Usecase: DNS-only VPN tunneling to a home OpenVPN/Pi-Hole DNS server to block ads via DNS filtering over cellular data and to SSH home computers. DNS-only tunnel used to block ads with minimal impact on home internet bandwidth. PiVPN is used to manage ovpn profiles/credentials.
Currently the OpenVPN Connect iOS app can successfully handle this feature. OpenVPN server version 2.4.0; OpenSSL 1.0.2r, LZO 2.08.
Sidenote: As a control, full tunneling via Mullvad was used to verify that Passepartout works on my phone.
Issue: On Passepartout v1.6.0 (1779) and below, my home's LAN is accessible and my DNS server is properly logging my DNS requests, but websites do not resolve. Side note, for DNS-only tunneling to work, my OpenVPN server cannot use the “redirect-gateway” flag.
In all scenarios using Passepartout:
Default gateway: None
Domain: None
Proxy/Proxy (HTTPS): None
Successful password-protected OVPN profile (via OpenVPN Conect app) with certs, IP’s, and keys omitted:
client
dev tun
proto udp
remote 108.xxx.x.xxx 1194
<ca>
-----BEGIN CERTIFICATE-----
[cert goes here]
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
[cert goes here]
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
[key goes here]
-----END ENCRYPTED PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
[key goes here]
-----END OpenVPN Static key V1-----
</tls-crypt>
Successful connection log via OpenVPN iOS app (both home LAN access and DNS resolution):
2019-04-26 13:19:57 1
2019-04-26 13:19:57 ----- OpenVPN Start -----
OpenVPN core 3.2 ios arm64 64-bit PT_PROXY built on Oct 3 2018 06:35:04
2019-04-26 13:19:57 Frame=512/2048/512 mssfix-ctrl=1250
2019-04-26 13:19:57 EVENT: RESOLVE
2019-04-26 13:19:57 Contacting [108.203.8.184]:1194/UDP via UDP
2019-04-26 13:19:57 EVENT: WAIT
2019-04-26 13:19:57 Connecting to [108.xxx.x.xxx]:1194 (108.xxx.x.xxx) via UDPv4
2019-04-26 13:19:57 EVENT: CONNECTING
2019-04-26 13:19:57 Tunnel Options:V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client
2019-04-26 13:19:57 Creds: UsernameEmpty/PasswordEmpty
2019-04-26 13:19:57 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 3.0.2-894
IV_VER=3.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_IPv6=1
IV_AUTO_SESS=1
IV_BS64DL=1
2019-04-26 13:19:57 VERIFY OK : depth=1
cert. version : 3
serial number : 9F:xx:xx:xx:xx:xx:xx:xx
issuer name : CN=ChangeMe
subject name : CN=ChangeMe
issued on : 2018-10-24 21:00:42
expires on : 2028-10-21 21:00:42
signed using : ECDSA with SHA256
EC key size : 256 bits
basic constraints : CA=true
key usage : Key Cert Sign, CRL Sign
2019-04-26 13:19:57 VERIFY OK : depth=0
cert. version : 3
serial number : 6B:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
issuer name : CN=ChangeMe
subject name : CN=server_xxxxxxxxxx
issued on : 2018-10-24 21:00:42
expires on : 2028-10-21 21:00:42
signed using : ECDSA with SHA256
EC key size : 256 bits
basic constraints : CA=false
subject alt name : server_xxxxxxxxxx
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication
2019-04-26 13:19:57 SSL Handshake: TLSv1.2/TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
2019-04-26 13:19:57 Session is ACTIVE
2019-04-26 13:19:57 EVENT: GET_CONFIG
2019-04-26 13:19:57 Sending PUSH_REQUEST to server...
2019-04-26 13:19:57 OPTIONS:
0 [dhcp-option] [DNS] [192.168.1.82]
1 [block-outside-dns]
2 [route-gateway] [10.8.0.1]
3 [topology] [subnet]
4 [ping] [10]
5 [ping-restart] [60]
6 [ifconfig] [10.8.0.2] [255.255.255.0]
7 [peer-id] [0]
8 [cipher] [AES-256-GCM]
2019-04-26 13:19:57 PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: SHA1
compress: NONE
peer ID: 0
2019-04-26 13:19:57 EVENT: ASSIGN_IP
2019-04-26 13:19:57 NIP: preparing TUN network settings
2019-04-26 13:19:57 NIP: init TUN network settings with endpoint: 108.xxx.x.xxx
2019-04-26 13:19:57 NIP: adding IPv4 address to network settings 10.8.0.2/255.255.255.0
2019-04-26 13:19:57 NIP: adding (included) IPv4 route 10.8.0.0/24
2019-04-26 13:19:57 NIP: adding DNS 192.168.1.82
2019-04-26 13:19:57 NIP: adding match domain ALL
2019-04-26 13:19:57 NIP: adding DNS specific routes:
2019-04-26 13:19:57 NIP: adding (included) IPv4 route 192.168.1.82/32
2019-04-26 13:19:57 Connected via NetworkExtensionTUN
2019-04-26 13:19:57 EVENT: CONNECTED 108.xxx.x.xxx:1194 (108.xxx.x.xxx) via /UDPv4 on NetworkExtensionTUN/10.8.0.2/ gw=[/]
This ovpn profile used in Passepartout (1.5.0/1.6.0 b1779) successfully allows me to access my home's LAN DNS server while on cellular. Attempts to connect to websites show up as successfully forwarded in my DNS server logs, but do not resolve.
OVPN profile with no password via Passepartout v1.5.0 Debug log (successul LAN access):
App: Passepartout 1.5.0 (1733)
OS: iOS 12.1.1
Device: iPhone
13:51:34 - Starting tunnel...
13:51:34 - App version: Passepartout 1.5.0 (1733)
13:51:34 - Protocols: [UDP:1194]
13:51:34 - Cipher: AES-256-GCM
13:51:34 - Digest: HMAC-SHA1
13:51:34 - Compression framing: disabled
13:51:34 - Compression algorithm: disabled
13:51:34 - Client verification: enabled
13:51:34 - TLS wrapping: crypt
13:51:34 - Keep-alive: never
13:51:34 - Renegotiation: never
13:51:34 - Server EKU verification: disabled
13:51:34 - MTU: 1250
13:51:34 - Debug: true
13:51:34 - Masks private data: true
13:51:34 - Current SSID: none (disconnected from WiFi)
13:51:34 - Creating link session
13:51:34 - DNS resolve hostname: #310347224060b108#
13:51:34 - DNS resolved addresses: ["#310347224060b108#"]
13:51:34 - Will connect to #310347224060b108#:1194
13:51:34 - Socket type is NEUDPSocket
13:51:34 - Socket state is preparing (endpoint: #47c48f45b5fa3155# -> in progress)
13:51:34 - Socket state is ready (endpoint: #e70c6d350c1d7438# -> #72fc98e7ec07700d#)
13:51:34 - Starting VPN session
13:51:34 - Send hard reset
13:51:34 - Negotiation key index is 0
13:51:34 - Control: Enqueued 1 packet [0]
13:51:34 - Control: Write control packet {HARD_RESET_CLIENT_V2 | 0, sid: 4c650e08556c66a7, pid: 0, [0 bytes]}
13:51:34 - Send control packet (54 bytes): 384c650e08556c66a7000000015cc36f56afa0981cbeebcf0908f75a539196228fb4abae893d96a7e4d6c8e169e8d9fcbd14c00f4a51
13:51:34 - Control: Try read packet with code HARD_RESET_SERVER_V2 and key 0
13:51:34 - Control: Read packet {HARD_RESET_SERVER_V2 | 0, sid: 9d81ec74d47cea07, acks: {[0], 4c650e08556c66a7}, pid: 0}
13:51:34 - Send ack for received packetId 0
13:51:34 - Control: Write ack packet {ACK_V1 | 0, sid: 4c650e08556c66a7, acks: {[0], 9d81ec74d47cea07}}
13:51:34 - Control: Remote sessionId is 9d81ec74d47cea07
13:51:34 - Start TLS handshake
13:51:34 - TLS.connect: Pulled ciphertext (176 bytes)
13:51:34 - Control: Enqueued 1 packet [1]
13:51:34 - Control: Write control packet {CONTROL_V1 | 0, sid: 4c650e08556c66a7, pid: 1, [176 bytes]}
13:51:34 - Send control packet (230 bytes): 204c650e08556c66a7000000035cc36f568be988d78c42f98d001eef442d57fbe0697d8ec41b82e80435161cf2dd8c847ede6a1d6db40689d7c20bf75ba542d6f8224e215b0e022ea479888d431703624405e912b21e7bd2f4ebfa0385799b3704a25af5386df035b5d4534f8b9c8019cab2e937d468a15db7eac0f0f748e3bc09237bdc6f3d7fe67ee041f7faba80ffd9dc90f65fbb50d1c92d8147895f7a0b6244b8d714f7b42e55d97832d24fa1e16e66c7f2cf274e59c49475a7b9f831af3bcf331499129f855bc17ae48fedacea10132b91665472b88fb1b00b1249402f222248db0799
13:51:34 - Ack successfully written to LINK for packetId 0
13:51:34 - Control: Try read packet with code CONTROL_V1 and key 0
13:51:34 - Control: Read packet {CONTROL_V1 | 0, sid: 9d81ec74d47cea07, acks: {[1], 4c650e08556c66a7}, pid: 1, [1062 bytes]}
13:51:34 - Send ack for received packetId 1
13:51:34 - Control: Write ack packet {ACK_V1 | 0, sid: 4c650e08556c66a7, acks: {[1], 9d81ec74d47cea07}}
13:51:34 - TLS.connect: Put received ciphertext (1062 bytes)
13:51:34 - Control: Try read packet with code CONTROL_V1 and key 0
13:51:34 - Control: Read packet {CONTROL_V1 | 0, sid: 9d81ec74d47cea07, pid: 2, [160 bytes]}
13:51:34 - Send ack for received packetId 2
13:51:34 - Control: Write ack packet {ACK_V1 | 0, sid: 4c650e08556c66a7, acks: {[2], 9d81ec74d47cea07}}
13:51:34 - TLS.connect: Put received ciphertext (160 bytes)
13:51:34 - TLS.connect: Send pulled ciphertext (1093 bytes)
13:51:34 - Control: Enqueued 1 packet [2]
13:51:34 - Control: Write control packet {CONTROL_V1 | 0, sid: 4c650e08556c66a7, pid: 2, [1093 bytes]}
13:51:34 - Send control packet (1147 bytes): 204c650e08556c66a7000000065cc36f56b6a56c0fa427bd3b58c483c24ddd0e8ef56ccc920beef8978fce2ad26615874a13651f6c44aa4513d329757e3e865d41aa2f5807004ea7d2e8f3c012d061d160cf348381c6ee84406f29c8473acd493e42c76529149bcec81881e516e45fc84e470597a1866f3f7ace7e93f3372ed0bb4fe7dde31b4c3a407998be56c5b2e44d0abd54b67cc879be4babf3aaebca1d3f86f7d8ccced9f776fcfdd4179be3a9d87b653509f0e0676bda7ff099ee0af4d34baccd06d52de3c4d2cdc0fb00e7efa1c42fa3581909929075c9c609a59a6487c44056f54eabbc309bc32c0459081bd50399ad115f817bd5a68da8082916dd81c34981c6f1d8929ce3ae805e0010bbb88309b92d7823d2a7724682fe66b5fc06167238e2e6ba3801d5f80a520f387a7f73efe29c3c4b51a526b2a3ddc048207c269908815a35e007813dba9472540b0b2b65fab9b45f863de11cc4049914b6029d380f91376e351cc4e0c35e908f998d40109caee25ed9c91451ace30f06f616a56e371b070195f4b00d8cdcd350def5ad788fc3baf4a8e01a41c1a3b9f3395b054e0018a6713e59cb68e5e9bb492199860e0e1f3c5102d0e3684599a983236afcc17ea380b31e3d49e9639198762d4606900e71a6b7f3a49af372a7e4ac03e271c6a4eadb21067d41ca16cd851bfd710fc017ca48cb6f33801ab77a624b81909b1f965dd17fe05a2637fcc8e1f46ca4db8aad3c2e83fc9df424e4f0064a868fbc7d098f2207d0312116f7a569fb7cb603da2915ef6363456ab9380108b183c5c93718b545a3e636bf0df6ec9df051843aaeea36ba0f02b461956026efc7af9202fe5daafee8d472b39ccb836aaf437b08b1a6f646b7e9fadee2ac75c9c4c2dceac66ba62db82064e7bd44948e8f93e16cbb9dbae3ff86621a086b5f25c2c8b37d8b273fffaa5fab183381b53ab7cb58c2508ef3338a8b650af5f8e6193d8d7a6a22ff3f7682fb3c5d6d1fec43936559f7f5a3594883f1f4d72c1dd60900c7292fb33367d16b67aa94c63c0cc41e700489333350d99a312c5f2c3c71ce217a3e62200b22df5987211dd1a97dca5935e7bec9421c31454d0cc55c582a5b05ef92908d342768c10aac0baee7796020c617f60d9b268da9e4902da373b17027169f81d768e0de2d15986bac248ddc4006aa7f44e626725151902812b727858291b372b625907e3bb06b65da4ebaa9c0338d4e377afe5d87fa13c482240eb00d1a4b2be67ee2b65ad2e1680e8a0ca30d7c0ee007304aac5d051af93ed2f525ee7d1b65deaafd43bb6644748afd3e641def66aa81af0e7123e9baf30e4770bf670af96d967a671a08fd1fb832d78015abf3300d13830125bf8e56fb4cddb592eb869748ee2d2c7cc085ca422da6b6c72832775f59946b5fed130189fbafc127e8bd540e67f5f1c7b96ef48e24d54520b0939803dc76178e1e9f5bacd08e7c1558110cd44a0ebe03d92b2d447454c3f81d3011367d792e94105962eaf46ad163d9e1a247abf3e47994d8facb6332d375a455603c78b218b9c52551f62858e2899b52e9a046cf76394f1d73d5b44a25529f958e1049245a2dcbf65e6712
13:51:34 - Ack successfully written to LINK for packetId 1
13:51:34 - Ack successfully written to LINK for packetId 2
13:51:34 - Control: Skip writing packet with packetId 2 (sent on 2019-04-26 20:51:34 +0000, 0.02056896686553955 seconds ago)
13:51:34 - Control: Try read packet with code CONTROL_V1 and key 0
13:51:34 - Control: Read packet {CONTROL_V1 | 0, sid: 9d81ec74d47cea07, acks: {[2], 4c650e08556c66a7}, pid: 3, [51 bytes]}
13:51:34 - Send ack for received packetId 3
13:51:34 - Control: Write ack packet {ACK_V1 | 0, sid: 4c650e08556c66a7, acks: {[3], 9d81ec74d47cea07}}
13:51:34 - TLS.connect: Put received ciphertext (51 bytes)
13:51:34 - TLS.connect: Handshake is complete
13:51:34 - TLS.auth: Local options: V4,cipher AES-256-GCM,auth SHA1,keysize 256,tls-crypt
13:51:34 - TLS.auth: Put plaintext (325 bytes)
13:51:34 - TLS.auth: Pulled ciphertext (354 bytes)
13:51:34 - Control: Enqueued 1 packet [3]
13:51:34 - Control: Write control packet {CONTROL_V1 | 0, sid: 4c650e08556c66a7, pid: 3, [354 bytes]}
13:51:34 - Send control packet (408 bytes): 204c650e08556c66a7000000085cc36f568d305a88bfc785a992b0d4207300dca42552585244f19a5242474bef0c0ff8efd47b04f66b804bacf94076bafac8722bdcc7b646865848b9516247774f69074eb7a8135ca2dd4d86186f6c9a684034237378b06a95312e2bd1ec35c49a415adf15054127c22694bbe7ffd3f56e9a816f7c5f996b626c1c794a5f61c4829e343928ed5c44997fb052b45e18f42eca59bc7cdbb0e8c47eea2ee0f0ccfe499b0709188210ee2b8fd2e2ba4deff5d026162d06d8517b6d653e96adeb543846a9df47d5c58f2deea25966390106e3e4891dd5c076762d18e9995cdd353e8cccce3e842d052e7613e3f5dce9a4dc18625073f6d12af028c2cae0d35d7bedccd2ede90a2e0f5dbcd5a4512a476a8422298da44a06b2486c98b0151a361e4ff64dbf9469b68ad50693f4e4afd594df78d65aa71921121e5d16cd224bea872c3a92588b6cece50d7708967c9147df271926e3a7a4566e867a0aff91faa45c250ee6d93057abd6016b0fc6c3d10db5f5951a379c1db0ca113ff1b1b885dcc148ff08084b4e32bcd866b8eb69
13:51:34 - Ack successfully written to LINK for packetId 3
13:51:34 - Control: Skip writing packet with packetId 3 (sent on 2019-04-26 20:51:34 +0000, 0.07237398624420166 seconds ago)
13:51:35 - Control: Try read packet with code CONTROL_V1 and key 0
13:51:35 - Control: Read packet {CONTROL_V1 | 0, sid: 9d81ec74d47cea07, acks: {[3], 4c650e08556c66a7}, pid: 4, [228 bytes]}
13:51:35 - Send ack for received packetId 4
13:51:35 - Control: Write ack packet {ACK_V1 | 0, sid: 4c650e08556c66a7, acks: {[4], 9d81ec74d47cea07}}
13:51:35 - TLS.connect: Put received ciphertext (228 bytes)
13:51:35 - Pulled plain control data (199 bytes)
13:51:35 - TLS.auth: Parsed server random
13:51:35 - TLS.auth: Parsed server opts: "V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-server"
13:51:35 - Parsed control message (0 bytes)
13:51:35 - Parsed control message (0 bytes)
13:51:35 - Parsed control message (0 bytes)
13:51:35 - Parsed control message (0 bytes)
13:51:35 - Parsed control message (0 bytes)
13:51:35 - Parsed control message (0 bytes)
13:51:35 - Ack successfully written to LINK for packetId 4
13:51:35 - TLS.ifconfig: Put plaintext (PUSH_REQUEST)
13:51:35 - TLS.ifconfig: Send pulled ciphertext (42 bytes)
13:51:35 - Control: Enqueued 1 packet [4]
13:51:35 - Control: Write control packet {CONTROL_V1 | 0, sid: 4c650e08556c66a7, pid: 4, [42 bytes]}
13:51:35 - Send control packet (96 bytes): 204c650e08556c66a70000000a5cc36f578e4bfc88cd598d1f2ba3821de3c36afdbb3ecb4874f8a2f3fa202fb3b57c89fc39ee683826bb4534d05678a4eaae2a6e6ef901efd79a49f98a3499c8018934b3ea6c252e608ae730ce1f13b1b3fed1
13:51:35 - Control: Skip writing packet with packetId 4 (sent on 2019-04-26 20:51:35 +0000, 0.004279971122741699 seconds ago)
13:51:35 - Control: Try read packet with code ACK_V1 and key 0
13:51:35 - Control: Read packet {ACK_V1 | 0, sid: 9d81ec74d47cea07, acks: {[4], 4c650e08556c66a7}}
13:51:35 - Control: Try read packet with code CONTROL_V1 and key 0
13:51:35 - Control: Read packet {CONTROL_V1 | 0, sid: 9d81ec74d47cea07, pid: 5, [211 bytes]}
13:51:35 - Send ack for received packetId 5
13:51:35 - Control: Write ack packet {ACK_V1 | 0, sid: 4c650e08556c66a7, acks: {[5], 9d81ec74d47cea07}}
13:51:35 - TLS.connect: Put received ciphertext (211 bytes)
13:51:35 - Pulled plain control data (182 bytes)
13:51:35 - Parsed control message (181 bytes)
13:51:35 - Received PUSH_REPLY: "#a35ef33beb75dc70#"
13:51:35 - Set up encryption
13:51:35 - Negotiated cipher: AES-256-GCM
13:51:35 - Negotiated keep-alive: 10.0 seconds
13:51:35 - Session did start
13:51:35 - Returned ifconfig parameters:
13:51:35 - Remote: #310347224060b108#
13:51:35 - IPv4: addr #a528a528834309ef# netmask 255.255.255.0 gw #38fc73bfa953c6f4# routes []
13:51:35 - IPv6: not configured
13:51:35 - DNS: ["#2b624e5f15f7f2e9#"]
13:51:35 - Domain: not configured
13:51:35 - Ack successfully written to LINK for packetId 5
13:51:35 - Tunnel interface is now UP
13:51:45 - Data: Received ping, do nothing
13:51:58 - Data: Received ping, do nothing
13:52:08 - Data: Received ping, do nothing
13:52:12 - Stopping tunnel...
13:52:12 - Trigger shutdown on request
13:52:12 - Session did stop
13:52:12 - Failed LINK read: Error Domain=NSPOSIXErrorDomain Code=89 "Operation canceled"
13:52:12 - Socket state is cancelled (endpoint: #76a270e3ffdceff4# -> #456f78a1449bd2a5#)
13:52:12 - Cleaning up...
13:52:12 - Tunnel did stop on request
13:52:12 - Flushing log...
OVPN profile with no password via Passepartout v1.6.0 (1779) Debug log attempting to connect to GitHub.com:
App: Passepartout 1.6.0 (1779)
OS: iOS 12.1.1
Device: iPhone
14:04:44 - Starting tunnel...
14:04:44 - App version: Passepartout 1.6.0 (1779)
14:04:44 - Protocols: [UDP:1194]
14:04:44 - Cipher: AES-256-GCM
14:04:44 - Digest: HMAC-SHA1
14:04:44 - Compression framing: disabled
14:04:44 - Compression algorithm: disabled
14:04:44 - Client verification: enabled
14:04:44 - TLS wrapping: crypt
14:04:44 - Keep-alive: never
14:04:44 - Renegotiation: never
14:04:44 - Server EKU verification: disabled
14:04:44 - Default gateway: no
14:04:44 - DNS: default
14:04:44 - MTU: 1250
14:04:44 - Debug: true
14:04:44 - Masks private data: true
14:04:44 - Current SSID: none (disconnected from WiFi)
14:04:44 - Creating link session
14:04:44 - DNS resolve hostname: #310347224060b108#
14:04:44 - DNS resolved addresses: ["#310347224060b108#"]
14:04:44 - Will connect to #310347224060b108#:1194
14:04:44 - Socket type is NEUDPSocket
14:04:44 - Socket state is ready (endpoint: #bbbb753a7261c5db# -> in progress)
14:04:44 - Starting VPN session
14:04:44 - Send hard reset
14:04:44 - Negotiation key index is 0
14:04:44 - Control: Enqueued 1 packet [0]
14:04:44 - Control: Write control packet {HARD_RESET_CLIENT_V2 | 0, sid: 5bc32ea217028a6f, pid: 0, [0 bytes]}
14:04:44 - Send control packet (54 bytes): 385bc32ea217028a6f000000015cc3726ce30091305bdaa2faee24c180f5e6575e485cc1a35cea9d8fb02680e292bcf5cb6bb5001d78
14:04:44 - Socket state is ready (endpoint: #17362caa976d00a4# -> #d10cbfdc763c01c6#)
14:04:44 - Control: Try read packet with code HARD_RESET_SERVER_V2 and key 0
14:04:44 - Control: Read packet {HARD_RESET_SERVER_V2 | 0, sid: caafe4052af89e6c, acks: {[0], 5bc32ea217028a6f}, pid: 0}
14:04:44 - Send ack for received packetId 0
14:04:44 - Control: Write ack packet {ACK_V1 | 0, sid: 5bc32ea217028a6f, acks: {[0], caafe4052af89e6c}}
14:04:44 - Control: Remote sessionId is caafe4052af89e6c
14:04:44 - Start TLS handshake
14:04:44 - TLS.connect: Pulled ciphertext (176 bytes)
14:04:44 - Control: Enqueued 1 packet [1]
14:04:44 - Control: Write control packet {CONTROL_V1 | 0, sid: 5bc32ea217028a6f, pid: 1, [176 bytes]}
14:04:44 - Send control packet (230 bytes): 205bc32ea217028a6f000000035cc3726ca60a195e8e14295451bb62fe337a08b7eb825f4b6af598fc0caff3d28ca7c7dc738456332619ad2e98515c36abfc72467e1f6c44a44d1a04c27f2ee53e42a66fa3284f679d6381dda53db3af9e468b0834b4a3850813179515ed5569a7b3145fcd614a027e43b8f8b0189648edab28a639aa4ec610ff6fb1c5bee9b59be6115e694159754da3b76744ce35f6bebefc6514ad0b0763351dbace1c371015402bf2e695312cd462660b21b58aa139482ae228e4036b9f8cb9ee26425fd2ee080ffb04c1e8c8ea0e622feea4cc659758663bd9cb059415
14:04:44 - Ack successfully written to LINK for packetId 0
14:04:44 - Control: Skip writing packet with packetId 1 (sent on 2019-04-26 21:04:44 +0000, 0.06633496284484863 seconds ago)
14:04:44 - Control: Try read packet with code CONTROL_V1 and key 0
14:04:44 - Control: Read packet {CONTROL_V1 | 0, sid: caafe4052af89e6c, acks: {[1], 5bc32ea217028a6f}, pid: 1, [1062 bytes]}
14:04:44 - Send ack for received packetId 1
14:04:44 - Control: Write ack packet {ACK_V1 | 0, sid: 5bc32ea217028a6f, acks: {[1], caafe4052af89e6c}}
14:04:44 - TLS.connect: Put received ciphertext (1062 bytes)
14:04:44 - Control: Try read packet with code CONTROL_V1 and key 0
14:04:44 - Control: Read packet {CONTROL_V1 | 0, sid: caafe4052af89e6c, pid: 2, [160 bytes]}
14:04:44 - Send ack for received packetId 2
14:04:44 - Control: Write ack packet {ACK_V1 | 0, sid: 5bc32ea217028a6f, acks: {[2], caafe4052af89e6c}}
14:04:44 - TLS.connect: Put received ciphertext (160 bytes)
14:04:44 - TLS.connect: Send pulled ciphertext (1092 bytes)
14:04:44 - Control: Enqueued 1 packet [2]
14:04:44 - Control: Write control packet {CONTROL_V1 | 0, sid: 5bc32ea217028a6f, pid: 2, [1092 bytes]}
14:04:44 - Send control packet (1146 bytes): 205bc32ea217028a6f000000065cc3726c55101429d079ae0c4aa338bb55dca98fbdbe90a0004113f86ad0cc781fc7098f77c5e33521c0c48addf83f29e7937488644241a415ef4f513070d1b5262cb8e1219eaf339bf96570e70992d3948d0b7d2c639756e7b5388c9411bcfe50d8c435ed25bb4e94dfd4519c12d182281e9bdbee076f70fc5a4f33596ebc075499bf9f67eb82ed001a90b94376168aaecaaac60eeed7261cd35a4e53bc2d5c1c799026a4dad6f1d7aae300714f52012b37f7e0e9e767e2bc46fe41a91edf81039618f238c04074e4f1670cdcc522e4f5aa8c499fe16ab01c21bc71e673701e3b1f23fa335664db1fe4852cb6fba5401acec277f3af5b497f04f1625693bce13d7316d34251a81838c6f2849ce471c0d27ba54d5c859c29bedade304226fd885df32265cdcc34f150d09e3fd55a67d22ec5139909bf8db6b5f6e8bb08f356f9a41ac534e644a644a2cd0d86ce8e0395b528529d45ced14983aa6db23fd85abaef7a097e0e137b6420b102246ef4f89f682379bc3be75f9c75c3b0b4f03553a5d997843a8ffb02fc7da167fcd567035496b61b116d346e98dd6983d312f8833a560fc967fbf8de0049cd28c6ba877fdc0bccb50072f2d5ffd4963fd0311fa840246f7d497f16eb9fdc2134a27096a51858af58eb1be96437566a5a8238b3fd0d335cf94ef61849a8f5a6dc691429341cf35a3a185905e924a11077f5cde739a17a89cbc753692168464d4ea8723cd56e354ae07ab7633a8d7c2c2e12d2ad0032015e80d2e04b53e517ddc108395414999bf3cf154f3b82efc866e703803bef858b196f7975978d2926f42808689a12e222adc3934168e13af1fced2fdde6d4f49ca2f81e977527557a170fbd86c451cdcea2d9d221e3cc1b6eb7eca4869d7482a8495308c2d92bf5258b9a7d3f8f30a43c647d12cd613a6abce306d7f70b910d80e0caae741554e0ea0de26da774159aabfd91aebf7da0c68a330a0f624e5c233a5cda29c600d20bf0f3c766c7e1f4a4a991c27a9c0c383d132984350d35ed425b27391f7fb77f0c49d60da8bdf34e8f5858b74aa414791cfad372f13c3c4c9c6f9fe6073b0467b436c06944582366934864d873b0f755c547af41c78520b832afc75e2219e07272eabef405cbfa1d1ee238239bd9f2ac1b743f2bc3d2ef06b3526abbbb7b4fc0381f4c29525714330385c90e70f72d122df7cb10d086f8dc34ce719a102e566f24e8a74fc7b1a31ae96241fc645f5db4ba34daab3681fb097600975cd8fd36b296f25dd6cf97ef2e3493d4e42dcd9a702e1c88afc21babf2799c1d58841cdcf52528ab039852944f22001501d3c424a02ca4215430fdcdfb94b932806a89f156278322a6268f07391646ac76d8ec45d59497dc04452fc39b8d9774f143fc02dd1b5e9d829f7b81a857d5f08e90f3dddde771f4b105e377158ccc52b0d30f812b0356a400dfdd1148145bc528a9d919ab9454dfb44f3eb98f1f5fc154f1d9cf019c722730c33be07bf3e83ed106548681056ff38a23c668d350be836a18f2acc61e31ef34c4a7d9852a8e2d9ed17eacb515aa11df20d7043740be8082fe5c6240149be931135a
14:04:44 - Ack successfully written to LINK for packetId 1
14:04:44 - Ack successfully written to LINK for packetId 2
14:04:44 - Control: Try read packet with code CONTROL_V1 and key 0
14:04:44 - Control: Read packet {CONTROL_V1 | 0, sid: caafe4052af89e6c, acks: {[2], 5bc32ea217028a6f}, pid: 3, [51 bytes]}
14:04:44 - Send ack for received packetId 3
14:04:44 - Control: Write ack packet {ACK_V1 | 0, sid: 5bc32ea217028a6f, acks: {[3], caafe4052af89e6c}}
14:04:44 - TLS.connect: Put received ciphertext (51 bytes)
14:04:44 - TLS.connect: Handshake is complete
14:04:44 - TLS.auth: Local options: V4,dev-type tun,cipher AES-256-GCM,auth SHA1,keysize 256,key-method 2,tls-client,keydir 1
14:04:45 - TLS.auth: Put plaintext (361 bytes)
14:04:45 - TLS.auth: Pulled ciphertext (390 bytes)
14:04:45 - Control: Enqueued 1 packet [3]
14:04:45 - Control: Write control packet {CONTROL_V1 | 0, sid: 5bc32ea217028a6f, pid: 3, [390 bytes]}
14:04:45 - Send control packet (444 bytes): 205bc32ea217028a6f000000085cc3726c223a0cb5d6bdff9ef0a92ccfe9e5f44ce7293287c48b324e068a3b6e72e9651a6357d2eb8c211ec4318e58bad4521cb0a349bcaba08249739bd2a7d40aa25e66c049407867929d35e2e47d50617fd30d729129d0dcac7ee445b4ca27a1096585f0a84a39e524c66932e300590398476d1327e6f4c9848d429c1b9fd55893369be6be49823e3b0f5d86f97d8a5796acc049c2dfcb63a9dcad35caad3174dfe97d827b27b2988dec784283644c1c3c6671722b4445eadd0661e00dfaf682162f66ccd72e519f8ab51a8e9a717f223e93dbc181a6c33e65be8da05f920400a6830eb48c11ea7770fea67098d4987e6dbb475c85ac87ac281001bdfb4b373c3f76951fd6af2690d4b9fb2abf5e5137012fbad85b610f2b7536606129c25cdc1d8bb6aaec0430087c7be17b4ce6230e2961d6868c0a7ffc97de29a846156bf687552792a706982abbb6a62dc9a2e8053e55ee2d2eca6a13c67dd0221c70e885fc8dc6806ea94063bbdd27af2cd05dba5fcbc6bffeeffff973fad95e0b6272956a31776b2e872d88c45b62dbc5b2d86596feac20c498e494b25c5f14829241842e2e3cf1356b52b9334cf1501a97
14:04:45 - Ack successfully written to LINK for packetId 3
14:04:45 - Control: Skip writing packet with packetId 3 (sent on 2019-04-26 21:04:45 +0000, 0.01120901107788086 seconds ago)
14:04:45 - Control: Try read packet with code CONTROL_V1 and key 0
14:04:45 - Control: Read packet {CONTROL_V1 | 0, sid: caafe4052af89e6c, acks: {[3], 5bc32ea217028a6f}, pid: 4, [228 bytes]}
14:04:45 - Send ack for received packetId 4
14:04:45 - Control: Write ack packet {ACK_V1 | 0, sid: 5bc32ea217028a6f, acks: {[4], caafe4052af89e6c}}
14:04:45 - TLS.connect: Put received ciphertext (228 bytes)
14:04:45 - Pulled plain control data (199 bytes)
14:04:45 - TLS.auth: Parsed server random
14:04:45 - TLS.auth: Parsed server opts: "V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-server"
14:04:45 - Parsed control message (0 bytes)
14:04:45 - Parsed control message (0 bytes)
14:04:45 - Parsed control message (0 bytes)
14:04:45 - Parsed control message (0 bytes)
14:04:45 - Parsed control message (0 bytes)
14:04:45 - Parsed control message (0 bytes)
14:04:45 - Ack successfully written to LINK for packetId 4
14:04:45 - TLS.ifconfig: Put plaintext (PUSH_REQUEST)
14:04:45 - TLS.ifconfig: Send pulled ciphertext (42 bytes)
14:04:45 - Control: Enqueued 1 packet [4]
14:04:45 - Control: Write control packet {CONTROL_V1 | 0, sid: 5bc32ea217028a6f, pid: 4, [42 bytes]}
14:04:45 - Send control packet (96 bytes): 205bc32ea217028a6f0000000a5cc3726cccbe78aa938255c8727aad2ef22668c78f339173c724c8cd70b0bb09ff4c77a20b295aceab9eab58f429a864c9449044c36db10b437ec3d90e396041b82acaee39c3fd7e945956aaeb2287bcef7da8
14:04:45 - Control: Skip writing packet with packetId 4 (sent on 2019-04-26 21:04:45 +0000, 0.00359499454498291 seconds ago)
14:04:45 - Control: Try read packet with code ACK_V1 and key 0
14:04:45 - Control: Read packet {ACK_V1 | 0, sid: caafe4052af89e6c, acks: {[4], 5bc32ea217028a6f}}
14:04:45 - Control: Try read packet with code CONTROL_V1 and key 0
14:04:45 - Control: Read packet {CONTROL_V1 | 0, sid: caafe4052af89e6c, pid: 5, [211 bytes]}
14:04:45 - Send ack for received packetId 5
14:04:45 - Control: Write ack packet {ACK_V1 | 0, sid: 5bc32ea217028a6f, acks: {[5], caafe4052af89e6c}}
14:04:45 - TLS.connect: Put received ciphertext (211 bytes)
14:04:45 - Pulled plain control data (182 bytes)
14:04:45 - Parsed control message (181 bytes)
14:04:45 - Received PUSH_REPLY: "#6d345acacf19b44f#"
14:04:45 - Set up encryption
14:04:45 - Negotiated cipher: AES-256-GCM
14:04:45 - Negotiated keep-alive: 10.0 seconds
14:04:45 - Session did start
14:04:45 - Returned ifconfig parameters:
14:04:45 - Remote: #310347224060b108#
14:04:45 - IPv4: addr #a528a528834309ef# netmask 255.255.255.0 gw #38fc73bfa953c6f4# routes []
14:04:45 - IPv6: not configured
14:04:45 - Default gateway: not configured
14:04:45 - DNS: ["#2b624e5f15f7f2e9#"]
14:04:45 - Domain: not configured
14:04:45 - Ack successfully written to LINK for packetId 5
14:04:45 - Tunnel interface is now UP
14:04:55 - Send ping
14:04:55 - Data: Received ping, do nothing
14:05:02 - Stopping tunnel...
14:05:02 - Trigger shutdown on request
14:05:02 - Session did stop
14:05:02 - Failed LINK read: Error Domain=NSPOSIXErrorDomain Code=89 "Operation canceled"
14:05:02 - Socket state is cancelled (endpoint: #6327397583d5df22# -> #399ce04eb2200064#)
14:05:02 - Cleaning up...
14:05:02 - Tunnel did stop on request
14:05:02 - Flushing log...