5,604,859 Members 33,893 Now Online
XDA Developers Android and Mobile Development Forum

Solution to Tethering + OpenVPN issues on KitKat/4.4

Tip us?
 
scootley
Old
#1  
Junior Member - OP
Thanks Meter 3
Posts: 29
Join Date: Nov 2008
Info 2 Solution to Tethering + OpenVPN issues on KitKat/4.4

I was previously using a stock rooted Nexus 4 (with 4.3) with "OpenVPN Connect" (net.openvpn.openvpn) and android built-in wifi tethering to tunnel tethered clients through the OpenVPN connection. This required some iptables modifications but worked fine.

With a stock rooted Nexus 5 (with 4.4.0) and OpenVPN Connect 1.1.12, this stopped working and that was really annoying.

Part of the issue was the one described here

But it was more complicated. It seems that there are routing table issues that I had to research a bunch.

Here are the iptables commands that I already had to run even on the Nexus 4 (with 4.3), which I got from here
Code:
iptables -t filter -F FORWARD
iptables -t nat -F POSTROUTING
iptables -t filter -I FORWARD -j ACCEPT
iptables -t nat -I POSTROUTING -j MASQUERADE
These (above) are somewhat liberal firewall rules that you may what to refine for more security.

But below are additional routing entries that I needed to add specifically for the Nexus 5 (with 4.4.0). They force tethered clients to route through the VPN, unless their traffic is a broadcast or designated for the wifi LAN. Those exceptions are required for DHCP to work on the tethered client. They assume the tethered LAN is 192.168.43.XYZ and the OpenVPN interface is tun0.
Code:
ip rule add from 192.168.43.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add 192.168.43.0/24 dev wlan0 scope link table 61
ip route add broadcast 255.255.255.255 dev wlan0 scope link table 61


This seems to all work best if I start OpenVPN after activating tethering, not before.

I'm not entirely clear whether this is a result of some change/bug in KitKat, or an incompatibility in "OpenVPN Connect", or both. I wonder if it would work ok with other OpenVPN clients like "OpenVPN for Android" (de.blinkt.openvpn)

Other Notes:
* Server is OpenVPN 2.3.2
* Server has this line set in its config:
Code:
push "redirect-gateway autolocal def1"
The Following 3 Users Say Thank You to scootley For This Useful Post: [ Click to Expand ]
 
bondjames_12
Old
#2  
Junior Member
Thanks Meter 1
Posts: 10
Join Date: Mar 2008
Running android 4.4.2 google stock image with SuperSU on LG Nexus 4. These routing commands worked great and allowed me to tunnel all WiFi tethered traffic through my VPN. Thanks for figuring this out it was bugging me!
 
markdapimp
Old
#3  
Senior Member
Thanks Meter 304
Posts: 1,194
Join Date: Nov 2013
Im stock 4.4.2 no root or anything just pure stock i download install openvpn from google play and imported my config files click connect then open PDAnet connect and the Ip is changed.
Devices: Nexus 5 (Sold) 1X
Nexus 5
HTC One
 
Jrock2t5
Old
#4  
Junior Member
Thanks Meter 0
Posts: 3
Join Date: Mar 2011
OK, so I'm having a bit of trouble understanding and implementing the fix for my nexus 5. I've already got WiFi tethering working through the sqlite db fix but now I can't get my connection to work when my VPN (PIA official app) is broadcasting. These commands you're sending, are they done on the phone terminal or computer and is that EXACTLY how theyre being entered. For rules in red where would I find the IP I would use. Thanks guys Id really appreciate any help given.
 
Total_Lag
Old
(Last edited by Total_Lag; 28th January 2014 at 10:42 PM.)
#5  
Total_Lag's Avatar
Member
Thanks Meter 4
Posts: 80
Join Date: Apr 2007
Thumbs up Worked!

Quote:
Originally Posted by scootley View Post
This seems to all work best if I start OpenVPN after activating tethering, not before.
Thanks scootley! These worked me on 4.3. I activated my hotspot before OpenVPN, but I used
Code:
iptables --flush
first before entering your commands. Seems to help. My OpenVPN server config also has the following in addition to push redirect:

Code:
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "redirect-gateway autolocal def1"

Quote:
Originally Posted by Jrock2t5 View Post
OK, so I'm having a bit of trouble understanding and implementing the fix for my nexus 5. I've already got WiFi tethering working through the sqlite db fix but now I can't get my connection to work when my VPN (PIA official app) is broadcasting. These commands you're sending, are they done on the phone terminal or computer and is that EXACTLY how theyre being entered. For rules in red where would I find the IP I would use. Thanks guys Id really appreciate any help given.
These commands are entered on the phone. You can download Terminal Emulator or something similar through the app store.

First make sure you're connect to your hotspot from your computer. Next, let's find your local IP address. Here are the instructions for Windows:
  1. Click on the Start menu and type cmd. When you see the cmd applications in Start menu panel, click it or just press enter.
  2. A command line window will open. Type ipconfig and press enter.
  3. You'll see a bunch of information, but the line you want to look for is "IPv4 Address." The number across from that text is your local IP address.
Here's how to do the same thing on a Mac:
  1. Open System Preferences (via the Apple menu at the top lefthand corner of your screen).
  2. When System Preferences opens, click on the icon labeled Network.
  3. You should see a few options on the left with labels like Wi-Fi, Ethernet, Bluetooth, etc. The ones with green dots have IP addresses assigned to them. Click the one on top (if it isn't already selected) and look to the right. There should be a sentence that reads something like "Wi-Fi is connected to Chocolate and has the IP address 192.168.1.102." The number at the end of that sentence is your local IP address.

[OS] Android 4.1.1
[ROM] PARANOIDANDROID [2.14, True HybridMode]
[MODEM] FH23
 
RXP
Old
(Last edited by RXP; 28th February 2014 at 11:45 AM.)
#6  
Member
Thanks Meter 1
Posts: 67
Join Date: Oct 2009
Thanks for this thread, I've nearly got tethering working through Private Internet Access/Open VPN.

When running the commands

Code:
ip rule add from 192.168.43.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add 192.168.43.0/24 dev wlan0 scope link table 61
ip route add broadcast 255.255.255.255 dev wlan0 scope link table 61
i get an error "RTNETLINK answers: File exists"

I tethered up while connected to the VPN and could ping out to external IP addresses but no DNS resolution. So in my windows settings I manually specified DNS settings and can now browse the web through the VPN on my Galaxy s4!

But how do I fix the DNS issue? I want the clients that connect to pick up the DNS settings that actually work, without having to manually specify.

Thanks for any help
 
RoxAbout
Old
#7  
RoxAbout's Avatar
Senior Member
Thanks Meter 82
Posts: 307
Join Date: Sep 2010
Location: Climax, Ks.
Question Vpn problem

Hi I havent tried the above options..yet
I have a sgs3 sgh-t999 . a comercial vpn account with the xxx.ovpn cert files.
after getting the details entered into open vpn and importing the cert file all is good untill I go to connect [see attachment]
phone is v4.3, baseband mjc, kernel v 3.0.31, rom S3rx v3.0 1-27-14

any suggestions on how to proceed?
Attached Thumbnails
Click image for larger version

Name:	Screenshot_2014-02-28-17-16-58.png
Views:	99
Size:	117.8 KB
ID:	2606877  
 
Total_Lag
Old
#8  
Total_Lag's Avatar
Member
Thanks Meter 4
Posts: 80
Join Date: Apr 2007
Quote:
Originally Posted by RXP View Post
Thanks for this thread, I've nearly got tethering working through Private Internet Access/Open VPN.

When running the commands

Code:
ip rule add from 192.168.43.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add 192.168.43.0/24 dev wlan0 scope link table 61
ip route add broadcast 255.255.255.255 dev wlan0 scope link table 61
i get an error "RTNETLINK answers: File exists"

I tethered up while connected to the VPN and could ping out to external IP addresses but no DNS resolution. So in my windows settings I manually specified DNS settings and can now browse the web through the VPN on my Galaxy s4!

But how do I fix the DNS issue? I want the clients that connect to pick up the DNS settings that actually work, without having to manually specify.

Thanks for any help
1) RTNETLINK answers: File exists
This just means you already ran the command before during this reboot session and it's saved into the route table. If you restart your phone, and run the commands again, it will go through first time, but repeated commands will yield same error. Should be normal. Table clears on reboot.

2) Please see the thread at http://forum.xda-developers.com/gala...msung-t1689242
It seems like in order for OpenVPN DNS push to work, you have to change your APN settings on your phone to have it automatically register and push out to your other devices. I had the same problem and came across this during a search.

[OS] Android 4.1.1
[ROM] PARANOIDANDROID [2.14, True HybridMode]
[MODEM] FH23

Tags
kitkat, openvpn, tethering
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


TRENDING IN THEMER...