Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,802,856 Members 40,499 Now Online
XDA Developers Android and Mobile Development Forum

OpenVPN help for galaxy s 2 I9100G

Tip us?
 
fxrb
Old
(Last edited by fxrb; 1st May 2012 at 11:34 AM.)
#11  
fxrb's Avatar
Senior Member
Thanks Meter 91
Posts: 285
Join Date: Jul 2011
No, not stupid, I was just going way too fast. If one does not understand an explanation this is usually due to the explanation not being accurate, in short: my mistake

It took me some time but I think I found a better way to examine your problem.

First we need an alternative possibility to enter the password of the key file when starting OpenVPN manually from the adb console. OpenVPN is supposed to ask for the password on stdin if started with option '--askpass' without any file to lookup passwords. Though this dos not work on my phone, hence I have created a file name 'test.passwd' containing only one line with my OpenVPN key password. This file must be located in the same directory as the 'ovpn' file.

When your done with this you are ready to start OpenVPN 'manually' by doing this:

1) run 'adb shell'
2) type 'su'
3) type 'whoami' and make sure you are root (userid 0)
4) type
Code:
/system/xbin/openvpn --cd '/sdcard/openvpn' --config VPN-Server.ovpn --askpass test.passwd
Assuming you named the file holding your password 'test.passwd'

OpenVPN should now connect to your server and you should see something similar to this:
Code:
Tue May  1 10:55:03 2012 OpenVPN 2.1.1 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on Jan  6 2012
Tue May  1 10:55:03 2012 WARNING: file 'test.passwd' is group or others accessible
Tue May  1 10:55:03 2012 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Tue May  1 10:55:03 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue May  1 10:55:03 2012 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue May  1 10:55:03 2012 WARNING: file './xy@no_one_cares.p12' is group or others accessible
Tue May  1 10:55:03 2012 LZO compression initialized
Tue May  1 10:55:03 2012 UDPv4 link local: [undef]
Tue May  1 10:55:03 2012 UDPv4 link remote: xxx.yyy.zzzz.wwww:1194
Tue May  1 10:55:04 2012 [openvpn.myvpn.server] Peer Connection Initiated with xxx.yyy.zzzz.wwww:1194
Tue May  1 10:55:06 2012 TUN/TAP device tun0 opened
Tue May  1 10:55:06 2012 /system/bin/ifconfig tun0 192.168.101.6 pointopoint 192.168.101.5 mtu 1500
Tue May  1 10:55:06 2012 Initialization Sequence Completed
At this point you should invoke another 'adb shell' and type 'busybox ifconfig'. If you see a tun0 device then the OpenVPN connection is established.
On my system this looks like this:
Code:
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:171 errors:0 dropped:0 overruns:0 frame:0
          TX packets:171 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:11713 (11.4 KiB)  TX bytes:11713 (11.4 KiB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:192.168.101.6  P-t-P:192.168.101.5  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

wlan0     Link encap:Ethernet  HWaddr 12:34:56:78:9A:BC
          inet addr:xyz.vw.11.32  Bcast:xyz.vw.11.255  Mask:255.255.255.0
          inet6 addr: f370::6sd6:f891:fz8e:9qqb/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8185 errors:0 dropped:271 overruns:0 frame:0
          TX packets:9578 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2058632 (1.9 MiB)  TX bytes:1000224 (976.7 KiB)
If not check the output of the other shell, it will tell you about where to search for the problem (hopefully ).
The Following User Says Thank You to fxrb For This Useful Post: [ Click to Expand ]
 
xdaian948
Old
(Last edited by xdaian948; 2nd May 2012 at 02:41 AM.)
#12  
Junior Member - OP
Thanks Meter 0
Posts: 8
Join Date: Apr 2012
Unfortunately this didn't work, i get this when i enter that command

Code:
Options error: Unrecognized option or missing parameter(s) in VPN-S
erver.ovpn:12: dhcp-renew (2.1.1)
Use --help for more information.
and when i do the 'whoami' command i get this

Code:
whoami: unknown uid 0
but I think the password is not the issue because when I click on the server to open it in openvpn( put a tick next to it) it doesn't put a tick it doesn't even reach the password point i think its an issue much earlier than the password point.

I just get the superuser message 'OpenVPN Settings has been granted superuser permissions' and nothing else happens at all.
I can tick/start the main button on the top 'OpenVPN' but I can't start the server.

just to note that i used doom lord rooting tool kit version 4 to root the phone if the issue is root related or something.

Thank you again.
 
fxrb
Old
#13  
fxrb's Avatar
Senior Member
Thanks Meter 91
Posts: 285
Join Date: Jul 2011
Quote:
Originally Posted by xdaian948 View Post
Unfortunately this didn't work, i get this when i enter that command

Code:
Options error: Unrecognized option or missing parameter(s) in VPN-S
erver.ovpn:12: dhcp-renew (2.1.1)
Use --help for more information.
As I said in my very first post: please provide the contents of your .ovpn file. Even if you believe it is correct it seems to contain options that do not work, as stated by the error message!
Quote:
and when i do the 'whoami' command i get this

Code:
whoami: unknown uid 0
This is fine, you are root.
Quote:
but I think the password is not the issue because when I click on the server to open it in openvpn( put a tick next to it) it doesn't put a tick it doesn't even reach the password point i think its an issue much earlier than the password point.
I did not say (and to tell the truth I don't believe) it is a problem with the password since, as I described in my last post, you do not even reach the point where OpenVPN could ask you for the password.
Quote:

I just get the superuser message 'OpenVPN Settings has been granted superuser permissions' and nothing else happens at all.
I can tick/start the main button on the top 'OpenVPN' but I can't start the server.
The method I proposed for debugging boils things down to the bare minimum and therefore reduces the chance of any other misconfiguration then the one of OpenVPN. You better don't use the 'graphical interface' until OpenVPN runs fine from the command line.
Quote:
just to note that i used doom lord rooting tool kit version 4 to root the phone if the issue is root related or something.
Don't know what this is but sounds cool , anyway it seems rooting is ok.
Quote:
Thank you again.
You are welcome, but please consider that your .ovpn configuration file could have an error. The error reported in your log is due to a misconfiguration in your .ovpn file I believe. This is why OpenVPN exits.
The Following User Says Thank You to fxrb For This Useful Post: [ Click to Expand ]
 
xdaian948
Old
(Last edited by xdaian948; 2nd May 2012 at 07:35 PM.)
#14  
Junior Member - OP
Thanks Meter 0
Posts: 8
Join Date: Apr 2012
Alright i'll send you the .ovpn files in a PM now
Thank you.

this is the rooting method i was talking about btw
Code:
http://forum.xda-developers.com/showthread.php?t=1321582
 
fxrb
Old
#15  
fxrb's Avatar
Senior Member
Thanks Meter 91
Posts: 285
Join Date: Jul 2011
Ok, got your files by PM.
Besides the remote destination you would connect to and perhaps the names of the certificate and key file there is no security relevant information you could not post here I think.

Anyway: the files look like you are connecting to a VPN server that is not your server, i.e. you have no control of the OpenVPN server, correct? In this case I can't really help you, you should ask the VPN provider.

If the VPN server was your own server I would have suggested to radically comment options until you manage to establish a basic connection. Your log clearly shows that there seems to be problem with the option 'dhcp-renew' but as you are not running the VPN server I do not know if you can comment this or any other option, sorry .

My .ovpn file looks like this:

Code:
; OpenVPN client configuration for
; access to xyz enterprise
;
client
dev tun
proto udp
remote xxx.yyy.zzz.www 1194
nobind
comp-lzo
pkcs12 ./p12_ca_cert_private_cert_and_key_bundle.p12
verb 1
This configuration works perfect including routing and DNS resolution by the internal DNS servers of xyz enterprise.

You can try to eliminate (comment) options in your .ovpn file yourself hoping you get a result having no offending option left, but this might be tedious without knowledge of the server end . If you try this please note that your configuration uses 3 individual files, one for the CA cert, one for your cert and one for the key while my configuration uses only one file (certs and key bundled). You must keep your 'three file' configuration.
The Following User Says Thank You to fxrb For This Useful Post: [ Click to Expand ]
 
xdaian948
Old
#16  
Junior Member - OP
Thanks Meter 0
Posts: 8
Join Date: Apr 2012
Well, i'll just ask the support of the VPN provider and see what they can do there might be a problem on their end, and i want to thank you so much for everything you have done
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes