SSH through OpenVPN on iPhone

Question

I have problem with connecting to my SSH server through OpenVPN from my iPhone.

I can successfully connect from my PC so all settings are good. OpenVPN also works well ("connected") - I can see VPN icon in the top right corner.

The problem is with SSH - I cannot even ping to the local address. When I tried to trace 10.0.1.1 (server IP on VPN) it goes through some to me now known IP addresses and then just times out. It looks like to me that applications are ignoring the VPN and they are trying to reach the address 10.0.1.1 through "normal" network.

Application which I'm using: OpenVPN, Scany (ping & trace) and iSSH.

Does someone have similiar problem? Do you have any idea what I can try to do to make it work?Thank you for your time.

EDIT - here is the log generated by OpenVPN on iPhone:

2013-05-03 15:59:33 ----- OpenVPN Start -----
2013-05-03 15:59:33 LZO-ASYM init swap=0 asym=0
2013-05-03 15:59:33 EVENT: RESOLVE
2013-05-03 15:59:33 EVENT: WAIT
2013-05-03 15:59:33 Connecting to artworksmedia.cz:1194
(37.157.197.197) via TCPv4
2013-05-03 15:59:33 EVENT: CONNECTING
2013-05-03 15:59:33 Tunnel Options:V4,dev-type tun,link-mtu
1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher
BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client
2013-05-03 15:59:33 Peer Info:
IV_VER=1.0
IV_PLAT=ios
IV_NCP=1
IV_LZO=1

2013-05-03 15:59:34 VERIFY OK: depth=0
cert. version : 3
serial number : 01
issuer name  : C=CZ, ST=Czech Republic, L=Varnsdorf, O=Artworks Media,
CN=Artworks Media, 0x29=Artworks Media,
emailAddress=podpora@artworksmedia.cz
subject name  : C=CZ, ST=Czech republic, L=Varnsdorf, O=Artworks
Media, CN=Artworks Media, 0x29=Artworks Media,
emailAddress=podpora@artworksmedia.cz
issued  on    : 2012-09-16 10:02:24
expires on    : 2022-09-14 10:02:24
signed using  : RSA+SHA1
RSA key size  : 1024 bits

2013-05-03 15:59:34 VERIFY OK: depth=1
cert. version : 3
serial number : D5:00:96:A7:C3:3A:79:3D
issuer name  : C=CZ, ST=Czech Republic, L=Varnsdorf, O=Artworks Media,
CN=Artworks Media, 0x29=Artworks Media,
emailAddress=podpora@artworksmedia.cz
subject name  : C=CZ, ST=Czech Republic, L=Varnsdorf, O=Artworks
Media, CN=Artworks Media, 0x29=Artworks Media,
emailAddress=podpora@artworksmedia.cz
issued  on    : 2012-09-16 10:00:40
expires on    : 2022-09-14 10:00:40
signed using  : RSA+SHA1
RSA key size  : 1024 bits

2013-05-03 15:59:34 SSL Handshake: TLSv1.0/SSL-EDH-RSA-AES-256-SHA
2013-05-03 15:59:34 Session is ACTIVE
2013-05-03 15:59:35 EVENT: GET_CONFIG
2013-05-03 15:59:35 Sending PUSH_REQUEST to server...
2013-05-03 15:59:35 OPTIONS:
0 [ping] [10]
1 [ping-restart] [120]
2 [ifconfig] [10.0.1.2] [10.0.1.1]

2013-05-03 15:59:35 LZO-ASYM init swap=0 asym=0
2013-05-03 15:59:35 EVENT: ASSIGN_IP
2013-05-03 15:59:35 Connected via tun
2013-05-03 15:59:35 EVENT: CONNECTED @artworksmedia.cz:1194
(37.157.197.197) via /TCPv4 on tun/10.0.1.2/

I am not familiar with the iPhone so I can not tell you how to do that but you should have a look at its routing table (`ip route` under Linux). What do you mean by "I cannot even ping to the local address"? Do you try to ping the local VPN endpoint on the iPhone? — Hauke Laging, May 01 '13 at 23:11
I don't know how to look at the routing table on iPhone. And by the sentence you quoted I meant that I was't able to ping neither 10.0.1.1 (server) nor 10.0.1.2 (localhost). This is what makes me think that iPhone just ignores the VPN network ... — grongor, May 01 '13 at 23:39
From your iPhone, after connecting to OpenVPN, can you browse the web? — John Siu, May 02 '13 at 15:24
Try following steps: (1) Turn off wifi on iPhone (2) Connect OpenVPN (3) Goto https://whatismyip.com <-- Please confirm this show your vpn gateway WAN ip. — John Siu, May 02 '13 at 17:14
Additional question: Are you using wifi when you test openvpn? — John Siu, May 02 '13 at 17:15
OPENVPN assigned IP is different from carrier IP ? And openvpn is running on iphone ? and if openvpn shows "connected", that`s doesn't mean that openvpn config is OK. Maybe openvpn does not have permissions to modify routing table. Check logs. — Guntis, May 03 '13 at 09:36
Until now I wasn't connected to Wifi at all - it was turned off. I was connected to internet through 3G network of my mobile carrier. I tried to connect using WiFi through Conectify and the results are still the same - all the time same behavior. iPhone acts like the addresses 10.0.1.1 and .2 doesn't exists at all. Am I doing it the right way? Should I enter the address 10.0.1.1 as the address which I want to connect to, right? (just like I do it on my PC) — grongor, May 03 '13 at 13:59
@John Siu sorry I missed your comment. IP address stays same regardless OpenVPN — grongor, May 03 '13 at 17:09
@GRoNGoR If ip address stay the same, your traffic is not routing through VPN at all. That explain why you cannot ping vpn server 10.0.1.x ip. I will go though the log. — John Siu, May 03 '13 at 19:59
@GRoNGoR (1) On the iPhone, after VPN connected, in the connection details, is the server name and ip correct? (2) Check your cert file, open with vi, and see if it contain `CR` (MS-DOS format) at the end of each line. If so, remove them. — John Siu, May 03 '13 at 20:09
No, line eindings are in UNIX format. And yes, in connection details is the right server name and its coresponding IP address. — grongor, May 03 '13 at 22:13

score 0 · Accepted Answer · answered Jun 18 '13 at 21:40

So I came up with a solution. Nah, it can't be called solution ... I just forgot about it and some days ago I reinstalled the iPhone. Today the VPN just got on my mind again so I tried it and voila - it works perfectly without any problems.

I did clean install (no backup restore) and I installed all applications I had before reinstall except all of the games.

I hope that this will help someone else. If someone told me to do that before I would have saved so much time ...

SSH through OpenVPN on iPhone

1 Answers1