chandraonline.net

Sun 31 Jan 2010

64 Responses to “OpenVPN on a Jailbroken Iphone”

1. testman57 Says:
   February 1st, 2010 at 2:20 pm

   Hello,

   I thank you very much for posting this how-to, but it seems some errors got in, possibly due to the blog engine interpreting some character sequences: The “scutil

2. testman57 Says:
   February 1st, 2010 at 2:21 pm

   I am not sure my whole previous message got through, so to summarize, it does not work for me yet (no dns resolution as root, no tunnel ever as mobile) Thanks in advance, testman57

3. Chandra Says:
   February 6th, 2010 at 10:12 pm

   testman57: I updated my instruction to download the script and sample ovpn file instead of putting it in the body of my blog post.

   Try it with this script and see if it works for you.

   Remember to chmod +x update-resolv-conf and try to run it in command line to see if it executes.

   If you use windows to store and transfer the file, you might have to replace the ^M in the file. A simple:

   # Please note ^M is control-M. For the sed line below do a ctrl-V ctrl-M to replace ^M in the file.

   cp update-resolv-conf udpate-resolv-conf.orig
   cat update-resolv-conf.orig | sed “s/^M//g” > update-resolv-conf

4. adam Says:
   February 9th, 2010 at 1:30 pm

   I followed your directions and once I did the, openvpn-iphone –script-security 2 –config conf.ovpn, I was greeted with quite a few messages but it finally stopped @

   tunemu: opening pcap: (no device found) /dev/bpf0: permission denied
   Cannot allocate TUN/TAP dev dynamically
   exiting

5. extenue Says:
   February 10th, 2010 at 1:43 am

   adam , i had same issue ….

   you have to use terminal session with root privilege so just begin with:
   su root (enter)
   fill password and that’s it !

   but i am not able to have the sbsettings toggle working .. , the red icon become green but i never the see the OpenVpn icon and i never jump to my local network

   so today , only way to have OpenVpn working is to use Terminal session directlu on the iPhone , navigate to the correct folder and launch the command you wrote above

   unable to script a little sh batch to launch automatically !!! but the best is to have sbsettings toggle working … please help !!

   and of course i do not forget to thanks Chandra !

6. extenue Says:
   February 10th, 2010 at 2:23 am

   hey ! finally sbtoggle is working i think i have found the issue !

   it’s not
   /usr/bin/openvpn-iphone –script-security 2 –config /var/mobile/Library/OpenVpn/conf.ovpn &

   but

   /usr/bin/openvpn-iphone –script-security 2 –config /var/mobile/Library/OpenVpn/conf.ovpn &

7. adam Says:
   February 10th, 2010 at 2:46 am

   Thanks for the su hint, I am going to try it out right now. I don’t see a difference between those two lines.

8. adam Says:
   February 10th, 2010 at 2:58 am

   Well I tried it with the su root before using the commands and I believe I received a ip from my pfsense VPN as I see the ip range and an address that my laptop somewhat uses, 10.0.1.6 10.0.1.5 mtu 1500 netmask 255.255.255.255 up, but the next two lines do not give me faith.

   script failed: could not execute external program
   exiting

9. adam Says:
   February 11th, 2010 at 12:32 pm

   I been trying a whole bunch of stuff but I can’t seem to get openvpn working, it always craps out with scripted failed: could not execute external program

   Does anyone have any insight?

10. Chandra Says:
    February 12th, 2010 at 12:41 am

    Adam & Extenue: Sorry for disappearing. I didn’t get email notification when new comments were added. Hopefully I can help you guys.

    Adam: Did you set the update-resolv-conf to have execute permission? Specifically you need to do :

    $ cd /var/mobile/Library/OpenVpn
    $ chmod +x update-resolv-conf

    Try to run the script and see if it at least runs. It wont do the right thing because it needs the parameters of your connection. So after you do this try to run the following command in one line:

    /usr/bin/openvpn-iphone –script-security 2 –config /var/mobile/Library/OpenVpn/conf.ovpn

11. extenue Says:
    February 12th, 2010 at 1:57 am

    sorry for the typo mistake

    it’s not
    /usr/bin/openvpn-iphone –script-security 2 –config /var/mobile/Library/OpenVpn/conf.ovpn &

    but

    /usr/bin/openvpn-iphone –script-security 2 –config /var/mobile/Library/OpenVpn/conf.ovpn &

12. extenue Says:
    February 12th, 2010 at 1:59 am

    ok i have understood , wordpress remove the double - before script and before config

    i retry with “”

    it’s not
    /usr/bin/openvpn-iphone –script-security 2 –config /var/mobile/Library/OpenVpn/conf.ovpn &

    but

    “/usr/bin/openvpn-iphone –-script-security 2 -–config /var/mobile/Library/OpenVpn/conf.ovpn &”

13. adam Says:
    February 12th, 2010 at 1:49 pm

    when I do the these 2 commands I have to put a .sh after update-resolv-conf or else it gives me a error saying no file or directory.

    (ex.)
    $ cd /var/mobile/Library/OpenVpn
    $ chmod +x update-resolv-conf.sh

    Next I tried running,

    $ ./update-resolve-conf.sh

    and was greeted with this message,

    ./update-resolve-conf.sh: $dev not defined, exiting

    I tried to run,

    /usr/bin/openvpn-iphone –-script-security 2 -–config /var/mobile/Library/OpenVpn/conf.ovpn &

    It finally crapped out @

    Thu Feb 11 03:52:29 2010 OPTIONS IMPORT: timers and/or timeouts modified
    Thu Feb 11 03:52:29 2010 OPTIONS IMPORT: –ifconfig/up options modified
    Thu Feb 11 03:52:29 2010 OPTIONS IMPORT: route options modified
    Thu Feb 11 03:52:29 2010 OPTIONS IMPORT: –ip-win32 and/or –dhcp-option options modified
    Thu Feb 11 03:52:29 2010 ROUTE default_gateway=10.10.5.1
    Thu Feb 11 03:52:29 2010 TUN/TAP device tunemu:/ppp0 opened
    Thu Feb 11 03:52:29 2010 /sbin/ifconfig ppp0 delete
    ifconfig: ioctl (SIOCDIFADDR): Can’t assign requested address
    Thu Feb 11 03:52:29 2010 NOTE: Tried to delete pre-existing tun/tap instance — No Problem if failure
    Thu Feb 11 03:52:29 2010 /sbin/ifconfig ppp0 192.168.200.10 192.168.200.9 mtu 15 00 netmask 255.255.255.255 up
    Thu Feb 11 03:52:29 2010 /var/mobile/Library/OpenVpn/update-resolv-conf ppp0 150 0 1544 192.168.200.10 192.168.200.9 init
    Thu Feb 11 03:52:29 2010 script failed: could not execute external program
    Thu Feb 11 03:52:29 2010 Exiting

    Thanks for the responses guys! I really am trying to get this workings.

14. Chandra Says:
    February 12th, 2010 at 2:05 pm

    Adam: Two things. If you changed it to update-resolve-conf.sh then you need to change your config.ovpn file to add .sh to those up and down lines in the configuration.

    Also, it seems like you are not running this as root. Please run these command as root. Do a su and enter your password to become root.

15. adam Says:
    February 12th, 2010 at 3:17 pm

    Ok I changed the conf.ovpn and added the .sh part, When I downloaded the file with safari it already had the .sh extension on it, that’s my bad. I was able to connect and login to my openvpn server. Now I am working on trying to get the OpenVpn toggle too work.

16. adam Says:
    February 13th, 2010 at 11:29 am

    Hey i have been trying to get the OpenVpn toggle too work but it’s just not happening. I’ve tried running top and using the toggle but it doesn’t show up in the running process. One thing I’ve noticed and I don’t know if this is relevant but sometimes when I restart my iPhone, the OpenVpn toggle disappears from my SBSettings and I have to re-enable it. Any input is very much appreciated and thanks for all the help Chandra!

17. Chandra Says:
    February 13th, 2010 at 10:04 pm

    For the toggle to work you need to edit “/var/mobile/Library/SBSettings/Commands/com.offinf.openvpnup” file, did you follow the instructions to change that? As extenue mentioned the parameters need to have two dashes , I think wordpress swallowed one of them in my original blog post.

18. adam Says:
    February 14th, 2010 at 5:10 am

    Yah I’ve got the double dashes, I made sure of that. Like I said it wouldn’t have anything too do with the toggle disappearing from the sbsetting drop down when I restart would it?

19. Chandra Says:
    February 15th, 2010 at 12:30 am

    Adam: It might. I don’t have the disappearing toggle problem. Maybe you want to try reinstalling the sbsettings toggle? It is pretty awesome with sbsettings toggle. Getting into terminal to start openvpn would be a major PIA.

20. testman57 Says:
    February 15th, 2010 at 5:35 am

    Hello again,

    I do not understand why, but the toggle started working now (perhaps I restarted the device, can’t remember…). I had only one problem, it was not resolving the names I wanted on the DNS level, but I hard coded the 2 subdomains I wanted in update-resolv-conf and off it went, with correct access to my intranet… Now, shouldn’t such a vpn catch ALL dns requests, independant from the domain given by dhcp, which in my case was very limited (and prevents surfing and so on) ?

    In any case, many thanks for this updated scripts from a happy user

21. adam Says:
    February 15th, 2010 at 11:36 am

    I finally got the toggle too work, I played around with the script and overwrite the previous one and then re-added the toggle and restarted the device ( twice) and it eventually started too work. Thanks Chandra for the guide and all your help!

22. higaki Says:
    February 15th, 2010 at 3:39 pm

    do i have to type all the putty command again after i reboot my phone?

    any shortcut available?

23. Chandra Says:
    February 15th, 2010 at 9:17 pm

    testman57: coincidentally I had to do the same thing in my setup. This was due to the fact that my openvpn server was not sending back connection specific dns suffix using dhcp-option DOMAIN . It was only pushing the dhcp-option for DNS. So I had to hardwire the subdomains inside my network as well in update-resolv-conf script:

    d.add SupplementalMatchDomains * sub1.mydomain.com sub2.mydomain.com

    If you have control over the openvpn server configuration, this section will tell you how to push foriegn options to clients:

    http://openvpn.net/index.php/open-source/documentation/howto.html#examples

    Something like:

    push dhcp-option DOMAIN mydomain.com

24. Chandra Says:
    February 15th, 2010 at 9:19 pm

    higaki: Are you not using sbsettings toggle for openvpn?

25. steffen Says:
    February 19th, 2010 at 12:31 am

    When I finally found some time for following your writeup, it’s gone ;_; I’m out of luck today.

26. Chandra Says:
    February 19th, 2010 at 11:45 am

    Steffen: my apologies. The wordpress installation i use is filled with security bugs. I need to update. In the meantime, I have restored the content.

27. Patrick-82 Says:
    February 20th, 2010 at 7:05 am

    hello regards from Guatemala, i´m a geek,
    Thanks Chandra the script woks perfectly, i can acces from my iphone to my OpenVPN server, and to the orange zone behind the firewall.

    Cool!

28. vkoloyan Says:
    March 1st, 2010 at 1:49 am

    This seems to be the only walk through on the net to get the SBSettings toggle to work and the original post is missing. :’(

29. Chandra Says:
    March 1st, 2010 at 1:07 pm

    sorry wkoloyan: The content is restored again. I am having wordpress upgrade issues.

30. STJB3.1.2 Says:
    March 2nd, 2010 at 1:11 am

    aside from using terminal to determine the openvpn ip when connected, is there anything im missing within SBSettings available toggles that should tell me? i know the default sbsettings mode tells your wifi ip / Data (att) ip/ and available memory..but once connected via OpenVpn nothing seems to indicate that ip (ie if you’re actually connected or if the openvpn button has simply changed color)

    any hints?

31. vkoloyan Says:
    March 3rd, 2010 at 1:28 am

    Thanks for putting it back. I am confused about one thing though. Where do i get aquire my certificates ??? I am ableto get my config file from the web install page. Any help would be appreciated.

    -Vk

32. Chandra Says:
    March 3rd, 2010 at 8:44 pm

    Vk: look for ca, cert, key entries in your ovpn file. Whatever those entries point to is what you need.

    Stjb: don’t know of any other way. You could perhaps use safari and try to access an internal resource inside the VPN. But nothing in sbsettings shows the ip of the tun for example.

33. Brunopiras Says:
    March 7th, 2010 at 6:43 am

    Hi, Please help me for download example and how-to, I Dont see.

    Thank you

34. res0w Says:
    March 7th, 2010 at 4:56 pm

    hi,When I use
    “openvpn-iphone –script-security 2 –config conf.ovpn”
    there is error:
    “dyld: Library not loaded: /usr/lib/libpcap.A.dylib
    Referenced from: /usr/bin/openvpn-iphone
    Reason: image not found
    Trace/BPT trap”

    It means this OS doesn’t have “libpcap.A.dylib”?

    I don’t know how to fix it…Please help me,Thank you

35. vkoloyan Says:
    March 9th, 2010 at 11:21 pm

    ok it seems that in my case the ca, cert, key entries are within the config file. they don’t point anywhere.

    —–BEGIN CERTIFICATE—–
    cert info present in here
    —–END CERTIFICATE—–

    —–BEGIN CERTIFICATE—–
    cert info present in here
    —–END CERTIFICATE—–

    —–BEGIN RSA PRIVATE KEY—–
    key info present in here
    —–END RSA PRIVATE KEY—–

    so does that mean i only need to include the config file and nothing else?

    Thanks for the help

    -Vk

36. xavier Says:
    March 11th, 2010 at 2:48 pm

    I’ve tested it but I’ve seen that tunemu is still not working with TAP adapters, only TUN. Is it possible?

    thanks in advance.

37. Chandra Says:
    March 11th, 2010 at 11:25 pm

    vkoloyan: if it is inlined you don’t need anything else, just the .ovpn file.

    xavier: I haven’t the slightest clue. anyone else ?

38. silbert3 Says:
    March 18th, 2010 at 8:30 pm

    Hi,

    first of all thanks a lot for this page - helped me a lot to get OpenVPN working on my IPod touch. The only issue I still have is the problem that SBSettings toggle “OpenVPN” disappears at every reboot and, if re- enabled does not work. If I start manually, i.e. by typing “openvpn-iphone –script-security 2 –config conf.ovpn” everything works as expected.
    I did everything according to your howto, made sure to have two dashes , but still the toggle keeps disappearing and , if there has no effect whatsoever.
    Does anyone have a hint?

    Thanks a lot!

    Pat

39. silbert3 Says:
    March 18th, 2010 at 8:33 pm

    I forgot: I also reinstalled OpenVPN toggle via Cydia and did all your changes again afterwards - nothing changed in behaviour.

40. Lester Says:
    March 19th, 2010 at 12:12 am

    Hey This is great!! Awesome job, thank you.

    When I turn on the toggle, vpn connects and seems to do everything its supposed to. However, some applications give an error that the Internet is not connected. For example, safari works fine, when i go ipchicken.com, it gives the VPN’s endpoint address, but other applications seem to think that the internet is not connected.

    any ideas?

41. f0xn0lds Says:
    March 19th, 2010 at 7:30 pm

    No Connection, TLS times out…

    root# openvpn-iphone –script-security 2 –config conf.ovpn
    OpenVPN 2.1_rc19_jfx arm-apple-darwin9 [SSL] [LZO2] built on Sep 3 2009
    NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
    Control Channel Authentication: using ‘ta.key’ as a OpenVPN static key file
    Outgoing Control Channel Authentication: Using 160 bit message hash ‘SHA1′ for HMAC authentication
    Incoming Control Channel Authentication: Using 160 bit message hash ‘SHA1′ for HMAC authentication
    LZO compression initialized
    Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
    Data Channel MTU parms [ L:1542 D:1275 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Local Options hash (VER=V4): ‘504e774e’
    Expected Remote Options hash (VER=V4): ‘14168603′
    Socket Buffers: R=[41600->65536] S=[9216->65536]
    UDPv4 link local: [undef]
    UDPv4 link remote: 111.222.333.444:555
    TLS: Initial packet from 111.222.333.444:555, sid=5ad5ead0 1a78bfc4
    VERIFY OK: depth=1, /C=AU/ST=NSW/L=NS/O=XX/CN=OpenVPN-CA/emailAddress=mis@XX.com
    VERIFY OK: nsCertType=SERVER
    VERIFY OK: depth=0, /C=AU/ST=NSW/L=NS/O=XX/CN=server/emailAddress=mis@XX.com
    ~~~ DELAY HERE ~~~
    TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    TLS Error: TLS handshake failed
    TCP/UDP: Closing socket
    SIGUSR1[soft,tls-error] received, process restarting
    Restart pause, 2 second(s)
    root# ^C
    root#

    Note in my conf.ovpn:
    # Use the same setting as you are using on
    # the server.
    # On most systems, the VPN will not function
    # unless you partially or fully disable
    # the firewall for the TUN/TAP interface.
    ;dev tap
    ;dev tun
    dev tap

    Is tap supported?

42. redpenguin Says:
    March 24th, 2010 at 1:07 pm

    Everything seems to be working for me, and thank you so much for your DNS script, I had to write a script that manually put in DNSes for my VPN and ones for my school because they use internal ones and it all messed up.

    Anyway, my problem is, most apps enjoy the VPN with no problem.

    Though some apps like Softphone refuse to use the VPN and just say “no network” and I’ve tried everything.

    I have been using SSH forwarding which worked for a while, but it’s so tiring, and I would much rather use OpenVPN to just force everything though my server.

43. redpenguin Says:
    March 27th, 2010 at 11:42 am

    Well an update to my previous comment.

    It looks like the DNS script failed for me because I didn’t have it send a domain prefix.

    Still though, I can not seem to get Siphon to go over the OpenVPN.

    I know it’s nothing with the OpenVPN, because using a Nokia N810, I can use SIP over it.

    I even put the VPN IP in “Bound IP”.

44. petepango Says:
    April 1st, 2010 at 11:46 pm

    Chandra: any chance of a spin-off app to just set DNS (eg to openDNS) for all internet traffic?

45. quivalen Says:
    April 2nd, 2010 at 6:35 pm

    Thanks for tutorial.
    Unfortunatly i’ve the same problem as Lester.

    Appstore/Safari/Mail all work with openvpn.

    Other apps seems simply to detect no network activity (Lastfm) (webradio) or just hang downloading (pandora).

    Any advice?

46. BratacD Says:
    April 7th, 2010 at 3:22 am

    Hi Gentlemans, I have two problems:
    1. Tue Apr 6 23:24:40 2010 WARNING: file ‘client.key’ is group or others accessible
    2. Tue Apr 6 23:24:44 2010 Device type not supported by tunemu: tap

    gmartons-iPhone:/var/mobile/Library/OpenVpn root# openvpn-iphone –script-securi ty 2 –config conf.ovpn
    Tue Apr 6 23:24:40 2010 OpenVPN 2.1_rc19_jfx arm-apple-darwin9 [SSL] [LZO2] bui lt on Sep 3 2009
    Tue Apr 6 23:24:40 2010 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Tue Apr 6 23:24:40 2010 NOTE: the current –script-security setting may allow t his configuration to call user-defined scripts
    Tue Apr 6 23:24:40 2010 WARNING: file ‘client.key’ is group or others accessibl e
    Tue Apr 6 23:24:40 2010 LZO compression initialized
    Tue Apr 6 23:24:40 2010 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET: 0 EL:0 ]
    Tue Apr 6 23:24:40 2010 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET: 32 EL:0 AF:3/1 ]
    Tue Apr 6 23:24:40 2010 Local Options hash (VER=V4): ‘31fdf004′
    Tue Apr 6 23:24:40 2010 Expected Remote Options hash (VER=V4): ‘3e6d1056′
    Tue Apr 6 23:24:40 2010 Attempting to establish TCP connection with XX.XX.XX.XX:443 [nonblock]
    Tue Apr 6 23:24:41 2010 TCP connection established with XX.XX.XX.XX:443
    Tue Apr 6 23:24:41 2010 Socket Buffers: R=[131768->65536] S=[131768->65536]
    Tue Apr 6 23:24:41 2010 TCPv4_CLIENT link local: [undef]
    Tue Apr 6 23:24:41 2010 TCPv4_CLIENT link remote: XX.XX.XX.XX:443
    Tue Apr 6 23:24:42 2010 TLS: Initial packet from XX.XX.XX.XX:443, sid=438a0aa 6 f2fd5a5f
    Tue Apr 6 23:24:42 2010 VERIFY OK: depth=1, /C=AU/ST=Some-State/O=Internet_Widg its_Pty_Ltd/CN=CA
    Tue Apr 6 23:24:42 2010 VERIFY OK: depth=0, /C=HU/ST=Hungary/L=Budapest/O=xxx/OU=Secure_VPN/CN=server/emailAddress=root@xxx.hu/serialNumber=1
    Tue Apr 6 23:24:43 2010 Data Channel Encrypt: Cipher ‘BF-CBC’ initialized with 128 bit key
    Tue Apr 6 23:24:43 2010 Data Channel Encrypt: Using 160 bit message hash ‘SHA1′ for HMAC authentication
    Tue Apr 6 23:24:43 2010 Data Channel Decrypt: Cipher ‘BF-CBC’ initialized with 128 bit key
    Tue Apr 6 23:24:43 2010 Data Channel Decrypt: Using 160 bit message hash ‘SHA1′ for HMAC authentication
    Tue Apr 6 23:24:43 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES2 56-SHA, 1024 bit RSA
    Tue Apr 6 23:24:43 2010 [server] Peer Connection Initiated with XX.XX.XX.XX:443
    Tue Apr 6 23:24:44 2010 SENT CONTROL [server]: ‘PUSH_REQUEST’ (status=1)
    Tue Apr 6 23:24:44 2010 PUSH: Received control message: ‘PUSH_REPLY,route-gatew ay 10.13.0.1,ifconfig 10.13.0.6 255.255.0.0′
    Tue Apr 6 23:24:44 2010 OPTIONS IMPORT: –ifconfig/up options modified
    Tue Apr 6 23:24:44 2010 OPTIONS IMPORT: route-related options modified
    Tue Apr 6 23:24:44 2010 Device type not supported by tunemu: tap
    Tue Apr 6 23:24:44 2010 Exiting

47. quivalen Says:
    April 7th, 2010 at 5:07 am

    Double check your configuration BratacD.
    First error is not a real problem, just a warning that other user could read your openvpn key files.

    Second one: use “dev tun” and not “dev tap”.
    Follow the example config that chandra provided

48. BratacD Says:
    April 7th, 2010 at 12:56 pm

    The Openvpn server is running dev tap becouse
    fix ip doesnt work under winxp.

    I changed settings tun–>tap now its working fix ip.

    I dont use iphone+openvpn, if I dont go back tun and regenerate all cert in my company?

49. plepps Says:
    April 7th, 2010 at 9:55 pm

    it is possible, to route the whole traffic over the openvpn connection?

    after the tunnel is up - my routing table looks like follow:

    Destination Gateway Flags Refs Use Netif Expire
    default 192.168.111.1 UGSc 6 0 en0
    default 10.8.0.5 UGSc 0 0 ppp0
    10.8.0.1/32 10.8.0.5 UGSc 0 0 ppp0
    10.8.0.5 10.8.0.6 UH 2 0 ppp0
    83.xx.xx.xx/32 192.168.111.1 UGSc 0 0 en0
    127 localhost UCS 0 0 lo0
    localhost localhost UH 0 0 lo0
    169.254 link#2 UCS 0 0 en0
    192.168.111 link#2 UCS 1 0 en0
    192.168.111.1 0:9:5b:c8:89:73 UHLW 9 42 en0 1177
    192.168.111.119 localhost UHS 0 0 lo0

    in my server config I use:
    push “redirect-gateway”

    the client.conf has:
    redirect-gateway
    active.

    Wed Apr 7 17:53:23 2010 PUSH: Received control message: ‘PUSH_REPLY,redirect-gateway,dhcp-option DNS 81.xx.xx.xx,route 10.8.0.1,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5′
    Wed Apr 7 17:53:23 2010 OPTIONS IMPORT: timers and/or timeouts modified
    Wed Apr 7 17:53:23 2010 OPTIONS IMPORT: –ifconfig/up options modified
    Wed Apr 7 17:53:23 2010 OPTIONS IMPORT: route options modified
    Wed Apr 7 17:53:23 2010 OPTIONS IMPORT: –ip-win32 and/or –dhcp-option options modified
    Wed Apr 7 17:53:23 2010 ROUTE default_gateway=192.168.111.1
    Wed Apr 7 17:53:23 2010 TUN/TAP device tunemu:/ppp0 opened
    Wed Apr 7 17:53:23 2010 /sbin/ifconfig ppp0 delete
    Wed Apr 7 17:53:23 2010 NOTE: Tried to delete pre-existing tun/tap instance — No Problem if failure
    Wed Apr 7 17:53:23 2010 /sbin/ifconfig ppp0 10.8.0.6 10.8.0.5 mtu 1500 netmask 255.255.255.255 up
    Wed Apr 7 17:53:23 2010 /var/mobile/Library/OpenVpn/update-resolv-conf ppp0 1500 1542 10.8.0.6 10.8.0.5 init
    dns [81.xx.xx.xx] [] []
    About to set DNS and Domain
    Wed Apr 7 17:53:23 2010 /sbin/route add -net 83.xx.xx.xx 192.168.111.1 255.255.255.255
    add net 83.xx.xx.xx: gateway 192.168.111.1
    Wed Apr 7 17:53:23 2010 /sbin/route add -net 10.8.0.1 10.8.0.5 255.255.255.255
    add net 10.8.0.1: gateway 10.8.0.5
    Wed Apr 7 17:53:23 2010 Initialization Sequence Completed

    if I delete the first (old) default route manualy - I didnt see any packets on the servers interface.

50. Tony Says:
    April 22nd, 2010 at 1:04 am

    Can somebody tell me how to run top to see if the toggle spawns the openvpn-ip process? Great post! Thanks.

    Tony

51. moderndrummer Says:
    May 1st, 2010 at 7:05 pm

    UNBELIEVABLE! IT WORKS!! 1000 THANKS to all you guys..

52. Problem z konfiguracją VPN na IP Says:
    May 7th, 2010 at 7:55 pm

    […] 51 Jest wreszcie skuteczny i działający sposób na OpenVPN na iPhone: chandraonline.net iPhone 3GS 16GB black - 3.1.2 - blackra1n Cytuj   + Odpowiedz na ten temat « Poprzedni temat | Następny temat » […]

53. barlow Says:
    May 20th, 2010 at 5:16 am

    Quivalen and Lester:

    try and disable nobind from your conf.ovpn

    #nobind

54. Guizmo Says:
    May 24th, 2010 at 10:37 pm

    There is an easyier way to use OpenVPN on iPhone : www.guizmovpn.com

55. damiankitai Says:
    July 22nd, 2010 at 8:34 pm

    Amazing!
    I almost managed to get it working by my own.
    I use Terminal in OSX to ssh to the Ipod, and after all the procedures I get this:

    Thu Jul 22 17:44:40 2010 OpenVPN 2.1_rc19_jfx arm-apple-darwin9 [SSL] [LZO2] built on Sep 3 2009
    Thu Jul 22 17:44:40 2010 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
    Thu Jul 22 17:44:40 2010 LZO compression initialized
    Thu Jul 22 17:44:40 2010 TUN/TAP device tunemu:/ppp0 opened
    Thu Jul 22 17:44:40 2010 /var/mobile/Library/OpenVpn/update-resolv-conf ppp0 1500 1545 init
    dns [] [] []
    dom [] [] []
    About to set DNS and Domain
    add net 80.179.114.160: gateway 172.19.254.254
    Thu Jul 22 17:44:41 2010 UDPv4 link local (bound): [undef]:1194
    Thu Jul 22 17:44:41 2010 UDPv4 link remote: 80.179.114.160:1194

    Everything seems ok, except that I don’t actually connect to my network, I can’t connect to my local resources behind the nat, and the server has no clue someone is connected.

    How do I troubleshoot it? Installed “top” as you recommend but I don’t find it anywhere in the Ipod.

    If I keep the terminal window open and I open sbsettings in the Ipod, when I disconnect from the openvpn, I get:

    Thu Jul 22 17:45:04 2010 event_wait : Interrupted system call (code=4)
    delete net 80.179.114.160: gateway 172.19.254.254
    Thu Jul 22 17:45:04 2010 /var/mobile/Library/OpenVpn/update-resolv-conf ppp0 1500 1545 init
    Thu Jul 22 17:45:05 2010 SIGTERM[hard,] received, process exiting

    that means the sbsetting toggle is indeed working right?

    Or Maybe it’s a server related problem? I usually use TAP to connect to my VPN, but I saw there is no support for TAP in the IOS, so I configured a second VpnServer in the router with TUN settings. Both run simultaneously right now but both use the same static key (I was to lazy to create a new one)

    Maybe that’s the problem?

    Thanks. Amazing tutorial.

56. Guizmo Says:
    August 6th, 2010 at 4:43 am

    Hi,
    If it doesn’t go further than “Thu Jul 22 17:44:41 2010 UDPv4 link remote: 80.179.114.160:1194″, that mean you have a problem with your server or your firewall.
    Another strange thing, the execution of your “update-resolv-conf” should only happen when the tunnel is active, in your case it happen before. Try to remove it.

    Guizmo

57. seen_xu Says:
    August 13th, 2010 at 3:19 am

    thx for the detailed instruction, it’s really helpful, and I had tried it on my new iPad(3.2.1), the openvpn connection always ends up with the following error.

    Thu Aug 12 23:23:40 2010 TUN/TAP device tunemu:/ppp0 opened
    Thu Aug 12 23:23:40 2010 /sbin/ifconfig ppp0 delete
    Thu Aug 12 23:23:40 2010 NOTE: Tried to delete pre-existing tun/tap instance — No Problem if failure
    Thu Aug 12 23:23:40 2010 /sbin/ifconfig ppp0 192.168.5.22 192.168.5.21 mtu 1500 netmask 255.255.255.255 up
    Thu Aug 12 23:23:40 2010 Mac OS X ifconfig failed: could not execute external program
    Thu Aug 12 23:23:40 2010 Exiting

    I think the problem is not from my server or client config, because all these things work perfectly for my other computers, mac, linux and even windows. any other ideas?

58. Guizmo Says:
    August 13th, 2010 at 10:51 am

    A Cydia packet (network-cmds) seems to be missing.
    If you want to have an easy to install/configure/use solution, please look at www.guizmovpn.com

    Guizmo

59. Steve Says:
    August 17th, 2010 at 7:54 pm

    Hi Chandra

    I made the toogle working perfect on iOS 3.1.3. Now I also installed it on iOS 4.0.1 and it’s working like a charm.

    Only one thing I mentioned which appeared on 3.1.3 same as now on 4.0.1:
    After I used the toggle and reboot the phone, the toggle is deactivated.

    F.e. like this:
    > switch toggle on
    > browse the web
    > switch toggle off
    > reboot phone
    –> toggle is deactivated. I have to re-activate it first. Do you have any idea what’s the problem in here?

60. Dabi Says:
    August 19th, 2010 at 2:59 am

    I install iOS 4.0.1 and I had to install network-cmds to have ifconfig, one the vpn is up I can ssh in my vpn servers, but I cant use safary, (safary doesnt find the machine no dns resolution) and of course the machine is ok, because I can ssh via shell. Any ideas?

    Thanks

61. Chandra Says:
    August 23rd, 2010 at 10:16 pm

    Dabi: I have a similar problem in 4.0.1, I am unable to get DNS resolution working correctly. But I can connect to those servers using their IP address.

    Guizmo: I gave guizmovpn a shot as well, it has similar problems. I can’t get DNS resolution eventhough I see dhcp-option being received and the DNS being set. I am running out of the trial license , so I am not sure if I can troubleshoot more. Have you tested it in 4.0.1?

62. Guizmo Says:
    August 25th, 2010 at 7:32 pm

    Chandra : Can you send me your log (there is a button in the log page)

63. svengout Says:
    August 27th, 2010 at 3:42 pm

    get get the update-resolv-conf.sh file to work.

    dowloaded or copy past it from the ftp and than saved it as update-resolv-conf.sh

    am i doing something wrong=

    login as: root
    root@192.168.1.103’s password:
    iPhone-van-sven:~ root# cd /var/mobile/Library
    iPhone-van-sven:/var/mobile/Library root# chown -R mobile.mobile OpenVpn
    iPhone-van-sven:/var/mobile/Library root# cd OpenVpn
    iPhone-van-sven:/var/mobile/Library/OpenVpn root# chmod +x update-resolv-conf
    chmod: cannot access `update-resolv-conf’: No such file or directory
    iPhone-van-sven:/var/mobile/Library/OpenVpn root#

64. Kodaxy Says:
    August 29th, 2010 at 4:15 pm

    Hi!
    I have the same problem as Chandra and Diabi with DNS resolution.
    I tried to install bind on the iPhone and did some tests connected in VPN such as ping or nslookup, both didn’t work.
    Then I make my own /etc/resolv.conf with OpenDNS servers, disabled update-resolv-conf on iPhone and commented push “dhcp-option DNS on the server side.
    I’m now able to use nslookup correctly all domains in VPN but the ping didn’t work again…

    Marcs-iPhone:/var/mobile/Library/OpenVpn root# nslookup apple.com
    Server: 208.67.222.222
    Address: 208.67.222.222#53

    Non-authoritative answer:
    Name: apple.com
    Address: 17.251.200.70
    Name: apple.com
    Address: 17.112.152.57
    Name: apple.com
    Address: 17.149.160.49

    Marcs-iPhone:/var/mobile/Library/OpenVpn root# ping apple.com
    ping: unknown host

    It’s a stange problem, with nslookup I can communicate with OpenDNS servers et take infos but with ping or in Safari I can’t resolve names…

    I hope this test can help us to fix it.

Leave a Reply

You must be logged in to post a comment.