[Q] Problem with OpenVPN (interface stays down; clears routing table)


Last Updated:

  1. TheHybridTech

    TheHybridTech New Member This Topic's Starter

    Joined:
    Sep 2, 2010
    Messages:
    3
    Likes Received:
    0
    Posted this on XDA but have not go a response there. Figured I would try here to see if anyone has any answers...


    Been trying to get OpenVPN to work properly and have not had much luck.
    Here are my specs.

    HTC Incredible
    Virtuous v3.1.0
    2.6.32-Hydra-ssuv-v05

    OpenVPN binary has been installed. I have also install busybox and then softlinked ifconfig and route to the commands the same way CM6 has it.

    I was able to get OpenVPN to work properly within CM6 without much hassle. I have found battery life and experience better for me with Virtuous ROM so I went back to it.

    When I launch the connection to establish the VPN session it connects but I am not able to work within the network. I was not able to communicate even with the VPN server.

    I ran a netcfg and discovered that tap0 was down. I brought it up but its routing table was empty. I filled it in and was able to communicate with the VPN server and my advertised networks. If I drop my VPN connection, tap0 goes down and the routing table is cleared.

    The VPN server works. It works with my other boxes and worked with this phone under CM6.

    Does anyone have any ideas on fixing this issue? It makes my job much easier and I really do not want to go back to CM6. Thank you and I look forward to an answer.
     

    Advertisement
  2. TheHybridTech

    TheHybridTech New Member This Topic's Starter

    Joined:
    Sep 2, 2010
    Messages:
    3
    Likes Received:
    0
    Well, still looking for a good solution to the above problem. I have created a simple script to fix the routing table.

    #!/system/bin/sh

    ## Script to fix routing

    netcfg tap0 up
    ifconfig tap0 192.168.x.x 255.255.255.x
    route add -net 192.168.x.x netmask 255.255.255.x gw 192.168.x.x dev tap0


    DNS doesn't work either right now but I can live with that temporarily.

    If anyone has any ideas I would greatly appreciate it.
     
  3. TheHybridTech

    TheHybridTech New Member This Topic's Starter

    Joined:
    Sep 2, 2010
    Messages:
    3
    Likes Received:
    0
    Still having problems with OpenVPN. It works with the script I wrote but personally I believe it should be able to do it without the script. I would greatly appreciate any feedback, even if it is just to point me in the right direction.

    Here is logcat for OpenVPN

    D/OpenVPNDaemonEnabler( 9595): Received OpenVPN daemon state changed from Unknown to Disabled
    D/OpenVPNDaemonEnabler( 9595): Received OpenVPN network state changed from Connected to Exiting
    E/OpenVPN-DaemonMonitor[/sdcard/openvpn/albatross-client.conf]-mgmt( 9595): attaching to OpenVPN daemon: /127.0.0.1:41079 - Connection refused
    D/OpenVPNDaemonEnabler( 9595): Received OpenVPN daemon state changed from Unknown to Startup
    D/OpenVPN-DaemonMonitor[/sdcard/openvpn/albatross-client.conf]-daemon( 9595): invoking command line: /system/xbin/openvpn --cd '/sdcard/openvpn' --config 'albatross-client.conf' --writepid '/data/data/de.schaeuffelhut.android.openvpn/files/com.d/_sdcard_openvpn_albatross-client.conf-pid' --script-security 1 --management 127.0.0.1 40158 --management-query-passwords
    D/OpenVPNDaemonEnabler( 9595): Received OpenVPN daemon state changed from Unknown to Disabled
    D/su ( 9894): 10075 de.schaeuffelhut.android.openvpn executing 0 /system/bin/sh using shell /system/bin/sh : sh
    D/OpenVPN-DaemonMonitor[/sdcard/openvpn/albatross-client.conf]-daemon-stdout( 9595): Sat Nov 20 22:07:27 2010 OpenVPN 2.1.1 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on Feb 2 2010
    D/OpenVPN-DaemonMonitor[/sdcard/openvpn/albatross-client.conf]-daemon-stdout( 9595): Sat Nov 20 22:07:27 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
    V/OpenVPN-DaemonMonitor[/sdcard/openvpn/albatross-client.conf]-mgmt( 9595): Successfully attached to OpenVPN monitor port
    D/OpenVPNDaemonEnabler( 9595): Received OpenVPN daemon state changed from Unknown to Enabled
    D/OpenVPNDaemonEnabler( 9595): Received OpenVPN network state changed from Unknown to Connecting
    D/OpenVPN-DaemonMonitor[/sdcard/openvpn/albatross-client.conf]-mgmt( 9595): >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
    D/OpenVPNDaemonEnabler( 9595): Received OpenVPN network state changed from Connecting to Unknown
    D/OpenVPNDaemonEnabler( 9595): Received OpenVPN network state changed from Unknown to Wait
    D/OpenVPNDaemonEnabler( 9595): Received OpenVPN network state changed from Wait to Auth
    D/OpenVPNDaemonEnabler( 9595): Received OpenVPN network state changed from Auth to Get Config
    D/OpenVPNDaemonEnabler( 9595): Received OpenVPN network state changed from Get Config to Connected
    D/su ( 9917): 10075 de.schaeuffelhut.android.openvpn executing 0 /system/bin/sh using shell /system/bin/sh : sh
    D/su ( 9920): 10075 de.schaeuffelhut.android.openvpn executing 0 /system/bin/sh using shell /system/bin/sh : sh

    Based on what I see, it looks like OpenVPN is attempting to use loopback for its connection. By the time the whole process is completed, Tap0 is still down and not up and it takes my script to re-enable.

    I have placed this discussion on XDA-developers Forum as well and have not gotten any response. I am sure there is someone a lot smarter than me that can at least point me in the right direction. Thank you!
     
  4. KennyC

    KennyC Member

    Joined:
    Jun 4, 2010
    Messages:
    15
    Likes Received:
    3
    Wish I had a fix for this for you, but I'm having the same problem. I'm running on Cyanogenmod 6.1.0 and using UDP/TAP/Static Key. If I manually bring the tap0 interface UP after making the connection, I can start sending traffic across the tunnel. But like you, DNS doesn't work.

    I'll keep fighting with it as I have time.
     
  5. fzurita

    fzurita New Member

    Joined:
    Oct 5, 2011
    Messages:
    1
    Likes Received:
    0
    "setprop net.dns1 192.168.1.1" fixed the issue for me.

    Replace the IP address with your preferred DNS server.
     

Share This Page

Loading...