longzuyuan / ics-openvpn

Automatically exported from code.google.com/p/ics-openvpn
0 stars 0 forks source link

P:read UDP [ECONNREFUSED]: Connection refused (code=111) #128

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Connect to OpenVPN server

What is the expected output? What do you see instead?
Logfile:
Modell GT-I9300 (smdk4x12) samsung, Android API 16
Log cleared.
Generiere OpenVPN Konfiguration…
started Socket Thread
Netzwerkstatus: CONNECTED HSDPA to mobile drei.at
P:Initializing Google Breakpad!
P:OpenVPN 2.3_rc1+dspatch3 android-14-armeabi-v7a [SSL (OpenSSL)] [LZO] [EPOLL] 
[MH] [IPv6] built on Dec 25 2012
P:MANAGEMENT: Connected to management server at 
/data/data/de.blinkt.openvpn/cache/mgmtsocket
P:MANAGEMENT: CMD 'hold release'
P:MANAGEMENT: CMD 'bytecount 2'
P:MANAGEMENT: CMD 'state on'
P:WARNING: No server certificate verification method has been enabled.  See 
http://openvpn.net/howto.html#mitm for more info.
P:MANAGEMENT: >STATE:1357302671,RESOLVE,,,
P:do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
P:MANAGEMENT: >STATE:1357302671,ASSIGN_IP,,192.168.254.62,
P:MANAGEMENT: CMD 'needok 'IFCONFIG' ok'
P:MANAGEMENT: CMD 'needok 'DNSSERVER' ok'
P:MANAGEMENT: CMD 'needok 'DNSSERVER' ok'
P:MANAGEMENT: CMD 'needok 'DNSDOMAIN' ok'
P:MANAGEMENT: CMD 'needok 'OPENTUN' ok'
P:Socket Buffers: R=[110592->131072] S=[110592->131072]
P:Protecting socket fd 5
P:MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
P:UDP link local: (not bound)
P:UDP link remote: [AF_INET]80.110.33.236:50016
P:MANAGEMENT: >STATE:1357302671,WAIT,,,
P:read UDP [ECONNREFUSED]: Connection refused (code=111)
P:read UDP [ECONNREFUSED]: Connection refused (code=111)
P:read UDP [ECONNREFUSED]: Connection refused (code=111)
P:MANAGEMENT: CMD 'signal SIGINT'
P:Closing TUN/TAP interface
P:SIGINT[hard,] received, process exiting
P:MANAGEMENT: >STATE:1357302681,EXITING,SIGINT,,

What mobile phone are you using?

Samsung S3 GT-I9300

Which Android Version and stock ROM or aftermarket like cyanogenmod?

Android: 4.1.1 Basisbandversion: I9300XXDLID
Kernel-Version: 3.0.31-288630
OpenVPN für Android 0.5.28

Please provide any additional information below.
1. Mein Config-File unter Windows:
script-security 2 system
client
dev tun
ifconfig 192.168.254.62 192.168.254.61
;dev-node MyTap
proto udp
remote coaxvpn.xxxxxx.at 50016 tcp-client
;remote-random
resolv-retry infinite
nobind
;user nobody
;group nobody
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #
;mute-replay-warnings
ca H:/inst/instovca.crt
cert H:/inst/jan-client.crt
key H:/inst/jan-client.key
;ns-cert-type server
;tls-auth ta.key 1
cipher DES-EDE3-CBC
comp-lzo
verb 3
;mute 20

2. sofort nach import:

**********************
# Enables connection to GUI
management /data/data/de.blinkt.openvpn/cache/mgmtsocket unix
management-client
management-query-passwords
management-hold

# Log window is better readable this way
suppress-timestamps
tls-client
verb 3
connect-retry-max 5
connect-retry 5
resolv-retry 60
dev tun
remote coaxvpn.instantina.at 50016 udp
<ca>
.....
</ca>
<key>
....
</key>
<cert>
....
</cert>
comp-lzo
ifconfig 192.168.254.62  255.255.255.255
dhcp-option DNS 131.234.137.23
dhcp-option DNS 131.234.137.24
dhcp-option DOMAIN blinkt.de
nobind
cipher DES-EDE3-CBC
persist-tun
# persist-tun also sets persist-remote-ip to avoid DNS resolve problem
persist-remote-ip
# Custom configuration options
# You are on your on own here :)
# These Options were found in the config file do not map to config settings:
resolv-retry infinite
************************

und erste Connect-Versuch:

***************
started Socket Thread
P:Initializing Google Breakpad!
P:OpenVPN 2.3_rc1+dspatch3 android-14-armeabi-v7a [SSL (OpenSSL)] [LZO] [EPOLL] 
[MH] [IPv6] built on Dec 25 2012
P:MANAGEMENT: Connected to management server at 
/data/data/de.blinkt.openvpn/cache/mgmtsocket
Netzwerkstatus: CONNECTED HSDPA to mobile drei.at
P:MANAGEMENT: CMD 'hold release'
P:MANAGEMENT: CMD 'bytecount 2'
P:WARNING: No server certificate verification method has been enabled.  See 
http://openvpn.net/howto.html#mitm for more info.
P:WARNING: Since you are using --dev tun with a point-to-point topology, the 
second argument to --ifconfig must be an IP address.  You are using something 
(255.255.255.255) that looks more like a netmask. (silence this warning with 
--ifconfig-nowarn)
P:do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
P:MANAGEMENT: CMD 'state on'
P:MANAGEMENT: CMD 'needok 'IFCONFIG' ok'
P:MANAGEMENT: CMD 'needok 'DNSSERVER' ok'
P:MANAGEMENT: CMD 'needok 'DNSSERVER' ok'
P:MANAGEMENT: CMD 'needok 'DNSDOMAIN' ok'
P:MANAGEMENT: CMD 'needok 'OPENTUN' ok'
P:Socket Buffers: R=[110592->131072] S=[110592->131072]
P:Protecting socket fd 5
P:MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
P:UDP link local: (not bound)
P:UDP link remote: [AF_INET]80.110.33.236:50016
P:MANAGEMENT: >STATE:1357302407,WAIT,,,
P:read UDP [ECONNREFUSED]: Connection refused (code=111)
P:read UDP [ECONNREFUSED]: Connection refused (code=111)
P:read UDP [ECONNREFUSED]: Connection refused (code=111)
P:MANAGEMENT: CMD 'signal SIGINT'
P:Closing TUN/TAP interface
P:SIGINT[hard,] received, process exiting
P:MANAGEMENT: >STATE:1357302415,EXITING,SIGINT,,
P:MANAGEMENT: TCP send error: Broken pipe
P:MANAGEMENT: Client disconnected
P:MANAGEMENT: Triggering management exit
***************

dann wegen:
***************
P:WARNING: Since you are using --dev tun with a point-to-point topology, the 
second argument to --ifconfig must be an IP address.  You are using something 
(255.255.255.255) that looks more like a netmask. (silence this warning with 
--ifconfig-nowarn)
***************
und Unterschiede zwischen original client-config:
ifconfig 192.168.254.62 192.168.254.61
und importierte Version:
ifconfig 192.168.254.62  255.255.255.255

habe ich client-config geändert, damit mit "the second argument to --ifconfig 
must be an IP address" passt, auf:

********************************
# Enables connection to GUI
management /data/data/de.blinkt.openvpn/cache/mgmtsocket unix
management-client
management-query-passwords
management-hold

# Log window is better readable this way
suppress-timestamps
tls-client
verb 3
connect-retry-max 5
connect-retry 5
resolv-retry 60
dev tun
remote coaxvpn.instantina.at 50016 udp
<ca>
.....
</ca>
<key>
....
</key>
<cert>
....
</cert>
comp-lzo
ifconfig 192.168.254.62 192.168.254.61  255.255.255.255
dhcp-option DNS 131.234.137.23
dhcp-option DNS 131.234.137.24
dhcp-option DOMAIN blinkt.de
nobind
cipher DES-EDE3-CBC
persist-tun
# persist-tun also sets persist-remote-ip to avoid DNS resolve problem
persist-remote-ip
# Custom configuration options
# You are on your on own here :)
# These Options were found in the config file do not map to config settings:
resolv-retry infinite
**********************************

Leider generierte Konfiguration hat zu ifconfig mask 255.255.255.255 gehängt. 
Zweite Connect hat folgenden Log produziert:

************************
Generiere OpenVPN Konfiguration…
started Socket Thread
Netzwerkstatus: CONNECTED HSDPA to mobile drei.at
P:Initializing Google Breakpad!
P:OpenVPN 2.3_rc1+dspatch3 android-14-armeabi-v7a [SSL (OpenSSL)] [LZO] [EPOLL] 
[MH] [IPv6] built on Dec 25 2012
P:MANAGEMENT: Connected to management server at 
/data/data/de.blinkt.openvpn/cache/mgmtsocket
P:MANAGEMENT: CMD 'hold release'
P:MANAGEMENT: CMD 'bytecount 2'
P:MANAGEMENT: CMD 'state on'
P:WARNING: No server certificate verification method has been enabled.  See 
http://openvpn.net/howto.html#mitm for more info.
P:MANAGEMENT: >STATE:1357302671,RESOLVE,,,
P:do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
P:MANAGEMENT: >STATE:1357302671,ASSIGN_IP,,192.168.254.62,
P:MANAGEMENT: CMD 'needok 'IFCONFIG' ok'
P:MANAGEMENT: CMD 'needok 'DNSSERVER' ok'
P:MANAGEMENT: CMD 'needok 'DNSSERVER' ok'
P:MANAGEMENT: CMD 'needok 'DNSDOMAIN' ok'
P:MANAGEMENT: CMD 'needok 'OPENTUN' ok'
P:Socket Buffers: R=[110592->131072] S=[110592->131072]
P:Protecting socket fd 5
P:MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
P:UDP link local: (not bound)
P:UDP link remote: [AF_INET]80.110.33.236:50016
P:MANAGEMENT: >STATE:1357302671,WAIT,,,
P:read UDP [ECONNREFUSED]: Connection refused (code=111)
P:read UDP [ECONNREFUSED]: Connection refused (code=111)
P:read UDP [ECONNREFUSED]: Connection refused (code=111)
P:MANAGEMENT: CMD 'signal SIGINT'
P:Closing TUN/TAP interface
P:SIGINT[hard,] received, process exiting
P:MANAGEMENT: >STATE:1357302681,EXITING,SIGINT,,
********************

d.h kein Warning wegen ifconfig, aber Fehler:
"P:read UDP [ECONNREFUSED]: Connection refused (code=111)"
bleibt.

Original issue reported on code.google.com by JanSzafr...@gmail.com on 4 Jan 2013 at 1:19

GoogleCodeExporter commented 9 years ago
Zu der infconfig warnung, die kann man auf android ignorieren. 

Ich glaube der Importer ist von diesen beiden Zeilen verwirrt:

proto udp
remote coaxvpn.xxxxxx.at 50016 tcp-client

Bitte einmal die proto udp Zeile entefernen und dann nochmal probieren.

Original comment by arne@rfc2549.org on 4 Jan 2013 at 1:46

GoogleCodeExporter commented 9 years ago
This issue was closed by revision 935257e05633.

Original comment by arne@rfc2549.org on 4 Jan 2013 at 2:04

GoogleCodeExporter commented 9 years ago
Danke, es hat geholfen, allerdings musste ich nach Import noch "Pull Settings" 
auf "off" und die IPv4 Adresse auf "192.168.254.62 192.168.254.61" setzen, 
dadurch wurde
ifconfig 192.168.254.62 192.168.254.61  255.255.255.255
generiert. Dann könnte ich Verbindung aufbauen. Leider habe ich noch Probleme
mit ping (bzw. ssh) Linux-Rechner, die im OpenVPN-Server-Netz (Linux)bekannt 
sind, mit IP-Adresse anzusprechen. Beim OpenVPN-Clients unter Windows8 und 
Windows NT ist es aber möglich gewesen.
Wahrscheinlich muß ich mit dem Netzwerk-Admin sprechen, der den OpenVPN-Server 
aufgesetzt hat. 

lg
Jan

Original comment by JanSzafr...@gmail.com on 7 Jan 2013 at 2:32

GoogleCodeExporter commented 9 years ago
Die generate ifconfig Zeile kann man eigentlich ignorieren. Der client 
interessiert sich nicht für die gw ip. Das sollte mit pull settings 
funtkionieren. Die einstellungen die am ende genutzt werden kann man über die 
Info Taste im Log sehen und das sind auch die einzigen, die am Ende 
interessieren. Die ganzen anderen IPs/GW/Subnetzmasken zwischendurch sind nur 
Rauschen ;)

Original comment by arne@rfc2549.org on 7 Jan 2013 at 2:49