search

gsstudios / Dorimanx-SG2-I9100-Kernel

JB/KK/LP/MM Kernel for Samsung Galaxy S2 I9100
https://gsstudios.github.io
Other
17 stars 7 forks source link

Built-in PPTP / IPSEC VPN not working #76

Open dimzon opened 8 years ago

dimzon commented 8 years ago

trying onto this ROM http://forum.xda-developers.com/galaxy-s2/development-derivatives/rom-cyanogenmod-11-t2686887

Both (UBER/Linaro) 12.0 b011 builds make build-in VPN client not working OpenVPN and other third-party clients works fine

gsstudios commented 8 years ago

I'll see what I can do. Right now, I've stopped development and will be moving to a new device soon.

dimzon commented 8 years ago 
10-06 20:31:15.665  4902  4945 I Vpn     : Switched from [Legacy VPN] to [Legacy VPN]
10-06 20:31:15.666  4902  4945 D Vpn     : setting state=IDLE, reason=prepare
10-06 20:31:15.681  4902 13871 I Vpn     : Switched from [Legacy VPN] to [Legacy VPN]
10-06 20:31:15.692  4902 13871 D Vpn     : setting state=IDLE, reason=prepare
10-06 20:31:15.692  4902 13871 D Vpn     : setting state=CONNECTING, reason=startLegacyVpn
10-06 20:31:15.696  4902 21422 V LegacyVpnRunner: Waiting
10-06 20:31:15.705  4902 21422 V LegacyVpnRunner: Executing
10-06 20:31:15.706  3018  4602 D AudioFlinger: mixer(0xb4629008) throttle end: throttle time(1)
10-06 20:31:15.709  4902 21422 D Vpn     : setting state=CONNECTING, reason=execute
10-06 20:31:15.905 21423 21423 D racoon  : Waiting for control socket
10-06 20:31:15.935 21423 21423 D racoon  : Received 6 arguments
10-06 20:31:15.935 21423 21423 I racoon  : ipsec-tools 0.7.3 (http://ipsec-tools.sf.net)
10-06 20:31:16.006 21429 21429 I kworker/u4:4: type=1400 audit(0.0:392): avc: denied { execute } for name="recovery" dev="rootfs" ino=312 scontext=u:r:kernel:s0 tcontext=u:object_r:rootfs:s0 tclass=file permissive=1
10-06 20:31:16.006 21429 21429 I kworker/u4:4: type=1400 audit(0.0:393): avc: denied { execute_no_trans } for path="/sbin/recovery" dev="rootfs" ino=312 scontext=u:r:kernel:s0 tcontext=u:object_r:rootfs:s0 tclass=file permissive=1
10-06 20:31:16.167 21423 21423 I racoon  : 192.168.1.206[500] used as isakmp port (fd=6)
10-06 20:31:16.167 21423 21423 I racoon  : 192.168.1.206[500] used for NAT-T
10-06 20:31:16.167 21423 21423 I racoon  : 192.168.1.206[4500] used as isakmp port (fd=7)
10-06 20:31:16.167 21423 21423 I racoon  : 192.168.1.206[4500] used for NAT-T
10-06 20:31:16.196 21663 21663 I init    : type=1400 audit(0.0:394): avc: denied { execute } for name="mtpd" dev="mmcblk0p9" ino=8364 scontext=u:r:init:s0 tcontext=u:object_r:unlabeled:s0 tclass=file permissive=1
10-06 20:31:16.196 21663 21663 I init    : type=1400 audit(0.0:395): avc: denied { execute_no_trans } for path="/system/bin/mtpd" dev="mmcblk0p9" ino=8364 scontext=u:r:init:s0 tcontext=u:object_r:unlabeled:s0 tclass=file permissive=1
10-06 20:31:16.226 21663 21663 D mtpd    : Waiting for control socket
10-06 20:31:16.403 21666 21666 I cortexbrain-tun: type=1400 audit(0.0:396): avc: denied { execute_no_trans } for path="/sbin/recovery" dev="rootfs" ino=312 scontext=u:r:init:s0 tcontext=u:object_r:rootfs:s0 tclass=file permissive=1
10-06 20:31:16.416 21663 21663 I mtpd    : type=1400 audit(0.0:397): avc: denied { write } for name="dnsproxyd" dev="tmpfs" ino=1484 scontext=u:r:init:s0 tcontext=u:object_r:dnsproxyd_socket:s0 tclass=sock_file permissive=1
10-06 20:31:16.416 21663 21663 I mtpd    : type=1400 audit(0.0:398): avc: denied { connectto } for path="/dev/socket/dnsproxyd" scontext=u:r:init:s0 tcontext=u:r:netd:s0 tclass=unix_stream_socket permissive=1
10-06 20:31:16.419 21663 21663 D mtpd    : Received 20 arguments
10-06 20:31:16.419 21663 21663 I mtpd    : Using protocol l2tp
10-06 20:31:16.419 21663 21663 I mtpd    : Connecting to search17.ruspo.ru port 1701 via wlan0
10-06 20:31:16.419 21663 21663 I mtpd    : type=1400 audit(0.0:399): avc: denied { setopt } for scontext=u:r:init:s0 tcontext=u:r:init:s0 tclass=udp_socket permissive=1
10-06 20:31:16.419 21663 21663 I mtpd    : type=1400 audit(0.0:400): avc: denied { write } for name="fwmarkd" dev="tmpfs" ino=1480 scontext=u:r:init:s0 tcontext=u:object_r:fwmarkd_socket:s0 tclass=sock_file permissive=1
10-06 20:31:16.419  5371  5371 I netd    : type=1400 audit(0.0:401): avc: denied { read write } for path="socket:[42271]" dev="sockfs" ino=42271 scontext=u:r:netd:s0 tcontext=u:r:init:s0 tclass=udp_socket permissive=1
10-06 20:31:16.419  5371  5371 I netd    : type=1400 audit(0.0:402): avc: denied { getopt } for scontext=u:r:netd:s0 tcontext=u:r:init:s0 tclass=udp_socket permissive=1
10-06 20:31:16.419  5371  5371 I netd    : type=1400 audit(0.0:403): avc: denied { setopt } for scontext=u:r:netd:s0 tcontext=u:r:init:s0 tclass=udp_socket permissive=1
10-06 20:31:16.419 21663 21663 I mtpd    : type=1400 audit(0.0:404): avc: denied { connect } for scontext=u:r:init:s0 tcontext=u:r:init:s0 tclass=udp_socket permissive=1
10-06 20:31:16.425 21423 21423 I racoon  : IPsec-SA request for 178.63.63.82 queued due to no phase1 found.
10-06 20:31:16.425 21423 21423 I racoon  : initiate new phase 1 negotiation: 192.168.1.206[500]<=>178.63.63.82[500]
10-06 20:31:16.425 21423 21423 I racoon  : begin Identity Protection mode.
10-06 20:31:16.423 21663 21663 I mtpd    : type=1400 audit(0.0:405): avc: denied { write } for laddr=192.168.1.206 lport=36934 faddr=178.63.63.82 fport=1701 scontext=u:r:init:s0 tcontext=u:r:init:s0 tclass=udp_socket permissive=1
10-06 20:31:16.425 21663 21663 I mtpd    : Connection established (socket = 7)
10-06 20:31:16.425 21663 21663 D mtpd    : Sending SCCRQ (local_tunnel = 34649)
10-06 20:31:16.468 21423 21423 I racoon  : received Vendor ID: RFC 3947
10-06 20:31:16.468 21423 21423 I racoon  : received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
10-06 20:31:16.468 21423 21423 I racoon  : received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
10-06 20:31:16.468 21423 21423 I racoon  : 
10-06 20:31:16.468 21423 21423 I racoon  : received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
10-06 20:31:16.468 21423 21423 I racoon  : received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
10-06 20:31:16.468 21423 21423 I racoon  : received Vendor ID: DPD
10-06 20:31:16.468 21423 21423 I racoon  : Selected NAT-T version: RFC 3947
10-06 20:31:16.502 21423 21423 I racoon  : Hashing 178.63.63.82[500] with algo #2 
10-06 20:31:16.502 21423 21423 I racoon  : Hashing 192.168.1.206[500] with algo #2 
10-06 20:31:16.502 21423 21423 I racoon  : Adding remote and local NAT-D payloads.
10-06 20:31:16.548 21423 21423 I racoon  : Hashing 192.168.1.206[500] with algo #2 
10-06 20:31:16.548 21423 21423 I racoon  : NAT-D payload #0 doesn't match
10-06 20:31:16.548 21423 21423 I racoon  : Hashing 178.63.63.82[500] with algo #2 
10-06 20:31:16.548 21423 21423 I racoon  : NAT-D payload #1 verified
10-06 20:31:16.549 21423 21423 I racoon  : NAT detected: ME 
10-06 20:31:16.550 21423 21423 I racoon  : KA list add: 192.168.1.206[4500]->178.63.63.82[4500]
10-06 20:31:16.631 21423 21423 I racoon  : ISAKMP-SA established 192.168.1.206[4500]-178.63.63.82[4500] spi:840b08f2a2816946:827cbe91aa83c22b
10-06 20:31:17.327  4902  5038 I ActivityManager: Config changes=480 {1.0 250mcc1mnc ru_RU ldltr sw320dp w533dp h296dp 240dpi nrml long land finger -keyb/v/h -nav/h s.9 themeResource=null}
10-06 20:31:17.329  4902 10545 I InputReader: Reconfiguring input devices.  changes=0x00000004
10-06 20:31:17.329  4902 10545 I InputReader: Device reconfigured: id=8, name='sec_touchscreen', size 480x800, orientation 1, mode 1, display id 0
10-06 20:31:17.349  4902 11084 D ConnectivityService: releasing NetworkRequest NetworkRequest [ id=11, legacyType=-1, [] ]
10-06 20:31:17.531  4902 11084 D ConnectivityService: updateNetworkScore for NetworkAgentInfo [WIFI () - 102] to 60
10-06 20:31:17.633 21423 21423 I racoon  : initiate new phase 2 negotiation: 192.168.1.206[4500]<=>178.63.63.82[4500]
10-06 20:31:17.634 21423 21423 I racoon  : NAT detected -> UDP encapsulation (ENC_MODE 2->4).
10-06 20:31:17.636  4902 11464 D ConnectivityService: listenForNetwork for Listen from uid/pid:1000/12782 for NetworkRequest [ id=12, legacyType=-1, [] ]
10-06 20:31:17.678 21423 21423 W racoon  : attribute has been modified.
10-06 20:31:17.678 21423 21423 I racoon  : Adjusting my encmode UDP-Transport->Transport
10-06 20:31:17.678 21423 21423 I racoon  : Adjusting peer's encmode UDP-Transport(4)->Transport(2)
10-06 20:31:17.678 21423 21423 W racoon  : authtype mismatched: my:hmac-sha256 peer:hmac-sha
10-06 20:31:17.679 21423 21423 I racoon  : IPsec-SA established: ESP/Transport 178.63.63.82[0]->192.168.1.206[0] spi=58204892(0x37822dc)
10-06 20:31:17.679 21423 21423 I racoon  : IPsec-SA established: ESP/Transport 192.168.1.206[4500]->178.63.63.82[4500] spi=2902250743(0xacfcd4f7)
10-06 20:31:17.762  4902  5075 I WindowManager: Screen frozen for +560ms due to Window{86e42d u0 com.android.settings/com.android.settings.SubSettings}
10-06 20:31:18.428 21663 21663 D mtpd    : Timeout -> Sending SCCRQ
10-06 20:31:18.478 21663 21663 D mtpd    : Received SCCRP (remote_tunnel = 256) -> Sending SCCCN
10-06 20:31:18.473 21663 21663 I mtpd    : type=1400 audit(0.0:406): avc: denied { read } for laddr=192.168.1.206 lport=36934 faddr=178.63.63.82 fport=1701 scontext=u:r:init:s0 tcontext=u:r:init:s0 tclass=udp_socket permissive=1
10-06 20:31:18.524 21663 21663 D mtpd    : Received ACK -> Sending ICRQ (local_session = 5122)
10-06 20:31:18.524 21663 21663 I mtpd    : Tunnel established
10-06 20:31:18.567 21663 21663 D mtpd    : Received ICRP (remote_session = 256) -> Sending ICCN
10-06 20:31:18.611 21663 21663 D mtpd    : Received ACK
10-06 20:31:18.611 21663 21663 I mtpd    : Session established
10-06 20:31:18.612 21663 21663 I mtpd    : Creating PPPoX socket
10-06 20:31:18.612 21663 21663 F mtpd    : Socket() Address family not supported by protocol
10-06 20:31:18.640  4902 21422 I LegacyVpnRunner: Aborting
10-06 20:31:18.640  4902 21422 I LegacyVpnRunner: java.lang.IllegalStateException: mtpd is dead
10-06 20:31:18.640  4902 21422 I LegacyVpnRunner:   at com.android.server.connectivity.Vpn$LegacyVpnRunner.execute(Vpn.java:1296)
10-06 20:31:18.640  4902 21422 I LegacyVpnRunner:   at com.android.server.connectivity.Vpn$LegacyVpnRunner.run(Vpn.java:1175)
10-06 20:31:18.640  4902 21422 D Vpn     : setting state=FAILED, reason=mtpd is dead
10-06 20:31:18.641 21423 21423 I racoon  : Connection is closed

i tried to replace mtpd binary from original ROM - no success (exatly same error)

dimzon commented 8 years ago

please can you check your active kernel config for such values:

CONFIG_PPP_MPPE=y
CONFIG_PPPOL2TP=y
CONFIG_PPPOLAC=y
CONFIG_PPPOPNS=y
gsstudios commented 8 years ago

Those flags are not present in the kernel defconfig.

dimzon commented 8 years ago

Doesn't you join your config with android_base and android_reccomed ?

Can you make test build with those flags on?

dimzon commented 8 years ago

btw you can use free PPTP account at https://freevpn.me/accounts/ to test PPTP connection

gsstudios commented 8 years ago

Currently my build machine is not set up for building kernels. I have deleted the kernel source locally from my machine as I have discontinued with development.

If you wish to add those flags and build the kernel yourself, here is the defconfig location: arch/arm/configs/dorimanx_defconfig

Follow the build instructions in the readme.

Sorry, I don't have time to work on the S2 anymore because I have switched over to the S5.

dimzon commented 8 years ago

I believe you will face same problem (no PPTP/L2TP) onto your new device too since it is kernel-side problem ... So, maybe, you will fix it and backport to S2...

Realex-fire commented 7 years ago

@gsstudios I think this should help: https://github.com/Realex-fire/Dorimanx-SG2-I9100-Kernel/commit/d3e3cd5a019a39567eb5867ada2c1982f3fc90bc

Realex-fire commented 7 years ago

In general, vpn works well. Enabling this option will not be superfluous. This will give more freedom to applications when working with IPSEC