Closed GoogleCodeExporter closed 9 years ago
So even you have no routes configured on the openvpn client (check with show
connection information) the connection gehts dropped?
The https proxy *might* detect that this is no http connection a drop/reset the
connection. A tcpdump showing the traffic of the android client might be
helpful.
There are other users who reported the http proxy support working.
Original comment by arne@rfc2549.org
on 14 Aug 2012 at 8:36
Thanks again for your quick reply.
It seems I got my issue sorted.
Actually it was an option ticket on OpenVPN server side which caused the issue.
I used a router with "TomatoUSB" firmware on it, providing built-in OpenVPN
support.
There's an option in it's advanced OpenVPN server settings called "Direct
clients to
redirect Internet traffic".
Apparently this causes "redirect-gateway" to be pushed to the clients, causing
the http proxy to be considered as a transparent proxy with the OpenVPN server
to be the default gateway.
This of course breaks the connection.
I unchecked that option and the connection remained stable.
Just as a sidenote for other users who intend to do the same thing I did:
If you still want all your internet traffic to go through the OpenVPN route,
take care not to use 'push "route 0.0.0.0 0.0.0.0"' in your server config.
While this works with Windows Desktop PC clients, it will still break the
connection for ICS OpenVPN.
Instead configure the route on client side.
In ICS OpenVPN this is straightforward, just tick the "Use Default Route"
checkbox on your IPV4 and/or IPV6 Routing setting tab.
On Windows Desktop PCs you'll have to add the following line to your client's
.ovpn config file:
route 0.0.0.0 0.0.0.0 vpn_gateway
That way it works fine for me and I can connect both a Windows PC and my ICS
tablet in parallel to the same OpenVPN server.
Thanks again for all your work/efforts/support!
Best regards - Mike
Original comment by stief...@wtnet.de
on 15 Aug 2012 at 8:11
This is strange. It should work. The default route settings also does "route
0.0.0.0 0.0.0.0" and getting redirect-gateway pushed from the server usually
also works. It could be something in the http proxy support that causes things
to break but I am at loss here what happens.
Original comment by arne@rfc2549.org
on 15 Aug 2012 at 8:16
It's strange indeed but now that there's a way to circumvent that issue I feel
we can close this case.
I get that the "route 0.0.0.0 0.0.0.0" command should be nothing different from
pushing redirect-gateway, however I feel that OpenVPN has it's issues when
there are multiple routes available for the same address. I've read threads in
the OpenVPN support area where people claim that OpenVPN sometimes doesn't
route traffic according to the metric of the route, but according to it's
"position" in the list of possible routes instead, whatever "position" means in
the end.
Anyway, that's nothing special dedicated to your ICS OpenVPN client since the
very same thing happens on Windows PCs as well when choosing "redirect-gateway"
in server config and the client has to use a http proxy to connect.
Thanks again and best regards - Mike
Original comment by stief...@wtnet.de
on 15 Aug 2012 at 8:45
Yes I will close the issue. But for routes the ICS Openvpn client is special :)
It uses the VPNService API and things are done a bit different there. For
reference the routes you see under show information are given to the Android OS
and nothing more is done.
Original comment by arne@rfc2549.org
on 15 Aug 2012 at 8:54
Original issue reported on code.google.com by
stief...@wtnet.de
on 14 Aug 2012 at 3:19