Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,769,248 Members 39,186 Now Online
XDA Developers Android and Mobile Development Forum

[APP][4.0+][v1.00 - 20140810] OpenConnect - SSL VPN client for Cisco AnyConnect

Tip us?
 
petelking
Old
(Last edited by petelking; 11th June 2014 at 08:13 AM.)
#41  
petelking's Avatar
Junior Member
Thanks Meter 1
Posts: 27
Join Date: Apr 2012
Quote:
Originally Posted by cernekee View Post
Code:
busybox ifconfig tun0 mtu 1200
Many thanks for getting back to me, Anyconnect MTU is 1405 while openconnect MTU is 1406
Changing the MTU to 1200 solved this but also chaining it to 1405 solved so I'd like to thank you for your efforts
Any way to make this change permenent?

Code:
busybox ifconfig tun0 mtu 1405
Cheers!
 
cernekee
Old
#42  
Senior Member - OP
Thanks Meter 352
Posts: 176
Join Date: Jun 2013
Quote:
Originally Posted by petelking View Post
Many thanks for getting back to me, Anyconnect MTU is 1405 while openconnect MTU is 1406
Hmm, that's odd. I wonder how it is being calculated. Normally we just get a number from the server and use it as-is. When I connect to a local ASA with either client, I get 1406.

Can you send the MTU info for the other interfaces under both clients?
OpenConnect for Android - a FOSS AnyConnect/ocserv VPN client with advanced features
Easy Token - RSA SecurID token with widgets
AFWall+ - the successor to DroidWall
The Following User Says Thank You to cernekee For This Useful Post: [ Click to Expand ]
 
petelking
Old
#43  
petelking's Avatar
Junior Member
Thanks Meter 1
Posts: 27
Join Date: Apr 2012
Sent Via Email

After further testing, setting MTU to 1200 as you suggested works a lot better than 1405 with a lot less time-outs and retransmits.

Thanks.
 
GT3XX
Old
#44  
Junior Member
Thanks Meter 0
Posts: 4
Join Date: Jul 2014
Default (Tasker) intent to start vpn connection

Hi all,

I just switched from Apple to Android and like it already!
Tho, I can't figure out what's the intent to add to tasker to start the vpn connection. I read the github page which said smth about the intent, but i can't translate it to tasker format. Can someone put me into the right direction?

Quote:
A: public class StartOpenVPNActivity extends Activity {
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.main);

final String EXTRA_NAME = "de.blinkt.openvpn.shortcutProfileName";

Intent shortcutIntent = new Intent(Intent.ACTION_MAIN);
shortcutIntent.setClassName("de.blinkt.openvpn", "de.blinkt.openvpn.LaunchVPN");
shortcutIntent.putExtra(EXTRA_NAME,"upb ssl");
startActivity(shortcutIntent);

or from the shell:

am start -a android.intent.action.MAIN -n de.blinkt.openvpn/.LaunchVPN -e de.blinkt.openvpn.shortcutProfileName Home
 
cernekee
Old
#45  
Senior Member - OP
Thanks Meter 352
Posts: 176
Join Date: Jun 2013
Quote:
Originally Posted by GT3XX View Post
Tho, I can't figure out what's the intent to add to tasker to start the vpn connection. I read the github page which said smth about the intent, but i can't translate it to tasker format.
This feature was in the original ics-openvpn sources, but it isn't currently working in OpenConnect.

I can look into getting it fixed up if you're interested in using it. Are you starting/stopping the VPN connection based on e.g. location, hours, etc.?
OpenConnect for Android - a FOSS AnyConnect/ocserv VPN client with advanced features
Easy Token - RSA SecurID token with widgets
AFWall+ - the successor to DroidWall
 
GT3XX
Old
#46  
Junior Member
Thanks Meter 0
Posts: 4
Join Date: Jul 2014
Quote:
Originally Posted by cernekee View Post
This feature was in the original ics-openvpn sources, but it isn't currently working in OpenConnect.

I can look into getting it fixed up if you're interested in using it. Are you starting/stopping the VPN connection based on e.g. location, hours, etc.?
Aff, sorry. I'ts getting kinda late here. It would be great if I can start the VPN connection when the phone is connected to specific WIFI APs.
 
GT3XX
Old
#47  
Junior Member
Thanks Meter 0
Posts: 4
Join Date: Jul 2014
Don't want to hesitate you, but I'm still interested. Do you have any updates? Thanks!
 
cernekee
Old
#48  
Senior Member - OP
Thanks Meter 352
Posts: 176
Join Date: Jun 2013
Quote:
Originally Posted by GT3XX View Post
Don't want to hesitate you, but I'm still interested. Do you have any updates? Thanks!
I haven't coded anything up yet but I gave it some thought.

First - I think SmoothConnect does some sort of blacklist/whitelist based on wifi SSIDs, so that might be something to check out.

Disconnecting in response to another app's intent is easy. Connecting is often interactive, so I think it might work best if the following conditions are satisfied:
  • VpnService confirmation dialog is bypassed. Arne Schwab made an Xposed module for this. I was thinking I might integrate a cut-down version of this feature into OpenConnect directly, so that if you install OpenConnect you'll automatically get an option in the Xposed Installer to always allow VPN connections from OpenConnect. Hopefully this doesn't have any ill effects if Xposed is not installed.
  • You would probably want to use batch mode (or a passwordless cert) so that OpenConnect doesn't bug you for group/login/password on every connection. Does this currently work for you?
OpenConnect for Android - a FOSS AnyConnect/ocserv VPN client with advanced features
Easy Token - RSA SecurID token with widgets
AFWall+ - the successor to DroidWall
 
GT3XX
Old
#49  
Junior Member
Thanks Meter 0
Posts: 4
Join Date: Jul 2014
Default 1157

Quote:
Originally Posted by cernekee View Post
I haven't coded anything up yet but I gave it some thought.

First - I think SmoothConnect does some sort of blacklist/whitelist based on wifi SSIDs, so that might be something to check out.

Disconnecting in response to another app's intent is easy. Connecting is often interactive, so I think it might work best if the following conditions are satisfied:
  • VpnService confirmation dialog is bypassed. Arne Schwab made an Xposed module for this. I was thinking I might integrate a cut-down version of this feature into OpenConnect directly, so that if you install OpenConnect you'll automatically get an option in the Xposed Installer to always allow VPN connections from OpenConnect. Hopefully this doesn't have any ill effects if Xposed is not installed.
  • You would probably want to use batch mode (or a passwordless cert) so that OpenConnect doesn't bug you for group/login/password on every connection. Does this currently work for you?
Thanks for your quick reply. I own an ASA for home use so I'm able to set it up as needed.
At this moment, I have to Anyconnect profiles:
  • Cert based - To use an encrypted tunnel when I'm connected to public AP's so it would be hard to intercept traffic.
  • AAA + 2 factor authentication - To access my LAN.
I'd like to connect to my cert based profile when I'm not locally connected to my LAN nor 4G. I tried to setup SmoothConnect but it keeps bugging me certficate warnings (your OpenConnect and the official AnyConnect apps work perfectly though).
If it ain't much work the most ideal situation would be to manage the connection by Tasker and be able to see the status of the connection by Tasker variables.

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes