Android and OpenVPN - Android Software/Hacking General [Developers Only]

Running android-openvpn-settings on Das BAMF 1.8.6 rooted thunderbolt.
My config file:
Code:
remote mine.dyndns.org 443
client
proto tcp
nobind
dev tap
comp-lzo
verb 4
log /sdcard/openvpn/openvpn.log
resolv-retry infinite
persist-key
persist-tun
redirect-gateway def1
dhcp-option DNS 192.168.1.1
route-gateway 192.168.1.1
route-delay 10
ns-cert-type server
key-direction 1
ca "camine.crt"
cert "mine2.crt"
Had to manually add this route for the log file to be free of errors. route-default would cause some route add/del's that would give Invalid Parameter or No Such Process errors since 192.168.1.0 wasnt anywhere in the table. So running this before opening the VPN tunnel got rid of the errors:
Code:
busybox route add -net 192.168.1.0 netmask 255.255.255.0 rmnet_sdio0
Heres what my routing table looks like after android-openvpn-settings runs and says the tunnel is open:
Code:
# busybox route -n
busybox route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
98.249.31.333 192.168.1.1 255.255.255.255 UGH 0 0 0 rmnet_sdio0
98.249.31.333 10.189.54.12 255.255.255.255 UGH 0 0 0 rmnet_sdio0
10.189.54.11 0.0.0.0 255.255.255.240 U 0 0 0 rmnet_sdio0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 rmnet_sdio0
0.0.0.0 192.168.1.1 128.0.0.0 UG 0 0 0 rmnet_sdio0
128.0.0.0 192.168.1.1 128.0.0.0 UG 0 0 0 rmnet_sdio0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 rmnet_sdio0
0.0.0.0 10.189.54.12 0.0.0.0 UG 0 0 0 rmnet_sdio0
No clue if the table is OK now. One weird thing is I can't ping through tun0 at all. Don't see tun0 in ifconfig either... Did I miss some huge step?
Code:
# ping -c 1 -I tun0 192.168.1.1
ping -c 1 -I tun0 192.168.1.1
ping: unknown iface tun0
only background I have is with that config (except redirect-gateway instead of redirect-gateway def1) used to work on my old WM phone.
Anyone have any ideas? Let me know if I can provide any more details... Ive been racking my brain on this the past couple of days. Out of ideas.

Bump. Any ideas?

Maybe my Tun setup is wrong? Where is tun.ko located on Das BAMF 1.8.6? The location in the android-openvpn-settings just says "tun"

A few things to try:
1) Change the symlinks /system/bin/ifconfig and /system/bin/route to point to /system/xbin/busybox instead of toolbox
2) Once the tunnel is established, try these commands in a terminal:
ip ru del table gprs
ip ru del table wifi

After "connecting" with android-openvpn-settings then running
Code:
netcfg tap0 dhcp
in a terminal openvpn works.
Still have no clue about CM7 built in OpenVPN and the broken tunnel message.

Related

(FROYO) VPN Still Broken (PPTP with encryption)

Sigh,
AoN
i think this should be in the general section.
What level of encryption is the server using?
Sent from my SAMSUNG-SGH-I897 using XDA App
You server must have some strange encryption, pptp has worked for me since day one
Is there a logfile generated somewhere on the phone, which would tell what level of encryption is being used for a particular vpn server? I'm trying to connect to work.
Thanks,
AoN
anneoneamouse said:
Is there a logfile generated somewhere on the phone, which would tell what level of encryption is being used for a particular vpn server? I'm trying to connect to work.
Thanks,
AoN
Click to expand...
Click to collapse
Same with DG, PPTP with Encryption worked and tested. Logged onto my servers via VNC no problem.
I have always had an issue as well. I think it has to do with routes. I am able to connect but can't ping or route any traffic anything behind the router.
Here's my setup:
-Phone's Wifi IP (eth0): 172.20.21.61
-IP for PPTP VPN connection(ppp0): 10.0.0.2
-Subnet at VPN location: 192.168.1.0/24
Here is my route tables:
Code:
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.1 * 255.255.255.255 UH 0 0 0 ppp0
172.20.21.0 192.168.1.1 255.255.255.128 UG 0 0 0 ppp0
172.20.21.128 192.168.1.1 255.255.255.128 UG 0 0 0 ppp0
172.20.21.0 * 255.255.255.0 U 0 0 0 eth0
Default 192.168.1.1 128.0.0.0 UG 0 0 0 ppp0
128.0.0.0 192.168.1.1 128.0.0.0 UG 0 0 0 ppp0
Default 172.20.21.1 0.0.0.0 UG 0 0 0 eth0
Fyi: The VPN works fine from my desktop and old iPhone.
techniq35 said:
I have always had an issue as well. I think it has to do with routes. I am able to connect but can't ping or route any traffic anything behind the router.
Here's my setup:
-Phone's Wifi IP (eth0): 172.20.21.61
-IP for PPTP VPN connection(ppp0): 10.0.0.2
-Subnet at VPN location: 192.168.1.0/24
Here is my route tables:
Code:
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.1 * 255.255.255.255 UH 0 0 0 ppp0
172.20.21.0 192.168.1.1 255.255.255.128 UG 0 0 0 ppp0
172.20.21.128 192.168.1.1 255.255.255.128 UG 0 0 0 ppp0
172.20.21.0 * 255.255.255.0 U 0 0 0 eth0
Default 192.168.1.1 128.0.0.0 UG 0 0 0 ppp0
128.0.0.0 192.168.1.1 128.0.0.0 UG 0 0 0 ppp0
Default 172.20.21.1 0.0.0.0 UG 0 0 0 eth0
Fyi: The VPN works fine from my desktop and old iPhone.
Click to expand...
Click to collapse
I know that Windows 2008 Server has some weird stuff going on with their VPN servers.... I connect from ATT wireless to an external static ip address on the router which listen/routes the PPTP port to my Windows 2008 Server with external ipaddress for authentication and stuff....
Try using the ATT wireless instead of the 172.20.x.x address.... see if it gets your further....
techniq35 said:
I have always had an issue as well. I think it has to do with routes. I am able to connect but can't ping or route any traffic anything behind the router.
Here's my setup:
-Phone's Wifi IP (eth0): 172.20.21.61
-IP for PPTP VPN connection(ppp0): 10.0.0.2
-Subnet at VPN location: 192.168.1.0/24
Here is my route tables:
Code:
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.1 * 255.255.255.255 UH 0 0 0 ppp0
172.20.21.0 192.168.1.1 255.255.255.128 UG 0 0 0 ppp0
172.20.21.128 192.168.1.1 255.255.255.128 UG 0 0 0 ppp0
172.20.21.0 * 255.255.255.0 U 0 0 0 eth0
Default 192.168.1.1 128.0.0.0 UG 0 0 0 ppp0
128.0.0.0 192.168.1.1 128.0.0.0 UG 0 0 0 ppp0
Default 172.20.21.1 0.0.0.0 UG 0 0 0 eth0
Fyi: The VPN works fine from my desktop and old iPhone.
Click to expand...
Click to collapse
Can you ping the other end of the tunnel? (10.0.0.1, I'm assuming?)
Your gateway for traffic through the tunnel should be something on the same subnet as 10.0.0.2. The 192.168.1.1 wont be reachable because you have no interfaces on that subnet.
Any (recent) luck with this? Seems that ppp wasn't originally compiled with mppe-128 support. The latest update from Samsung (I897UCKB1) hasn't improved things either.
Anyone know whether any of the ROMS here have a recompiled ppp component?
Thanks,
AoN

[Q] Enable both wifi and mobile data for multihoming

This might sound like a slightly odd thing to do, but I am trying to enable both wifi and mobile data on an Motorola Xoom pad at the same time. I need both interfaces as I am exploring multihoming of mobile devices. To illustrate the current behavior of the xoom.
sh-4.1# netcfg
...
ppp0 UP 95.209.163.33 255.255.255.255 0x000010d1
sh-4.1# svc wifi enable
sh-4.1# netcfg
...
ppp0 UP 95.209.163.33 255.255.255.255 0x000010d1
wlan0 UP 0.0.0.0 0.0.0.0 0x00001043
sh-4.1# netcfg
...
ppp0 DOWN 0.0.0.0 0.0.0.0 0x00001090
wlan0 UP 130.229.167.92 255.255.192.0 0x00001043
sh-4.1# netcfg
...
wlan0 UP 130.229.167.92 255.255.192.0 0x00001043
It seems that enabling data over wlan0 automatically disables the mobile data. Is there any known way to prevent this and have both interfaces enabled at the same time?
I have root access on the tablet and I am not afraid to write some code if that is what is needed. I just don't know where to start.
ps.
I have tried searching and not found any similar question.
ds.
/Pehr

[Q] VPNC Route Help

So I inadvertently killed my D1 by drowning it in a river and work sent me a new D3.
With a rooted D1, I was able to get VPNC to a Cisco working and <whisper>WiFi tether; I wanted the same usability in the D3. A little trickier getting things set up, but I'm just about there.
With wonderful resources like you people, found a radio tweak, and also that the D3 has tun built in (can see dev/net/tun), so with VPNC widget, got connected, see our Cisco banner text and issued IP in the VPNC log.
However, once connected to VPN, I can't access internet and can't ping any of our internal IPs either...I think my routes are wrong.
But, I don't know enough about setting up the routing table and was hoping someone could steer me in the right direction? I would like to manually adjust them, see if it works, then hopefully script it for after connection.
Not sure what anyone might need, but I'll start with this:
Before...
ip route list
66.174.201.64 dev ppp0 scope link
66.174.201.64 dev ppp0 proto kernel scope link src 10.251.3.122
default via 66.174.201.64 dev ppp0
netcfg
lo UP 127.0.0.1 255.0.0.0 0x00000049
usb0 DOWN 0.0.0.0 0.0.0.0 0x00001002
gether0 DOWN 0.0.0.0 0.0.0.0 0x00001002
sit0 DOWN 0.0.0.0 0.0.0.0 0x00000080
ip6tnl0 DOWN 0.0.0.0 0.0.0.0 0x00000080
tun DOWN 0.0.0.0 0.0.0.0 0x00001002
ppp0 UP 10.251.3.122 255.255.255.255 0x000010d1
After VPN connected...
66.174.201.64 dev ppp0 scope link
66.174.201.64 dev ppp0 proto kernel scope link src 10.251.3.122
default via 66.174.201.64 dev ppp0
netcfg
lo UP 127.0.0.1 255.0.0.0 0x00000049
usb0 DOWN 0.0.0.0 0.0.0.0 0x00001002
gether0 DOWN 0.0.0.0 0.0.0.0 0x00001002
sit0 DOWN 0.0.0.0 0.0.0.0 0x00000080
ip6tnl0 DOWN 0.0.0.0 0.0.0.0 0x00000080
tun DOWN 0.0.0.0 0.0.0.0 0x00001002
tun0 UP 192.168.144.8 255.255.255.255 0x000010d1
ppp0 UP 10.251.3.122 255.255.255.255 0x000010d1
I appreciate anyone taking the time to help me out.
Update...
Apparently, I found my busybox wasn't symlinked properly, so things like grep weren't working...that's why the usual vpnc-script file wasn't updating routes as it normally would. Updated bb and after connecting with VPNC, I now get:
ip route list
<myciscoip> via 66.174.201.64 dev ppp0 src 10.242.253.151 mtu 1500
advmss 1460
66.174.201.64 dev ppp0 scope link
66.174.201.64 dev ppp0 proto kernel scope link src 10.242.253.151
default dev tun0 scope link
netcfg
lo UP 127.0.0.1 255.0.0.0 0x00000049
usb0 DOWN 0.0.0.0 0.0.0.0 0x00001002
gether0 DOWN 0.0.0.0 0.0.0.0 0x00001002
sit0 DOWN 0.0.0.0 0.0.0.0 0x00000080
ip6tnl0 DOWN 0.0.0.0 0.0.0.0 0x00000080
tun DOWN 0.0.0.0 0.0.0.0 0x00001002
ppp0 UP 10.242.253.151 255.255.255.255 0x000010d1
tun0 UP 192.168.144.5 255.255.255.255 0x000010d1
Unfortunately, I still can't reach internet or ping any of our internal IPs? Like I said, I don't know enough about TCP route configuration to know what's missing/wrong from the phone's routing table.
Anyone with some insight?
Interesting...came across this (site wouldn't allow me to post link, so I mucked it a bit): androidforums.com /evo-4g-support-troubleshooting/ 140775-post-froyo-vpn-issues.html
They could connect to VPN if using WiFi, but not 3g. So, I tried connecting to my home WiFi, then VPN to work Cisco on phone...voila! Works fine...ping internal work IPs, facebook is blocked in browser due to our WebSense...just as expected.
So, can't VPN over 3g connection just yet....
Please use the Q&A Forum for questions Thanks
Moving to Q&A
I've got it working in mine by doing the folowing (Thether + 3G):
First try using IP instead of DNS. Otherwise you'll need what I need probably (strip your APN of MMS etc.)
Create a new APN. Only fill in mimimal:
Name: Internet
APN: Internet
Type: Internet
Rest default. Worked for me. Adding MMS proxy etc. Blocks my VPN

wired networking without DHCP

I suspect I'm not the only person with a wired network adapter - and some of us may be trying to do things like configure routers, etc, where there's no active DHCP server.
I was in this situation a couple of days ago, configuring a dd-wrt box with DHCP turned off.
The best how-to I found was at this entry at HeadlessAndroid
This could be "old hat" to everybody here (other than me), but, for most of my android devices, if I'm in the terminal, I'm connected via "adb terminal" so I've never needed to do this - and ifcfg does not work the way I'd have expected.
Hope this helps someone...
Networking on a Headless Android System
Android isn't the most intuitive environment for setting up networking on the command line. After playing with several different options here's what I've found.
Summary
# netcfg eth0 dhcp
# route add default gw 192.168.0.1 dev eth0
# setprop net.dns1 208.67.222.222
# setprop net.dns2 208.67.222.220
Details
The Android tools are quite different from the tools found on other embedded Linux systems, so most people I've talked to have had difficulty figuring out what utilities to use and how to use them. The most interesting one is ifconfig. When you type ifconfig on an Android system nothing happens. On a standard busybox or gnu based Linux system you will see the available networking interfaces and their associated settings (ok, technically ifconfig -a will show you that information). Since ifconfig doesn't show anything, most people assume (incorrectly) that it doesn't work.
On my development platform, to set a static IP address, I did the following:
# ifconfig eth0 192.168.0.84 netmask 255.255.255.0
Which didn't give any response, but DID show the following when I did netcfg.
# netcfg
lo UP 127.0.0.1 255.0.0.0 0x00000049
eth0 UP 192.168.0.84 255.255.255.0 0x00001043
usb0 DOWN 0.0.0.0 0.0.0.0 0x00001002
tunl0 DOWN 0.0.0.0 0.0.0.0 0x00000080
gre0 DOWN 0.0.0.0 0.0.0.0 0x00000080
sit0 DOWN 0.0.0.0 0.0.0.0 0x00000080
So what about DHCP you may ask?
# netcfg eth0 dhcp
Which yields the following.
# netcfg
lo UP 127.0.0.1 255.0.0.0 0x00000049
eth0 UP 192.168.0.227 255.255.255.0 0x00001043
usb0 DOWN 0.0.0.0 0.0.0.0 0x00001002
tunl0 DOWN 0.0.0.0 0.0.0.0 0x00000080
gre0 DOWN 0.0.0.0 0.0.0.0 0x00000080
sit0 DOWN 0.0.0.0 0.0.0.0 0x00000080
Just because you have an IP address now doesn't mean the applications on your Android device can get to the network. For that you have to set a default route and set the DNS resolver addresses. Again, with route keep in mind it won't show the usual output that a standard busybox or gnu based embedded Linux system would show.
To set the default route:
# route add default gw 192.168.0.1 dev eth0
And to set the DNS (I'm using OpenDNS addresses here):
# setprop net.dns1 208.67.222.222
# setprop net.dns2 208.67.222.220
And that allows the holy grail of a DNS resolved ping to a domain on the Internet.
# ping google.com
PING google.com (74.125.224.134) 56(84) bytes of data.
64 bytes from nuq04s09-in-f6.1e100.net (74.125.224.134): icmp_seq=1 ttl=57 time=41.5 ms
64 bytes from nuq04s09-in-f6.1e100.net (74.125.224.134): icmp_seq=2 ttl=57 time=43.2 ms
References
I found some great information in the following links.
http://www.anddev.org/advanced_networking_with_android-linux-t155.html
http://elinux.org/Android_Networking
Click to expand...
Click to collapse

[Q] USB Ethernet dongle on Samsung Lollipop

Hi,
I'm trying to run my USB Ethernet dongle with my S4 LTE+ (GT-I9506 Lollipop), but aplications in the phone and other computers on the network didn't see that connection.
My tryings:
[email protected]:/ # netcfg eth0 up
[email protected]:/ # netcfg eth0 dhcp
[email protected]:/ # netcfg|grep eth0
eth0 UP 10.0.0.12/24 0x00001043 f0:25:b7:20:af:75
[email protected]:/ # ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=1.96 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=2.05 ms
64 bytes from 10.0.0.1: icmp_seq=3 ttl=64 time=1.87 ms
[email protected]:/ # ping www.google.com
ping: unknown host www.google.com
2|[email protected]:/ # nslookup www.google.com
Server: 8.8.4.4
Address 1: 8.8.4.4 google-public-dns-b.google.com
Name: www.google.com
Address 1: 2a00:1450:4013:c01::93 ea-in-x93.1e100.net
Address 2: 74.125.136.104 ea-in-f104.1e100.net
Address 3: 74.125.136.103 ea-in-f103.1e100.net
Address 4: 74.125.136.99 ea-in-f99.1e100.net
Address 5: 74.125.136.105 ea-in-f105.1e100.net
Address 6: 74.125.136.147 ea-in-f147.
I've found this but it also doesn't work:
ndc network create 100
ndc network interface add 100 eth0
ndc network route add 100 eth0 <GATEWAY>/24
ndc network route add 100 eth0 0.0.0.0/0 <DNS1> <DNS2>
ndc resolver setnetdns 100 localdomain <DNS1> <DNS2>
ndc network default set 100
Any suggestions?
Thx

Categories

Resources