acidburn0zzz / ics-openvpn

Automatically exported from code.google.com/p/ics-openvpn
1 stars 0 forks source link

Android 4.4.2 on Lenovo S860 sends all traffic through VPN #303

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
Lenovo phone with original android - not rooted
OpenVPN for Android 0.6.21

Worked on Sony Xperia J, Android 4.2

After connecting to company vpn, all traffic seems ot be routed through vpn, 
even when it should not be, because of firewalls etc, I can only connect to 
company servers using their IP, DNS is blocked too - with administrators we 
tested enabling dns and then all traffic and everything worked again (little 
slowly).
DNS and "outside web" packets were confirmed on vpn server using tcpdump.

Tried enabling/disabling "route all to vpn" (not sure about exact wording of 
different configs, I have czech translation), custom routes, ignored (sub)nets.

ip rule won't tell me much, iptables wants root AFAIK

ip route gives some data - if any route is pushed from server/added locally, it 
adds
0.0.0.0/1 dev tun0 scope link
128.0.0.0/1 dev tun0 scope link
which seems to override default wlan0

When I tried ignoring pushed routes and not defined my own, "outside" network 
worked, those two were not in ip route, but vpn was understandably not 
accessible at all.

log is attached

Original issue reported on code.google.com by jkava...@gmail.com on 20 Nov 2014 at 2:22

Attachments:

GoogleCodeExporter commented 9 years ago
OpenVPN for Android does not install a default route, as can be seen in this 
line:

2014-11-20 15:05:08 Instalované VPNService trasy: 10.5.5.110/32, 
10.29.29.1/32, 93.185.97.4/32, 93.185.97.10/32, 93.185.97.18/32, 
93.185.97.32/32, 93.185.97.33/32, 93.185.97.64/32, 93.185.97.102/32, 
93.185.97.103/32, 93.185.97.110/32, 93.185.97.111/32, 93.185.97.112/32, 
93.185.97.113/32, 93.185.97.114/32, 93.185.97.117/32

Maybe there is some bug with /32 in either your firmware or my app. Could you 
test to check the option that ignores routes pushed by the server and set two 
simple routes like 10.0.0.0/8 and 93.185.97.0/24 in  the app?

Original comment by arne@rfc2549.org on 20 Nov 2014 at 2:42

GoogleCodeExporter commented 9 years ago
I did that, and another one with ignored and no custom routes. Logs attached.
Again for even simple routes ip rule contains 0.0.0.0/1 and 128.0.0.0/1 dev tun0
For no routes at all, those are not present, only standard routes on wlan0

Original comment by jkava...@gmail.com on 20 Nov 2014 at 2:55

Attachments:

GoogleCodeExporter commented 9 years ago
That is very strange behaviour. I fear this is a bug in the firmware. You try 
another VPN app like OpenVPN Connect and see if the problem still occurs but 
other than that I have no ideas.

Original comment by arne@rfc2549.org on 20 Nov 2014 at 3:30

GoogleCodeExporter commented 9 years ago
I tried OpenVPN Connect and OpenVPN Client Free. All the same, Internet stops 
working on connecting. Connect adds one more route for my VPN IP-2 (VPN 
gateway?) and Free let me switch "redirect gateway" on check box, it adds 
0.0.0.0/1 and 128.0.0.0/1 to info about added routes when checked but they are 
shown in ip route all the same for this and all other configurations (only 
exception is your app with routes totally ignored).

Original comment by jkava...@gmail.com on 20 Nov 2014 at 7:18

GoogleCodeExporter commented 9 years ago
I fear that this is really a bug in your firmware then and the apps cannot 
anything to fix it :(

Setting the bug to Invalid since the app is not a fault.

Original comment by arne@rfc2549.org on 21 Nov 2014 at 9:12

GoogleCodeExporter commented 9 years ago
:( still thank you for your time.

I will try to contact Lenovo probably, because as it seems it's not general 
4.4.2 fault.

Original comment by jkava...@gmail.com on 21 Nov 2014 at 9:24