OpenVPN for Android was not able to connect to the OpenVPN server of my university after an upgrade of LineageOS with microG (from 20-20230908-microG-FP4 to 20-20231008-microG-FP4). The issue was similar to the one in the referenced issue. So I did the following steps to (try to) mitigate it:
App info: kill the app
retry VPN -> fails again
kill app again
App info -> App battery usage: set to “unrestricted” (was “optimized” before, which worked without any issue)
retry VPN -> now works :tada:
(reproducing for logs) kill app again
App battery usage: set back to ”optimized”
retry VPN -> now works as well :thinking:
This happened for me in work mode. As I couldn’t reproduce the issue, I didn’t tried in “non-work” mode.
Proposed Workaround
It took some time for me to debug this issue. To mitigate this for others in the future as well, maybe introduce a single-time warning for this specific issue that changing the App battery usage could help.
(If there is already one in general, I would still add a second one for when this issue arises. Mostly because it worked for me for the past 8 months with at least 8 similar upgrades without any issue.)
Maybe this is an issue of AOSP as the app was registered & allowed as a VPN service with always-on enabled. However, I’m not that into Android APIs to evaluate that.
Log (if applicable)
(couldn’t reproduce the issue)
Configuration file
config file
```
# Config for OpenVPN 2.x
# Enables connection to GUI
management /data/user/10/de.blinkt.openvpn/cache/mgmtsocket unix
management-client
management-query-passwords
management-hold
setenv IV_GUI_VER "de.blinkt.openvpn 0.7.49"
setenv IV_SSO openurl,webauth,crtext
setenv IV_PLAT_VER "33 13 arm64-v8a Fairphone FP4 FP4"
setenv IV_HWADDR
tls-cert-profile preferred
machine-readable-output
allow-recursive-routing
ifconfig-nowarn
client
verb 4
connect-retry 3 300
resolv-retry 60
dev tun
remote 2a00:1398:0:4::7:6 1194 udp
remote 141.52.226.101 1194 udp
remote 2a00:1398:0:4::7:8 443 tcp-client
remote 141.52.226.103 443 tcp-client
auth-user-pass
-----BEGIN CERTIFICATE-----
MIIFmDCCA4CgAwIBAgIBATANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJERTEq
MCgGA1UECgwhS2FybHNydWhlIEluc3RpdHV0ZSBvZiBUZWNobm9sb2d5MSIwIAYD
VQQDDBlLSVQgU0NDIEluZnJhc3RydWN0dXJlIENBMB4XDTIyMDQyNzEyMTQxOFoX
DTQyMDQyMjEyMTQxOFowXTELMAkGA1UEBhMCREUxKjAoBgNVBAoMIUthcmxzcnVo
ZSBJbnN0aXR1dGUgb2YgVGVjaG5vbG9neTEiMCAGA1UEAwwZS0lUIFNDQyBJbmZy
YXN0cnVjdHVyZSBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANhZ
pGNUERpGZQ8QjpiYCxWFOwkobOlhNHIBBJI4ppJSuztHbr1zEZs/ckBcDJZYekGU
hVZRJTuSSgOr33hCDE3W91wgTr9DPGj0pYpoCQNq7302vqBiZG+0B4YwlBkdQOSA
NbbAQi93uiNJB3yWEWBuyOi6KCkcDHGbxUMN2zlYItAZnNbAQXhCBO0ZOu850SZW
BW3R0whU1oBxmjHJX++KSd6BctaUF51/+YhUkdrvHS/2BltR7v6WkZWLHeVLhma9
vYLvkUpGFO7j2AfySZkP2K9mg1iivVE0DGD7uF4zmE6qveWjk0u0mN4vLIIXD/dn
7Xf5ik+xJquiboAFotKiKtryq8Ikzwe7BRcbuPzxOsflvRlXlbWZ+vGnsSCw49E/
Ia72UrdHYlRwzQRhwxaWAEECqpKgosohc/AnVEHX+i18W+RKt4uu6/qt39CTQBT4
Dr7HCPY6HedWheVyNfGZ+9lgJ2WcgPzooBLggsxeLXEfAQF5g0MYP0MNuQQfC7RD
QB6HYbYhFkXurgCH2XlTM9p67bLQAVvsSITZMOlqUIsZLJ7gOgb7+5MnUBsOaVuY
evInvAm3z3FFh3n+lezBzOIPfBjlswK/EWdqwy9J11sCosZeZ6MTL9xo5Bka0OPS
/Jcs7SXqZBRz3I7SDymken07Br9QtknaVuZxmgLVAgMBAAGjYzBhMB0GA1UdDgQW
BBScMDUcAodWILAMIiD6TsfvJmDH5jAfBgNVHSMEGDAWgBScMDUcAodWILAMIiD6
TsfvJmDH5jAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG
9w0BAQsFAAOCAgEAEUSGASZU4izzTtn4fcyGJQIuyEbv/8zCxztK7kvFQX8eD4Cu
/sd7qofYbUqzSv1rdAPu2zPbjCVabsr5dH3iCiMWvzYGc7laJ9w7xUgZZYzYnP/T
8qG8f3BmQkCE8c8zRvqef+zNYAkhoaXfozEzKz9uNIei2IHFh/uwJWiZ6f3gAhfK
9ia6kn5SJYktKlFB8mlCcIy8TS27XmwaVBCGGEH9o+0+DlpxYX3Tq+YSbWd/H1tI
chc75clSE1zLumPxx+sYpX5Su+NGbhzfA1yO6TTbOBK1tdnFoGTDEnFbgRcVURoI
9pqWvRKScIoRW1QpvPHd5NCgOTFCUbOZzvMTNwQaenuGdy7D+oVDUSp2gzl7rZD5
a07QxuJguE9UaVqWmDhDP9hVD4k4/hVnPO9jCWWz8RXt+M+x5CF/qPPH0SsWj4YQ
VH/QbiPlMXci8rOVTeq56ACZYVPVbXuzlsg58xPX0ZpsRI03+fEAVFg/mlbvDHOb
AcFWnI7PwnIy61Flfozzy7cr/9o0Gr3KEhDskrD3S3H820R8Dbkju+7HjXwQi30p
7ErafTDABmJ8ECWlQ5y/yM7GQ01pdfvpgwZ8rU3pZdJDvWe60nhYCw2TakTIyoCF
OYaApi8ZPkXP4KB2mJdRi1eCh+In7z2bzqad5+z/e6kG/IEX2iB+/IbLj1w=
-----END CERTIFICATE-----
route-ipv6 ::/0
route 0.0.0.0 0.0.0.0 vpn_gateway
nobind
verify-x509-name ovpn.scc.kit.edu name
persist-tun
# persist-tun also enables pre resolving to avoid DNS resolve problem
preresolve
# Use system proxy setting
management-query-proxy
# Custom configuration options
# You are on your on own here :)
# These options found in the config file do not map to config settings:
server-poll-timeout 5
tls-version-min 1.3
```
(original source is [here](https://www.scc.kit.edu/scc/net/openvpn/conf/kit.ovpn))
PS
Thanks for making this app :heart:. It helps me to implement my “always-VPN lifestyle”.
General information
Description of the issue
TL;DR: https://github.com/schwabe/ics-openvpn/issues/472#issuecomment-368308174
OpenVPN for Android was not able to connect to the OpenVPN server of my university after an upgrade of LineageOS with microG (from
20-20230908-microG-FP4to20-20231008-microG-FP4). The issue was similar to the one in the referenced issue. So I did the following steps to (try to) mitigate it:This happened for me in work mode. As I couldn’t reproduce the issue, I didn’t tried in “non-work” mode.
Proposed Workaround
It took some time for me to debug this issue. To mitigate this for others in the future as well, maybe introduce a single-time warning for this specific issue that changing the App battery usage could help.
(If there is already one in general, I would still add a second one for when this issue arises. Mostly because it worked for me for the past 8 months with at least 8 similar upgrades without any issue.)
Maybe this is an issue of AOSP as the app was registered & allowed as a VPN service with always-on enabled. However, I’m not that into Android APIs to evaluate that.
Log (if applicable)
(couldn’t reproduce the issue)
Configuration file
config file
``` # Config for OpenVPN 2.x # Enables connection to GUI management /data/user/10/de.blinkt.openvpn/cache/mgmtsocket unix management-client management-query-passwords management-hold setenv IV_GUI_VER "de.blinkt.openvpn 0.7.49" setenv IV_SSO openurl,webauth,crtext setenv IV_PLAT_VER "33 13 arm64-v8a Fairphone FP4 FP4" setenv IV_HWADDRPS
Thanks for making this app :heart:. It helps me to implement my “always-VPN lifestyle”.