iOS disconnects "Authentication failed"

adampski

I'm using a config file generated by the Client Area and I often see the "Authentication Failed" message after I haven't used my phone for a while.

I have "Reconnect at wake up" and "Seamless tunnel" and "Network state detection" enabled/activated but it fails to reconnect without manual intervention.

Been happening for a while now across several updates to iOS, but it's still present on current version of 9.2.1. If not in log file, I'm on OpenVPN 1.0.5 build 177.

Log file: http://pastebin.com/v6ubyWje

SlyFox

This always happens when I am using a UDP connection so I switched to only TCP configs in my ios client. I have only had that problem a couple times in months since switching to TCP. Besides using tcp make sure your setting for connection timeout is never.

My settings: seamless tunnel, connect any network, reconnect wakeup, protocol adaptive, compression full, connection timeout never, network state detection active, google dns fallback on.

OpenSourcerer

compression full

Isn't LZO compression off?

SlyFox

compression full

Isn't LZO compression off?

I am not totally sure all I can do is report my settings which have been working great for 9 months now. I check ipleak a few times a day just out of habit and use my iOS client about 7 hours a day. I have only had to manually reconnect maybe 10-15 times in these 9 months. On my iOS openvpn client I have three options for compression which are 1. No, 2. Full, and 3. Downlink Only. Any thoughts you have are appreciated.

adampski

This always happens when I am using a UDP connection so I switched to only TCP configs in my ios client. I have only had that problem a couple times in months since switching to TCP. Besides using tcp make sure your setting for connection timeout is never.

My settings: seamless tunnel, connect any network, reconnect wakeup, protocol adaptive, compression full, connection timeout never, network state detection active, google dns fallback on.

My config is TCP 443 and all my settings are identical to yours, in addition to having Force AES-CBC ciphersuits and Layer 2 reachability enabled.

OpenSourcerer

LZO has been turned off when AirVPN changed the RSA keys to 4096 bit. I'm wondering a bit why comp-lzo yes does work here..

(Sent via Tapatalk - this generally means I'm not sitting in front of my PC)

adampski

LZO has been turned off when AirVPN changed the RSA keys to 4096 bit. I'm wondering a bit why comp-lzo yes does work here..

(Sent via Tapatalk - this generally means I'm not sitting in front of my PC)

Is this a question you're asking or something you're suggesting I look in to?

OpenSourcerer

Is this a question you're asking or something you're suggesting I look in to?

I asked myself, but I also answered it myself. It's a dynamic directive which doesn't need to be in sync

In your logs, these are relevant repeating lines:

2016-01-26 21:20:44 OS Event: SLEEP
2016-01-26 21:20:44 EVENT: PAUSE
2016-01-26 21:21:05 OS Event: WAKEUP
2016-01-26 21:21:08 RESUME TEST: ReachableViaWWAN
2016-01-26 21:21:08 EVENT: RESUME
2016-01-26 21:21:08 EVENT: RECONNECTING

I assume, turning the screen off triggers a SLEEP OS event, and OpenVPN management then triggers the PAUSE event. When you turn the screen on again, it triggers the events RESUME and RECONNECT.

2016-01-26 21:21:08 Transport Error: TCP connect error on 'gb.vpn.airdns.org:443' ([64:ff9b::5054:3104]:443): No route to host
2016-01-26 21:21:08 Client terminated, restarting in 2...

These two lines indicate the routes are still in existence but the tunnel seems to be dead already. And since you enabled Seamless Tunnel, No route to host is shown. This forces OpenVPN to start a completely new connection:

2016-01-26 21:21:10 Contacting 80.84.49.4:443 via TCP
2016-01-26 21:21:10 EVENT: WAIT
2016-01-26 21:21:10 SetTunnelSocket returned 1
2016-01-26 21:21:10 Connecting to gb.vpn.airdns.org:443 (80.84.49.4) via TCPv4
2016-01-26 21:21:10 EVENT: CONNECTING

In the logs, a message like Authentication Failed does not exist.

We need help from some iOS users here, please respond!

Govira53

Regarding compression, the generated opvn-file (by OpenVPN Configuration Generator) for iOS has the entry 'comp-lzo no'.

This morning my VPN connection on iOS 9.2.1 broke too with the "Authentication Failed" message.

adampski

Is this a question you're asking or something you're suggesting I look in to?

I asked myself, but I also answered it myself. It's a dynamic directive which doesn't need to be in sync

In your logs, these are relevant repeating lines:
2016-01-26 21:20:44 OS Event: SLEEP
2016-01-26 21:20:44 EVENT: PAUSE
2016-01-26 21:21:05 OS Event: WAKEUP
2016-01-26 21:21:08 RESUME TEST: ReachableViaWWAN
2016-01-26 21:21:08 EVENT: RESUME
2016-01-26 21:21:08 EVENT: RECONNECTING
I assume, turning the screen off triggers a SLEEP OS event, and OpenVPN management then triggers the PAUSE event. When you turn the screen on again, it triggers the events RESUME and RECONNECT.
2016-01-26 21:21:08 Transport Error: TCP connect error on 'gb.vpn.airdns.org:443' ([64:ff9b::5054:3104]:443): No route to host
2016-01-26 21:21:08 Client terminated, restarting in 2...
These two lines indicate the routes are still in existence but the tunnel seems to be dead already. And since you enabled Seamless Tunnel, No route to host is shown. This forces OpenVPN to start a completely new connection:
2016-01-26 21:21:10 Contacting 80.84.49.4:443 via TCP
2016-01-26 21:21:10 EVENT: WAIT
2016-01-26 21:21:10 SetTunnelSocket returned 1
2016-01-26 21:21:10 Connecting to gb.vpn.airdns.org:443 (80.84.49.4) via TCPv4
2016-01-26 21:21:10 EVENT: CONNECTING
In the logs, a message like Authentication Failed does not exist.
We need help from some iOS users here, please respond!

Based on what you've told me, is it possible multiple connections are started and these are seen by AirVPN as a unique connection - occupying one of the three and eventually leading to 3/3?

OpenSourcerer

is it possible multiple connections are started and these are seen by AirVPN as a unique connection - occupying one of the three and eventually leading to 3/3?

According to the logs, this is not what is happening:

2016-01-26 21:27:43 Session invalidated: KEEPALIVE_TIMEOUT
2016-01-26 21:27:43 Client terminated, restarting in 2...
2016-01-26 21:27:45 EVENT: RECONNECTING

Starting from 21:27:43 and later, after 50 seconds of every connection keepalive timeouts start to occur. The server should recycle the connection slots after this, but you can of course try it yourself by monitoring the client area while you connect.

Edit: Hold on a second...

2016-01-26 21:29:31 SSL Handshake: TLSv1.2/TLS-DHE-RSA-WITH-AES-256-CBC-SHA
2016-01-26 21:29:31 Session is ACTIVE
2016-01-26 21:29:31 EVENT: GET_CONFIG
2016-01-26 21:29:31 Sending PUSH_REQUEST to server...
2016-01-26 21:29:31 AUTH_FAILED
2016-01-26 21:29:31 EVENT: AUTH_FAILED [ERR]
2016-01-26 21:29:31 EVENT: DISCONNECTED

AUTH_FAILED. The last log entries. It fails to authenticate itself after sending a push request?

Edited ... by giganerd

adampski

AUTH_FAILED. The last log entries. It fails to authenticate itself after sending a push request?

Is this a question you're asking or something you suggest I look in to further?

OpenSourcerer

No, I'm hoping it means something to someone.

iOS disconnects "Authentication failed"

Recommended Posts

Share this post

Link to post

Share this post

Link to post

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

Share this post

Link to post

Share this post

Link to post

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

Share this post

Link to post

Share this post

Link to post

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

Share this post

Link to post

Join the conversation