(Update 5/02/2012 0.9.4) [APP][ICS4.0.3+]OpenVPN for ICS (no root/jailbreak required)

Search This thread
By:
Advanced…
H

hamster79

New member
Apr 23, 2012
3
0
zealot0630 said:
I have fixed 'Extra arguments' option in 0.9.1, please update and you'll be able to specify custom options.
Click to expand...
Click to collapse

Hi Zealot!

Thank's for your work but I meant something different: :eek:

In github.com/kghost/ics-openvpn/blob/master/src/info/kghost/android/openvpn/OpenVpnService.java (line 96 and 97) you are already setting the config option "--ns-cert-type server". But on the server I'd like to logon to is a certificate without this "type server" information installed, so I can't log in (Error in the Log: "SSL3_GET_SERVER_CERTIFICATE: certificate verify failed").

So it would be great if could make THIS option optional (by adding a new setting item for it) or just remove it completely (if I get it right, anybody who want's to could readd it easily with the "Extra arguments" option you mentioned.

Thanks!
 
Z

zealot0630

Senior Member
Jul 26, 2010
51
26
hamster79 said:
Hi Zealot!

Thank's for your work but I meant something different: :eek:

In github.com/kghost/ics-openvpn/blob/master/src/info/kghost/android/openvpn/OpenVpnService.java (line 96 and 97) you are already setting the config option "--ns-cert-type server". But on the server I'd like to logon to is a certificate without this "type server" information installed, so I can't log in (Error in the Log: "SSL3_GET_SERVER_CERTIFICATE: certificate verify failed").

So it would be great if could make THIS option optional (by adding a new setting item for it) or just remove it completely (if I get it right, anybody who want's to could readd it easily with the "Extra arguments" option you mentioned.

Thanks!
Click to expand...
Click to collapse

I have fix this in 0.9.2 please try.
 
jcasares

jcasares

Senior Member
Dec 9, 2011
330
82
Buenos Aires
I'm having the certificate issue now. I have the same certificate that I use in my PC's OpenVPN client. Copied error log here:

Code: 
1335519191,D,MANAGEMENT: CMD 'state on all'
1335519191,D,MANAGEMENT: CMD 'hold release'
1335519191,D,MANAGEMENT: CMD 'username 'Auth' "jcasares2"'
1335519191,D,MANAGEMENT: CMD 'password [...]'
1335519191,W,NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
1335519191,,Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
1335519191,,Socket Buffers: R=[110592->131072] S=[110592->131072]
1335519191,,MANAGEMENT: >STATE:1335519191,RESOLVE,,,
1335519196,,Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
1335519196,,Local Options hash (VER=V4): '3514370b'
1335519196,,Expected Remote Options hash (VER=V4): '239669a8'
1335519196,I,UDPv4 link local: [undef]
1335519196,I,UDPv4 link remote: 190.2.X.X:1194
1335519196,,MANAGEMENT: >STATE:1335519196,WAIT,,,
1335519197,,MANAGEMENT: >STATE:1335519197,AUTH,,,
1335519197,,TLS: Initial packet from 190.2.X.X:1194, sid=8433cb96 fd61a9d5
1335519197,W,WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
1335519197,,VERIFY OK: depth=1, /C=IT/O=efw/CN=efw_CA
1335519197,,VERIFY nsCertType ERROR: /C=IT/O=efw/CN=127.0.0.1, require nsCertType=SERVER
1335519197,N,TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
1335519197,N,TLS Error: TLS object -> incoming plaintext read error
1335519197,N,TLS Error: TLS handshake failed
 
Last edited:
Z

zealot0630

Senior Member
Jul 26, 2010
51
26
jcasares said:
I'm having the certificate issue now. I have the same certificate that I use in my PC's OpenVPN client. Copied error log here:

Code: 
1335519191,D,MANAGEMENT: CMD 'state on all'
1335519191,D,MANAGEMENT: CMD 'hold release'
1335519191,D,MANAGEMENT: CMD 'username 'Auth' "jcasares2"'
1335519191,D,MANAGEMENT: CMD 'password [...]'
1335519191,W,NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
1335519191,,Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
1335519191,,Socket Buffers: R=[110592->131072] S=[110592->131072]
1335519191,,MANAGEMENT: >STATE:1335519191,RESOLVE,,,
1335519196,,Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
1335519196,,Local Options hash (VER=V4): '3514370b'
1335519196,,Expected Remote Options hash (VER=V4): '239669a8'
1335519196,I,UDPv4 link local: [undef]
1335519196,I,UDPv4 link remote: 190.2.X.X:1194
1335519196,,MANAGEMENT: >STATE:1335519196,WAIT,,,
1335519197,,MANAGEMENT: >STATE:1335519197,AUTH,,,
1335519197,,TLS: Initial packet from 190.2.X.X:1194, sid=8433cb96 fd61a9d5
1335519197,W,WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
1335519197,,VERIFY OK: depth=1, /C=IT/O=efw/CN=efw_CA
1335519197,,VERIFY nsCertType ERROR: /C=IT/O=efw/CN=127.0.0.1, require nsCertType=SERVER
1335519197,N,TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
1335519197,N,TLS Error: TLS object -> incoming plaintext read error
1335519197,N,TLS Error: TLS handshake failed
Click to expand...
Click to collapse

Go to advance setting, set the "NS Cert Type" to client or None, and try connect again
 
H

hamster79

New member
Apr 23, 2012
3
0
zealot0630 said:
I have fix this in 0.9.2 please try.
Click to expand...
Click to collapse

Hi Zealot! Work perfectly. The certificate isn't rejected any more, great!

But now I have another problem: the vpn-server is set up to use "auth md5" and your client seems to use "auth sha1". I tried to add "auth md5" as an extra option but this doesn't seam to help. Can I switch the "auth"-type somehow?
 
jcasares

jcasares

Senior Member
Dec 9, 2011
330
82
Buenos Aires
Now here the logs for the crash:

Code: 
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
W/info.kghost.android.openvpn.OpenVpnService$Task(30266): Unknown Command: SUCCESS: real-time echo notification set to ON
W/info.kghost.android.openvpn.OpenVpnService$Task(30266): Unknown Command: END
W/info.kghost.android.openvpn.OpenVpnService$Task(30266): Unknown Command: SUCCESS: real-time log notification set to ON
W/info.kghost.android.openvpn.OpenVpnService$Task(30266): Unknown Command: 1335544732,I,OpenVPN 2.2.2 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] [eurephia] built on Apr 25 2012
W/info.kghost.android.openvpn.OpenVpnService$Task(30266): Unknown Command: 1335544732,,MANAGEMENT: unix domain socket listening on /data/data/info.kghost.android.openvpn/cache/manage
W/info.kghost.android.openvpn.OpenVpnService$Task(30266): Unknown Command: 1335544732,,Need hold release from management interface, waiting...
W/info.kghost.android.openvpn.OpenVpnService$Task(30266): Unknown Command: 1335544733,,MANAGEMENT: Client connected from /data/data/info.kghost.android.openvpn/cache/manage
W/info.kghost.android.openvpn.OpenVpnService$Task(30266): Unknown Command: 1335544733,D,MANAGEMENT: CMD 'echo on all'
W/info.kghost.android.openvpn.OpenVpnService$Task(30266): Unknown Command: 1335544733,D,MANAGEMENT: CMD 'log on all'
W/info.kghost.android.openvpn.OpenVpnService$Task(30266): Unknown Command: END
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544733,D,MANAGEMENT: CMD 'state on all'
W/info.kghost.android.openvpn.OpenVpnService$Task(30266): Unknown Command: SUCCESS: real-time state notification set to ON
W/info.kghost.android.openvpn.OpenVpnService$Task(30266): Unknown Command: 1335544732,CONNECTING,,,
W/info.kghost.android.openvpn.OpenVpnService$Task(30266): Unknown Command: END
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544733,D,MANAGEMENT: CMD 'hold release'
W/info.kghost.android.openvpn.OpenVpnService$Task(30266): Unknown Command: SUCCESS: hold release succeeded
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544733,D,MANAGEMENT: CMD 'username 'Auth' "jcasares2"'
W/info.kghost.android.openvpn.OpenVpnService$Task(30266): Unknown Command: SUCCESS: 'Auth' username entered, but not yet verified
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544733,D,MANAGEMENT: CMD 'password [...]'
W/info.kghost.android.openvpn.OpenVpnService$Task(30266): Unknown Command: SUCCESS: 'Auth' password entered, but not yet verified
I/ALSAModule( 1877): Terminated ALSA PLAYBACK device hifi
V/yamaha::media::VolumeCtrl( 1877): VolumeCtrl::createVolume()
V/yamaha::media::VolumeCtrl( 1877): VolumeCtrl::setVolume()
D/yamaha::media::VolumeCtrl( 1877): VolumeCtrl::setVolume() FM Playback: Ready
D/yamaha::media::VolumeCtrl( 1877): VolumeCtrl::setVolume() VoiceCall: Ready
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544733,W,WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544733,W,NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544733,,Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544733,,Socket Buffers: R=[110592->131072] S=[110592->131072]
D/dalvikvm( 2156): GC_CONCURRENT freed 387K, 6% free 10669K/11335K, paused 17ms+4ms
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544733,,MANAGEMENT: >STATE:1335544733,RESOLVE,,,
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544734,,Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544734,,Local Options hash (VER=V4): '3514370b'
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544734,,Expected Remote Options hash (VER=V4): '239669a8'
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544734,I,UDPv4 link local: [undef]
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544734,I,UDPv4 link remote: 190.2.X.X:1194
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544734,,MANAGEMENT: >STATE:1335544734,WAIT,,,
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544735,,MANAGEMENT: >STATE:1335544735,AUTH,,,
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544735,,TLS: Initial packet from 190.2.X.X:1194, sid=dba3491b 3d79266d
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544735,W,WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544740,,VERIFY OK: depth=1, /C=IT/O=efw/CN=efw_CA
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544740,,VERIFY OK: depth=0, /C=IT/O=efw/CN=127.0.0.1
I/ActivityManager( 1993): START {flg=0x24000000 cmp=info.kghost.android.openvpn/.VpnSettings bnds=[0,170][480,266]} from pid -1
W/ActivityManager( 1993): startActivity called from non-Activity context; forcing Intent.FLAG_ACTIVITY_NEW_TASK for: Intent { flg=0x24000000 cmp=info.kghost.android.openvpn/.VpnSettings bnds=[0,170][480,266] }
W/InputManagerService( 1993): Window already focused, ignoring focus gain of: com.android.internal.view.IInputMethodClient$Stub$Proxy@416b4188
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544743,W,WARNING: 'dev-type' is used inconsistently, local='dev-type tun', remote='dev-type tap'
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544743,W,WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1541', remote='link-mtu 1574'
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544743,W,WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1500', remote='tun-mtu 1532'
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544743,W,WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544743,,Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544743,,Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544743,,Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544743,,Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544745,,Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544745,I,[127.0.0.1] Peer Connection Initiated with 190.2.X.X:1194
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544746,,MANAGEMENT: >STATE:1335544746,GET_CONFIG,,,
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544747,,SENT CONTROL [127.0.0.1]: 'PUSH_REQUEST' (status=1)
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544749,,PUSH: Received control message: 'PUSH_REPLY,route-gateway 192.168.79.200,route 192.168.2.0 255.255.255.0,route 172.19.0.0 255.255.255.0,route 192.168.40.0 255.255.255.0,route 10.10.1.0 255.255.255.0,route 10.104.0.0 255.255.0.0,route 192.168.79.0 255.255.255.0,route-gateway 192.168.79.200,ping 8,ping-restart 30,ifconfig 192.168.79.83 255.255.255.0'
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544749,,OPTIONS IMPORT: timers and/or timeouts modified
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544749,,OPTIONS IMPORT: --ifconfig/up options modified
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544749,,OPTIONS IMPORT: route options modified
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544749,,OPTIONS IMPORT: route-related options modified
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544749,W,WARNING: Since you are using --dev tun with a point-to-point topology, the second argument to --ifconfig must be an IP address.  You are using something (255.255.255.0) that looks more like a netmask. (silence this warning with --ifconfig-nowarn)
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544749,,ROUTE default_gateway=10.116.192.1
D/VpnJni  ( 1993): Address added on tun0: 192.168.79.83/32
D/VpnJni  ( 1993): Route added on tun0: 192.168.2.0/24
D/VpnJni  ( 1993): Route added on tun0: 172.19.0.0/24
D/VpnJni  ( 1993): Route added on tun0: 192.168.40.0/24
D/VpnJni  ( 1993): Route added on tun0: 10.10.1.0/24
D/VpnJni  ( 1993): Route added on tun0: 10.104.0.0/16
D/VpnJni  ( 1993): Route added on tun0: 192.168.79.0/24
I/Vpn     ( 1993): Established by info.kghost.android.openvpn.OpenVpnService on tun0
D/ConnectivityService( 1993): sending Proxy Broadcast for [200.5.68.10] 8080
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544749,D,MANAGEMENT: CMD 'tun TUN ok'
W/info.kghost.android.openvpn.OpenVpnService$Task(30266): Unknown Command: SUCCESS: 'TUN' tun entered, but not yet verified
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544749,I,Initialization Sequence Completed
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544749,,MANAGEMENT: >STATE:1335544749,CONNECTED,SUCCESS,192.168.79.83,190.2.X.X
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544749,N,write to TUN/TAP : Invalid argument (code=22)
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544749,N,write to TUN/TAP : Invalid argument (code=22)
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544749,N,write to TUN/TAP : Invalid argument (code=22)
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544749,N,write to TUN/TAP : Invalid argument (code=22)
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544750,N,write to TUN/TAP : Invalid argument (code=22)
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544750,N,write to TUN/TAP : Invalid argument (code=22)
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544750,N,write to TUN/TAP : Invalid argument (code=22)
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544750,N,write to TUN/TAP : Invalid argument (code=22)
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544750,N,write to TUN/TAP : Invalid argument (code=22)
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544751,N,write to TUN/TAP : Invalid argument (code=22)
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544751,N,write to TUN/TAP : Invalid argument (code=22)
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544751,N,write to TUN/TAP : Invalid argument (code=22)
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544751,N,write to TUN/TAP : Invalid argument (code=22)
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544751,N,write to TUN/TAP : Invalid argument (code=22)
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544751,N,write to TUN/TAP : Invalid argument (code=22)
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544752,N,write to TUN/TAP : Invalid argument (code=22)
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544752,N,write to TUN/TAP : Invalid argument (code=22)
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544752,N,write to TUN/TAP : Invalid argument (code=22)
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544752,N,write to TUN/TAP : Invalid argument (code=22)
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544753,N,write to TUN/TAP : Invalid argument (code=22)
I/info.kghost.android.openvpn.OpenVpnService$Task(30266): >LOG:1335544753,N,write to TUN/TAP : Invalid argument (code=22)
F/info.kghost.android.openvpn.OpenVpnService$Task(30266): length=63; index=63
F/info.kghost.android.openvpn.OpenVpnService$Task(30266): java.lang.ArrayIndexOutOfBoundsException: length=63; index=63
F/info.kghost.android.openvpn.OpenVpnService$Task(30266): 	at info.kghost.android.openvpn.LogQueue.add(LogQueue.java:48)
F/info.kghost.android.openvpn.OpenVpnService$Task(30266): 	at info.kghost.android.openvpn.OpenVpnService$Task.doCommands(OpenVpnService.java:244)
F/info.kghost.android.openvpn.OpenVpnService$Task(30266): 	at info.kghost.android.openvpn.OpenVpnService$Task.doInBackground(OpenVpnService.java:360)
F/info.kghost.android.openvpn.OpenVpnService$Task(30266): 	at info.kghost.android.openvpn.OpenVpnService$Task.doInBackground(OpenVpnService.java:47)
F/info.kghost.android.openvpn.OpenVpnService$Task(30266): 	at android.os.AsyncTask$2.call(AsyncTask.java:264)
F/info.kghost.android.openvpn.OpenVpnService$Task(30266): 	at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:305)
F/info.kghost.android.openvpn.OpenVpnService$Task(30266): 	at java.util.concurrent.FutureTask.run(FutureTask.java:137)
F/info.kghost.android.openvpn.OpenVpnService$Task(30266): 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1076)
F/info.kghost.android.openvpn.OpenVpnService$Task(30266): 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:569)
F/info.kghost.android.openvpn.OpenVpnService$Task(30266): 	at java.lang.Thread.run(Thread.java:856)
W/Netd    ( 1871): No subsystem found in netlink event
D/NetlinkEvent( 1871): Unexpected netlink message. type=0x11
D/AndroidRuntime(30266): Shutting down VM
W/dalvikvm(30266): threadid=1: thread exiting with uncaught exception (group=0x40a451f8)
E/AndroidRuntime(30266): FATAL EXCEPTION: main
E/AndroidRuntime(30266): java.lang.ArrayIndexOutOfBoundsException: length=63; index=63
E/AndroidRuntime(30266): 	at info.kghost.android.openvpn.LogQueue$IterImpl.next(LogQueue.java:65)
E/AndroidRuntime(30266): 	at info.kghost.android.openvpn.LogQueue$IterImpl.next(LogQueue.java:51)
E/AndroidRuntime(30266): 	at info.kghost.android.openvpn.LogDialog.onCreateDialog(LogDialog.java:32)
E/AndroidRuntime(30266): 	at android.app.DialogFragment.getLayoutInflater(DialogFragment.java:398)
E/AndroidRuntime(30266): 	at android.app.FragmentManagerImpl.moveToState(FragmentManager.java:828)
E/AndroidRuntime(30266): 	at android.app.FragmentManagerImpl.moveToState(FragmentManager.java:1032)
E/AndroidRuntime(30266): 	at android.app.BackStackRecord.run(BackStackRecord.java:622)
E/AndroidRuntime(30266): 	at android.app.FragmentManagerImpl.execPendingActions(FragmentManager.java:1382)
E/AndroidRuntime(30266): 	at android.app.FragmentManagerImpl$1.run(FragmentManager.java:426)
E/AndroidRuntime(30266): 	at android.os.Handler.handleCallback(Handler.java:605)
E/AndroidRuntime(30266): 	at android.os.Handler.dispatchMessage(Handler.java:92)
E/AndroidRuntime(30266): 	at android.os.Looper.loop(Looper.java:137)
E/AndroidRuntime(30266): 	at android.app.ActivityThread.main(ActivityThread.java:4424)
E/AndroidRuntime(30266): 	at java.lang.reflect.Method.invokeNative(Native Method)
E/AndroidRuntime(30266): 	at java.lang.reflect.Method.invoke(Method.java:511)
E/AndroidRuntime(30266): 	at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:787)
E/AndroidRuntime(30266): 	at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:554)
E/AndroidRuntime(30266): 	at dalvik.system.NativeStart.main(Native Method)
W/ActivityManager( 1993):   Force finishing activity info.kghost.android.openvpn/.VpnSettings
W/ActivityManager( 1993): Activity pause timeout for ActivityRecord{41baf1e0 info.kghost.android.openvpn/.VpnSettings}
I/WindowManager( 1993): WIN DEATH: Window{4137dcf0 info.kghost.android.openvpn/info.kghost.android.openvpn.VpnSettings paused=false}
I/ActivityManager( 1993): Process info.kghost.android.openvpn (pid 30266) has died.
W/ActivityManager( 1993): Activity destroy timeout for ActivityRecord{41baf1e0 info.kghost.android.openvpn/.VpnSettings}
 
Z

zealot0630

Senior Member
Jul 26, 2010
51
26
hamster79 said:
Hi Zealot! Work perfectly. The certificate isn't rejected any more, great!

But now I have another problem: the vpn-server is set up to use "auth md5" and your client seems to use "auth sha1". I tried to add "auth md5" as an extra option but this doesn't seam to help. Can I switch the "auth"-type somehow?
Click to expand...
Click to collapse

The client didn't set auth by default, SHA1 is the default value. did you add '--auth md5' or 'auth md5' ? '--auth' should work, but 'auth' won't work.
 
Z

zealot0630

Senior Member
Jul 26, 2010
51
26
jcasares said:
Now here the logs for the crash:
Click to expand...
Click to collapse

I have fixed the crash in 0.9.3, but there may be problems before the crash. Seems you are using tap mode in the server side, but this client don't support tap mode due to the android API.

Code: 
W,WARNING: 'dev-type' is used inconsistently, local='dev-type tun', remote='dev-type tap'
W,WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1541', remote='link-mtu 1574'
W,WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1500', remote='tun-mtu 1532'
W,WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
 
Last edited:
jcasares

jcasares

Senior Member
Dec 9, 2011
330
82
Buenos Aires
Ok. Then I can't use this client as the server uses TAP. I thought it worked like other OpenVPN implementations (the ones I used on GB) and I missed the clarification in the opening post. Sorry for the confusion.
 
J

jalorod

New member
Apr 28, 2012
3
0
Problems creating profile

Hello,

First of all, thank you for your great work.

I have some problems for using the app (with android 4.0.3) in creating the profile for the vpn.

When I wan to select the ca certificate, it appears two links (to galley an music) so I can not select my ca.crt. How can I do?

When I want to select the user certificate, it says that does not exist and says that it is possible to install the p12 or pfx file (but i have only my .crt and .key file for the client). What can I do?

Thank you for your help,
 
O

omriasta

Senior Member
Jul 27, 2010
109
4
New York
jalorod said:
Hello,

First of all, thank you for your great work.

I have some problems for using the app (with android 4.0.3) in creating the profile for the vpn.

When I wan to select the ca certificate, it appears two links (to galley an music) so I can not select my ca.crt. How can I do?

When I want to select the user certificate, it says that does not exist and says that it is possible to install the p12 or pfx file (but i have only my .crt and .key file for the client). What can I do?

Thank you for your help,
Click to expand...
Click to collapse

install OI file manager or File Expert from the market which will allow you to "browse" your SD card for the crt. Also, open the crt file using notepad and make sure there is nothing before the line "Begin Certificate"
 
Last edited:
  • Like
Reactions: jalorod
J

jalorod

New member
Apr 28, 2012
3
0
omriasta said:
install OI file manager or File Expert from the market which will allow you to "browse" your SD card for the crt. Also, open the crt file using notepad and make sure there is nothing before the line "Begin Certificate"
Click to expand...
Click to collapse

Thank you, in that way I could select the ca certificate (it gives me possibility to select it with OI now and reads it ok), but I can't with the client certificate (if I open it, it doesn't install anything and the app gives me the possibility to install a p12 file only...any help?

Thank you,
 
O

omriasta

Senior Member
Jul 27, 2010
109
4
New York
jalorod said:
Thank you, in that way I could select the ca certificate (it gives me possibility to select it with OI now and reads it ok), but I can't with the client certificate (if I open it, it doesn't install anything and the app gives me the possibility to install a p12 file only...any help?

Thank you,
Click to expand...
Click to collapse

Not sure. I never used the client certificate. Let's see if the dev knows...

Sent from my Nexus S using XDA
 
J

jalorod

New member
Apr 28, 2012
3
0
omriasta said:
Not sure. I never used the client certificate. Let's see if the dev knows...

Sent from my Nexus S using XDA
Click to expand...
Click to collapse

I got it! I converted my key and cert client files (witch ca cert) to a p12 file with openssl:
openssl pkcs12 -export -in input.crt -inkey input.key -certfile root.crt -out bundle.p12

and installed it with OI so I could select it ( I think it's a good idea some explanation about it in a guide for more novice users like me, because openvpn generates these files by default) .

I connected to the VPN, first failing but when activating lzo all seems working perfectly.

I will test these days but thank you very much, an vpn working without rooting...great!!!:D
 
Z

zealot0630

Senior Member
Jul 26, 2010
51
26
jalorod said:
Hello,

First of all, thank you for your great work.

I have some problems for using the app (with android 4.0.3) in creating the profile for the vpn.

When I wan to select the ca certificate, it appears two links (to galley an music) so I can not select my ca.crt. How can I do?

When I want to select the user certificate, it says that does not exist and says that it is possible to install the p12 or pfx file (but i have only my .crt and .key file for the client). What can I do?

Thank you for your help,
Click to expand...
Click to collapse

To select the cert you need a file browser, anyone in the market will work.

You must convert the crt/key to p12 or pfx, and install to android keystore, put the crt/key in sdcard is unsafe, every app can read your key without notifying you. there are many guides on how to convert crt/key to p12. I suggest xca, an openssl key management gui.
 
  • Like
Reactions: jalorod
J

JustMan

Member
Oct 16, 2007
7
0
Redirect gateway

It seems that "redirect gateway" option does not work on CM9. I manage to connect, but the routing is the same as without tick on redirect gateway. According the attached log: ROUTE default_gateway=192.168.2.1 , but I tried with OpenVPN Settings from the market and it adds the right gateway in that case - 10.8.0.5 and everything is working as expected.
 

Attachments

  • openvpn.txt
    3.3 KB · Views: 41
Last edited:
H

houlalajaimal

Member
Apr 9, 2009
10
0
Won't works with firefox or any networks app

Hi,

First of all, thank you for this application.

I had a problem with my personnal VPN.

I connect to my Vpn server and ping any computer in my local network within terminal.
I can traceroute a internet domain (www.google.com) thru my home internet box (all traffic goes to VPN link).

But the browser can't use the vpn link...

logcat when broser is in use:

W/NetworkStats( 1993): dropping UID delta from unknown iface: iface=tun0 uid=0 set=DEFAULT tag=0x0 rxBytes=220 rxPackets=4 txBytes=116 txPackets=2 operations=0


traceroute in termial...
traceroute to www.google.com (173.194.34.48), 30 hops max, 38 byte packets
1 10.8.0.1 (10.8.0.1) 137.811 ms 158.845 ms 139.283 ms
2 192.168.0.254 (192.168.0.254) 139.993 ms 148.470 ms 160.426 ms
3 78.235.121.254 (78.235.121.254) 178.851 ms 152.362 ms 178.097 ms
4 213.228.22.62 (213.228.22.62) 170.730 ms 151.611 ms 149.805 ms
5 strasbourg-6k-1-v808.intf.routers.proxad.net (212.27.56.113) 169.154 ms 161.769 ms 169.251 ms
6 strasbourg-crs8-1-be1001.intf.routers.proxad.net (78.254.250.217) 159.353 ms 168.398 ms 149.071 ms
7 th2-crs16-1-be1101.intf.routers.proxad.net (212.27.50.9) 180.198 ms 168.961 ms 163.773 ms
8 te0-2-0-3.330.ccr21.par04.atlas.cogentco.com (149.6.164.221) 155.283 ms 142.020 ms 149.593 ms
9 te0-5-0-4.mpd21.par01.atlas.cogentco.com (130.117.48.253) 159.697 ms te0-2-0-4.mpd21.par01.atlas.cogentco.com (130.117.50.145) 148.610 ms te0-1-0-4.mpd21.par01.atlas.cogentco.com (130.117.2.77) 148.866 ms
10 te0-2-0-0.mpd21.fra03.atlas.cogentco.com (130.117.3.169) 168.872 ms te0-3-0-0.mpd21.fra03.atlas.cogentco.com (154.54.36.125) 158.665 ms te0-0-0-0.mpd21.fra03.atlas.cogentco.com (130.117.1.241) 151.300 ms
11 aurora-tel-ltd.demarc.cogentco.com (149.6.140.58) 553.963 ms 545.850 ms 539.816 ms
12 209.85.255.172 (209.85.255.172) 151.964 ms 209.85.255.170 (209.85.255.170) 168.884 ms 209.85.240.64 (209.85.240.64) 153.517 ms
13 72.14.239.60 (72.14.239.60) 169.100 ms 72.14.239.62 (72.14.239.62) 160.233 ms 158.881 ms
14 72.14.235.17 (72.14.235.17) 169.349 ms 169.769 ms 158.856 ms
15 209.85.242.47 (209.85.242.47) 159.692 ms 158.690 ms 169.409 ms
16 par03s03-in-f16.1e100.net (173.194.34.48) 150.074 ms 168.980 ms 180.164 ms
 
You must log in or register to reply here.

Similar threads

C
  • Locked
[APP]SuperOneClick v2.3.3 - Motorola Exploit Added!
Replies
7K
Views
16M
vanessaem
vanessaem
PerfectSlayer
[APP][ROOT/NONROOT][OFFICIAL] AdAway v6.1.1
Replies
18K
Views
7M
S
Sgtmack
Chainfire
[App] [26.04.2011][v1.2] GingerBreak APK (root for GingerBread)
Replies
2K
Views
5M
ZG089▼
ZG089▼
R
  • Locked
[APP] z4root
Replies
3K
Views
7M
TRusselo
TRusselo
K
[ROOT ANDROID][2.x-6.0] KINGROOT: The One-Click Root Tool for Almost All Devices
Replies
8K
Views
6M
bobiba11
bobiba11

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 6
    Z
    zealot0630
    Note:
    • You can't install a pfx/p12 certification file which is not password protected, it is UNSAFE, android won't allow you do that
    • Please uninstall previous version first before install 0.9.0.
    • Due to Titanium Backup can't restore the permission to the keystore, if you are using Titanium Backup to backup/restore configurations, after a restore, please reconfigure your profile, repick the user certification to grant the permission to the keystore.

    Features:
    • Compatible to all ICS device (NO ROOT REQUIRED, works on stock firmware)
    • Easy to use
    • Multiple VPN profile
    • Username/password authentication
    • Secure (Don't store your private key in App, but managed by Android system)
    • Open source

    Limitation:
    • Only TUN mode, no TAP mode. (system API limitation)
    • One simultaneous connection only. (system API limitation)

    ChangeLog:
    5/02/2012 0.9.4
    • Fix redirect-gateway option
    4/28/2012 0.9.3
    • Temporary fix tls-auth (Store tls key file in sdcard is insecure !!!)
    • Fix crash
    4/27/2012 0.9.2
    • Add ns-cert-type option
    • Fix connection without user certification
    4/25/2012 0.9.1
    • More error message
    • Fix extra arguments option
    4/23/2012 0.9.0
    • Fix some crash
    4/21/2012
    • Add username/password based authentication support. (Need to input password manually every time when connect)

    Issues:
    • Connection interrupted if leave GUI while preparing/connecting. (It will be OK to leave once connected)
    • Won't work on JB, wait until google release openssl engine for system keystore

    Screen Shots: Here

    Download: Here

    Source code: Here

    Any feedback is welcome.
    View
    1
    Z
    zealot0630
    jaidee said:
    I have a working OpenVPN server with PCs and Android devices connecting to it.

    Here is the situation with ICS.

    I have installed this OpenVPN for a friend running ICS Midnote 3.3 for his Samsung Galaxy Note. Unfortunately, I can't get it to work, the logs does not display anything. It goes on stating its preparing and does not do anything else.

    I tried forcing it to write any logs by supplying log /sdcard/openvpn/log.txt under the parameter section.

    My currently VPN settings include.

    Ca.crt, username and password. No keys are supplied.

    To isolate things, I tried it with DroidVPN client, which works but is painstakingly slow.

    You assistance is highly appreciated.

    Thank you.
    Click to expand...
    Click to collapse

    Would you please try this one , see if it works
    View
    1
    O
    omriasta
    jalorod said:
    Hello,

    First of all, thank you for your great work.

    I have some problems for using the app (with android 4.0.3) in creating the profile for the vpn.

    When I wan to select the ca certificate, it appears two links (to galley an music) so I can not select my ca.crt. How can I do?

    When I want to select the user certificate, it says that does not exist and says that it is possible to install the p12 or pfx file (but i have only my .crt and .key file for the client). What can I do?

    Thank you for your help,
    Click to expand...
    Click to collapse

    install OI file manager or File Expert from the market which will allow you to "browse" your SD card for the crt. Also, open the crt file using notepad and make sure there is nothing before the line "Begin Certificate"
    View
    1
    Z
    zealot0630
    jalorod said:
    Hello,

    First of all, thank you for your great work.

    I have some problems for using the app (with android 4.0.3) in creating the profile for the vpn.

    When I wan to select the ca certificate, it appears two links (to galley an music) so I can not select my ca.crt. How can I do?

    When I want to select the user certificate, it says that does not exist and says that it is possible to install the p12 or pfx file (but i have only my .crt and .key file for the client). What can I do?

    Thank you for your help,
    Click to expand...
    Click to collapse

    To select the cert you need a file browser, anyone in the market will work.

    You must convert the crt/key to p12 or pfx, and install to android keystore, put the crt/key in sdcard is unsafe, every app can read your key without notifying you. there are many guides on how to convert crt/key to p12. I suggest xca, an openssl key management gui.
    View
    1
    Z
    zealot0630
    JustMan said:
    It seems that "redirect gateway" option does not work on CM9. I manage to connect, but the routing is the same as without tick on redirect gateway. According the attached log: ROUTE default_gateway=192.168.2.1 , but I tried with OpenVPN Settings from the market and it adds the right gateway in that case - 10.8.0.5 and everything is working as expected.
    Click to expand...
    Click to collapse

    Thank you for reporting, Fixed in 0.9.4
    View

New posts