search

dehghanimeh / ics-openvpn

Automatically exported from code.google.com/p/ics-openvpn
0 stars 0 forks source link

passtos support #337

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
OpenVPN for Android does not recognize passtos directive or at least does not 
react on it.

What steps will reproduce the problem?
1. Add passtos directive to ovpn profile
2. Import profile to OpenVPN for Android
3. Establish connection to server
4. Run tos marked trafic over tunnel like ping x.x.x.x -Q 0x10
5. Observe incoming traffic on remote side
tcpdump -v dst port 1194
ER: incoming packets should have same tos markers as on remote side before 
entering tunnel e.g. 0x10
AR: incoming packets has tos marker 0x0

What version of OpenVPN for Android are you using (see about screen)?
0.6.29

What is the expected output? What do you see instead?
Please see test case

What mobile phone are you using?
Nexus 5

Which Android Version and stock ROM or aftermarket like cyanogenmod?
Stock Android 5.0.1 

Please provide any additional information below.
Following packets were captured on server side inside of the tunnel
 tcpdump -i tun0 -v  src x.x.x.x
tcpdump: listening on tun0, link-type RAW (Raw IP), capture size 65535 bytes
13:53:24.614297 IP (tos 0x68, ttl 64, id 41122, offset 0, flags [DF], proto TCP 
(6), length 651)
    x.x.x.x.z> 10.8.0.1.sip: Flags [P.], cksum 0xfbc3 (correct), seq 2141561640:2141562239, ack 857698305, win 6558, options [nop,nop,TS val 9625342 ecr 1133223], length 599
13:53:24.647586 IP (tos 0x68, ttl 64, id 41123, offset 0, flags [DF], proto TCP 
(6), length 52)

Same traffic on eth0:
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 
bytes
13:55:29.131959 IP (tos 0x0, ttl 52, id 0, offset 0, flags [DF], proto UDP 
(17), length 865)
    x.x.x.x.openvpn > y.y.y.y.z: UDP, length 837
13:55:29.162832 IP (tos 0x0, ttl 52, id 0, offset 0, flags [DF], proto UDP 
(17), length 129)
    x.x.x.x.openvpn > y.y.y.y.z: UDP, length 101

Original issue reported on code.google.com by dms.pop3...@gmail.com on 27 Mar 2015 at 5:57

GoogleCodeExporter commented 9 years ago 
I think root privileges would be needed to set QoS on sockets. Otherwise the 
passtos support should be same as in the normal OpenVPN program.

Original comment by arne@rfc2549.org on 28 Mar 2015 at 12:17

GoogleCodeExporter commented 9 years ago 
Rooted phones no more exotic, mine as well.

Original comment by dms.pop3...@gmail.com on 28 Mar 2015 at 7:46

GoogleCodeExporter commented 9 years ago 
Yes. But running openvpn as root is not implmented in ics-openvpn and so far I 
have no plan to implement this.

Original comment by arne@rfc2549.org on 28 Mar 2015 at 1:25