GoogleCodeExporter
commented
9 years ago Can you provide a log of your connection?Original comment by arne@rfc2549.org on 29 Sep 2014 at 10:03
- Added labels: ****
- Removed labels: ****
Closed GoogleCodeExporter closed 9 years ago
GoogleCodeExporter
commented
9 years ago Can you provide a log of your connection?Original comment by arne@rfc2549.org on 29 Sep 2014 at 10:03
GoogleCodeExporter
commented
9 years ago [deleted comment]Here it is,
I have masked some parameters..
I thinks the problem is here:
2014-09-29 12:18:26 Options error: route parameter gateway 'wlan0' must be
a valid address
================================================================================
=
9-29 12:18:21 OpenVPN 2.4-icsopenvpn [git:icsopenvpn_615-c430ab0e0cef9994]
android-14-armeabi-v7a [SSL (OpenSSL)] [LZO] [SNAPPY] [LZ4] [EPOLL] [MH]
[IPv6] built on Jun 24 2014
2014-09-29 12:18:21 library versions: OpenSSL 1.0.1h 5 Jun 2014, LZO 2.06
2014-09-29 12:18:21 MANAGEMENT: Connected to management server at
/data/data/de.blinkt.openvpn/cache/mgmtsocket
2014-09-29 12:18:21 Stato della rete: CONNECTED to WIFI "WIFI AP"
2014-09-29 12:18:21 MANAGEMENT: CMD 'hold release'
2014-09-29 12:18:21 MANAGEMENT: CMD 'username 'Auth' USERNAME'
2014-09-29 12:18:21 MANAGEMENT: CMD 'bytecount 2'
2014-09-29 12:18:21 MANAGEMENT: CMD 'password [...]'
2014-09-29 12:18:21 WARNING: No server certificate verification method has
been enabled. See http://openvpn.net/howto.html#mitm for more info.
2014-09-29 12:18:21 LZO compression initializing
2014-09-29 12:18:21 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0
ET:0 EL:0 ]
2014-09-29 12:18:21 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:393
ET:0 EL:0 ]
2014-09-29 12:18:21 Local Options String: 'V4,dev-type tun,link-mtu
1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth
SHA1,keysize 128,key-method 2,tls-client'
2014-09-29 12:18:21 Expected Remote Options String: 'V4,dev-type
tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher
BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
2014-09-29 12:18:21 Local Options hash (VER=V4): '69109d17'
2014-09-29 12:18:21 Expected Remote Options hash (VER=V4): 'c0103fa8'
2014-09-29 12:18:21 TCP/UDP: Preserving recently used remote address:
[AF_INET]IP-SERVER:1194
2014-09-29 12:18:21 Socket Buffers: R=[1048576->131072] S=[1048576->131072]
2014-09-29 12:18:21 Attempting to establish TCP connection with
[AF_INET]IP-SERVER:1194 [nonblock]
2014-09-29 12:18:21 Protecting socket fd 4
2014-09-29 12:18:21 MANAGEMENT: CMD 'state on'
2014-09-29 12:18:21 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2014-09-29 12:18:22 TCP connection established with [AF_INET]IP-SERVER:1194
2014-09-29 12:18:22 Protecting socket fd 4
2014-09-29 12:18:22 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2014-09-29 12:18:22 TCP_CLIENT link local: (not bound)
2014-09-29 12:18:22 TCP_CLIENT link remote: [AF_INET]IP-SERVER:1194
2014-09-29 12:18:22 MANAGEMENT: >STATE:1411985902,WAIT,,,
2014-09-29 12:18:22 P:WR1411985902.430292 28000003 MANAGEMENT:
>STATE:1411985902,AUTH,,,
2014-09-29 12:18:22 TLS: Initial packet from [AF_INET]IP-SERVER:1194,
sid=5e09695b 0b86322f
2014-09-29 12:18:22 P:W1411985902.431086 40 WARNING: this configuration may
cache passwords in memory -- use the auth-nocache option to prevent this
2014-09-29 12:18:23
P:WWWRRRRRRWWRWRWRRWWRWRWRRWWRWRWRRWWRWR1411985902.999338 14000002 VERIFY
OK: depth=1, C=TW, ST=Taiwan, L=Taipei, O=Synology Inc., OU=Certificate
Authority, CN=Synology Inc. CA, emailAddress=product@synology.com
2014-09-29 12:18:23 VERIFY OK: depth=0, C=TW, ST=Taiwan, L=Taipei,
O=Synology Inc., OU=FTP Team, CN=synology.com,
emailAddress=product@synology.com
2014-09-29 12:18:23 P:WRRWWRWRWWRRWWWWRWRRRRWRR1411985903.806251 14000002
Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
2014-09-29 12:18:23 Data Channel Encrypt: Using 160 bit message hash 'SHA1'
for HMAC authentication
2014-09-29 12:18:23 Data Channel Decrypt: Cipher 'BF-CBC' initialized with
128 bit key
2014-09-29 12:18:23 Data Channel Decrypt: Using 160 bit message hash 'SHA1'
for HMAC authentication
2014-09-29 12:18:23 P:WW1411985903.807491 14000002 Control Channel: TLSv1,
cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
2014-09-29 12:18:23 [synology.com] Peer Connection Initiated with
[AF_INET]IP-SERVER:1194
2014-09-29 12:18:24 MANAGEMENT: >STATE:1411985904,GET_CONFIG,,,
2014-09-29 12:18:25 SENT CONTROL [synology.com]: 'PUSH_REQUEST' (status=1)
2014-09-29 12:18:26 P:WRRRR1411985906.005572 22000003 PUSH: Received
control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route
192.168.10.0 255.255.255.0,route 0.0.0.0 0.0.0.0 wlan0,route
192.168.10.1,topology net30,ping 10,ping-restart 60,ifconfig 192.168.10.6
192.168.10.5'
2014-09-29 12:18:26 Options error: route parameter gateway 'wlan0' must be
a valid address
2014-09-29 12:18:26 OPTIONS IMPORT: timers and/or timeouts modified
2014-09-29 12:18:26 Ottenute le informazioni sulle interfacce 192.168.10.6
e 192.168.10.5, assumendo che il secondo indirizzo sia il peer remoto.
Utilizzata la maschera /32 per l'IP locale. La modalità impostata da
OpenVPN è "net30".
2014-09-29 12:18:26 OPTIONS IMPORT: --ifconfig/up options modified
2014-09-29 12:18:26 OPTIONS IMPORT: route options modified
2014-09-29 12:18:26 ROUTE_GATEWAY XX.XX.XX.254/255.255.255.0 IFACE=wlan0
HWADDR=34:31:11:ea:43:ab
2014-09-29 12:18:26 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
2014-09-29 12:18:26 MANAGEMENT: >STATE:1411985906,ASSIGN_IP,,192.168.10.6,
2014-09-29 12:18:26 MANAGEMENT: CMD 'needok 'IFCONFIG' ok'
2014-09-29 12:18:26 MANAGEMENT: >STATE:1411985906,ADD_ROUTES,,,
2014-09-29 12:18:26 MANAGEMENT: CMD 'needok 'ROUTE' ok'
2014-09-29 12:18:26 MANAGEMENT: CMD 'needok 'ROUTE' ok'
2014-09-29 12:18:26 MANAGEMENT: CMD 'needok 'ROUTE' ok'
2014-09-29 12:18:26 MANAGEMENT: CMD 'needok 'ROUTE' ok'
2014-09-29 12:18:26 MANAGEMENT: CMD 'needok 'DNSSERVER' ok'
2014-09-29 12:18:26 MANAGEMENT: CMD 'needok 'DNSSERVER' ok'
2014-09-29 12:18:26 MANAGEMENT: CMD 'needok 'PERSIST_TUN_ACTION'
OPEN_AFTER_CLOSE'
2014-09-29 12:18:26 Apertura interfaccia tun in corso:
2014-09-29 12:18:26 Indirizzi locali - IPv4: 192.168.10.6/32 IPv6: null
MTU: 1500
2014-09-29 12:18:26 DNS Server: 208.67.220.220, 208.67.222.222, Dominio:
null
2014-09-29 12:18:26 Routes: 192.168.1.0/24, 192.168.10.0/24, 192.168.10.1/32
2014-09-29 12:18:26 Routes excluded: XX.XX.XX.0/24
2014-09-29 12:18:26 VpnService routes installed: 192.168.1.0/24,
192.168.10.0/24
2014-09-29 12:18:26 MANAGEMENT: CMD 'needok 'OPENTUN' ok'
2014-09-29 12:18:26 Initialization Sequence Completed
2014-09-29 12:18:26 MANAGEMENT:
>STATE:1411985906,CONNECTED,SUCCESS,192.168.10.6,IP-SERVER
================================================================================
=
Original comment by surgeon1...@gmail.com on 29 Sep 2014 at 10:45
GoogleCodeExporter
commented
9 years ago Yes the route pushed by the server is wrong. But OpenVPN on other platform will
you give the same error. You can see that the routes which are installed are:
VpnService routes installed: 192.168.1.0/24, 192.168.10.0/24.
On a sidenote you might hit another bug regarding /32 configuration on 4.4. Can
you try the prelease version (http://plai.de/android/ics-openvpn-0.6.18pre.apk)
and see if it makes a difference? If yes, please post the log.
Original comment by arne@rfc2549.org on 29 Sep 2014 at 11:28
GoogleCodeExporter
commented
9 years ago It's correct that VpnService has installed that routes (192.168.1.0/24,
192.168.10.0/24), but I cannot understand why all the other traffic directed
elsewhere (internet) is stuck.
In this case, VpnService should not change the default gateway but add only
routes for private network, is it correct?
The new pre-release have the same behavior.
Thanks.
Original comment by surgeon1...@gmail.com on 29 Sep 2014 at 11:54
GoogleCodeExporter
commented
9 years ago I am really what stuck means in your context (if packets are routed wrong or
DNS not working etc or your provider dropping DNS request to different DNS
servers) but if there is really a bug that disables all traffic that is not VPN
traffic that is more likely a bug in your Android firmware.Original comment by arne@rfc2549.org on 29 Sep 2014 at 12:26
GoogleCodeExporter
commented
9 years ago I am really what stuck means in your context (if packets are routed wrong or
DNS not working etc or your provider dropping DNS request to different DNS
servers) but if there is really a bug that disables all traffic that is not VPN
traffic that is more likely a bug in your Android firmware.Original comment by arne@rfc2549.org on 29 Sep 2014 at 12:26
GoogleCodeExporter
commented
9 years ago yes, you're right!
the problem is that DNS resolution not working even though I push it.
I use opendns and there aren't any issue related my provider, I use it on wifi
connection.
I solved routing dns resolution through VPN, I pushed routes for the opendns ip
and all goes well, but the behavior is strange.
Thanks again.
Original comment by surgeon1...@gmail.com on 29 Sep 2014 at 1:29
GoogleCodeExporter
commented
9 years ago Closing this issue since the problem is a configuration related problem and no
general problemOriginal comment by arne@rfc2549.org on 29 Sep 2014 at 1:32
Original issue reported on code.google.com by
surgeon1...@gmail.comon 29 Sep 2014 at 9:46