Written by James McDonald

May 14, 2020

I’m using the OpenVPN Connect client on Android and using the QNAP created VPN file with a few small changes:

# added so the OpenVPN Connect client doesn't
# complain about missing client cert
client-cert-not-required

# I uncheck the Use remote network as default gateway 
# option so need to manually add route/s
route 10.19.88.0 255.255.255.0

# instead of having a separate ca.crt
# embed it inline in the openvpn.ovpn file
<ca>
... the contents of ca.crt here
</ca>

On Windows 10 the above works fine. But I just couldn’t get Android to connect. The only error was “Session invalidated: KEEPALIVE_TIMEOUT”

18:59:52.389 -- Tunnel Options:V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client

18:59:52.391 -- Creds: Username/Password

18:59:52.400 -- Peer Info:
IV_GUI_VER=OC30Android
IV_VER=3.git::f225fcd0:Release
IV_PLAT=android
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO=1
IV_IPv6=0


19:00:32.383 -- Session invalidated: KEEPALIVE_TIMEOUT

The fix was to open the OpenVPN Connect Android client and check an option in Settings

In hind sight the log output gave a hint as to the problem when it mentions “cipher AES-128-CBC” so enabling AES-CBC Cipher Algorithm fixed the problem and I could connect with Androids OpenVPN Connect client

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.

You May Also Like…

Squarespace Image Export

To gain continued access to your Squarespace website images after cancelling your subscription you have several...

MySQL 8.x GRANT ALL STATEMENT

-- CREATE CREATE USER 'tgnrestoreuser'@'localhost' IDENTIFIED BY 'AppleSauceLoveBird2024'; GRANT ALL PRIVILEGES ON...

Exetel Opt-Out of CGNAT

If your port forwards and inbound and/or outbound site-to-site VPN's have failed when switching to Exetel due to their...