[Q] Openvpn Binary for Lollipop S5 - Sprint Galaxy S 5 Q&A, Help & Troubleshooting

With the lolipop update a new security feature was enforced that an executable must be position independent (PIE) see:
http://en.wikipedia.org/wiki/Position-independent_code
I am trying to run an openvpn binary in a terminal emulator (command line/shell whatever you want to call it) on a rooted sprint s5 extracted from the openvpn installer apk:
https://play.google.com/store/apps/details?id=de.schaeuffelhut.android.openvpn.installer&hl=en
There is a thread on xda regarding disabling the pie security but it talks about nexus and not an s5 and I even tried the patches but it didn't work for me (I didn't get the same error about pie but it still didn't help) it works perfectly fine from a kitkat note 3.
http://forum.xda-developers.com/google-nexus-5/development/fix-bypassing-pie-security-check-t2797731
I am looking for any possible solutions (ie lolipop compatible openvpn binary or a working pie patch for the s5)
Thanks so much!

binary
hi ejgreenwald try the attached binary. it almost worked for me (Galaxy S5 5.0.1 i think) but should work now samsung have done some updates.

Error with this binary
When running this binary on 5.1.1, I get the following error:
linux ip link set failed: could not execute external program
A search on this error suggests that iproute2 may need to be included in the core
Any ideas, anyone?

SHKaminski said:
When running this binary on 5.1.1, I get the following error:
linux ip link set failed: could not execute external program
A search on this error suggests that iproute2 may need to be included in the core
Any ideas, anyone?
Click to expand...
Click to collapse
it might need busybox?

SHKaminski said:
When running this binary on 5.1.1, I get the following error:
linux ip link set failed: could not execute external program
A search on this error suggests that iproute2 may need to be included in the core
Any ideas, anyone?
Click to expand...
Click to collapse
Copy /system/xbin/ip /sbin

Hi guys! Thank you jamie_clarke_jc and gRUblo !!!
Thanks to your answers and binary I managed to finally run openvpn on my Note 3.
I can confirm that it works also beautifully on Samsung N9005 Android 5.0 :good:
EDIT: Smalll Update ...
I'm sorry, it turns out that I still have no connection through OpenVPN!
I thought that everything is fine because OpenVPN settings showed that I am connected, and I even getting an IP form VPN, but cannot ping to other devices on the same network. At first glance, I thought that it works, but it turned out that the web pages load of a devices loads from web browser cache ::crying:

wydziub said:
Hi guys! Thank you jamie_clarke_jc and gRUblo !!!
Thanks to your answers and binary I managed to finally run openvpn on my Note 3.
I can confirm that it works also beautifully on Samsung N9005 Android 5.0 :good:
Click to expand...
Click to collapse
Using this binary, latest busybox, and with the ip copied to /sbin ... I still get ... "unable to redirect default gateway - VPN gateway parameter (-route-gateway or -ifconfig) is missing".
Any ideas y'all?

rmedure said:
Using this binary, latest busybox, and with the ip copied to /sbin ... I still get ... "unable to redirect default gateway - VPN gateway parameter (-route-gateway or -ifconfig) is missing".
Any ideas y'all?
Click to expand...
Click to collapse
I think i might be because your ifconfig.
I have ifconfig in:
- /system/bin/ifconfig (link to /system/bin/toolbox) -stock ifconfig, not able to create tunnel,
- /system/xbin/ifconfig (link to /system/xbin/busybox) -created by busybox, that one works.
Path to ifconfig is fixed in the OpenVpn binary, and in the binary sent by jamie_clarke_jc, it is:
"/system/xbin/ifconfig", (since it works in my case).
Same for "route", path should be: "/system/xbin/route" (link to /system/xbin/busybox).
Please check if you've installed busybox in correct path, if yes, maybe try another version of busybox.
My openvpn binary is also located in "/system/xbin/".
It might have something to do with a client.
Mine is great" Open VPN Settings" by Friedrich Schäuffelhut.

wydziub said:
I think i might be because your ifconfig.
I have ifconfig in:
- /system/bin/ifconfig (link to /system/bin/toolbox) -stock ifconfig, not able to create tunnel,
- /system/xbin/ifconfig (link to /system/xbin/busybox) -created by busybox, that one works.
Path to ifconfig is fixed in the OpenVpn binary, and in the binary sent by jamie_clarke_jc, it is:
"/system/xbin/ifconfig", (since it works in my case).
Same for "route", path should be: "/system/xbin/route" (link to /system/xbin/busybox).
Please check if you've installed busybox in correct path, if yes, maybe try another version of busybox.
My openvpn binary is also located in "/system/xbin/".
It might have something to do with a client.
Mine is great" Open VPN Settings" by Friedrich Schäuffelhut.
Click to expand...
Click to collapse
Hmm, I have busybox from Stephen Erickson installer ... in /system/xbin, same 5.27MB openvpn binary above, and same client by Friedrich. Are you using TAP device? (Note, no problem here with TUN device ... but really need bridged connection)

Is there a chance to get this binary recompiled to the latest openvpn code? Looking to get this patch included to help with my TAP configuration:
http://article.gmane.org/gmane.network.openvpn.devel/10111

I've been using the paid version of 'OpenVPN Client' app by colucci-web.it for a month or so now ... their TAP emulator has been working fine with no issues so far as I can tell.

Related

OpenVPN with Root - Updated 8/19

Easy way - OpenVPN on rooted/S_OFF Incredible with BusyBox installed:
This is by far the easiest way to set up OpenVPN. Make sure you copy your config file and any relevant keys to a folder on your sdcard. First, you need to know where BusyBox is installed, and if you already have the tun.ko module. For BusyBox, for most Roms based off the 2.2 8/1 leak, the location is /system/xbin. An easy way to check on your phone:
adb shell
find / -iname "iptunnel"
The path containing the file is where BusyBox is installed. If you don't have it installed, you can follow the instructions at the bottom of this post to install it.
The tun.ko module depends on your kernel. With the hydra 2.2 kernels, the location is /system/lib/modules/tun.ko . Easy way to check:
adb shell
find / -iname "tun.ko"
If you do not have tun.ko on your system, then you can download it for 2.2 (tun.zip) or 2.1 (inside openvpn.zip) attached to this post.
Next, download the following two apps from the Android Market:
OpenVPN Installer
OpenVPN Settings
Next, run OpenVPN installer, click install, give it an install path (I prefer /system/xbin), and give it the path to BusyBox.
Finally, run OpenVPN Settings. Go to Menu -> Advanced, make sure "Load tun kernel module" is checked.
Click on "TUN module settings"
Change "Load module using" to insmod
Change "Path to tun module" to... the path to your tun.ko file. Click back.
Update "Path to configurations" and "Path to openvpn binary".
That should be it!
This is how to run OpenVPN on a rooted Incredible using unrEVOked root and the stock 2.1 ROM with S_ON
NOTE: This is only for rooted Stock 2.1 without S_OFF. If you have S_OFF via unrevoked forever, just use Openvpn Installer and Openvpn Settings, both available in the market. Much easier!
This is my first time doing something like this, so bear with me if it is a little rough!
You must have root access to set this up. You do NOT need to go back into recovery adb though.
First, download the attached openvpn.zip containing the following:
tun.ko - kernel module for 2.1.
openvpn-static - statically compiled openvpn
If you are using 2.2, tun.zip contains the module compiled for the 2.2 kernel (thanks Apalyan!)
You will already need to have a working client.conf, and any associated keys. Copy the following files into a folder named 'openvpn' on the sdcard, or push with the following:
adb mkdir /sdcard/openvpn
adb push tun.ko /sdcard/openvpn/tun.ko
adb push client.conf /sdcard/openvpn/client.conf
adb push client.key /sdcard/openvpn/client.key
adb push client.crt /sdcard/openvpn/client.crt
adb push ca.crt /sdcard/openvpn/ca.crt
adb push openvpn-static /sdcard/openvpn/openvpn-static
The following must be done in a root shell:
adb shell
su
mkdir /data/openvpn
dd if=/sdcard/openvpn/openvpn-static of=/data/openvpn/openvpn
chmod 700 /data/openvpn/openvpn
Use the OpenVPN Settings configuration below to start/stop openvpn.
Note: All of the code was already written and ported to Android by the guys behind OpenVPN Settings. I just compiled a new tun.ko from the Incredible kernel source, and recompiled the statically linked openvpn with updated paths to ifconfig and route.
ADDED (thanks wraithdu!):
If you have trouble with post-connection routing, you may need to install busybox for a more powerful route/ipconfig. Instructions are here:
---
busybox is installed by the latest rooting process, but it's not a full install, ie it does not create all the command links. I got the file from the Titanium Backup site:
http://www.matrixrewriter.com/android/files/busybox-1.15.3.zip
To install:
1) extract and push busybox to your sdcard, reboot into recovery
2) mount /system
3) if you don't have /system/xbin (you should), create it
adb shell:
# mkdir /system/xbin (if necessary)
dd if=/sdcard/busybox of=/system/xbin/busybox
cd /system/xbin
chmod 755 busybox
./busybox --install .
4) reboot and done
OPTIONAL - before rebooting replace the busybox installed by the root process in /system/bin
1) mv /system/bin/busybox /system/bin/busybox.bak
2) cp /system/xbin/busybox /system/bin/busybox
OpenVPN Settings Instructions
OpenVPN Settings v. 4.6 works flawlessly with this! Here are setup instructions:
Install OpenVPN Settings v. 4.6 from:
Can't post links yet, do a google search for OpenVPN Settings, go to the Google Code download page, and download version 4.6.
Then, launch OpenVPN Settings, press Menu -> Advanced, and fill in the following settings:
Load tun kernel module - Checked
TUN module settings:
Load module using - insmod
Path to tun module - /sdcard/openvpn/tun.ko
Path to configurations - leave default
Path to openvpn binary - /data/openvpn/openvpn
It should work beautifully then.
any way to do it with non certicate based connections? i.e., group/psk configs?
The certificate setup isn't important, it is just how mine is set up. Any valid .conf should work.
ifconfig error
i got it all installed , it connects, but then in the end it says fatal error, ifconfig failed, could not execute external program. any ideas
You can run it manually to see what exactly is happening. Try the following:
adb shell
su
/data/openvpn/openvpn --config /sdcard/openvpn/client.conf
What generates the error?
error
Wed Jun 16 08:52:50 2010 /system/xbin/bb/ifconfig tap0 192.168.200.2 netmask 255
.255.255.0 mtu 1500 broadcast 192.168.200.255
Wed Jun 16 08:52:50 2010 Linux ifconfig failed: could not execute external progr
am
Wed Jun 16 08:52:50 2010 Exiting
and ifconfig is under /system/bin not /system/xbin/bb/. do you guys know where i need to change that?
The ifconfig stuff is hardcoded. I uploaded the wrong version - try this one.
Works perfectly
THANK YOU , works great
fang0654 said:
The ifconfig stuff is hardcoded. I uploaded the wrong version - try this one.
Click to expand...
Click to collapse
Thanks very much for this! Will be trying it later today.
Fang - Thanks again. Do you have any suggestions on a util or tutorial on making a conf file? I've access to our Cisco ASDM for our ASA, the URL for the ASA, group name, Group key, and of course my username and pw.
For that, you need vpnc instead of openvpn.
I know the problem with using the VPN Connections app is that the tun.ko autoload doesn't work. There are a couple of things you may be able to do as a workaround.
1. Load the module by hand:
adb shell
su
insmod /sdcard/openvpn/tun.ko
or 2. Use the OpenVPN Settings app from above to load the tun module (just start openvpn, then stop it), then try out the VPNC app.
I don't have a Cisco vpn so I don't have any way of testing whether this works.
Gets "failed to connect" immediately. know of any way to launch the vpn connections via command line to see where it is failing?
This worked like a charm! Thanks very much for this guide.
Stupid question, how do I get to a adb shell? I already rooted the phone. I don't have to do the rooting process all over do I?
If your running Linux, just type "adb shell" in you terminal window - make sure your phone is connected via USB cable - you should get the "$" after this command and then your in your phone's shell.
I believe windows is the same way, but I only have Linux stuff running now...
Thanks a lot for putting this together!
mattwood2000 said:
If your running Linux, just type "adb shell" in you terminal window - make sure your phone is connected via USB cable - you should get the "$" after this command and then your in your phone's shell.
I believe windows is the same way, but I only have Linux stuff running now...
Click to expand...
Click to collapse
With the phone connected via USB (Disk drive or anything), I type "adb shell" and get device not found. I'm running Windows 7. Phone has been rooted (have Wifi Tethering installed). Just having issues getting it back to the shell command like when I first rooted it :/
make sure USB Debugging is enabled
OK, had a misspell in the tun.ko file.
I'm connected now. But unable to connect to anything on my network. Still looking into it.
Any ideas? I've restarted the phone. I'm connected to my OpenVPN server. I cannot ping the IP assigned to it (from OpenVPN status page). I cannot ping anything on my internal network from the shell. Shows no data moving. Do I need to do something?
I did a netconf and i have this:
tap0 UP 172.30.100.255 255.255.0.0 0x00001043

[17/12][UPDATE]OPENVPN.zip!!FLASH WITH CWM-ANY SENSE ROM

OpenVPN on SENSE & Buzz OC/UV 1.51Ghz 1.1.4 HOW TO
NEW UPDATE: 17/12/2010
OpenVpn.zip - FLASH IN CLOCKWORK MOD AND FOLLOW ON FROM STEP 4!!
WHAT IT DOES.
- New iptables
- New Openvpn binary
- All Symlinks created.
- All Permissions.
- Folders Created.
REQUIREMENTS:
-ROOT
-CWM-RECOVERY
-BusyBox
-OpenVpn config files, certs etc in /sdcard/openvpn
CONFIRMED WORKING ON :
-LeeDroid 1.2
-[RUU_Ace_HTC_WWE_1.32.405.6 Stock Sense Rom] - thanks to Walker Street For Testing.
Please inform me if you can confirm this working on Other ROM'S Thank you.
I AM USING ,
[KERNEL]Buzz OC/UV 1.51Ghz CFS+BFQ+SmartAss+TUN+EXT4+.27 ACE 1.1.4 [15/12/2010]
IN THEORY THIS SHOULD WORK WITH ANY SENSE ROM & KERNEL..
JUST MAKE SURE YOU THE KERNEL HAS A TUN.KO ETC CONFIGURED FOR IT.
DOWNLOAD :
http://dl.dropbox.com/u/15057375/mero01-xda/OpenVPN.zip
And a BIG thanks to ecips for helping with this
NO LONGER NEED TO DO ANY OF THIS , JUST USE OpenVPN.zip & FOLLOW ON FROM STEP 4!!
Ok guys had alot of problems gettings this too were it working, hopefully you guys might see some errors/fix's to improve on this
Requirements:
OpenVPN-Settings - Market
OpenVpn Binary File - Located in the openvpn4DesireHD.ZIP
LeeDrOiD HD v1.2 - http://forum.xda-developers.com/showthread.php?t=842802
Buzz OC/UV 1.51Ghz 1.1.4 - http://forum.xda-developers.com/showthread.php?t=835616
UPDATED 17/12/2010: CONFIRMED WORKING ON, LeeDroiD HD v1.2 & Buzz OC/UV 1.51Ghz 1.1.4
A) Not sure if this matters or not but i copied LeeDroids iptables file from the Desire.
B) Copy your client.conf or .ovpn file and certs to /sdcard/openvpn
C) Implementation:
1. Unzip/copy openvpn binary file to device.
1.b replace the current openvpn file in /system/xbin with this new one
1.c -- chmod +x with it.
Code:
adb remount
adb push openvpn /system/xbin/
adb shell
chmod +x /system/xbin/openvpn
exit
If " adb remount " didnt work
Code:
su
mount -o rw,remount -t yaffs2 /dev/block/mmcblk0p25 /system
in order to mount system as read/write
2. Make folder /system/xbin/bb
Code:
adb remount
adb shell mkdir /system/xbin/bb
exit
3. Make symbolic links to ifconfig and route & busy box.
THIS IS WERE THE PROBLEMS ALL COME FROM AND IF YOU HAVE ISSUES THIS IS WHAT WILL BE CAUSEING IT! SOMETHING TO DO WITH LINK BETWEEN BUSY BOX AND IFCONFIG......BUT I TRIED FROM FRESH BOOT AND IT WORKS FLAWLESSLY NOW WILL TALK TOO LEE ABOUT GETTING EVERYTHING INBUILT IN LEEDROID
Code:
adb remount
adb shell
ln -s /system/xbin/ifconfig /system/xbin/bb/ifconfig
ln -s /system/xbin/route /system/xbin/bb/route
ln -s /system/xbin/busybox /system/xbin/ifconfig
reboot
4. Install/Configure OpenVPN-Settings
4.0 Install OpenVPN-Settings from "Market" its free dont worrie
Code:
4.1 On device, launch OpenVPN Settings.
4.2 Long press openvpn.conf, Preferences.
4.3 Check "Use VPN DNS Server"
4.4 Enter your VPN DNS Server
4.5 Script Security Level Select Built-in + scripts
4.5 press back
4.6 Click click the sub-menu option select Advanced
4.7 Load tun kernel module and make it 'insmod /system/lib/modules/tun.ko' before starting openvpn.
7.8 Change path to openvpn binary to /system/xbin/openvpn
Click " Fix HTC Routes "
You should now be connected
IF I FORGOT ANYTHING PLS LET ME KNOW VERY TIRED WHEN I DID THIS HAHA
Here is my config anyways for reference and here is my client config
Code:
client
dev tun
proto udp
remote XXX.XXX.XXX.XX 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert mero-android.crt
key mero-android.key
comp-lzo
verb 6
script-security 2
Have also realised if you go terminal and do following gives you nice log
basicly , su root, cd to your openvpn folder location, run openvpn on your client conf
Code:
su
cd /sdcard/openvpn
openvpn client.ovpn
For added security. To make the OpenVPN request a password on connect. do the following
change step 4.5 to Script Security Level Select Built-in + scripts + passwords
add the following to your server conf.
Code:
username-as-common-name
plugin /usr/lib/openvpn/openvpn-auth-pam.so login
and this to your client
Code:
auth-user-pass
Change Log:
Use OpenVPN.zip & step 4 and beyond.
17/12/2010
DOWNLOAD:
http://dl.dropbox.com/u/15057375/mero01-xda/OpenVPN.zip
Out of curiosity, what is OpenVPN used for?
Then i will know if i have to use your spot on tutorial
no1male said:
Out of curiosity, what is OpenVPN used for?
Then i will know if i have to use your spot on tutorial
Click to expand...
Click to collapse
It's a VPN (virtual private network). I can access my home and work computers from my android.
I am super-impressed mero. But I wasn't able to get it to work .... I think it's my fault .... I've stuffed around so much. I'm right now starting a clean install.... It should work..... I hope.
Walker Street said:
I am super-impressed mero. But I wasn't able to get it to work .... I think it's my fault .... I've stuffed around so much. I'm right now starting a clean install.... It should work..... I hope.
Click to expand...
Click to collapse
thanks
I did alot of stuffing around aswell thats why i wanted to test it.
So i did a full wipe. then flash to 1.2 reboot. flash to 1.0.1.fix. and then first thing i did was follow those steps.
connection worked first go
please update me, as im sure i can help.
Walker Street,
I attached a screen shot of the actual adb session i did just incase. the bottom 3 commands to my knowledge and what i can see dont work so i ommited them from the tut. but they might do somthign and not display it so thought i might upload incase.
mero01 said:
Walker Street,
I attached a screen shot of the actual adb session i did just incase. the bottom 3 commands to my knowledge and what i can see dont work so i ommited them from the tut. but they might do somthign and not display it so thought i might upload incase.
Click to expand...
Click to collapse
Silly me. I forgot to set 'Fix HTC Routes'. Now I've done that and your method rules.
You're a genius mero. It works.
I changed permissions for the new openvpn and iptables using root explorer so they could execute. Maybe you didn't need to because you were doing adb push from linux (I was doing it from windows).
I don't have a DNS server, so I didn't need to specify one.
I would highly recommend these changes to LeeDroid for his rom. Have you messaged him yet?
Walker Street said:
Silly me. I forgot to set 'Fix HTC Routes'. Now I've done that and your method rules.
You're a genius mero. It works.
Click to expand...
Click to collapse
+1
Thank you very much
Walker Street said:
I changed permissions for the new openvpn and iptables using root explorer so they could execute. Maybe you didn't need to because you were doing adb push from linux (I was doing it from windows).
I don't have a DNS server, so I didn't need to specify one.
I would highly recommend these changes to LeeDroid for his rom. Have you messaged him yet?
Click to expand...
Click to collapse
to be honest the only part i did in adb was the symlinks did everything else in root explorer.i didnt change any permissions :S
Yes i have PM'd him, awaiting a reply
just updated to Buzz 1.0.2 , everything still works
Walker Street said:
It's a VPN (virtual private network). I can access my home and work computers from my android.
Click to expand...
Click to collapse
Yes and tunnel all your internet traffic back through the VPN encrypted in many ways
also works with buzz 1.0.8.
and after pushing the openvpn binary, you need to do chmod +x with it.
raw235 said:
also works with buzz 1.0.8.
and after pushing the openvpn binary, you need to do chmod +x with it.
Click to expand...
Click to collapse
No worries thanksss, i shall update
anyone tried with 1.1.0 ?
Hello,
i'm in trouble....
At first, i have an error when i try the adb remount command : Operation not permitted
Then i have a second message when i try to create the "bb" folder : mkdir failed for bb. Read-only file system.
I'm confused because tel is rooted, S-OFF and suped-CID. I even changed the Kernel with Buzz's one 1,2Ghz.
Did i miss something?
Thanks for your help
Lionel
EFCAugure said:
Hello,
i'm in trouble....
At first, i have an error when i try the adb remount command : Operation not permitted
Then i have a second message when i try to create the "bb" folder : mkdir failed for bb. Read-only file system.
I'm confused because tel is rooted, S-OFF and suped-CID. I even changed the Kernel with Buzz's one 1,2Ghz.
Did i miss something?
Thanks for your help
Lionel
Click to expand...
Click to collapse
hmm thats very strange... adb remount should work...
actually quite puzzled at that dunno why it wouldnt work if you do have root etc.
only other thing i can think of is have you got busybox installed ?
what state is your phone in when your trying to do this ? ie off. on, recovery mode.
Hi,
thanks for reply!
I have a branded SFR phone in France but i managed to root it and S-OFF it without problem.
I switched to another Kernel with the tun.ko file and that's all.
When i tried adb remount, the phone was ON (no recovery or anything else).
I will try in recovery mode.
Busybox is installed.
Note : impossible to connect adb while in recovery.
This seems to be the problem :
when switching kernel only, i don't change the property ro.secure because it's nested (of what i read) in the boot.img. I have a branded phone and this property is set to 1.
Is there a way to change this property without changing the whole ROM? I would llike to stay with this one.
Thanks for your advice
lionel
Ok,
switched to Leedroid 1.2 and re-changed kernel to Buzz 1,22Ghz.
This tutorial is awesome!
Thanks mero01!!!
Is there a way to use the WIFI connection instead of 3G?
EFCAugure said:
Ok,
switched to Leedroid 1.2 and re-changed kernel to Buzz 1,22Ghz.
This tutorial is awesome!
Thanks mero01!!!
Is there a way to use the WIFI connection instead of 3G?
Click to expand...
Click to collapse
no worries
yer just disable 3g and use wifi. just make sure that its not using the same wifi your openvpn server is on...
Yes, of course!
I will try from a friend's wifi this afternoon!
Thanks
lionel

[GUIDE] OpenVPN for Dummies

Thanks to all the developers who put the bits & pieces together; without them it wouldn't be possible. You don't need to be an Android or Linux guru to get it working - SDK, ADB, etc. are not required.
What is OpenVPN?
OpenVPN is a free and open source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses SSL/TLS security for encryption and is capable of traversing network address translators (NATs) and firewalls.
What's Covered in this Guide:
A step by step tutorial for configuring OpenVPN on the Evo 4G. Use at your own risk!
Not Covered:
Yea but how do I?
Requirements:
Rooted Evo
USB Data Cable
Amon RA Recovery - RA-evo-v1.8.0 (or above)
http://files.androidspin.com/downloads.php?dir=amon_ra/RECOVERY/&file=recovery-RA-evo-v1.8.0.img
Terminal Emulator (download from market)
Super Manager (download from market)
Busybox (download from market)
OpenVPN Installer (download from market)
OpenVPN Settings (download from market)
Tun.ko built for your specific kernel (recommend netarchy-toastmod, Stable: 4.1.9.1 or higher)
http://forum.xda-developers.com/showthread.php?t=719763&highlight=amon
Modified openvpn executable & matching iproute-wrapper script.
http://forum.xda-developers.com/attachment.php?attachmentid=385959&d=1282516002
An OpenVPN Account & config files.
GTech Net Tools (download from market).
Let's begin.
Root your Evo if not already done.
Install GTech Net Tools & run; select My IP & Get IP Address; External Address & Local Information are issued from your cell provider data network; record these values for later comparison.
Install Amon RA.
Install Busybox to /system/xbin.
Install OpenVPN Installer (binaries) to /system/xbin; select path to ifconfig: /system/xbin.
Install OpenVPN Settings (settings later in this guide).
Install custom kernel with built in tun.ko support; flash via Amon RA recovery & reboot.
Install Terminal Emulator.
Install Super Manager.
Open your openvpn config file & add the following to the last line, then save: 'iproute /system/xbin/iproute-wrapper.sh'.
***Make sure your config.ovpn file has NO_SPACES in name***
Connect Evo to PC via USB cable; select 'Disk Drive' & 'Done'.
Create folders on SDCard 'Downloads' (if not already there), and 'openvpn'.
Copy your config.ovpn files to SDCard/openvpn folder
Copy 'openvpn' & 'iproute-wrapper.sh' to Downloads folder on SDCard.
Disconnect USB cable.
Start Super Manager; select Settings; Enable ROOT function; press back button on phone; browse to SDCard/Downloads - copy & paste 'openvpn' & 'iproute-wrapper.sh' to /system/xbin.
Start Terminal Emulator.
@ $, type su & enter key; should now see #
Type 'chmod 755 /system/xbin/openvpn' & enter; then type 'exit' & enter.
Start Super Manager; select Settings; disable ROOT function.
Press Home button on phone.
Start OpenVPN Settings; press 'menu' button on phone; select 'advanced'; check 'load tun kernel module'.
Click 'TUN modules settings'; Check Load module using 'insmod'.
Enter Path to tun module: '/system/lib/modules/tun.ko'.
Select 'path to openvpn binary'; enter '/system/xbin/openvpn'.
Check 'Fix HTC Routes'.
Press Back button on phone.
Check OpenVPN; check your_server.ovpn; 'Username/Password required' should appear on Status bar at top of phone.
Slide Status bar down, click on 'Username/Password required', enter info & click 'OK'.
Under yourserver.ovpn view status - Wait for 'connecting...auth...get config'...should be 'connected to 111.111.111.111 as 222.222.222.222'.
Start GTech Net Tools; select My IP & Get IP Address; External Address & Local Information should now be issued from your OpenVPN provider; compare to original data you recorded earlier.
Press Home button on phone...do you see the 'Key' icon on Status bar?
If Yes.............You have done it!
Additional Resources:
OpenVPN
http://openvpn.net/
Wikipedia - OpenVPN
http://en.wikipedia.org/wiki/Openvpn
Enjoy!
Check 1st post for revisions & updates.
Thanks for the write up. However, can you dumb it down one more level. I started looking at OpenVPN when I realized that the Android VPN was broken. I have configured Windows VPN for my home Windows PC, but I assume that it won't directly work with OpenVPN.
What do I need to do to configure my PC?
I assume once I understand that, I'll also understand what you mean by "An OpenVPN account & Config Files.
I appreciate your help.
The guide is limited to OpenVPN on the Evo 4G Android platform.
I have a question also. I am stuck at the Open your openvpn config file & add the following to the last line, then save: 'iproute /system/xbin/iproute-wrapper.sh" step. Is this on the EVO or on the OpenVPN account?
Also, I signed up for the OpenVPN account and am using a Macbook-with Windows 7 installed via Parallels, an iMac and another laptop running Linux Ubuntu. Which program do I download for my setup on the OpenVPN site so that they all work? I don't see one for OSX? I have tried the EVOVPN app and it works great just for the phone....but computers won't hook up even though I have them set up using the same LAN settings.
I am hoping for something that will let me use a secure server using the EVO connecting all of my computers.
Thanks for your help and for the guide and for any advice you could share. Have a great day!
Good questions - focus on keeping things simple.
1Brite1 said:
I am stuck at the Open your openvpn config file & add the following to the last line, then save: 'iproute /system/xbin/iproute-wrapper.sh" step. Is this on the EVO or on the OpenVPN account?
Click to expand...
Click to collapse
Your OpenVPN provider posts config files to download required for their service to work. Normally no editing is necessary, but for Android it is at least for now (*more on why later).
Their config files package may include many different types of files, look for the one with .ovpn extension (there may be several - server_1.ovpn, server_2.ovpn, etc.); open the file(s) with your text editor; normally the last line of this file is 'auth-user-pass'; create a new last line 'iproute /system/xbin/iproute-wrapper.sh' (without quotation marks) and save. Copy this edited file & any other config files your provider requires to the Evo /sdcard/openvpn folder you created earlier.
1Brite1 said:
I signed up for the OpenVPN account and am using a Macbook-with Windows 7 installed via Parallels, an iMac and another laptop running Linux Ubuntu. Which program do I download for my setup on the OpenVPN site so that they all work? I don't see one for OSX? I have tried the EVOVPN app and it works great just for the phone....but computers won't hook up even though I have them set up using the same LAN settings.
Click to expand...
Click to collapse
The good news is whatever OpenVPN service provider you choose, it should work with whatever device you have. However, each operating system has different requirements, so there are clients specific to each of these OS's. For example, Windows client = openvpn client, Linux = gopenvpn, etc. For the Evo, & Android in general, the client is 'OpenVPN Settings', setup of which is included in the guide. 'EVOVPN' is not 'OpenVPN', we're not sure what it is, they don't offer any support or documentation; advise to stay away until more info is available.
1Brite1 said:
I am hoping for something that will let me use a secure server using the EVO connecting all of my computers.
Click to expand...
Click to collapse
As above, only one service provider is needed, the clients vary by operating system. If you're referring to remotely accessing your other computers via the Evo with OpenVPN running, well yes that works but is not covered here; setup for that would be the same whether or not you use OpenVPN.
*The edit to .ovpn config file is required at this time to let the Android client know which routing table is being used; it may become unnecessary with future updates.
Thank you sc10000.....I appreciate your time...nothing more frustrating than asking a question and never getting an answer or one that is so informative. I will try the set-up again...but I see also that you have to pay for the OpenVPN service. I have an OpenDNS account and wonder if that is the same type of service and it is free but not sure if it will work with EVO. I will look into that option also as I know I used to use that for my Linux system. But, as you said, that may be just operating system specific. Again, thank you for elaborating!!! Now, I get it.
Thanks for the tutorial sc10000. I just wanted to put a little bit of input into the mix.
OpenDNS is quite different from OpenVPN. OpenVPN is strictly for users who need to encrypt their connection and/or connect to another 'network' such as their work or school network. A lot of other people use OpenVPN for other reason (i.e., watch Hulu from another country outside of the US, etc.).
I use Private Internet Access ( privateinternetaccess.com ) as an OpenVPN provider and it works with your tutorial. Other great providers are listed here:
Private Internet Access ( privateinternetaccess.com )
WiTopia ( witopia.net )
Strong VPN ( strongvpn.com )
There are a few others, but I would stick to the big three for safety.
Some other great providers not listed above:
Anonyproz - anonyproz.com
blackvpn - blackvpn.com
There are many out there, find one that suits you.
I keep getting
FATAL:Linux ip link set failed: could not execute external program
I checked the permissions on the files and they are executabled, I checked the iproute-wrapper.sh script and it was looking for ip in /system/bin my EVO did not have it there but it was in /system/xbin so I changed that too.
I don't recommend changing anything in the scripts or files. Go back to guide & make sure you have completed all the steps exactly. Possibly you have installed something in a different location, etc.
If still not working, then try a different kernel - you did replace the kernel right?
This one is working as of now, with ROM 3.70.651.1
netarchy-toastmod-4.3-bfs-nohavs-noUV-sbc-universal (No Undervolting)
I am on CM 6.1.1 and using 12/25/10 - SBC for BC's Kernel SBC-bcnice-stable-v7.zip (2.62 MB) Kernel
sc10000, what purpose would vpn serve on the cell phone for general usage? I can understand if connecting to a company vpn for access to their network.
What would the application be? Why would I want/need vpn (openvpn) on my android device?
gpz1100 said:
Why would I want/need vpn (openvpn) on my android device
Click to expand...
Click to collapse
Why would you volunteer your unprotected data to anyone who seeks it?
Right, but why would I be connecting to my network using the handset? I'd have the vpn client running on my laptop or netbook.
gpz1100 said:
why would I be connecting to my network using the handset? I'd have the vpn client running on my laptop or netbook.
Click to expand...
Click to collapse
vpn is not openvpn. Why would you connect any device to the internet without security?
Big brother is watching. Really.
I was hacking away at this last night, but haven't been successful in getting my vpn connection up and running.
I have copied my openvpn config from my linux box and have gone over the instructions multiple times to verify, but keep getting the following error in the log:
D/OpenVPNDaemonEnabler( 963): Received OpenVPN daemon state changed from Unknown to Disabled
D/OpenVPNDaemonEnabler( 963): Received OpenVPN network state changed from Connected to Exiting
D/OpenVPN-DaemonMonitor[/sdcard/download/openvpn/connect.ovpn]-mgmt( 963): attach(): using management port at 27860
E/OpenVPN-DaemonMonitor[/sdcard/download/openvpn/connect.ovpn]-mgmt( 963): attaching to OpenVPN daemon: /127.0.0.1:27860 - Connection refused
W/OpenVPN-DaemonMonitor[/sdcard/download/openvpn/connect.ovpn]( 963): start(): choosing random port for management interface: 32537
D/OpenVPN-DaemonMonitor[/sdcard/download/openvpn/connect.ovpn]-daemon( 963): invoking external process: /system/bin/su
D/OpenVPN-DaemonMonitor[/sdcard/download/openvpn/connect.ovpn]-daemon( 963): invoking command line: /system/xbin/openvpn --cd '/sdcard/download/openvpn' --config 'connect.ovpn' --writepid '/data/data/de.schaeuffelhut.android.openvpn/files/com.d/_sdcard_download_openvpn_connect.ovpn-pid' --script-security 1 --management 127.0.0.1 32537 --management-query-passwords
D/OpenVPNDaemonEnabler( 963): Received OpenVPN daemon state changed from Unknown to Startup
D/OpenVPNDaemonEnabler( 963): Received OpenVPN daemon state changed from Unknown to Disabled
D/su ( 4167): 10165 de.schaeuffelhut.android.openvpn executing 0 /system/bin/sh using shell /system/bin/sh : sh
D/OpenVPN-DaemonMonitor[/sdcard/download/openvpn/connect.ovpn]-daemon-stdout( 963): Options error: Unrecognized option or missing parameter(s) in connect.ovpn:22: iproute (2.1.1)
D/OpenVPN-DaemonMonitor[/sdcard/download/openvpn/connect.ovpn]-daemon-stdout( 963): Use --help for more information.
I/OpenVPN-DaemonMonitor[/sdcard/download/openvpn/connect.ovpn]-daemon-stderr( 963): terminated
I/OpenVPN-DaemonMonitor[/sdcard/download/openvpn/connect.ovpn]-daemon-stdout( 963): terminated
Click to expand...
Click to collapse
If I comment out the "iproute /system/xbin/iproute-wrapper.sh" from my config file, then the vpn will say it is connected, but I won't be able to access anything.
Any help is appreciated!
enormous said:
If I comment out the "iproute /system/xbin/iproute-wrapper.sh" from my config file, then the vpn will say it is connected, but I won't be able to access anything.
Click to expand...
Click to collapse
Most likely a kernel issue, try replacing with one that has known tun.ko support. Do not comment out 'iproute /system/xbin/iproute-wrapper.sh' or it won't work.
So I follow these steps EXACTLY yesterday (Evio 1.7.7 rom; Netarchys latest stable kernel) and I was able to connect! The tun.ko I used was one I found i believe for the Desire.. but it seemed to work, and I was able to ping my DB server at the data center.
After a restart last night, today I try and re-connect and continue to get "cannot allocate tun tap dev dynamically"
I checked permissions on tun.ko and openvpn but still having issues. WEIRD that it worked and restart causes it to fail now
Any ideas are appreciated as this will be very convenient for work! Thanks!
UPDATE: I just flashed Ziggy471's kernel (Jan 21 2011) and rebooted..
I disabled the "Load tun.ko module" from the advanced settings in OpenVPN Settings app, and connected fine again! so it apparently is using the built-in tun.ko driver in the kernel.
Just followed the directions to setup openvpn binary, openvpn settings paths, EXCLUDING the "load tun.ko module" check box and I am GOOOOOOD!
Thanks!

[GUIDE/MOD] DNSCrypt for AArch64 (ZIP) (2016/03/17)

NOT SYSTEMLESS!
This writes to system, so systemless master race stay away.
Someone wanna make a Magisk version?
Instructions:
0. Download zip below and place inside internal storage.
1. Boot to TWRP.
2. Mount>System
3. Flash zip
4. Boot to Android and open a terminal emulator
5. Run dnscrypt enable. You probably have to do this every reboot.
Changing resolver:
Edit /system/etc/init.d/99dnscrypt. There's a line RESOLVER_NAME, change it to a suitable one from here under Name. I suggest you ping every server geographically nearby and go with the lowest ping.
Changing DNS server:
On Nexus 5X at least, use a Terminal Emulator and run
Code:
setprop net.dns1 127.0.0.1:53
Self-compile guide:
Requirements:
Linux computer (x86_64)
Android NDK (r12b is the newest so far, get the 64-bit one)
libsodium
dnscrypt-proxy
Here's how I did it:
1. Extract the NDK (unzip android-ndk-rXXb.zip )
2. Run
Code:
export ANDROID_NDK_HOME=<NDK Location>
3. Extract libsodium and dnscrypt-proxy.
4. Enter the folder of libsodium/dist-build, then edit android-build.sh such that NDK_PLATFORM:-android-16 becomes NDK_PLATFORM:-android-24. Then modify android-armv8-a.sh and add
Code:
-mtune=cortex-a57.cortex-a53 -mcpu=cortex-a57.cortex-a53
to the end of CFLAGS.
5. Return to libsodium root folder (cd ..) and do ./autogen.sh then ./dist-build/android-armv8-a.sh. When the script finishes it will tell you where the output is.
6. (Optional) Run android-toolchain-armv8-a/aarch64-linux-android/bin/strip on the output .so (typically in libsodium-android-armv8-a/lib/libsodium.so)
7. Now we do
Code:
export SODIUM_ANDROID_PREFIX=<libsodium output>
8. Enter the folder of dnscrypt, do the same modifications to dnscrypt's dist-builds. Again, do ./autogen.sh and ./dist-build/android-armv8-a.sh.
9. Now you have a fresh compilation of AArch64 dnscrypt-proxy!
It's usually dnscrypt-proxy-android-armv8-a.zip
10. Finally, we need to edit the zip file and rename the /system/lib folder to lib64, and change references in updater-script and /system/addon.d/75-dnscrypt.sh.
11. (Optional) Add --ephemeral-keys to 99dnscrypt for extra security.
Credits:
qwerty12 for the basic instructions
Changelog:
02/19: Updated libsodium (1.0.8->master) and dnscrypt-proxy(01/27 master->master)
03/17: Pulled freshest code from masters, compiled with NDK r11b and platform android-23
09/26: Latest stable branch of libsodium and master of dnscrypt. Compilation target now android-24. Compiled with NDK r12b
Changes to both dnscrypt-proxy and libsodium:
dist-build/android-build.sh:
Code:
NDK_PLATFORM:-android-16 to NDK_PLATFORM:-android-24
dist-build/android-arm-v8-a.sh:
Code:
Appended:
-mtune=cortex-a57.cortex-a53 -mcpu=cortex-a57.cortex-a53
to end of CFLAGS
Why not just release the compiled binaries ? would safe others with tinkering compiling it
Flashable zip
DragonHunt3r said:
Why not just release the compiled binaries ? would safe others with tinkering compiling it
Click to expand...
Click to collapse
Uploaded. I just thought most people would be more comfortable compiling their own code rather than trust a stranger. I still don't know how to fix the updater script though, it's the default one for now.
aschere said:
Uploaded. I just thought most people would be more comfortable compiling their own code rather than trust a stranger. I still don't know how to fix the updater script though, it's the default one for now.
Click to expand...
Click to collapse
That's true, but at the other side we trust random flashable zips for roms, mods etc from XDA
Thanks for the upload will take a look
Edit: well it works but in DNSManager for example it shows greyed out "Enable DnsCrypt"
dnsleaktest.com shows dnscrypt works though
DragonHunt3r said:
That's true, but at the other side we trust random flashable zips for roms, mods etc from XDA
Thanks for the upload will take a look
Edit: well it works but in DNSManager for example it shows greyed out "Enable DnsCrypt"
dnsleaktest.com shows dnscrypt works though
Click to expand...
Click to collapse
Shows up OK in my device.
So can I just flash the zip and use dns manager? nothing else?
---------- Post added at 03:25 AM ---------- Previous post was at 03:17 AM ----------
Will this work with a non 64 bit snapdragon 805
gangrenius said:
So can I just flash the zip and use dns manager? nothing else?
---------- Post added at 03:25 AM ---------- Previous post was at 03:17 AM ----------
Will this work with a non 64 bit snapdragon 805
Click to expand...
Click to collapse
This works only on 64-bit devices. For 32-bit devices, a download is provided here.
Yes, this is a flashable zip. However, DNS needs to be changed manually such as through DNS Manager because iptables doesn't entirely work.
Any major changes with 4/6? Thanks for updating this BTW.
th3g1z said:
Any major changes with 4/6? Thanks for updating this BTW.
Click to expand...
Click to collapse
It's all commits from 03/17 to 04/06.
Installed the zip successfully, when in terminal emulator, its not working, pls help!:crying:
Using rooted Lenovo A7000
Here's the full text directly copied from terminal emulator:
[email protected]:/ $ dnscrypt enable
Enabling dnscrypt-proxy...
iptables v1.4.20: can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.4.20: can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
[INFO] - [cs-uswest] does not support DNS Security Extensions
[INFO] + Namecoin domains can be resolved
[INFO] + Provider supposedly doesn't keep logs
[NOTICE] Starting dnscrypt-proxy 1.6.1
[INFO] Generating a new session key pair
[INFO] Done
[INFO] Server certificate #808464433 received
[INFO] This certificate is valid
[INFO] Chosen certificate #808464433 is valid from [2015-11-05] to [2016-11-04]
[INFO] Server key fingerprint is 881A:AED0:0427:BAF0:47D6:BDFA:6161A38:F019:571C:9BD2:A083:4A5F:C938:7E5D:8434
iptables v1.4.20: can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
Done
[email protected]:/ $
kuchienkz said:
Installed the zip successfully, when in terminal emulator, its not working, pls help!:crying:
Using rooted Lenovo A7000
Here's the full text directly copied from terminal emulator:
[email protected]:/ $ dnscrypt enable
Enabling dnscrypt-proxy...
iptables v1.4.20: can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.4.20: can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.4.20: can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
Done
[email protected]:/ $
Click to expand...
Click to collapse
Did you read the error you got? You have to be root. Try running 'su' before 'dnscrypt enable'
aschere said:
Did you read the error you got? You have to be root. Try running 'su' before 'dnscrypt enable'
Click to expand...
Click to collapse
Lol, i would not post my problem here if that could solve my problem :v
Already tried that several times. Still gives the same error.
kuchienkz said:
Lol, i would not post my problem here if that could solve my problem :v
Already tried that several times. Still gives the same error.
Click to expand...
Click to collapse
Can you post what version of Android, what phone?
aschere said:
Can you post what version of Android, what phone?
Click to expand...
Click to collapse
Android Version: 5.0.2
Lenovo A7000 : Phone Spec
kuchienkz said:
Android Version: 5.0.2
Lenovo A7000 : Phone Spec
Click to expand...
Click to collapse
Hmmm... I can't really think of anything other than the root: are you sure you rooted it? When you type su, do you switch to the root user?
aschere said:
Hmmm... I can't really think of anything other than the root: are you sure you rooted it? When you type su, do you switch to the root user?
Click to expand...
Click to collapse
Ah nevermind, i just reinstalled my phone with stock ROM, then rooted it. Now it works. :good:
If you curious about last rom, it is MIUI 7
Thank you so much for your help :victory:
Btw now that i understand how to run it. But as u said that i have to run it on every boot. Is there a way to run it automatically? Actually, im quite new to Terminal Emulator
kuchienkz said:
Ah nevermind, i just reinstalled my phone with stock ROM, then rooted it. Now it works. :good:
If you curious about last rom, it is MIUI 7
Thank you so much for your help :victory:
Btw now that i understand how to run it. But as u said that i have to run it on every boot. Is there a way to run it automatically? Actually, im quite new to Terminal Emulator
Click to expand...
Click to collapse
Good to hear that!
For automatic execution, you can create a script in /system/su.d or /system/addon.d I guess.
Ah actually, it should be in /system/etc/init.d
aschere said:
Ah actually, it should be in /system/etc/init.d
Click to expand...
Click to collapse
And.... how to make that script?
Im seriously beginner here
I dont have any idea what kind of script it is and what language it uses.
Maybe you can give me link to a site where i could learn to make one
kuchienkz said:
And.... how to make that script?
Im seriously beginner here
I dont have any idea what kind of script it is and what language it uses.
Maybe you can give me link to a site where i could learn to make one
Click to expand...
Click to collapse
Actually, the script should already be in there. See this.

how to copy over busybox config file? (completelinuxinstaller)

Hello everyone.
I have been wanting to get to grips with linux for a while now and decided linux decided to try completelinuxinstaller as i was having some problems with linux deploy.
i set up everything as the app asked. Downloaded .img files, extract, rename file and launch.. but in the android terminal i get a error which said:
chroot: can't execute '/root/init.sh': Permission denied
After days of searching and trying minor fixes i got no where until i found a list of instructions on how to fix this error.
(This error is becoming common on Samsung devices running android version 4.4.2, and can be expected to happen with some other devices, or newer versions of android. Although I haven't yet found the exact cause of the error, an effective workaround has been found:
The error seems to be coming from something in the busybox executable installed by the Complete Linux Installer app; many have reported that using other versions of busybox removed this problem, and the following version (free download on Google Play) has been confirmed to work: BusyBox
After using that app to install an updated busybox binary, simply copy the new binary over the existing busybox binary at /data/data/com.zpwebsites.linuxonandroid/files/busybox
Finally, in a rooted terminal window, type chmod 0755 /data/data/com.zpwebsites.linuxonandroid/files/busybox (see the more detailed instructions in the How do I install the most up-to-date version of bootscript.sh on my device? section of this FAQ)
Now you should be able to start linux using your Complete Linux Installer app on your device.)
But the problem is no matter what explorer i use i am not able to find the busybox config file. Where they said it would be doesnt exist. Even if i go to android/data its not there. Just the .com for all other apps. do you know where the busybox might be ?. On the busybox installer it says it is in /system/xbin but again i cant find it on my device.
And if i may chew your ear off for one more moment. How can i change the .config file ?
Thank you for your time

Categories

Resources