Hi everyone,
I've cross-compiled mplayer in order to use it with my magic. Everything's ok except...
Mplayer's seeking to /dev/dsp and android platforms doesn't have this device, an ls returns:
Code:
/ # ls -Al /dev
drwxr-xr-x 2 0 0 260 May 27 22:02 adsp
crw-r----- 1 1008 1000 10, 43 May 27 22:02 akm8976_aot
crw-r----- 1 1008 1000 10, 44 May 27 22:02 akm8976_daemon
crw-r----- 1 1008 1000 10, 42 May 27 22:02 akm8976_pffd
crw-rw-r-- 1 1000 1001 10, 45 May 27 22:02 alarm
crw-rw---- 1 1011 1011 10, 48 May 27 22:02 android_adb
crw-rw---- 1 1011 1011 10, 47 May 27 22:02 android_adb_enable
crw-rw-rw- 1 0 0 10, 53 May 27 22:02 ashmem
crw-rw-rw- 1 0 0 10, 52 May 27 22:02 binder
drwxr-xr-x 3 0 0 380 May 27 22:02 block
crw------- 1 0 0 5, 1 May 27 22:02 console
crw------- 1 0 0 10, 39 May 27 22:02 cpu_dma_latency
crw------- 1 0 0 10, 40 May 27 22:02 device-mapper
crw-rw-rw- 1 0 0 1, 7 May 27 22:02 full
drwxr-xr-x 2 0 0 60 May 27 22:02 graphics
crw-rw-rw- 1 1000 1005 10, 54 May 27 22:02 htc-acoustic
crw-rw---- 1 1000 1003 10, 0 May 27 22:02 hw3d
drwxr-xr-x 2 0 0 160 May 27 22:02 input
crw------- 1 0 0 10, 46 May 27 22:02 keychord
crw------- 1 0 0 1, 11 May 27 22:02 kmsg
drwxr-xr-x 2 0 0 100 May 27 22:02 log
crw-rw---- 1 1000 1005 10, 57 May 27 22:02 msm_audpre
crw-rw---- 1 1000 1005 10, 56 May 27 22:02 msm_mp3
crw-rw---- 1 1000 1005 10, 59 May 27 22:02 msm_pcm_ctl
crw-rw---- 1 1000 1005 10, 58 May 27 22:02 msm_pcm_in
crw-rw---- 1 1000 1005 10, 60 May 27 22:02 msm_pcm_out
crw-rw---- 1 1000 1005 10, 55 May 27 22:02 msm_snd
crw-rw---- 1 1000 1000 10, 41 May 27 22:02 mt9t013
drwxr-xr-x 2 0 0 280 May 27 22:02 mtd
crw------- 1 0 0 10, 38 May 27 22:02 network_latency
crw------- 1 0 0 10, 37 May 27 22:02 network_throughput
crw-rw-rw- 1 0 0 1, 3 May 27 22:02 null
drwxr-xr-x 2 0 0 680 May 27 22:02 oncrpc
crw-rw---- 1 1000 1003 10, 1 May 27 22:02 pmem
crw-rw---- 1 1000 1005 10, 2 May 27 22:02 pmem_adsp
crw-rw---- 1 1000 1006 10, 5 May 27 22:02 pmem_camera
crw-rw---- 1 1000 1003 10, 3 May 27 22:02 pmem_gpu0
crw-rw---- 1 1000 1003 10, 4 May 27 22:02 pmem_gpu1
crw------- 1 0 0 108, 0 May 27 22:02 ppp
crw-rw-rw- 1 0 0 5, 2 May 29 12:59 ptmx
drwxr-xr-x 2 0 0 0 Jan 1 1970 pts
crw-r----- 1 1001 1001 10, 63 May 27 22:02 qmi0
crw-r----- 1 1001 1001 10, 62 May 27 22:02 qmi1
crw-r----- 1 1001 1001 10, 61 May 27 22:02 qmi2
crw-rw-rw- 1 0 0 1, 8 May 27 22:02 random
crw-r----- 1 1001 1001 254, 0 May 29 12:43 smd0
crw------- 1 0 0 254, 27 May 27 22:02 smd27
drwxr-xr-x 2 0 0 180 May 29 11:07 socket
crw-rw-rw- 1 0 0 5, 0 May 27 22:02 tty
crw------- 1 1002 1002 250, 0 May 29 09:02 ttyHS0
crw------- 1 1002 1002 251, 0 May 27 22:02 ttyMSM0
crw------- 1 1002 1002 10, 223 May 27 22:02 uinput
crw-rw-rw- 1 0 0 1, 9 May 27 22:02 urandom
crw-rw-rw- 1 0 0 1, 5 May 27 22:02 zero
So i think that the audio device could be /dev/htc-acoustic but I'm not quite sure, anybody have this information in order I could compile mplayer again?
Thank you all
EDIT: I've tried some of those devices (msm_snd, htc-acoustic, msm_pcm_out, ...) with the -ao option but none seems to work.
By default, mplayer use this device : /dev/dvb/adapter0/audio0 (but the path doesn't exist)
Code:
/ # mplayer /sdcard/Music/pornophonique\ -\ 8-bit\ lagerfeuer/01\ -\ sad\ robot.
mp3
MPlayer 1.0rc2-4.3.3 (C) 2000-2007 MPlayer Team
CPU: ARM
Impossible de trouver le répertoire HOME.
Lecture de /sdcard/Music/pornophonique - 8-bit lagerfeuer/01 - sad robot.mp3
Fichier de type Audio file détecté.
Information sur le clip :
Title: sad robot
Artist: pornophonique
Album: 8-bit lagerfeuer
Year: 2007
Comment: http://www.jamendo.com/
Genre: Pop
==========================================================================
Ouverture décodeur audio : [mp3lib] MPEG layer-2, layer-3
AUDIO: 44100 Hz, 2 ch, s16le, 128.0 kbit/9.07% (ratio: 16000->176400)
Codec audio sélectionné : [mp3] afm : mp3lib (mp3lib MPEG layer-2, layer-3)
==========================================================================
[AO OSS] audio_setup: Impossible ouvrir périphérique audio /dev/dsp : No such file or directory
Opening /dev/dvb/adapter0/audio0
DVB AUDIO DEVICE: No such file or directory
AO: [null] 44100Hz 2ch s16le (2 bytes per sample)
Vidéo : pas de vidéo
Démarre la lecture...
A: 2.5 (02.5) of 367.0 (06:07.0) 66.6%
Hello I have bougt a Chinese phone that i am very satisfied with except one thing. I had to do a hard reset, and a´fter that i can't access my storage card. I have got out this data from SKtools. If somebody can help me. Yes, I have tried with 3 other SD-cards without success. Support from China ?.. well does it exist at all? Yeah I know that it is probably cheap thinking too buy a phone like that but now i have done that. It has Builtín GPS,WIFI,3,0 Mpix camera at a price of 180$, and worked flawless until the hard reset. Link to Phone... Sorry for my english, i'm swedish.
HTC G2 Built-in GPS, WIFI 460MHz CPU 3.0MP camera Windows Mobile phone Smart PDA + 2GB TF
[Device]
Marvell PXA312
PocketPC
Total time 20.22 min.
Idle time 15.50 min.
Idle percent 76.7%
Time from last power on 2.97 min.
[Features]
Sound : Available
Pocket Office : Available
Infrared : Not available
Vibration : Available
IMAP4 : Available
Phone : Available
Bluetooth : Available (Microsoft)
MMS : Not available
MUI : Not available
Speech : Not available
Persistent storage : Available
Bluetooth handsfree : Available
[Processor]
Processor info:
Processor core: ARM920T
Core revision: 0
Processor name:
Processor revision: 0
Catalog number :
Vendor: Marvell PXA312
Instruction set: 0
Clock speed: 360
[OS]
OS 5.2.20954.3
Adaptation Kit Update (AKU) version .1.5.0
[Memory]
program: 95568/60748 KB (all/free)
storage: 158928/33252 KB (all/free)
[Power]
LION
On AC Line: No
Main battery: 100%, 4222 mV, 32767 mA, 0 C
Backup battery: 100%
[Screen]
Resolution 240 x 320
DPI 96 x 96
Colors 65536
BackLight AC 5 BATT 0
[Network]
NT901_PPC
Adapter: SDIO86861
SDIO86861
MAC address: 00 22 43 92 58 7b
IP address:
0.0.0.0 0.0.0.0
Gateway:
DHCP server :
---------CMGR--------
CELLULAR_CSD
Status: 32
Secure: 0
CMCC MMS (CSD)
-------
CELLULAR_CSD
Status: 32
Secure: 0
CMCC WAP (CSD)
-------
CELLULAR_GPRS
Status: 32
Secure: 0
CMCC MMS (GPRS)
-------
CELLULAR_GPRS
Status: 32
Secure: 0
CMCC WAP (GPRS)
-------
PROXY_WAP
Status: 32
Secure: 0
CMCC WAP Gateway
-------
PROXY_NULL
Status: 32
Secure: 0
null-corp-{18AD9FBD-F716-ACB6-FD8A-1965DB95B814}
-------
PROXY_NULL
Status: 32
Secure: 0
HTTP-{ADB0B001-10B5-3F39-27C6-9742E785FCD4}
-------
[Hardware buttons]
[Phone]
NXP
NEXPERIA SY.SOL 5209
1.07.9201
366889010003287
240084702067287
VODAFONE SWEDEN
24008
IMSI:240084702067287
CellID:12672
LocationAreaCode:13
[Serial ports list]
COM3:Serial_GPS
COM2:Serial_BT
COM1:Serial_Modem
COM6:Serial_AGPS
[SD information]
Bus driver version 5.2
Slot 0
Host index 0,slot index 0
Inserted card Memory Card
Card type SD Memory
Interface mode 4 bit(s),Clock rate 25000000
[Security Policy]
one/two-tier device : 1
unsigned CABs : 16
unsigned apps : 1
user prompts : 1
4119 : 160
autorun : 0
4120 : 16
unsigned themes : 64
RAPI : 2
DRM : 3072
[Opened TCP/UDP ports]
[UDP]: 0.0.0.0:137
*.*.*.*:*
[UDP]: 0.0.0.0:138
*.*.*.*:*
[UDP]: 0.0.0.0:9204
*.*.*.*:*
[UDP]: 127.0.0.1:1028
*.*.*.*:*
YES with this patched vpnc you can connect from a rooted desire (or any other android device) to your AVM fritzbox with the original firmware. The included vpnc-script will help to fix the routing problems.
You need a rooted Android device with an tun.ko module
First setup your fritzbox like the iphone setup which is described at the avm portal (google-> "avm iphone vpn")
Install signed-FritzBox.apk to your phone.
Setup now your vpnc-gui and be happy.
--------------------------------------------------------------------------
Some detailed infos how to connect the Fritzbox with IPSEC via VPNC:
1.) you must use a IKE_ATTRIB_LIFE_DURATION = 3600 (seconds)
2.) you must use draft-ietf-ipsec-nat-t-ike-03
the original vpnc uses a IKE_ATTRIB_LIFE_DURATION with 2147483 (seconds) and only uses draft-ietf-ipsec-nat-t-ike-00 -> 02.
I change the timing to 3600 (seconds) and change the transformset 02 to 03.
Timing -> find in vpnc 000020C49B and change it to 0000000E10 (2x)
Transformset -> find in vpnc CD60464335DF21F87CFDB2FC68B6A448 and change it to 7D9419A65310CA6F2C179D9215529D56 (1x)
By the way these patch will help any vpnc user on every linux (i tested this with ubuntu and it works perfect)
----------------------------------------------------------------------------
update 20.12.2010
----------------------------------------------------------------------------
New APK to install on a rooted Android device. After installing you can connet via IPSEC VPN to a cisco device and to the FritzBox with the latest Firmware without modifying the FritzBox
For all who wants to use the FritzPhone App to make phonecalls via vpnc this will not work because the app did not use the 3G interface (only wlan). Download the app "3cx" from the market and in the setup menu "integration" you will find "Enable 3G", thats all.
Hi there!
Really nice one but I'm getting a forced closed when I push the connect button.
I'm using a SE X10 with android 2.1.........
Sometimes I hate my phone.......
Merry Christmas.
Is your Device rooted and had the vpnc the exec permissions ?
Please install "Quick System Info" and check the loginfos via the Logcat.
Maybe in your Kernel the tun.ko is missing.
Hello
@mp1405
Thanks for the signed-FritzBox.apk. I finally got it running on my Samsung I9000 Froyo XXJPU and Fritzbox 7390
First I had also the FC because the tun.ko was missing. Now it works but but I have to load the kernel module every reboot in the konsole with insmod /system/lib/modules/tun.ko
I edited the file /init.rc with the line insmod /system/lib/modules/tun.ko but every reboot a "recovery" init.rc is loaded without my insmod line. There was also the tip to copy the tun.ko into /lib/modules/tun.ko but the tun.ko gets deleted after every reboot.
Kind regards
@mp1405
Thanks for your work and time for this patched Version.
For my understanding:
IPSec ID is what ? My e-Mailadress from the FritzboxConfig ?
IPSec Secret is the Passphrase ?
Is this correct ?
Thanks!
Hello
IPSec ID: Yes, your e-Mailadress from the FritzboxConfig (it is the entry "user_fqdn" which you have to replace with "key_id" in the config.
IPSec Secret: Is the Passphrase (also named Pre-Shared Key or just "key") in the Fritzbox Configs.
Perfect! It works with the correct tun.ko
Thanks @all and mp1405 for this patched Version.
my fritzbox said The import of the VPN-Settings faild.
And I did it twice exactly with the iphone settings.
anyone else with that kind of problem?
I'm using Fritzbox 7270 fon with the latest firmware.
stephen
@stephen21
have the same problem with 7270, every cfg that is "toucht" with any editor. dosnt work.
Im kontakted the avm support and wait to the answer.
greatings
meinbier
PS. Sorry for my bad english
Thanks for the apk and the howto,
I've done everything as described, but I get always following (log) message :
Code:
D/VPN_Connections( 5436): process stderr: no response from target
@sky01x
Hi Sky, where You have found the right tun.ko?
Thanks for a hint.
To.
@lier99
I got the tun.ko from:
http://forum.xda-developers.com/showthread.php?t=793712
Best regards
I9000XXJPY
Kernel 2.6.32.9 hardcore k12h-500hz #2
XXJPY_Doc_v7_Kitchen
Fritzbox 7270
Thanks for the apk and the howto,
but still a little trouble.
The Fritzbox cfg is changed according to ipfone config from AVM.
The VPN Connections says connected.
The Fritzbox says Status green, I have an internet IP, I see my asigned IP, but for the local net I get 0.0.0.0. From there I do not get into my local network. When ever I try to change the Fritzbox cfg to
phase2localid {
ipnet {
ipaddr = 192.168.1.0;
mask = 255.255.255.0;
}
}
phase2remoteid {
ipaddr = 192.168.1.203;
}
phase2ss = "esp-all-all/ah-none/comp-all/no-pfs";
accesslist =
"permit ip 192.168.1.0 255.255.255.0 192.168.1.203 255.255.255.255";
like my Notebook runs fine on the tunel, the connection failed.
Any idea?
VPN dont work via GSM/UMTS connection
Hello,
need help my VPN dont work via GSM/UMTS connection.
My configuration:
FritzBox 7170 with Firmware-Version 29.04.86-18946 (Laborversion)
and VPN configuerd as IPhone.
Dynamic DNS is aktiv and ready.
Handy HTC Desire with LeeDriod v2.03c
VPNC from mp1405 singned-myVPNC.apk
now if I'm connected via WLAN to my FritzBox I have a VPN connection,
but via GSM or UMTS I get no connection - why?
Thanks
Thanks for your great work! My 7270 shows connection established.
However there seems to be a problem with your vpnc-script. I'm getting a
Device "default via <UMTS-IP> dev rmnet0 " does not exist.
Error: either "to" is duplicate, or "hoplimit" is a garbage.
backing up dns settings
vpnc-script ran to completion
on the console. Maybe I can further look into it tonight.
#Running Leedroid2.3a
mp1405 said:
----------------------------------------------------------------------------
update 20.12.2010
----------------------------------------------------------------------------
New APK to install on a rooted Android device. After installing you can connet via IPSEC VPN to a cisco device and to the FritzBox with the latest Firmware without modifying the FritzBox
Click to expand...
Click to collapse
So, do you mean that i need only to install the attached signed-myVPNC.apk and i can connect to my fritz without doing the iphone patching procedure on the fritz side? or i need to do it anyway?
does this apk work with gingerbread too?
update:
i imported the modified vpn config to my fritz, installed the signed VPN Connect.apk and set up the account, and tried to connect, it says connected on both Android and my fritz, but i cannot connect to addresses inside my fritz.
the build of android i use (NexusHD2 - Gingerbread 2.2) seems to have a tun.so file, so i don't need to import it, right?
what else can i do ??
mp1405 said:
...
For all who wants to use the FritzPhone App to make phonecalls via vpnc this will not work because the app did not use the 3G interface (only wlan). Download the app "3cx" from the market and in the setup menu "integration" you will find "Enable 3G", thats all.
Click to expand...
Click to collapse
Hi,
Thank you for this. The last thing that I will not get to work is to connect with Firtz!box fon to the box accross 3g
I have downloaded the 3cx an enabled "Enable 3g" without any other settings in the profile. But in fritz!box fon there the "not connected" is remaining. Any other hints?
Android "DHD Leedroid 2.2.2"
FritzBox "7270 Firmware 54.04.88"
Thx
I am running a HD2 with the latest CM7 ROM and I have a FritzBox 3270 with the latest firmware.
Thanks to this I can finally establish a VPN connection with my phone.
not work for me
Fritzbox config:
vpncfg {
connections {
enabled = yes;
conn_type = conntype_user;
name = "my mail";
always_renew = no;
reject_not_encrypted = no;
dont_filter_netbios = yes;
localip = 0.0.0.0;
local_virtualip = 0.0.0.0;
remoteip = 0.0.0.0;
remote_virtualip = 192.168.178.201;
remoteid {
key_id = "my mail";
}
mode = phase1_mode_aggressive;
phase1ss = "all/all/all";
keytype = connkeytype_pre_shared;
key = "my key";
cert_do_server_auth = no;
use_nat_t = yes;
use_xauth = yes;
use_cfgmode = no;
xauth {
valid = yes;
username = "my login";
passwd = "mypass";
}
phase2localid {
ipnet {
ipaddr = 192.168.178.0;
mask = 255.255.255.0;
}
}
phase2remoteid {
ipaddr = 192.168.178.201;
}
phase2ss = "esp-all-all/ah-none/comp-all/pfs";
accesslist =
"permit ip 192.168.178.0 255.255.255.0 192.168.178.201 255.255.255.255";
}
ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500",
"udp 0.0.0.0:4500 0.0.0.0:4500";
}
// EOF
Click to expand...
Click to collapse
And log from android (MIUI):
pre-init phase...
connect phase...
vpnc-script ran to completion
quick mode response rejected: (ISAKMP_N_INVALID_MESSAGE_ID)(9)
this means the concentrator did not like what we had to offer.
Possible reasons are:
* concentrator configured to require a firewall
this locks out even Cisco clients on any platform expect windows
which is an obvious security improvment. There is no workaround (yet).
* concentrator configured to require IP compression
this is not yet supported by vpnc.
Note: the Cisco Concentrator Documentation recommends against using
compression, expect on low-bandwith (read: ISDN) links, because it
uses much CPU-resources on the concentrator
vpnc version 0.5.3-mjm1-140M
S1 init_sockaddr
[2011-07-29 21:05:48]
S2 make_socket
[2011-07-29 21:05:48]
S3 setup_tunnel
[2011-07-29 21:05:48]
using interface tun0
S4 do_phase1_am
[2011-07-29 21:05:48]
S4.1 create_nonce
[2011-07-29 21:05:48]
S4.2 dh setup
[2011-07-29 21:05:48]
S4.3 AM packet_1
[2011-07-29 21:05:48]
S4.4 AM_packet2
[2011-07-29 21:05:49]
(Xauth)
(DPD)
(Nat-T 03)
(unknown)
got ike lifetime attributes: 3600 seconds
IKE SA selected psk+xauth-aes256-sha1
ignoring that peer is DPD capable (RFC3706)
peer is NAT-T capable (draft-03)
peer is using type 130 (ISAKMP_PAYLOAD_NAT_D_OLD) for NAT-Discovery payloads
peer is using type 130 (ISAKMP_PAYLOAD_NAT_D_OLD) for NAT-Discovery payloads
peer is using type 130 (ISAKMP_PAYLOAD_NAT_D_OLD) for NAT-Discovery payloads
peer is using type 130 (ISAKMP_PAYLOAD_NAT_D_OLD) for NAT-Discovery payloads
S4.5 AM_packet3
[2011-07-29 21:05:49]
NAT status: this end behind NAT? YES -- remote end behind NAT? YES
NAT-T mode, adding non-esp marker
S4.6 cleanup
[2011-07-29 21:05:49]
S5 do_phase2_xauth
[2011-07-29 21:05:49]
S5.1 xauth_start
[2011-07-29 21:05:49]
S5.2 notice_check
[2011-07-29 21:05:49]
S5.3 type-is-xauth check
[2011-07-29 21:05:49]
S5.4 xauth type check
[2011-07-29 21:05:49]
S5.5 do xauth authentication
[2011-07-29 21:05:49]
NAT-T mode, adding non-esp marker
S5.2 notice_check
[2011-07-29 21:05:49]
S5.3 type-is-xauth check
[2011-07-29 21:05:49]
S5.6 process xauth response
[2011-07-29 21:05:49]
NAT-T mode, adding non-esp marker
S5.7 xauth done
[2011-07-29 21:05:49]
S6 do_phase2_config
[2011-07-29 21:05:49]
S6.1 phase2_config send modecfg
[2011-07-29 21:05:49]
NAT-T mode, adding non-esp marker
S6.2 phase2_config receive modecfg
[2011-07-29 21:05:50]
got save password setting: 0
got address 192.168.178.201
S7 setup_link (phase 2 + main_loop)
[2011-07-29 21:05:50]
S7.0 run interface setup script
[2011-07-29 21:05:50]
S7.1 QM_packet1
[2011-07-29 21:05:50]
S7.2 QM_packet2 send_receive
[2011-07-29 21:05:50]
NAT-T mode, adding non-esp marker
S7.3 QM_packet2 validate type
[2011-07-29 21:05:50]
S7.4 process and skip lifetime notice
[2011-07-29 21:05:50]
S7.5 QM_packet2 check reject offer
[2011-07-29 21:05:50]
---!!!!!!!!! entering phase2_fatal !!!!!!!!!---
NAT-T mode, adding non-esp marker
NAT-T mode, adding non-esp marker
disconnect phase...
ip: can't find device 'tun0'
ip: an inet prefix is expected rather than ""
ip: RTNETLINK answers: No such process
DNS not restored (no active default gateway)
Click to expand...
Click to collapse
Please help me. What I should do ?
If this helps the developers to keep the stuff up to date, here's the Handshake from a fritzbox 7240 v. Firmware-Version 73.05.05 with default vpn config:
Code:
~$ ike-scan -v -s 0 --aggressive --id=xxxxxxxxxxxxx fritz.box
DEBUG: pkt len=380 bytes, bandwidth=56000 bps, int=58285 us
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
x.x.x.x Aggressive Mode Handshake returned
HDR=(CKY-R=a79e96b1e2acf788)
SA=(Enc=3DES Hash=SHA1
Auth=PSK Group=2:modp1024
LifeType=Seconds LifeDuration=28800)
KeyExchange(128 bytes)
Nonce(16 bytes)
ID(Type=ID_IPV4_ADDR, Value=xxxxxxxx)
Hash(20 bytes)
Notification=(Type=RESPONDER-LIFETIME, SPI=741b17c61bce146aa79e96b1e2acf788,
Data=800b0001800c0e10)
VID=09002689dfd6b712 (XAUTH)
VID=afcad71368a1f1c96b8696fc77570100
(Dead Peer Detection v1.0)
Ending ike-scan 1.9: 1 hosts scanned in 0.269 seconds (3.72 hosts/sec). 1 returned handshake; 0 returned notify
The fritzbox only answers aggressive mode, this may be the reason for faulting android vpn client, see android system logs...
Code:
Get osmonitor app exported logcat log (no permissions over sshfs):
$ scp htc:/mnt/sdcard/log1 .
grep it for ipsec vpn racoon:
08/03/2011 17:03:50 [INFORMATION] racoon(7090) ipsec-tools 0.7.3 (http://ipsec-tools.sf.net)
08/03/2011 17:01:44 [INFORMATION] ActivityManager(118) Displayed com.android.settings/.vpn.VpnSettings: +312ms
08/03/2011 17:01:57 [DEBUG] com.android.settings.vpn.AuthenticationActor(3067) ~~~~~~ connect() succeeded!
at com.android.server.vpn.VpnService.getIp(VpnService.java:108)
at com.android.server.vpn.VpnService.onConnect(VpnService.java:135)
at com.android.server.vpn.VpnServiceBinder$2.run(VpnServiceBinder.java:117)
08/03/2011 17:01:58 [INFORMATION] ipd(77) IP CMD: /system/bin/ip ru del from all to all table vpn prio 2500
08/03/2011 17:02:06 [INFORMATION] ActivityManager(118) Displayed com.android.settings/.vpn.VpnEditor: +479ms
08/03/2011 17:03:39 [INFORMATION] ActivityManager(118) Displayed com.android.settings/.vpn.VpnSettings: +328ms
08/03/2011 17:03:49 [DEBUG] com.android.settings.vpn.AuthenticationActor(3067) ~~~~~~ connect() succeeded!
at com.android.server.vpn.VpnService.waitUntilConnectedOrTimedout(VpnService.java:210)
at com.android.server.vpn.VpnService.onConnect(VpnService.java:139)
at com.android.server.vpn.VpnServiceBinder$2.run(VpnServiceBinder.java:117)
08/03/2011 17:04:35 [INFORMATION] ipd(77) IP CMD: /system/bin/ip ru del from all to all table vpn prio 2500
08/03/2011 17:01:57 [INFORMATION] SProxy_racoon(6207) Stop VPN daemon: racoon
08/03/2011 17:01:57 [DEBUG] SProxy_racoon(6207) racoon is stopped after 0 msec
08/03/2011 17:01:57 [DEBUG] SProxy_racoon(6207) stopping racoon, success? true
08/03/2011 17:01:58 [INFORMATION] SProxy_racoon(6207) Stop VPN daemon: racoon
08/03/2011 17:01:58 [DEBUG] SProxy_racoon(6207) racoon is stopped after 0 msec
08/03/2011 17:01:58 [DEBUG] SProxy_racoon(6207) stopping racoon, success? true
08/03/2011 17:03:49 [INFORMATION] SProxy_racoon(6207) Stop VPN daemon: racoon
08/03/2011 17:03:49 [DEBUG] SProxy_racoon(6207) racoon is stopped after 0 msec
08/03/2011 17:03:49 [DEBUG] SProxy_racoon(6207) stopping racoon, success? true
08/03/2011 17:03:49 [INFORMATION] SProxy_racoon(6207) Start VPN daemon: racoon
08/03/2011 17:03:49 [DEBUG] SProxy_racoon(6207) racoon is running after 0 msec
08/03/2011 17:03:49 [DEBUG] racoon(7090) Waiting for control socket
08/03/2011 17:03:49 [DEBUG] SProxy_racoon(6207) service not yet listen()ing; try again
08/03/2011 17:03:50 [DEBUG] racoon(7090) Received 3 arguments
08/03/2011 17:03:50 [INFORMATION] racoon(7090) ipsec-tools 0.7.3 (http://ipsec-tools.sf.net)
08/03/2011 17:03:50 [INFORMATION] racoon(7090) 192.168.0.106[500] used as isakmp port (fd=10)
08/03/2011 17:03:50 [INFORMATION] racoon(7090) 192.168.0.106[500] used for NAT-T
08/03/2011 17:03:50 [INFORMATION] racoon(7090) 192.168.0.106[4500] used as isakmp port (fd=11)
08/03/2011 17:03:50 [INFORMATION] racoon(7090) 192.168.0.106[4500] used for NAT-T
08/03/2011 17:03:50 [INFORMATION] SProxy_racoon(6207) got data from control socket: 3
08/03/2011 17:03:52 [INFORMATION] racoon(7090) no in-bound policy found: 192.168.0.3/32[1701] 192.168.0.106/32[0] proto=udp dir=in
08/03/2011 17:03:52 [INFORMATION] racoon(7090) IPsec-SA request for 192.168.0.3 queued due to no phase1 found.
08/03/2011 17:03:52 [INFORMATION] racoon(7090) initiate new phase 1 negotiation: 192.168.0.106[500]<=>192.168.0.3[500]
08/03/2011 17:03:52 [INFORMATION] racoon(7090) begin Identity Protection mode.
08/03/2011 17:04:23 [ERROR] racoon(7090) phase2 negotiation failed due to time up waiting for phase1. ESP 192.168.0.3[0]->192.168.0.106[0]
08/03/2011 17:04:23 [INFORMATION] racoon(7090) delete phase 2 handler.
08/03/2011 17:04:23 [INFORMATION] racoon(7090) Bye
08/03/2011 17:04:35 [INFORMATION] SProxy_racoon(6207) Stop VPN daemon: racoon
08/03/2011 17:04:35 [DEBUG] SProxy_racoon(6207) racoon is stopped after 0 msec
08/03/2011 17:04:35 [DEBUG] SProxy_racoon(6207) stopping racoon, success? true
I'm trying to adapt the fritzbox vpn config to match the faulting android 2.3.3 built-in vpn-client's requirements, further logs from other vpn-clients will follow.
The android vpn asks for xauth credentials, trying to configure fritzbox for xauth...
no success,
android racoon still phase 1 waiting timeout, changing fritzbox from agressive to main mode...
no success, still phase1 time out, taking and analyzing wireshark dump from
http://fritz.box//html/capture.html (if ath0 or guest1 etc)
Ok, here's what the android racoon sends to the fritz.box:
Code:
$ /usr/sbin/tcpdump -vvv -r fritz-ath0.eth src or dst port 500 or src or dst port l2f
reading from file fritz-ath0.eth, link-type EN10MB (Ethernet)
00:29:57.082587 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 380)
htc.fritz.box.isakmp > fritz.box.isakmp: [udp sum ok] isakmp 1.0 msgid 00000000 cookie 3958b87fd7c4e0a9->0000000000000000: phase 1 I ident:
(sa: doi=ipsec situation=identity
(p: #1 protoid=isakmp transform=6
(t: #1 id=ike (type=lifetype value=sec)(type=lifeduration value=7080)(type=enc value=3des)(type=auth value=preshared)(type=hash value=sha1)(type=group desc value=modp1024))
(t: #2 id=ike (type=lifetype value=sec)(type=lifeduration value=7080)(type=enc value=3des)(type=auth value=preshared)(type=hash value=md5)(type=group desc value=modp1024))
(t: #3 id=ike (type=lifetype value=sec)(type=lifeduration value=7080)(type=enc value=1des)(type=auth value=preshared)(type=hash value=sha1)(type=group desc value=modp1024))
(t: #4 id=ike (type=lifetype value=sec)(type=lifeduration value=7080)(type=enc value=1des)(type=auth value=preshared)(type=hash value=md5)(type=group desc value=modp1024))
(t: #5 id=ike (type=lifetype value=sec)(type=lifeduration value=7080)(type=enc value=aes)(type=keylen value=0080)(type=auth value=preshared)(type=hash value=sha1)(type=group desc value=modp1024))
(t: #6 id=ike (type=lifetype value=sec)(type=lifeduration value=7080)(type=enc value=aes)(type=keylen value=0080)(type=auth value=preshared)(type=hash value=md5)(type=group desc value=modp1024))))
(vid: len=16 4a131c81070358455c5728f20e95452f)
(vid: len=16 cd60464335df21f87cfdb2fc68b6a448)
(vid: len=16 90cb80913ebb696e086381b5ec427b1f)
(vid: len=16 4485152d18b6bbcd0be8a8469579ddcc)
(vid: len=20 4048b7d56ebce88525e7de7f00d6c2d380000000)
00:30:07.104380 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 380)
htc.fritz.box.isakmp > fritz.box.isakmp: [udp sum ok] isakmp 1.0 msgid 00000000 cookie 3958b87fd7c4e0a9->0000000000000000: phase 1 I ident:
(sa: doi=ipsec situation=identity
(p: #1 protoid=isakmp transform=6
(t: #1 id=ike (type=lifetype value=sec)(type=lifeduration value=7080)(type=enc value=3des)(type=auth value=preshared)(type=hash value=sha1)(type=group desc value=modp1024))
(t: #2 id=ike (type=lifetype value=sec)(type=lifeduration value=7080)(type=enc value=3des)(type=auth value=preshared)(type=hash value=md5)(type=group desc value=modp1024))
(t: #3 id=ike (type=lifetype value=sec)(type=lifeduration value=7080)(type=enc value=1des)(type=auth value=preshared)(type=hash value=sha1)(type=group desc value=modp1024))
(t: #4 id=ike (type=lifetype value=sec)(type=lifeduration value=7080)(type=enc value=1des)(type=auth value=preshared)(type=hash value=md5)(type=group desc value=modp1024))
(t: #5 id=ike (type=lifetype value=sec)(type=lifeduration value=7080)(type=enc value=aes)(type=keylen value=0080)(type=auth value=preshared)(type=hash value=sha1)(type=group desc value=modp1024))
(t: #6 id=ike (type=lifetype value=sec)(type=lifeduration value=7080)(type=enc value=aes)(type=keylen value=0080)(type=auth value=preshared)(type=hash value=md5)(type=group desc value=modp1024))))
(vid: len=16 4a131c81070358455c5728f20e95452f)
(vid: len=16 cd60464335df21f87cfdb2fc68b6a448)
(vid: len=16 90cb80913ebb696e086381b5ec427b1f)
(vid: len=16 4485152d18b6bbcd0be8a8469579ddcc)
(vid: len=20 4048b7d56ebce88525e7de7f00d6c2d380000000)
00:30:17.123829 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 380)
htc.fritz.box.isakmp > fritz.box.isakmp: [udp sum ok] isakmp 1.0 msgid 00000000 cookie 3958b87fd7c4e0a9->0000000000000000: phase 1 I ident:
(sa: doi=ipsec situation=identity
(p: #1 protoid=isakmp transform=6
(t: #1 id=ike (type=lifetype value=sec)(type=lifeduration value=7080)(type=enc value=3des)(type=auth value=preshared)(type=hash value=sha1)(type=group desc value=modp1024))
(t: #2 id=ike (type=lifetype value=sec)(type=lifeduration value=7080)(type=enc value=3des)(type=auth value=preshared)(type=hash value=md5)(type=group desc value=modp1024))
(t: #3 id=ike (type=lifetype value=sec)(type=lifeduration value=7080)(type=enc value=1des)(type=auth value=preshared)(type=hash value=sha1)(type=group desc value=modp1024))
(t: #4 id=ike (type=lifetype value=sec)(type=lifeduration value=7080)(type=enc value=1des)(type=auth value=preshared)(type=hash value=md5)(type=group desc value=modp1024))
(t: #5 id=ike (type=lifetype value=sec)(type=lifeduration value=7080)(type=enc value=aes)(type=keylen value=0080)(type=auth value=preshared)(type=hash value=sha1)(type=group desc value=modp1024))
(t: #6 id=ike (type=lifetype value=sec)(type=lifeduration value=7080)(type=enc value=aes)(type=keylen value=0080)(type=auth value=preshared)(type=hash value=md5)(type=group desc value=modp1024))))
(vid: len=16 4a131c81070358455c5728f20e95452f)
(vid: len=16 cd60464335df21f87cfdb2fc68b6a448)
(vid: len=16 90cb80913ebb696e086381b5ec427b1f)
(vid: len=16 4485152d18b6bbcd0be8a8469579ddcc)
(vid: len=20 4048b7d56ebce88525e7de7f00d6c2d380000000)
00:30:27.145065 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 380)
htc.fritz.box.isakmp > fritz.box.isakmp: [udp sum ok] isakmp 1.0 msgid 00000000 cookie 3958b87fd7c4e0a9->0000000000000000: phase 1 I ident:
(sa: doi=ipsec situation=identity
(p: #1 protoid=isakmp transform=6
(t: #1 id=ike (type=lifetype value=sec)(type=lifeduration value=7080)(type=enc value=3des)(type=auth value=preshared)(type=hash value=sha1)(type=group desc value=modp1024))
(t: #2 id=ike (type=lifetype value=sec)(type=lifeduration value=7080)(type=enc value=3des)(type=auth value=preshared)(type=hash value=md5)(type=group desc value=modp1024))
(t: #3 id=ike (type=lifetype value=sec)(type=lifeduration value=7080)(type=enc value=1des)(type=auth value=preshared)(type=hash value=sha1)(type=group desc value=modp1024))
(t: #4 id=ike (type=lifetype value=sec)(type=lifeduration value=7080)(type=enc value=1des)(type=auth value=preshared)(type=hash value=md5)(type=group desc value=modp1024))
(t: #5 id=ike (type=lifetype value=sec)(type=lifeduration value=7080)(type=enc value=aes)(type=keylen value=0080)(type=auth value=preshared)(type=hash value=sha1)(type=group desc value=modp1024))
(t: #6 id=ike (type=lifetype value=sec)(type=lifeduration value=7080)(type=enc value=aes)(type=keylen value=0080)(type=auth value=preshared)(type=hash value=md5)(type=group desc value=modp1024))))
(vid: len=16 4a131c81070358455c5728f20e95452f)
(vid: len=16 cd60464335df21f87cfdb2fc68b6a448)
(vid: len=16 90cb80913ebb696e086381b5ec427b1f)
(vid: len=16 4485152d18b6bbcd0be8a8469579ddcc)
(vid: len=20 4048b7d56ebce88525e7de7f00d6c2d380000000)
00:30:29.149902 IP (tos 0x0, ttl 64, id 51970, offset 0, flags [DF], proto UDP (17), length 97)
htc.fritz.box.51610 > fritz.box.l2f: [udp sum ok] l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *HOST_NAME(anonymous) *FRAMING_CAP(AS) *ASSND_TUN_ID(798) *RECV_WIN_SIZE(1)
Code:
$ ike-scan -v -s 0 fritz.box
DEBUG: pkt len=336 bytes, bandwidth=56000 bps, int=52000 us
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
--- Pass 1 of 3 completed
--- Pass 2 of 3 completed
--- Pass 3 of 3 completed
Ending ike-scan 1.9: 1 hosts scanned in 2.445 seconds (0.41 hosts/sec). 0 returned handshake; 0 returned notify
wireshark compatible file is attached.
I've found the allowed ipsec strategies for /bin/avmike in
Code:
# find / -name *ipsec*
/etc/default.Fritz_Box_7240/1und1/ipsec.cfg
/etc/default.Fritz_Box_7240/avm/ipsec.cfg
#
#
# find / -name *ike*
/bin/avmike
/lib/libikeapi.so
/lib/libikeapi.so.2
/lib/libikeapi.so.2.0.0
/lib/libikecrypto.so
/lib/libikecrypto.so.1
/lib/libikecrypto.so.1.0.0
/lib/libikeossl.so
/lib/libikeossl.so.1
/lib/libikeossl.so.1.0.0
/var/run/avmike.pid
/var/tmp/csem/M-ikeapi-reply-dsld-W
/var/tmp/csem/M-ikeapi-reply-dsld-R
/var/tmp/csem/M-ikeapi-request-dsld-W
/var/tmp/csem/M-ikeapi-request-dsld-R
#
# find / -name *vpn*
/etc/default.Fritz_Box_7240/1und1/vpn.cfg
/etc/default.Fritz_Box_7240/avm/vpn.cfg
/usr/share/ctlmgr/libvpnstat.so
/usr/www/1und1/html/de/internet/vpn.frm
/usr/www/1und1/html/de/internet/vpn.html
/usr/www/1und1/html/de/internet/vpn.js
/usr/www/1und1/html/de/menus/menu2_vpn.html
/usr/www/1und1/html/de/vpn
/usr/www/1und1/html/vpn_import_nok_reboot.html
/usr/www/1und1/html/vpn_import_ok_reboot.html
/usr/www/1und1/html/vpn_import_pwd_nok_reboot.html
/usr/www/avm/html/de/internet/vpn.frm
/usr/www/avm/html/de/internet/vpn.html
/usr/www/avm/html/de/internet/vpn.js
/usr/www/avm/html/de/menus/menu2_vpn.html
/usr/www/avm/html/de/vpn
/usr/www/avm/html/vpn_import_nok_reboot.html
/usr/www/avm/html/vpn_import_ok_reboot.html
/usr/www/avm/html/vpn_import_pwd_nok_reboot.html
/var/vpnroutes
/var/flash/vpn.cfg
/var/tmp/vpncfgimport.eff
#
# avmike -h
illegal option 'h'
usage: avmike avm_ike [options]
options:
-? - print this help
-D STRING - switch debug logs on. (NULL)
-d - debug service. (NOTSET)
-f - run in forground. (NOTSET)
-s - stop daemon. (NOTSET)
-v - verbose. (NOTSET)
-p STRING - Pidfile. ("/var/run/avmike.pid")
-w - [Hit return to continue]. (NOTSET)
-p INTEGER - port to use. (0)
ISAKMP/IPSec negoiation server
Trying to enable debug logs... debug options silently disabled in release build.
Matching fritzbox factory ike config for Android 2.3.3 racoon is phase1ss = "racoon-dh2-aes-sha", but --lifetime=3600 or datatype length or formatting, or wrong other config file settings:
Code:
# ike-scan fritz.box -M --retry=1 --trans=7/128,2,1,2 --lifetime=3600
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
Ending ike-scan 1.9: 1 hosts scanned in 0.532 seconds (1.88 hosts/sec). 0 returned handshake; 0 returned notify
19:37:36.599736 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 116)
tom1.isakmp > fritz.box.isakmp: [udp sum ok] isakmp 1.0 msgid 00000000 cookie 84cdf79f56296b8b->0000000000000000: phase 1 I ident:
(sa: doi=ipsec situation=identity
(p: #1 protoid=isakmp transform=1
(t: #1 id=ike (type=enc value=aes)(type=hash value=sha1)(type=auth value=preshared)(type=group desc value=modp1024)(type=keylen value=0080)(type=lifetype value=sec)(type=lifeduration [B]len=4 value=00007080[/B]))))
No answer from avmike, trying Android... no success.
Surely config file mismatch, see http://www.ip-phone-forum.de/showthread.php?t=161793&p=1672919&viewfull=1#post1672919 and search there under avm for posts containing phase1_mode_idp.
No. Tried to override the /etc/default/ipsec.cfg inline in vpn.cfg and > /var/flash/vpn.cfg but the box does all to prevent any tricks to change the ipsec.cfg, even removing the ipsec part from vpn.cfg when in comments.
Giving up and will remove the proprietary crap avm vpn daemon from the box, install something like freetz with racoon.
For those not able/not want to root their phone here's the solution for fritzbox:
http://www.ip-phone-forum.de/showthread.php?t=197637&pagenumber=
http://freetz.org/ticket/854
(Mostly german, use google translator)
Hello xda,
I have the problem with all networks apps from busybox like ping, wget etc. BTW, the same apps from android work fine:
Code:
bash-4.1# which ping
/system/xbin/ping
bash-4.1# ls -la /system/xbin/ping
lrwxrwxrwx 1 root 2000 20 Jul 26 07:49 /system/xbin/ping -> /system/xbin/busybox
bash-4.1# ping google.com
ping: bad address 'google.com'
bash-4.1# /system/xbin/busybox ping google.com
ping: bad address 'google.com'
bash-4.1# /system/xbin/busybox wget google.com
wget: bad address 'google.com'
bash-4.1# /system/bin/ping -c1 google.com
PING google.com (209.85.148.99) 56(84) bytes of data.
64 bytes from google.com (209.85.148.99): icmp_seq=1 ttl=53 time=44.2 ms
--- google.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 44.271/44.271/44.271/0.000 ms
bash-4.1#
Any solutions?
Thanks
using jping
I have terminal IDE, which includes jping, so I can use:
jping google.com | sed 's/.*: \(.*\)/\1/' | xargs ping
And I get the name resolved for me.