gitbls/pistrong

iOS Devices Can't Connect To VPN/Pistrong

ethanic17 opened this issue · 4 comments

So for about two years (close to one and a half?) now, I've been using pistrong to access my files & Pi at home, but now I'm having a bit of trouble with getting it to work. I recently got an iPad and I tried adding it as a device & installed the certs but it doesn't work. I got all the certs to install properly and I actually can connect to it (like the little VPN icon shows up), but I can't access anything (terminal, webpages, files, etc.) as it just says it can't connect to the server/server issue. And my iPhone also stopped allowing me to connect (or same with the iPad, as in the VPN icon pops up and says I'm connected, but I can't do anything). Interestingly, my Windows device & cert remained intact so I suspect it's something specific pertaining to the iOS connection/cert.

I opened up a similar issue about two years ago (Closed Issue #10), and I tried retracing all the steps I took, but perhaps something changed with iOS certifications through an iOS update that caused this issue (like the switch to iPadOS instead of iOS)? Or maybe I messed up somewhere along the process?

Here are the devices listed (as you can see, the 2021 certs are from when I first setup Pistrong, and the 2023 cert is the newest one, ignore the ethan-iphone11 ):
image

And here's the command I used to setup the new device (iPad):
image

And this is off-topic, but I remember when I first worked with you on this, you mentioned a paid SSH application on iOS/iPadOS that was pretty good and I never got the chance to check it out. I can't seem to find it after searching through #10 and the emails we exchanged, so I was hoping if you still remember/use it, could you let me know what it is? Thanks!

gitbls commented

My first guess: You installed a 32-bit OS on the Pi, and when you updated it recently, the kernel was switched to 64-bit by the upgrade. It turns out that this is problematic, but there's a fix. Here are the details...

First, let's determine if that's really the issue. On your Pi, do: file /bin/ls. if the file command is not found, please sudo apt install file.

If the file command returns:

/bin/ls: ELF 64-bit LSB pie executable, ARM aarch64, ...

Then I'm wrong, so please run pscollect from this github and post the output here (or email it to me if you'd prefer)

On the other hand, if the file command returns

/bin/ls: ELF 32-bit LSB executable, ...

AND uname -m returns "aarch64", then your Pi was gratuitously switched to the 64-bit kernel by a recent RasPiOS update.

The fix is to sudoedit /boot/config.txt. If there is a line with arm_64bit=1 change it to arm_64bit=0. If there is no such line, add: arm_64bit=0. Either way, write the file and exit the editor, reboot, and try the VPN. It should work now.

If it doesn't, I'll need to see the pscollect output.

As far as the iOS SSH application, I use Prompt 2 by Panic, Inc. TBH I don't use it that often, but I've not had any issues with it. I've seen a lot of mentions of Termius, but I've never looked at it.

LMK if the above corrects your VPN issue.

Unfortunately, it doesn't correct the VPN issue. I've confirmed I'm running 32-bit Raspberry Pi OS & it's running a 32-bit kernel and I've also added the arm_64bit=0 line to /boot/config.txt. And running pscollect says the command wasn't found. Another suspicion I have is maybe perhaps it's something to do with the CA file and maybe I just have to recreate it (but it wouldn't make sense as my Windows cert/VPN connection still works)?

And thank you for the SSH app recs, will look into purchasing one after we figure this out 😅

gitbls commented

pscollect is a file on this github. Please download/run it (you'll probably need to change the file protection to 755 first), and get me the output.

I've ran pscollect and sent the diagnostics file to you via email. Let me know if you need anything else or if you can't view the file (via GitHub or on email works). Thanks!