[INFO] OpenVPN

morak

Member
Apr 15, 2009
16
9
0
I just got OpenVPN working and thought I would share:

Rooted

Installed tun.ko
http://forum.xda-developers.com/showthread.php?t=1063656
Note: Skip this step if you are running Prime or any other ROM with the tun.ko module pre-installed.

Installed BusyBox using BusyBox Installer (Market). Installed to /system/xbin
Installed OpenVPN using OpenVPN Installer (Market) to /system/xbin
Installed OpenVPN Settings (Market)

Replaced OpenVPN binary with the one from:
http://code.google.com/p/android-openvpn-settings/issues/detail?id=26
UnBZ2'ed the file (I used 7-Zip on Windows for this)

adb remount
adb push openvpn-static-2.1.1 /system/xbin/openvpn
adb shell
chmod 555 /system/xbin/openvpn

Created /system/xbin/bb directory (requested in research I did, not sure if required)
mkdir /system/xbin/bb

Symlinked Busybox ifconfig and route /system/xbin/bb

ln -s /system/xbin/ifconfig /system/xbin/bb/ifconfig
ln -s /system/xbin/route /system/xbin/bb/route

Set up my usual OVPN config (configs must have absolute paths to certs!)
OpenVPN settings > Advanced > Load tun kernel module ON
OpenVPN settings > Advanced > TUN module settings
Load module using > insmod
Path to tun module > /system/lib/modules/tun.ko

I think this is everything I did, there was a bit of trial and error so I may have forgotten something.
Checked and the thing still boots afterward :D
 
Last edited:

morak

Member
Apr 15, 2009
16
9
0
Assuming you have installed BusyBox, check the md5sum of your tun.ko:

# cd /system/lib/modules
# md5sum tun.ko

Response should be (or at least this is what I get):

7e09817dc4661b732f1a77fff76a10e6 tun.ko

If you don't get that response, I suggest you re-download the tun module, decompress it again and re-push it to your Transformer.
 

duckdown

Senior Member
Feb 27, 2009
61
0
0
peel region
It's running and connected but my IP is still showing up as my regular ISP 3G IP when I open a browser and go to www.ipchicken.com

Any idea why the traffic doesn't appear to be routing through it?

It shows as 100% connected and the key icon is white in the taskbar...
 

duclicsic

Member
May 16, 2006
22
5
0
Any idea why the traffic doesn't appear to be routing through it?

The default behaviour of OpenVPN is not to install a default route pointing out of the tun interface, unless the system you're connected to has IP forwarding and NAT enabled this wouldn't work anyway.

I can't post links, so google "openvpn config" and go to the first link. Look for the section titled: "Routing all client traffic (including web-traffic) through the VPN."
 

duckdown

Senior Member
Feb 27, 2009
61
0
0
peel region
Hey man, thanks for the reply.

The directions said to add this line to the config file

Code:
push "redirect-gateway def1"
But I've done that and it still doesn't seem to be doing anything.. IP is still showing up as my regular 3G network

Am I doing something wrong or omitting a step that you can notice?

Thanks again for the help
 

duckdown

Senior Member
Feb 27, 2009
61
0
0
peel region
Oh, hm, on second look it wants me to add that line to the SERVER's config file.

I have no access to the servers config file -- I pay $4 a month for my VPN and do not run the OpenVPN server myself.

Is there anything I can do from the client side?

It works perfectly fine in Windows, routing all traffic through the VPN as it should..
 

duclicsic

Member
May 16, 2006
22
5
0
Oh, hm, on second look it wants me to add that line to the SERVER's config file.

I have no access to the servers config file -- I pay $4 a month for my VPN and do not run the OpenVPN server myself.

Is there anything I can do from the client side?

It works perfectly fine in Windows, routing all traffic through the VPN as it should..
You might actually be able to just use the "redirect-gateway local def1" line in your own config, as I understand it the "push" directives in the server conf are just sending config to the clients which could just as easily be done client side. I might be wrong, but it's worth a go. Otherwise you can set up routes in the client config too, but you may have to remove your existing default route via some scripting or something.
 

Kevincod

Senior Member
May 9, 2011
64
32
0
You might actually be able to just use the "redirect-gateway local def1" line in your own config, as I understand it the "push" directives in the server conf are just sending config to the clients which could just as easily be done client side. I might be wrong, but it's worth a go. Otherwise you can set up routes in the client config too, but you may have to remove your existing default route via some scripting or something.
This is correct, I have this and the exact same conf works fine on my desktop.
However on my tablet no data gets routed. Also my tray is getting spammed with "Connected".
 
Last edited:

PowellEB

Member
Feb 7, 2010
6
4
0
North Carolina
Check out thread 1118465, in The general section. Found that /system/bin/ip was not setting up route/gateway correctly, and openvpn was not using the busybox ip
fix: mv /system/bin/ip /system/bin/ip.bay
This then forces use of busybox ip. Worked for me.
 
  • Like
Reactions: randrew2

jefbal99

Senior Member
Aug 26, 2010
1,012
119
0
Check out thread 1118465, in The general section. Found that /system/bin/ip was not setting up route/gateway correctly, and openvpn was not using the busybox ip
fix: mv /system/bin/ip /system/bin/ip.bay
This then forces use of busybox ip. Worked for me.
We had to do the same thing to get Cisco VPN working. the system IP was not routing properly, so renaming it forced using the busybox IP