Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DNS_PROBE_FINISHED_BAD_CONFIG #5

Closed
335iguy opened this issue Dec 30, 2018 · 3 comments
Closed

DNS_PROBE_FINISHED_BAD_CONFIG #5

335iguy opened this issue Dec 30, 2018 · 3 comments
Assignees
@rajannpatel
Labels
invalid This doesn't seem right question Further information is requested

Comments

@335iguy
Copy link

335iguy commented Dec 30, 2018
edited
Loading

Phone: Pixel 3 on beta-enabled Android 9
App: OpenVPN 0.7.5

Does not work with Wi-Fi or Verizon LTE

Went through and checked all settings. However, during check, I forgot to add the firewall rule in VPC Networks. I've since rebooted the instance via SSH, checked the service to see if it's enabled, and I'm not receiving any errors in the log.

log:
2018-12-30 09:41:25 official build 0.7.5 running on google Pixel 3 (blueline), Android 9 (PQ1A.181205.006) API 28, ABI arm64-v8a, (REDACTED)
2018-12-30 09:41:25 Building configuration…
2018-12-30 09:41:25 New OpenVPN Status (VPN_GENERATE_CONFIG->LEVEL_START):
2018-12-30 09:41:25 New OpenVPN Status (VPN_GENERATE_CONFIG->LEVEL_START):
2018-12-30 09:41:25 Network Status: CONNECTED to WIFI
2018-12-30 09:41:25 Debug state info: CONNECTED to WIFI , pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2018-12-30 09:41:25 OpenVPN core 3.git:master(983b0f28) android arm64 64-bit built on May 3 2018 08:32:37
2018-12-30 09:41:25 Copyright (C) 2012-2017 OpenVPN Inc. All rights reserved.
2018-12-30 09:41:25 Frame=512/2048/512 mssfix-ctrl=1250
2018-12-30 09:41:25 UNUSED OPTIONS
0 [machine-readable-output]
1 [allow-recursive-routing]
2 [ifconfig-nowarn]
4 [verb] [4]
5 [connect-retry] [2] [300]
6 [resolv-retry] [60]
16 [nobind]
17 [verify-x509-name] [server_[REDACTED]] [name]
21 [persist-tun]
22 [preresolve]
23 [resolv-retry] [infinite]
2018-12-30 09:41:25 New OpenVPN Status (RESOLVE->LEVEL_CONNECTING_NO_SERVER_REPLY_YET):
2018-12-30 09:41:25 New OpenVPN Status (RESOLVE->LEVEL_CONNECTING_NO_SERVER_REPLY_YET):
2018-12-30 09:41:25 Debug state info: CONNECTED to WIFI , pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2018-12-30 09:41:25 Contacting [REDACTED]:1194 via UDP
2018-12-30 09:41:25 New OpenVPN Status (WAIT->LEVEL_CONNECTING_NO_SERVER_REPLY_YET):
2018-12-30 09:41:25 New OpenVPN Status (WAIT->LEVEL_CONNECTING_NO_SERVER_REPLY_YET):
2018-12-30 09:41:25 Connecting to [REDACTED]:1194 (REDACTED) via UDPv4
2018-12-30 09:41:25 New OpenVPN Status (CONNECTING->LEVEL_CONNECTING_NO_SERVER_REPLY_YET):
2018-12-30 09:41:25 New OpenVPN Status (CONNECTING->LEVEL_CONNECTING_NO_SERVER_REPLY_YET):
2018-12-30 09:41:25 Tunnel Options:V4,dev-type tun,link-mtu 1521,tun-mtu 1500,proto UDPv4,cipher AES-128-GCM,auth SHA256,keysize 128,key-method 2,tls-client
2018-12-30 09:41:25 Creds: UsernameEmpty/PasswordEmpty
2018-12-30 09:41:25 Peer Info:
IV_GUI_VER=de.blinkt.openvpn 0.7.5
IV_VER=3.git:master
IV_PLAT=android
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_AUTO_SESS=1
2018-12-30 09:41:25 VERIFY OK : depth=1
cert. version : 3
serial number : [REDACTED]
issuer name : CN=ChangeMe
subject name : CN=ChangeMe
issued on : 2018-12-30 13:44:02
expires on : 2028-12-27 13:44:02
signed using : ECDSA with SHA256
EC key size : 256 bits
basic constraints : CA=true
key usage : Key Cert Sign, CRL Sign
2018-12-30 09:41:25 VERIFY OK : depth=0
cert. version : 3
serial number : [REDACTED]
issuer name : CN=ChangeMe
subject name : CN=server_[REDACTED]
issued on : 2018-12-30 13:44:02
expires on : 2028-12-27 13:44:02
signed using : ECDSA with SHA256
EC key size : 256 bits
basic constraints : CA=false
subject alt name : server_[REDACTED]
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication
2018-12-30 09:41:26 SSL Handshake: TLSv1.2/TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
2018-12-30 09:41:26 Session is ACTIVE
2018-12-30 09:41:26 New OpenVPN Status (GET_CONFIG->LEVEL_CONNECTING_SERVER_REPLIED):
2018-12-30 09:41:26 New OpenVPN Status (GET_CONFIG->LEVEL_CONNECTING_SERVER_REPLIED):
2018-12-30 09:41:26 Sending PUSH_REQUEST to server...
2018-12-30 09:41:26 OPTIONS:
0 [route] [10.0.0.8] [255.0.0.0] [net_gateway]
1 [route] [172.16.0.0] [255.240.0.0] [net_gateway]
2 [route] [192.168.0.0] [255.255.0.0] [net_gateway]
3 [dhcp-option] [DNS] [10.8.0.1]
4 [block-outside-dns]
5 [compress] [lz4-v2]
6 [route-gateway] [10.8.0.1]
7 [topology] [subnet]
8 [ping] [10]
9 [ping-restart] [60]
10 [ifconfig] [10.8.0.2] [255.255.255.0]
11 [peer-id] [0]
12 [cipher] [AES-256-GCM]
2018-12-30 09:41:26 PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: SHA256
compress: LZ4v2
peer ID: 0
2018-12-30 09:41:26 New OpenVPN Status (ASSIGN_IP->LEVEL_CONNECTING_SERVER_REPLIED):
2018-12-30 09:41:26 New OpenVPN Status (ASSIGN_IP->LEVEL_CONNECTING_SERVER_REPLIED):
2018-12-30 09:41:26 exception parsing IPv4 route: [route] [10.0.0.8] [255.0.0.0] [net_gateway] : tun_prop_error: route is not canonical
2018-12-30 09:41:26 We should call this session[REDACTED]
2018-12-30 09:41:26 Opening tun interface:
2018-12-30 09:41:26 Local IPv4: 10.8.0.2/24 IPv6: null MTU: 1500
2018-12-30 09:41:26 DNS Server: 10.8.0.1, Domain: null
2018-12-30 09:41:26 Routes:
2018-12-30 09:41:26 Routes excluded: 172.16.0.0/12, 192.168.0.0/16
2018-12-30 09:41:26 VpnService routes installed:
2018-12-30 09:41:26 Disallowed VPN apps: com.android.providers.telephony, com.google.android.apps.docs, com.android.vending, com.google.android.apps.tachyon, com.google.android.dialer, com.android.phone
2018-12-30 09:41:26 TunPersist: saving tun context:
Session Name: [REDACTED]
Layer: OSI_LAYER_3
Remote Address: [REDACTED]
Tunnel Addresses:
10.8.0.2/24 -> 10.8.0.1
Reroute Gateway: IPv4=0 IPv6=0 flags=[ IPv4 ]
Block IPv6: no
Add Routes:
Exclude Routes:
172.16.0.0/12
192.168.0.0/16
DNS Servers:
10.8.0.1
Search Domains:
2018-12-30 09:41:26 Connected via tun
2018-12-30 09:41:26 LZ4v2 init asym=0
2018-12-30 09:41:26 New OpenVPN Status (CONNECTED->LEVEL_CONNECTED): [REDACTED]:1194 ([REDACTED]) via /UDPv4 on tun/10.8.0.2/ gw=[10.8.0.1/]
2018-12-30 09:41:26 New OpenVPN Status (CONNECTED->LEVEL_CONNECTED): [REDACTED]:1194 ([REDACTED]) via /UDPv4 on tun/10.8.0.2/ gw=[10.8.0.1/]
2018-12-30 09:41:26 Debug state info: CONNECTED to WIFI , pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2018-12-30 09:41:31 Network Status: not connected
2018-12-30 09:41:31 Debug state info: not connected, pause: userPause, shouldbeconnected: false, network: PENDINGDISCONNECT
2018-12-30 09:41:31 UDP send exception: send: Invalid argument
2018-12-30 09:41:31 UDP send exception: send: Invalid argument
2018-12-30 09:41:32 UDP send exception: send: Invalid argument
2018-12-30 09:41:32 UDP send exception: send: Invalid argument
2018-12-30 09:41:32 UDP send exception: send: Invalid argument
2018-12-30 09:41:34 Network Status: CONNECTED LTE to MOBILE VZWINTERNET
2018-12-30 09:41:34 Debug state info: CONNECTED LTE to MOBILE VZWINTERNET, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2018-12-30 09:41:34 Client terminated, reconnecting in 1...
2018-12-30 09:41:34 UDP send exception: send: Invalid argument
2018-12-30 09:41:34 UDP send exception: send: Invalid argument
2018-12-30 09:41:35 UDP send exception: send: Invalid argument
2018-12-30 09:41:35 New OpenVPN Status (RECONNECTING->LEVEL_CONNECTING_NO_SERVER_REPLY_YET):
2018-12-30 09:41:35 New OpenVPN Status (RECONNECTING->LEVEL_CONNECTING_NO_SERVER_REPLY_YET):
2018-12-30 09:41:35 Contacting [REDACTED]:1194 via UDP
2018-12-30 09:41:35 New OpenVPN Status (WAIT->LEVEL_CONNECTING_NO_SERVER_REPLY_YET):
2018-12-30 09:41:35 New OpenVPN Status (WAIT->LEVEL_CONNECTING_NO_SERVER_REPLY_YET):
2018-12-30 09:41:35 Connecting to [[REDACTED]]:1194 ([REDACTED]) via UDPv4
2018-12-30 09:41:35 New OpenVPN Status (CONNECTING->LEVEL_CONNECTING_NO_SERVER_REPLY_YET):
2018-12-30 09:41:35 New OpenVPN Status (CONNECTING->LEVEL_CONNECTING_NO_SERVER_REPLY_YET):
2018-12-30 09:41:35 Tunnel Options:V4,dev-type tun,link-mtu 1521,tun-mtu 1500,proto UDPv4,cipher AES-128-GCM,auth SHA256,keysize 128,key-method 2,tls-client
2018-12-30 09:41:35 Creds: UsernameEmpty/PasswordEmpty
2018-12-30 09:41:35 Peer Info:
IV_GUI_VER=de.blinkt.openvpn 0.7.5
IV_VER=3.git:master
IV_PLAT=android
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_AUTO_SESS=1
2018-12-30 09:41:35 VERIFY OK : depth=1
cert. version : 3
serial number : B8:3D:BE:29:02:03:A9:E6
issuer name : CN=ChangeMe
subject name : CN=ChangeMe
issued on : 2018-12-30 13:44:02
expires on : 2028-12-27 13:44:02
signed using : ECDSA with SHA256
EC key size : 256 bits
basic constraints : CA=true
key usage : Key Cert Sign, CRL Sign
2018-12-30 09:41:35 VERIFY OK : depth=0
cert. version : 3
serial number : 08:5B:8C:5A:77:E2:F7:B9:CD:38:88:6E:22:39:EA:4C
issuer name : CN=ChangeMe
subject name : CN=server_[REDACTED]
issued on : 2018-12-30 13:44:02
expires on : 2028-12-27 13:44:02
signed using : ECDSA with SHA256
EC key size : 256 bits
basic constraints : CA=false
subject alt name : server_[REDACTED]
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication
2018-12-30 09:41:35 SSL Handshake: TLSv1.2/TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
2018-12-30 09:41:35 Session is ACTIVE
2018-12-30 09:41:35 New OpenVPN Status (GET_CONFIG->LEVEL_CONNECTING_SERVER_REPLIED):
2018-12-30 09:41:35 New OpenVPN Status (GET_CONFIG->LEVEL_CONNECTING_SERVER_REPLIED):
2018-12-30 09:41:35 Sending PUSH_REQUEST to server...
2018-12-30 09:41:35 OPTIONS:
0 [route] [10.0.0.8] [255.0.0.0] [net_gateway]
1 [route] [172.16.0.0] [255.240.0.0] [net_gateway]
2 [route] [192.168.0.0] [255.255.0.0] [net_gateway]
3 [dhcp-option] [DNS] [10.8.0.1]
4 [block-outside-dns]
5 [compress] [lz4-v2]
6 [route-gateway] [10.8.0.1]
7 [topology] [subnet]
8 [ping] [10]
9 [ping-restart] [60]
10 [ifconfig] [10.8.0.2] [255.255.255.0]
11 [peer-id] [1]
12 [cipher] [AES-256-GCM]
2018-12-30 09:41:35 PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: SHA256
compress: LZ4v2
peer ID: 1
2018-12-30 09:41:35 TunPersist: reused tun context
2018-12-30 09:41:35 Connected via tun
2018-12-30 09:41:35 LZ4v2 init asym=0
2018-12-30 09:41:35 New OpenVPN Status (CONNECTED->LEVEL_CONNECTED): [REDACTED]:1194 ([REDACTED]) via /UDPv4 on tun/10.8.0.2/ gw=[10.8.0.1/]
2018-12-30 09:41:35 New OpenVPN Status (CONNECTED->LEVEL_CONNECTED): [REDACTED]:1194 ([REDACTED]) via /UDPv4 on tun/10.8.0.2/ gw=[10.8.0.1/]
2018-12-30 09:43:38 New OpenVPN Status (DISCONNECTED->LEVEL_NOTCONNECTED):
2018-12-30 09:43:38 New OpenVPN Status (DISCONNECTED->LEVEL_NOTCONNECTED):
2018-12-30 09:43:38 OpenVPN3 thread finished
2018-12-30 09:46:10 official build 0.7.5 running on google Pixel 3 (blueline), Android 9 (PQ1A.181205.006) API 28, ABI arm64-v8a, ([REDACTED])
2018-12-30 09:46:10 Building configuration…
2018-12-30 09:46:10 New OpenVPN Status (VPN_GENERATE_CONFIG->LEVEL_START):
2018-12-30 09:46:10 New OpenVPN Status (VPN_GENERATE_CONFIG->LEVEL_START):
2018-12-30 09:46:10 Network Status: CONNECTED to WIFI
2018-12-30 09:46:10 Debug state info: CONNECTED to WIFI , pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2018-12-30 09:46:10 Debug state info: CONNECTED to WIFI , pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2018-12-30 09:46:10 OpenVPN core 3.git:master(983b0f28) android arm64 64-bit built on May 3 2018 08:32:37
2018-12-30 09:46:10 Copyright (C) 2012-2017 OpenVPN Inc. All rights reserved.
2018-12-30 09:46:10 Frame=512/2048/512 mssfix-ctrl=1250
2018-12-30 09:46:10 UNUSED OPTIONS
0 [machine-readable-output]
1 [allow-recursive-routing]
2 [ifconfig-nowarn]
4 [verb] [4]
5 [connect-retry] [2] [300]
6 [resolv-retry] [60]
16 [nobind]
17 [verify-x509-name] [server_[REDACTED]] [name]
21 [persist-tun]
22 [preresolve]
23 [resolv-retry] [infinite]
2018-12-30 09:46:10 New OpenVPN Status (RESOLVE->LEVEL_CONNECTING_NO_SERVER_REPLY_YET):
2018-12-30 09:46:10 New OpenVPN Status (RESOLVE->LEVEL_CONNECTING_NO_SERVER_REPLY_YET):
2018-12-30 09:46:10 Contacting [REDACTED]:1194 via UDP
2018-12-30 09:46:10 New OpenVPN Status (WAIT->LEVEL_CONNECTING_NO_SERVER_REPLY_YET):
2018-12-30 09:46:10 New OpenVPN Status (WAIT->LEVEL_CONNECTING_NO_SERVER_REPLY_YET):
2018-12-30 09:46:10 Connecting to [[REDACTED]]:1194 ([REDACTED]) via UDPv4
2018-12-30 09:46:10 New OpenVPN Status (CONNECTING->LEVEL_CONNECTING_NO_SERVER_REPLY_YET):
2018-12-30 09:46:10 New OpenVPN Status (CONNECTING->LEVEL_CONNECTING_NO_SERVER_REPLY_YET):
2018-12-30 09:46:10 Tunnel Options:V4,dev-type tun,link-mtu 1521,tun-mtu 1500,proto UDPv4,cipher AES-128-GCM,auth SHA256,keysize 128,key-method 2,tls-client
2018-12-30 09:46:10 Creds: UsernameEmpty/PasswordEmpty
2018-12-30 09:46:10 Peer Info:
IV_GUI_VER=de.blinkt.openvpn 0.7.5
IV_VER=3.git:master
IV_PLAT=android
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_AUTO_SESS=1
2018-12-30 09:46:10 VERIFY OK : depth=1
cert. version : 3
serial number : B8:3D:BE:29:02:03:A9:E6
issuer name : CN=ChangeMe
subject name : CN=ChangeMe
issued on : 2018-12-30 13:44:02
expires on : 2028-12-27 13:44:02
signed using : ECDSA with SHA256
EC key size : 256 bits
basic constraints : CA=true
key usage : Key Cert Sign, CRL Sign
2018-12-30 09:46:10 VERIFY OK : depth=0
cert. version : 3
serial number : 08:5B:8C:5A:77:E2:F7:B9:CD:38:88:6E:22:39:EA:4C
issuer name : CN=ChangeMe
subject name : CN=server_[REDACTED]
issued on : 2018-12-30 13:44:02
expires on : 2028-12-27 13:44:02
signed using : ECDSA with SHA256
EC key size : 256 bits
basic constraints : CA=false
subject alt name : server_[REDACTED]
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication
2018-12-30 09:46:10 SSL Handshake: TLSv1.2/TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
2018-12-30 09:46:10 Session is ACTIVE
2018-12-30 09:46:10 New OpenVPN Status (GET_CONFIG->LEVEL_CONNECTING_SERVER_REPLIED):
2018-12-30 09:46:10 New OpenVPN Status (GET_CONFIG->LEVEL_CONNECTING_SERVER_REPLIED):
2018-12-30 09:46:10 Sending PUSH_REQUEST to server...
2018-12-30 09:46:10 OPTIONS:
0 [route] [10.0.0.8] [255.0.0.0] [net_gateway]
1 [route] [172.16.0.0] [255.240.0.0] [net_gateway]
2 [route] [192.168.0.0] [255.255.0.0] [net_gateway]
3 [dhcp-option] [DNS] [10.8.0.1]
4 [block-outside-dns]
5 [compress] [lz4-v2]
6 [route-gateway] [10.8.0.1]
7 [topology] [subnet]
8 [ping] [10]
9 [ping-restart] [60]
10 [ifconfig] [10.8.0.2] [255.255.255.0]
11 [peer-id] [0]
12 [cipher] [AES-256-GCM]
2018-12-30 09:46:10 PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: SHA256
compress: LZ4v2
peer ID: 0
2018-12-30 09:46:10 New OpenVPN Status (ASSIGN_IP->LEVEL_CONNECTING_SERVER_REPLIED):
2018-12-30 09:46:10 New OpenVPN Status (ASSIGN_IP->LEVEL_CONNECTING_SERVER_REPLIED):
2018-12-30 09:46:10 exception parsing IPv4 route: [route] [10.0.0.8] [255.0.0.0] [net_gateway] : tun_prop_error: route is not canonical
2018-12-30 09:46:10 We should call this session[REDACTED]
2018-12-30 09:46:10 Opening tun interface:
2018-12-30 09:46:10 Local IPv4: 10.8.0.2/24 IPv6: null MTU: 1500
2018-12-30 09:46:10 DNS Server: 10.8.0.1, Domain: null
2018-12-30 09:46:10 Routes:
2018-12-30 09:46:10 Routes excluded: 172.16.0.0/12, 192.168.0.0/16
2018-12-30 09:46:10 VpnService routes installed:
2018-12-30 09:46:10 Disallowed VPN apps: com.android.providers.telephony, com.google.android.apps.docs, com.android.vending, com.google.android.apps.tachyon, com.google.android.dialer, com.android.phone
2018-12-30 09:46:10 TunPersist: saving tun context:
Session Name: [REDACTED]
Layer: OSI_LAYER_3
Remote Address: [REDACTED]
Tunnel Addresses:
10.8.0.2/24 -> 10.8.0.1
Reroute Gateway: IPv4=0 IPv6=0 flags=[ IPv4 ]
Block IPv6: no
Add Routes:
Exclude Routes:
172.16.0.0/12
192.168.0.0/16
DNS Servers:
10.8.0.1
Search Domains:
2018-12-30 09:46:10 Connected via tun
2018-12-30 09:46:10 LZ4v2 init asym=0
2018-12-30 09:46:10 New OpenVPN Status (CONNECTED->LEVEL_CONNECTED): [REDACTED]:1194 ([REDACTED]) via /UDPv4 on tun/10.8.0.2/ gw=[10.8.0.1/]
2018-12-30 09:46:10 New OpenVPN Status (CONNECTED->LEVEL_CONNECTED): [REDACTED]:1194 ([REDACTED]) via /UDPv4 on tun/10.8.0.2/ gw=[10.8.0.1/]
2018-12-30 09:46:11 Debug state info: CONNECTED to WIFI , pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
@rajannpatel
Copy link
Owner

Can you paste redacted versions of your server.conf and .ovpn client config here? We don't need to see IPs or keys, but other info is helpful.

@rajannpatel
Copy link
Owner

worth noting that there was a very large update to the documentation since you posted this issue, and i would be curious if you deleted your google cloud project and started fresh, if you would encounter the same issue again. i can try and help here, but i can't weigh in without seeing your /etc/openvpn/server.conf from the Virtual Machine, and the contents of the client profile (.ovpn file) that you used on your phone. You can replace keys and IPs and other information that you feel may be sensitive with the word "redacted" in your response.

@rajannpatel rajannpatel self-assigned this Dec 31, 2018
@rajannpatel rajannpatel added question Further information is requested invalid This doesn't seem right labels Jan 1, 2019
@rajannpatel
Copy link
Owner

This information is now stale, there have been considerable updates to the guide since this issue was opened. Happy to help if you wish to follow up.

@Fliu777 Fliu777 mentioned this issue Jun 22, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rajannpatel rajannpatel

Labels
invalid This doesn't seem right question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rajannpatel @335iguy