longzuyuan / ics-openvpn

Automatically exported from code.google.com/p/ics-openvpn
0 stars 0 forks source link

Nexus 7 unable to connect to VPN when using Galaxy Nexus or Nexus S as wifi hotspot #59

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Setup wifi hotspot on Galaxy Nexus/Nexus S
2. Use Nexus 7 to connect to VPN

What is the expected output?
My Nexus 7 connected to a VPN

What do you see instead?
The client just keeps looping trying to connect again and again and again along 
with "TCP_CONNECT" ( not the lower case tcp_connect keep showing in the 
notification bar

What mobile phone are you using?
using a tablet. Nexus 7

Which Android Version and stock ROM or aftermarket like cyanogenmod?
not rooted, locked bootloader, stock rom

Please provide any additional information below.

The log output ( I've replace my VPN address with 
"[vpn_server_ip_address:port]" )

Running on Nexus 7 (grouper) google, Android API 16
Log cleared.
Building configuration…
P:OpenVPN 2.3_alpha1 arm-linux-androideabi [SSL (OpenSSL)] [LZO] [EPOLL] [MH] 
[PF_INET6] [IPv6 payload 20110522-1 (2.2.0)] built on Jul 15 2012
P:WARNING: No server certificate verification method has been enabled.  See 
http://openvpn.net/howto.html#mitm for more info.
P:NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call 
user-defined scripts or executables
P:Attempting to establish TCP connection with 
[AF_INET][vpn_server_ip_address:port] [nonblock]
Network Status: CONNECTED  to WIFI null
P:TCP connection established with [AF_INET][vpn_server_ip_address:port]
P:TCPv4_CLIENT link local: [undef]
P:TCPv4_CLIENT link remote: [AF_INET][vpn_server_ip_address:port]
P:WARNING: this configuration may cache passwords in memory -- use the 
auth-nocache option to prevent this
P:Connection reset, restarting [-1]
P:SIGUSR1[soft,connection-reset] received, process restarting
P:WARNING: No server certificate verification method has been enabled.  See 
http://openvpn.net/howto.html#mitm for more info.
P:NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call 
user-defined scripts or executables
P:Attempting to establish TCP connection with 
[AF_INET][vpn_server_ip_address:port] [nonblock]
P:TCP connection established with [AF_INET][vpn_server_ip_address:port]
P:TCPv4_CLIENT link local: [undef]
P:TCPv4_CLIENT link remote: [AF_INET][vpn_server_ip_address:port]
P:Connection reset, restarting [-1]
P:SIGUSR1[soft,connection-reset] received, process restarting
P:WARNING: No server certificate verification method has been enabled.  See 
http://openvpn.net/howto.html#mitm for more info.
P:NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call 
user-defined scripts or executables
P:Attempting to establish TCP connection with 
[AF_INET][vpn_server_ip_address:port] [nonblock]
P:TCP connection established with [AF_INET][vpn_server_ip_address:port]
P:TCPv4_CLIENT link local: [undef]
P:TCPv4_CLIENT link remote: [AF_INET][vpn_server_ip_address:port]
P:Connection reset, restarting [-1]
P:SIGUSR1[soft,connection-reset] received, process restarting
P:WARNING: No server certificate verification method has been enabled.  See 
http://openvpn.net/howto.html#mitm for more info.
P:NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call 
user-defined scripts or executables
P:Attempting to establish TCP connection with 
[AF_INET][vpn_server_ip_address:port] [nonblock]
P:TCP connection established with [AF_INET][vpn_server_ip_address:port]
P:TCPv4_CLIENT link local: [undef]
P:TCPv4_CLIENT link remote: [AF_INET][vpn_server_ip_address:port]
P:Connection reset, restarting [-1]
P:SIGUSR1[soft,connection-reset] received, process restarting
P:WARNING: No server certificate verification method has been enabled.  See 
http://openvpn.net/howto.html#mitm for more info.
P:NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call 
user-defined scripts or executables
P:Attempting to establish TCP connection with 
[AF_INET][vpn_server_ip_address:port] [nonblock]
P:TCP connection established with [AF_INET][vpn_server_ip_address:port]
P:TCPv4_CLIENT link local: [undef]
P:TCPv4_CLIENT link remote: [AF_INET][vpn_server_ip_address:port]
P:Connection reset, restarting [-1]
P:SIGUSR1[soft,connection-reset] received, process restarting
P:WARNING: No server certificate verification method has been enabled.  See 
http://openvpn.net/howto.html#mitm for more info.
P:NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call 
user-defined scripts or executables
P:Attempting to establish TCP connection with 
[AF_INET][vpn_server_ip_address:port] [nonblock]
P:TCP connection established with [AF_INET][vpn_server_ip_address:port]
P:TCPv4_CLIENT link local: [undef]
P:TCPv4_CLIENT link remote: [AF_INET][vpn_server_ip_address:port]
P:Connection reset, restarting [-1]
P:SIGUSR1[soft,connection-reset] received, process restarting
P:WARNING: No server certificate verification method has been enabled.  See 
http://openvpn.net/howto.html#mitm for more info.
P:NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call 
user-defined scripts or executables
P:Attempting to establish TCP connection with 
[AF_INET][vpn_server_ip_address:port] [nonblock]
P:TCP connection established with [AF_INET][vpn_server_ip_address:port]
P:TCPv4_CLIENT link local: [undef]
P:TCPv4_CLIENT link remote: [AF_INET][vpn_server_ip_address:port]
P:Connection reset, restarting [-1]
P:SIGUSR1[soft,connection-reset] received, process restarting
P:WARNING: No server certificate verification method has been enabled.  See 
http://openvpn.net/howto.html#mitm for more info.
P:NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call 
user-defined scripts or executables
P:Attempting to establish TCP connection with 
[AF_INET][vpn_server_ip_address:port] [nonblock]
P:SIGINT[hard,init_instance] received, process exiting

Original issue reported on code.google.com by sinat...@gmail.com on 21 Jul 2012 at 9:14

GoogleCodeExporter commented 9 years ago
forgot to mention

after step 1 connect your device to the wifi hotspot and then connect to VPN

The "Log verbosity level" is set to "1"

Original comment by sinat...@gmail.com on 21 Jul 2012 at 9:17

GoogleCodeExporter commented 9 years ago
Try to increase the log verbosity. Also have your have tried to connect over a 
"normal" Wifi?

Original comment by arne@rfc2549.org on 21 Jul 2012 at 10:22

GoogleCodeExporter commented 9 years ago
Yeah sorry forgot to mention that swell. I use Cisco e4200 at home and also a 
mifi device huawei e586 and works fine with both of them.

Typing this now on my nexus 7, connected VPN and nexus 7 connect to the Cisco 
e4200.

I'll get the log output soon. I'm busy at the moment

Original comment by sinat...@gmail.com on 21 Jul 2012 at 10:30

GoogleCodeExporter commented 9 years ago
Note that there is a Android bug that VPN and Wifi share on the same device 
don't work together. See also issue #34

Original comment by arne@rfc2549.org on 21 Jul 2012 at 10:39

GoogleCodeExporter commented 9 years ago
Yeah I reported that issue. That's not the issue.

Original comment by sinat...@gmail.com on 21 Jul 2012 at 10:42

GoogleCodeExporter commented 9 years ago
here is the log output with log verbosity set to "5". Sorry for delay

Log cleared.
Building configuration…
P:Current Parameter Settings:
P:  config = '/data/data/de.blinkt.openvpn/cache/android.conf'
P:  mode = 0
P:  show_ciphers = DISABLED
P:  show_digests = DISABLED
P:  show_engines = DISABLED
P:  genkey = DISABLED
P:  key_pass_file = '[UNDEF]'
P:  show_tls_ciphers = DISABLED
P:Connection profiles [default]:
P:  proto = tcp-client
P:  local = '[UNDEF]'
P:  local_port = 0
P:  remote = '[vpn_server_ip_address]'
P:  remote_port = 443
P:  remote_float = DISABLED
P:  bind_defined = DISABLED
P:  bind_local = DISABLED
P:  connect_retry_seconds = 5
P:  connect_timeout = 10
P:  connect_retry_max = 5
P:  socks_proxy_server = '[UNDEF]'
P:  socks_proxy_port = 0
P:  socks_proxy_retry = DISABLED
P:  tun_mtu = 1500
P:  tun_mtu_defined = ENABLED
P:  link_mtu = 1500
P:  link_mtu_defined = DISABLED
P:  tun_mtu_extra = 0
P:  tun_mtu_extra_defined = DISABLED
P:  mtu_discover_type = -1
P:  fragment = 0
P:  mssfix = 1450
P:  explicit_exit_notification = 0
P:Connection profiles END
P:  remote_random = DISABLED
P:  ipchange = '[UNDEF]'
P:  dev = 'tun'
P:  dev_type = '[UNDEF]'
P:  dev_node = '[UNDEF]'
P:  lladdr = '[UNDEF]'
P:  topology = 1
P:  tun_ipv6 = DISABLED
P:  ifconfig_local = '[UNDEF]'
P:  ifconfig_remote_netmask = '[UNDEF]'
P:  ifconfig_noexec = DISABLED
P:  ifconfig_nowarn = DISABLED
P:  ifconfig_ipv6_local = '[UNDEF]'
P:  ifconfig_ipv6_netbits = 0
P:  ifconfig_ipv6_remote = '[UNDEF]'
P:  shaper = 0
P:  mtu_test = 0
P:  mlock = DISABLED
P:  keepalive_ping = 0
P:  keepalive_timeout = 0
P:  inactivity_timeout = 0
P:  ping_send_timeout = 0
P:  ping_rec_timeout = 0
P:  ping_rec_timeout_action = 0
P:  ping_timer_remote = DISABLED
P:  remap_sigusr1 = 0
P:  persist_tun = DISABLED
P:  persist_local_ip = DISABLED
P:  persist_remote_ip = DISABLED
P:  persist_key = DISABLED
P:  resolve_retry_seconds = 5
P:  username = '[UNDEF]'
P:  groupname = '[UNDEF]'
P:  chroot_dir = '[UNDEF]'
P:  cd_dir = '[UNDEF]'
P:  writepid = '[UNDEF]'
P:  up_script = '[UNDEF]'
P:  down_script = '[UNDEF]'
P:  down_pre = DISABLED
P:  up_restart = DISABLED
P:  up_delay = DISABLED
P:  daemon = DISABLED
P:  inetd = 0
P:  log = DISABLED
P:  suppress_timestamps = ENABLED
P:  nice = 0
P:  verbosity = 5
P:  mute = 0
P:  gremlin = 0
P:  status_file = '[UNDEF]'
P:  status_file_version = 1
P:  status_file_update_freq = 60
P:  occ = ENABLED
P:  rcvbuf = 65536
P:  sndbuf = 65536
P:  sockflags = 0
P:  fast_io = DISABLED
P:  lzo = 0
P:  route_script = '[UNDEF]'
P:  route_default_gateway = '[UNDEF]'
P:  route_default_metric = 0
P:  route_noexec = DISABLED
P:  route_delay = 0
P:  route_delay_window = 30
P:  route_delay_defined = DISABLED
P:  route_nopull = DISABLED
P:  route_gateway_via_dhcp = DISABLED
P:  max_routes = 100
P:  allow_pull_fqdn = DISABLED
P:  route 0.0.0.0/0.0.0.0/nil/nil
P:  management_addr = '/data/data/de.blinkt.openvpn/cache/mgmtsocket'
P:  management_port = 0
P:  management_user_pass = '[UNDEF]'
P:  management_log_history_cache = 250
P:  management_echo_buffer_size = 100
P:  management_write_peer_info_file = '[UNDEF]'
P:  management_client_user = '[UNDEF]'
P:  management_client_group = '[UNDEF]'
P:  management_flags = 262
P:  shared_secret_file = '[UNDEF]'
P:  key_direction = 0
P:  ciphername_defined = ENABLED
P:  ciphername = 'BF-CBC'
P:  authname_defined = ENABLED
P:  authname = 'SHA1'
P:  prng_hash = 'SHA1'
P:  prng_nonce_secret_len = 16
P:  keysize = 0
P:  engine = DISABLED
P:  replay = ENABLED
P:  mute_replay_warnings = DISABLED
P:  replay_window = 64
P:  replay_time = 15
P:  packet_id_file = '[UNDEF]'
P:  use_iv = ENABLED
P:  test_crypto = DISABLED
P:  tls_server = DISABLED
P:  tls_client = ENABLED
P:  key_method = 2
P:  ca_file = '[[INLINE]]'
P:  ca_path = '[UNDEF]'
P:  dh_file = '[UNDEF]'
P:  cert_file = '[[INLINE]]'
P:  priv_key_file = '[[INLINE]]'
P:  pkcs12_file = '[UNDEF]'
P:  cipher_list = '[UNDEF]'
P:  tls_verify = '[UNDEF]'
P:  tls_export_cert = '[UNDEF]'
P:  tls_remote = '[UNDEF]'
P:  crl_file = '[UNDEF]'
P:  ns_cert_type = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_ku[i] = 0
P:  remote_cert_eku = '[UNDEF]'
P:  ssl_flags = 0
P:  tls_timeout = 2
P:  renegotiate_bytes = 0
P:  renegotiate_packets = 0
P:  renegotiate_seconds = 3600
P:  handshake_window = 60
P:  transition_window = 3600
P:  single_session = DISABLED
P:  push_peer_info = DISABLED
P:  tls_exit = DISABLED
P:  tls_auth_file = '[UNDEF]'
P:  client = ENABLED
P:  pull = ENABLED
P:  auth_user_pass_file = 'stdin'
P:OpenVPN 2.3_alpha1 arm-linux-androideabi [SSL (OpenSSL)] [LZO] [EPOLL] [MH] 
[PF_INET6] [IPv6 payload 20110522-1 (2.2.0)] built on Jul 15 2012
P:MANAGEMENT: unix domain socket listening on 
/data/data/de.blinkt.openvpn/cache/mgmtsocket
P:Need hold release from management interface, waiting...
P:MANAGEMENT: Client connected from 
/data/data/de.blinkt.openvpn/cache/mgmtsocket
P:MANAGEMENT: CMD 'hold release'
P:MANAGEMENT: CMD 'bytecount 2'
P:MANAGEMENT: CMD 'state on'
P:MANAGEMENT: CMD 'username 'Auth' "[my_username]"'
P:MANAGEMENT: CMD 'password [...]'
P:WARNING: No server certificate verification method has been enabled.  See 
http://openvpn.net/howto.html#mitm for more info.
P:NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call 
user-defined scripts or executables
P:Control Channel MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:0 ]
P:MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
P:Socket Buffers: R=[1048576->131072] S=[524288->131072]
P:Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ]
P:Local Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto 
TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
P:Expected Remote Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 
1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 
2,tls-server'
P:Local Options hash (VER=V4): 'db02a8f8'
P:Expected Remote Options hash (VER=V4): '7e068940'
P:Attempting to establish TCP connection with 
[AF_INET][vpn_server_ip_address:port] [nonblock]
P:MANAGEMENT: >STATE:1342871454,TCP_CONNECT,,,
Network Status: CONNECTED  to WIFI null
P:TCP connection established with [AF_INET][vpn_server_ip_address:port]
P:TCPv4_CLIENT link local: [undef]
P:TCPv4_CLIENT link remote: [AF_INET][vpn_server_ip_address:port]
P:MANAGEMENT: >STATE:1342871455,WAIT,,,
P:WRMANAGEMENT: >STATE:1342871455,AUTH,,,
P:TLS: Initial packet from [AF_INET][vpn_server_ip_address:port], sid=3e5f966b 
3f827d92
P:WWARNING: this configuration may cache passwords in memory -- use the 
auth-nocache option to prevent this
P:WWConnection reset, restarting [-1]
P:TCP/UDP: Closing socket
P:SIGUSR1[soft,connection-reset] received, process restarting
P:MANAGEMENT: >STATE:1342871455,RECONNECTING,connection-reset,,
P:MANAGEMENT: CMD 'hold release'
P:WARNING: No server certificate verification method has been enabled.  See 
http://openvpn.net/howto.html#mitm for more info.
P:NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call 
user-defined scripts or executables
P:Control Channel MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:0 ]
P:MANAGEMENT: CMD 'bytecount 2'
P:MANAGEMENT: CMD 'state on'
P:MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
P:Socket Buffers: R=[1048576->131072] S=[524288->131072]
P:Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ]
P:Local Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto 
TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
P:Expected Remote Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 
1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 
2,tls-server'
P:Local Options hash (VER=V4): 'db02a8f8'
P:Expected Remote Options hash (VER=V4): '7e068940'
P:Attempting to establish TCP connection with 
[AF_INET][vpn_server_ip_address:port] [nonblock]
P:MANAGEMENT: >STATE:1342871455,TCP_CONNECT,,,
P:TCP connection established with [AF_INET][vpn_server_ip_address:port]
P:TCPv4_CLIENT link local: [undef]
P:TCPv4_CLIENT link remote: [AF_INET][vpn_server_ip_address:port]
P:MANAGEMENT: >STATE:1342871456,WAIT,,,
P:WRMANAGEMENT: >STATE:1342871456,AUTH,,,
P:TLS: Initial packet from [AF_INET][vpn_server_ip_address:port], sid=65dbfb3e 
ae0e874f
P:WWWConnection reset, restarting [-1]
P:TCP/UDP: Closing socket
P:SIGUSR1[soft,connection-reset] received, process restarting
P:MANAGEMENT: >STATE:1342871456,RECONNECTING,connection-reset,,
P:MANAGEMENT: CMD 'hold release'
P:MANAGEMENT: CMD 'bytecount 2'
P:MANAGEMENT: CMD 'state on'
P:WARNING: No server certificate verification method has been enabled.  See 
http://openvpn.net/howto.html#mitm for more info.
P:NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call 
user-defined scripts or executables
P:Control Channel MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:0 ]
P:MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
P:Socket Buffers: R=[1048576->131072] S=[524288->131072]
P:Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ]
P:Local Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto 
TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
P:Expected Remote Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 
1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 
2,tls-server'
P:Local Options hash (VER=V4): 'db02a8f8'
P:Expected Remote Options hash (VER=V4): '7e068940'
P:Attempting to establish TCP connection with 
[AF_INET][vpn_server_ip_address:port] [nonblock]
P:MANAGEMENT: >STATE:1342871456,TCP_CONNECT,,,
P:TCP connection established with [AF_INET][vpn_server_ip_address:port]
P:TCPv4_CLIENT link local: [undef]
P:TCPv4_CLIENT link remote: [AF_INET][vpn_server_ip_address:port]
P:MANAGEMENT: >STATE:1342871457,WAIT,,,
P:WRMANAGEMENT: >STATE:1342871457,AUTH,,,
P:TLS: Initial packet from [AF_INET][vpn_server_ip_address:port], sid=5f7cdb08 
d2b919aa
P:WWWConnection reset, restarting [-1]
P:TCP/UDP: Closing socket
P:SIGUSR1[soft,connection-reset] received, process restarting
P:MANAGEMENT: >STATE:1342871457,RECONNECTING,connection-reset,,
P:MANAGEMENT: CMD 'hold release'
P:WARNING: No server certificate verification method has been enabled.  See 
http://openvpn.net/howto.html#mitm for more info.
P:NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call 
user-defined scripts or executables
P:Control Channel MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:0 ]
P:MANAGEMENT: CMD 'bytecount 2'
P:MANAGEMENT: CMD 'state on'
P:MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
P:Socket Buffers: R=[1048576->131072] S=[524288->131072]
P:Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ]
P:Local Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto 
TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
P:Expected Remote Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 
1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 
2,tls-server'
P:Local Options hash (VER=V4): 'db02a8f8'
P:Expected Remote Options hash (VER=V4): '7e068940'
P:Attempting to establish TCP connection with 
[AF_INET][vpn_server_ip_address:port] [nonblock]
P:MANAGEMENT: >STATE:1342871457,TCP_CONNECT,,,
P:TCP connection established with [AF_INET][vpn_server_ip_address:port]
P:TCPv4_CLIENT link local: [undef]
P:TCPv4_CLIENT link remote: [AF_INET][vpn_server_ip_address:port]
P:MANAGEMENT: >STATE:1342871458,WAIT,,,
P:WRMANAGEMENT: >STATE:1342871458,AUTH,,,
P:TLS: Initial packet from [AF_INET][vpn_server_ip_address:port], sid=9c77c64d 
156b92c6
P:WWWConnection reset, restarting [-1]
P:TCP/UDP: Closing socket
P:SIGUSR1[soft,connection-reset] received, process restarting
P:MANAGEMENT: >STATE:1342871458,RECONNECTING,connection-reset,,
P:MANAGEMENT: CMD 'hold release'
P:WARNING: No server certificate verification method has been enabled.  See 
http://openvpn.net/howto.html#mitm for more info.
P:NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call 
user-defined scripts or executables
P:Control Channel MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:0 ]
P:MANAGEMENT: CMD 'bytecount 2'
P:MANAGEMENT: CMD 'state on'
P:MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
P:Socket Buffers: R=[1048576->131072] S=[524288->131072]
P:Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ]
P:Local Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto 
TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
P:Expected Remote Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 
1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 
2,tls-server'
P:Local Options hash (VER=V4): 'db02a8f8'
P:Expected Remote Options hash (VER=V4): '7e068940'
P:Attempting to establish TCP connection with 
[AF_INET][vpn_server_ip_address:port] [nonblock]
P:MANAGEMENT: >STATE:1342871458,TCP_CONNECT,,,
P:TCP connection established with [AF_INET][vpn_server_ip_address:port]
P:TCPv4_CLIENT link local: [undef]
P:TCPv4_CLIENT link remote: [AF_INET][vpn_server_ip_address:port]
P:MANAGEMENT: >STATE:1342871459,WAIT,,,
P:WRMANAGEMENT: >STATE:1342871459,AUTH,,,
P:TLS: Initial packet from [AF_INET][vpn_server_ip_address:port], sid=8f215a1d 
b357836a
P:WWWConnection reset, restarting [-1]
P:TCP/UDP: Closing socket
P:SIGUSR1[soft,connection-reset] received, process restarting
P:MANAGEMENT: >STATE:1342871459,RECONNECTING,connection-reset,,
P:MANAGEMENT: CMD 'hold release'
P:MANAGEMENT: CMD 'bytecount 2'
P:MANAGEMENT: CMD 'state on'
P:WARNING: No server certificate verification method has been enabled.  See 
http://openvpn.net/howto.html#mitm for more info.
P:NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call 
user-defined scripts or executables
P:Control Channel MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:0 ]
P:MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
P:Socket Buffers: R=[1048576->131072] S=[524288->131072]
P:Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ]
P:Local Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto 
TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
P:Expected Remote Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 
1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 
2,tls-server'
P:Local Options hash (VER=V4): 'db02a8f8'
P:Expected Remote Options hash (VER=V4): '7e068940'
P:Attempting to establish TCP connection with 
[AF_INET][vpn_server_ip_address:port] [nonblock]
P:MANAGEMENT: >STATE:1342871459,TCP_CONNECT,,,
P:TCP connection established with [AF_INET][vpn_server_ip_address:port]
P:TCPv4_CLIENT link local: [undef]
P:TCPv4_CLIENT link remote: [AF_INET][vpn_server_ip_address:port]
P:MANAGEMENT: >STATE:1342871460,WAIT,,,
P:WRMANAGEMENT: >STATE:1342871460,AUTH,,,
P:TLS: Initial packet from [AF_INET][vpn_server_ip_address:port], sid=cd8010a3 
3f5e406f
P:WWWConnection reset, restarting [-1]
P:TCP/UDP: Closing socket
P:SIGUSR1[soft,connection-reset] received, process restarting
P:MANAGEMENT: >STATE:1342871461,RECONNECTING,connection-reset,,
P:MANAGEMENT: CMD 'hold release'
P:MANAGEMENT: CMD 'bytecount 2'
P:MANAGEMENT: CMD 'state on'
P:WARNING: No server certificate verification method has been enabled.  See 
http://openvpn.net/howto.html#mitm for more info.
P:NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call 
user-defined scripts or executables
P:Control Channel MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:0 ]
P:MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
P:Socket Buffers: R=[1048576->131072] S=[524288->131072]
P:Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ]
P:Local Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto 
TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
P:Expected Remote Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 
1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 
2,tls-server'
P:Local Options hash (VER=V4): 'db02a8f8'
P:Expected Remote Options hash (VER=V4): '7e068940'
P:Attempting to establish TCP connection with 
[AF_INET][vpn_server_ip_address:port] [nonblock]
P:MANAGEMENT: >STATE:1342871461,TCP_CONNECT,,,
P:MANAGEMENT: CMD 'signal SIGINT'
P:TCP/UDP: Closing socket
P:SIGINT[hard,init_instance] received, process exiting
P:MANAGEMENT: >STATE:1342871461,EXITING,init_instance,,

Original comment by sinat...@gmail.com on 21 Jul 2012 at 12:01

GoogleCodeExporter commented 9 years ago
Yeah, you are getting a connection reset. I.e. a tcp reset after writing three 
packets (WWW). Check the server side logs if there is anything in that log 
which can help. Otherwise I have no idea why this does not work.

Original comment by arne@rfc2549.org on 21 Jul 2012 at 12:15

GoogleCodeExporter commented 9 years ago
Hmmm... not much I can do there either as I'm not hosting the VPN server.

I find it strange it works through my router and mifi but not my nexus s or 
galaxy nexus ( neither are connected to the VPN. I use my nexus 7 for that )

All 4 of them are simply routing packets... nothing more

I'm wondering if Google has an issue with their hotspot code

Original comment by sinat...@gmail.com on 21 Jul 2012 at 12:22

GoogleCodeExporter commented 9 years ago
Sounds like this might be a NAT and/or UDP issuse. Is yout wifi hotspot a 
physical device or do you mean using the Android wifi hotspot? Those embedded 
devices rarely do very good at keeping state for complicated communications 
like IKE and NAT-traversal only does so much. Anyway, you might try toggling 
the UDP option in the application and see what you get. If your able to, I 
would be interested to see a tcpdump from the device or directly upstream. 

Lastly, if none of that helps I can set you up with a user on my OpenVPN-AS box 
so we can get a clear view from the server's perspective and some logs. Hope 
that helps and if not the OpenVPN devel group might.

Original comment by jon.hann...@gmail.com on 13 Aug 2012 at 10:22

GoogleCodeExporter commented 9 years ago
I have now a Nexus 7 too and connecting via my Defy with CM10 (4.1.1) works 
fine.

Original comment by arne@rfc2549.org on 3 Sep 2012 at 4:36

GoogleCodeExporter commented 9 years ago
I am closing the issue since I also tried it with a galaxy nexus and connect 
reproduce it.

Original comment by arne@rfc2549.org on 16 Oct 2012 at 3:22