• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

(Update 5/02/2012 0.9.4) [APP][ICS4.0.3+]OpenVPN for ICS (no root/jailbreak required)

Search This thread

zealot0630

Senior Member
Jul 26, 2010
50
25
Note:
  • You can't install a pfx/p12 certification file which is not password protected, it is UNSAFE, android won't allow you do that
  • Please uninstall previous version first before install 0.9.0.
  • Due to Titanium Backup can't restore the permission to the keystore, if you are using Titanium Backup to backup/restore configurations, after a restore, please reconfigure your profile, repick the user certification to grant the permission to the keystore.

Features:
  • Compatible to all ICS device (NO ROOT REQUIRED, works on stock firmware)
  • Easy to use
  • Multiple VPN profile
  • Username/password authentication
  • Secure (Don't store your private key in App, but managed by Android system)
  • Open source

Limitation:
  • Only TUN mode, no TAP mode. (system API limitation)
  • One simultaneous connection only. (system API limitation)

ChangeLog:
5/02/2012 0.9.4
  • Fix redirect-gateway option
4/28/2012 0.9.3
  • Temporary fix tls-auth (Store tls key file in sdcard is insecure !!!)
  • Fix crash
4/27/2012 0.9.2
  • Add ns-cert-type option
  • Fix connection without user certification
4/25/2012 0.9.1
  • More error message
  • Fix extra arguments option
4/23/2012 0.9.0
  • Fix some crash
4/21/2012
  • Add username/password based authentication support. (Need to input password manually every time when connect)

Issues:
  • Connection interrupted if leave GUI while preparing/connecting. (It will be OK to leave once connected)
  • Won't work on JB, wait until google release openssl engine for system keystore

Screen Shots: Here

Download: Here

Source code: Here

Any feedback is welcome.
 
Last edited:

thafath

Senior Member
Apr 6, 2008
152
35
Montreal
Thank you very much. I was using the one in cm7 and worked perfectly. Is there any plans to port it to cm9, this is the most missing feature for me in cm9. Thank you.
 

omriasta

Senior Member
Jul 27, 2010
109
4
New York
can't select trusted CA

When I select my CA nothing changes so I'm not sure if it registers the certificate in the connection.
When I hit connect the icon flashes in the notification area and disappears.
I have tried the CA certificate in both .pem and .crt formats
Log says: No log.
Am running CM9 on AT&T Nexus S.
 
Last edited:

hamster79

New member
Apr 23, 2012
3
0
config request

Hi! Thanks for your great work!!!

Could you please add a simple checkbox in the connection settings to make the option "--ns-cert-type server" optional?
 

zealot0630

Senior Member
Jul 26, 2010
50
25
When I select my CA nothing changes so I'm not sure if it registers the certificate in the connection.
When I hit connect the icon flashes in the notification area and disappears.
I have tried the CA certificate in both .pem and .crt formats
Log says: No log.
Am running CM9 on AT&T Nexus S.

Both .pem and .crt is pem format, where the content should be enclosed between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----", you can use any text editor like notepad to check it.

I'll make the error message more verbose and accurate. Before that, can you use `adb logcat` to check if there is any error message ?
 

omriasta

Senior Member
Jul 27, 2010
109
4
New York
Both .pem and .crt is pem format, where the content should be enclosed between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----", you can use any text editor like notepad to check it.

I'll make the error message more verbose and accurate. Before that, can you use `adb logcat` to check if there is any error message ?

I know they are the same but for some reason the android store will only load .crt files.
The certificate begins and ends as mentioned.
I will try to run a logcat tomorrow.

Sent from my Nexus S using XDA
 

jaidee

Member
Dec 6, 2010
10
0
Quezon City
I have a working OpenVPN server with PCs and Android devices connecting to it.

Here is the situation with ICS.

I have installed this OpenVPN for a friend running ICS Midnote 3.3 for his Samsung Galaxy Note. Unfortunately, I can't get it to work, the logs does not display anything. It goes on stating its preparing and does not do anything else.

I tried forcing it to write any logs by supplying log /sdcard/openvpn/log.txt under the parameter section.

My currently VPN settings include.

Ca.crt, username and password. No keys are supplied.

To isolate things, I tried it with DroidVPN client, which works but is painstakingly slow.

You assistance is highly appreciated.

Thank you.
 

zealot0630

Senior Member
Jul 26, 2010
50
25
I have a working OpenVPN server with PCs and Android devices connecting to it.

Here is the situation with ICS.

I have installed this OpenVPN for a friend running ICS Midnote 3.3 for his Samsung Galaxy Note. Unfortunately, I can't get it to work, the logs does not display anything. It goes on stating its preparing and does not do anything else.

I tried forcing it to write any logs by supplying log /sdcard/openvpn/log.txt under the parameter section.

My currently VPN settings include.

Ca.crt, username and password. No keys are supplied.

To isolate things, I tried it with DroidVPN client, which works but is painstakingly slow.

You assistance is highly appreciated.

Thank you.

Would you please try this one , see if it works
 
  • Like
Reactions: jaidee

omriasta

Senior Member
Jul 27, 2010
109
4
New York
Both .pem and .crt is pem format, where the content should be enclosed between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----", you can use any text editor like notepad to check it.

I'll make the error message more verbose and accurate. Before that, can you use `adb logcat` to check if there is any error message ?

Double checked and there were a few characters before "begin certificate ". Removed them and the certificate loads(the app should ignore any text before/after those words). Still wouldn't connect and nothing in the log.
Just tried 0.9.2 and the log now says:
1335355150,D,MANAGEMENT: CMD 'state on all'
1335355150,D,MANAGEMENT: CMD 'hold release'
1335355150,D,MANAGEMENT: CMD 'username 'Auth' "xxxxxx"'
1335355150,D,MANAGEMENT: CMD 'password [...]'


Sent from my Nexus S using XDA
 

jcasares

Senior Member
Dec 9, 2011
330
81
Buenos Aires
It seems that it doesn't work and I'm not clear about what the issue is. I'm using user+password authentication.

Code:
W/info.kghost.android.openvpn.OpenVpnService( 3856): Error generate pkcs12
W/info.kghost.android.openvpn.OpenVpnService( 3856): java.lang.NullPointerException: alias == null
W/info.kghost.android.openvpn.OpenVpnService( 3856): 	at android.security.KeyChain.getPrivateKey(KeyChain.java:291)
W/info.kghost.android.openvpn.OpenVpnService( 3856): 	at info.kghost.android.openvpn.OpenVpnService$Task.prepare(OpenVpnService.java:123)
W/info.kghost.android.openvpn.OpenVpnService( 3856): 	at info.kghost.android.openvpn.OpenVpnService$Task.doInBackground(OpenVpnService.java:313)
W/info.kghost.android.openvpn.OpenVpnService( 3856): 	at info.kghost.android.openvpn.OpenVpnService$Task.doInBackground(OpenVpnService.java:44)
W/info.kghost.android.openvpn.OpenVpnService( 3856): 	at android.os.AsyncTask$2.call(AsyncTask.java:264)
W/info.kghost.android.openvpn.OpenVpnService( 3856): 	at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:305)
W/info.kghost.android.openvpn.OpenVpnService( 3856): 	at java.util.concurrent.FutureTask.run(FutureTask.java:137)
W/info.kghost.android.openvpn.OpenVpnService( 3856): 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1076)
W/info.kghost.android.openvpn.OpenVpnService( 3856): 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:569)
W/info.kghost.android.openvpn.OpenVpnService( 3856): 	at java.lang.Thread.run(Thread.java:856)
D/dalvikvm( 2108): GC_CONCURRENT freed 433K, 28% free 10263K/14151K, paused 2ms+3ms
F/info.kghost.android.openvpn.OpenVpnService$Task( 3856): alias == null
F/info.kghost.android.openvpn.OpenVpnService$Task( 3856): java.lang.NullPointerException: alias == null
F/info.kghost.android.openvpn.OpenVpnService$Task( 3856): 	at android.security.KeyChain.getPrivateKey(KeyChain.java:291)
F/info.kghost.android.openvpn.OpenVpnService$Task( 3856): 	at info.kghost.android.openvpn.OpenVpnService$Task.prepare(OpenVpnService.java:123)
F/info.kghost.android.openvpn.OpenVpnService$Task( 3856): 	at info.kghost.android.openvpn.OpenVpnService$Task.doInBackground(OpenVpnService.java:313)
F/info.kghost.android.openvpn.OpenVpnService$Task( 3856): 	at info.kghost.android.openvpn.OpenVpnService$Task.doInBackground(OpenVpnService.java:44)
F/info.kghost.android.openvpn.OpenVpnService$Task( 3856): 	at android.os.AsyncTask$2.call(AsyncTask.java:264)
F/info.kghost.android.openvpn.OpenVpnService$Task( 3856): 	at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:305)
F/info.kghost.android.openvpn.OpenVpnService$Task( 3856): 	at java.util.concurrent.FutureTask.run(FutureTask.java:137)
F/info.kghost.android.openvpn.OpenVpnService$Task( 3856): 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1076)
F/info.kghost.android.openvpn.OpenVpnService$Task( 3856): 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:569)
F/info.kghost.android.openvpn.OpenVpnService$Task( 3856): 	at java.lang.Thread.run(Thread.java:856)

Maybe you know why the alias==null happens.
 

jcasares

Senior Member
Dec 9, 2011
330
81
Buenos Aires
This is what I got now after installing the new version. The application doesn't stay in the notification bar as before and it seems there is no connection to the OpenVPN network.

Code:
D/PackageManager( 2000): New package installed in /mnt/asec/info.kghost.android.openvpn-1/pkg.apk
D/BackupManagerService( 2000): Received broadcast Intent { act=android.intent.action.PACKAGE_ADDED dat=package:info.kghost.android.openvpn flg=0x10000010 (has extras) }
I/ActivityManager( 2000): START {act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] flg=0x10000000 pkg=info.kghost.android.openvpn cmp=info.kghost.android.openvpn/.VpnSettings} from pid 12559
I/ActivityManager( 2000): Start proc info.kghost.android.openvpn for activity info.kghost.android.openvpn/.VpnSettings: pid=12965 uid=10087 gids={3003}
D/dalvikvm(12965): Trying to load lib /mnt/asec/info.kghost.android.openvpn-1/lib/libjni_openvpn.so 0x41357cc8
D/dalvikvm(12965): Added shared lib /mnt/asec/info.kghost.android.openvpn-1/lib/libjni_openvpn.so 0x41357cc8
D/dalvikvm(12965): No JNI_OnLoad found in /mnt/asec/info.kghost.android.openvpn-1/lib/libjni_openvpn.so 0x41357cc8, skipping init
I/ActivityManager( 2000): Displayed info.kghost.android.openvpn/.VpnSettings: +378ms
I/ActivityManager( 2000): START {cmp=info.kghost.android.openvpn/.VpnEditor (has extras)} from pid 12965
I/ActivityManager( 2000): Displayed info.kghost.android.openvpn/.VpnEditor: +263ms
I/info.kghost.android.openvpn.OpenVpnService$Task(12965): >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
W/info.kghost.android.openvpn.OpenVpnService$Task(12965): Unknown Command: SUCCESS: real-time echo notification set to ON
W/info.kghost.android.openvpn.OpenVpnService$Task(12965): Unknown Command: END
W/info.kghost.android.openvpn.OpenVpnService$Task(12965): Unknown Command: SUCCESS: real-time log notification set to ON
W/info.kghost.android.openvpn.OpenVpnService$Task(12965): Unknown Command: 1335367061,I,OpenVPN 2.2.2 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] [eurephia] built on Apr 25 2012
W/info.kghost.android.openvpn.OpenVpnService$Task(12965): Unknown Command: 1335367061,,MANAGEMENT: unix domain socket listening on /data/data/info.kghost.android.openvpn/cache/manage
W/info.kghost.android.openvpn.OpenVpnService$Task(12965): Unknown Command: 1335367061,,Need hold release from management interface, waiting...
W/info.kghost.android.openvpn.OpenVpnService$Task(12965): Unknown Command: 1335367062,,MANAGEMENT: Client connected from /data/data/info.kghost.android.openvpn/cache/manage
W/info.kghost.android.openvpn.OpenVpnService$Task(12965): Unknown Command: 1335367062,D,MANAGEMENT: CMD 'echo on all'
W/info.kghost.android.openvpn.OpenVpnService$Task(12965): Unknown Command: 1335367062,D,MANAGEMENT: CMD 'log on all'
W/info.kghost.android.openvpn.OpenVpnService$Task(12965): Unknown Command: END
I/info.kghost.android.openvpn.OpenVpnService$Task(12965): >LOG:1335367062,D,MANAGEMENT: CMD 'state on all'
W/info.kghost.android.openvpn.OpenVpnService$Task(12965): Unknown Command: SUCCESS: real-time state notification set to ON
W/info.kghost.android.openvpn.OpenVpnService$Task(12965): Unknown Command: 1335367061,CONNECTING,,,
W/info.kghost.android.openvpn.OpenVpnService$Task(12965): Unknown Command: END
I/info.kghost.android.openvpn.OpenVpnService$Task(12965): >LOG:1335367062,D,MANAGEMENT: CMD 'hold release'
W/info.kghost.android.openvpn.OpenVpnService$Task(12965): Unknown Command: SUCCESS: hold release succeeded
I/info.kghost.android.openvpn.OpenVpnService$Task(12965): >LOG:1335367062,D,MANAGEMENT: CMD 'username 'Auth' "jcasares2"'
W/info.kghost.android.openvpn.OpenVpnService$Task(12965): Unknown Command: SUCCESS: 'Auth' username entered, but not yet verified
I/info.kghost.android.openvpn.OpenVpnService$Task(12965): >LOG:1335367062,D,MANAGEMENT: CMD 'password [...]'
W/info.kghost.android.openvpn.OpenVpnService$Task(12965): Unknown Command: SUCCESS: 'Auth' password entered, but not yet verified
I/ActivityManager( 2000): START {act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] flg=0x10200000 cmp=info.kghost.android.openvpn/.VpnSettings} from pid 2256
I/ActivityManager( 2000): Displayed info.kghost.android.openvpn/.VpnSettings: +205ms
I/info.kghost.android.openvpn.OpenVpnService$Task(12965): >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
W/info.kghost.android.openvpn.OpenVpnService$Task(12965): Unknown Command: SUCCESS: real-time echo notification set to ON
W/info.kghost.android.openvpn.OpenVpnService$Task(12965): Unknown Command: END
W/info.kghost.android.openvpn.OpenVpnService$Task(12965): Unknown Command: SUCCESS: real-time log notification set to ON
W/info.kghost.android.openvpn.OpenVpnService$Task(12965): Unknown Command: 1335367167,I,OpenVPN 2.2.2 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] [eurephia] built on Apr 25 2012
W/info.kghost.android.openvpn.OpenVpnService$Task(12965): Unknown Command: 1335367167,,MANAGEMENT: unix domain socket listening on /data/data/info.kghost.android.openvpn/cache/manage
W/info.kghost.android.openvpn.OpenVpnService$Task(12965): Unknown Command: 1335367167,,Need hold release from management interface, waiting...
W/info.kghost.android.openvpn.OpenVpnService$Task(12965): Unknown Command: 1335367168,,MANAGEMENT: Client connected from /data/data/info.kghost.android.openvpn/cache/manage
W/info.kghost.android.openvpn.OpenVpnService$Task(12965): Unknown Command: 1335367168,D,MANAGEMENT: CMD 'echo on all'
W/info.kghost.android.openvpn.OpenVpnService$Task(12965): Unknown Command: 1335367168,D,MANAGEMENT: CMD 'log on all'
W/info.kghost.android.openvpn.OpenVpnService$Task(12965): Unknown Command: END
I/info.kghost.android.openvpn.OpenVpnService$Task(12965): >LOG:1335367168,D,MANAGEMENT: CMD 'state on all'
W/info.kghost.android.openvpn.OpenVpnService$Task(12965): Unknown Command: SUCCESS: real-time state notification set to ON
W/info.kghost.android.openvpn.OpenVpnService$Task(12965): Unknown Command: 1335367167,CONNECTING,,,
W/info.kghost.android.openvpn.OpenVpnService$Task(12965): Unknown Command: END
I/info.kghost.android.openvpn.OpenVpnService$Task(12965): >LOG:1335367168,D,MANAGEMENT: CMD 'hold release'
W/info.kghost.android.openvpn.OpenVpnService$Task(12965): Unknown Command: SUCCESS: hold release succeeded
I/info.kghost.android.openvpn.OpenVpnService$Task(12965): >LOG:1335367168,D,MANAGEMENT: CMD 'username 'Auth' "jcasares2"'
W/info.kghost.android.openvpn.OpenVpnService$Task(12965): Unknown Command: SUCCESS: 'Auth' username entered, but not yet verified
I/info.kghost.android.openvpn.OpenVpnService$Task(12965): >LOG:1335367168,D,MANAGEMENT: CMD 'password [...]'
W/info.kghost.android.openvpn.OpenVpnService$Task(12965): Unknown Command: SUCCESS: 'Auth' password entered, but not yet verified
 

Top Liked Posts

  • There are no posts matching your filters.
  • 6
    Note:
    • You can't install a pfx/p12 certification file which is not password protected, it is UNSAFE, android won't allow you do that
    • Please uninstall previous version first before install 0.9.0.
    • Due to Titanium Backup can't restore the permission to the keystore, if you are using Titanium Backup to backup/restore configurations, after a restore, please reconfigure your profile, repick the user certification to grant the permission to the keystore.

    Features:
    • Compatible to all ICS device (NO ROOT REQUIRED, works on stock firmware)
    • Easy to use
    • Multiple VPN profile
    • Username/password authentication
    • Secure (Don't store your private key in App, but managed by Android system)
    • Open source

    Limitation:
    • Only TUN mode, no TAP mode. (system API limitation)
    • One simultaneous connection only. (system API limitation)

    ChangeLog:
    5/02/2012 0.9.4
    • Fix redirect-gateway option
    4/28/2012 0.9.3
    • Temporary fix tls-auth (Store tls key file in sdcard is insecure !!!)
    • Fix crash
    4/27/2012 0.9.2
    • Add ns-cert-type option
    • Fix connection without user certification
    4/25/2012 0.9.1
    • More error message
    • Fix extra arguments option
    4/23/2012 0.9.0
    • Fix some crash
    4/21/2012
    • Add username/password based authentication support. (Need to input password manually every time when connect)

    Issues:
    • Connection interrupted if leave GUI while preparing/connecting. (It will be OK to leave once connected)
    • Won't work on JB, wait until google release openssl engine for system keystore

    Screen Shots: Here

    Download: Here

    Source code: Here

    Any feedback is welcome.
    1
    I have a working OpenVPN server with PCs and Android devices connecting to it.

    Here is the situation with ICS.

    I have installed this OpenVPN for a friend running ICS Midnote 3.3 for his Samsung Galaxy Note. Unfortunately, I can't get it to work, the logs does not display anything. It goes on stating its preparing and does not do anything else.

    I tried forcing it to write any logs by supplying log /sdcard/openvpn/log.txt under the parameter section.

    My currently VPN settings include.

    Ca.crt, username and password. No keys are supplied.

    To isolate things, I tried it with DroidVPN client, which works but is painstakingly slow.

    You assistance is highly appreciated.

    Thank you.

    Would you please try this one , see if it works
    1
    Hello,

    First of all, thank you for your great work.

    I have some problems for using the app (with android 4.0.3) in creating the profile for the vpn.

    When I wan to select the ca certificate, it appears two links (to galley an music) so I can not select my ca.crt. How can I do?

    When I want to select the user certificate, it says that does not exist and says that it is possible to install the p12 or pfx file (but i have only my .crt and .key file for the client). What can I do?

    Thank you for your help,

    install OI file manager or File Expert from the market which will allow you to "browse" your SD card for the crt. Also, open the crt file using notepad and make sure there is nothing before the line "Begin Certificate"
    1
    Hello,

    First of all, thank you for your great work.

    I have some problems for using the app (with android 4.0.3) in creating the profile for the vpn.

    When I wan to select the ca certificate, it appears two links (to galley an music) so I can not select my ca.crt. How can I do?

    When I want to select the user certificate, it says that does not exist and says that it is possible to install the p12 or pfx file (but i have only my .crt and .key file for the client). What can I do?

    Thank you for your help,

    To select the cert you need a file browser, anyone in the market will work.

    You must convert the crt/key to p12 or pfx, and install to android keystore, put the crt/key in sdcard is unsafe, every app can read your key without notifying you. there are many guides on how to convert crt/key to p12. I suggest xca, an openssl key management gui.
    1
    It seems that "redirect gateway" option does not work on CM9. I manage to connect, but the routing is the same as without tick on redirect gateway. According the attached log: ROUTE default_gateway=192.168.2.1 , but I tried with OpenVPN Settings from the market and it adds the right gateway in that case - 10.8.0.5 and everything is working as expected.

    Thank you for reporting, Fixed in 0.9.4