Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,779,301 Members 50,777 Now Online
XDA Developers Android and Mobile Development Forum

[INFO] OpenVPN (tun.ko) for LG Tmobile Gslate

Tip us?
 
ru1dev
Old
(Last edited by ru1dev; 6th June 2011 at 02:04 PM.) Reason: added nls_utf8.ko for asian users
#1  
Member - OP
Thanks Meter 4
Posts: 46
Join Date: Dec 2009
Location: Toronto

 
DONATE TO ME
Default [INFO] OpenVPN (tun.ko) for LG Tmobile Gslate

I just compiled a tun.ko and got OpenVPN working on the Tmobile Gslate! so I thought I would share:

1- Rooted (thanks to Chandon)
http://forum.xda-developers.com/show....php?t=1065882

2- Install tun.ko (Attached below)
download and unzip
Code:
     adb remount
     adb push tun.ko /system/lib/modules
     adb shell
     chmod 755 /system/lib/modules/tun.ko
Note: This tun module was built for kernel 2.6.36.3+

3- Install BusyBox using BusyBox Installer (from Market)
Install to /system/xbin

4- Install OpenVPN using OpenVPN Installer (from Market)
Install binary to /system/xbin
Install route to /system/xbin/bb

5- Install OpenVPN Settings (from Market)

6- Install OpenVPN static binary:
Download Static openvpn
Un-bz2 the file (7-Zip on Windows | bunzip2 on linux)
Code:
     adb remount
     adb push openvpn-static /system/xbin/openvpn
     adb shell
     chmod 555 /system/xbin/openvpn
7- Link Busybox ifconfig and route to /system/xbin/bb
Code:
     adb shell
     su
     mkdir /system/xbin/bb
     ln -s /system/xbin/ifconfig /system/xbin/bb/ifconfig
     ln -s /system/xbin/route /system/xbin/bb/route
8- Setup OpenVPN Settings (from Market)
OpenVPN settings > Advanced > Load tun kernel module <- turn ON
OpenVPN settings > Advanced > TUN module settings
Load module using - insmod
Path to tun module - /system/lib/modules/tun.ko

9- copy your .conf files to /sdcard/openvpn
REBOOT
CONNECT!~

Extra for SMB mounters : Cifs.ko ! - Attached!
Edit: June 5 '11 - Extra for Asian users : nls_utf8.ko - Attached!
Attached Files
File Type: zip tun.ko.zip - [Click for QR Code] (89.9 KB, 362 views)
File Type: zip cifs.ko.zip - [Click for QR Code] (1.25 MB, 155 views)
File Type: zip nls_utf8.ko.zip - [Click for QR Code] (12.2 KB, 128 views)
*****Android Phones*****
Nexus 4 - Daily
Retired - ION, Nexus One, Nexus S, HD2, Galaxy Nexus
Sold - Acer Liquid, i9000m, Vibrant, Captivate, MT4G, Sensation

*****Android Tablets*****
Nexus 7 - Daily
Sold - Viewsonic GTab, Nook Color, TF101, TF201

www.itsru.com
The Following User Says Thank You to ru1dev For This Useful Post: [ Click to Expand ]
 
bealesbane
Old
(Last edited by bealesbane; 1st June 2011 at 12:39 AM.) Reason: Clarified to prevent the casting of unintentional aspersion.
#2  
bealesbane's Avatar
Junior Member
Thanks Meter 9
Posts: 16
Join Date: Mar 2011
Well, I'm able to connect to my OpenVPN server now, but there must be something different in the binary..."client.conf: Connected" keeps spamming the notification area. Are you having this problem?

On a related note - I've got a couple other options, if I can get my cross-compiling tools set up correctly...I could use SonicWALL's NetExtender app, but that needs ppp_async and ppp_synctty built. I also wanted to be able to talk to a Windows-friendly PoPToP VPN server, but I suspect I'd need the ppp_mppe.ko built for that.

I tried compiling the whole kernel with the options I've mentioned, but I don't think I did it right...the make went all the way through, but I was using the gcc 4.4.3 eabi set in the SDK/NDK toolset. Since then, I've been trying to set things up according notes I found at K's Cluttered loft ( at triple-w dot (noob html limitation workaround) ailis.de/~k/archives/19-ARM-cross-compiling-howto dot HyperText Markup Language ) but start encountering problems when I try to build glibc...do you know of any instructions/tutorials which might help to educate this n00b (aye, that be me) in the fine art of ARM cross compiling?
 
ru1dev
Old
#3  
Member - OP
Thanks Meter 4
Posts: 46
Join Date: Dec 2009
Location: Toronto

 
DONATE TO ME
Quote:
Originally Posted by bealesbane View Post
Well, I'm able to connect to my OpenVPN server now, but there must be something different in the binary..."client.conf: Connected" keeps spamming the notification area. Are you having this problem?

On a related note - I've got a couple other options, if I can get my cross-compiling tools set up correctly...I could use SonicWALL's NetExtender app, but that needs ppp_async and ppp_synctty built. I also wanted to be able to talk to a Windows-friendly PoPToP VPN server, but I suspect I'd need the ppp_mppe.ko built for that.

I tried compiling the whole kernel with the options I've mentioned, but I don't think I did it right...the make went all the way through, but I was using the gcc 4.4.3 eabi set in the SDK/NDK toolset. Since then, I've been trying to set things up according notes I found at K's Cluttered loft ( at triple-w dot (noob html limitation workaround) ailis.de/~k/archives/19-ARM-cross-compiling-howto dot HyperText Markup Language ) but start encountering problems when I try to build glibc...do you know of any instructions/tutorials which might help to educate this n00b (aye, that be me) in the fine art of ARM cross compiling?
Yeah I have that spamming problem too .. always have with the honeycomb tablets.

I used 4.4.0 eabi, and had to hard code the localversion in the setlocalversion file and absolute path to the eabi modules in the makefile to get it to cross compile

I built and attached the ppp_async.ko , ppp_synctty.ko , ppp_mppe.ko for you (I did not test a insmod as I built and tested the cifs and tun on a friends tablet - do let me know if these work!)
Attached Files
File Type: zip ppp_async.ko.zip - [Click for QR Code] (72.3 KB, 15 views)
File Type: zip ppp_mppe.ko.zip - [Click for QR Code] (26.4 KB, 14 views)
File Type: zip ppp_synctty.ko.zip - [Click for QR Code] (70.2 KB, 14 views)
*****Android Phones*****
Nexus 4 - Daily
Retired - ION, Nexus One, Nexus S, HD2, Galaxy Nexus
Sold - Acer Liquid, i9000m, Vibrant, Captivate, MT4G, Sensation

*****Android Tablets*****
Nexus 7 - Daily
Sold - Viewsonic GTab, Nook Color, TF101, TF201

www.itsru.com
The Following User Says Thank You to ru1dev For This Useful Post: [ Click to Expand ]
 
bealesbane
Old
#4  
bealesbane's Avatar
Junior Member
Thanks Meter 9
Posts: 16
Join Date: Mar 2011
That's great! Thanks for putting those together. All of the modules you created insert fine with insmod (this version of busybox still has an issue with modprobe running on this tablet, suspect may be related to self-referring parameter, but hope to experiment more later) with the exception of mppe. That one comes back with "insmod: init_module '/system/lib/modules/ppp_mppe.ko' failed (File exists)".

This, however, may not be due to the module itself, strictly speaking. The other two, which are presented by SonicWALL as a workaround to their proprietary VPN app, inserted fine, but still produce an I/O error when a connection is attempted...closer inspection of the app's log reveals a similar complaint under the hood:

06-01 08:01:36.848 I/NetExtender.ppp( 8207): Nxhelper: start pppd main routine
06-01 08:01:36.858 D/NetExtender.ppp( 8207): using channel 1
06-01 08:01:36.858 E/NetExtender.ppp( 8207): Couldn't create new ppp unit: File exists
06-01 08:01:36.858 I/NetExtender.ppp( 8207): Nxhelper: pppd hung up, notify the service

My off the wall guess, pending further investigation, is that inserting mppe, or trying to initialize the other two, results in an attempt to create a device handle which is not being properly enumerated? ( i.e., attempting to create an instance of /dev/ppp, which already exists, instead of a new handle, say, /dev/ppp0, ppp1, etc.) Again, just theorizing blindly at this point - but you've certainly given me a great deal to work with, and I say thank ya big big.

I'll update you with any progress I make here, but at least for the time being I still have basic connectivity to one of my networks, and I can do much with that. And the cifs module works a treat as well!
 
bealesbane
Old
(Last edited by bealesbane; 1st June 2011 at 08:33 PM.) Reason: Afterthoughts.
#5  
bealesbane's Avatar
Junior Member
Thanks Meter 9
Posts: 16
Join Date: Mar 2011
In the meantime, a simple script allows me to toggle the VPN on and off without being annoyed by the spamming...then I add a widget to the script using ScriptManager (from the market) and viola! Look ma, no hands!

Code:
#!/system/bin/sh
BB="/system/xbin/busybox"
VPN="/system/xbin/openvpn"
TUNDTL=`$BB ifconfig tun0 2>&1`
RESULT=$?
if [ $((RESULT)) -eq 1 ]; then
        $VPN --config /mnt/sdcard/openvpn/client.conf --daemon MYVPN
else
        VPNPID=`ps openvpn | grep "^root"`
        VPNPID=`echo $VPNPID | cut -d" " -f2`
        if [ $((VPNPID)) -gt 99 ]; then
                $BB kill -KILL $VPNPID
        fi
fi
exit
(Just for anyone who doesn't want to wait until OpenVPN Settings gets a bugfix for Honeycomb. Obviously, adjust locations as needed. Oh, and don't give the script a name that starts with "openvpn"...unless you WANT a kamikaze script. This simple script obviously wouldn't work for multiple tunnels, (if they're even supported), but it does ya fine for the basic config.)
 
ru1dev
Old
#6  
Member - OP
Thanks Meter 4
Posts: 46
Join Date: Dec 2009
Location: Toronto

 
DONATE TO ME
awesome idea for the spamming .. sadly I have 8 openVPN servers I switch between so i have to put up with the spamming.. any idea what the reason of the spamming is? maybe contact the dev?
*****Android Phones*****
Nexus 4 - Daily
Retired - ION, Nexus One, Nexus S, HD2, Galaxy Nexus
Sold - Acer Liquid, i9000m, Vibrant, Captivate, MT4G, Sensation

*****Android Tablets*****
Nexus 7 - Daily
Sold - Viewsonic GTab, Nook Color, TF101, TF201

www.itsru.com
 
bealesbane
Old
#7  
bealesbane's Avatar
Junior Member
Thanks Meter 9
Posts: 16
Join Date: Mar 2011
The source for the app is available at 'code.google.com/p/android-openvpn-settings'. The issue has been reported already by a few people (issue 70), but it looks like there are quite a few other issues reported, so no telling if or when Mr. Schäuffelhut will have a chance to review it. It seems like it would be a good starter project for a would-be contributor...I haven't done any java developing, but it seems like it would be easier to isolate our issue and tweak it than bloat my simple script to allow multiple PIDs to be tracked and toggled...though the latter is certainly possible, and after I get my second OpenVPN server online (Audiogalaxy offline for better part of day yesterday, need to make myself independent of that), if the Java is too daunting I just may do so. So many tempting projects, so little time.
 
bealesbane
Old
(Last edited by bealesbane; 6th June 2011 at 09:43 PM.) Reason: Reverted to stock toolbox for module unload.
#8  
bealesbane's Avatar
Junior Member
Thanks Meter 9
Posts: 16
Join Date: Mar 2011
Lightbulb Simple VPN handler script to tide us over until 0.4.8 or more in OpenVPN-Settings

Ok, since you were so kind as to compile those extra modules for me, I figure the least I can do is give you something in return. Here's a simple VPN handler to manage multiple tunnels. Filenames for config files are entered relative to the CFGS folder, and module load/remove is manual rather than auto...and I put in connection sharing, as I'm using it this way...but it'll certainly let you use as many tunnels as the kernel will let you work with.

As always, the standard, 'you take your life into your own hands if you use this code, not responsible for problems up to and including user death' disclaimer applies. It seems to be working for me, though I'm only using 2 VPN's ATM.

Good luck! (Will still let you know if I make any progress in Java Dev)

Code:
root@android: /data/local/bin > cat ./vpnhandler
#!/system/bin/sh
export BB="/system/xbin/busybox"
export VPN="/system/xbin/openvpn"
export MODS="/system/lib/modules"
export CFGS="/mnt/sdcard/openvpn"
export SPACES="                                                         "

LOOPBACK=0
while [ $((LOOPBACK)) -eq 0 ]; do
        LOOPBACK=1
        CIFMOD=`$BB lsmod | grep -c "^cifs"`
        if [ $((CIFMOD)) -eq 0 ]; then CIFMOD="Load"; else CIFMOD="Remove"; fi
        TUNMOD=`$BB lsmod | grep -c "^tun"`
        if [ $((TUNMOD)) -eq 0 ]; then TUNMOD="Load"; else TUNMOD="Remove"; fi
        clear
        echo "Simple VPN Handler"
        echo "=================="
        echo
        echo "ACT    #   Tunnel Name           Configuration File            "
        echo "---  ---   --------------------  ------------------------------"
        while read vpndefs; do
                  TUNNO=`echo "${vpndefs}" | cut -d"~" -f1`
                TUNNAME=`echo "${vpndefs}" | cut -d"~" -f2`
                 TUNCFG=`echo "${vpndefs}" | cut -d"~" -f3`
                TUNSTAT=`$BB ps w | grep openvpn | grep -c "\-\-daemon ${TUNNAME}\$"`
                if [ $((TUNSTAT)) -eq 1 ]; then TUNSTAT="*"; else TUNSTAT=" "; fi
                DISPLINE=" ${TUNSTAT}   ${SPACES:0:$((3-${#TUNNO}))}${TUNNO}   ${TUNNAME}${SPACES:0:$((22-${#TUNNAME}))}${TUNCFG}"
                echo "${DISPLINE}"
        done < "${CFGS}/cfglist"
        echo
        echo "_______________________________________________________________"
        echo
        echo "       A - Add a new tunnel definition"
        echo "       D - Delete an existing tunnel  "
        echo "       C - ${CIFMOD} CIFS Module      "
        echo "       T - ${TUNMOD} TUN  Module      "
        echo "       S - Share tap0 to eth0 traffic "
        echo "       X - Break traffic forwarding   "
        echo "       Q - Quit                       "
        echo
        echo -n " Select action, or a tunnel number to toggle on or off : "
        read actkey
        if [ "$actkey" = "C" -o "$actkey" = "c" ]; then
                LOOPBACK=0
                if [ "$CIFMOD" = "Load" ]; then
                        LOADMOD=`$BB insmod ${MODS}/cifs.ko 2>&1`
                else    LOADMOD=`/system/bin/toolbox rmmod cifs.ko 2>&1`
                fi
        fi
        if [ "$actkey" = "T" -o "$actkey" = "t" ]; then
                LOOPBACK=0
                if [ "$TUNMOD" = "Load" ]; then
                        LOADMOD=`$BB insmod ${MODS}/tun.ko 2>&1`
                else    LOADMOD=`/system/bin/toolbox rmmod tun.ko 2>&1`
                fi
        fi
        if [ "$actkey" = "S" -o "$actkey" = "s" ]; then
                LOOPBACK=0
                iptables -F; iptables -t nat -F; iptables -X; iptables -t nat -X
                echo 1 | tee /proc/sys/net/ipv4/ip_forward
                iptables -t nat -A POSTROUTING -o tap0 -j MASQUERADE
                iptables -A FORWARD -i eth0 -j ACCEPT
        fi
        if [ "$actkey" = "X" -o "$actkey" = "x" ]; then
                LOOPBACK=0
                iptables -F; iptables -t nat -F; iptables -X; iptables -t nat -X
                echo 0 | tee /proc/sys/net/ipv4/ip_forward
        fi
        if [ "$actkey" = "A" -o "$actkey" = "a" ]; then
                LOOPBACK=0
                echo; echo -n "   Enter tunnel number to assign : "; read TUNNO
                TUNCHK=`cat "${CFGS}/cfglist" | grep -c "^${TUNNO}~"`
                if [ $((TUNCHK)) -eq 0 ]; then
                        echo; echo -n "   Enter a name for the tunnel : "; read TUNNAME
                        echo; echo -n "   Enter filepath/name for config file (relative to ${CFGS}) : "; read TUNCFG
                        echo "${TUNNO}~${TUNNAME}~${TUNCFG}" >> "${CFGS}/cfglist"
                else    echo -n "   That number is already in use. "; read TUNNO
                fi
        fi
        if [ "$actkey" = "D" -o "$actkey" = "d" ]; then
                LOOPBACK=0
                echo; echo -n "   Enter tunnel number to delete : "; read TUNNO
                TUNCHK=`cat "${CFGS}/cfglist" | grep -c "^${TUNNO}~"`
                if [ $((TUNCHK)) -eq 0 ]; then
                        echo -n "   That number is not currently in use. "; read TUNNO
                else    vpndefs=`cat "${CFGS}/cfglist" | grep "^${TUNNO}~"`
                        TUNNAME=`echo "${vpndefs}" | cut -d"~" -f2`
                        TUNSTAT=`$BB ps w | grep openvpn | grep -c "\-\-daemon ${TUNNAME}\$"`
                        if [ $((TUNSTAT)) -gt 0 ]; then
                                echo; echo -n "   Tunnel is active.  Turn off before deleting."; read TUNNO
                        else    RESULT=`cat "${CFGS}/cfglist" | egrep -v "^${TUNNO}~" > "${CFGS}/cfglist.tmp"`
                                $BB mv -f "${CFGS}/cfglist.tmp" "${CFGS}/cfglist"
                        fi
                fi
        fi
        if [ "$actkey" = "Q" -o "$actkey" = "q" ]; then LOOPBACK=0; fi
        if [ $((LOOPBACK)) -eq 1 ]; then
                TUNCHK=`cat "${CFGS}/cfglist" | grep -c "^${actkey}~"`
                LOOPBACK=0
                if [ $((TUNCHK)) -eq 0 ]; then
                        echo -n "   That number is not currently in use. "; read TUNNO
                else    TUNNO="${actkey}"
                        vpndefs=`cat "${CFGS}/cfglist" | grep "^${TUNNO}~"`
                        TUNNAME=`echo "${vpndefs}" | cut -d"~" -f2`
                        TUNCFG=`echo "${vpndefs}" | cut -d"~" -f3`
                        TUNSTAT=`$BB ps w | grep openvpn | grep -c "\-\-daemon ${TUNNAME}\$"`
                        if [ $((TUNSTAT)) -gt 0 ]; then
                                VPNPID=`$BB ps w | grep openvpn | grep "\-\-daemon ${TUNNAME}"`
                                VPNPID=`echo $VPNPID | cut -d" " -f1`
                                if [ $((VPNPID)) -gt 99 ]; then
                                        RESULT=`$BB kill -KILL $VPNPID`
                                fi
                        else    RESULT=`$VPN --config "${CFGS}/${TUNCFG}" --daemon "${TUNNAME}"`
                        fi
                fi
        fi
        if [ "$actkey" = "Q" -o "$actkey" = "q" ]; then LOOPBACK=1; fi

done
exit
Note: It'll throw out some screen errors if you don't have a zero length file in $CFGS/cfglist, but it'll let you add your first tunnel anyway. (Didn't bother to trap for that.)
Oh, and ScriptManager doesn't seem to like digging for scripts in /data/local/bin, but doesn't appear to have a problem executing things in /mnt/sdcard, even though I don't seem to be able to set the execute bit on any file in that fs. There's reference in Google of known glitch in some kernels that cause fs' mounted with the 'default_permissions,allow_other' flags to behave strangely. If they ever fix that, you may need to relocate, that's all.

Note also that the "ACT" column which denotes 'active' tunnels with an '*' only verifies that there is a process running with the designated label name. At this time, actual connectivity is left to you to determine.
The Following 2 Users Say Thank You to bealesbane For This Useful Post: [ Click to Expand ]
 
aureole999
Old
#9  
Junior Member
Thanks Meter 1
Posts: 10
Join Date: Apr 2010
it's very helpful, thanks very much!!
but could you compile nls_utf8.ko too? please
 
deez1234
Old
#10  
deez1234's Avatar
Senior Member
Thanks Meter 39
Posts: 337
Join Date: Aug 2010
You should try and come up with a working recovery!

Sent from my LG-V909 using XDA Premium App
Do you own a T-Mobile G-Slate or an Optimus Pad?
Join us on IRC today! G-Slate Development & Discussion!

Tags
cifs.ko, gslate, modules, openvpn, tun.ko
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes