OpenVPN server + client working from mac but not from iPhone


I've been following this guide OpenVPN Basics to setup OpenVPN on my LinkSys 1900ACS. I got the vpn server working, and I can use the ovpn file on my mac to connect to my home network.

I cannot however get that same ovpn file to work on my iPhone. I've included my logs below from when I connect and also my ovpn file.


Ovpn file
verb 5
dev tun
remote DDNS 1194 udp
compress lzo
remote-cert-tls server

-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----




If you have an issue with some client, you should collect the log from that client.

That option is platform-specific, so it could be tricky.

@vgaetera good point!

Here's the client logs, I can see that fast-io is a unused option according to the logs.

The logs end at this line, I would've expected there to be more entries after this.

2018-46-16 21:46:23 EVENT: CONNECTED ( via /UDPv4 on NetworkExtensionTUN/ gw=[/]

I worked it out!

Found this in the OpenVPN Forums

Re: Cannot browse at all on 3.0.2(894)
Post by stdbma ยป Thu Oct 04, 2018 11:16 am
Hello, I believe I had the same issue. It seems like this latest 3.0.2 update toggled and disabled compression by default (due to apparent security reasons), but that made my VPN not work for me, as my server is pushing compression.
I went into the OpenVPN app settings and re-enabled compression and it began working again - perhaps this is the same issue you are having? If that works, due to compression apparently being insecure enough to be toggled off with this update, I'm assuming that compression should be disabled through the server configuration now, as well as in the OpenVPN app.

The short term solution is to enable compression on the iOS app, and tonight I will remove the compression option from the *.ovpn files.


I ran into this same problem. Apparently, enabling compression is a security risk.

However, when I tried to remove the compress 'lzo' option from both the server config and client config it didn't end up working so I had to put it back.

With the "compression downstream" option enabled on my iPhone OpenVPN client I am also running into a bunch of these errors in the syslog:

tls-crypt unwrap error: packet replay
TLS Error: tls-crypt unwrapping failed from
tls-crypt unwrap error: bad packet ID (may be a replay): [ #5 / time = (1546136247) Sat Dec 29 18:17:27 2018 ]

Any thoughts on how to disable this completely, and should the guide be updated?