Jump to content
Not connected, Your IP: 3.17.174.204
spinmaster

Cannot get a OpenVPN connection on iOS (Egypt)

Recommended Posts

Posted ... (edited)

I‘m currently on vacation in Egypt and brought my iPhone & iPad. Surprisingly, I cannot get a OpenVPN connection (in my Hotel WiFi) with any of my AirVPN OpenVPN profiles. Regardless if I use UDP or TCP, tried all sorts of configs with different ports, but I just cannot get a connection.

I also tried a few „fresh“ configs which I just created in the Config generator. 

I download the profile file on my iPhone, then open it in a file manager app on iOS, then click „share with app“ to send the profile straight to OpenVPN to import the file.

This is what the log says when attempting to connect:

[Oct 02, 2023, 15:05:53] EVENT: RECONNECTING

[Oct 02, 2023, 15:05:53] EVENT: RESOLVE

[Oct 02, 2023, 15:05:53] Contacting 185.189.112.21:443 via TCPv4

[Oct 02, 2023, 15:05:53] EVENT: WAIT

[Oct 02, 2023, 15:05:53] Connecting to [de3.vpn.airdns.org]:443 (185.189.112.21) via TCPv4

[Oct 02, 2023, 15:05:53] EVENT: CONNECTING

[Oct 02, 2023, 15:05:53] Tunnel Options:V4,dev-type tun,link-mtu 1588,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA512,keysize 128,key-method 2,tls-client

[Oct 02, 2023, 15:05:53] Creds: UsernameEmpty/PasswordEmpty

[Oct 02, 2023, 15:05:53] Peer Info:
IV_VER=3.git::081bfebe
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_AUTO_SESS=1
UV_IPV6=yes
UV_ASCLI_VER=3.3.4-5176
UV_PLAT_REL=17.0.2
UV_UUID=14DA623A-4DD3-4F75-8E4C-8434BA859924
IV_GUI_VER=net.openvpn.connect.ios_3.3.4-5176
IV_SSO=webauth,openurl,crtext
IV_HWADDR=14DA623A-4DD3-4F75-8E4C-8434BA859924
IV_SSL=OpenSSL 1.1.1n  15 Mar 2022
IV_BS64DL=1


[Oct 02, 2023, 15:05:53] TCP recv error: Connection reset by peer

[Oct 02, 2023, 15:05:53] Transport Error: Transport error on 'de3.vpn.airdns.org: NETWORK_RECV_ERROR

[Oct 02, 2023, 15:05:53] EVENT: TRANSPORT_ERROR Transport error on 'de3.vpn.airdns.org: NETWORK_RECV_ERROR [ERR]

[Oct 02, 2023, 15:05:53] Client terminated, restarting in 5000 ms...

[Oct 02, 2023, 15:05:55] EVENT: DISCONNECTED

[Oct 02, 2023, 15:05:55] EVENT: CORE_THREAD_DONE

[Oct 02, 2023, 15:05:55] EVENT: DISCONNECT_PENDING

[Oct 02, 2023, 15:05:55] Raw stats on disconnect:
  BYTES_IN : 6320
  BYTES_OUT : 1860
  PACKETS_IN : 8
  PACKETS_OUT : 12
  NETWORK_RECV_ERROR : 4
  TRANSPORT_ERROR : 4
  N_RECONNECT : 3


[Oct 02, 2023, 15:05:55] Performance stats on disconnect:
  CPU usage (microseconds): 88050
  Network bytes per CPU second: 92901
  Tunnel bytes per CPU second: 0


An idea why I cannot get a connection? I traveled the world quite a bit in recent years and I pretty much got a connection in all countries I been to at least with TCP on the ususal ports….

Edited ... by OpenSourcerer
Apply LOG format to logs

Share this post


Link to post
Posted ... (edited)

Just tried a fresh iOS Config: TCP/443/Entry IP 3/Tls crypt… no connection.

Is it the ISP blocking? Is it the Hotel IT blocking? Is it something else maybe?

I noticed this in the log, but I don‘t know if its related:

[Oct 02, 2023, 18:23:08] Creds: UsernameEmpty/PasswordEmpty


Here is the new, full log:
 

[Oct 02, 2023, 18:23:08] START CONNECTION

 

[Oct 02, 2023, 18:23:08] ----- OpenVPN Start -----

OpenVPN core 3.git::081bfebe ios arm64 64-bit

 

[Oct 02, 2023, 18:23:08] OpenVPN core 3.git::081bfebe ios arm64 64-bit

 

[Oct 02, 2023, 18:23:08] Frame=512/2048/512 mssfix-ctrl=1250

 

[Oct 02, 2023, 18:23:08] UNUSED OPTIONS

3 [resolv-retry] [infinite]

4 [nobind]

5 [persist-key]

6 [persist-tun]

7 [auth-nocache]

8 [verb] [3]

13 [data-ciphers] [CHACHA20-POLY1305:AES-256-GCM:AES-256-CBC:AES-192-GCM:AES-192-CB...]

14 [data-ciphers-fallback] [AES-256-CBC]

 

[Oct 02, 2023, 18:23:08] EVENT: RESOLVE

 

[Oct 02, 2023, 18:23:08] Contacting 83.143.245.53:443 via TCPv4

 

[Oct 02, 2023, 18:23:08] EVENT: WAIT

 

[Oct 02, 2023, 18:23:08] Connecting to [de3.vpn.airdns.org]:443 (83.143.245.53) via TCPv4

 

[Oct 02, 2023, 18:23:08] EVENT: CONNECTING

 

[Oct 02, 2023, 18:23:08] Tunnel Options:V4,dev-type tun,link-mtu 1588,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA512,keysize 128,key-method 2,tls-client

 

[Oct 02, 2023, 18:23:08] Creds: UsernameEmpty/PasswordEmpty

 

[Oct 02, 2023, 18:23:08] Peer Info:

IV_VER=3.git::081bfebe

IV_PLAT=ios

IV_NCP=2

IV_TCPNL=1

IV_PROTO=30

IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC

IV_LZO_STUB=1

IV_COMP_STUB=1

IV_COMP_STUBv2=1

IV_AUTO_SESS=1

UV_IPV6=yes

UV_ASCLI_VER=3.3.4-5176

UV_PLAT_REL=17.0.2

UV_UUID=14DA623A-4DD3-4F75-8E4C-8434BA859924

IV_GUI_VER=net.openvpn.connect.ios_3.3.4-5176

IV_SSO=webauth,openurl,crtext

IV_HWADDR=14DA623A-4DD3-4F75-8E4C-8434BA859924

IV_SSL=OpenSSL 1.1.1n  15 Mar 2022

IV_BS64DL=1

 

 

[Oct 02, 2023, 18:23:08] TCP recv error: Connection reset by peer

 

[Oct 02, 2023, 18:23:08] Transport Error: Transport error on 'de3.vpn.airdns.org: NETWORK_RECV_ERROR

 

[Oct 02, 2023, 18:23:08] EVENT: TRANSPORT_ERROR Transport error on 'de3.vpn.airdns.org: NETWORK_RECV_ERROR [ERR]

 

[Oct 02, 2023, 18:23:08] Client terminated, restarting in 5000 ms...

 

[Oct 02, 2023, 18:23:11] RECONNECT TEST: Internet:ReachableViaWiFi/-R -------

 

[Oct 02, 2023, 18:23:11] EARLY RECONNECT

 

[Oct 02, 2023, 18:23:11] Client terminated, reconnecting in 1...

 

[Oct 02, 2023, 18:23:12] EVENT: RECONNECTING

 

[Oct 02, 2023, 18:23:12] EVENT: RESOLVE

 

[Oct 02, 2023, 18:23:12] Contacting 83.143.245.53:443 via TCPv4

 

[Oct 02, 2023, 18:23:12] EVENT: WAIT

 

[Oct 02, 2023, 18:23:12] Connecting to [de3.vpn.airdns.org]:443 (83.143.245.53) via TCPv4

 

[Oct 02, 2023, 18:23:12] EVENT: CONNECTING

 

[Oct 02, 2023, 18:23:12] Tunnel Options:V4,dev-type tun,link-mtu 1588,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA512,keysize 128,key-method 2,tls-client

 

[Oct 02, 2023, 18:23:12] Creds: UsernameEmpty/PasswordEmpty

 

[Oct 02, 2023, 18:23:12] Peer Info:

IV_VER=3.git::081bfebe

IV_PLAT=ios

IV_NCP=2

IV_TCPNL=1

IV_PROTO=30

IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC

IV_LZO_STUB=1

IV_COMP_STUB=1

IV_COMP_STUBv2=1

IV_AUTO_SESS=1

UV_IPV6=yes

UV_ASCLI_VER=3.3.4-5176

UV_PLAT_REL=17.0.2

UV_UUID=14DA623A-4DD3-4F75-8E4C-8434BA859924

IV_GUI_VER=net.openvpn.connect.ios_3.3.4-5176

IV_SSO=webauth,openurl,crtext

IV_HWADDR=14DA623A-4DD3-4F75-8E4C-8434BA859924

IV_SSL=OpenSSL 1.1.1n  15 Mar 2022

IV_BS64DL=1

 

 

[Oct 02, 2023, 18:23:12] TCP recv error: Connection reset by peer

 

[Oct 02, 2023, 18:23:12] Transport Error: Transport error on 'de3.vpn.airdns.org: NETWORK_RECV_ERROR

 

[Oct 02, 2023, 18:23:12] EVENT: TRANSPORT_ERROR Transport error on 'de3.vpn.airdns.org: NETWORK_RECV_ERROR [ERR]

 

[Oct 02, 2023, 18:23:12] Client terminated, restarting in 5000 ms...

Edited ... by OpenSourcerer
Apply LOG format to logs

Share this post


Link to post
12 hours ago, spinmaster said:

Just tried a fresh iOS Config: TCP/443/Entry IP 3/Tls crypt… no connection.

Is it the ISP blocking? Is it the Hotel IT blocking? Is it something else maybe?

I noticed this in the log, but I don‘t know if its related:

[Oct 02, 2023, 18:23:08] Creds: UsernameEmpty/PasswordEmpty


Here is the new, full log:
 

[Oct 02, 2023, 18:23:08] START CONNECTION

 

[Oct 02, 2023, 18:23:08] ----- OpenVPN Start -----

OpenVPN core 3.git::081bfebe ios arm64 64-bit

 

[Oct 02, 2023, 18:23:08] OpenVPN core 3.git::081bfebe ios arm64 64-bit

 

[Oct 02, 2023, 18:23:08] Frame=512/2048/512 mssfix-ctrl=1250

 

[Oct 02, 2023, 18:23:08] UNUSED OPTIONS

3 [resolv-retry] [infinite]

4 [nobind]

5 [persist-key]

6 [persist-tun]

7 [auth-nocache]

8 [verb] [3]

13 [data-ciphers] [CHACHA20-POLY1305:AES-256-GCM:AES-256-CBC:AES-192-GCM:AES-192-CB...]

14 [data-ciphers-fallback] [AES-256-CBC]

 

[Oct 02, 2023, 18:23:08] EVENT: RESOLVE

 

[Oct 02, 2023, 18:23:08] Contacting 83.143.245.53:443 via TCPv4

 

[Oct 02, 2023, 18:23:08] EVENT: WAIT

 

[Oct 02, 2023, 18:23:08] Connecting to [de3.vpn.airdns.org]:443 (83.143.245.53) via TCPv4

 

[Oct 02, 2023, 18:23:08] EVENT: CONNECTING

 

[Oct 02, 2023, 18:23:08] Tunnel Options:V4,dev-type tun,link-mtu 1588,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA512,keysize 128,key-method 2,tls-client

 

[Oct 02, 2023, 18:23:08] Creds: UsernameEmpty/PasswordEmpty

 

[Oct 02, 2023, 18:23:08] Peer Info:

IV_VER=3.git::081bfebe

IV_PLAT=ios

IV_NCP=2

IV_TCPNL=1

IV_PROTO=30

IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC

IV_LZO_STUB=1

IV_COMP_STUB=1

IV_COMP_STUBv2=1

IV_AUTO_SESS=1

UV_IPV6=yes

UV_ASCLI_VER=3.3.4-5176

UV_PLAT_REL=17.0.2

UV_UUID=14DA623A-4DD3-4F75-8E4C-8434BA859924

IV_GUI_VER=net.openvpn.connect.ios_3.3.4-5176

IV_SSO=webauth,openurl,crtext

IV_HWADDR=14DA623A-4DD3-4F75-8E4C-8434BA859924

IV_SSL=OpenSSL 1.1.1n  15 Mar 2022

IV_BS64DL=1

 

 

[Oct 02, 2023, 18:23:08] TCP recv error: Connection reset by peer

 

[Oct 02, 2023, 18:23:08] Transport Error: Transport error on 'de3.vpn.airdns.org: NETWORK_RECV_ERROR

 

[Oct 02, 2023, 18:23:08] EVENT: TRANSPORT_ERROR Transport error on 'de3.vpn.airdns.org: NETWORK_RECV_ERROR [ERR]

 

[Oct 02, 2023, 18:23:08] Client terminated, restarting in 5000 ms...

 

[Oct 02, 2023, 18:23:11] RECONNECT TEST: Internet:ReachableViaWiFi/-R -------

 

[Oct 02, 2023, 18:23:11] EARLY RECONNECT

 

[Oct 02, 2023, 18:23:11] Client terminated, reconnecting in 1...

 

[Oct 02, 2023, 18:23:12] EVENT: RECONNECTING

 

[Oct 02, 2023, 18:23:12] EVENT: RESOLVE

 

[Oct 02, 2023, 18:23:12] Contacting 83.143.245.53:443 via TCPv4

 

[Oct 02, 2023, 18:23:12] EVENT: WAIT

 

[Oct 02, 2023, 18:23:12] Connecting to [de3.vpn.airdns.org]:443 (83.143.245.53) via TCPv4

 

[Oct 02, 2023, 18:23:12] EVENT: CONNECTING

 

[Oct 02, 2023, 18:23:12] Tunnel Options:V4,dev-type tun,link-mtu 1588,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA512,keysize 128,key-method 2,tls-client

 

[Oct 02, 2023, 18:23:12] Creds: UsernameEmpty/PasswordEmpty

 

[Oct 02, 2023, 18:23:12] Peer Info:

IV_VER=3.git::081bfebe

IV_PLAT=ios

IV_NCP=2

IV_TCPNL=1

IV_PROTO=30

IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC

IV_LZO_STUB=1

IV_COMP_STUB=1

IV_COMP_STUBv2=1

IV_AUTO_SESS=1

UV_IPV6=yes

UV_ASCLI_VER=3.3.4-5176

UV_PLAT_REL=17.0.2

UV_UUID=14DA623A-4DD3-4F75-8E4C-8434BA859924

IV_GUI_VER=net.openvpn.connect.ios_3.3.4-5176

IV_SSO=webauth,openurl,crtext

IV_HWADDR=14DA623A-4DD3-4F75-8E4C-8434BA859924

IV_SSL=OpenSSL 1.1.1n  15 Mar 2022

IV_BS64DL=1

 

 

[Oct 02, 2023, 18:23:12] TCP recv error: Connection reset by peer

 

[Oct 02, 2023, 18:23:12] Transport Error: Transport error on 'de3.vpn.airdns.org: NETWORK_RECV_ERROR

 

[Oct 02, 2023, 18:23:12] EVENT: TRANSPORT_ERROR Transport error on 'de3.vpn.airdns.org: NETWORK_RECV_ERROR [ERR]

 

[Oct 02, 2023, 18:23:12] Client terminated, restarting in 5000 ms...


I've used configs imported into openvpn connect and used AirVPN no problem.

I'm seeing several problems in the logs if I read them correctly. 

1) Air doesn't use username/password so them being empty is normal but the app you're using should use the cert/key instead.

2) what may actually be stopping connection is that it seems to be trying bf-cbc for data channel cipher.  Air doesn't support that.

3) I'm also concerned that your app may be trying to use compression and Air doesn't use that either.

Share this post


Link to post

Thanks for your help! Couple of things:

DNS can be ruled out: I checked with IPleak and Hotel WiFi was using Google DNS not ISP DNS. Also tried manually setting Quad9 DNS, but made no difference.

Just so there is no misunderstanding: I am only using OpenVPN for iOS, nothing else. I also didnt change any of the advanced settings when creating the iOS config file in the config creator: cipher, etc is all left on automatic. Basically I am creating a standard Profile file for iOS here and importing it straight to OpenVPN iOS. Done it a ton of times before without any issues.

Any other ideas what I could check or try?

Share this post


Link to post
@spinmaster
"3rd October, Egyptian Internet users began to report problems with OpenVPN connections, and since then it has too been unavailable."
This is the current situation. Anything VPN-related is blocked!
Enjoy your vacation! :)
 

Share this post


Link to post
1 hour ago, Flx said:
@spinmaster
"3rd October, Egyptian Internet users began to report problems with OpenVPN connections, and since then it has too been unavailable."
 

Thanks, where did you get this info from? I thought TCP on Port 443 with tls-crypt would more or less almost be „undetactable“, how can this connection still be detected as an OpenVPN connection? I‘m pretty surprised…

The reason I needed the Air connection here is not so much for „Hotel WiFi security“, but a couple of sites and services in my home country cannot be accessed and are apparently been blocked with access from Egypt :(

Share this post


Link to post
16 hours ago, spinmaster said:

Thanks, where did you get this info from? I thought TCP on Port 443 with tls-crypt would more or less almost be „undetactable“, how can this connection still be detected as an OpenVPN connection? I‘m pretty surprised…

The reason I needed the Air connection here is not so much for „Hotel WiFi security“, but a couple of sites and services in my home country cannot be accessed and are apparently been blocked with access from Egypt :(

it's working for me right now so no idea what's happening for you or with what Flx said.

Share this post


Link to post
1 hour ago, go558a83nk said:

it's working for me right now so no idea what's happening for you or with what Flx said.
Are you also on OpenVPN iOS (Mobile) or are you talking about Eddie Desktop connecting in Egypt? Again, I only have my smart phone O can use and which is refusing to connect via OpenVPN.

There are indeed a few sites reporting that Egyptian Government is actively blocking OpenVPN by using Deep Packet Inspection. However, the same site also mentions:

Egypt blocks TCP and UDP for OpenVPN. However, the TCP port 443 used for TSL encryption is employed by HTTPS. The government cannot block this port else all online shopping and banking will be restricted. You can direct your OpenVPN through this port and the government won’t be able to find out if it is VPN traffic or regular traffic because deep packet inspections are unusable for TSL/SSL.“

Share this post


Link to post
4 hours ago, spinmaster said:
Are you also on OpenVPN iOS (Mobile) or are you talking about Eddie Desktop connecting in Egypt? Again, I only have my smart phone O can use and which is refusing to connect via OpenVPN.

There are indeed a few sites reporting that Egyptian Government is actively blocking OpenVPN by using Deep Packet Inspection. However, the same site also mentions:

Egypt blocks TCP and UDP for OpenVPN. However, the TCP port 443 used for TSL encryption is employed by HTTPS. The government cannot block this port else all online shopping and banking will be restricted. You can direct your OpenVPN through this port and the government won’t be able to find out if it is VPN traffic or regular traffic because deep packet inspections are unusable for TSL/SSL.“


I'm connected with pfsense right now and just tested a config in openvpn connect on iOS and it worked too. 

Share this post


Link to post
On 10/6/2023 at 7:36 PM, go558a83nk said:


I'm connected with pfsense right now and just tested a config in openvpn connect on iOS and it worked too. 
Well, then i have no idea why it doesn‘t connect on my phone, despite using TCP/443. Anyway, as I will not figure it out during this holiday, thanks to all who gave input in this thread.

Share this post


Link to post
On 10/8/2023 at 8:01 AM, spinmaster said:

Well, then i have no idea why it doesn‘t connect on my phone, despite using TCP/443. Anyway, as I will not figure it out during this holiday, thanks to all who gave input in this thread.


Are you using the entry IP with tls-crypt for OpenVPN?
The only other explanations are:
- maybe they are not resolving known DNS hostnames for VPNs, case in which you can use advanced config and use raw ip addresses for connections instead of hostnames that need to be resolved;

- less likely as it involves more effort from there / more knowledge and information gathering / research among major VPN providers: blocking / blacklisting IP addresses that are known to be VPN servers.

Share this post


Link to post
On 10/10/2023 at 9:50 PM, ss11 said:

Are you using the entry IP with tls-crypt for OpenVPN?
The only other explanations are:
- maybe they are not resolving known DNS hostnames for VPNs, case in which you can use advanced config and use raw ip addresses for connections instead of hostnames that need to be resolved;

- less likely as it involves more effort from there / more knowledge and information gathering / research among major VPN providers: blocking / blacklisting IP addresses that are known to be VPN servers.

Quick update: I am back home and no longer in Egypt, so I couldn't do any more tests. I was however using the Entry-IP with tls-crypt in my configs for OpenVPN. I eventually gave up testing since I had better things to do in my holiday. 🌴😎 I had not tried using the DNS IPs with an advanced config: I did not bring my Laptop and were just using my iPhone for all this, creating configs on the tiny screen was not the greatest process 😉

One thing I would mention though is, that close to the end of my visit I spoke with another guest in the Hotel where I stayed and we somehow talked about tech stuff. I mentioned that I was not able to connect via OpenVPN on my phone and he said that apparently OpenVPN would be blocked on application layer already (network layer 7) and that therefore there would be no chance to use OpenVPN. I said that I had tried using TCP/443, but he said that the block would be regardless because of the application layer block.

Could he have been right and does this make sense?

Share this post


Link to post

I guess he means DPI (Deep Packet Inspection), a technology which exists, but as far as I know (could be wrong) OpenVPN with tls-crypt on TCP 443 looks like HTTPS so there is no real way to block that without blocking HTTPS (or better say the entire internet, making everything not usable). OpenVPN traffic can be distinguished on TCP 443 and differentiate comparing to HTTPS only in case OpenVPN is running without tls-crypt and with tls-auth instead, but again includes DPI with a lot of overhead and resources consumption.

I think it's much easier and cheaper for them to just block known vpn providers at DNS level ;)

Who goes next time in Egypt should test this, just to be curios. In Turkey I was able to use AirVPN on OpenVPN @ TCP 443 and worked just fine, with own DNS server.

Share this post


Link to post
11 hours ago, ss11 said:


Who goes next time in Egypt should test this, just to be curios. In Turkey I was able to use AirVPN on OpenVPN @ TCP 443 and worked just fine, with own DNS server.


I thought I was clear enough in my posts....I'm *in* Egypt and I'm using openvpn no problem.  That's why I stressed to the OP that it should be working and there are other problems causing the issue.

Share this post


Link to post

Hello!

We just had confirmation from another user that AirVPN is accessible from Egypt through the connection mode mentioned by @go558a83nk - therefore we feel to "validate" fully what @go558a83nk wrote.
We invite anyone experiencing problems from Egypt to open a ticket, the support team is available 24/7.

Kind regards
 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...