconds = 3600
2022-03-01 23:50:20   handshake_window = 60
2022-03-01 23:50:20   transition_window = 3600
2022-03-01 23:50:20   single_session = DISABLED
2022-03-01 23:50:20   push_peer_info = DISABLED
2022-03-01 23:50:20   tls_exit = DISABLED
2022-03-01 23:50:20   tls_crypt_v2_metadata = '[UNDEF]'
2022-03-01 23:50:20   server_network = 0.0.0.0
2022-03-01 23:50:20   server_netmask = 0.0.0.0
2022-03-01 23:50:20   server_network_ipv6 = ::
2022-03-01 23:50:20   server_netbits_ipv6 = 0
2022-03-01 23:50:20   server_bridge_ip = 0.0.0.0
2022-03-01 23:50:20   server_bridge_netmask = 0.0.0.0
2022-03-01 23:50:20   server_bridge_pool_start = 0.0.0.0
2022-03-01 23:50:20   server_bridge_pool_end = 0.0.0.0
2022-03-01 23:50:20   ifconfig_pool_defined = DISABLED
2022-03-01 23:50:20   ifconfig_pool_start = 0.0.0.0
2022-03-01 23:50:20   ifconfig_pool_end = 0.0.0.0
2022-03-01 23:50:20   ifconfig_pool_netmask = 0.0.0.0
2022-03-01 23:50:20   ifconfig_pool_persist_filename = '[UNDEF]'
2022-03-01 23:50:20   ifconfig_pool_persist_refresh_freq = 600
2022-03-01 23:50:20   ifconfig_ipv6_pool_defined = DISABLED
2022-03-01 23:50:20   ifconfig_ipv6_pool_base = ::
2022-03-01 23:50:20   ifconfig_ipv6_pool_netbits = 0
2022-03-01 23:50:20   n_bcast_buf = 256
2022-03-01 23:50:20   tcp_queue_limit = 64
2022-03-01 23:50:20   real_hash_size = 256
2022-03-01 23:50:20   virtual_hash_size = 256
2022-03-01 23:50:20   client_connect_script = '[UNDEF]'
2022-03-01 23:50:20   learn_address_script = '[UNDEF]'
2022-03-01 23:50:20   client_disconnect_script = '[UNDEF]'
2022-03-01 23:50:20   client_config_dir = '[UNDEF]'
2022-03-01 23:50:20   ccd_exclusive = DISABLED
2022-03-01 23:50:20   tmp_dir = '/data/data/de.blinkt.openvpn/cache'
2022-03-01 23:50:20   push_ifconfig_defined = DISABLED
2022-03-01 23:50:20   push_ifconfig_local = 0.0.0.0
2022-03-01 23:50:20   push_ifconfig_remote_netmask = 0.0.0.0
2022-03-01 23:50:20   push_ifconfig_ipv6_defined = DISABLED
2022-03-01 23:50:20   push_ifconfig_ipv6_local = ::/0
2022-03-01 23:50:20   push_ifconfig_ipv6_remote = ::
2022-03-01 23:50:20   enable_c2c = DISABLED
2022-03-01 23:50:20   duplicate_cn = DISABLED
2022-03-01 23:50:20   cf_max = 0
2022-03-01 23:50:20   cf_per = 0
2022-03-01 23:50:20   max_clients = 1024
2022-03-01 23:50:20   max_routes_per_client = 256
2022-03-01 23:50:20   auth_user_pass_verify_script = '[UNDEF]'
2022-03-01 23:50:20   auth_user_pass_verify_script_via_file = DISABLED
2022-03-01 23:50:20   auth_token_generate = DISABLED
2022-03-01 23:50:20   auth_token_lifetime = 0
2022-03-01 23:50:20   auth_token_secret_file = '[UNDEF]'
2022-03-01 23:50:20   port_share_host = '[UNDEF]'
2022-03-01 23:50:20   port_share_port = '[UNDEF]'
2022-03-01 23:50:20   vlan_tagging = DISABLED
2022-03-01 23:50:20   vlan_accept = all
2022-03-01 23:50:20   vlan_pvid = 1
2022-03-01 23:50:20   client = ENABLED
2022-03-01 23:50:20   pull = ENABLED
2022-03-01 23:50:20   auth_user_pass_file = '[UNDEF]'
2022-03-01 23:50:20 OpenVPN 2.6-icsopenvpn [git:icsopenvpn/v0.7.33-0-g8bc2287a] arm64-v8a [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jan 13 2022
2022-03-01 23:50:20 library versions: OpenSSL 3.0.1 14 Dec 2021, LZO 2.10
2022-03-01 23:50:20 MANAGEMENT: Connected to management server at /data/user/0/de.blinkt.openvpn/cache/mgmtsocket
2022-03-01 23:50:20 MANAGEMENT: CMD 'version 3'
2022-03-01 23:50:20 MANAGEMENT: CMD 'hold release'
2022-03-01 23:50:20 MANAGEMENT: CMD 'bytecount 2'
2022-03-01 23:50:20 MANAGEMENT: CMD 'state on'
2022-03-01 23:50:20 MANAGEMENT: CMD 'proxy NONE'
2022-03-01 23:50:21 LZO compression initializing
2022-03-01 23:50:21 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 headroom:126 payload:1376 tailroom:126 ET:0 ]
2022-03-01 23:50:21 Data Channel MTU parms [ mss_fix:1346 max_frag:0 tun_mtu:1500 headroom:136 payload:1736 tailroom:268 ET:0 ]
2022-03-01 23:50:21 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,auth SHA1,keysize 128,key-method 2,tls-client'
2022-03-01 23:50:21 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,auth SHA1,keysize 128,key-method 2,tls-server'
2022-03-01 23:50:21 TCP/UDP: Preserving recently used remote address: [AF_INET6]xxx:xxx:xxx:ipv6-address:xxxx:xxx:1294
2022-03-01 23:50:21 Socket Buffers: R=[245760->245760] S=[245760->245760]
2022-03-01 23:50:21 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2022-03-01 23:50:21 UDP link local: (not bound)
2022-03-01 23:50:21 UDP link remote: [AF_INET6]xxx:xxx:xxx:ipv6-address:xxxx:xxx::1294
2022-03-01 23:50:21 MANAGEMENT: >STATE:1646175021,WAIT,,,,,,
2022-03-01 23:51:21 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-03-01 23:51:21 TLS Error: TLS handshake failed
2022-03-01 23:51:21 TCP/UDP: Closing socket
2022-03-01 23:51:21 Waiting 2s seconds between connection attempt
2022-03-01 23:51:21 SIGUSR1[soft,tls-error] received, process restarting
2022-03-01 23:51:21 MANAGEMENT: >STATE:1646175081,RECONNECTING,tls-error,,,,,
2022-03-01 23:51:23 MANAGEMENT: CMD 'hold release'
2022-03-01 23:51:23 MANAGEMENT: CMD 'bytecount 2'
2022-03-01 23:51:23 MANAGEMENT: CMD 'state on'
2022-03-01 23:51:23 MANAGEMENT: CMD 'proxy NONE'
2022-03-01 23:51:24 LZO compression initializing
2022-03-01 23:51:24 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 headroom:126 payload:1376 tailroom:126 ET:0 ]
2022-03-01 23:51:24 Data Channel MTU parms [ mss_fix:1346 max_frag:0 tun_mtu:1500 headroom:136 payload:1736 tailroom:268 ET:0 ]
2022-03-01 23:51:24 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,auth SHA1,keysize 128,key-method 2,tls-client'
2022-03-01 23:51:24 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,auth SHA1,keysize 128,key-method 2,tls-server'
2022-03-01 23:51:24 TCP/UDP: Preserving recently used remote address: [AF_INET]ipv4-address:1294
2022-03-01 23:51:24 Socket Buffers: R=[245760->245760] S=[245760->245760]
2022-03-01 23:51:24 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2022-03-01 23:51:24 UDP link local: (not bound)
2022-03-01 23:51:24 UDP link remote: [AF_INET]ipv4-address1294
2022-03-01 23:51:24 MANAGEMENT: >STATE:1646175084,WAIT,,,,,,
2022-03-01 23:51:24 MANAGEMENT: >STATE:1646175084,AUTH,,,,,,
2022-03-01 23:51:24 TLS: Initial packet from [AF_INET]ipv4-address:1294, sid=9e4bcbd3 647cf021
2022-03-01 23:51:24 VERIFY OK: depth=1, C=CN, ST=GD, L=ShenZhen, O=TP-Link, OU=SOHO-I18N, CN=ChangeMe, emailAddress=xxxx@xxxx
2022-03-01 23:51:25 VERIFY KU OK
2022-03-01 23:51:25 Validating certificate extended key usage
2022-03-01 23:51:25 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2022-03-01 23:51:25 VERIFY EKU OK
2022-03-01 23:51:25 VERIFY OK: depth=0, C=CN, ST=GD, L=ShenZhen, O=TP-Link, OU=SOHO-I18N, CN=server, emailAddress=xxxx@xxxx
2022-03-01 23:51:25 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, peer certificate: 1024 bit RSA, signature: RSA-SHA256
2022-03-01 23:51:25 [server] Peer Connection Initiated with [AF_INET]2.205.115.58:1294
2022-03-01 23:51:26 MANAGEMENT: >STATE:1646175086,GET_CONFIG,,,,,,
2022-03-01 23:51:26 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2022-03-01 23:51:26 PUSH: Received control message: 'PUSH_REPLY,route 0.0.0.0 0.0.0.0,redirect-gateway def1,route 10.2.10.0 255.255.255.0,route 10.5.10.0 255.255.255.0,dhcp-option DNS 10.5.10.1,dhcp-option DNS 8.8.8.8,route 10.5.10.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.5.10.10 10.5.10.9,peer-id 1,cipher AES-256-GCM'
2022-03-01 23:51:26 OPTIONS IMPORT: timers and/or timeouts modified
2022-03-01 23:51:26 OPTIONS IMPORT: --ifconfig/up options modified
2022-03-01 23:51:26 OPTIONS IMPORT: route options modified
2022-03-01 23:51:26 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2022-03-01 23:51:26 OPTIONS IMPORT: peer-id set
2022-03-01 23:51:26 OPTIONS IMPORT: data channel crypto options modified
2022-03-01 23:51:26 Data Channel: using negotiated cipher 'AES-256-GCM'
2022-03-01 23:51:26 Data Channel MTU parms [ mss_fix:1399 max_frag:0 tun_mtu:1500 headroom:136 payload:1736 tailroom:268 ET:0 ]
2022-03-01 23:51:26 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-03-01 23:51:26 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-03-01 23:51:26 ROUTE_GATEWAY 127.100.103.119 IFACE=android-gw
2022-03-01 23:51:26 do_ifconfig, ipv4=1, ipv6=0
2022-03-01 23:51:26 MANAGEMENT: >STATE:1646175086,ASSIGN_IP,,10.5.10.10,,,,
2022-03-01 23:51:26 MANAGEMENT: CMD 'needok 'IFCONFIG' ok'
2022-03-01 23:51:26 MANAGEMENT: CMD 'needok 'ROUTE' ok'
2022-03-01 23:51:26 MANAGEMENT: >STATE:1646175086,ADD_ROUTES,,,,,,
2022-03-01 23:51:26 MANAGEMENT: CMD 'needok 'ROUTE' ok'
2022-03-01 23:51:26 MANAGEMENT: CMD 'needok 'ROUTE' ok'
2022-03-01 23:51:26 MANAGEMENT: CMD 'needok 'ROUTE' ok'
2022-03-01 23:51:26 MANAGEMENT: CMD 'needok 'ROUTE' ok'
2022-03-01 23:51:26 MANAGEMENT: CMD 'needok 'DNSSERVER' ok'
2022-03-01 23:51:26 MANAGEMENT: CMD 'needok 'DNSSERVER' ok'
2022-03-01 23:51:26 MANAGEMENT: CMD 'needok 'PERSIST_TUN_ACTION' OPEN_BEFORE_CLOSE'
2022-03-01 23:51:26 Opening tun interface:
2022-03-01 23:51:26 Local IPv4: 10.5.10.10/30 IPv6: (not set) MTU: 1500
2022-03-01 23:51:26 DNS Server: 10.5.10.1, 8.8.8.8, Domain: null
2022-03-01 23:51:26 Routes: 0.0.0.0/0, 10.2.10.0/24, 10.5.10.0/24, 10.5.10.8/30 
2022-03-01 23:51:26 Routes excluded:  
2022-03-01 23:51:26 VpnService routes installed: 0.0.0.0/0 
2022-03-01 23:51:26 Disallowed VPN apps: 
2022-03-01 23:51:26 MANAGEMENT: CMD 'needok 'OPENTUN' ok'
2022-03-01 23:51:26 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2022-03-01 23:51:26 Initialization Sequence Completed
2022-03-01 23:51:26 MANAGEMENT: >STATE:1646175086,CONNECTED,SUCCESS,10.5.10.10,ipv4-address,1294,,
2022-03-01 23:51:26 Debug state info: CONNECTED LTE to MOBILE internet, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
Lineflyer commented 2 years ago

Config file:


client
dev tun
proto udp4
float
nobind
cipher AES-128-CBC
comp-lzo adaptive
resolv-retry infinite
remote-cert-tls server
persist-key
persist-tun
remote home.xxx.xx 1294
<ca>
-----BEGIN CERTIFICATE-----
removed
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
removed
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
removed
-----END PRIVATE KEY-----
</key>
ZTHawk commented 2 years ago

I have the same issue. If I add "proto upd4" in "Server list" tab in "Custom Options" then it is working. This means that the import is ignoring/incorrectly parsing that setting.

schwabe commented 2 years ago

Yes, the import is ignoring udp4/udp6 on purpose. Forcing IPv4 break a lot more often than people think. A lot of mobile networks are DNS64 and NAT64 nowadays.

ZTHawk commented 2 years ago

Unfortunately some servers do no support IPv6 (I wished they do). I tested with my mobile network which is giving me an IPv6. Using custom setting "proto udp4" is working fine. Of course this might break for others.

"proto udp" is defaulting to ipv6 and falling back to ipv4. This is good. But if a config explicitly says to use IPv4 then it should use it. Maybe just add a warning.

schwabe commented 2 years ago

Your server is misconfigured if it resolves to an IPv6 address and only does IPv4.

And no "proto udp" does NOT default to ipv6. It rather uses the suggested order of addresses from getaddrinfo since on a non ipv6 capable system, ipv4 will be tried first.

udp4 and udp6 are hacky workarounds. And as you found out with proto udp4 as custom option that this hacky workaround works. But most people do not understand networking and especially the DNS64/NAT64 well enough, so I currently are very wary of importing udp4 as IPv4 only since that breaks a lot of configs.

Lineflyer commented 2 years ago

Your server is misconfigured if it resolves to an IPv6 address and only does IPv4.

Well, in my situation the internet connected router is DualStack and the Dyndns for it delivers A and AAA logically. But the port forwarded VPN router is IPV4 only. That makes it necessary to connect via IPv4.

If I add "proto upd4" in "Server list" tab in "Custom Options" then it is working.

Need to try this. I only added it to the config file and that made no difference.

Lineflyer commented 2 years ago

Addition:

Just tried it and using the custom option proto udp4 works perfect for me. I just did not expect that adding custom options is any different to what is already contained in the config file. But for my personal need this custom option solution is sufficient (just not documented somewhere, that there is a difference), thus I am fine with closing this issue if there are good reasons to ignore those options in the config file.

MoePeril commented 1 year ago

Configuration file gave me. moeperil2958@gmail.com