OpenVPN help for galaxy s 2 I9100G

xdaian948 · Apr 21, 2012

Hello guys

so i got openvpn and installed it and everything but somehow when i click the .ovpn file it doesn't work, it doesn't put a tick mark next to it, it says that it was granted superuser permission but nothing else happens.

so what could be the problem if anyone had this before and was able to fix it
any help would be greatly appreciated thank you in advance.

fxrb · Apr 21, 2012

Can you post your .ovpn file? Be careful not to post anything that could compromise your privacy!
Please also post a screenshot of the 'OpenVPN Settings' App when clicking Menu -> Advanced.

Thaw.Bytes · Apr 22, 2012

Which Vpn are you using ?, when i tried using open vpn on mine it didnt work, The vpn provider told me to set it up through the vpn settings in the phone itself and that worked fine for me, could be worth a try

fxrb · Apr 22, 2012

Thaw.Bytes said:
Which Vpn are you using ?, when i tried using open vpn on mine it didnt work, The vpn provider told me to set it up through the vpn settings in the phone itself and that worked fine for me, could be worth a try

He is using OpenVPN, not "part of the phone".

Thaw.Bytes · Apr 22, 2012

Ahhh sorry my mistake i misread his post

xdaian948 · Apr 30, 2012

Sorry for the delay in replying, but here are 2 images of the settings but i don't think the .ovpn files has any issues i think its only the phone or openvpn itself.

fxrb · Apr 30, 2012

Well, if you think your .ovpn file is fine and certificate(s) and key(s) are at correct locations then you should take a look at the log.
To do this use 'adb' with the 'logcat' command. As soon as 'logcat' is running try to tick your OpenVPN configuration and check the log for any errors.

This is what I get when the status bar asks me to enter the certificate password (did some manual formatting for better reading

):

Code:

D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-mgmt(12164): attach(): using management port at 27460
E/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-mgmt(12164): attaching to OpenVPN daemon: failed to connect to /127.0.0.1 (port 27460): connect failed: ECONN REFUSED (Connection refused)
W/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn](12164): start(): choosing random port for management interface: 39157
[B]D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-daemon(12164): invoking external process: /system/xbin/su[/B]
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-daemon(12164): invoking command line: /system/xbin/openvpn --cd '/sdcard/openvpn' --config 'VPNTEST.ovpn' --writepid '/data/data/de.schaeuffelhut.android.openvpn/files/com.d/_sdcard_openvpn_VPNTEST.ovpn-pid' --script-security 1 --management 127.0.0.1 39157 --management-query -passwords --verb 3
D/OpenVPNDaemonEnabler(12164): Received OpenVPN daemon state changed from Unknown to Startup
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-daemon-stdout(12164): Mon Apr 30 16:22:11 2012 OpenVPN 2.1.1 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on Jan  6 2012
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-daemon-stdout(12164): Mon Apr 30 16:22:11 2012 MANAGEMENT: TCP Socket listening on 127.0.0.1:39157
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-daemon-stdout(12164): Mon Apr 30 16:22:11 2012 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-daemon-stdout(12164): Mon Apr 30 16:22:11 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
[B]D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-daemon-stdout(12164): Mon Apr 30 16:22:11 2012 Need password(s) from management interface, waiting...[/B]
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-mgmt(12164): started
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-mgmt(12164): attach(): using management port at 39157
V/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-mgmt(12164): Successfully attached to OpenVPN monitor port
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-daemon-stdout(12164): Mon Apr 30 16:22:11 2012 MANAGEMENT: Client connected from 127.0.0.1:39157
V/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-mgmt(12164): Socket IO established
D/OpenVPNDaemonEnabler(12164): Received OpenVPN daemon state changed from Unknown to Enabled
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-mgmt(12164): >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-daemon-stdout(12164): Mon Apr 30 16:22:11 2012 MANAGEMENT: CMD 'state'
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-daemon-stdout(12164): Mon Apr 30 16:22:11 2012 MANAGEMENT: CMD 'state on'
D/OpenVPNDaemonEnabler(12164): Received OpenVPN network state changed from Unknown to Connecting
V/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-mgmt(12164): onState("1335795731,CONNECTING,,,")
D/OpenVPN-Settings-getprop(12164): invoking external process: /system/bin/sh
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-daemon-stdout(12164): Mon Apr 30 16:22:12 2012 MANAGEMENT: CMD 'bytecount 0'
D/OpenVPN-Settings-getprop(12164): invoking command line: getprop net.dnschange
D/OpenVPN-Settings-getprop-stdout(12164): 66
I/OpenVPN-Settings-getprop-stdout(12164): terminated
I/OpenVPN-Settings-getprop-stderr(12164): terminated
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-mgmt(12164): =============> 0 == 66 resetting dns, leaving dns alone
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-mgmt(12164): SUCCESS: real-time state notification set to ON
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-mgmt(12164): SUCCESS: bytecount interval changed
D/OpenVPNDaemonEnabler(12164): Received OpenVPN network state changed from Connecting to Connecting

Note: OpenVPN is waiting here for the password. I did not enter it yet.

From what you said you do not even reach this 'checkpoint' so for now there is no need to debug any further.

xdaian948 · Apr 30, 2012

This is what i get:

Code:

D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPN-Server.ovpn]-mgmt(30883
): attach(): using management port at 24475
E/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPN-Server.ovpn]-mgmt(30883
): attaching to OpenVPN daemon: /127.0.0.1:24475 - Connection refused
W/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPN-Server.ovpn](30883): st
art(): choosing random port for management interface: 41258
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPN-Server.ovpn]-daemon(308
83): invoking external process: /system/bin/su
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPN-Server.ovpn]-daemon(308
83): invoking command line: /system/xbin/openvpn --cd '/sdcard/openvpn' --config
 'VPN-Server.ovpn' --writepid '/data/data/de.schaeuffelhut.android.
openvpn/files/com.d/_sdcard_openvpn_VPN-Server.ovpn-pid' --script-
security 1 --management 127.0.0.1 41258 --management-query-passwords --verb 3
E/su      (31797): sudb - Opening database
E/su      (31797): sudb - Database opened
E/su      (31797): sudb - Database closed
D/su      (31797): 10198 de.schaeuffelhut.android.openvpn executing 0 /system/bi
n/sh using shell /system/bin/sh : sh
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPN-Server.ovpn]-daemon-std
out(30883): Options error: Unrecognized option or missing parameter(s) in VPN-Server.ovpn:12: dhcp-renew (2.1.1)
D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPN-Server.ovpn]-daemon-std
out(30883): Use --help for more information.
I/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPN-Server.ovpn]-daemon-std
out(30883): terminated
I/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPN-Server.ovpn]-daemon-std
err(30883): terminated
D/OpenVPn Settings(30883): Closing log file /sdcard/openvpn/VPN-Ser
ver.log
I/WindowManager( 1650):   CREATE SURFACE Surface(name=Toast, identity=1061, mNat
iveSurface=0) IN SESSION android.view.SurfaceSession@40951bc0: pid=30916 format=
-3 flags=0x0 / Window{40555140 Toast paused=false}
D/PowerManagerService( 1650): acquireWakeLock flags=0xa tag=KEEP_SCREEN_ON_FLAG
uid=1000 pid=1650   myUID=1000 myPID=1650 myTID=1845
D/OpenVPNDaemonEnabler(30883): Received OpenVPN daemon state changed from Unknow
n to Startup
D/OpenVPNDaemonEnabler(30883): Received OpenVPN daemon state changed from Unknow
n to Disabled

thank you

fxrb · Apr 30, 2012

Seems to be a problem with root. From your log:

Code:

E/su      (31797): sudb - Opening database
E/su      (31797): sudb - Database opened
E/su      (31797): sudb - Database closed

If I'm not mistake OpenVPN must be executed as superuser. From my log:

Code:

[B][COLOR="SeaGreen"]D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-daemon(12164): invoking external process: /system/xbin/su
[/COLOR][/B]D/OpenVPN-DaemonMonitor[/sdcard/openvpn/VPNTEST.ovpn]-daemon(12164): invoking command line: /system/xbin/openvpn --cd '/sdcard/openvpn' --config 'VPNTEST.ovpn' --writepid '/data/data/de.schaeuffelhut.android.openvpn/files/com.d/_sdcard_openvpn_VPNTEST.ovpn-pid' --script-security 1 --management 127.0.0.1 39157 --management-query -passwords --verb 3

Look at the green bold line: it is running su, only afterwards OpenVPN is invoked.
From your log (same location as in mine) I can see that there is a problem with root access.
To test this you can use 'adb' and the 'shell' command. Enter 'su' yourself to get root access. Then enter the command line from your log. I bet if 'su' succeeds, i.e. you get root access, then OpenVPN will start

.

xdaian948 · Apr 30, 2012

I'm sorry if this seems stupid but what exactly i should enter from my log

i got to the part where it says

su
#

but i just need to know what exactly should i enter afterwards

thank you so much

fxrb · May 1, 2012

No, not stupid, I was just going way too fast. If one does not understand an explanation this is usually due to the explanation not being accurate, in short: my mistake

It took me some time but I think I found a better way to examine your problem.

First we need an alternative possibility to enter the password of the key file when starting OpenVPN manually from the adb console. OpenVPN is supposed to ask for the password on stdin if started with option '--askpass' without any file to lookup passwords. Though this dos not work on my phone, hence I have created a file name 'test.passwd' containing only one line with my OpenVPN key password. This file must be located in the same directory as the 'ovpn' file.

When your done with this you are ready to start OpenVPN 'manually' by doing this:

1) run 'adb shell'
2) type 'su'
3) type 'whoami' and make sure you are root (userid 0)
4) type

Code:

/system/xbin/openvpn --cd '/sdcard/openvpn' --config VPN-Server.ovpn --askpass test.passwd

Assuming you named the file holding your password 'test.passwd'

OpenVPN should now connect to your server and you should see something similar to this:

Code:

Tue May  1 10:55:03 2012 OpenVPN 2.1.1 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on Jan  6 2012
Tue May  1 10:55:03 2012 WARNING: file 'test.passwd' is group or others accessible
Tue May  1 10:55:03 2012 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Tue May  1 10:55:03 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue May  1 10:55:03 2012 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue May  1 10:55:03 2012 WARNING: file './xy@no_one_cares.p12' is group or others accessible
Tue May  1 10:55:03 2012 LZO compression initialized
Tue May  1 10:55:03 2012 UDPv4 link local: [undef]
Tue May  1 10:55:03 2012 UDPv4 link remote: xxx.yyy.zzzz.wwww:1194
Tue May  1 10:55:04 2012 [openvpn.myvpn.server] Peer Connection Initiated with xxx.yyy.zzzz.wwww:1194
Tue May  1 10:55:06 2012 TUN/TAP device tun0 opened
Tue May  1 10:55:06 2012 /system/bin/ifconfig tun0 192.168.101.6 pointopoint 192.168.101.5 mtu 1500
Tue May  1 10:55:06 2012 Initialization Sequence Completed

At this point you should invoke another 'adb shell' and type 'busybox ifconfig'. If you see a tun0 device then the OpenVPN connection is established.
On my system this looks like this:

Code:

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:171 errors:0 dropped:0 overruns:0 frame:0
          TX packets:171 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:11713 (11.4 KiB)  TX bytes:11713 (11.4 KiB)

[B]tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:192.168.101.6  P-t-P:192.168.101.5  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)[/B]

wlan0     Link encap:Ethernet  HWaddr 12:34:56:78:9A:BC
          inet addr:xyz.vw.11.32  Bcast:xyz.vw.11.255  Mask:255.255.255.0
          inet6 addr: f370::6sd6:f891:fz8e:9qqb/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8185 errors:0 dropped:271 overruns:0 frame:0
          TX packets:9578 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2058632 (1.9 MiB)  TX bytes:1000224 (976.7 KiB)

If not check the output of the other shell, it will tell you about where to search for the problem (hopefully

).

xdaian948 · May 2, 2012

Unfortunately this didn't work, i get this when i enter that command

Code:

Options error: Unrecognized option or missing parameter(s) in VPN-S
erver.ovpn:12: dhcp-renew (2.1.1)
Use --help for more information.

and when i do the 'whoami' command i get this

Code:

whoami: unknown uid 0

but I think the password is not the issue because when I click on the server to open it in openvpn( put a tick next to it) it doesn't put a tick it doesn't even reach the password point i think its an issue much earlier than the password point.

I just get the superuser message 'OpenVPN Settings has been granted superuser permissions' and nothing else happens at all.
I can tick/start the main button on the top 'OpenVPN' but I can't start the server.

just to note that i used doom lord rooting tool kit version 4 to root the phone if the issue is root related or something.

Thank you again.

fxrb · May 2, 2012

xdaian948 said:
Unfortunately this didn't work, i get this when i enter that command

Code:

Options error: Unrecognized option or missing parameter(s) in VPN-S erver.ovpn:12: dhcp-renew (2.1.1) Use --help for more information.

As I said in my very first post: please provide the contents of your .ovpn file. Even if you believe it is correct it seems to contain options that do not work, as stated by the error message!

Code:
and when i do the 'whoami' command i get this

Code:

whoami: unknown uid 0

This is fine, you are root.

but I think the password is not the issue because when I click on the server to open it in openvpn( put a tick next to it) it doesn't put a tick it doesn't even reach the password point i think its an issue much earlier than the password point.

I did not say (and to tell the truth I don't believe) it is a problem with the password since, as I described in my last post, you do not even reach the point where OpenVPN could ask you for the password.

I just get the superuser message 'OpenVPN Settings has been granted superuser permissions' and nothing else happens at all.
I can tick/start the main button on the top 'OpenVPN' but I can't start the server.

The method I proposed for debugging boils things down to the bare minimum and therefore reduces the chance of any other misconfiguration then the one of OpenVPN. You better don't use the 'graphical interface' until OpenVPN runs fine from the command line.

just to note that i used doom lord rooting tool kit version 4 to root the phone if the issue is root related or something.

Don't know what this is but sounds cool

, anyway it seems rooting is ok.

Thank you again.

You are welcome, but please consider that your .ovpn configuration file could have an error. The error reported in your log is due to a misconfiguration in your .ovpn file I believe. This is why OpenVPN exits.

xdaian948 · May 2, 2012

Alright i'll send you the .ovpn files in a PM now

Thank you.

this is the rooting method i was talking about btw

Code:

http://xdaforums.com/showthread.php?t=1321582

fxrb · May 2, 2012

Ok, got your files by PM.
Besides the remote destination you would connect to and perhaps the names of the certificate and key file there is no security relevant information you could not post here I think.

Anyway: the files look like you are connecting to a VPN server that is not your server, i.e. you have no control of the OpenVPN server, correct? In this case I can't really help you, you should ask the VPN provider.

If the VPN server was your own server I would have suggested to radically comment options until you manage to establish a basic connection. Your log clearly shows that there seems to be problem with the option 'dhcp-renew' but as you are not running the VPN server I do not know if you can comment this or any other option, sorry

.

My .ovpn file looks like this:

Code:

; OpenVPN client configuration for
; access to xyz enterprise
;
client
dev tun
proto udp
remote xxx.yyy.zzz.www 1194
nobind
comp-lzo
pkcs12 ./p12_ca_cert_private_cert_and_key_bundle.p12
verb 1

This configuration works perfect including routing and DNS resolution by the internal DNS servers of xyz enterprise.

You can try to eliminate (comment) options in your .ovpn file yourself hoping you get a result having no offending option left, but this might be tedious without knowledge of the server end

. If you try this please note that your configuration uses 3 individual files, one for the CA cert, one for your cert and one for the key while my configuration uses only one file (certs and key bundled). You must keep your 'three file' configuration.

xdaian948 · May 2, 2012

Well, i'll just ask the support of the VPN provider and see what they can do there might be a problem on their end, and i want to thank you so much for everything you have done

Topics

Topics

OpenVPN help for galaxy s 2 I9100G

xdaian948

Member

fxrb

Senior Member

Thaw.Bytes

Senior Member

fxrb

Senior Member

Thaw.Bytes

Senior Member

xdaian948

Member

Attachments

fxrb

Senior Member

xdaian948

Member

fxrb

Senior Member

xdaian948

Member

fxrb

Senior Member

xdaian948

Member

fxrb

Senior Member

xdaian948

Member

fxrb

Senior Member

xdaian948

Member

Similar threads

Top Liked Posts

New posts