OpenVPN or OpenVPN for Android not actually connecting (but says it is)

[SgtFlippy]

Not sure if I came to the right place, tried support through the Android Playstore, but got redirected to places I couldn't get logged in.
I'm fine with following tutorials, but I'm not a programmer.

I have a TP-Link ER605, running on software controller and it's hosting my OpenVPN. Has worked perfectly for months.
Since the last update of OpenVPN app, it would tell me it's connected and running, but in reality I didn't have any access to my home network. My wife did and after her phone updated the app, she couldn't reach anything either.

A solution was to start using OpenVPN for Android app, worked perfectly again. No settings changed.
Now we're a few weeks later again and now this stopped working as well. The app says it's connected, but Omada Insights reports no running VPN connections, even though the VPN is enabled in the settings.

Any help please?

[schwabe]

Please provide at least a log of both server and client.

[AndreCox]

I have been having the same problem, from what I think this has something to do with openssl. Basically TP-Link is using some super insecure m5 algo for there encryption. I think TP-Link needs to update the firmware on the ER-605 but that's not going to happen because it's EOL right now for the V1. Quite annoyed because I bought the router in late 2021 so only managed to get 2.5 years of use out of it

[schwabe]

@AndreCox please also provide logs. OpenVPN can still be configured to be compatible with really really old peers but it does not like that nowadays.

[AndreCox]

Logs are provided below.

Mar 04 17:47:18 xps-9720 NetworkManager[1989]: <info>  [1709603238.6426] vpn[0x5598303798a0,e24c92b7-fd2a-4c15-bf05-10a9cae46a1f,"VPN_Default_2024-03-04-17-46"]: starting openvpn
Mar 04 17:47:18 xps-9720 nm-openvpn[23867]: OpenVPN 2.6.9 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
Mar 04 17:47:18 xps-9720 nm-openvpn[23867]: library versions: OpenSSL 3.1.1 30 May 2023, LZO 2.10
Mar 04 17:47:18 xps-9720 nm-openvpn[23867]: DCO version: N/A
Mar 04 17:47:18 xps-9720 nm-openvpn[23867]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mar 04 17:47:18 xps-9720 nm-openvpn[23867]: OpenSSL: error:0A00018F:SSL routines::ee key too small:
Mar 04 17:47:18 xps-9720 nm-openvpn[23867]: Cannot load certificate file /home/andre/.cert/nm-openvpn/VPN_Default_2024-03-04-17-46-cert.pem
Mar 04 17:47:18 xps-9720 nm-openvpn[23867]: Exiting due to fatal error
Mar 04 17:47:18 xps-9720 NetworkManager[1989]: <warn>  [1709603238.6855] vpn[0x5598303798a0,e24c92b7-fd2a-4c15-bf05-10a9cae46a1f,"VPN_Default_2024-03-04-17-46"]: dbus: failure: connect-failed (1)
Mar 04 17:47:18 xps-9720 NetworkManager[1989]: <warn>  [1709603238.6855] vpn[0x5598303798a0,e24c92b7-fd2a-4c15-bf05-10a9cae46a1f,"VPN_Default_2024-03-04-17-46"]: dbus: failure: connect-failed (1)

[schwabe]

@AndreCox that is actually the OpenSSL library that does like your key anymore. The https://github.com/OpenVPN/openvpn/blob/master/Changes.rst#common-errors-with-openssl-30-and-openvpn-26 file even has an FAQ entry for that. Search for ee key too small.

[nschlia]

I have a TP-Link ER605, running on software controller and it's hosting my OpenVPN. Has worked perfectly for months. Since the last update of OpenVPN app, it would tell me it's connected and running, but in reality I didn't have any access to my home network. My wife did and after her phone updated the app, she couldn't reach anything either.

Same problem: OpenVPN 3.4.1 would connect fine, but no traffic. Not able to connect to intra- or internet sites. No ping from the server to the phone IP.

Solution was to downgrade to OpenVPN 3.3.4, with that version everything is working fine.

Some change from 3.3.4 to 3.4.x broke that functionality.

[schwabe]

@nschlia that is off topic here. Please contact the OpenVPN Connect team under support.openvpn.net

[SgtFlippy]

@schwabe It's exactly what this is about. But I've learned you get sent in circles, if you explain the problem to that mail you get directed here.

I switched to OpenVPN for Android and haven't had a problem since. My issue is fixed, but not thanks to here. Asking for logs, what logs? The one that says connected and the other that says nothing happened?

[schwabe]

@SgtFlippy yeah but OpenVPN Connect is a product unrelated to this project. If this project or app using this project are not affected, then you are barking against the wrong team. It is very unfortunate that the OpenVPN Connect team does not want to participate in Github issues/discussion, so the only thing we cna do is to send you to their support.

[SgtFlippy]

@schwabe I've used their e-mail and the one linked to the actual app on Playstore and they both directed me here, because it's not theirs to support.

[schwabe]

@SgtFlippy could you give me the ticket numbers? I will follow that up with that team then.

[SgtFlippy]

@schwabe It was through my Gmail, apparently that deletes deleted items every 30 days.