spinmaster 30 Posted ... (edited) I‘m currently on vacation in Egypt and brought my iPhone & iPad. Surprisingly, I cannot get a OpenVPN connection (in my Hotel WiFi) with any of my AirVPN OpenVPN profiles. Regardless if I use UDP or TCP, tried all sorts of configs with different ports, but I just cannot get a connection. I also tried a few „fresh“ configs which I just created in the Config generator. I download the profile file on my iPhone, then open it in a file manager app on iOS, then click „share with app“ to send the profile straight to OpenVPN to import the file. This is what the log says when attempting to connect: [Oct 02, 2023, 15:05:53] EVENT: RECONNECTING [Oct 02, 2023, 15:05:53] EVENT: RESOLVE [Oct 02, 2023, 15:05:53] Contacting 185.189.112.21:443 via TCPv4 [Oct 02, 2023, 15:05:53] EVENT: WAIT [Oct 02, 2023, 15:05:53] Connecting to [de3.vpn.airdns.org]:443 (185.189.112.21) via TCPv4 [Oct 02, 2023, 15:05:53] EVENT: CONNECTING [Oct 02, 2023, 15:05:53] Tunnel Options:V4,dev-type tun,link-mtu 1588,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA512,keysize 128,key-method 2,tls-client [Oct 02, 2023, 15:05:53] Creds: UsernameEmpty/PasswordEmpty [Oct 02, 2023, 15:05:53] Peer Info: IV_VER=3.git::081bfebe IV_PLAT=ios IV_NCP=2 IV_TCPNL=1 IV_PROTO=30 IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC IV_LZO_STUB=1 IV_COMP_STUB=1 IV_COMP_STUBv2=1 IV_AUTO_SESS=1 UV_IPV6=yes UV_ASCLI_VER=3.3.4-5176 UV_PLAT_REL=17.0.2 UV_UUID=14DA623A-4DD3-4F75-8E4C-8434BA859924 IV_GUI_VER=net.openvpn.connect.ios_3.3.4-5176 IV_SSO=webauth,openurl,crtext IV_HWADDR=14DA623A-4DD3-4F75-8E4C-8434BA859924 IV_SSL=OpenSSL 1.1.1n 15 Mar 2022 IV_BS64DL=1 [Oct 02, 2023, 15:05:53] TCP recv error: Connection reset by peer [Oct 02, 2023, 15:05:53] Transport Error: Transport error on 'de3.vpn.airdns.org: NETWORK_RECV_ERROR [Oct 02, 2023, 15:05:53] EVENT: TRANSPORT_ERROR Transport error on 'de3.vpn.airdns.org: NETWORK_RECV_ERROR [ERR] [Oct 02, 2023, 15:05:53] Client terminated, restarting in 5000 ms... [Oct 02, 2023, 15:05:55] EVENT: DISCONNECTED [Oct 02, 2023, 15:05:55] EVENT: CORE_THREAD_DONE [Oct 02, 2023, 15:05:55] EVENT: DISCONNECT_PENDING [Oct 02, 2023, 15:05:55] Raw stats on disconnect: BYTES_IN : 6320 BYTES_OUT : 1860 PACKETS_IN : 8 PACKETS_OUT : 12 NETWORK_RECV_ERROR : 4 TRANSPORT_ERROR : 4 N_RECONNECT : 3 [Oct 02, 2023, 15:05:55] Performance stats on disconnect: CPU usage (microseconds): 88050 Network bytes per CPU second: 92901 Tunnel bytes per CPU second: 0 An idea why I cannot get a connection? I traveled the world quite a bit in recent years and I pretty much got a connection in all countries I been to at least with TCP on the ususal ports…. Edited ... by OpenSourcerer Apply LOG format to logs Quote Share this post Link to post
go558a83nk 362 Posted ... TCP using tls-crypt (entry IP 3 or 4) work, I know first hand. Quote Share this post Link to post
spinmaster 30 Posted ... (edited) Just tried a fresh iOS Config: TCP/443/Entry IP 3/Tls crypt… no connection. Is it the ISP blocking? Is it the Hotel IT blocking? Is it something else maybe? I noticed this in the log, but I don‘t know if its related: [Oct 02, 2023, 18:23:08] Creds: UsernameEmpty/PasswordEmpty Here is the new, full log: [Oct 02, 2023, 18:23:08] START CONNECTION [Oct 02, 2023, 18:23:08] ----- OpenVPN Start ----- OpenVPN core 3.git::081bfebe ios arm64 64-bit [Oct 02, 2023, 18:23:08] OpenVPN core 3.git::081bfebe ios arm64 64-bit [Oct 02, 2023, 18:23:08] Frame=512/2048/512 mssfix-ctrl=1250 [Oct 02, 2023, 18:23:08] UNUSED OPTIONS 3 [resolv-retry] [infinite] 4 [nobind] 5 [persist-key] 6 [persist-tun] 7 [auth-nocache] 8 [verb] [3] 13 [data-ciphers] [CHACHA20-POLY1305:AES-256-GCM:AES-256-CBC:AES-192-GCM:AES-192-CB...] 14 [data-ciphers-fallback] [AES-256-CBC] [Oct 02, 2023, 18:23:08] EVENT: RESOLVE [Oct 02, 2023, 18:23:08] Contacting 83.143.245.53:443 via TCPv4 [Oct 02, 2023, 18:23:08] EVENT: WAIT [Oct 02, 2023, 18:23:08] Connecting to [de3.vpn.airdns.org]:443 (83.143.245.53) via TCPv4 [Oct 02, 2023, 18:23:08] EVENT: CONNECTING [Oct 02, 2023, 18:23:08] Tunnel Options:V4,dev-type tun,link-mtu 1588,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA512,keysize 128,key-method 2,tls-client [Oct 02, 2023, 18:23:08] Creds: UsernameEmpty/PasswordEmpty [Oct 02, 2023, 18:23:08] Peer Info: IV_VER=3.git::081bfebe IV_PLAT=ios IV_NCP=2 IV_TCPNL=1 IV_PROTO=30 IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC IV_LZO_STUB=1 IV_COMP_STUB=1 IV_COMP_STUBv2=1 IV_AUTO_SESS=1 UV_IPV6=yes UV_ASCLI_VER=3.3.4-5176 UV_PLAT_REL=17.0.2 UV_UUID=14DA623A-4DD3-4F75-8E4C-8434BA859924 IV_GUI_VER=net.openvpn.connect.ios_3.3.4-5176 IV_SSO=webauth,openurl,crtext IV_HWADDR=14DA623A-4DD3-4F75-8E4C-8434BA859924 IV_SSL=OpenSSL 1.1.1n 15 Mar 2022 IV_BS64DL=1 [Oct 02, 2023, 18:23:08] TCP recv error: Connection reset by peer [Oct 02, 2023, 18:23:08] Transport Error: Transport error on 'de3.vpn.airdns.org: NETWORK_RECV_ERROR [Oct 02, 2023, 18:23:08] EVENT: TRANSPORT_ERROR Transport error on 'de3.vpn.airdns.org: NETWORK_RECV_ERROR [ERR] [Oct 02, 2023, 18:23:08] Client terminated, restarting in 5000 ms... [Oct 02, 2023, 18:23:11] RECONNECT TEST: Internet:ReachableViaWiFi/-R ------- [Oct 02, 2023, 18:23:11] EARLY RECONNECT [Oct 02, 2023, 18:23:11] Client terminated, reconnecting in 1... [Oct 02, 2023, 18:23:12] EVENT: RECONNECTING [Oct 02, 2023, 18:23:12] EVENT: RESOLVE [Oct 02, 2023, 18:23:12] Contacting 83.143.245.53:443 via TCPv4 [Oct 02, 2023, 18:23:12] EVENT: WAIT [Oct 02, 2023, 18:23:12] Connecting to [de3.vpn.airdns.org]:443 (83.143.245.53) via TCPv4 [Oct 02, 2023, 18:23:12] EVENT: CONNECTING [Oct 02, 2023, 18:23:12] Tunnel Options:V4,dev-type tun,link-mtu 1588,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA512,keysize 128,key-method 2,tls-client [Oct 02, 2023, 18:23:12] Creds: UsernameEmpty/PasswordEmpty [Oct 02, 2023, 18:23:12] Peer Info: IV_VER=3.git::081bfebe IV_PLAT=ios IV_NCP=2 IV_TCPNL=1 IV_PROTO=30 IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC IV_LZO_STUB=1 IV_COMP_STUB=1 IV_COMP_STUBv2=1 IV_AUTO_SESS=1 UV_IPV6=yes UV_ASCLI_VER=3.3.4-5176 UV_PLAT_REL=17.0.2 UV_UUID=14DA623A-4DD3-4F75-8E4C-8434BA859924 IV_GUI_VER=net.openvpn.connect.ios_3.3.4-5176 IV_SSO=webauth,openurl,crtext IV_HWADDR=14DA623A-4DD3-4F75-8E4C-8434BA859924 IV_SSL=OpenSSL 1.1.1n 15 Mar 2022 IV_BS64DL=1 [Oct 02, 2023, 18:23:12] TCP recv error: Connection reset by peer [Oct 02, 2023, 18:23:12] Transport Error: Transport error on 'de3.vpn.airdns.org: NETWORK_RECV_ERROR [Oct 02, 2023, 18:23:12] EVENT: TRANSPORT_ERROR Transport error on 'de3.vpn.airdns.org: NETWORK_RECV_ERROR [ERR] [Oct 02, 2023, 18:23:12] Client terminated, restarting in 5000 ms... Edited ... by OpenSourcerer Apply LOG format to logs Quote Share this post Link to post
go558a83nk 362 Posted ... 12 hours ago, spinmaster said: Just tried a fresh iOS Config: TCP/443/Entry IP 3/Tls crypt… no connection. Is it the ISP blocking? Is it the Hotel IT blocking? Is it something else maybe? I noticed this in the log, but I don‘t know if its related: [Oct 02, 2023, 18:23:08] Creds: UsernameEmpty/PasswordEmpty Here is the new, full log: [Oct 02, 2023, 18:23:08] START CONNECTION [Oct 02, 2023, 18:23:08] ----- OpenVPN Start ----- OpenVPN core 3.git::081bfebe ios arm64 64-bit [Oct 02, 2023, 18:23:08] OpenVPN core 3.git::081bfebe ios arm64 64-bit [Oct 02, 2023, 18:23:08] Frame=512/2048/512 mssfix-ctrl=1250 [Oct 02, 2023, 18:23:08] UNUSED OPTIONS 3 [resolv-retry] [infinite] 4 [nobind] 5 [persist-key] 6 [persist-tun] 7 [auth-nocache] 8 [verb] [3] 13 [data-ciphers] [CHACHA20-POLY1305:AES-256-GCM:AES-256-CBC:AES-192-GCM:AES-192-CB...] 14 [data-ciphers-fallback] [AES-256-CBC] [Oct 02, 2023, 18:23:08] EVENT: RESOLVE [Oct 02, 2023, 18:23:08] Contacting 83.143.245.53:443 via TCPv4 [Oct 02, 2023, 18:23:08] EVENT: WAIT [Oct 02, 2023, 18:23:08] Connecting to [de3.vpn.airdns.org]:443 (83.143.245.53) via TCPv4 [Oct 02, 2023, 18:23:08] EVENT: CONNECTING [Oct 02, 2023, 18:23:08] Tunnel Options:V4,dev-type tun,link-mtu 1588,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA512,keysize 128,key-method 2,tls-client [Oct 02, 2023, 18:23:08] Creds: UsernameEmpty/PasswordEmpty [Oct 02, 2023, 18:23:08] Peer Info: IV_VER=3.git::081bfebe IV_PLAT=ios IV_NCP=2 IV_TCPNL=1 IV_PROTO=30 IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC IV_LZO_STUB=1 IV_COMP_STUB=1 IV_COMP_STUBv2=1 IV_AUTO_SESS=1 UV_IPV6=yes UV_ASCLI_VER=3.3.4-5176 UV_PLAT_REL=17.0.2 UV_UUID=14DA623A-4DD3-4F75-8E4C-8434BA859924 IV_GUI_VER=net.openvpn.connect.ios_3.3.4-5176 IV_SSO=webauth,openurl,crtext IV_HWADDR=14DA623A-4DD3-4F75-8E4C-8434BA859924 IV_SSL=OpenSSL 1.1.1n 15 Mar 2022 IV_BS64DL=1 [Oct 02, 2023, 18:23:08] TCP recv error: Connection reset by peer [Oct 02, 2023, 18:23:08] Transport Error: Transport error on 'de3.vpn.airdns.org: NETWORK_RECV_ERROR [Oct 02, 2023, 18:23:08] EVENT: TRANSPORT_ERROR Transport error on 'de3.vpn.airdns.org: NETWORK_RECV_ERROR [ERR] [Oct 02, 2023, 18:23:08] Client terminated, restarting in 5000 ms... [Oct 02, 2023, 18:23:11] RECONNECT TEST: Internet:ReachableViaWiFi/-R ------- [Oct 02, 2023, 18:23:11] EARLY RECONNECT [Oct 02, 2023, 18:23:11] Client terminated, reconnecting in 1... [Oct 02, 2023, 18:23:12] EVENT: RECONNECTING [Oct 02, 2023, 18:23:12] EVENT: RESOLVE [Oct 02, 2023, 18:23:12] Contacting 83.143.245.53:443 via TCPv4 [Oct 02, 2023, 18:23:12] EVENT: WAIT [Oct 02, 2023, 18:23:12] Connecting to [de3.vpn.airdns.org]:443 (83.143.245.53) via TCPv4 [Oct 02, 2023, 18:23:12] EVENT: CONNECTING [Oct 02, 2023, 18:23:12] Tunnel Options:V4,dev-type tun,link-mtu 1588,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA512,keysize 128,key-method 2,tls-client [Oct 02, 2023, 18:23:12] Creds: UsernameEmpty/PasswordEmpty [Oct 02, 2023, 18:23:12] Peer Info: IV_VER=3.git::081bfebe IV_PLAT=ios IV_NCP=2 IV_TCPNL=1 IV_PROTO=30 IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC IV_LZO_STUB=1 IV_COMP_STUB=1 IV_COMP_STUBv2=1 IV_AUTO_SESS=1 UV_IPV6=yes UV_ASCLI_VER=3.3.4-5176 UV_PLAT_REL=17.0.2 UV_UUID=14DA623A-4DD3-4F75-8E4C-8434BA859924 IV_GUI_VER=net.openvpn.connect.ios_3.3.4-5176 IV_SSO=webauth,openurl,crtext IV_HWADDR=14DA623A-4DD3-4F75-8E4C-8434BA859924 IV_SSL=OpenSSL 1.1.1n 15 Mar 2022 IV_BS64DL=1 [Oct 02, 2023, 18:23:12] TCP recv error: Connection reset by peer [Oct 02, 2023, 18:23:12] Transport Error: Transport error on 'de3.vpn.airdns.org: NETWORK_RECV_ERROR [Oct 02, 2023, 18:23:12] EVENT: TRANSPORT_ERROR Transport error on 'de3.vpn.airdns.org: NETWORK_RECV_ERROR [ERR] [Oct 02, 2023, 18:23:12] Client terminated, restarting in 5000 ms... I've used configs imported into openvpn connect and used AirVPN no problem. I'm seeing several problems in the logs if I read them correctly. 1) Air doesn't use username/password so them being empty is normal but the app you're using should use the cert/key instead. 2) what may actually be stopping connection is that it seems to be trying bf-cbc for data channel cipher. Air doesn't support that. 3) I'm also concerned that your app may be trying to use compression and Air doesn't use that either. Quote Share this post Link to post
Flx 76 Posted ... 23 hours ago, spinmaster said: Is it something else maybe? Set the DNS to manual(iPhone/iPad)-switch the DNS to Quad9. Then try to connect. Quote Hide Flx's signature Hide all signatures Guide - EMBY Block ALL interfaces except tap/vpn Windows OS - Configuring your operating system Windows OS - Multi Session/Tunnel Share this post Link to post
spinmaster 30 Posted ... Thanks for your help! Couple of things: DNS can be ruled out: I checked with IPleak and Hotel WiFi was using Google DNS not ISP DNS. Also tried manually setting Quad9 DNS, but made no difference. Just so there is no misunderstanding: I am only using OpenVPN for iOS, nothing else. I also didnt change any of the advanced settings when creating the iOS config file in the config creator: cipher, etc is all left on automatic. Basically I am creating a standard Profile file for iOS here and importing it straight to OpenVPN iOS. Done it a ton of times before without any issues. Any other ideas what I could check or try? Quote Share this post Link to post
Flx 76 Posted ... @spinmaster "3rd October, Egyptian Internet users began to report problems with OpenVPN connections, and since then it has too been unavailable." This is the current situation. Anything VPN-related is blocked! Enjoy your vacation! 1 spinmaster reacted to this Quote Hide Flx's signature Hide all signatures Guide - EMBY Block ALL interfaces except tap/vpn Windows OS - Configuring your operating system Windows OS - Multi Session/Tunnel Share this post Link to post
spinmaster 30 Posted ... 1 hour ago, Flx said: @spinmaster "3rd October, Egyptian Internet users began to report problems with OpenVPN connections, and since then it has too been unavailable." Thanks, where did you get this info from? I thought TCP on Port 443 with tls-crypt would more or less almost be „undetactable“, how can this connection still be detected as an OpenVPN connection? I‘m pretty surprised… The reason I needed the Air connection here is not so much for „Hotel WiFi security“, but a couple of sites and services in my home country cannot be accessed and are apparently been blocked with access from Egypt Quote Share this post Link to post
go558a83nk 362 Posted ... 16 hours ago, spinmaster said: Thanks, where did you get this info from? I thought TCP on Port 443 with tls-crypt would more or less almost be „undetactable“, how can this connection still be detected as an OpenVPN connection? I‘m pretty surprised… The reason I needed the Air connection here is not so much for „Hotel WiFi security“, but a couple of sites and services in my home country cannot be accessed and are apparently been blocked with access from Egypt it's working for me right now so no idea what's happening for you or with what Flx said. Quote Share this post Link to post
spinmaster 30 Posted ... 1 hour ago, go558a83nk said: it's working for me right now so no idea what's happening for you or with what Flx said. Are you also on OpenVPN iOS (Mobile) or are you talking about Eddie Desktop connecting in Egypt? Again, I only have my smart phone O can use and which is refusing to connect via OpenVPN. There are indeed a few sites reporting that Egyptian Government is actively blocking OpenVPN by using Deep Packet Inspection. However, the same site also mentions: “Egypt blocks TCP and UDP for OpenVPN. However, the TCP port 443 used for TSL encryption is employed by HTTPS. The government cannot block this port else all online shopping and banking will be restricted. You can direct your OpenVPN through this port and the government won’t be able to find out if it is VPN traffic or regular traffic because deep packet inspections are unusable for TSL/SSL.“ Quote Share this post Link to post
go558a83nk 362 Posted ... 4 hours ago, spinmaster said: Are you also on OpenVPN iOS (Mobile) or are you talking about Eddie Desktop connecting in Egypt? Again, I only have my smart phone O can use and which is refusing to connect via OpenVPN. There are indeed a few sites reporting that Egyptian Government is actively blocking OpenVPN by using Deep Packet Inspection. However, the same site also mentions: “Egypt blocks TCP and UDP for OpenVPN. However, the TCP port 443 used for TSL encryption is employed by HTTPS. The government cannot block this port else all online shopping and banking will be restricted. You can direct your OpenVPN through this port and the government won’t be able to find out if it is VPN traffic or regular traffic because deep packet inspections are unusable for TSL/SSL.“ I'm connected with pfsense right now and just tested a config in openvpn connect on iOS and it worked too. Quote Share this post Link to post
spinmaster 30 Posted ... On 10/6/2023 at 7:36 PM, go558a83nk said: I'm connected with pfsense right now and just tested a config in openvpn connect on iOS and it worked too. Well, then i have no idea why it doesn‘t connect on my phone, despite using TCP/443. Anyway, as I will not figure it out during this holiday, thanks to all who gave input in this thread. Quote Share this post Link to post
ss11 15 Posted ... On 10/8/2023 at 8:01 AM, spinmaster said: Well, then i have no idea why it doesn‘t connect on my phone, despite using TCP/443. Anyway, as I will not figure it out during this holiday, thanks to all who gave input in this thread. Are you using the entry IP with tls-crypt for OpenVPN? The only other explanations are: - maybe they are not resolving known DNS hostnames for VPNs, case in which you can use advanced config and use raw ip addresses for connections instead of hostnames that need to be resolved; - less likely as it involves more effort from there / more knowledge and information gathering / research among major VPN providers: blocking / blacklisting IP addresses that are known to be VPN servers. Quote Share this post Link to post
spinmaster 30 Posted ... On 10/10/2023 at 9:50 PM, ss11 said: Are you using the entry IP with tls-crypt for OpenVPN? The only other explanations are: - maybe they are not resolving known DNS hostnames for VPNs, case in which you can use advanced config and use raw ip addresses for connections instead of hostnames that need to be resolved; - less likely as it involves more effort from there / more knowledge and information gathering / research among major VPN providers: blocking / blacklisting IP addresses that are known to be VPN servers. Quick update: I am back home and no longer in Egypt, so I couldn't do any more tests. I was however using the Entry-IP with tls-crypt in my configs for OpenVPN. I eventually gave up testing since I had better things to do in my holiday. 🌴😎 I had not tried using the DNS IPs with an advanced config: I did not bring my Laptop and were just using my iPhone for all this, creating configs on the tiny screen was not the greatest process 😉 One thing I would mention though is, that close to the end of my visit I spoke with another guest in the Hotel where I stayed and we somehow talked about tech stuff. I mentioned that I was not able to connect via OpenVPN on my phone and he said that apparently OpenVPN would be blocked on application layer already (network layer 7) and that therefore there would be no chance to use OpenVPN. I said that I had tried using TCP/443, but he said that the block would be regardless because of the application layer block. Could he have been right and does this make sense? Quote Share this post Link to post
ss11 15 Posted ... I guess he means DPI (Deep Packet Inspection), a technology which exists, but as far as I know (could be wrong) OpenVPN with tls-crypt on TCP 443 looks like HTTPS so there is no real way to block that without blocking HTTPS (or better say the entire internet, making everything not usable). OpenVPN traffic can be distinguished on TCP 443 and differentiate comparing to HTTPS only in case OpenVPN is running without tls-crypt and with tls-auth instead, but again includes DPI with a lot of overhead and resources consumption. I think it's much easier and cheaper for them to just block known vpn providers at DNS level Who goes next time in Egypt should test this, just to be curios. In Turkey I was able to use AirVPN on OpenVPN @ TCP 443 and worked just fine, with own DNS server. Quote Share this post Link to post
go558a83nk 362 Posted ... 11 hours ago, ss11 said: Who goes next time in Egypt should test this, just to be curios. In Turkey I was able to use AirVPN on OpenVPN @ TCP 443 and worked just fine, with own DNS server. I thought I was clear enough in my posts....I'm *in* Egypt and I'm using openvpn no problem. That's why I stressed to the OP that it should be working and there are other problems causing the issue. Quote Share this post Link to post
Staff 9972 Posted ... Hello! We just had confirmation from another user that AirVPN is accessible from Egypt through the connection mode mentioned by @go558a83nk - therefore we feel to "validate" fully what @go558a83nk wrote. We invite anyone experiencing problems from Egypt to open a ticket, the support team is available 24/7. Kind regards 1 spinmaster reacted to this Quote Share this post Link to post
Not connected, Your IP: 18.223.43.106
Online: 26511 users - 329733 Mbit/s total BW