I recently had an incoming update to the Android OpenVPN application for my Android phone that appears to have caused a failure connecting to my IPFire instance. I’m not really seeing any settings on the Android side, so I’m wondering if there is something I can tweak on the IPFire side to allow this connection to succeed? I’m seeing the attached error in the logs on the Android side.
[Apr 14, 2024, 16:03:55] ----- OpenVPN Start -----
[Apr 14, 2024, 16:03:55] EVENT: CORE_THREAD_ACTIVE
[Apr 14, 2024, 16:03:55] OpenVPN core 3.8.4connectX(3.git::c424d46c:RelWithDebInfo) android arm64 64-bit PT_PROXY
[Apr 14, 2024, 16:03:55] Frame=512/2112/512 mssfix-ctrl=1250
[Apr 14, 2024, 16:03:55] NOTE: This configuration contains options that were not used:
[Apr 14, 2024, 16:03:55] Internal option allowed only to be pushed by the server
[Apr 14, 2024, 16:03:55] 14 [auth-token-user] [USER]
[Apr 14, 2024, 16:03:55] 15 [auth-token] [TOTP]
[Apr 14, 2024, 16:03:55] EVENT: CORE_THREAD_ERROR info='option_error: sorry, unsupported options present in configuration: Internal option allowed only to be pushed by the server (auth-token,auth-token-user)'
[Apr 14, 2024, 16:03:55] EVENT: CORE_THREAD_DONE
I don’t know if it’s a bug or not, but I had the same problem and I solved it, once the certificates were created and before uploading/copying them to the phone to install them, editing them and commenting with “#” on the entries causes problems.
I have always used a different VPN client with android for ipfire.
A few releases ago it was no longer available for my devices and I mourned the loss! but it seems to have been recently updated.
It takes the cert and config file zipped straight from the IPFire_ GUI and will allow you to either fingerprint or type the cert password for additional security.
Its also quite configurable. I am not involved with its development (just a happy user) but I thoroughly commend it to the community if your device supports it
Regards
BB
[edit] i believe openVPN is free but other protocols supported require an annual subscription.
Thanks. For the moment, I just edited the OpenVPN file to comment out the attributes it didn’t like and stuck with the “official” Android client. I may try VPN Client Pro in the future.
