search

lauramontanini / ics-openvpn

Automatically exported from code.google.com/p/ics-openvpn
0 stars 0 forks source link

Presumed routing problem on a rk3066 (Mini pc) #159

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
I get connected an I can ping 10.8.0.1 which is on my vpn server. How ever the 
traffic is not routed correctly.

Here is my rout list:
22|u0_a69@android:/ # ip route list
default via 192.168.1.1 dev wlan0
default via 192.168.1.1 dev wlan0  metric 304
10.8.0.1 dev tun0  scope link
10.8.0.4/30 dev tun0  proto kernel  scope link  src 10.8.0.6
192.168.1.0/24 dev wlan0  proto kernel  scope link  src 192.168.1.13  metric 304
192.168.1.1 dev wlan0  scope link

I think there is something missing, like:
ip route add 0.0.0.0/1 dev tun0 scope link
and
ip route add 128.0.0.0/1 dev tun0 scope link

These routes where in my phone. So I added them and it worked for several 
seconds ;)

Then it seemes tun0 is removed and in comes tun1 and the extra routes are also 
removed.

Which Android Version and stock ROM or aftermarket like cyanogenmod?
Finless 1.7a (imito mx*)

Any clues how to go about and fix this?

This might be a double entry of the "google tv" issue.

Original issue reported on code.google.com by martin.l...@gmail.com on 9 Apr 2013 at 5:01

GoogleCodeExporter commented 9 years ago 
What does show information in log the window show?

Original comment by arne@rfc2549.org on 9 Apr 2013 at 5:06

GoogleCodeExporter commented 9 years ago 
Running on GT-I9100 (rk30sdk) samsung, Android API 16, version 0.5.36a, 
official build
Log cleared.
Building configuration…
started Socket Thread
P:Initializing Google Breakpad!
P:OpenVPN 2.3.1+dspatch3 android-14-armeabi-v7a [SSL (OpenSSL)] [LZO] [EPOLL] 
[MH] [IPv6] built on Apr  1 2013
P:MANAGEMENT: Connected to management server at 
/data/data/de.blinkt.openvpn/cache/mgmtsocket
P:MANAGEMENT: CMD 'hold release'
P:MANAGEMENT: CMD 'bytecount 2'
P:MANAGEMENT: CMD 'state on'
P:Socket Buffers: R=[112640->131072] S=[112640->131072]
P:Protecting socket fd 4
P:MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
P:UDP link local: (not bound)
P:UDP link remote: [AF_INET]91.123.200.171:1194
P:MANAGEMENT: >STATE:1365534287,WAIT,,,
Network Status: CONNECTED  to WIFI 
P:MANAGEMENT: >STATE:1365534287,AUTH,,,
P:TLS: Initial packet from [AF_INET]91.123.200.171:1194, sid=7270214c 44c157b4
P:VERIFY OK: depth=1, C=SE, ST=CA, L=SanFrancisco, O=Fort-Funston, 
CN=Fort-Funston CA, emailAddress= 
P:VERIFY OK: nsCertType=SERVER
P:VERIFY OK: depth=0, C=SE, ST=CA, L=SanFrancisco, O=Fort-Funston, CN= , 
emailAddress= 
P:Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
P:Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC 
authentication
P:Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
P:Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC 
authentication
P:Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
P:[ ] Peer Connection Initiated with [AF_INET]91.123.200.171:1194
P:MANAGEMENT: >STATE:1365534294,GET_CONFIG,,,
P:SENT CONTROL [ ]: 'PUSH_REQUEST' (status=1)
P:PUSH: Received control message: 'PUSH_REPLY,“dhcp-option DNS 
10.8.0.1″,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 
10.8.0.6 10.8.0.5'
P:Options error: Unrecognized option or missing parameter(s) in 
[PUSH-OPTIONS]:1: “dhcp-option (2.3_master)
P:OPTIONS IMPORT: timers and/or timeouts modified
P:OPTIONS IMPORT: --ifconfig/up options modified
P:OPTIONS IMPORT: route options modified
P:ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=wlan0 HWADDR=00:0c:c4:01:b8:0d
P:do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
P:MANAGEMENT: >STATE:1365534295,ASSIGN_IP,,10.8.0.6,
P:MANAGEMENT: CMD 'needok 'IFCONFIG' ok'
P:MANAGEMENT: >STATE:1365534295,ADD_ROUTES,,,
P:MANAGEMENT: CMD 'needok 'ROUTE' ok'
No DNS servers being used. Name resolution may not work. Consider setting 
custom DNS Servers
P:MANAGEMENT: CMD 'needok 'OPENTUN' ok'
P:Initialization Sequence Completed
P:MANAGEMENT: >STATE:1365534295,CONNECTED,SUCCESS,10.8.0.6,91.123.200.171

Original comment by martin.l...@gmail.com on 9 Apr 2013 at 7:07

GoogleCodeExporter commented 9 years ago 
Hej Arne.

Regarding
P:PUSH: Received control message: 'PUSH_REPLY,“dhcp-option DNS 
10.8.0.1″,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 
10.8.0.6 10.8.0.5'
P:Options error: Unrecognized option or missing parameter(s) in 
[PUSH-OPTIONS]:1: “dhcp-option (2.3_master)

That one also comes up on a jiayu g3, android 4.0.4 but it still works and the 
0.0.0.0/1 and 128.0.0.0/1 routes works fine.

Original comment by martin.l...@gmail.com on 9 Apr 2013 at 7:11

GoogleCodeExporter commented 9 years ago 
tun0 seemes stable as long I don't add any routes.

Original comment by martin.l...@gmail.com on 9 Apr 2013 at 7:12

GoogleCodeExporter commented 9 years ago 
you should post the information of the info button in the log which will show 
interface configuration. Your configuration is probably not setting a default 
route

Original comment by arne@rfc2549.org on 9 Apr 2013 at 9:10

GoogleCodeExporter commented 9 years ago 
Running on GT-I9100 (rk30sdk) samsung, Android API 16, version 0.5.36a, 
official build
Log cleared.
Building configuration…
P:MANAGEMENT: CMD 'signal SIGINT'
P:Closing TUN/TAP interface
P:SIGINT[hard,] received, process exiting
P:MANAGEMENT: >STATE:1365544502,EXITING,SIGINT,,
P:MANAGEMENT: TCP send error: Broken pipe
P:MANAGEMENT: Client disconnected
P:MANAGEMENT: Triggering management exit
started Socket Thread
P:Initializing Google Breakpad!
P:OpenVPN 2.3.1+dspatch3 android-14-armeabi-v7a [SSL (OpenSSL)] [LZO] [EPOLL] 
[MH] [IPv6] built on Apr  1 2013
Network Status: CONNECTED  to WIFI 
P:MANAGEMENT: Connected to management server at 
/data/data/de.blinkt.openvpn/cache/mgmtsocket
P:MANAGEMENT: CMD 'hold release'
P:MANAGEMENT: CMD 'bytecount 2'
P:MANAGEMENT: CMD 'state on'
P:MANAGEMENT: CMD 'proxy NONE'
P:Socket Buffers: R=[112640->131072] S=[112640->131072]
P:Protecting socket fd 4
P:MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
P:UDP link local: (not bound)
P:UDP link remote: [AF_INET]91.123.200.171:1194
P:MANAGEMENT: >STATE:1365544506,WAIT,,,
P:MANAGEMENT: >STATE:1365544506,AUTH,,,
P:TLS: Initial packet from [AF_INET]91.123.200.171:1194, sid=141da2fe 2bc18c8a
P:VERIFY OK: depth=1, C=SE, ST=CA, L=SanFrancisco, O=Fort-Funston, 
CN=Fort-Funston CA, emailAddress= 
P:VERIFY OK: nsCertType=SERVER
P:VERIFY OK: depth=0, C=SE, ST=CA, L=SanFrancisco, O=Fort-Funston, CN= , 
emailAddress= 
P:Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
P:Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC 
authentication
P:Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
P:Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC 
authentication
P:Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
P:[ ] Peer Connection Initiated with [AF_INET]91.123.200.171:1194
P:MANAGEMENT: >STATE:1365544514,GET_CONFIG,,,
P:SENT CONTROL [ ]: 'PUSH_REQUEST' (status=1)
P:PUSH: Received control message: 'PUSH_REPLY,“dhcp-option DNS 
10.8.0.1″,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 
10.8.0.6 10.8.0.5'
P:Options error: Unrecognized option or missing parameter(s) in 
[PUSH-OPTIONS]:1: “dhcp-option (2.3_master)
P:OPTIONS IMPORT: timers and/or timeouts modified
P:OPTIONS IMPORT: --ifconfig/up options modified
P:OPTIONS IMPORT: route options modified
P:ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=wlan0 HWADDR=00:0c:c4:01:b8:0d
P:do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
P:MANAGEMENT: >STATE:1365544515,ASSIGN_IP,,10.8.0.6,
P:MANAGEMENT: CMD 'needok 'IFCONFIG' ok'
P:MANAGEMENT: >STATE:1365544515,ADD_ROUTES,,,
P:MANAGEMENT: CMD 'needok 'ROUTE' ok'
No DNS servers being used. Name resolution may not work. Consider setting 
custom DNS Servers
P:MANAGEMENT: CMD 'needok 'OPENTUN' ok'
P:Initialization Sequence Completed
P:MANAGEMENT: >STATE:1365544515,CONNECTED,SUCCESS,10.8.0.6,91.123.200.171
Last interface configuration from OpenVPN:
Local IPv4: 10.8.0.6/30 IPv6: null MTU: 1500
DNS Server: 
DNS Domain: null
Routes: 10.8.0.1/32
Routes IPv6:

Original comment by martin.l...@gmail.com on 9 Apr 2013 at 10:02

GoogleCodeExporter commented 9 years ago 
It is behaving the same way if I load the tun kernel module or not. Can it be a 
rom related problem? Do you have any clue where to start looking for the 
problem? In the openvpn api?

Original comment by martin.l...@gmail.com on 9 Apr 2013 at 10:04

GoogleCodeExporter commented 9 years ago 
I think i got it. I need to add route in the conf file. (I had it to work 
without that before) i will try tomorrow.

Original comment by lars.o.l...@gmail.com on 9 Apr 2013 at 10:57

GoogleCodeExporter commented 9 years ago 
Yes, it was the missing route 0.0.0.0/1 and route 128.0.0.0/1 in the conf file 
that was missing. (It has worked fine without those on a jiayu g3 and also on 
ubuntu.)

Original comment by martin.l...@gmail.com on 10 Apr 2013 at 8:20

GoogleCodeExporter commented 9 years ago 
Thanks for the hint!!!

Original comment by martin.l...@gmail.com on 10 Apr 2013 at 8:21

GoogleCodeExporter commented 9 years ago 
It should not work without the routes lines on the other platforms. You can 
also set the default route via the UI. Closing the bug since everything works 
as expected

Original comment by arne@rfc2549.org on 10 Apr 2013 at 8:22

GoogleCodeExporter commented 9 years ago

Original comment by arne@rfc2549.org on 10 Apr 2013 at 8:22