OpenVPN with Root - Updated 8/19

[fang0654]

Sounds like something isn't set up right with your routing rules.

You may want to run openvpn manually from adb shell just to see if anything funky is happening.

adb shell
su
/data/openvpn/openvpn --config /sdcard/openvpn/client.conf

This will let you see if anything is failing.

 

[PokerMunkee]

This is what I get using the command line:

# /data/openvpn/openvpn --config /sdcard/openvpn/FW1.config
/data/openvpn/openvpn --config /sdcard/openvpn/FW1.config
Mon Jun 21 07:28:52 2010 OpenVPN 2.1.1 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] bu
ilt on Jun 14 2010
Enter Auth Username:eharris
eharris
Mon Jun 21 07:28:54 2010 WARNING: No server certificate verification method has
been enabled.
Mon Jun 21 07:28:54 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or hig
her to call user-defined scripts or executables
Mon Jun 21 07:28:54 2010 LZO compression initialized
Mon Jun 21 07:28:54 2010 UDPv4 link local: [undef]
Mon Jun 21 07:28:54 2010 UDPv4 link remote: 72.16.x.x:1194
Mon Jun 21 07:28:54 2010 WARNING: this configuration may cache passwords in memo
ry -- use the auth-nocache option to prevent this
Mon Jun 21 07:28:56 2010 [127.0.0.1] Peer Connection Initiated with 72.16.x.x
:1194
Mon Jun 21 07:28:58 2010 AUTH: Received AUTH_FAILED control message
Mon Jun 21 07:28:58 2010 SIGTERM[soft,auth-failure] received, process exiting
#

Doesn't prompt me for a password. I get prompted and connected using the GUI. Any ideas?

When connecting with OpenVPN Settings, it connects to the server just fine. Seems like a routing issue. Is there no route or ifconfig on the device? (doesn't work from the shell). I get a Desination Host Unreachable when trying to ping my OpenVPN's internal IP from the adb shell.

 

[PokerMunkee]

It's me again. I'm desperate to get this working.....losing sleep over it

Here is the routing tables on my android when i'm connected:

# ip route
ip route
97.185.13.204/30 dev rmnet0 proto kernel scope link src 97.185.13.206
172.30.20.0/24 via 172.30.100.150 dev tap0
172.30.100.0/24 via 172.30.100.150 dev tap0
172.30.30.0/24 via 172.30.100.150 dev tap0
192.168.157.0/24 via 172.30.100.150 dev tap0
172.30.10.0/24 via 172.30.100.150 dev tap0
172.30.0.0/16 dev tap0 proto kernel scope link src 172.30.100.255
default via 97.185.13.205 dev rmnet0
#

I'm unable to ping 172.30.100.150 which is my openvpn server.

 

[fang0654]

Do you have /system/bin/ifconfig and /system/bin/route?

Try this:

adb shell
su
busybox which ifconfig
busybox which route

 

[PokerMunkee]

Do you have /system/bin/ifconfig and /system/bin/route?

Try this:

adb shell
su
busybox which ifconfig
busybox which route

Yes, both ifconfig and route are in /system/bin.

If I type in busybox, I get "not found".

I believe busybox was installed when I first rooted the phone, since I pushed a busybox.zip file.

C:\sdk\tools>adb shell
$ su
su
# busybox which ifconfig
busybox which ifconfig
busybox: not found

 

[fang0654]

I got busybox from the latest payload, but this was working before hand, so it shouldn't matter.

I'm not too familiar with the tap interface. Is it supposed to have an ip address?

For me, ip route gives my tun0 device the following:

10.112.0.69 dev tun0 proto kernel scope link src 10.112.0.70

10.112.0.70 being the local ip.

What does the following yield:

ifconfig tap0

 

[PokerMunkee]

# ifconfig tap0
ifconfig tap0
tap0: ip 172.30.100.255 mask 255.255.0.0 flags [up broadcast running multicast]
#

It's not getting a valid IP?

Hrm.

 

[PokerMunkee]

I typed in "ifconfig tap0 172.30.100.199 255.255.255.0" and i was able to connect to my LAN instantly.

Any ideas why it's doing this? Is there an easy way to make a script that does this from my phone?

Sooooooooooo CLOSE!

 

[fang0654]

Can you post a censored version of your config?

When I was recompiling the OpenVPN Settings app, it said something about the default ifconfig not being feature rich enough, and needing to use the busybox version, but I didn't have any problem. Maybe that is the issue?

 

[PokerMunkee]

I really appreciate your help!!

Here is my client config

client
dev tap
proto udp
remote 72.16.x.x
resolv-retry infinite
nobind
persist-key
persist-tun
ca mr0-fw1.cer
auth-user-pass
comp-lzo

Server config

; daemon configuration
daemon
mode server
tls-server
proto udp
port 1194
multihome
user openvpn
group openvpn

cd /var/openvpn
client-config-dir clients


; tunnel configuration

dev tap1
server-bridge 172.30.100.151 255.255.255.0 172.30.100.220 172.30.100.230
push "route-gateway 172.30.100.151"

push "route 172.30.100.0 255.255.255.0"

passtos
comp-lzo
management 127.0.0.1 5555
keepalive 8 30

tun-mtu 1500
tun-mtu-extra 32
mssfix 1450

persist-key
persist-tun
persist-local-ip
persist-remote-ip


; logging and status

writepid /var/run/openvpn/openvpn.pid
ifconfig-pool-persist openvpn.leases
status /var/log/openvpn/openvpn-status.log
verb 1


client-connect "/usr/local/bin/dir.d-exec /etc/openvpn/client-connect.d/"
client-disconnect "/usr/local/bin/dir.d-exec /etc/openvpn/client-disconnect.d/"


; certificates and authentication

dh /var/efw/openvpn/dh1024.pem
pkcs12 /var/efw/openvpn/pkcs12.p12

client-cert-not-required
auth-user-pass-verify "/usr/bin/openvpn-auth" via-file
username-as-common-name

client-to-client

I'm using ENDIAN 2.2 that OpenVPN built into it.

 

[fang0654]

Looks fine to me. Do you have any other clients connected? (Only 10 addresses in range, run out perhaps?) When you try to connect, anything regarding remote ip in the openvpn.log?

 

[PokerMunkee]

I installed GScript and just run a script with "ifconfig tap0 172.30.100.199 255.255.255.0" and I can then RDP into my work computer. I'm happy with that!

I do wish I couild find out why it doesn't assign the correct IP, but I'm not going to waste anymore time on it.

Thanks for your help, I am so relieved to again have access to work on my phone. No more stressing out when I don't bring the laptop!

 

[fang0654]

Ok, glad you got it working!

 

[wraithdu]

I had the same problem, and it's due to the built in versions of ifconfig and route I think. I did this:

1) installed busybox 1.15.3 to /system/xbin and installed the links (busybox --install .)
2) reboot into recovery
3) mount /system and adb shell:
# cd /system/bin
mv ifconfig ifconfigoff
mv route routeoff
ln -s /system/xbin/busybox ./ifconfig
ln -s /system/xbin/busybox ./route
4) reboot

This creates the busybox ifconfig and route symlinks in /system/bin. After this, OpenVPN Settings works perfectly. Since OpenVPN uses hardcoded paths, this is the only workaround I can think of.

 

[wraithdu]

Modified instructions above to create symlinks instead of hardlinks. I'm not sure if it matters, but it's how the ifconfig links are done in CM.

 

[PokerMunkee]

Could you explain how you installed busybox? I can only find the source (tar). If I try to install it from the Market, it faills.

 

[wraithdu]

busybox is installed by the latest rooting process, but it's not a full install, ie it does not create all the command links. I got the file from the Titanium Backup site:

www.matrixrewriter.com/android/files/busybox-1.15.3.zip

To install:

1) extract and push busybox to your sdcard, reboot into recovery
2) mount /system
3) if you don't have /system/xbin (you should), create it
adb shell:
# mkdir /system/xbin (if necessary)
dd if=/sdcard/busybox of=/system/xbin/busybox
cd /system/xbin
chmod 755 busybox
./busybox --install .
4) reboot and done

OPTIONAL - before rebooting replace the busybox installed by the root process in /system/bin
1) mv /system/bin/busybox /system/bin/busybox.bak
2) cp /system/xbin/busybox /system/bin/busybox

 

[PokerMunkee]

Well done!

Thank you for your help. Works great now

 

[fang0654]

I can upload another version of openvpn pointing to /system/xbin instead of /system/bin. The path for ifconfig and route are hardcoded into the binary, so have to be set before compile. I just moved, so my main machine is still in boxes, but once it is back up I'll update the first post with an updated binary and your additional instructions.

 

[ksizzle9]

Complete noon question here, but what exactly is openVPN? What are the benifits of it?

Sent from my ADR6300 using XDA App