Android OpenVPN

IP DHCP

I reflashed with this new rom:
[ROM] Official 2.2, with: busybox, old A2SD+, OpenVPN (TUN), EXT4 support, 802.11N

And it worked instantly


New problem
My OpenVPN server pushes DHCP IP addresses, this works great on win pc.

But the android phone doesn't get IP from the server?

Have you tried to check remote set addresses on the openvpn app on the phone. Also setting dhcp won't enable you to get vpn ip addresses by itself.

Sent from my HTC Dream using XDA App

blackxored said:

Have you tried to check remote set addresses on the openvpn app on the phone. Also setting dhcp won't enable you to get vpn ip addresses by itself.

Sent from my HTC Dream using XDA App

Click to expand...

Click to collapse

What do you mean? VPN DNS preferences can`t help me here?
Remote adress are set in openvpn client config file and works fine as its connect to server.
Openvpn server push dhcp but the phone does not recieve dhcp from server.
On Pc this works fine.

I do not need DNS as I only access to my home and work network. Openvpn server
dont push internet traffic just local access.

Openvpn server: 192.168.10.1
Gateway: 192.168.10.1
DHCP range: 192.168.10.100-192.168.10.200

In Win 7 Openvpn create a virtuell network adapter that get IP from Openvpn server, maybe i need to config TUN to recieve ip from server?

Admit that i am on thin ice here, but hope someone understand my problem and have a solution?

royal66 said:

What do you mean? VPN DNS preferences can`t help me here?
Remote adress are set in openvpn client config file and works fine as its connect to server.
Openvpn server push dhcp but the phone does not recieve dhcp from server.
On Pc this works fine.

I do not need DNS as I only access to my home and work network. Openvpn server
dont push internet traffic just local access.

Openvpn server: 192.168.10.1
Gateway: 192.168.10.1
DHCP range: 192.168.10.100-192.168.10.200

In Win 7 Openvpn create a virtuell network adapter that get IP from Openvpn server, maybe i need to config TUN to recieve ip from server?

Admit that i am on thin ice here, but hope someone understand my problem and have a solution?

Click to expand...

Click to collapse

I also want to know how to get the traffic going trough OVPN..

rkantos said:

I also want to know how to get the traffic going trough OVPN..

Click to expand...

Click to collapse

Do you want to know how to route the full traffic (Internet etc. to the VPN tunnel)?

ATTENTION!!! You have to modifiy the adresses to fit in your system

dhcp-option DNS 192.168.1.1 (it sets the DNS to the specified address)
route-gateway 192.168.1.1 (this sets the gateway address)
redirect-gateway def1 (and this one routes the full traffic (including Internet) through the VPN tunnel)

I use this parameters in my Win7 config and it works well. These commands are available in Linux, too.

I hope this was what you searching for

BTW: I want to buy a Desire (with Froyo) and play with andriod on my HD2.
Is the "recovery mode" or what you all talking about also available on the "HD2 MOD". Or is this not possible? I mean these "adb" commands.

I need OpenVPN because my APN "wap.vodafone.de" is not support all needed features of the Desire (like HTC Weather for e.g.). On WM 6.5 I use "ProxyCap" but that is not available for Android. It makes the proxy available for all apps, also those who have no own proxysettings (like Live Messenger (please no alternatives to messengers with proxysupport )
If somebody has an alternative, then OpenVPN has a lower priority for me

OpenVPN connected & routed, but no browser?

Seems like i have an odd issue -- my browser seems to be the only thing that doesn't work right now. Emails, the XDA app, etc.. all work fine, just not the browser app..

traceroute is valid too, and the gateway is setup properly. On my laptop, using the same setup, it can access http just fine (and the XDA app shows that my phone is doing it fine too).

any suggestions? Could it be related to apn settings?

rkantos said:

I also want to know how to get the traffic going trough OVPN..

Click to expand...

Click to collapse

Hey
Take a look at my tutorial
Maybe it helps you with your configuration

dns problem

Hi, I'm having a rather strange problem with OpenVPN-settings on OpenDesire 4.0.x. Openvpn works fine through Wifi, but it fails when I try to connect through 2G/3G. It seems like it has something to do with DNS resolving of the Openvpn monitor interface, but I don't know how to resolve it. Here's the relevant logcat part:
It fails on a "java.net.UnknownHostException: localhost", so it looks like disabling Wifi is breaking DNS (even for localhost) resolving? It works fine when I start OpenVPN-settings when Wifi is connected, then disable wifi and enable 'myserver.ovpn' in the app, but fails when wifi hasn't been connected. There is an entry linking 127.0.0.1 to 'localhost' in /etc/hosts.

Any help is very much appreciated!

EDIT: this was solved by removing the line "::1 localhost" from both /etc/hosts and /system/etc/hosts, I'm not sure why it's there but it solves my issue.

jeroen__online said:

EDIT: this was solved by removing the line "::1 localhost" from both /etc/hosts and /system/etc/hosts, I'm not sure why it's there but it solves my issue.

Click to expand...

Click to collapse

FYI, ::1 is the IPv6 version of the local loopback address.
If the ::1 localhost definition was the only one and your kernel doesn't have IPv6 support, name resolution will fail.

Get OpenVPN work on Moto ME501(Cliq XT or Quench)

After several hours work, I get OpenVPN work on my ME501. lamaz 's post help me lot when I working on it. Thanks! lamaz.

Following are operations I've done excepted those mentioned by lamaz.

1. create the link to "busybox cp" in bin folder. ME501 doesn't have the cp command there. It is needed by the OpenVPN installer.


2. change the link destination of "ifconfig" and "route". On ME501, they are linked to "toolbox" instead of "busybox". The ifconfig came with phone is can't assign IP to tun0 interface properly.

Hi,
New to android and would like to know if you can get a VPN client solution for android? Tried to search the forum and this thread is the closest I get.
What I want is to use a HTC Desire Z and get access to a server through a VPNtunnel.

cyanogenmod has built-in support for openvpn.

TCP working always, UDP working rarely...

Working flawlessly when using tcp, over 3g or wifi.

but when changing proto to udp, it works once, but 50 times it doesn't "reset, reboot, re-install, restart server daemon, change network connection...etc", the thing is, it works sometimes!! so my config should be right, right? especially it *always* works if TCP.

The status just stops at "Wait" .... forever, tried 3g and wifi "two different networks".

Please help, since tcp is S..L..O..W.
Thanks for the tool by the way.

Galaxy tab
openvpn 2.1.1
busybox 1.17.1
working fine with TCP!


---------client.conf---------
client
dev tun
proto udp
remote 123.123.123.123 1194
nobind
persist-key
persist-tun
mute-replay-warnings
ca /sdcard/openvpn/ca.crt
cert /sdcard/openvpn/wolf.crt
key /sdcard/openvpn/wolf.key
ns-cert-type rnicrosoft
tls-auth /sdcard/openvpn/ta.key 1
cipher AES-128-CBC
comp-lzo
verb 0

----------openvpn.log "failed UDP connection"-------------

Wed Feb 2 06:00:16 2011 us=498083 11.11.11.11:51035 Re-using SSL/TLS context
Wed Feb 2 06:00:16 2011 us=498136 11.11.11.11:51035 LZO compression initialized
Wed Feb 2 06:00:16 2011 us=498416 11.11.11.11:51035 Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ]
Wed Feb 2 06:00:16 2011 us=498441 11.11.11.11:51035 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Feb 2 06:00:16 2011 us=498523 11.11.11.11:51035 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Wed Feb 2 06:00:16 2011 us=498539 11.11.11.11:51035 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Wed Feb 2 06:00:16 2011 us=498575 11.11.11.11:51035 Local Options hash (VER=V4): 'a2e63101'
Wed Feb 2 06:00:16 2011 us=498596 11.11.11.11:51035 Expected Remote Options hash (VER=V4): '272f1b58'
RWed Feb 2 06:00:16 2011 us=498684 11.11.11.11:51035 TLS: Initial packet from 11.11.11.11:51035, sid=63543461 c093b2b6
WRWWRWRWWWRWWRWWRWWRWWRWRWWRWWRWWRWWRWWRWWRWWRWWRWWRWWRWRWWWRWWRWWRWWRWRWWRWWRWWRWWWed Feb 2 06:01:16 2011 us=954631 11.11.11.11:51035 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Feb 2 06:01:16 2011 us=954687 11.11.11.11:51035 TLS Error: TLS handshake failed
Wed Feb 2 06:01:16 2011 us=954781 11.11.11.11:51035 SIGUSR1[soft,tls-error] received, client-instance restarting
Wed Feb 2 06:01:17 2011 us=987640 MULTI: multi_create_instance called
Wed Feb 2 06:01:17 2011 us=987708 11.11.11.11:51045 Re-using SSL/TLS context
Wed Feb 2 06:01:17 2011 us=987739 11.11.11.11:51045 LZO compression initialized
Wed Feb 2 06:01:17 2011 us=987817 11.11.11.11:51045 Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ]
Wed Feb 2 06:01:17 2011 us=987833 11.11.11.11:51045 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Feb 2 06:01:17 2011 us=987872 11.11.11.11:51045 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Wed Feb 2 06:01:17 2011 us=987901 11.11.11.11:51045 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Wed Feb 2 06:01:17 2011 us=987926 11.11.11.11:51045 Local Options hash (VER=V4): 'a2e63101'
Wed Feb 2 06:01:17 2011 us=987952 11.11.11.11:51045 Expected Remote Options hash (VER=V4): '272f1b58'
RWed Feb 2 06:01:17 2011 us=988005 11.11.11.11:51045 TLS: Initial packet from 11.11.11.11:51045, sid=356e5456 1f824040
WWRWWRWWRWWRWWRWWRWWRWWRWWRW

----------openvpn.log "successful TCP connection"-------------
Wed Feb 2 06:13:29 2011 us=101201 Re-using SSL/TLS context
Wed Feb 2 06:13:29 2011 us=101305 LZO compression initialized
Wed Feb 2 06:13:29 2011 us=101631 Control Channel MTU parms [ L:1560 D:168 EF:68 EB:0 ET:0 EL:0 ]
Wed Feb 2 06:13:29 2011 us=101682 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Feb 2 06:13:29 2011 us=101771 Local Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Wed Feb 2 06:13:29 2011 us=101786 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Wed Feb 2 06:13:29 2011 us=101825 Local Options hash (VER=V4): 'a642654b'
Wed Feb 2 06:13:29 2011 us=101846 Expected Remote Options hash (VER=V4): '0bdd0804'
Wed Feb 2 06:13:29 2011 us=101882 TCP connection established with 11.11.11.11:51268
Wed Feb 2 06:13:29 2011 us=101905 Socket Buffers: R=[131072->131072] S=[131072->131072]
Wed Feb 2 06:13:29 2011 us=101922 TCPv4_SERVER link local: [undef]
Wed Feb 2 06:13:29 2011 us=101938 TCPv4_SERVER link remote: 11.11.11.11:51268
RWed Feb 2 06:13:29 2011 us=938176 11.11.11.11:51268 TLS: Initial packet from 11.11.11.11:51268, sid=223d6876 14d07a22
WRRWWWWRWRWRWWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRRRRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWed Feb 2 06:13:35 2011 us=576045 11.11.11.11:51268 VERIFY OK: depth=1, /C=US/ST=NY/L=REDMOND/O=microsoft/CN=microsoft_CA/emailAddress=root@microsoft.com
Wed Feb 2 06:13:35 2011 us=576367 11.11.11.11:51268 VERIFY OK: depth=0, /C=US/ST=NY/L=REDMOND/O=microsoft/CN=billgates/emailAddress=root@microsoft.com
WRWRWRWRWRWRWRWed Feb 2 06:13:36 2011 us=442620 11.11.11.11:51268 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Feb 2 06:13:36 2011 us=442653 11.11.11.11:51268 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Feb 2 06:13:36 2011 us=442666 11.11.11.11:51268 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Feb 2 06:13:36 2011 us=442697 11.11.11.11:51268 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
WWWRRWed Feb 2 06:13:37 2011 us=20535 11.11.11.11:51268 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Feb 2 06:13:37 2011 us=20596 11.11.11.11:51268 [billgates] Peer Connection Initiated with 11.11.11.11:51268
Wed Feb 2 06:13:37 2011 us=20664 billgates/11.11.11.11:51268 MULTI: Learn: 10.8.0.2 -> billgates/11.11.11.11:51268
Wed Feb 2 06:13:37 2011 us=20678 billgates/11.11.11.11:51268 MULTI: primary virtual IP for billgates/11.11.11.11:51268: 10.8.0.2
RWed Feb 2 06:13:39 2011 us=348364 billgates/11.11.11.11:51268 PUSH: Received control message: 'PUSH_REQUEST'
Wed Feb 2 06:13:39 2011 us=348430 billgates/11.11.11.11:51268 SENT CONTROL [billgates]: 'PUSH_REPLY,route-gateway 123.123.123.123,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0' (status=1)
WWWWRRRwrWRwrWRwrWR



---------iptables-save--------
root@bt:/etc/openvpn# iptables-save | grep -v # | grep -v :
*raw
COMMIT
*nat
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
COMMIT
*mangle
COMMIT
*filter
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.8.0.0/24 -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-port-unreachable
COMMIT

It seems that it could be a MTU problem with UDP configuration. Try to make --udp-mtu larger or smaller than the default, and test again.

lamaz said:

Glad to see it worked for you. I tried using the openvpn-installer with no success. I tried installing it in various locations. I'm glad to see there was an easier route.

The reason I had to delete a route is probably due to my server configuration file which will push DNS, dhcp and force all traffic through it. I noticed that my Mac and Linux Machines didn't have that route entry after connecting. If I leave the route I cannot connect anywhere.

The tun.ko is absolutely necessary for a tap device. You will get errors without it.

Glad to help out

-LamaZ

Click to expand...

Click to collapse

hi guys, i need to retrieve the dns settings pushed by the server into my android phone. Anyone has managed to do so?

Hi,

I successfully connected to the VPN server. However the tap doesn't seems to retrieve the IP address from the DHCP at the server. So, every time I connect to the VPN, I'll need to manually refresh the tap device ip manually by running "netcfg tap0 dhcp" using Terminal.

I tried putting in this line in the conf file,

but it doesn't run.

Any help would be greatly appreciated.

so i had another random question. i am using my htc thunderbolt in a 4G area and when connected to my vpn using vpn settings the data is a lot slower than usual. I also then tested it by wifi tethering to the computer and using my computer to connect to the same vpn server and saw much higher speed results. BTW the server is on a 1Gbps up/down line. any ideas why the openvpn software on the phone is limiting the speeds. with it on i get 4-5mbps without it close to 15

Hope this is the right thread,dont shoot
Have a open vpn account and have the client.ovpn file on my phone (desire Z running ILWT CM 7) and the openvpn installer app,it says no tap/tun module installed,how to install this as I thought CM 7 had support built in,and what are the settings if I wanted to enter them manually,already searched,albeit not thorough ly,Thanks for any help with this matter

Any help chaps?