Ok. I am no newb to tinkering with the inner workings of an android device. I have also worked with VPN before too. However Android and OpenVPN have me stumped. My old router (Linksys WRT54G) worked fine with a standard VPN set up in Windows XP, and the Android device (both my old Motorola Droid and current HTC Thunderbolt) connected right up no problem. However, My new router (Linksys WRVS4400N) is terrible when it comes to VPN, and the dang thing has a built VPN application supporting IPSec. I failed passing everything through to the standard windows VPN and I failed trying to use VPNC along with a supported tun.ko file. I now have attempted OpenVPN. I am new to OpenVPN (installed on Server 2003) and took from multiple online sources to configure it all.
That was the back story, sorry for it, but I thought it was necessary to explain my situation. Now for the issue. I have successfully connected to my OpenVPN server using the following:
- OpenVPN Installer Version 0.2.3
- OpenVPN Settings Version 0.4.7
- HTC Thunderbolt supported tun.ko
- - Running insmod /system/lib/modules/tun.ko from terminal emulator using su level permissions
- OpenVPN generated config files
The issue:
- OpenVPN Settings connects to my server and displays the following: "Connected to XX.X.XXX.XXX as"
- I am new to this, but I would imagine it should give me a IP address regestered on my network.
The question:
- Is this an issue with the way OpenVPN is configured on my server or is this an issue with my phone and the way its configured to connect to OpenVPN? Anyone ever encounter this? What are steps I can take from here?
** Please note: If this thread has been placed in the wrong forum, please advise where it should be started and I will do so accordingly. Thank you.
Related
Dear all, I got my new Nexus One, rooted, with recovery ROM and with Modaco Custom ROM installed (without Add-On installed).
I installed also the VPN Connection but I cannot get it to work!
Anyone was succesfully get it to work on N1?
Or any other idea to get a VPN connection with a Cisco concentrator?
thank you
I would like that one as well!
I've installed the VPN connection from the market on top of Cyanogen's Baconmod and it worked the first time. I'm going back to my companies Cisco concentrator also.
I'm using a group password - make sure you set that up correctly... Connects over WiFi or 3G with no issues. I'm not certain if it works well with certificates.
I am unlocked, rooted, RA Recover, and N1 Addon. Once you get all of that setup then go to the market and download "VPN Connections - root".
It should work barring any unforeseen configuration on your work side like TCP vs UDP, connections port changes, or anything else that would be propagated by a configuration file.
But if you unlock, root, and have Cyanogen's N1 Addon you should be fine unless you have a config challenge.
Ntwrkwizard
Cisco VPN works but has issues
Nexus is my first Android phone and I just rooted and baconized. I was so conflicted, but I told myself it was inevitable. The phone has been solid for a week and I knew that when the first ROM dropped with multi-touch, I wouldn't be able to resist. Might as well get a head start, right?
First thing I did was install VPN Connections from the Market and setup a connection to my company Cisco ASA. I was totally stoked when I was able to connect and VNC into my office PC. After I was done. I went back into VPN Connections and disconnected from the VPN. My Internet (WIFI) access did not come back. Next I tried disabling the VPN from within the app. No dice. I then forced VPN Connections closed and still no good. I ended up disabling and re-enabling WIFI to get it my net connection back. Is this normal?
networking hosed after disconnecting VPN...
Posted this over in the apps section, before I saw this thread:
Nexus is my first Android phone and I just rooted and baconized. I was so conflicted, but I told myself it was inevitable. The phone has been solid for a week and I knew that when the first ROM dropped with multi-touch, I wouldn't be able to resist. Might as well get a head start, right?
First thing I did was install VPN Connections from the Market and setup a connection to my company Cisco ASA. I was totally stoked when I was able to connect and VNC into my office PC. After I was done. I went back into VPN Connections and disconnected from the VPN. My Internet (WIFI) access did not come back. Next I tried disabling the VPN from within the app. No dice. I then forced VPN Connections closed and still no good. I ended up disabling and re-enabling WIFI to get it my net connection back. Is this normal?
Does this program place a .pcf file anywhere on the phone? I have a pcf file from my work VPN, and the options that are in the UI are not quite enough to cover what all I need to enter. I looked all over the place for a pcf file, but couldn't find one. I know that the get-a-robot initial version of this program had one, but I don't know where this new version keeps it (if it does at all).
jchap2k
Cisco VPN
I have a question about Cisco VPN. i've not tried using it on an android phone, because I wasn't sure if the way my company's VPN works is supported. My company uses a token file that needs to be "installed" on the computer for the Cisco VPN. So the question is, would the Cisco VPN solution for Android support this?
Thank you
Using CM beta 4 rom with update from Google and this program FCs when trying to connect to vpn.
Any helpful hints would be great.
not sure on the fc, maybe try another rom/kernel.
i wasn't able to get this to work using any of the cyan roms so i must be doing something wrong.
my vpn works fine with the settings i've used for both vpn client (windows cisco client) and vpnc (fedora linux client) but when i press connect on android it will instantly say failed, is there a log available for this application?
i have install OpenVPN Installer and OpenVPN Settings, and seemly they are all functioning OK(it indicate the phone is connected and a new ip is assigned). But when I ping the computers through the IP assigned by OpenVPN, The phone can not reach the computers. I tested on MIUI and CM7.1, the Vpn function well, which means the server is ok. MY ROM is 2.6.35.10-g2ee27f5 HTC sense 2.1. Thanks for your kind help!
As the subject states, non of the current roms/kernels appear to have the TUN/TAP driver to run openvpn.
Side note.. ATT pissed me off today (okay so I had it coming for tethering but still..) So, new solution is to run openvpn and force all the traffic through my openvpn gateway, this will keep ATT from spying, and also prevent them from using TTL (still speculation, but one of the methods to detect tethering)
Just out of curiosity, how did you confirm that the TUN/TAP driver was non-existant or not operating properly on the skyrocket?
I'm in the midst of doing the same ... installing openvpn. I have the server set up on my home PC and verified through another laptop off-network. But I have problems when trying to run openvpn settings. Here is what I did:
1) Copied .ovpn file, ca.crt, client1.crt, client1.key, ta.key FROM server TO /sdcard/openvpn directory on skyrocket
2) Installed busybox
3) Installed openvpn installer
4) Installed openvpn using #3
5) Installed and opened openvpn settings
6) Under "OpenVPN Settings" I checked the box saying "OpenVPN"
7) Under "OpenVPN Configurations", I selected my .ovpn file's checkbox
8) The .ovpn checkbox immediately disables and I have no openvpn
Was your approach similar?
I just checked via lsmod. I did not bother going through the process of moving my config files from my captivate to the skyrocket.
Samsung does not include the tun/tap driver in the stock kernel, so it will require a custom kernel, or at least someone to create the module with the same libraries as the stock kernel and just the tun.ko module file to copy across to our current phones.
Actually TUN/TAP is compiled directly into the stock kernel and not compiled as a module so you won't find it with lsmod. You also don't need to do an insmod to use it. I'm running openvpn just fine in tap mode.
There IS a bug in the OpenVPN Installer though that requires you to have ifconfig and route in /system/xbin/bb. It won't work if you select anything else during the openvpn install.
Here's what I did...
Install busybox to /system/xbin
Install openvpn to /system/xbin and select /system/xbin/bb as the location of ifconfig/route
adb shell or use a terminal on the device and do a su.
mount -o rw,remount /dev/block/mmcblk0p24 /system
mkdir /system/xbin/bb
cd /system/xbin/bb
ln -s ../busybox ifconfig
ln -s ../busybox route
mount -o ro,remount /dev/block/mmcblk0p24 /system
Configure and start openvpn.
Good to know.
Will try it in abit, I tried to run openvpn, but it failed on the tun driver, which is why I stopped, but I did not link bb, will give that a try when I get a chance... stupid ATT busted me for unauthorized tethering again.. so cannot get my existing openvpn config from my server yet...
gtj0:
I tried the directions you provided but with using tun and no luck. I'll try and reconfigure my openvpn server to run tap and will try agian.
jvanbrecht:
let me know if you make any progress
plarser48 said:
gtj0:
I tried the directions you provided but with using tun and no luck. I'll try and reconfigure my openvpn server to run tap and will try agian.
jvanbrecht:
let me know if you make any progress
Click to expand...
Click to collapse
I just reconfigured my server over to tun mode and it's still working fine.
Can you try running openvpn from a command line and see what errors it spits out?
I.E. openvpn --config server.ovpn
Also can you check if /dev/tun exists?
edit.....
Here's my config...
client
dev tun0
proto udp
float
remote vpn.example.com 21194
resolv-retry infinite
nobind
persist-key
persist-tun
ca vpn.example.com.ca.crt
cert zzz.crt
key zzz.key
tls-auth vpn.example.com.ta.key 1
cipher AES-256-CBC
comp-lzo
verb 4
mute 20
plarser48 said:
gtj0:
I tried the directions you provided but with using tun and no luck. I'll try and reconfigure my openvpn server to run tap and will try agian.
jvanbrecht:
let me know if you make any progress
Click to expand...
Click to collapse
I had no problems getting it to work, I borrowed my co workers usb modem to pull down my configs from my old Captivate (I use ssl-admin and store the configs with the certificates in zip format).
The problem I am having at the moment is getting tethering to work while openvpn is running.
Laptop can talk to the phone (using wifi tethering, usb tethering kills the adb session, but I suspect it would work just fine), and phone can talk to the world, but laptop will not connect to the world.
The routes are in place, I checked the sysctl options, and ip forwarding is enabled. Just no traffic will pass... it is driving me nuts... heh.
Success for me too! Not sure what was wrong. The server was always working no problem and was always able to connect directly over home wifi from laptop. But I wasn't able to connect on the Skyrocket.
But I used gtj0's config file, changed the remote ip address/port, and worked perfectly. Thanks!
jvanbrecht: I haven't tried it with tethering yet and probably won't get to until at least a few days. Hope to be able to help by trying on my phone sometime soon.
Everyone: Any idea if it is better to run tun or tap for mobile phone openvpn? Regarding tethering, do both tap and tun hide detectable elements like TTL at the IP layer?
EDIT: VPN Not Porting Properly?
Hmm. It seems I am able to connect no problem and openvpn on the phone says it's connected. But when I go to www.whatismyip.com from my phone, it still says an AT&T address. I expected with openvpn running that it should show my home server ip address no? Also, openvpn on skyrocket indicates that it is connected as 10.3.0.6. But if I try to ping 10.3.0.6 from the server I get no response. Is that expected?
plarser48 said:
Success for me too! Not sure what was wrong. The server was always working no problem and was always able to connect directly over home wifi from laptop. But I wasn't able to connect on the Skyrocket.
But I used gtj0's config file, changed the remote ip address/port, and worked perfectly. Thanks!
jvanbrecht: I haven't tried it with tethering yet and probably won't get to until at least a few days. Hope to be able to help by trying on my phone sometime soon.
Everyone: Any idea if it is better to run tun or tap for mobile phone openvpn? Regarding tethering, do both tap and tun hide detectable elements like TTL at the IP layer?
EDIT: VPN Not Porting Properly?
Hmm. It seems I am able to connect no problem and openvpn on the phone says it's connected. But when I go to www whatismyip com from my phone, it still says an AT&T address. I expected with openvpn running that it should show my home server ip address no? Also, openvpn on skyrocket indicates that it is connected as 10.3.0.6. But if I try to ping 10.3.0.6 from the server I get no response. Is that expected?
Click to expand...
Click to collapse
TAP provides a bridged connection so broadcasts on the server's network are propagated across the connection. For network-to-network connections this may be needed for things like dhcp and windows networking. For end users, this usually isn't a good thing because it eats up bandwidth. TUN, which is routed instead of bridged, is the better way to go.
My config only routes traffic destined for the server's LAN over the vpn connection so the behavior you see with whatsmyip is normal. Check openvpn's config file paramters to make the vpn the default route for all traffic.
See my other post. I included my configs.
Just add redirect-gateway option to your client configuration, or the server side client configuration in the ccd directory.
I have everything working. As for what att will see. Only an encrypted tunnel initiated from you phone to your vpn server. Ttl, ip options etc will not be visible to att.
Sent from my SAMSUNG-SGH-I727 using XDA App
Cool thanks again. I'll try updating my configs and trying again tonight. I'm sure not being able to ping across the tunnel was probably a configure issue a well.
You also need the Client to Client option enabled if you want the openvpn server to advertise routes to other vpn client devices and their associated networks. That would be another reason why you cannot ping across the tunnel if you are trying to ping another vpn device.
jvanbrecht:
I'm not seeing your config files on the board here. I'm fairly new here so maybe I'm not looking at the right place. But I didn't see an attachment.
The configs are posted in my other thread.
http://forum.xda-developers.com/showthread.php?t=1378970
Thank you. I'll try out the details in that post. If I have any questions I am going to post over there from now on because that post is more closely aligned with my goal and thus more relevant.
I want to connect my android device (nexus 7 2013) to an openvpn server which is not administrated by me, meaning I have no access on the configuration.
On my windows7-pc, I do this with the windows version of openvpn, the provided settings file for the openvpn server and the also provided pem-certificate.
Since the server uses the tap device of openvpn, alternative clients like openvpn for android by arne schwabe[1] don't work (this app doesn't support tap).
Since I don't have a private key file (*.key), I cannot generate a p12-file[2] which could be imported by the official openvpn app[3].
The pem-fileformat is compatible to *.cer and *.crt, meaning, I can simply change the file extension to "convert" them. The crt-file can be imported by the android systems (security -> import), but this doesn't help openvpn as it seems to only use it's own certificates.
Any suggestions on how to achieve a successful connection?
[1]: play.google.com/store/apps/details?id=de.blinkt.openvpn
[2]: blog.max.berger.name/2010/01/pem-fromto-p12.html
[3]: play.google.com/store/apps/details?id=net.openvpn.openvpn
wifi
i think if you have ICS_P740AV1.0.0B07 + you can't find open hot spot and if you can see you can't connect.
Try to make one hostop secured with wpa2 and try it.
k0tsompakos said:
i think if you have ICS_P740AV1.0.0B07 + you can't find open hot spot and if you can see you can't connect.
Try to make one hostop secured with wpa2 and try it.
Click to expand...
Click to collapse
Whoa, i only understand half of it
I have android 4.3 JSS15Q rooted with flo (?). I have superSU and Busybox installed. I followed the default instructions of the nexus root toolkit. My wifi is connected for sure, but it has blocked ports (which is the reason for all this). However, since I'm failing at an earlier stage, and, since it works from my pc from the same network with the same openvpn on the same ports I suppose the error is not in the network settings...
The wifi i'm connected to has wpa2+pkip etc. but I'm not sure how this is relevant...
rom
you have installed a custom rom?
you have try to enable and disable airplane mode?
you have data conenction?
k0tsompakos said:
you have installed a custom rom?
you have try to enable and disable airplane mode?
you have data conenction?
Click to expand...
Click to collapse
I have stock android rooted. I only have wifi and the connection works perfectly, I tried rebooting the device, I consider this counts as "dis/enable airplane mode". I have good wifi signal strength.
I have no issues accessing websites over port 80/443, only the blocked ports don't work. The openvpn server is reachable on port 443 (it works from my pc).
Hello,
did you ever manage to solve this? I'm looking to configure my nexus 7 2013 to connect to an OpenVPN server using TAP and it doesn't seem to be working. I'm using OpenVPN settings with certificate-based authentification. I'm able to connect to my server, however I don't get a local IP address assigned and when I browse the internet, my IP is still showing up as from the original connection instead of the VPN endpoint. Computers with windows 7 can connect to the server no-problem and all their traffic is directed to the tunnel. Any ideas for guides and walkthroughs?
Thanks. Any help is very much appreciated.
I was using OpenVPN Installer and OpenVPN Settings to connect to an openvpn server using a TAP interface on KitKat. After upgrading to Lollipop, it won't work anymore. When I try to run the openvpn binary in the command line I get this error:
Code:
error: only position independent executables (PIE) are supported.
I know there are other OpenVPN clients that work, but they only support TUN interface. Does anyone know of a solution?
Did you get it working?
Mine works but blocks all internet access
Any solutions? I am getting this error message too
OpenConnect will work if you have a compatible VPN.
Sent from my Nexus 5 using XDA Free mobile app
Plugin
I used EasyOvpn plugin to find a working server for OpenVPN Connect without having to set it up myself. Works. But since VPN makes internet almost unusable from where I live, I've stopped using either altogether. Hope that helps.