Not working

[soheil-bin]

FATAL EXCEPTION: main Process: com.lavabit.pahoehoe, PID: 28541 android.app.RemoteServiceException: Bad notification for startForeground at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1945) at android.os.Handler.dispatchMessage(Handler.java:107) at android.os.Looper.loop(Looper.java:214) at android.app.ActivityThread.main(ActivityThread.java:7356) at java.lang.reflect.Method.invoke(Native Method) at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:491) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:940)

[ladar]

@soheilkhanalipur can you provide more information? Did you install the app via the Google Play store, or directly off the releases page? What type of device, and Android version are you using? And is it a physical device, or an emulator?

If you downloaded it directly from GitHub, then you should be installing the web release APK.... That APK includes support for all 4 of the major Android architectures (x86, x86_64, armv7, and armv8*).

If you tried to build the app yourself, then things get more complicated. But you should be using the run.sh script, or if your more advanced, the debian-10-build.sh and debian-10-rebuild.sh scripts.

The error you posted could be from a lot of things, but I found the most common issue was the APK in question didn't include the binary OpenVPN library for the platform you were using, or the library file was missing entirely. Android Studio builds will fail for this reason, because it doesn't understand the relationship with the binary library files. If you build the libraries via the command line first, and then via Android studio, it will include them in the resulting APK though. Follow the build scripts above, or try running scripts/build_deps.sh from the command line before importing the project into Android studio.

• We don't support MIPs devices, or anything more exotic at the moment, since we're limited to what the current Android NDK supports.

[soheil-bin]

My device is Galaxy J7 Nxt with Android 10 (LineageOS) And I installed it from F-Droid.

[ladar]

@soheilkhanalipur I'm a big fan of Lineage. But I haven't had time to test the app on Lineage yet.

I did checkout the F-droid APK, and it appears to have all the ABIs included. And I tested the app via an F-droid install on a Moto device with Android 8, and everything appears to be working properly.

I've also tested on Android 10 devices/emulators and it runs fine. I haven't tried F-droid on Android 10 yet.

Unfortunately it might be a couple of weeks till I can setup a test on Lineage though. If you happen to find any more clues beyond the generic exception above, please add it here.

[ladar]

@brokep do you have any devices handy with a recent version of Lineage loaded on them already? Can you test an F-droid install?

All I've got are my XT897s with Lineage already loaded, but they're pretty old, and they aren't handy.

[ladar]

@soheilkhanalipur I checked the upstream issue list, and all indications are that the app should work.

There was one possible clue though. Is your device setup with IPv4 support? I believe Lineage on T-mobile uses an APN configuration which only provides IPv6 access. Using IPv6 over the VPN works just fine, but you currently need to connect with to the gateway using IPv4.

[ladar]

@soheilkhanalipur if that is your issue you can try this fix:

Android APN settings

    Open the Access Point Names or APNs menu.
        In Settings, look under Wireless & Networks or tap the Connections tab.
        Touch Mobile network. You may need to touch More settings, More..., or More networks first.
        Touch Access Point Names.
    Touch the T-Mobile APN if one is available. If not, press the Menu key and touch new APN.
    Verify and update the following settings for the Data APN.
        Name: T-Mobile
        APN: Fast.t-mobile.com (for LTE devices) or epc.tmobile.com (for non-LTE devices)
        Proxy: <Not set>
        Port: <Not set>
        Username: <Not set>
        Password: <Not set>
        Server: <Not set>
        MMSC: http://mms.msg.eng.t-mobile.com/mms/wapenc
        MMS proxy: <Not set>
        MMS port: <Not set>
        MMS protocol: WAP 2.0
        MCC: 310
        MNC: 260
        Authentication Type: <Not set>
        APN Type: default,supl,mms OR Internet+MMS
            Default Android provides a text field to enter: default,supl,mms.
            Samsung provides an Internet+MMS radio button to select.
        APN Protocol: IPv4/IPv6
        APN roaming protocol: IPv4/IPv6 or IPv4 only when roaming internationally
        Turn APN on/off: Grayed out unless there are multiple APNs
        Bearer: Unspecified
    Press the Menu key.
    Touch Save.
    Delete any other APNs that appear in the list. The FOTA APN can remain if available.
        Touch the APN that needs to be removed.
        Press the Menu key.
        Touch Delete APN.
    Verify there is a circle next to the remaining APN.
    Perform a soft reset. Hold down the power button until the device turns off and restarts.
    Test the data connection and/or MMS by accessing the Web or sending a picture message.
    Complete additional troubleshooting if the APN settings are correct, but customers still experience issues.

[soheil-bin]

I am not a T-Mobile user. I am in Iran; Could this be due to cowardly US sanctions, or Internet censorship by Iranian government?

[ladar]

@soheilkhanalipur it wouldn't surprise me if someone was blocking your access. My guess is the Iranian government, especially if they have a habit of blocking IPs belonging to known VPN providers. But that's difficult to confirm. You would need to open a shell an run a few commands to check. If you can install Termux, and run:

ping api.proxy.lavabit.com
ping 242.proxy.lavabit.com

It will confirm whether you can reach the control node, and at least one of the proxy nodes. Next run:

curl --insecure https://api.proxy.lavabit.com/provider.json
curl --insecure https://api.proxy.lavabit.com/cert

That confirms you can get the VPN config, and an access key pair. My guess is it's this step that is failing which is why you see that error. I did testing without a network connection, and I think it was handled. But I didn't test the situation where a device was connected, and could even send packets, but those packets were blocked. That usually results in a very specific IP response.

Anyways, assuming that works, you need to verify connectivity to port 443 (aka the HTTPS) port on the proxy nodes, ie 242.proxy.lavabit.com ... but that's a little tricky, since they aren't valid web servers. You can try running:

nc -z -v 242.proxy.lavabit.com 443

Two notes. If your device doesn't have curl and netcat already installed, you'll have to install the Termux packages by running:

pkg install -y curl netcat-openbsd

Also, don't worry about the insecure flag we passed to curl. The proxy uses our own CA, and the CA certificate is embedded in our app. If your curious, you can grab the CA via:

curl --insecure https://api.proxy.lavabit.com/ca.crt

And if you wanted to install it on your device for some reason, you can look at this [script](https://github.com/lavabit/pahoehoe/blob/master/android-11-ca-setup.sh).

https://github.com/lavabit/pahoehoe/blob/master/android-11-ca-setup.sh