So been at this issue for months now thinking a new graphene update would help. It has not :-( Hoping the community would have a clue what's going on if anyone else is using this and experiencing similar issues.
Setup: Pfsense 2.6.0 running openvpn server 1.6.4 in the home. Pixel 7 - newest updates - 1 owner main profile
FYI - Have 2 other cell phones in the house all work 100% fine for years with this setup. Got this Pixel phone loaded with graphene and the O.S. has issues with this setup for some reason.
Symptoms: On the phone, the openvpn app ALWAYS connects 100% of the time to my home vpn. All logs below on the phone indicate its connected AND all logs on the vpn server show connected. However 0% data actually flows. I can try browsing the internet, my home cameras, it does not matter, nothing flows. But wait there is more!
- If I stop and start the connection maybe 7 - 20 times, on one of these connections, data will flow.
- If I mess around with "always on vpn" on the phone and start and stop the app up to 20 times data will flow with one of the connections
- If data is going to flow, it will do it instantly, there is no waiting 10 minutes while connected and then it magically happens. Been down this rabbit hole.
You get the idea.... HELP!!! For a security rich phone, vpns should be rock solid.
The below logs are from the vpn server, anything with xxxxxxxxxxxx is me keeping sensitive data private
2023-04-23 11:34:22.684278-04:00 openvpn 2706 openvpn server 'ovpns1' user 'xxxxxxxxxxxx' address 'xxxxxxxxxxxx.123' - connected
2023-04-23 11:34:22.680599-04:00 openvpn 43975 xxxxxxxxxxxx.123:18034 MULTI_sva: pool returned IPv4=192.168.75.2, IPv6=(Not enabled)
2023-04-23 11:34:22.673291-04:00 openvpn 2335 user 'xxxxxxxxxxxx' authenticated
2023-04-23 11:34:22.469959-04:00 openvpn 43975 xxxxxxxxxxxx.123:18034 [xxxxxxxxxxxx] Peer Connection Initiated with [AF_INET]xxxxxxxxxxxx123:18034
These logs below are from the phone / openvpn app side on the pixel 7 - anything with xxxxxxxxxxxx is me keeping sensitive data private
[Apr 23, 2023, 11:29:19] ----- OpenVPN Start -----
[Apr 23, 2023, 11:29:19] EVENT: CORE_THREAD_ACTIVE
[Apr 23, 2023, 11:29:19] OpenVPN core 3.git::081bfebe:RelWithDebInfo android arm64 64-bit PT_PROXY
[Apr 23, 2023, 11:29:19] Frame=512/2048/512 mssfix-ctrl=1250
[Apr 23, 2023, 11:29:19] UNUSED OPTIONS
0 [persist-tun]
1 [persist-key]
2 [data-ciphers] [AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC]
3 [data-ciphers-fallback] [AES-256-CBC]
5 [tls-client]
8 [block-outside-dns]
9 [lport] [0]
13 [explicit-exit-notify]
[Apr 23, 2023, 11:29:19] EVENT: RESOLVE
[Apr 23, 2023, 11:29:21] Contacting xxxxxxxxxx.161:1195 via UDP
[Apr 23, 2023, 11:29:21] EVENT: WAIT
[Apr 23, 2023, 11:29:21] Connecting to [xxxxxxxxxx.net]:1195 (xxxxxxxxxx7.161) via UDPv4
[Apr 23, 2023, 11:29:21] EVENT: CONNECTING
[Apr 23, 2023, 11:29:21] Tunnel Options:V4,dev-type tun,link-mtu 1553,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA256,keysize 128,key-method 2,tls-client
[Apr 23, 2023, 11:29:21] Creds: Username/Password
[Apr 23, 2023, 11:29:21] Peer Info:
IV_VER=3.git::081bfebe:RelWithDebInfo
IV_PLAT=android
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC
IV_GUI_VER=net.openvpn.connect.android_3.3.3-9248
IV_SSO=webauth,openurl,crtext
IV_BS64DL=1
[Apr 23, 2023, 11:29:21] VERIFY OK: depth=1, /CN=openvpn home ca cert, signature: RSA-SHA256
[Apr 23, 2023, 11:29:21] VERIFY OK: depth=0, /CN=openvpn home server cert, signature: RSA-SHA256
[Apr 23, 2023, 11:29:22] SSL Handshake: peer certificate: CN=openvpn home server cert, 2048 bit RSA, cipher: TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
[Apr 23, 2023, 11:29:22] Session is ACTIVE
[Apr 23, 2023, 11:29:22] Sending PUSH_REQUEST to server...
[Apr 23, 2023, 11:29:22] EVENT: GET_CONFIG
[Apr 23, 2023, 11:29:22] OPTIONS:
0 [dhcp-option] [DOMAIN] [xxxxxxxxxxxxxxxxx.lan]
1 [block-outside-dns]
2 [register-dns]
3 [redirect-gateway] [def1]
4 [redirect-gateway] [ipv6]
5 [route-gateway] [192.168.75.1]
6 [topology] [subnet]
7 [ping] [10]
8 [ping-restart] [60]
9 [ifconfig] [192.168.75.2] [255.255.255.0]
10 [peer-id] [0]
11 [cipher] [AES-256-GCM]
[Apr 23, 2023, 11:29:22] PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: NONE
key-derivation: OpenVPN PRF
compress: NONE
peer ID: 0
control channel: tls-crypt enabled
[Apr 23, 2023, 11:29:22] EVENT: ASSIGN_IP
[Apr 23, 2023, 11:29:22] Google DNS fallback enabled
[Apr 23, 2023, 11:29:22] Connected via tun
[Apr 23, 2023, 11:29:22] EVENT: CONNECTED info='xxxxxxxxx@xxxxxxxxx.net:1195 (xxxxxxxxxx.161) via /UDPv4 on tun/192.168.75.2/ gw=[192.168.75.1/]' trans=TO_CONNECTED